last executing test programs:

6m18.167933299s ago: executing program 1 (id=203):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000846000/0x4000)=nil)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_usb_connect$cdc_ecm(0x6, 0x0, 0x0, 0x0)
brk(0x55555ede6001)

6m16.809676136s ago: executing program 1 (id=204):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1010000, &(0x7f00000001c0)={[{@iocharset={'iocharset', 0x3d, 'cp864'}}, {@utf8}, {@uni_xlate}, {@fat=@flush}, {@shortname_lower}, {@uni_xlateno}, {@fat=@dmask={'dmask', 0x3d, 0xb7a}}, {@rodir}, {@uni_xlateno}, {@uni_xlate}, {@fat=@errors_remount}, {@fat=@codepage={'codepage', 0x3d, '860'}}, {@utf8no}, {@shortname_lower}, {@shortname_mixed}, {@shortname_mixed}, {@uni_xlateno}]}, 0x3, 0x36b, &(0x7f0000000500)="$eJzs3U1oY0UcAPB/+tKkXdD2JgpC9CZo2e5NL7ZIFxZ7UQl+HMTgdlWSKrRYbA+b1oPiUfCoJ28KevAgHkVQxJsHr64gq+JB97bg4kjy8vGapN3uYivF3w+aTGfmP/N/HySv4WX6wlI0L07HpWvXrsbMTCnKS48txfVSzEcWfbsxrjKhDgA4Ha6nFH+m3GjbzOSQ0gmkBQAco+77/0sRUYv5vObNrw/rn7z7A8Cp1/v7f/awPgd8DhDx2rGkBAAcs7HP/+/f11zp/pT7v5YLdwUAAKfVU88+9/jyasSTtdpMxPrbW/WtejwybF++FK9EK9bibMzFjYj8QqHzUOo+nr+wunK2Vqu145f5qEfEVC+wnl8pLGfd+GosxlzM9+J7Vxsppez8Z6sri7WuiNhtd+eP9dJWfTrO9Ob/8UysDS88+oN0nyIurK6cq/UGqK/349sRe8MbFTr5L8RcfP/iYJiU+ncwrq5cXuwnPYzfqlfj4mAvHPgJCAAAAAAAAAAAAAAAAAAAAAAA3JaF2sD8YP2c1HnOV8pZWJjQ3l0fJ4/vrQ+0l68PlKopUvrjjYfq72Sxb32g0fV5tiwkCAAAAAAAAAAAAAAAAAAAAAOb25VotFprG5vbO81iob2xuT0VEZ2aV7/95KvZGO9zk0I5n6IaMZii1pt2p9lIWb9zyiLGw7PO5P2ajz4fZFzsUx1sxcQ0qgc3tVp33Pfz+8Oae7P+yH8P+2QxeQOzQhqPjoy8fmee0q3sqEHhXLGmOj77lZRSoeatYvjl58cHjFJE+dYP3E5zKg7ukzqFb66+fHd/7ze+TLkHHpx7+sp7H/7WbLQ6M0f3CFY2Nm+kZqPU73yE2XvDpe4hGJ4bpcgLpeKZUD5swL39NY3sh9+fuefd7462E1Kx5vXO+TzSJ8s359PR8Epe6KQ50jQ7DJ/ubURrbXrCyX+zwm0c07s++OLjlH769chTDE2NvWyU/p1XHwAAAAAAAAAAAAAAAAAAoKjwXfHel67becP0YVEPP3FC6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiRj+//9CYW83RmqOUvirPSGquraxGVH5rzcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/uX8CAAD//3wwZok=")
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
pwrite64(r0, &(0x7f00000004c0)="b28b5d84999292bf3fd81a2a21aa765a935eab6ac549299e461edd526ca879577909a013d1cc9ec4288d1103271b42fc7cf562248df617c4889715152a68e126e7ce4ac7268d27f2cce55d97c50190a092cf2f5693cfaeada0babdf4b1af23165366a6876c9fc3bed12e380d689feb657ed0f2c62ea27a0d086a42d99146d26a3521282bf6d6f6da58f217f62618da647232837c2187f7cce912c3f155daf30fdcc4c952b34ebd19168e0bd848a29ca26f23d45b02bfc997dc85846944df9ddead86e54879605ab841606852e74f7fe5908abd4c6ed17d0f849ff4fa1c05", 0xde, 0x5)
ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x10104a8, 0x0, 0x81, 0x0, 0x0)
setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140), &(0x7f0000004640)='>', 0x1, 0x0)

6m12.830144354s ago: executing program 1 (id=212):
syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679b, 0x8, 0x2000006, 0x3cf}, &(0x7f0000000040), 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(0xffffffffffffffff, 0x118, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
fsopen(0x0, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)

6m11.229126086s ago: executing program 1 (id=215):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
writev(r0, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsopen(&(0x7f0000000140)='gadgetfs\x00', 0x1)
setpriority(0x0, 0x1, 0xa7a8)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00')
futex(&(0x7f000000cffc)=0x1, 0x86, 0xfffffffe, 0x0, 0x0, 0xfffffffc)

6m8.903212903s ago: executing program 1 (id=221):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file0\x00', 0x30000d0, &(0x7f0000000600)=ANY=[], 0x1, 0x14fe, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioprio_get$pid(0x3, 0x0)

6m7.260995335s ago: executing program 1 (id=228):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b928, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xf, 0xb}, {0xe, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r5, &(0x7f00000000c0)="ee9c", 0x2, 0x28008081, &(0x7f00000001c0)={0x11, 0x15, r2, 0x1, 0xff}, 0x14)

5m51.851889328s ago: executing program 32 (id=228):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b928, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xf, 0xb}, {0xe, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r5, &(0x7f00000000c0)="ee9c", 0x2, 0x28008081, &(0x7f00000001c0)={0x11, 0x15, r2, 0x1, 0xff}, 0x14)

17.392862155s ago: executing program 0 (id=1141):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-des3_ede-asm\x00'}, 0x58)
r2 = syz_io_uring_setup(0x10c, &(0x7f0000000380)={0x0, 0x211a, 0x80, 0x0, 0x395, 0x0, r0}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
ioctl$VIDIOC_G_MODULATOR(0xffffffffffffffff, 0xc0445636, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x2, r1, 0x0})
io_uring_enter(r2, 0x3516, 0xc2de, 0x8, 0x0, 0x0)

15.810058008s ago: executing program 0 (id=1145):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@mblk_io_submit}, {@debug}]}, 0x3, 0x572, &(0x7f00000017c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=")
unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$kcm(0x2, 0xa, 0x2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_timeval(r3, 0x1, 0x42, &(0x7f00000001c0)={0x77359400}, 0x10)

13.396421525s ago: executing program 0 (id=1151):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000170100000300000001"], 0x18}], 0x1, 0x0)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

11.516890577s ago: executing program 0 (id=1156):
mknod$loop(0x0, 0x0, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, 0x0}, 0x0, 0x40000000})
r1 = syz_io_uring_setup(0x487, &(0x7f0000000240)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1})
io_uring_enter(r1, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

10.425918835s ago: executing program 2 (id=1159):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
keyctl$session_to_parent(0x12)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0xc0cc810)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d65b"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)

8.393555425s ago: executing program 2 (id=1163):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x1f71, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2e, '\x00', 0x0, 0x2}, 0x94)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x640100ff, 0x4e20, 0x3, 'ovf\x00', 0x1, 0xa7e, 0x70}, 0x2c)
r4 = socket$kcm(0xa, 0x2, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x11}, {@remote, 0x4e1d, 0x2, 0xcd}}, 0x44)
sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

7.455851905s ago: executing program 2 (id=1166):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a6}]}}]}, 0x44}}, 0x2)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00fe2fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x300}], 0x2}, 0x5)

6.858926913s ago: executing program 0 (id=1167):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0)
getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x10681, 0x20000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002)
r6 = socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="2c0000001400b59500000000fedbdf250a400000", @ANYRES32=r2, @ANYBLOB="14000200fe5b"], 0x2c}}, 0x0)
r7 = socket(0x10, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="400000001400010f00000000ffdbdf250a000400", @ANYRES32=r8, @ANYBLOB="140006000700000000010400000000000400000014000200fe"], 0x40}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r2, @ANYBLOB="01"], 0x3c}}, 0x0)

6.559092923s ago: executing program 3 (id=1169):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8071, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096}, {&(0x7f0000000440)=""/128}], 0x0, &(0x7f00000004c0)=""/193}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x0, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35}, {&(0x7f0000000680)=""/127}], 0x0, &(0x7f0000000740)=""/23}, 0x3}], 0x400000000000054, 0x40012100, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x4, 0x40, 0x2, 0xe, 0x0, 0x70bd2d, 0x25dfdbff, [@sadb_address={0x5, 0x6, 0x2b, 0x0, 0xe, @in6={0xa, 0x4e21, 0x4, @mcast2, 0x8}}, @sadb_sa={0x2, 0x1, 0x4d3, 0x0, 0x0, 0x0, 0x2, 0x20000002}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e20, 0xffff, @mcast1, 0xf}}]}, 0x70}}, 0x4)
syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000080)='.\x02\x00', 0x1a, &(0x7f0000000140)={[{@dots}, {@dots}, {@nodots}, {@nodots}, {@fat=@dos1xfloppy}, {@fat=@dmask={'dmask', 0x3d, 0x1ff}}, {@dots}, {@fat=@quiet}, {@nodots}, {@fat=@debug}, {@dots}, {@nodots}, {@fat=@errors_continue}, {@dots}, {@nodots}, {@nodots}, {@fat=@uid}, {@nodots}, {}, {@fat=@uid}, {@dots}, {@fat=@nfs_nostale_ro}]}, 0xfd, 0x1dc, &(0x7f0000000c00)="$eJzs3UFrE0EUAODXNm1S8eCtIAoDXjwVFbxXpIIYEJQc6kmhemlEsJfVS/dn+AP9AdJTL7LS7trtplFi6WZr+n2XvMmbN3kD2SSXzL6983Fv99P+h+8b32IwWIrlrdh6vBMNeQAAi+SoKOJHUeq6FwBgPmb4/v/ZGK3OpS0AoEWvd968eDIcbr9KaRBxmGejbFQ+lvlnz4fbD9KJW3XVYZaNVk7zD9Pkb4fj/GrcqPKPyvp0dkY2Wov798r8ce7py2Fq1vdjt82NAwAAAAAAAAAAAAAAAAAAAABAh+5G+m3q+T6bm5P59Spfjs6cDzRxfk8vbveqYX08UHEwj00BAAAAAAAAAAAAAAAAAADAf2b/y9e9d+Px+8910I+I5jP/EixVC1+w/HywsXI560wPluMS1rnZZocdB9Gb+ia52kG6Gm2M/3QV9P9evhYRbTV2VBTFTJMj8shPLuV+p59QAAAAAAAAAAAAAAAAAABwfdR/+j2fG3TREAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0oL7//wWCg4iYYfLpi613ulUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW2K8AAAD//+k6MbQ=")

6.558304429s ago: executing program 5 (id=1170):
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r2, 0xf501, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod(0x0, 0x400, 0xffffffff)
landlock_restrict_self(0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@bridge_getlink={0x28, 0x12, 0x301, 0x70bd2c, 0x25dfdbfb, {0x7, 0x0, 0x0, 0x0, 0x8a6b, 0x11530}, [@IFLA_EXT_MASK={0x8, 0x1d, 0xffffff80}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0)

5.161577236s ago: executing program 0 (id=1171):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xf1, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r2, &(0x7f0000048040)=""/102392, 0x18ff8)
socket(0x2, 0x805, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb080045"], 0x0)

5.160943511s ago: executing program 5 (id=1172):
r0 = socket$packet(0x11, 0x2, 0x300)
syz_open_dev$I2C(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil)
remap_file_pages(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0xfd9, 0x4000000)
setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000080), 0x4)

5.160442537s ago: executing program 2 (id=1173):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f0d20"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020", @ANYRESHEX], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de13577133898fe1184f05568ab34992"], 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0xbc}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

5.109566165s ago: executing program 3 (id=1174):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@mblk_io_submit}, {@debug}]}, 0x3, 0x572, &(0x7f00000017c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=")
unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$kcm(0x2, 0xa, 0x2)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_timeval(r1, 0x1, 0x42, &(0x7f00000001c0)={0x77359400}, 0x10)

5.092991737s ago: executing program 4 (id=1175):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002940)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

4.05629761s ago: executing program 3 (id=1176):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000d40)=@nat={'nat\x00', 0x2, 0x5, 0x470, 0x4000000, 0xf0, 0xffffffff, 0x0, 0x310, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r4 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r4, 0xc004562f, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f0000000240)={0x40, 0x0, '\x00', {0x0, @reserved}})

4.054326195s ago: executing program 4 (id=1177):
r0 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x9}]}}}, {0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x0)
setsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x9, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)={0x2c, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x533b38816533e130)
add_key(&(0x7f00000013c0)='big_key\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)

3.934898421s ago: executing program 5 (id=1178):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x1e, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)

3.379680388s ago: executing program 4 (id=1179):
mknod$loop(0x0, 0x0, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, 0x0}, 0x0, 0x40000000})
r1 = syz_io_uring_setup(0x487, &(0x7f0000000240)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1})
io_uring_enter(r1, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

