last executing test programs:

14.975533394s ago: executing program 0 (id=521):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CT_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xf}}}, 0x78}}, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000140)=0x8, 0x4)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)

13.343285693s ago: executing program 0 (id=517):
socket$inet_mptcp(0x2, 0x1, 0x106)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbfs(0x0, 0x77, 0x101301)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040844)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000280)="5338a3", 0x3}], 0x1}}], 0x1, 0x20008000)
recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000200)=""/112, 0x70}], 0x1}, 0x123)
shutdown(r1, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000804)
socket$inet6(0xa, 0x80000, 0x7fffffff)

11.841479776s ago: executing program 0 (id=523):
timer_create(0x0, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x800, 0xa0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80084)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x0})

10.435046662s ago: executing program 1 (id=529):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x4600, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000880)={0x0, 0x2, 0x1, [0x1, 0xeb5b, 0x6, 0x3, 0x100000000], [0x1, 0x3, 0x4, 0x2ca, 0x4, 0x200, 0x5, 0x5631, 0x7, 0x5, 0xfffffffffffffff7, 0xaf, 0x100000001, 0x7, 0x6e0, 0x86e, 0x2, 0x4, 0x1, 0x2, 0xfffffffffffffff7, 0x7c, 0x8, 0x2ad6, 0x8, 0x157b84ad, 0x0, 0xa, 0x80000001, 0x9, 0x10001, 0xfffffffffffffff9, 0x5, 0x1, 0x1, 0x1, 0x1, 0x1, 0x4, 0x3, 0x8, 0x7, 0xb, 0x3, 0x0, 0x9, 0x10000, 0x1000, 0x2, 0x8, 0x64, 0x280000000000, 0x2, 0x4, 0x7, 0xa, 0x3, 0x8, 0x2, 0x0, 0xa0000000000, 0xfffffffffffffff5, 0x7, 0x3, 0x176, 0x15f, 0x0, 0x5, 0x5, 0xfc72, 0x9, 0x7, 0x7, 0x2, 0x6, 0x81, 0x2, 0x1, 0x10000000100, 0x0, 0x9, 0x2ce1, 0x7f, 0x8, 0xeab5, 0xffffffffffffffff, 0xf000000000000000, 0x6, 0x10001, 0x2b6, 0x1, 0x2e06ffea, 0x10001, 0xf2d5, 0xffffffffffffffff, 0x2b6b, 0x1, 0x4, 0x5ac, 0x7f95, 0xd13, 0x2c, 0x1ff, 0x1000, 0xd05, 0x1, 0x9e, 0x8000000000000000, 0x3, 0x0, 0x3, 0x5, 0xc, 0x6, 0x6281, 0x10, 0x7f, 0x7, 0x3, 0x3, 0x7]})
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$loop(&(0x7f0000000240), 0x6, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000280)={r3, 0x0, {0x0, 0x0, 0x0, 0x32, 0x4000000000001001, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0x3, 0x6]}})
pipe2$9p(0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)

6.940841813s ago: executing program 1 (id=534):
r0 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$kcm(0x2b, 0x1, 0x0)
close(r4)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000040)={0x1, {"40a568bf607c2094e9c6a0c0f550f7f8", "241e6a0b37e28869f574458eb6417d55", "a34d3bcc4817356e5c266b26fe399bde"}, 0x7, 0x4})

6.940502263s ago: executing program 3 (id=536):
inotify_init()
openat(0xffffffffffffff9c, 0x0, 0x68cd42, 0x4)
close(0xffffffffffffffff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000100)={0x3b, 0x0, '\x00', [@pad1]}, 0x10)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_io_uring_setup(0x2e47, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
bind$rxrpc(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

6.827400382s ago: executing program 4 (id=538):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060006"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r5 = accept(r2, 0x0, 0x0)
sendmsg$AUDIT_USER_AVC(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000007000000140001800500020001000000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8)

6.659440289s ago: executing program 3 (id=540):
socket(0xa, 0x3, 0xff)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4, 0x0, 0x0, 0x1b, "0062ba7d820700000000000000000000096304"})
r1 = syz_open_pts(r0, 0x80)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = dup3(r1, r0, 0x80000)
read(r0, &(0x7f00000005c0)=""/228, 0xe4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ff1000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff3000/0x1000)=nil, &(0x7f0000ff1000/0x1000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r3 = io_uring_setup(0x1c6c, &(0x7f0000000040)={0x0, 0xaebb, 0xd000, 0x20000a, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x800, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xe}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)
write$binfmt_script(r2, 0x0, 0x0)

6.015824891s ago: executing program 3 (id=541):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0xd, 0x8b, 0xd, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xe, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x4, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r7, {0x8}, {0xd5dfe8a8053da4f1}, {0xfff2, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xe, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x5, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1, 0x8}}}]}, 0x38}}, 0x0)

6.015545164s ago: executing program 2 (id=542):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_SIOCGIFADDR(r0, 0x8915, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000003040)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0xa5dfdbfd, {0x0, 0x0, 0x0, r3, {0xe, 0xfff3}, {0x0, 0xfff3}, {0xd, 0x10}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x1, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r4 = syz_io_uring_setup(0x49d, 0x0, 0x0, &(0x7f00000006c0)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, 0x0)
io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0)

5.920860336s ago: executing program 1 (id=543):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf1b04000000040010"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
socket$nl_route(0x10, 0x3, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={<r2=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, 0x2121, 0x0, {0x3}})
close(0x3)

5.754697847s ago: executing program 4 (id=544):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006300)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000777a078afbd825c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000db2100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cc2351270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r4, r2)
splice(r0, 0x0, r1, 0x0, 0x4ffe2, 0x0)

5.696547057s ago: executing program 0 (id=545):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

4.89166761s ago: executing program 3 (id=546):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_INPUT(r1, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964dee674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d110aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61b33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a7986cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03