3.378642569s ago: executing program 2 (id=1189):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@errors_remount}, {@min_batch_time={'min_batch_time', 0x3d, 0xd}}, {@nodelalloc}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@data_err_ignore}, {@dioread_lock}]}, 0x3, 0x44d, &(0x7f0000001080)="$eJzs3MtvG8UfAPDvrp3219cvoSqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrClqEyhFVQuKIOCLxF3CCCwJOSFzhjipVqJcWTkZr7zaOayex48QN/nykdWd2x5r5dnfsmZ2sAxhYo9lLErEzIn6PiOF6dmmB0fo/t29emv775qXpJKrVt/5KauVu3bw0XRQt3rejyJQj0k+T2N+i3vkLF89MVSqz5/P8+MLZ98fnL1x87vTZqVOzp2bPTR4/fvTIxAvHJp/vSZxZXLf2fTR3YO9r71x7Y/rEtXd//jYp4m+KY2Vf7l5FodHlDj5Zra6+uk1gV0M6KfexIXSkVO+mMVTr/8NRisWTNxyvftLXxgHrqlqtVh9of/hyFfgPS6LfLQD6o/iiz+a/xbZBQ497wo2X6hOgLO7b+VY/Uo40LzPUNL/tpdGIOHH5n6+yLTq+DwEA0Lnvs/HPs63Gf2k03hf6f76GMhIR90XE7og4FhF7IuL+iFrZByPioQ7rb14kuXv8k17vKrBVysZ/L+ZrW0vHf8XoL0ZKeW5XLf6h5OTpyuzh/P/kUAxtzfITy9Txwyu/fd7uWOP4L9uy+ouxYN6O6+WtS98zM7UwtZaYG924ErGv3Cr+5M5KQBIReyNiX5d1nH76mwPtjq0c/zJ6sM5U/Triqfr5vxxN8ReS5dcnx/8XldnD48VVcbdffr36Zrv61xR/D9y4Eun24vqPaBX/SNK4XjvfeR1X//is7Zym2+t/S/L2kn0fTi0snJ+I2JK8Xm/04v7S+cmmcpOL5bPr/9DB1v2/WOTN4t8fEdlF/HBEPBIRj+ZtfyzSeDwiDi4T/08vP/Fe9/Gvryz+mZaff+3O/2JiSzTvaZ0onfnxuyWVjnQSf3b+j9ZSh/I9q/n8W027uruaAQAAYPNJI2JnJOnYnXSajo3V/4Z/T2xPK3PzC8+cnPvg3Ez9GYGRGEqLO13DDfdDJ/JpfZGfbMofye8bf1HaVsuPTc9VZvodPAy4HW36f+bPUr9bB6y77tbR0p63A9h4nteEwaX/w+DS/2Fwtej/2/rRDmDjtfr+/7gP7QA2XrnhNf9NMGBAmP/D4NL/YXDp/zCQ5rfFyg/JS6wpcbHN7yds7kSk90QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgN74NwAA//9f2OR1")
syz_mount_image$nilfs2(&(0x7f0000000480), &(0x7f0000000f00)='./file1\x00', 0x208800, &(0x7f0000003100)=ANY=[], 0x1, 0xeec, &(0x7f0000001e40)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgoh4Rl96D8odGMWnU0ANRIKYHRCVEkSJOFQcqLpRKKVKRQJWqqKe2p1a99YR6oVKVSkE9tJESV1m/We8+e7rrsT1r7/5+0rdv37zZ+b7xRs7MePZtAIZWrfl4+PBsFsJ7n1859trJ7NM7yx5prbGv+ZjFXiOEUG/rZ8n2vogLbt24dGKtNgsHm495Pzx/vfXayRDCYtgXroVG+Hh+4auP3n9u/ydvTtz3zsWzr2/R7rek+wEAAIPo6p8W/vbEP/741MzNq3uPhvHW8pXj9WWT8bj/QFyQL6+Fzn7WFu3GkvVGYtSS9UaS9UaTPKMF+erJduoF6411yTfStmyt/QQAAICdKD+vbYSsNtfRr9Xm5pbP++/4Ynosmzt3ZuH0hT4VCgAAAJT278vNm26FEEIIIYQQQggxwLE03e8rEAAAAMCwSecLW2Vxc2fqam2t0Vv+68/W1n49bIKq//3Lv7Pyf/iG3zgAAJQ3qEeT+X7lx9H5PAbpPIIjyevWe/xfS7Yzus46i+YV7Fiebd+3qaj+9Oe6XRXVv973sV+K6k/nw9yuiupP5+ncrorqH6+4jrKK6p+ouI6yiurfVXEdZRXVv7viOsoqqn+y4jrKKqp/quI6yiqq/66K6yirqP49FddRVlH9O+W22qL6GxXXUVZR/TMV11FWUf13V1xHWUX131NxHWUV1X9vxXX0y8OxzX8Oe5Px9vPn9Jxup5zjAQAAwLD7r/n/hBBCiFXRvA9iG9QhxGBHtg1qEEKI4YnL/b4AAQAAAPRd/rmA/APoS1E+PtJlfLR9fGJlhXy83uX1Y13Gx7uMAwAAACH89q3TD7ybrXzOf6Pz4eXzRu0Kn94OJeYxSie6W2/+jc57ttH865i3zPQJAAAAVCb73rXbTx774JWZm1f3Hm07+70dz3fzeUBH4wnrZ7Gf3xcwlfSz/Bz6aGeeWsF66fWBu4q298IGdxQAAACGWH7+3ghZba7tvLsRarW5uZXz8dlQz06fWTh1IPbz72f5w3R9/M7yZyquGwAAAOjdyvn+2uf/+ff4zoaxbO7cmYXTF5b7U63l9Vr7dYHpleVZ+3WBRrL8YMHyQ7Gff3/nD6Z3NZfPnfjhwsnN3nkAAAAYEhdevXj2xYWFUz/yxBNPPGk96fdvJgAAYLN9+eWV+o8PTf1u+fP/K/Pf5Z//3xf7jTi335/jCvl9AvnnAFZ9Xv94Z57povXOd67XSNYbiTGe1D3Rtp3QnG+w83UzRfkandsZK8g3meSbSvKl8xSMJuvn+fYky9P5CfP1ppPl6eSAo0mOLMn/aAAAAIBi86+8fH7+wqsXnz7z8osvnXrp1LlDB49898iRA89855n55n398+139wMAAAA70cpNv/2uBAAAAAAAAAAAAAAAAAAAAIZXFV8n1u99BAAAgGH3r8shhEUhhCgdS+P9r0GILjG2DWoQQgghhFiO5ne7V5+31u/rDwAAAMDwuXXj0on2dpXFbFPztbbWWG5ux7x5O/X0X2fuRL7a9WdHOl6/e1OrYdhV/e9f/p2V/8M3Njf/RP6k599/ySXjo+XyPj7/y9n2/A+O9pg/3f8XyuXfn+R/PPSWf+mDJP/xcvmfSPLv7jH/qv0/Xy7/kzH/bOzvf6zX/J3v/3hs8/3Y1WP+byf7fzL0mj/Z/0aPCRNPxfwAMIwG9QaA/CghP46ejP18f+PhZhhJXrfe4/9asp3RDVfeud38OOj+2M+Pl6aSvLn11j+ZbO+uknWm0rq2q6L6N+t93GpF9dcrrqOsovrHKq6jrKL6xyuuo6yi+icqrqOsovp7PQ/tt6L6d8p15aL6Jyuuo6yi+qcqrqOsovrX+/94vxTVv6fiOsoqqn+64jrKKqq/5GW1yhXVP1NxHWUV1X93xXWUVVT/PRXXUVZR/fdWXEe/PBTbovPh/PxzOo7l/UbSH1/jZzmo1xYAAABgp/mn+f+EEEIIIUpF836ZbVBHf6Ltbrm+1yI2I/6ztKzfdQghti6Wlvp48YG+29pPMwOwXfn9P9y8/8PN+z/cvP/8P/k9/FnSz410GR/tMl7vMj6WjKf/Xse7jN+TbHcpv64Z3dtl/Gtdxvd0Gb+/y/hsl/EHuow/2GX8oS7jAAAADIf7Yuv8EAAAAAbXa7/67O3fPH78xszNq3uPhrFV884fiP3x+Lf1t2I/nfc+V49/8/9J7P8itr+P7d+T9d1/AgAAAFsv/54Yf/8HAACAwZV/T6nzfwAAABhcM7F1/g8AAACD6+7YOv8HAACAAZZNrL04tvl1gUdj2+u8fgDA9vf12D4c272xfSS234htfhzwWGy/WVF9AMDm+fn3f3rk3Wxlvv9DyfituDxvV1lcvlKQ1Tpn8t8V292x/VaP9aTfB9Br/tyeHvNsVf7pDeYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZHrfl4+PBsFsJ7n1859rOxt/9yZ9kjrTX2NR+z2GuEEOqt1+WjK/1fxxVv3bh0or29HdssHAxZyFrLw/PXW5kmQwiLYV+4Fhrh4/mFrz56/7n9n7w5cd87F8++voU/go79AwAAgEH0vwAAAP//cFQjcg==")
syz_open_dev$video4linux(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000180)={[{@test_dummy_encryption_v1}, {@bsdgroups}]}, 0x1, 0x24d, &(0x7f0000000840)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0gqCAiGghnJ9icjcKBHIeIoMKJiI1yJ5wJdlkrGwutVVLZBLEzWkqaYKMIVlFTxEbQYGGw0GJldhKN2fUPbrIjmc8HJpmZfW9+b5j9vp1mmACtdS7JhSSdJAtJekmKww3uqpdz+5ur85tXkuHw8R+LUbt6u3bQ72ySQZIHk2yURV7sJsvrT+/8vPXovW8s9e55b/2p+Zme5L7dne3H9t699PqHFx9Y/vzL7y8VuZD+n87r+BUT9nWL5JaTKPY/UXSbHgH/xuVXP/iqyv2tSe4e5b+XMvXFe/P6DRu93P/OX/V964cvbp/lWIHjNxz2qt/AwXBMJ+P7gNOkTNJPUS4mqdfLcnGxvof/unOmfOna9VcWXri2dPX5pmcq4Lj0k+1HPp776OyR/H/XqfMPnF5V/p+4vPZNtb7XaXo0wCxV+V94duW+yD+0jvxDe8k/tJf8Q3v9Xf7LhsYEnKDBH6tH8z/X4LCA2XL/D+0l/9Be8g/tJf/QXofzDwC0y3Cu6SeQgaY0Pf8AAAAAAAAAAAAAAAAAAADjVuc3rxwss6r56dvJ7sNJupPqd/bfQ3Dj6O+Zn4qq2e+KuttUnrlzygOMDP5zz/cbfvr6pm+brf/ZHc3WX7maDF5Lcr7bHf/+FVO/B+Pmf/i899yUBab00JPN1v91rdn6F7eST6r55/yk+afMbaP/k+effnX9pqz/8i9THgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICZ+S0AAP//cCtsNw==")
pivot_root(0x0, &(0x7f0000000180)='./file0\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000200)=ANY=[], 0x841, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

3.175955319s ago: executing program 5 (id=1180):
signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0)
syz_io_uring_setup(0x18a, &(0x7f0000000080)={0x0, 0x86d5, 0x10, 0x2, 0x2bc}, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x1)
syz_usbip_server_init(0x1)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r2 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x20004, r1})
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='fdinfo/4\x00')
pread64(r3, &(0x7f0000002140)=""/17, 0x11, 0x0)

2.446908675s ago: executing program 3 (id=1181):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x20000000)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r1, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@null, @default, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})

2.416358651s ago: executing program 4 (id=1182):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0xfffffff8, 0x85, &(0x7f0000000000)={0x4b5a9da54893e123, 0x1, 0x8, 0x2}, 0x8, 0x20400000, 0xc, 0x0, 0x0, 0x20000, 0x0})
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.792412892s ago: executing program 3 (id=1183):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, 0x0, 0x0)
bind$unix(r1, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e24}, 0x2)
bind$netlink(r0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x88c4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58)
listen(r2, 0x5)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x240000d4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
close_range(r2, 0xffffffffffffffff, 0x0)

1.69241079s ago: executing program 5 (id=1184):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
prlimit64(0x0, 0x7, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000640)={0xc, 0x0, &(0x7f0000000680)=[@free_buffer], 0x0, 0x0, 0x0})

1.636550846s ago: executing program 4 (id=1185):
r0 = syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00'], 0x1, 0x20e, &(0x7f0000000400)="$eJzs3T9rE2EYAPAnbdpcVKSbIAgnDjoVdXKsSAUxIFQy6CboZKZ2SV3a7+DiV/B7+QGkUxZ5Jd4lF9MkDaW5YP39lnvunve990/IJUuepHgWQz/ufIssa8TGXuzFoBE7sREjpwEAXCeDlOJnKqx7LgBAPZb4/P9V85QAgBV7++796+edzv5BnmcRZ6f9br9bHIv8y1ed/cf5HztVr7N+v7s5zj/Jp787DPNbcaPMPy365+P0dkR0t+PRgyI/zL1408n/7t+KjyteOwAAAAAAAAAAAAAAAAAAAAAArMu9yEeq+j6bEVHW99ndnc63y/o8xdlEfaCp+j3NuNssT6vyQOmkllUBAAAAAAAAAAAAAAAAAADAv+Xo+MvnD73ep8MqaEXE5JXmjDbzg0Z546UaXxzcvKL7zAs24nLd26MNbMzcw0VBo9yic6ksrnCB7dkv7jJBNFe44bUEeQ1jtRdub0rDYPa7YFQWY2737YhYPPrDg8tOfpBS6n2/f3h0HGlh4+oZ0arzgQQAAAAAAAAAAAAAAAAAAP+xiV99j329XRyztc0KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOpV/f//MDh/ZWFwEhG34sLGo7G2IlvrWgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi+fgcAAP//9DweRg==")
mkdirat(r0, 0x0, 0x1c0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = memfd_secret(0x80000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r1, 0x0)
ftruncate(r1, 0x51a9497)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x309})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f000050a000/0x13000)=nil, 0x13000}, 0x1})
readv(r2, &(0x7f00000002c0)=[{&(0x7f0000000400)=""/224, 0x20}], 0x1000000000000108)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x18)

1.599271056s ago: executing program 2 (id=1186):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r5 = accept(r2, 0x0, 0x0)
sendmsg$AUDIT_USER_AVC(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000007000000140001800500020001000000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8)

742.170993ms ago: executing program 5 (id=1187):
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x141)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0xc, 0x2, 0x803fd, 0x1, 0x800})
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x107, 0x100, 0x100, 0x1, 0x4000}})
ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_PIT2(r1, 0xae49, 0x0)
set_mempolicy(0x4005, &(0x7f0000000300)=0x8000000000000008, 0x80)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4)
r3 = dup2(r2, r2)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8})

681.023507ms ago: executing program 3 (id=1188):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mount$cgroup(0x0, &(0x7f0000002980)='.\x00', &(0x7f00000029c0), 0x4, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
add_key$user(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TCSETS(r3, 0x4b72, &(0x7f0000000240)={0x1, 0x80084, 0x3, 0xe, 0x8e, "0060730000efa489040401000000000000f600"})

0s ago: executing program 4 (id=1190):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
write$tcp_congestion(r1, &(0x7f0000000180)='nv\x00', 0x3)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000777a078afbd825c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000db2100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cc2351270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r4, 0xffffffffffffffff)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)

kernel console output (not intermixed with test programs):

 mode
[  142.962778][ T6600] syzkaller0: entered allmulticast mode
[  144.836970][   T30] kauditd_printk_skb: 58 callbacks suppressed
[  144.836988][   T30] audit: type=1800 audit(1773834606.436:176): pid=6611 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.173" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=164 res=0 errno=0
[  144.897774][ T6614] kvm: emulating exchange as write
[  146.065042][ T6635] Bluetooth: MGMT ver 1.23
[  146.313662][ T6641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.178'.
[  146.891267][   T30] audit: type=1800 audit(1773834608.496:177): pid=6643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.180" name="bus" dev="overlay" ino=183 res=0 errno=0
[  148.256539][ T6659] netlink: 24 bytes leftover after parsing attributes in process `syz.2.185'.
[  149.752838][ T6680] netlink: 24 bytes leftover after parsing attributes in process `syz.4.191'.
[  150.935790][ T6692] loop4: detected capacity change from 0 to 512
[  151.366461][ T6692] EXT4-fs (loop4): 1 truncate cleaned up
[  151.401116][ T6692] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  151.542388][   T30] audit: type=1800 audit(1773834613.056:178): pid=6692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.193" name="file1" dev="loop4" ino=15 res=0 errno=0
[  151.732549][ T6693] kAFS: unable to lookup cell '('
[  151.750312][   T30] audit: type=1800 audit(1773834613.126:179): pid=6697 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.193" name="file1" dev="loop4" ino=15 res=0 errno=0
[  152.639756][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.768127][ T5889] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  156.483597][ T5889] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  156.505274][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.574538][ T5889] usb 5-1: config 0 descriptor??
[  156.675094][ T5889] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  157.151299][ T6718] lec:lec_atm_close: lec0: Shut down!
[  158.255343][ T6761] loop1: detected capacity change from 0 to 256
[  158.378913][ T6761] FAT-fs (loop1): Directory bread(block 64) failed
[  158.385944][ T6761] FAT-fs (loop1): Directory bread(block 65) failed
[  158.393822][ T6761] FAT-fs (loop1): Directory bread(block 66) failed
[  158.400503][ T6761] FAT-fs (loop1): Directory bread(block 67) failed
[  158.407200][ T6761] FAT-fs (loop1): Directory bread(block 68) failed
[  158.414098][ T6761] FAT-fs (loop1): Directory bread(block 69) failed
[  158.421870][ T6761] FAT-fs (loop1): Directory bread(block 70) failed
[  158.428391][ T6761] FAT-fs (loop1): Directory bread(block 71) failed
[  158.435070][ T6761] FAT-fs (loop1): Directory bread(block 72) failed
[  158.441658][ T6761] FAT-fs (loop1): Directory bread(block 73) failed
[  159.159671][ T5941] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  159.320134][ T5941] usb 1-1: Using ep0 maxpacket: 32
[  159.505353][ T5941] usb 1-1: config 0 has an invalid interface number: 188 but max is 0
[  159.527571][ T5941] usb 1-1: config 0 has no interface number 0
[  159.559213][ T6775] syz.2.213 uses obsolete (PF_INET,SOCK_PACKET)
[  159.568214][ T5941] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  159.729479][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  159.804529][ T5941] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  159.821171][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.855778][ T5941] usb 1-1: Product: syz
[  159.875069][ T5941] usb 1-1: Manufacturer: syz
[  159.909412][ T5941] usb 1-1: SerialNumber: syz
[  159.940457][ T5941] usb 1-1: config 0 descriptor??
[  160.056885][ T6766] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  160.106545][ T5889] usb 5-1: USB disconnect, device number 2
[  160.688049][ T6766] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  160.746401][ T5931] lec:lec_start_xmit: lec0:No lecd attached
[  160.968278][ T6789] netlink: 'syz.2.216': attribute type 39 has an invalid length.
[  161.020648][ T6789] syz_tun (unregistering): left promiscuous mode
[  161.278595][ T6797] syzkaller0: entered promiscuous mode
[  161.298124][ T6797] syzkaller0: entered allmulticast mode
[  162.661276][ T6809] loop2: detected capacity change from 0 to 16
[  163.035272][ T6809] erofs (device loop2): invalid ishare xattr prefix id 0
[  163.064313][ T6809] sch_fq: defrate 0 ignored.
[  163.079480][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[  163.092056][ T6811] loop1: detected capacity change from 0 to 256
[  163.146012][ T6811] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  163.194757][ T6811] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  163.445316][ T6811] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  163.467084][ T5941] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x8001: -71
[  163.471066][ T6811] exFAT-fs (loop1): failed to load alloc-bitmap
[  163.485994][ T5941] asix 1-1:0.188: probe with driver asix failed with error -71
[  163.556315][ T6811] exFAT-fs (loop1): failed to recognize exfat type
[  163.589262][ T5941] usb 1-1: USB disconnect, device number 2
[  163.647602][ T6818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  163.927061][ T6817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  164.824632][ T6822] syzkaller0: entered promiscuous mode
[  164.844004][ T6822] syzkaller0: entered allmulticast mode
[  165.212301][ T6841] bridge0: entered promiscuous mode
[  165.221405][ T6841] macsec1: entered promiscuous mode
[  165.929962][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5180 ms
[  165.938733][    C1] lec:lec_tx_timeout: lec0
[  165.944632][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  168.905555][ T6885] IPv6: NLM_F_REPLACE set, but no existing node found!
[  169.836325][ T6891] loop0: detected capacity change from 0 to 128
[  169.856950][ T6891] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  170.094501][ T6891] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  170.180299][ T6900] loop2: detected capacity change from 0 to 8
[  170.959481][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  170.967636][    C1] lec:lec_tx_timeout: lec0
[  170.972305][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  171.001044][ T6891] ext2 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.004458][ T6900] SQUASHFS error: xz decompression failed, data probably corrupt
[  171.022047][ T6900] SQUASHFS error: Failed to read block 0x108: -5
[  171.028586][ T6900] SQUASHFS error: Unable to read metadata cache entry [106]
[  171.037167][ T6900] SQUASHFS error: Unable to read inode 0x11f
[  171.605051][ T6912] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  171.726570][ T5844] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  171.800786][ T5931] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  172.152222][ T5931] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  172.179618][ T5931] usb 3-1: config 0 interface 0 has no altsetting 0
[  172.196767][ T5931] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  172.229559][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  172.251850][ T5931] usb 3-1: Product: syz
[  172.269578][ T5931] usb 3-1: Manufacturer: syz
[  172.279290][ T5931] usb 3-1: SerialNumber: syz
[  172.308669][ T5931] usb 3-1: config 0 descriptor??
[  172.368301][ T5931] usb 3-1: selecting invalid altsetting 0
[  172.412868][ T6917] faux_driver vgem: [drm] Unknown color mode 181; guessing buffer size.
[  172.957597][ T5909] usb 3-1: USB disconnect, device number 3
[  175.982672][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  175.990769][    C1] lec:lec_tx_timeout: lec0
[  175.995372][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  176.253886][ T6964] xt_hashlimit: size too large, truncated to 1048576
[  176.749070][ T6848] syzkaller0: entered promiscuous mode
[  176.754697][ T6848] syzkaller0: entered allmulticast mode
[  179.158614][ T6980] loop3: detected capacity change from 0 to 8
[  179.260652][ T6980] SQUASHFS error: xz decompression failed, data probably corrupt
[  179.268749][ T6980] SQUASHFS error: Failed to read block 0x108: -5
[  179.275242][ T6980] SQUASHFS error: Unable to read metadata cache entry [106]
[  179.283224][ T6980] SQUASHFS error: Unable to read inode 0x11f
[  180.229239][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  180.254666][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  180.264398][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  180.295920][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  180.307544][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  181.019482][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  181.027953][    C1] lec:lec_tx_timeout: lec0
[  181.032756][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  182.412533][ T5859] Bluetooth: hci5: command tx timeout
[  182.639208][ T5931] IPVS: starting estimator thread 0...
[  182.844259][ T7010] IPVS: using max 38 ests per chain, 91200 per kthread
[  183.587872][ T7007] netlink: 4 bytes leftover after parsing attributes in process `syz.0.265'.
[  183.664735][ T6984] chnl_net:caif_netlink_parms(): no params data found
[  183.793338][ T7026] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  183.898402][ T7026] kvm: pic: non byte read
[  183.903326][ T7026] kvm: pic: non byte read
[  184.075112][   T30] audit: type=1326 audit(1773834645.686:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d079c799 code=0x7ffc0000
[  184.107845][ T7042] loop0: detected capacity change from 0 to 256
[  184.116417][   T30] audit: type=1326 audit(1773834645.716:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d079c799 code=0x7ffc0000
[  184.140460][   T30] audit: type=1326 audit(1773834645.716:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d079c799 code=0x7ffc0000
[  184.164854][   T30] audit: type=1326 audit(1773834645.716:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f57d079c799 code=0x7ffc0000
[  184.243928][   T30] audit: type=1326 audit(1773834645.716:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f57d079c502 code=0x7ffc0000
[  184.290289][   T30] audit: type=1326 audit(1773834645.716:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57d079c799 code=0x7ffc0000
[  184.395197][   T30] audit: type=1326 audit(1773834645.716:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f57d075cfce code=0x7ffc0000
[  184.424811][ T6984] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.450894][ T6984] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.459205][   T30] audit: type=1326 audit(1773834645.716:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f57d079c5c7 code=0x7ffc0000
[  184.468766][ T6984] bridge_slave_0: entered allmulticast mode
[  184.496428][ T5859] Bluetooth: hci5: command tx timeout
[  184.521854][ T6984] bridge_slave_0: entered promiscuous mode
[  184.537458][   T30] audit: type=1326 audit(1773834645.716:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f57d075cfce code=0x7ffc0000
[  184.564524][   T30] audit: type=1326 audit(1773834645.716:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7041 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f57d079c42b code=0x7ffc0000
[  184.684677][ T6984] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.721824][ T6984] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.752405][ T6984] bridge_slave_1: entered allmulticast mode
[  184.786168][ T6984] bridge_slave_1: entered promiscuous mode
[  184.998571][ T6984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  185.578907][ T7068] 8021q: adding VLAN 0 to HW filter on device bond1
[  185.714651][ T7086] fuse: fd is not a fuse device
[  185.811042][ T7069] bond1: (slave ip6gretap1): making interface the new active one
[  185.872345][ T7069] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  185.993753][ T6984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.039498][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  186.047541][    C1] lec:lec_tx_timeout: lec0
[  186.053718][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  186.569607][ T5859] Bluetooth: hci5: command tx timeout
[  186.925246][ T3541] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.967014][ T5931] kernel read not supported for file /swradio5 (pid: 5931 comm: kworker/0:4)
[  187.056206][ T7111] loop3: detected capacity change from 0 to 1764
[  187.148628][ T6984] team0: Port device team_slave_0 added
[  187.237145][ T3541] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.280280][ T7117] netlink: 4 bytes leftover after parsing attributes in process `syz.4.288'.
[  187.326325][ T6984] team0: Port device team_slave_1 added
[  188.669676][ T5859] Bluetooth: hci5: command tx timeout
[  189.153003][ T3541] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.198870][ T7133] loop3: detected capacity change from 0 to 512
[  189.331314][ T7133] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.529553][ T7133] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.158306][ T3541] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.199014][ T6984] batman_adv: batadv0: Adding interface: batadv_slave_0
[  190.220269][ T6984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  190.394847][ T6984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  190.454375][ T6984] batman_adv: batadv0: Adding interface: batadv_slave_1
[  190.493243][ T6984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  190.577845][ T6984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  191.079674][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  191.087812][    C1] lec:lec_tx_timeout: lec0
[  191.092924][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  191.542258][ T6984] hsr_slave_0: entered promiscuous mode
[  191.606574][ T6984] hsr_slave_1: entered promiscuous mode
[  191.616378][ T6984] debugfs: 'hsr0' already exists in 'hsr'
[  191.624487][ T6984] Cannot create hsr debugfs directory
[  191.636952][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.320910][ T7180] netlink: 'syz.3.297': attribute type 2 has an invalid length.
[  193.425405][ T3541] bridge_slave_1: left allmulticast mode
[  193.455113][ T3541] bridge_slave_1: left promiscuous mode
[  193.480683][ T3541] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.575282][ T3541] bridge_slave_0: left allmulticast mode
[  193.597267][ T3541] bridge_slave_0: left promiscuous mode
[  193.617729][ T3541] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.877785][ T7191] loop3: detected capacity change from 0 to 2048
[  193.970457][ T7191] EXT4-fs error (device loop3): ext4_ext_check_inode:521: inode #2: comm syz.3.303: pblk 0 bad header/extent: eh_entries is 0 but eh_depth is > 0 - magic f30a, entries 0, max 4(4), depth 5(5)
[  194.049400][ T7191] loop3: lost file I/O error report for ino 2 type 5 pos 0x0 len 0x0 error -117
[  194.050456][ T7191] EXT4-fs (loop3): get root inode failed
[  194.059860][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  194.059918][    C1] EXT4-fs (loop3): initial error at time 1773834655: ext4_ext_check_inode:521: inode 2
[  194.059946][    C1] EXT4-fs (loop3): last error at time 1773834655: ext4_ext_check_inode:521: inode 2
[  194.092163][ T7191] EXT4-fs (loop3): mount failed
[  194.352589][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  194.364376][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  194.586574][ T3541] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  194.616883][ T3541] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  194.630513][ T3541] bond0 (unregistering): Released all slaves
[  196.099524][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  196.107552][    C1] lec:lec_tx_timeout: lec0
[  196.115127][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  196.413455][ T5860] Bluetooth: hci3: command 0x0406 tx timeout
[  196.419956][ T5860] Bluetooth: hci2: command 0x0406 tx timeout
[  196.432920][ T5860] Bluetooth: hci1: command 0x0406 tx timeout
[  196.443479][ T5842] Bluetooth: hci0: command 0x0406 tx timeout
[  200.768168][ T7219] syzkaller0: entered promiscuous mode
[  200.781195][ T7219] syzkaller0: entered allmulticast mode
[  200.836608][ T7230] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  200.868812][ T7212] tipc: Resetting bearer <eth:syzkaller0>
[  200.971365][ T7212] tipc: Disabling bearer <eth:syzkaller0>
[  201.183048][ T3541] hsr_slave_0: left promiscuous mode
[  201.746264][ T3541] hsr_slave_1: left promiscuous mode
[  201.754351][ T3541] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  201.769626][ T3541] batman_adv: batadv0: Removing interface: batadv_slave_0
[  201.929489][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5810 ms
[  201.937637][    C1] lec:lec_tx_timeout: lec0
[  201.942528][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  201.956397][ T3541] veth1_macvtap: left promiscuous mode
[  202.111208][ T7266] [U] 
[  202.116278][ T7266] [U] K{‘
[  202.125269][ T7266] [U] ÄT Ž1ÊÀŠªFÌÇÄFËŠÎ`GÊJǘÜGÖƯ¹¬¡—ÞÈOÕÑ/ÜMCÇ
[  202.138592][ T7266] [U] TžØ–/,�~ˆÄœ­‹JÕßÊ}8ÎÊÞ'O1�Ü"™7-΂JQœK—¤WºÏQÉ5C%"¬H12–¦Y“„‰ž€ÊXÍ`ˆ‚Íȼ`+³Û(·Â¿!(ÉÛÉZ'ÀTXLN»I®GÅJ– °ÜÝ­·PÅ~÷7Í!‘ÕÒ"بÎ¾ª(È5ˆOBܤ‡ÍƒJÖ
[  202.162392][ T7266] [U] ±K\&—}6£6œXÎHX�¥Ôµ„ÌÞ.`¸A“$Û40|϶¿�9°ØÞ¨„¯ÀÏU‚Ò4�ÔÄ®VBZÃÐ}ÌWÔM”TºŽÍQŸÝΦR’4”ß
[  202.178303][ T3541] veth0_macvtap: left promiscuous mode
[  202.192643][ T7266] [U] ".H6ØÞ"ÖKÇ[›‰¤ŒJÁ4ÇØI�N¨™[Z(•„C|TË]Z{�Â3ŸC=»¨XÎԞ˅Î4¿W‰)\T‘XJØ�SH{Q;̹¢…ÖTÔÇ+‹¦÷GÍÈß®D„.Ë‚³>Yž�÷ÉWUH„FN—Ž�ÇHL]SÔ2ŠÇÙ\G%ŠO¼&Z)µК'¨PUL‚_<à     ¢Ø°‰Ò®ÔÅ`Ò±TÔÁÞœÐËÞ;_Ô"(‘U{7Jœ¿2X ‘/€'ÝÙCÑÌÕIº©ÀÏH¿C�Õ³žV¦=�‘AIÇ%W¼ESž RšŸJŠÎœƒÚ”GÂ÷RÁ¹Í¡HI
˜¢œAÏÌ6-ÚD�ÚV¨Á I"ØÅNƨ ÞÚASC~4Áª¹8CØ*­OO5/ßœJš~º§¡W—VK+¬®‰Œ3ÈÇY)Ž¹M°¸ÆV¶ÌYQƽ€DTR¯
OTPEM%F×ÊEJÍA5ÆÔT_-X~ ^AAÛ‚Ò˜½QÖÅ
[  202.241815][ T7266] [U]         +�W‰G?]£Ó'A:    »Ú)Õ
ÏÓ™“' B>T¢ ¡F/™÷<'ÈUÓ'–¼H§IÉ.+]EŸ.½-É¿ß¿Ò%÷È>2`¶^Uß8F.Š6¤Å3ÓØ+ËA¾Â««„°G3ÓPÂÓ6:�^0À�TÉÈV÷'EÕT¼€ÛÂYC‰N¾ÞRÏ©ÞNÈPJ×;ÆZ†ÊÔÑÛ‘8!¯È\Ù…¸AØÊ–2Á£$е™Â­WI.ÍÇ#ŠÈ/BAI¼�Ä`ÐÁ4J’ÔDÎY@ÓZ„ÜGW÷5Ë¿Bĵٜ NÓY"VI2ÛÌ
[  202.269068][ T7266] [U] ܾ˜4B`Ë—HÔT¦_K5¸T¬YJÐÞÎ9ÐÕCÊ$BRŸLÚNUL¶Ü9WÈÝÍ|žGÅ"ʃÆ%ÇÚ¶ÊCªØ�°¶ºQÎÙ
 ŸÇ3‹ÆQ¯ÔN^HP*½Ü$   µ.Î7YÓ±œ2³
[  202.283158][ T7266] [U] ½?�©ßHÜÄ*ÙÁ”Î3Í�7ÜÉ�¾^#Q�"0~‡‚Ð(ÉOÏXLŒB£,'VÎÓ=‹ÝËCÌS«…’G‚S¶Þ0•Ö‚‹Ù`˜›žÙ‡Ÿ†=1(÷ξ™÷P#Ò2DO*Ƀ
[  202.300066][ T7266] [U] ©S¹“Gžµ²¶“˜GUÐÔD-{¸™Â|&“�®ŸŸÑ�2µ›LÞC_©œ!`¨ÍOZÖ¥¢B¶³%>ÊRѶÖWχݎSSÂH"£YA4£O.šYÙÛÄ�„RTÔ¶ŒBÚ[+/<<R�B�ÊÄÕ|ФEŽžÑÛ –V96#ÛÚÑͤʦJºUº%
S851ƒ�ÞÒ©S�P±¨\£ƒ?Qª|L�´QXµ0ÂKÔ1ORÉ´2¡½|ÖÜDÖFÌ¿»Ù�ÚË2Þ”–¨×0ÌÅH•}C[/¤»“ŸPX^¼ÈO
[  202.329943][ T7266] [U] ÖØ›·Ü—(JÅЛ•§MÛÜXZ˜;œ½±ÓßØ�_¹»µÔ*3÷3…¿5¸\ƒXM³ÚU�‰AK!AQ`¿Ë;FЕ�I+ÖÐVUHÅÐÂMÑJ³´Æ·ÙÛZÄCØÃZ‹¼Â)_ÇŸ¡  Ô‘¡&ßÖ¡ßÁAÇXTOÈÝÊ_½ Ú¼¦:¨Â×%À²PÒ×ÈCÖ²‚YÖ+_ÞÜ›ÝÛ}UÏM˜ƒÆ«CÅ!KJÒ7пG¯Ë=BÈ
[  202.359466][ T7266] [U] Ù½¥Fœ%ŽXAÙÂLŸ2R*GŒÒVW¬Ñ$ƒÜJ     ÃA˜›F¶¿�·+ؾ9Í„VIºÖ—¼KÙ¾Å1}_©Â
Á¥%ÃR6„•(]“¦/Ÿ¶Ø�Å™YܺÇÞHä¾ÜÑR GªÄRN/Ü«Î#!ÊDÙÛÚ«%ÞÛËDªÏ-{Ð$ÞVU‘ÝT²¼ª$:MTRÔEŽC1V‰D~ÎÈ];[˜ËÚÐ÷SQ¾¯œÙ(ÌËE,X¦8Â"Ù
ÆÐG¥DŸÚµ2@T8ž¾´ÒƒÀÐßÀT8.RC+Ä@Ëʦ‡P‡UÁ
P”‰¼¶C±‡Ë'Å„YLÓ-SS1E?Å7ÓO‡§Ì^]¦†ÂÓC”½H]§JKR]RKQ܆�ØÝ£Þ´OTCÔÆX¶¨¾4™NË  ³Ï&�Á­ÐÚ‹ŠÓ@¶:M7¿~�+”W*ÛÁ–XMÜÓ>>—¡{Q¢Ú×
_²Õ�LX8ÊU„ÇØÎ{ÐZ³ÍØ�)ßÒ7?ËRR;ßC¿R HײڣÁ»¨È1Å>)©Mă‰ÏT§²Ú(ÌÇAÏ�„}9·Ú¥ÃJ*MÑœ¥Ä¡«'L¹£Q    ÌDWŸÒظ=ؽ|Q¬   ÏÆ™W;5ÆÙŽª!ÑDB¸X`ɧÖ/÷ÂE�`Ʀ\
[  202.416908][ T7266] [U] M¢XÎÂ"Ä{;ŽÕ¥ÂÙ˜_ˆO2«Ñ)ÎO®›.2ÐW2ʲ¨ÐYÙÃÃX_  HPϱœSªD­�¦Ø:]‚{Ë©ÔÝÆȽ
[  202.431730][ T7266] [U] I,Ç>ÇÓ¤ ÎÙ5�1Ñ÷^1ÒN4¯OǶÞ'0Ý?Ö’IÙ9W.Ï_.¶WŠA¼Š�Vˆ±`)ÑZ¬ÏÆC6GIÓ¹²A»¬XL[¢›½¡FÜ*ÀÑO‰W)+‡Ç'\NÆ
[K@ÑËÄÜ2ÇǬ–®¡P"^`Á‰Í   Ø¿
[  202.446597][ T7266] [U] 22½“Æ©ÐÛ©X?0;3U±
[  202.455933][ T7266] [U] ÞœÕ
Æ�ÓSOBX 8”Wˆ4Á‘(Ð~/§¿ÍKÇUžÃÔ–OQËE+·G®-YµGY_
•>V¢ÜÈË—3.HÁÓ™]Í„²2‘”)™DË,        ‘Ä      ÞD~×D©£¡+ÃW;A\˜F
PÉÞȘ|$ºØ)�
KØ�I³ÉÐÉ¿KÑYT^RÍÜÙÇ™µ“ËA=±#–Üœ       ÝÍ¿ËAE©�TÅ1·Îݯ4K¯.E"RÚS|ПÀSÖ’Á:•Ù>P™…RÐ"Z‰Ú­ÛÚÉ#P!˜KY"›}ÃÆF¿N84ܳƒÅHÞ±£O•ÈS¿™Ì«%DLWÙMƲÇ
[  202.483773][ T7266] [U] [ª['XN€'²÷Á¿Ü,MR¦«/žšœÂ1D=!DŽX91BÙ
WÇ»R—LF…ƒÆK̤ZÕÊ# `Ì‘LØ›§Ëœ»×B~ÅMÒÔÖ
[  202.494449][ T7266] [U] ™LÖ>�Ñ�D+ˆD¯§—®Ì"5ŽÊ��H3<ª¨ÅIR=F^”F�NÕÓÜÀ‰¿Û­VÛ÷œDÁOIOÚ:UÖ>ÖYÂ
[  202.504311][ T7266] [U] 'B—6VÝ20³Ä·Çž¥·×ŒÏ"T8Ñ{9ÆFW��]ÔÊÄÌ©�
[  202.519264][ T7266] [U] Ù72Þ‰ÏÂÃUÞC6™ÎÜÔÏ„I]8Cª£TÛ¨QSK�YÞÎIÒÀ¹ ¿|V'ÛTV/ÙÅG•$[ 9KH`Ú"Ü‘ÚÕ}€Ñ[^=ˆÚ0Á]½Ã%ÆÌ‚T“Šž¹ØFÌ_VÖ4C¸ÒÅ
[  202.534032][ T7266] [U] ¹EC�
[  202.539488][ T7266] [U] �—”|‚ÊÌ<ÄÎ:^Ü3$7NK~Ø-™@÷¦?Ÿ–/MTL·�Û¾©IˆWȬ@G~TØ{ÊÜP¿+Æ$ªJP|µŽÇIÛRIÓ�PMÐ Õ·YÓ Ú”8ÌTÉÐÞVžÙßÆË,ÎLÂ,Õ
[  202.771810][ T3541] veth1_vlan: left promiscuous mode
[  202.790333][ T3541] veth0_vlan: left promiscuous mode
[  203.032011][ T7276] gfs2: gfs2 mount does not exist
[  203.739082][ T7262] [U] ˆKÌÚÛÕ‰)0ÄÄÝ~ܳʪÁIP'ÍFÓÒœZÚÞR¬™ß@BÓ]Â5ÝÊ{­©Ê¼Ô'À8ÅÆ¥F‡¹UTQUD
Ç©¤K;7ͪ0C[„ÃY–¼ÈYC¦¶»Ø°Mª™LÒ8’T…ÍšÎ5³ÝÝRX�™¶ÐWÍ X¤²ÓOQHVI'8œ¥Î…Lµ
[  204.203416][ T3541] team0 (unregistering): Port device team_slave_1 removed
[  204.233025][ T3541] team0 (unregistering): Port device team_slave_0 removed
[  204.622188][ T7257] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  204.918895][ T6984] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  205.878952][ T6984] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  205.983136][ T6984] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  206.007555][ T7297] loop0: detected capacity change from 0 to 4096
[  206.061824][ T6984] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  206.793057][ T7297] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.949498][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  206.957619][    C1] lec:lec_tx_timeout: lec0
[  206.969869][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  207.155352][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.700708][ T6984] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.726532][ T6984] 8021q: adding VLAN 0 to HW filter on device team0
[  208.221984][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.229226][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.470737][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.477944][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.678974][ T7320] loop3: detected capacity change from 0 to 32768
[  208.754213][ T7320] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.325 (7320)
[  209.076989][ T7320] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  209.125956][ T7320] BTRFS info (device loop3): using crc32c checksum algorithm
[  209.395042][ T6984] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.444676][ T7320] BTRFS info (device loop3): enabling ssd optimizations
[  209.460025][ T7320] BTRFS info (device loop3): turning on flush-on-commit
[  209.471515][ T7320] BTRFS info (device loop3): enabling free space tree
[  209.506071][ T7320] BTRFS info (device loop3): enabling auto defrag
[  209.553818][ T7320] BTRFS info (device loop3): use lzo compression, level 1
[  209.600405][ T7320] BTRFS info (device loop3): max_inline set to 4096
[  210.742012][ T5845] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  210.959360][ T6984] veth0_vlan: entered promiscuous mode
[  211.026644][ T6984] veth1_vlan: entered promiscuous mode
[  211.607216][ T6984] veth0_macvtap: entered promiscuous mode
[  211.701140][ T6984] veth1_macvtap: entered promiscuous mode
[  211.979487][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  211.987520][    C1] lec:lec_tx_timeout: lec0
[  211.999623][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  212.632510][ T6984] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.755852][ T6984] batman_adv: batadv0: Interface activated: batadv_slave_1
[  212.888633][   T36] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  212.946760][   T36] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  212.994035][   T36] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  213.419554][   T36] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  214.455590][ T5166] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  214.465780][ T5166] CPU: 0 UID: 0 PID: 5166 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  214.465802][ T5166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  214.465813][ T5166] Workqueue: hci1 hci_rx_work
[  214.465845][ T5166] Call Trace:
[  214.465857][ T5166]  <TASK>
[  214.465866][ T5166]  dump_stack_lvl+0xe8/0x150
[  214.465895][ T5166]  sysfs_create_dir_ns+0x271/0x2a0
[  214.465928][ T5166]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  214.465954][ T5166]  ? do_raw_spin_unlock+0xf5/0x210
[  214.465979][ T5166]  kobject_add_internal+0x62b/0xd00
[  214.466011][ T5166]  kobject_add+0x163/0x240
[  214.466038][ T5166]  ? __pfx_kobject_add+0x10/0x10
[  214.466061][ T5166]  ? _raw_spin_unlock+0x28/0x50
[  214.466082][ T5166]  ? get_device_parent+0x366/0x3a0
[  214.466107][ T5166]  device_add+0x408/0xb70
[  214.466132][ T5166]  hci_conn_add_sysfs+0xd5/0x210
[  214.466154][ T5166]  le_conn_complete_evt+0xf1d/0x1430
[  214.466186][ T5166]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  214.466205][ T5166]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  214.466229][ T5166]  ? __pfx___mutex_lock+0x10/0x10
[  214.466248][ T5166]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  214.466267][ T5166]  ? skb_pull_data+0xfb/0x200
[  214.466295][ T5166]  hci_le_conn_complete_evt+0x187/0x470
[  214.466325][ T5166]  hci_event_packet+0x7af/0x12c0
[  214.466349][ T5166]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  214.466371][ T5166]  ? __pfx_hci_event_packet+0x10/0x10
[  214.466394][ T5166]  ? kcov_remote_start+0x49a/0x7a0
[  214.466417][ T5166]  ? hci_send_to_monitor+0xe2/0x590
[  214.466442][ T5166]  hci_rx_work+0x3ee/0x1040
[  214.466470][ T5166]  ? process_one_work+0x8bb/0x1780
[  214.466493][ T5166]  process_one_work+0x9ab/0x1780
[  214.466536][ T5166]  ? __pfx_process_one_work+0x10/0x10
[  214.466557][ T5166]  ? do_raw_spin_lock+0x12b/0x2f0
[  214.466592][ T5166]  worker_thread+0xba8/0x11e0
[  214.466617][ T5166]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  214.466637][ T5166]  ? __kthread_parkme+0x7a/0x1f0
[  214.466654][ T5166]  ? __kthread_parkme+0x19c/0x1f0
[  214.466677][ T5166]  kthread+0x388/0x470
[  214.466697][ T5166]  ? __pfx_worker_thread+0x10/0x10
[  214.466711][ T5166]  ? __pfx_kthread+0x10/0x10
[  214.466731][ T5166]  ret_from_fork+0x51e/0xb90
[  214.466757][ T5166]  ? __pfx_ret_from_fork+0x10/0x10
[  214.466779][ T5166]  ? __switch_to+0xc7d/0x1450
[  214.466803][ T5166]  ? __pfx_kthread+0x10/0x10
[  214.466823][ T5166]  ret_from_fork_asm+0x1a/0x30
[  214.466856][ T5166]  </TASK>
[  214.466885][ T5166] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  214.684884][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  214.737081][ T5166] Bluetooth: hci1: failed to register connection device
[  214.758299][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.503662][ T7432] syzkaller0: entered promiscuous mode
[  215.529559][ T7432] syzkaller0: entered allmulticast mode
[  215.545704][ T7445] netlink: 28 bytes leftover after parsing attributes in process `syz.4.345'.
[  215.554899][ T7445] netlink: 'syz.4.345': attribute type 7 has an invalid length.
[  215.570320][ T7445] netlink: 'syz.4.345': attribute type 8 has an invalid length.
[  215.594351][ T7445] netlink: 4 bytes leftover after parsing attributes in process `syz.4.345'.
[  217.009615][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  217.017861][    C1] lec:lec_tx_timeout: lec0
[  217.022936][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  220.362623][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  220.370799][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  221.633336][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[  221.671031][ T7503] fuse: Bad value for 'fd'
[  221.842224][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  221.930672][   T30] kauditd_printk_skb: 96 callbacks suppressed
[  221.930689][   T30] audit: type=1800 audit(1773834683.536:286): pid=7502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.364" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  222.029479][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  222.037758][    C1] lec:lec_tx_timeout: lec0
[  222.042830][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  223.126990][ T7523] syzkaller0: entered promiscuous mode
[  223.168240][ T7523] syzkaller0: entered allmulticast mode
[  223.725944][ T7528] Set syz0 is full, maxelem 0 reached
[  223.742119][ T7536] netlink: 4 bytes leftover after parsing attributes in process `syz.5.361'.
[  223.788380][ T7523] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  223.879000][ T7522] tipc: Resetting bearer <eth:syzkaller0>
[  224.001842][ T7522] tipc: Disabling bearer <eth:syzkaller0>
[  226.726023][ T7569] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  227.049503][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  227.057610][    C1] lec:lec_tx_timeout: lec0
[  227.062576][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  227.745288][ T7579] loop3: detected capacity change from 0 to 512
[  227.787816][ T7579] EXT4-fs: Ignoring removed nobh option
[  227.796264][ T7579] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  227.834184][ T7579] EXT4-fs (loop3): 1 truncate cleaned up
[  227.889029][ T7579] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  229.230482][ T7598] binder: 7586:7598 ioctl c0306201 2000000003c0 returned -14
[  230.130227][ T7599] netlink: 64 bytes leftover after parsing attributes in process `syz.4.377'.
[  230.900090][ T5941] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  231.054734][ T5931] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  231.213625][ T5941] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  231.391268][ T5941] usb 6-1: config 0 interface 0 has no altsetting 0
[  231.422395][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.433352][ T5931] usb 1-1: Using ep0 maxpacket: 16
[  231.459205][ T5941] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  231.472311][ T5931] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  231.483822][ T5941] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  231.503088][ T5931] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 49863, setting to 1024
[  231.522058][ T5941] usb 6-1: Product: syz
[  231.528101][ T5941] usb 6-1: Manufacturer: syz
[  231.536713][ T5931] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  231.646863][ T5941] usb 6-1: SerialNumber: syz
[  231.661080][ T5931] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  231.675516][ T5941] usb 6-1: config 0 descriptor??
[  231.686573][ T5941] usb 6-1: selecting invalid altsetting 0
[  231.693904][ T5931] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  231.718579][ T5931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  231.728042][ T5931] usb 1-1: SerialNumber: syz
[  231.747560][ T7608] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  231.775737][ T5931] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  232.047335][ T7627] IPv6: NLM_F_CREATE should be specified when creating new route
[  232.057104][ T5931] cdc_acm 1-1:1.0: ttyACM0: USB ACM device
[  232.069458][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  232.077533][    C1] lec:lec_tx_timeout: lec0
[  232.082536][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  232.516037][ T5931] usb 1-1: USB disconnect, device number 3
[  232.754394][ T7635] tipc: Cannot configure node identity twice
[  233.342421][ T5902] usb 6-1: USB disconnect, device number 2
[  233.414562][   T30] audit: type=1326 audit(1773834695.016:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  233.487077][   T30] audit: type=1326 audit(1773834695.026:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  233.580225][   T30] audit: type=1326 audit(1773834695.056:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  233.677418][   T30] audit: type=1326 audit(1773834695.056:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  233.733369][   T30] audit: type=1326 audit(1773834695.066:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  233.780062][   T30] audit: type=1326 audit(1773834695.086:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  233.884363][   T30] audit: type=1326 audit(1773834695.086:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  233.930382][ T5909] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  234.000627][   T30] audit: type=1326 audit(1773834695.096:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  234.109611][ T5909] usb 1-1: Using ep0 maxpacket: 16
[  234.119738][   T30] audit: type=1326 audit(1773834695.096:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  234.189298][ T5909] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  234.200542][ T7666] loop5: detected capacity change from 0 to 2048
[  234.220223][ T7668] netlink: 4 bytes leftover after parsing attributes in process `syz.3.397'.
[  234.221048][   T30] audit: type=1326 audit(1773834695.096:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.3.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  234.251870][ T5909] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  234.271816][ T5909] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  234.880053][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  235.143169][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.152161][ T5909] usb 1-1: Product: syz
[  235.156460][ T5909] usb 1-1: Manufacturer: syz
[  235.162634][ T5909] usb 1-1: SerialNumber: syz
[  235.181574][ T5909] usb 1-1: 0:2 : does not exist
[  235.284879][ T7666] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  235.385527][ T5909] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  235.472485][ T7666] loop7: detected capacity change from 0 to 16384
[  235.547404][ T5909] usb 1-1: USB disconnect, device number 4
[  235.567863][ T7692] syzkaller0: entered promiscuous mode
[  235.597590][ T7692] syzkaller0: entered allmulticast mode
[  235.633523][ T7690] capability: warning: `syz.2.400' uses 32-bit capabilities (legacy support in use)
[  235.652155][ T7692] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  235.696244][ T5987] udevd[5987]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  235.753818][ T7688] tipc: Resetting bearer <eth:syzkaller0>
[  235.795637][    C0] I/O error, dev loop7, sector 1672 op 0x0:(READ) flags 0x80700 phys_seg 9 prio class 2
[  235.828740][ T7666] loop7: detected capacity change from 16384 to 0
[  235.855837][ T7688] tipc: Disabling bearer <eth:syzkaller0>
[  235.973060][ T6984] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.156078][ T7712] netlink: 24 bytes leftover after parsing attributes in process `syz.3.405'.
[  236.585920][ T7723] netlink: 4 bytes leftover after parsing attributes in process `syz.3.405'.
[  236.735698][ T5909] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  236.912173][ T5909] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  236.960164][ T5909] usb 1-1: config 0 interface 0 has no altsetting 0
[  237.025496][ T5909] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  237.047109][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  237.089593][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  237.097942][    C1] lec:lec_tx_timeout: lec0
[  237.102710][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  237.118954][ T5909] usb 1-1: Product: syz
[  237.123370][ T5909] usb 1-1: Manufacturer: syz
[  237.128097][ T5909] usb 1-1: SerialNumber: syz
[  237.162895][ T5909] usb 1-1: config 0 descriptor??
[  237.244304][ T5909] usb 1-1: selecting invalid altsetting 0
[  239.633115][ T7755] netlink: 4 bytes leftover after parsing attributes in process `syz.4.412'.
[  239.833739][ T5941] usb 1-1: USB disconnect, device number 5
[  240.277790][ T7764] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  242.109470][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  242.117589][    C1] lec:lec_tx_timeout: lec0
[  242.129539][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  243.964012][ T7810] netlink: 24 bytes leftover after parsing attributes in process `syz.0.426'.
[  244.741561][ T7810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.426'.
[  246.009753][ T5902] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  246.256983][ T5902] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  246.355997][ T5902] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  246.433084][ T5902] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[  246.464328][ T5902] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.508823][ T5902] usb 6-1: config 0 descriptor??
[  247.052629][ T7844] syz_tun: entered allmulticast mode
[  247.275363][ T7844] 9p: Bad value for 'rfdno'
[  247.526470][ T7862] netlink: 'syz.4.434': attribute type 2 has an invalid length.
[  247.976252][ T5902] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  247.989000][ T5902] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  247.997140][ T5902] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  248.004665][ T5902] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  248.012465][ T5902] cp2112 0003:10C4:EA90.0001: item fetching failed at offset 4/7
[  248.022249][ T5902] cp2112 0003:10C4:EA90.0001: parse failed
[  248.030300][ T5902] cp2112 0003:10C4:EA90.0001: probe with driver cp2112 failed with error -22
[  248.063794][ T7864] loop0: detected capacity change from 0 to 512
[  248.091207][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5960 ms
[  248.099267][    C1] lec:lec_tx_timeout: lec0
[  248.109243][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  248.113713][ T7864] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.130234][ T7864] ext4 filesystem being mounted at /87/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.211010][ T7843] syz_tun: left allmulticast mode
[  248.244531][ T5902] usb 6-1: USB disconnect, device number 3
[  248.289524][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  248.289541][   T30] audit: type=1804 audit(1773834709.896:320): pid=7864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.446" name="/newroot/87/file1/bus" dev="loop0" ino=18 res=1 errno=0
[  248.354672][ T7875] fuse: Bad value for 'fd'
[  249.635485][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.696047][   T30] audit: type=1326 audit(1773834711.306:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc93679c799 code=0x7ffc0000
[  249.724557][   T30] audit: type=1326 audit(1773834711.306:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc93679c799 code=0x7ffc0000
[  249.749111][ T7891] loop5: detected capacity change from 0 to 256
[  249.777029][   T30] audit: type=1326 audit(1773834711.326:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc93679c799 code=0x7ffc0000
[  249.801181][   T30] audit: type=1326 audit(1773834711.336:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc93679c799 code=0x7ffc0000
[  249.828643][   T30] audit: type=1326 audit(1773834711.336:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc93679c502 code=0x7ffc0000
[  249.860405][   T30] audit: type=1326 audit(1773834711.336:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc93679c799 code=0x7ffc0000
[  249.879611][ T5847] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  250.052266][   T30] audit: type=1326 audit(1773834711.336:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc93675cfce code=0x7ffc0000
[  250.074959][ T5847] usb 4-1: Using ep0 maxpacket: 16
[  250.094595][   T30] audit: type=1326 audit(1773834711.336:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc93679c5c7 code=0x7ffc0000
[  250.097556][ T5847] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  250.195055][ T5847] usb 4-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  250.278002][   T30] audit: type=1326 audit(1773834711.336:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.5.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc93675cfce code=0x7ffc0000
[  250.429552][ T5847] usb 4-1: config 0 interface 0 has no altsetting 0
[  250.439287][ T5847] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  251.533366][ T5847] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.585973][ T5847] usb 4-1: config 0 descriptor??
[  251.621764][ T5847] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  252.320365][ T5847] usb 4-1: USB disconnect, device number 2
[  253.201346][ T7917] fuse: fd is not a fuse device
[  253.282178][ T7919] loop2: detected capacity change from 0 to 512
[  253.308334][ T7919] EXT4-fs: Ignoring removed nobh option
[  253.331461][ T7922] loop0: detected capacity change from 0 to 512
[  253.346907][ T7919] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  253.369149][ T7922] EXT4-fs: Mount option(s) incompatible with ext2
[  253.929460][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5820 ms
[  253.937499][    C1] lec:lec_tx_timeout: lec0
[  253.942308][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  254.320734][ T7933] IPv6: NLM_F_REPLACE set, but no existing node found!
[  254.603745][ T7919] EXT4-fs (loop2): 1 truncate cleaned up
[  254.652831][ T7919] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  255.217103][ T7946] loop3: detected capacity change from 0 to 512
[  255.252118][ T7946] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.456: inode has both inline data and extents flags
[  255.299567][ T7946] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  255.299950][ T7946] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.456: couldn't read orphan inode 15 (err -117)
[  255.321572][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  255.321589][    C1] EXT4-fs (loop3): initial error at time 1773834716: ext4_orphan_get:1391: inode 15
[  255.321613][    C1] EXT4-fs (loop3): last error at time 1773834716: ext4_orphan_get:1391: inode 15
[  255.348357][ T7946] loop3: lost filesystem error report for type 5 error -117
[  255.355340][ T7946] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.369597][ T7950] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.022617][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  256.033716][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  256.046644][ T7942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.165975][ T7939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  256.190656][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.362698][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.420804][ T7954] loop5: detected capacity change from 0 to 4096
[  256.441145][ T7954] EXT4-fs (loop5): Test dummy encryption mode enabled
[  256.497810][ T7954] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.684467][ T7962] /dev/nullb0: Can't open blockdev
[  258.365183][ T6984] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.949469][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  258.957548][    C1] lec:lec_tx_timeout: lec0
[  258.969521][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  260.028279][ T5941] IPVS: starting estimator thread 0...
[  260.054554][ T8001] loop2: detected capacity change from 0 to 512
[  260.057670][ T7984] syzkaller0: entered promiscuous mode
[  260.068406][ T7984] syzkaller0: entered allmulticast mode
[  260.104343][ T8001] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  260.123981][ T8001] ext4 filesystem being mounted at /103/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.150736][ T8004] IPVS: using max 35 ests per chain, 84000 per kthread
[  260.285100][   T30] kauditd_printk_skb: 100 callbacks suppressed
[  260.285116][   T30] audit: type=1804 audit(1773834721.896:430): pid=8001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.471" name="/newroot/103/file1/bus" dev="loop2" ino=18 res=1 errno=0
[  260.300267][ T8015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  260.632136][ T8021] random: crng reseeded on system resumption
[  261.854732][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.979509][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  263.988135][    C1] lec:lec_tx_timeout: lec0
[  263.992970][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  267.320939][ T8022] warning: `syz.4.477' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  267.772917][   T30] audit: type=1326 audit(1773834729.376:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8057 comm="syz.2.486" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f199839c799 code=0x0
[  268.999436][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  269.007694][    C1] lec:lec_tx_timeout: lec0
[  269.012485][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  270.269668][ T8075] netlink: 550 bytes leftover after parsing attributes in process `syz.2.490'.
[  270.500744][ T8066] loop0: detected capacity change from 0 to 512
[  270.572978][ T8066] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  271.322760][   T58] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1)
[  273.042089][ T8103] loop0: detected capacity change from 0 to 256
[  274.019444][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  274.027546][    C1] lec:lec_tx_timeout: lec0
[  274.032741][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  274.682722][ T8103] FAT-fs (loop0): Directory bread(block 64) failed
[  274.689552][ T8103] FAT-fs (loop0): Directory bread(block 65) failed
[  274.696735][ T8103] FAT-fs (loop0): Directory bread(block 66) failed
[  274.703926][ T8103] FAT-fs (loop0): Directory bread(block 67) failed
[  274.711356][ T8103] FAT-fs (loop0): Directory bread(block 68) failed
[  274.718476][ T8103] FAT-fs (loop0): Directory bread(block 69) failed
[  274.726428][ T8103] FAT-fs (loop0): Directory bread(block 70) failed
[  274.733527][ T8103] FAT-fs (loop0): Directory bread(block 71) failed
[  274.740985][ T8103] FAT-fs (loop0): Directory bread(block 72) failed
[  274.747667][ T8103] FAT-fs (loop0): Directory bread(block 73) failed
[  275.303601][ T8114] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  276.003881][ T8125] loop0: detected capacity change from 0 to 64
[  279.039449][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  279.047493][    C1] lec:lec_tx_timeout: lec0
[  279.059543][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  281.791480][ T8173] lo: entered allmulticast mode
[  281.813883][ T8172] lo: left allmulticast mode
[  282.936458][ T8182] netlink: 4 bytes leftover after parsing attributes in process `syz.3.516'.
[  284.069424][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  284.077450][    C1] lec:lec_tx_timeout: lec0
[  284.082230][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  284.345635][ T8190] ip6gre1: entered promiscuous mode
[  284.387126][ T8190] ip6gre1: entered allmulticast mode
[  284.433625][ T8194] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  284.491032][ T8194] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  284.907905][ T8209] xt_connbytes: Forcing CT accounting to be enabled
[  284.915093][ T8209] Cannot find set identified by id 0 to match
[  285.659129][   T30] audit: type=1326 audit(1773834747.266:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6b5b9c799 code=0x7ffc0000
[  285.749610][   T30] audit: type=1326 audit(1773834747.296:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd6b5b9c42b code=0x7ffc0000
[  285.785306][ T3541] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  285.797082][ T3541] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  285.809892][ T5909] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  285.840223][   T30] audit: type=1326 audit(1773834747.296:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd6b5b9c42b code=0x7ffc0000
[  285.862723][   T30] audit: type=1326 audit(1773834747.296:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd6b5b9c42b code=0x7ffc0000
[  286.330738][   T30] audit: type=1326 audit(1773834747.296:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd6b5b9c42b code=0x7ffc0000
[  286.352979][   T30] audit: type=1326 audit(1773834747.296:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd6b5b9c42b code=0x7ffc0000
[  286.375242][   T30] audit: type=1326 audit(1773834747.296:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd6b5b9c42b code=0x7ffc0000
[  286.375665][ T5909] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  286.398422][   T30] audit: type=1326 audit(1773834747.296:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd6b5b9c42b code=0x7ffc0000
[  286.445356][   T30] audit: type=1326 audit(1773834747.296:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd6b5b9c42b code=0x7ffc0000
[  286.506720][ T8231] mmap: syz.4.532 (8231) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  286.571023][ T5909] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  286.582178][   T30] audit: type=1326 audit(1773834747.296:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8220 comm="syz.4.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd6b5b9c42b code=0x7ffc0000
[  289.089494][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  289.097785][    C1] lec:lec_tx_timeout: lec0
[  289.103660][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  289.777953][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  292.166645][ T8275] netlink: 24 bytes leftover after parsing attributes in process `syz.4.544'.
[  293.032725][ T8286] loop3: detected capacity change from 0 to 1024
[  293.056601][ T8288] netlink: 'syz.2.548': attribute type 10 has an invalid length.
[  293.067244][ T8286] EXT4-fs: Ignoring removed nomblk_io_submit option
[  293.121963][ T8286] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  293.152196][ T8288] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  294.281934][ T8300] netlink: 'syz.4.551': attribute type 4 has an invalid length.
[  294.889426][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5780 ms
[  294.897468][    C1] lec:lec_tx_timeout: lec0
[  294.909498][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  295.337463][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  295.492638][ T8306] loop2: detected capacity change from 0 to 40427
[  295.505611][ T8306] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  295.513832][ T8306] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  295.722878][ T8306] F2FS-fs (loop2): invalid crc value
[  295.810954][ T8306] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  295.829883][ T8306] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  295.837358][ T8306] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  296.055238][ T8318] syz.2.552: attempt to access beyond end of device
[  296.055238][ T8318] loop2: rw=8423425, sector=77824, nr_sectors = 8 limit=40427
[  296.079308][   T30] kauditd_printk_skb: 38 callbacks suppressed
[  296.079326][   T30] audit: type=1800 audit(1773834757.656:480): pid=8318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.552" name="file1" dev="loop2" ino=10 res=0 errno=0
[  296.086384][ T8320] loop3: detected capacity change from 0 to 2048
[  296.155004][   T30] audit: type=1800 audit(1773834757.666:481): pid=8318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.552" name="bus" dev="loop2" ino=11 res=0 errno=0
[  296.406875][ T8320] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  296.479308][ T8320] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  296.655291][ T8330] loop5: detected capacity change from 0 to 128
[  296.678995][ T8330] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  296.982898][ T8330] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  297.074537][ T8330] ext2 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  297.220800][ T5841] syz-executor: attempt to access beyond end of device
[  297.220800][ T5841] loop2: rw=8390659, sector=77824, nr_sectors = 8 limit=40427
[  297.250899][ T5841] F2FS-fs (loop2): Issue discard(9728, 9728, 1) failed, ret: -5
[  297.369785][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  297.652490][ T6984] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  297.702131][   T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  298.779486][   T10] usb 4-1: Using ep0 maxpacket: 32
[  298.790941][   T10] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  299.632010][   T10] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  299.724295][   T10] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  299.807990][   T10] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  299.929650][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  299.937972][    C1] lec:lec_tx_timeout: lec0
[  299.942649][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  299.979584][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  299.995148][   T10] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  300.005626][   T10] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  300.628377][   T10] usb 4-1: Product: syz
[  300.668026][   T10] usb 4-1: Manufacturer: syz
[  300.676270][   T10] usb 4-1: SerialNumber: syz
[  300.909781][   T10] usb 4-1: config 0 descriptor??
[  301.071822][   T10] usb 4-1: can't set config #0, error -71
[  301.187143][   T10] usb 4-1: USB disconnect, device number 3
[  302.386268][ T8378] xt_CT: No such helper "pptp"
[  302.768555][ T8392] ADFS-fs (loop9): error: unable to read block 3, try 0
[  304.445711][ T5853] Bluetooth: hci5: command 0x0406 tx timeout
[  304.867779][ T8400] syzkaller0: entered promiscuous mode
[  304.895295][ T8400] syzkaller0: entered allmulticast mode
[  304.949426][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  304.957633][    C1] lec:lec_tx_timeout: lec0
[  304.969520][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  306.153915][ T8418] capability: warning: `syz.4.581' uses deprecated v2 capabilities in a way that may be insecure
[  308.056397][ T8437] vlan3: entered allmulticast mode
[  308.061764][ T8437] bond0: entered allmulticast mode
[  308.067037][ T8437] bond_slave_0: entered allmulticast mode
[  308.077167][ T8437] bond_slave_1: entered allmulticast mode
[  308.252840][ T8437] netlink: 14 bytes leftover after parsing attributes in process `syz.4.589'.
[  308.678523][ T8440] netlink: 'syz.5.588': attribute type 32 has an invalid length.
[  308.752549][ T5166] Bluetooth: hci5: unexpected event for opcode 0x203d
[  308.759953][ T5166] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  308.760010][ T5166] Bluetooth: hci5: ACL packet for unknown connection handle 200
[  308.796751][ T8437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  308.834283][ T8437] bond_slave_0: left allmulticast mode
[  309.006035][ T8437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  309.155485][ T8437] bond_slave_1: left allmulticast mode
[  309.179921][ T8437] bond0 (unregistering): Released all slaves
[  309.253166][ T8457] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  309.268245][ T8457] Error validating options; rc = [-22]
[  309.983426][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  309.991604][    C1] lec:lec_tx_timeout: lec0
[  309.996858][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  310.145169][ T8467] loop5: detected capacity change from 0 to 128
[  310.162867][ T8467] vfat: Unknown parameter '18446744073709551615ÿÿÿ'
[  312.729777][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  312.821794][ T5166] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  312.833527][ T5166] Bluetooth: hci5: Injecting HCI hardware error event
[  312.844843][ T5853] Bluetooth: hci5: hardware error 0x00
[  315.009422][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  315.017616][    C1] lec:lec_tx_timeout: lec0
[  315.022311][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  315.500244][ T5853] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  317.463643][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  317.890351][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  318.803017][ T8561] netlink: 996 bytes leftover after parsing attributes in process `syz.3.618'.
[  319.169326][ T8571] loop2: detected capacity change from 0 to 512
[  320.029419][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  320.037459][    C1] lec:lec_tx_timeout: lec0
[  320.049513][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  320.129617][ T8571] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.622: inode has both inline data and extents flags
[  320.255500][ T8571] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  320.259442][    C0] EXT4-fs (loop2): error count since last fsck: 1
[  320.277442][    C0] EXT4-fs (loop2): initial error at time 1773834781: ext4_orphan_get:1391: inode 15
[  320.287188][    C0] EXT4-fs (loop2): last error at time 1773834781: ext4_orphan_get:1391: inode 15
[  320.347263][ T8571] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.622: couldn't read orphan inode 15 (err -117)
[  320.741542][ T8571] loop2: lost filesystem error report for type 5 error -117
[  320.914852][ T8571] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  321.918326][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.449968][ T8593] IPv6: NLM_F_REPLACE set, but no existing node found!
[  322.881580][   T30] audit: type=1326 audit(1773834784.496:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8596 comm="syz.0.632" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f57d079c799 code=0x0
[  322.997319][ T8600] Bluetooth: hci0: invalid length 0, exp 2 for type 11
[  325.059431][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  325.067678][    C1] lec:lec_tx_timeout: lec0
[  325.079493][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  327.673024][ T8636] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  327.818972][ T8636] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  327.832244][ T8636] overlayfs: failed to look up (tracing) for ino (-66)
[  329.188435][ T8641] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  330.089512][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  330.097746][    C1] lec:lec_tx_timeout: lec0
[  330.103669][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  330.469951][ T8659] dvmrp1: entered allmulticast mode
[  331.252692][ T8668] netlink: 'syz.3.649': attribute type 1 has an invalid length.
[  331.640453][ T8677] bond1: (slave gretap1): making interface the new active one
[  332.182635][ T8677] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  332.650403][ T8668] vlan2: entered allmulticast mode
[  332.721415][ T8668] bond1: entered allmulticast mode
[  332.809773][ T8668] gretap1: entered allmulticast mode
[  333.412752][ T8668] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  334.123020][ T8704] loop0: detected capacity change from 0 to 8
[  335.108349][ T8717] tipc: Started in network mode
[  335.118564][ T8717] tipc: Node identity de4e9cfe6db2, cluster identity 4711
[  335.143936][   T30] audit: type=1326 audit(1773834796.756:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  335.192152][   T30] audit: type=1326 audit(1773834796.756:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  335.194151][ T8714] can: request_module (can-proto-5) failed.
[  335.215362][   T30] audit: type=1326 audit(1773834796.756:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f255b95cfce code=0x7ffc0000
[  335.345282][   T30] audit: type=1326 audit(1773834796.756:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f255b99da97 code=0x7ffc0000
[  335.368522][   T30] audit: type=1326 audit(1773834796.756:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  335.405579][ T8717] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  335.425593][   T30] audit: type=1326 audit(1773834796.756:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f255b99da97 code=0x7ffc0000
[  335.929397][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5820 ms
[  335.937845][    C1] lec:lec_tx_timeout: lec0
[  335.942807][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  335.995590][ T8721] syzkaller0: entered promiscuous mode
[  336.099551][ T8721] syzkaller0: entered allmulticast mode
[  336.102672][ T8718] loop3: detected capacity change from 0 to 1024
[  336.128609][   T30] audit: type=1326 audit(1773834796.756:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f255b95cfce code=0x7ffc0000
[  336.176433][ T8717] tipc: Resetting bearer <eth:syzkaller0>
[  336.213898][ T8715] tipc: Resetting bearer <eth:syzkaller0>
[  336.240494][   T30] audit: type=1326 audit(1773834796.756:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  336.247123][ T8718] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  336.351745][   T30] audit: type=1326 audit(1773834797.026:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  336.386576][   T30] audit: type=1326 audit(1773834797.086:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f255b99c799 code=0x7ffc0000
[  336.427517][ T8715] tipc: Disabling bearer <eth:syzkaller0>
[  336.483278][ T8714] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.661: missing EA_INODE flag
[  336.527347][ T8714] EXT4-fs (loop3): Remounting filesystem read-only
[  336.616227][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.799612][ T8740] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  338.446285][ T8756] syzkaller0: entered promiscuous mode
[  338.475023][ T8756] syzkaller0: entered allmulticast mode
[  338.617462][ T8766] sch_tbf: burst 8 is lower than device syzkaller0 mtu (1500) !
[  338.629237][ T8766] syzkaller0: entered promiscuous mode
[  338.634982][ T8766] syzkaller0: entered allmulticast mode
[  340.796349][ T8790] loop3: detected capacity change from 0 to 32768
[  340.949435][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  340.957558][    C1] lec:lec_tx_timeout: lec0
[  340.963403][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  341.154792][ T8790] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  342.008376][ T8790] XFS (loop3): Ending clean mount
[  342.028837][ T8790] XFS (loop3): Quotacheck needed: Please wait.
[  342.169771][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  344.826912][ T8790] XFS (loop3): Quotacheck: Done.
[  344.992594][ T5845] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  345.979424][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  345.987784][    C1] lec:lec_tx_timeout: lec0
[  345.992923][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  346.132881][ T8845] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  347.705637][ T8844] netlink: 10 bytes leftover after parsing attributes in process `syz.2.694'.
[  348.841630][ T8865] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  348.853235][ T8865] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  348.863296][ T8865] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  348.871060][ T8865] UDF-fs: Scanning with blocksize 512 failed
[  348.884716][ T8865] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  348.896755][ T8865] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  348.906619][ T8865] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  348.914431][ T8865] UDF-fs: Scanning with blocksize 1024 failed
[  348.924670][ T8865] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  348.935231][ T8865] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  348.945615][ T8865] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  348.953945][ T8865] UDF-fs: Scanning with blocksize 2048 failed
[  348.963282][ T8865] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  348.973694][ T8865] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  348.983407][ T8865] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  348.991356][ T8865] UDF-fs: Scanning with blocksize 4096 failed
[  348.997480][ T8865] UDF-fs: warning (device loop5): udf_fill_super: No partition found (1)
[  350.999438][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  351.007533][    C1] lec:lec_tx_timeout: lec0
[  351.012322][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  351.350037][ T5902] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  352.199451][ T5902] usb 3-1: Using ep0 maxpacket: 32
[  352.221476][ T5902] usb 3-1: config 0 has no interfaces?
[  352.253108][ T5902] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  352.275724][ T8898] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  352.283431][ T8898] IPv6: NLM_F_CREATE should be set when creating new route
[  352.292477][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.302607][ T5902] usb 3-1: Product: syz
[  352.307830][ T5902] usb 3-1: Manufacturer: syz
[  352.323010][ T5902] usb 3-1: SerialNumber: syz
[  352.482085][ T5902] usb 3-1: config 0 descriptor??
[  352.504528][ T8898] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.512634][ T8898] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.590308][ T8901] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  354.256399][ T5941] usb 3-1: USB disconnect, device number 4
[  354.349110][ T8898] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  354.391726][ T8898] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  356.019388][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  356.027665][    C1] lec:lec_tx_timeout: lec0
[  356.033085][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  356.229852][ T8935] loop2: detected capacity change from 0 to 512
[  356.277908][ T8935] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.715: inode has both inline data and extents flags
[  356.292844][   T12] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  356.303862][   T12] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  356.326778][ T8935] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  356.327341][ T8935] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.715: couldn't read orphan inode 15 (err -117)
[  356.336650][    C1] EXT4-fs (loop2): error count since last fsck: 1
[  356.336677][    C1] EXT4-fs (loop2): initial error at time 1773834817: ext4_orphan_get:1391: inode 15
[  356.336725][    C1] EXT4-fs (loop2): last error at time 1773834817: ext4_orphan_get:1391: inode 15
[  356.381202][   T12] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  356.410556][ T8935] loop2: lost filesystem error report for type 5 error -117
[  356.412488][ T1153] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  356.414285][ T8935] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.878752][ T8944] syzkaller0: entered promiscuous mode
[  357.963922][ T8944] syzkaller0: entered allmulticast mode
[  358.146709][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.099613][ T5963] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  359.789522][ T5963] usb 4-1: Using ep0 maxpacket: 8
[  360.348337][ T8990] loop0: detected capacity change from 0 to 131072
[  360.387356][ T5963] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  360.396717][ T5963] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.500220][ T8990] XFS (loop0): Mounting V5 Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  360.517829][ T8989] loop2: detected capacity change from 0 to 32768
[  360.529290][ T8989] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.730 (8989)
[  360.548270][ T8989] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  360.554950][ T5963] pvrusb2: Hardware description: Terratec Grabster AV400
[  360.558626][ T8989] BTRFS info (device loop2): using sha256 checksum algorithm
[  360.565938][ T5963] pvrusb2: **********
[  360.620265][ T5963] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  360.633329][ T8990] XFS (loop0): Starting recovery (logdev: internal)
[  360.640560][ T5963] pvrusb2: Important functionality might not be entirely working.
[  360.648998][ T5963] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  360.663134][ T5963] pvrusb2: **********
[  360.785340][ T2364] pvrusb2: Invalid write control endpoint
[  361.039440][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  361.047542][    C1] lec:lec_tx_timeout: lec0
[  361.052475][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  361.309038][ T8990] XFS (loop0): Ending recovery (logdev: internal)
[  361.341544][ T8989] BTRFS info (device loop2): enabling ssd optimizations
[  361.349067][ T8989] BTRFS info (device loop2): turning on async discard
[  361.356005][ T8989] BTRFS info (device loop2): enabling free space tree
[  361.556158][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  361.556241][   T30] audit: type=1800 audit(1773834823.156:510): pid=8990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.729" name="file1" dev="loop0" ino=38 res=0 errno=0
[  362.245069][ T5916] usb 4-1: USB disconnect, device number 4
[  362.557430][ T2364] pvrusb2: Invalid write control endpoint
[  362.591198][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  362.676613][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  362.686404][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  362.689487][ T8989] BTRFS info (device loop2): balance: start -d -m
[  362.758381][ T2364] pvrusb2: Device being rendered inoperable
[  362.761157][ T8989] BTRFS info (device loop2): relocating block group 6881280 flags data|metadata
[  362.827464][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  362.862908][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  363.014556][ T5844] XFS (loop0): Unmounting Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  363.669637][ T2364] pvrusb2: Attached sub-driver cx25840
[  363.680873][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  363.712865][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  363.875863][ T8989] BTRFS info (device loop2): relocating block group 5242880 flags data|metadata
[  363.941415][ T8989] BTRFS info (device loop2): balance: canceled
[  364.136925][ T5841] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  365.139025][ T9046] loop3: detected capacity change from 0 to 128
[  365.567075][ T9046] syz.3.740: attempt to access beyond end of device
[  365.567075][ T9046] loop3: rw=2049, sector=138, nr_sectors = 2 limit=128
[  366.059405][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  366.067502][    C1] lec:lec_tx_timeout: lec0
[  366.072711][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  366.364668][ T9087] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode
[  366.385565][ T9087] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode
[  366.587146][ T9091] netlink: 'syz.2.751': attribute type 39 has an invalid length.
[  366.657327][ T9094] netlink: 1 bytes leftover after parsing attributes in process `syz.2.751'.
[  368.130162][ T9114] loop2: detected capacity change from 0 to 512
[  368.785506][ T9114] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  368.798628][ T9114] ext4 filesystem being mounted at /164/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  369.718791][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.888556][ T9126] loop2: detected capacity change from 0 to 256
[  369.907558][ T9126] FAT-fs (loop2): invalid media value (0x2f)
[  369.936682][ T9126] FAT-fs (loop2): Can't find a valid FAT filesystem
[  370.832466][ T9128] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  371.079411][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  371.087436][    C1] lec:lec_tx_timeout: lec0
[  371.092294][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  373.461039][ T9165] tmpfs: Bad value for 'nr_blocks'
[  373.482166][ T9167] loop5: detected capacity change from 0 to 8
[  373.526029][ T9167] SQUASHFS error: lzo decompression failed, data probably corrupt
[  373.544129][ T5963] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  373.581060][ T9167] SQUASHFS error: Failed to read block 0x91: -5
[  373.602857][ T9167] SQUASHFS error: Unable to read metadata cache entry [8f]
[  373.646473][ T9167] SQUASHFS error: Unable to read inode 0x11f
[  373.658243][ T9176] netlink: 44 bytes leftover after parsing attributes in process `syz.3.773'.
[  373.702675][ T5963] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  373.894235][ T9180] loop0: detected capacity change from 0 to 1024
[  373.986326][ T9180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  374.053072][ T9178] fido_id[9178]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  374.137035][ T9180] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  374.865474][ T9195] EXT4-fs error (device loop0): ext4_map_blocks:821: inode #15: comm syz.0.774: lblock 0 mapped to illegal pblock 0 (length 4)
[  374.890564][ T9195] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 117
[  374.904101][ T9195] EXT4-fs (loop0): This should not happen!! Data will be lost
[  374.904101][ T9195] 
[  375.267643][ T1160] EXT4-fs error (device loop0): ext4_map_blocks:821: inode #15: block 4: comm kworker/u8:8: lblock 4 mapped to illegal pblock 4 (length 2)
[  375.292614][ T1160] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2 with error 117
[  376.099402][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  376.107579][    C1] lec:lec_tx_timeout: lec0
[  376.112746][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  376.273479][ T1160] EXT4-fs (loop0): This should not happen!! Data will be lost
[  376.273479][ T1160] 
[  376.284814][ T1160] EXT4-fs error (device loop0): ext4_map_blocks:821: inode #15: block 8: comm kworker/u8:8: lblock 8 mapped to illegal pblock 8 (length 8)
[  376.541225][ T1160] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  376.575581][ T1160] EXT4-fs (loop0): This should not happen!! Data will be lost
[  376.575581][ T1160] 
[  376.630900][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  376.721012][ T9213] loop2: detected capacity change from 0 to 764
[  378.662051][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  378.671930][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  381.929386][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5820 ms
[  381.937596][    C1] lec:lec_tx_timeout: lec0
[  381.946505][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  382.142330][ T9273] netlink: 52 bytes leftover after parsing attributes in process `syz.0.800'.
[  382.155338][ T9273] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.165876][ T9273] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.879817][ T9275] netlink: 'syz.3.802': attribute type 1 has an invalid length.
[  383.632433][ T9281] bond2: (slave vxcan1): The slave device specified does not support setting the MAC address
[  383.662781][ T9281] bond2: (slave vxcan1): Error -95 calling set_mac_address
[  385.031483][ T9283] bond2: (slave gretap2): making interface the new active one
[  385.047283][ T9283] bond2: (slave gretap2): Enslaving as an active interface with an up link
[  385.279523][ T9311] tmpfs: Invalid gid '0x00000000ffffffff'
[  386.959414][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  386.967820][    C1] lec:lec_tx_timeout: lec0
[  386.979496][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  388.825157][ T9334] loop5: detected capacity change from 0 to 512
[  388.851204][ T9334] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  388.899443][ T9334] EXT4-fs (loop5): SIPHASH is not a valid default hash value
[  389.212701][ T9341] Device name not specified.
[  389.212701][ T9341] 
[  389.349451][ T5847] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  389.556841][ T5847] usb 6-1: Using ep0 maxpacket: 32
[  390.079831][ T5847] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.099592][   T30] audit: type=1800 audit(1773834851.706:511): pid=9347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.818" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=19884 res=0 errno=0
[  390.112495][ T5847] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.142691][ T5847] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  390.152880][ T5847] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.177060][ T5847] usb 6-1: config 0 descriptor??
[  390.217444][ T9349] loop2: detected capacity change from 0 to 2048
[  390.236860][ T5847] hub 6-1:0.0: USB hub found
[  390.256914][ T9349] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  390.519015][ T5847] hub 6-1:0.0: 1 port detected
[  391.149756][ T9358] syzkaller0: entered promiscuous mode
[  391.168603][ T9358] syzkaller0: entered allmulticast mode
[  391.645383][ T5916] hub 6-1:0.0: activate --> -90
[  391.875041][ T5847] usb 6-1: USB disconnect, device number 4
[  391.882021][ T5916] hub 6-1:0.0: hub_ext_port_status failed (err = -71)
[  391.989412][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  391.997574][    C1] lec:lec_tx_timeout: lec0
[  392.113440][ T9369] loop0: detected capacity change from 0 to 32768
[  392.125081][ T9369] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.824 (9369)
[  392.161899][ T9369] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  392.172863][ T9369] BTRFS info (device loop0): using sha256 checksum algorithm
[  392.257818][ T9369] BTRFS info (device loop0): enabling ssd optimizations
[  392.266356][ T9369] BTRFS info (device loop0): turning on async discard
[  392.273927][ T9369] BTRFS info (device loop0): enabling free space tree
[  393.684493][ T9393] loop2: detected capacity change from 0 to 32768
[  393.700191][ T9393] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.826 (9393)
[  393.722416][ T9393] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  393.732689][ T9393] BTRFS info (device loop2): using sha256 checksum algorithm
[  393.853475][ T9393] BTRFS info (device loop2): enabling ssd optimizations
[  393.860523][ T9393] BTRFS info (device loop2): turning on async discard
[  393.867276][ T9393] BTRFS info (device loop2): enabling free space tree
[  394.168197][ T9413] loop5: detected capacity change from 0 to 2048
[  394.242194][ T9413] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  394.304302][ T9407] syzkaller0: entered promiscuous mode
[  394.392497][ T9407] syzkaller0: entered allmulticast mode
[  394.463708][ T5841] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  394.890634][ T9415] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  396.247874][ T5844] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  398.767117][ T9437] fuse: Bad value for 'fd'
[  399.069490][ T5847] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  399.259987][ T5847] usb 6-1: Using ep0 maxpacket: 32
[  399.293542][ T5847] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  399.380630][ T5847] usb 6-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  399.494775][ T5847] usb 6-1: config 0 interface 0 has no altsetting 0
[  399.728375][ T5847] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  399.817422][ T5847] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.925900][ T5847] usb 6-1: Product: syz
[  399.991264][ T5847] usb 6-1: Manufacturer: syz
[  400.067667][ T5847] usb 6-1: SerialNumber: syz
[  400.237402][ T9453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  400.575589][ T5847] usb 6-1: config 0 descriptor??
[  400.631429][ T5847] gs_usb 6-1:0.0: Required endpoints not found
[  400.990327][ T9451] netlink: 10 bytes leftover after parsing attributes in process `syz.0.827'.
[  404.030817][  T808] usb 6-1: USB disconnect, device number 5
[  404.249812][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  405.296042][ T9495] loop3: detected capacity change from 0 to 32768
[  407.214059][ T9514] xt_ecn: cannot match TCP bits for non-tcp packets
[  410.174919][ T9534] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[9534]
[  412.056025][ T9563] loop2: detected capacity change from 0 to 1024
[  412.580036][ T9563] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback.
[  412.603305][ T9563] ext4 filesystem being mounted at /192/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  412.916723][ T9568] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  413.215332][ T9574] binder: 9573:9574 ioctl c0306201 2000000001c0 returned -14
[  413.223341][ T9574] netlink: 16 bytes leftover after parsing attributes in process `syz.3.872'.
[  414.029990][ T9580] loop5: detected capacity change from 0 to 32768
[  415.277608][   T13] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 16 with error 117
[  415.424816][   T13] EXT4-fs (loop2): This should not happen!! Data will be lost
[  415.424816][   T13] 
[  415.551293][   T13] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 36 with error 117
[  415.581235][   T13] EXT4-fs (loop2): This should not happen!! Data will be lost
[  415.581235][   T13] 
[  415.748111][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  417.864756][  T808] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  418.050061][  T808] usb 1-1: Using ep0 maxpacket: 16
[  418.067281][  T808] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  418.080520][  T808] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  418.155038][  T808] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  418.170044][  T808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.228701][  T808] usb 1-1: Product: syz
[  418.245213][  T808] usb 1-1: Manufacturer: syz
[  418.260206][  T808] usb 1-1: SerialNumber: syz
[  418.367468][  T808] usb 1-1: 0:2 : does not exist
[  418.813748][ T9616] loop3: detected capacity change from 0 to 40427
[  419.505890][ T9616] F2FS-fs (loop3): invalid crc value
[  419.593435][ T9616] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  419.607467][ T9616] F2FS-fs (loop3): Start checkpoint disabled!
[  419.628641][ T9616] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  419.636707][ T9616] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  419.689217][  T808] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  419.793647][ T9622] random: crng reseeded on system resumption
[  420.105697][   T30] audit: type=1800 audit(1773834881.656:512): pid=9625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.886" name="bus" dev="loop3" ino=10 res=0 errno=0
[  420.603809][  T808] usb 1-1: USB disconnect, device number 6
[  420.608471][ T1153] kworker/u8:7: attempt to access beyond end of device
[  420.608471][ T1153] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  420.645247][ T1153] CPU: 1 UID: 0 PID: 1153 Comm: kworker/u8:7 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  420.645276][ T1153] Tainted: [L]=SOFTLOCKUP
[  420.645281][ T1153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  420.645291][ T1153] Workqueue: writeback wb_workfn (flush-7:3)
[  420.645325][ T1153] Call Trace:
[  420.645395][ T1153]  <TASK>
[  420.645403][ T1153]  dump_stack_lvl+0xe8/0x150
[  420.645462][ T1153]  f2fs_handle_critical_error+0x37c/0x540
[  420.645489][ T1153]  f2fs_write_end_io+0x1274/0x1740
[  420.645531][ T1153]  __submit_merged_bio+0x256/0x700
[  420.645557][ T1153]  __submit_merged_write_cond+0x3c9/0x4e0
[  420.645586][ T1153]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  420.645659][ T1153]  f2fs_write_data_pages+0x287e/0x34f0
[  420.645680][ T1153]  ? unwind_next_frame+0xa5/0x23c0
[  420.645696][ T1153]  ? lock_release+0x4b/0x3d0
[  420.645750][ T1153]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  420.645793][ T1153]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  420.645842][ T1153]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  420.645884][ T1153]  ? __lock_acquire+0x6b5/0x2cf0
[  420.645922][ T1153]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  420.645945][ T1153]  do_writepages+0x32e/0x550
[  420.645972][ T1153]  ? reacquire_held_locks+0x104/0x190
[  420.645989][ T1153]  ? writeback_sb_inodes+0x477/0x1a20
[  420.646014][ T1153]  __writeback_single_inode+0x133/0x11a0
[  420.646032][ T1153]  ? do_raw_spin_unlock+0xf5/0x210
[  420.646056][ T1153]  writeback_sb_inodes+0x992/0x1a20
[  420.646095][ T1153]  ? do_raw_spin_unlock+0xf5/0x210
[  420.646121][ T1153]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  420.646139][ T1153]  ? do_raw_spin_lock+0x12b/0x2f0
[  420.646194][ T1153]  ? rcu_is_watching+0x15/0xb0
[  420.646219][ T1153]  wb_writeback+0x456/0xb70
[  420.646242][ T1153]  ? queue_io+0x211/0x4a0
[  420.646269][ T1153]  ? __pfx_wb_writeback+0x10/0x10
[  420.646285][ T1153]  ? do_raw_spin_lock+0x12b/0x2f0
[  420.646317][ T1153]  wb_workfn+0x414/0xf50
[  420.646353][ T1153]  ? look_up_lock_class+0x57/0x110
[  420.646384][ T1153]  ? __pfx_wb_workfn+0x10/0x10
[  420.646405][ T1153]  ? do_raw_spin_lock+0x12b/0x2f0
[  420.646426][ T1153]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  420.646466][ T1153]  ? process_one_work+0x8bb/0x1780
[  420.646485][ T1153]  process_one_work+0x9ab/0x1780
[  420.646521][ T1153]  ? __pfx_process_one_work+0x10/0x10
[  420.646538][ T1153]  ? do_raw_spin_lock+0x12b/0x2f0
[  420.646570][ T1153]  worker_thread+0xba8/0x11e0
[  420.646611][ T1153]  kthread+0x388/0x470
[  420.646630][ T1153]  ? __pfx_worker_thread+0x10/0x10
[  420.646644][ T1153]  ? __pfx_kthread+0x10/0x10
[  420.646664][ T1153]  ret_from_fork+0x51e/0xb90
[  420.646686][ T1153]  ? __pfx_ret_from_fork+0x10/0x10
[  420.646705][ T1153]  ? __switch_to+0xc7d/0x1450
[  420.646729][ T1153]  ? __pfx_kthread+0x10/0x10
[  420.646748][ T1153]  ret_from_fork_asm+0x1a/0x30
[  420.646788][ T1153]  </TASK>
[  420.646836][ T1153] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  420.808877][ T8321] udevd[8321]: setting mode of /dev/mixer3 to 020660 failed: No such file or directory
[  421.164457][ T8284] udevd[8284]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  421.223155][ T8321] udevd[8321]: setting owner of /dev/mixer3 to uid=0, gid=29 failed: No such file or directory
[  423.729504][ T9656] netlink: 'syz.5.905': attribute type 10 has an invalid length.
[  423.738918][ T9656] veth1_macvtap: left promiscuous mode
[  424.073535][ T9654] loop2: detected capacity change from 0 to 2048
[  424.168963][ T9654] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  424.445133][ T9659] netlink: 'syz.4.897': attribute type 1 has an invalid length.
[  424.482031][ T9660] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  424.687210][ T9663] netlink: 20 bytes leftover after parsing attributes in process `syz.4.897'.
[  426.070870][ T9669] netlink: 28 bytes leftover after parsing attributes in process `syz.4.897'.
[  427.242428][ T9663] bond0: (slave bridge1): making interface the new active one
[  427.436589][ T9663] bond0: (slave bridge1): Enslaving as an active interface with an up link
[  428.072075][ T9669] 8021q: adding VLAN 0 to HW filter on device bond0
[  429.956425][ T9709] netlink: 'syz.5.908': attribute type 21 has an invalid length.
[  429.964773][ T9709] netlink: 'syz.5.908': attribute type 6 has an invalid length.
[  429.972668][ T9709] netlink: 132 bytes leftover after parsing attributes in process `syz.5.908'.
[  430.675207][ T9719] syzkaller0: entered promiscuous mode
[  430.680958][ T9719] syzkaller0: entered allmulticast mode
[  430.729878][ T9724] loop5: detected capacity change from 0 to 256
[  430.743168][ T9724] FAT-fs (loop5): invalid media value (0x2f)
[  430.784192][ T9724] FAT-fs (loop5): Can't find a valid FAT filesystem
[  430.937772][ T9728] tipc: Started in network mode
[  430.959064][ T9728] tipc: Node identity 080211000001, cluster identity 4711
[  431.047281][ T9728] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  432.077766][ T9736] tipc: Resetting bearer <eth:syzkaller0>
[  432.310433][   T24] tipc: Node number set to 134418688
[  434.088263][ T9749] tipc: Cannot configure node identity twice
[  434.921288][ T9761] /dev/nullb0: Can't open blockdev
[  436.284899][ T9771] loop2: detected capacity change from 0 to 40427
[  436.301476][ T9771] F2FS-fs (loop2): invalid crc value
[  436.365839][ T9771] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  436.377180][ T9771] F2FS-fs (loop2): Start checkpoint disabled!
[  436.390475][ T9771] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  436.401243][ T9771] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  436.414435][   T30] audit: type=1800 audit(1773834898.026:513): pid=9771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.929" name="file1" dev="loop2" ino=10 res=0 errno=0
[  436.787642][ T9777] syz.2.929: attempt to access beyond end of device
[  436.787642][ T9777] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  436.803616][ T9777] syz.2.929: attempt to access beyond end of device
[  436.803616][ T9777] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  436.819539][ T9777] syz.2.929: attempt to access beyond end of device
[  436.819539][ T9777] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  436.833877][ T9777] syz.2.929: attempt to access beyond end of device
[  436.833877][ T9777] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  436.848346][ T9777] syz.2.929: attempt to access beyond end of device
[  436.848346][ T9777] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  436.863182][ T9777] syz.2.929: attempt to access beyond end of device
[  436.863182][ T9777] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  436.877648][ T9777] syz.2.929: attempt to access beyond end of device
[  436.877648][ T9777] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  436.892856][ T9777] syz.2.929: attempt to access beyond end of device
[  436.892856][ T9777] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  436.911292][ T9777] syz.2.929: attempt to access beyond end of device
[  436.911292][ T9777] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  436.928143][ T9777] syz.2.929: attempt to access beyond end of device
[  436.928143][ T9777] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  437.536721][  T155] CPU: 1 UID: 0 PID: 155 Comm: kworker/u8:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  437.536750][  T155] Tainted: [L]=SOFTLOCKUP
[  437.536755][  T155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  437.536765][  T155] Workqueue: writeback wb_workfn (flush-7:2)
[  437.536790][  T155] Call Trace:
[  437.536796][  T155]  <TASK>
[  437.536803][  T155]  dump_stack_lvl+0xe8/0x150
[  437.536830][  T155]  f2fs_handle_critical_error+0x37c/0x540
[  437.536857][  T155]  f2fs_write_end_io+0x1274/0x1740
[  437.536897][  T155]  __submit_merged_bio+0x256/0x700
[  437.536923][  T155]  __submit_merged_write_cond+0x3c9/0x4e0
[  437.536952][  T155]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  437.536994][  T155]  f2fs_write_data_pages+0x287e/0x34f0
[  437.537045][  T155]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  437.537082][  T155]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  437.537128][  T155]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  437.537167][  T155]  ? __lock_acquire+0x6b5/0x2cf0
[  437.537203][  T155]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  437.537222][  T155]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  437.537244][  T155]  do_writepages+0x32e/0x550
[  437.537271][  T155]  ? reacquire_held_locks+0x104/0x190
[  437.537287][  T155]  ? writeback_sb_inodes+0x477/0x1a20
[  437.537312][  T155]  __writeback_single_inode+0x133/0x11a0
[  437.537333][  T155]  ? do_raw_spin_unlock+0xf5/0x210
[  437.537356][  T155]  writeback_sb_inodes+0x992/0x1a20
[  437.537394][  T155]  ? __lock_acquire+0x6b5/0x2cf0
[  437.537422][  T155]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  437.537440][  T155]  ? do_raw_spin_lock+0x12b/0x2f0
[  437.537494][  T155]  ? rcu_is_watching+0x15/0xb0
[  437.537520][  T155]  wb_writeback+0x456/0xb70
[  437.537550][  T155]  ? queue_io+0x211/0x4a0
[  437.537576][  T155]  ? __pfx_wb_writeback+0x10/0x10
[  437.537593][  T155]  ? do_raw_spin_lock+0x12b/0x2f0
[  437.537628][  T155]  wb_workfn+0x414/0xf50
[  437.537646][  T155]  ? look_up_lock_class+0x57/0x110
[  437.537677][  T155]  ? __pfx_wb_workfn+0x10/0x10
[  437.537698][  T155]  ? do_raw_spin_lock+0x12b/0x2f0
[  437.537719][  T155]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  437.537758][  T155]  ? process_one_work+0x8bb/0x1780
[  437.537780][  T155]  process_one_work+0x9ab/0x1780
[  437.537823][  T155]  ? __pfx_process_one_work+0x10/0x10
[  437.537841][  T155]  ? do_raw_spin_lock+0x12b/0x2f0
[  437.537872][  T155]  worker_thread+0xba8/0x11e0
[  437.537893][  T155]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  437.537910][  T155]  ? __kthread_parkme+0x7a/0x1f0
[  437.537925][  T155]  ? __kthread_parkme+0x19c/0x1f0
[  437.537946][  T155]  kthread+0x388/0x470
[  437.537963][  T155]  ? __pfx_worker_thread+0x10/0x10
[  437.537976][  T155]  ? __pfx_kthread+0x10/0x10
[  437.538008][  T155]  ret_from_fork+0x51e/0xb90
[  437.538080][  T155]  ? __pfx_ret_from_fork+0x10/0x10
[  437.538099][  T155]  ? __switch_to+0xc7d/0x1450
[  437.538122][  T155]  ? __pfx_kthread+0x10/0x10
[  437.538141][  T155]  ret_from_fork_asm+0x1a/0x30
[  437.538173][  T155]  </TASK>
[  437.839774][  T155] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  438.475696][ T6836] lec:lec_start_xmit: lec0:No lecd attached
[  439.808349][ T9812] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode
[  439.823048][ T9812] mac80211_hwsim hwsim10 syzkaller0: entered allmulticast mode
[  439.844644][ T9813] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  440.133083][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  440.150168][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  441.468131][ T9829] ADFS-fs (loop1): error: unable to read block 3, try 0
[  442.239837][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  442.573100][   T30] audit: type=1326 audit(1773834904.186:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9831 comm="syz.0.942" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f57d079c799 code=0x0
[  442.613954][ T9834] syzkaller0: entered promiscuous mode
[  442.619862][ T9834] syzkaller0: entered allmulticast mode
[  443.398925][  T808] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  443.871282][  T808] usb 1-1: config 0 has no interfaces?
[  443.880119][  T808] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  443.890806][  T808] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  443.929402][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5450 ms
[  443.937463][    C1] lec:lec_tx_timeout: lec0
[  443.942239][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  443.977618][  T808] usb 1-1: Product: syz
[  444.003584][  T808] usb 1-1: Manufacturer: syz
[  444.034717][  T808] usb 1-1: config 0 descriptor??
[  445.545181][ T9856] syz.2.949 (9856): drop_caches: 2
[  445.828660][ T5963] usb 1-1: USB disconnect, device number 7
[  447.740381][ T9863] loop2: detected capacity change from 0 to 32768
[  448.330237][ T9863] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  448.442650][ T9876] loop5: detected capacity change from 0 to 256
[  448.492501][ T9863] XFS (loop2): Ending clean mount
[  448.506578][ T9863] XFS (loop2): Quotacheck needed: Please wait.
[  448.951513][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  448.959728][    C1] lec:lec_tx_timeout: lec0
[  449.304380][ T9886] loop3: detected capacity change from 0 to 1024
[  449.314768][ T9882] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  449.324072][ T9886] EXT4-fs: Ignoring removed bh option
[  449.344574][ T9876] netlink: 228 bytes leftover after parsing attributes in process `syz.5.953'.
[  449.382572][ T9863] XFS (loop2): Quotacheck: Done.
[  449.403266][ T5841] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  449.447745][ T9886] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  449.743039][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  449.937141][ T9900] loop3: detected capacity change from 0 to 1024
[  449.944855][ T9900] EXT4-fs: Ignoring removed orlov option
[  449.950644][ T9900] EXT4-fs: Ignoring removed mblk_io_submit option
[  450.543767][ T9900] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  450.552314][ T9900] System zones: 0-1, 3-12
[  450.557834][ T9900] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  451.031775][ T9895] loop0: detected capacity change from 0 to 4096
[  451.166797][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.179977][ T9895] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  452.413615][ T9920] syzkaller0: entered promiscuous mode
[  452.429409][ T9920] syzkaller0: entered allmulticast mode
[  452.965807][ T9924] overlayfs: failed to clone lowerpath
[  455.433258][ T9943] loop2: detected capacity change from 0 to 256
[  455.728626][ T9948] loop3: detected capacity change from 0 to 64
[  455.908001][ T9943] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  456.229392][ T9950] loop0: detected capacity change from 0 to 1024
[  456.248364][ T9950] EXT4-fs: Ignoring removed orlov option
[  456.248390][ T9950] EXT4-fs: Ignoring removed mblk_io_submit option
[  456.654080][ T9950] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  456.654909][ T9950] System zones: 0-1, 3-12
[  456.763116][ T9950] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  457.420807][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.750670][ T9969] 0: reclassify loop, rule prio 0, protocol 700
[  460.102687][ T9985] loop2: detected capacity change from 0 to 40427
[  460.113484][ T9985] F2FS-fs (loop2): invalid crc value
[  460.158248][ T9985] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  460.168852][ T9985] F2FS-fs (loop2): Start checkpoint disabled!
[  460.185996][ T9985] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  460.197910][ T9985] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  460.326196][   T30] audit: type=1800 audit(2000000007.119:515): pid=9985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.981" name="file1" dev="loop2" ino=10 res=0 errno=0
[  460.478187][ T9990] bio_check_eod: 105 callbacks suppressed
[  460.478228][ T9990] syz.2.981: attempt to access beyond end of device
[  460.478228][ T9990] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  460.509484][ T9990] syz.2.981: attempt to access beyond end of device
[  460.509484][ T9990] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  460.527773][ T9990] syz.2.981: attempt to access beyond end of device
[  460.527773][ T9990] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  460.546211][ T9990] syz.2.981: attempt to access beyond end of device
[  460.546211][ T9990] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  460.564729][ T9990] syz.2.981: attempt to access beyond end of device
[  460.564729][ T9990] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  460.587661][ T9990] syz.2.981: attempt to access beyond end of device
[  460.587661][ T9990] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  460.632889][ T9990] syz.2.981: attempt to access beyond end of device
[  460.632889][ T9990] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  460.649463][ T9990] syz.2.981: attempt to access beyond end of device
[  460.649463][ T9990] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  460.666408][ T9990] syz.2.981: attempt to access beyond end of device
[  460.666408][ T9990] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  460.683744][ T9990] syz.2.981: attempt to access beyond end of device
[  460.683744][ T9990] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  461.183232][ T1344] CPU: 1 UID: 0 PID: 1344 Comm: kworker/u8:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  461.183262][ T1344] Tainted: [L]=SOFTLOCKUP
[  461.183267][ T1344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  461.183276][ T1344] Workqueue: writeback wb_workfn (flush-7:2)
[  461.183302][ T1344] Call Trace:
[  461.183308][ T1344]  <TASK>
[  461.183316][ T1344]  dump_stack_lvl+0xe8/0x150
[  461.183341][ T1344]  f2fs_handle_critical_error+0x37c/0x540
[  461.183370][ T1344]  f2fs_write_end_io+0x1274/0x1740
[  461.183413][ T1344]  __submit_merged_bio+0x256/0x700
[  461.183440][ T1344]  __submit_merged_write_cond+0x3c9/0x4e0
[  461.183471][ T1344]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  461.183517][ T1344]  f2fs_write_data_pages+0x287e/0x34f0
[  461.183578][ T1344]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  461.183598][ T1344]  ? do_raw_spin_lock+0x12b/0x2f0
[  461.183665][ T1344]  ? finish_task_switch+0x41f/0xbe0
[  461.183686][ T1344]  ? lockdep_hardirqs_on+0x7a/0x110
[  461.183706][ T1344]  ? finish_task_switch+0x41f/0xbe0
[  461.183772][ T1344]  ? __lock_acquire+0x6b5/0x2cf0
[  461.183794][ T1344]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  461.183837][ T1344]  do_writepages+0x32e/0x550
[  461.183864][ T1344]  ? reacquire_held_locks+0x104/0x190
[  461.183878][ T1344]  ? writeback_sb_inodes+0x477/0x1a20
[  461.183895][ T1344]  ? preempt_schedule_thunk+0x16/0x30
[  461.183921][ T1344]  __writeback_single_inode+0x133/0x11a0
[  461.183949][ T1344]  writeback_sb_inodes+0x992/0x1a20
[  461.183999][ T1344]  ? finish_task_switch+0x41f/0xbe0
[  461.184027][ T1344]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  461.184045][ T1344]  ? do_raw_spin_lock+0x12b/0x2f0
[  461.184113][ T1344]  ? rcu_is_watching+0x15/0xb0
[  461.184141][ T1344]  wb_writeback+0x456/0xb70
[  461.184164][ T1344]  ? queue_io+0x211/0x4a0
[  461.184184][ T1344]  ? __pfx_wb_writeback+0x10/0x10
[  461.184194][ T1344]  ? do_raw_spin_lock+0x12b/0x2f0
[  461.184215][ T1344]  wb_workfn+0x414/0xf50
[  461.184227][ T1344]  ? look_up_lock_class+0x57/0x110
[  461.184246][ T1344]  ? __pfx_wb_workfn+0x10/0x10
[  461.184258][ T1344]  ? __pfx___schedule+0x10/0x10
[  461.184270][ T1344]  ? irqentry_exit+0x61a/0x700
[  461.184279][ T1344]  ? rcu_is_watching+0x15/0xb0
[  461.184297][ T1344]  ? preempt_schedule_thunk+0x16/0x30
[  461.184311][ T1344]  ? process_one_work+0x8bb/0x1780
[  461.184326][ T1344]  process_one_work+0x9ab/0x1780
[  461.184352][ T1344]  ? __pfx_process_one_work+0x10/0x10
[  461.184365][ T1344]  ? do_raw_spin_lock+0x12b/0x2f0
[  461.184386][ T1344]  worker_thread+0xba8/0x11e0
[  461.184400][ T1344]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  461.184412][ T1344]  ? __kthread_parkme+0x7a/0x1f0
[  461.184422][ T1344]  ? __kthread_parkme+0x19c/0x1f0
[  461.184435][ T1344]  kthread+0x388/0x470
[  461.184447][ T1344]  ? __pfx_worker_thread+0x10/0x10
[  461.184455][ T1344]  ? __pfx_kthread+0x10/0x10
[  461.184467][ T1344]  ret_from_fork+0x51e/0xb90
[  461.184482][ T1344]  ? __pfx_ret_from_fork+0x10/0x10
[  461.184495][ T1344]  ? __switch_to+0xc7d/0x1450
[  461.184510][ T1344]  ? __pfx_kthread+0x10/0x10
[  461.184522][ T1344]  ret_from_fork_asm+0x1a/0x30
[  461.184541][ T1344]  </TASK>
[  461.251557][ T1344] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  466.485165][T10041] loop5: detected capacity change from 0 to 512
[  466.514720][T10041] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  466.614777][T10041] EXT4-fs (loop5): 1 truncate cleaned up
[  466.622636][T10041] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  467.474714][T10041] netlink: 'syz.5.995': attribute type 10 has an invalid length.
[  467.545333][T10056] kAFS: unable to lookup cell '('
[  468.183180][T10057] kAFS: unable to lookup cell '(,c¾ûL'
[  468.265464][T10041] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  468.540003][ T6984] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  469.495003][T10090] mac80211_hwsim hwsim4 syzkaller0: left promiscuous mode
[  469.535199][T10090] mac80211_hwsim hwsim4 syzkaller0: left allmulticast mode
[  473.612359][T10114] loop2: detected capacity change from 0 to 32768
[  473.700482][T10114] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1014 (10114)
[  473.779996][T10114] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  473.790408][T10114] BTRFS info (device loop2): using crc32c checksum algorithm
[  473.798142][T10114] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  474.656694][T10114] BTRFS info (device loop2): rebuilding free space tree
[  474.733778][T10114] BTRFS info (device loop2): disabling free space tree
[  474.741849][T10114] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  474.752118][T10114] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  474.775995][T10114] BTRFS info (device loop2): enabling ssd optimizations
[  474.783117][T10114] BTRFS info (device loop2): turning on async discard
[  474.790163][T10114] BTRFS info (device loop2): enabling disk space caching
[  474.797830][T10114] BTRFS info (device loop2): force clearing of disk cache
[  474.805791][T10114] BTRFS info (device loop2): use zstd compression, level 3
[  476.541707][ T5841] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  477.050519][ T8914] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  477.085351][T10171] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1029'.
[  477.212838][T10174] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1029'.
[  477.253460][ T8914] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 959
[  477.294040][ T8914] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  477.336583][T10177] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1029'.
[  477.359126][ T8914] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  477.368341][T10177] 8021q: adding VLAN 0 to HW filter on device bond1
[  477.429192][ T8914] usb 1-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[  477.458927][ T8914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.503934][ T8914] usb 1-1: Product: syz
[  477.548322][ T8914] usb 1-1: Manufacturer: syz
[  477.571772][ T8914] usb 1-1: SerialNumber: syz
[  477.622469][ T8914] usb 1-1: config 0 descriptor??
[  477.634302][T10161] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  477.645997][T10174] bond1: (slave bridge2): Enslaving as an active interface with an up link
[  478.142842][T10161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  478.261545][T10161] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  478.312769][T10161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  478.368035][T10161] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  478.470686][T10161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  478.499935][T10161] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  478.602574][T10161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  478.615928][T10161] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  478.669481][ T8912] usb 1-1: USB disconnect, device number 8
[  478.844038][T10201] overlayfs: failed to clone upperpath
[  483.356410][T10236] loop2: detected capacity change from 0 to 1024
[  483.363938][T10236] EXT4-fs: Ignoring removed orlov option
[  483.369857][T10236] EXT4-fs: Ignoring removed mblk_io_submit option
[  483.402928][T10236] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  483.412352][T10236] System zones: 0-1, 3-12
[  483.441494][T10236] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  485.136764][T10266] /dev/nullb0: Can't open blockdev
[  485.238990][T10267] NILFS (nbd3): device size too small
[  485.723129][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  487.162592][T10284] loop0: detected capacity change from 0 to 256
[  487.384913][T10286] syzkaller0: entered promiscuous mode
[  487.396175][T10286] syzkaller0: entered allmulticast mode
[  489.339116][T10301] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode
[  489.375741][T10301] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode
[  489.492552][T10313] overlayfs: failed to clone lowerpath
[  489.506359][T10313] overlayfs: failed to clone upperpath
[  489.626354][T10316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1071'.
[  491.041690][T10332] netlink: 'syz.3.1077': attribute type 10 has an invalid length.
[  492.435239][T10332] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  492.829969][T10357] /dev/nullb0: Can't open blockdev
[  501.692779][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  501.700315][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  501.711095][ T1314] lec:lec_start_xmit: lec0:No lecd attached
[  506.529461][ T5963] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  506.759713][ T5963] usb 3-1: Using ep0 maxpacket: 8
[  506.818936][ T5963] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  506.884941][ T5963] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  506.889359][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5180 ms
[  506.904216][    C1] lec:lec_tx_timeout: lec0
[  506.911220][    C1] lec:lec_start_xmit: lec0:No lecd attached
[  506.939702][ T5963] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.132423][ T5963] usb 3-1: config 0 descriptor??
[  507.978439][ T5963] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  508.109003][ T5963] usb 3-1: USB disconnect, device number 5
[  508.273371][T10528] fuse: fd is not a fuse device
[  509.071784][T10534] loop0: detected capacity change from 0 to 8
[  509.918852][T10545] syzkaller0: entered promiscuous mode
[  509.929178][T10545] syzkaller0: entered allmulticast mode
[  510.788922][T10555] loop2: detected capacity change from 0 to 2048
[  511.929442][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  511.937599][    C1] lec:lec_tx_timeout: lec0
[  514.405262][T10561] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  514.615161][T10555] nilfs2: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ18446744073709551615ÿÿÿÿš@­LqE�:†‹� á艞Õt}²0ü�$‰'
[  515.231292][T10569] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  515.570566][T10573] loop2: detected capacity change from 0 to 2048
[  516.105253][T10573] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  516.382913][T10581] loop0: detected capacity change from 0 to 1024
[  516.390367][T10581] EXT4-fs: Ignoring removed orlov option
[  516.396212][T10581] EXT4-fs: Ignoring removed mblk_io_submit option
[  517.537187][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  517.899956][T10581] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  517.908231][T10581] System zones: 0-1, 3-12
[  517.915071][T10581] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  518.296123][T10594] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  518.336968][T10594] syzkaller0: entered promiscuous mode
[  518.494732][T10594] syzkaller0: entered allmulticast mode
[  518.512440][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  518.637888][T10603] tipc: Resetting bearer <eth:syzkaller0>
[  518.828015][T10593] tipc: Resetting bearer <eth:syzkaller0>
[  518.994327][T10593] tipc: Disabling bearer <eth:syzkaller0>
[  519.784491][T10622] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  525.592009][T10670] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1167'.
[  525.771008][T10686] loop3: detected capacity change from 0 to 256
[  526.110290][T10686] FAT-fs (loop3): invalid media value (0x59)
[  526.116412][T10686] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; no bootstrapping code
[  526.125983][T10686] FAT-fs (loop3): Can't find a valid FAT filesystem
[  526.856458][T10692] loop3: detected capacity change from 0 to 1024
[  526.864051][T10692] EXT4-fs: Ignoring removed orlov option
[  526.869817][T10692] EXT4-fs: Ignoring removed mblk_io_submit option
[  526.897803][T10692] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  526.907554][T10692] System zones: 0-1, 3-12
[  526.916034][T10692] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  527.129594][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  527.884545][ T5845] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  528.546251][T10717] loop2: detected capacity change from 0 to 512
[  528.572590][T10717] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  528.730149][T10717] EXT4-fs (loop2): 1 truncate cleaned up
[  528.786551][T10717] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  530.317266][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  531.976425][T10750] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] SMP KASAN PTI
[  531.989042][T10750] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
[  531.997794][T10750] CPU: 0 UID: 0 PID: 10750 Comm: syz.4.1190 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  532.008813][T10750] Tainted: [L]=SOFTLOCKUP
[  532.013206][T10750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  532.023515][T10750] RIP: 0010:fuse_opt_fd+0x49/0x220
[  532.028977][T10750] Code: 4c 8d bb 98 00 00 00 4c 89 f8 48 c1 e8 03 80 3c 28 00 74 08 4c 89 ff e8 c5 ee e4 fe 4d 8b 3f 4d 8d 66 48 4c 89 e0 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 e7 e8 a9 ee e4 fe 49 81 3c 24 80 28 09 8c
[  532.049315][T10750] RSP: 0018:ffffc9000389fa68 EFLAGS: 00010206
[  532.055562][T10750] RAX: 0000000000000009 RBX: ffff888031343400 RCX: 0000000000080000
[  532.055584][T10750] RDX: ffffc9000e062000 RSI: 0000000000000690 RDI: 0000000000000691
[  532.055596][T10750] RBP: dffffc0000000000 R08: ffffffff824b142a R09: ffffffff8e75d6a0
[  532.055607][T10750] R10: 0000000000000009 R11: 0000000000000002 R12: 0000000000000048
[  532.055616][T10750] R13: 0000000000000002 R14: 0000000000000000 R15: ffff8880351f9e80
[  532.055627][T10750] FS:  00007fd6b6b366c0(0000) GS:ffff888125435000(0000) knlGS:0000000000000000
[  532.105064][T10750] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  532.111639][T10750] CR2: 0000200000003000 CR3: 0000000020f9e000 CR4: 00000000003526f0
[  532.119610][T10750] Call Trace:
[  532.122968][T10750]  <TASK>
[  532.125966][T10750]  fuse_parse_param+0x69b/0xa80
[  532.130896][T10750]  ? __pfx_fuse_parse_param+0x10/0x10
[  532.136554][T10750]  ? static_key_count+0x41/0x70
[  532.141424][T10750]  vfs_parse_fs_param+0x1a9/0x420
[  532.146465][T10750]  vfs_parse_monolithic_sep+0x283/0x360
[  532.152030][T10750]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  532.158012][T10750]  ? __pfx_vfs_parse_monolithic_sep+0x10/0x10
[  532.164162][T10750]  ? alloc_fs_context+0x9e9/0xd50
[  532.169187][T10750]  do_new_mount+0x304/0xd30
[  532.173701][T10750]  ? apparmor_capable+0x126/0x170
[  532.178827][T10750]  ? security_capable+0x7e/0x2c0
[  532.183757][T10750]  ? __pfx_do_new_mount+0x10/0x10
[  532.189045][T10750]  ? ns_capable+0x89/0xe0
[  532.193389][T10750]  ? path_mount+0x690/0x10e0
[  532.197997][T10750]  ? user_path_at+0xd4/0x160
[  532.202591][T10750]  __se_sys_mount+0x31d/0x420
[  532.207273][T10750]  ? __pfx___se_sys_mount+0x10/0x10
[  532.212482][T10750]  ? __x64_sys_mount+0x20/0xc0
[  532.217230][T10750]  do_syscall_64+0x14d/0xf80
[  532.221808][T10750]  ? trace_irq_disable+0x3b/0x150
[  532.226842][T10750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.232986][T10750]  ? clear_bhb_loop+0x40/0x90
[  532.237690][T10750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.243571][T10750] RIP: 0033:0x7fd6b5b9c799
[  532.248016][T10750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  532.267660][T10750] RSP: 002b:00007fd6b6b36028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  532.276182][T10750] RAX: ffffffffffffffda RBX: 00007fd6b5e15fa0 RCX: 00007fd6b5b9c799
[  532.284233][T10750] RDX: 0000200000002100 RSI: 00002000000020c0 RDI: 0000000000000000
[  532.292194][T10750] RBP: 00007fd6b5c32c99 R08: 0000200000002140 R09: 0000000000000000
[  532.300241][T10750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  532.308284][T10750] R13: 00007fd6b5e16038 R14: 00007fd6b5e15fa0 R15: 00007ffcb7395ff8
[  532.316332][T10750]  </TASK>
[  532.319367][T10750] Modules linked in:
[  532.325006][T10750] ---[ end trace 0000000000000000 ]---
[  532.331906][T10750] RIP: 0010:fuse_opt_fd+0x49/0x220
[  532.337143][T10750] Code: 4c 8d bb 98 00 00 00 4c 89 f8 48 c1 e8 03 80 3c 28 00 74 08 4c 89 ff e8 c5 ee e4 fe 4d 8b 3f 4d 8d 66 48 4c 89 e0 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 e7 e8 a9 ee e4 fe 49 81 3c 24 80 28 09 8c
[  532.357449][T10750] RSP: 0018:ffffc9000389fa68 EFLAGS: 00010206
[  532.363569][T10750] RAX: 0000000000000009 RBX: ffff888031343400 RCX: 0000000000080000
[  532.371664][T10750] RDX: ffffc9000e062000 RSI: 0000000000000690 RDI: 0000000000000691
[  532.379735][T10750] RBP: dffffc0000000000 R08: ffffffff824b142a R09: ffffffff8e75d6a0
[  532.387807][T10750] R10: 0000000000000009 R11: 0000000000000002 R12: 0000000000000048
[  532.395814][T10750] R13: 0000000000000002 R14: 0000000000000000 R15: ffff8880351f9e80
[  532.403796][T10750] FS:  00007fd6b6b366c0(0000) GS:ffff888125435000(0000) knlGS:0000000000000000
[  532.412929][T10750] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  532.419755][T10750] CR2: 0000200000003000 CR3: 0000000020f9e000 CR4: 00000000003526f0
[  532.428012][T10750] Kernel panic - not syncing: Fatal exception
[  532.434441][T10750] Kernel Offset: disabled
[  532.438764][T10750] Rebooting in 86400 seconds..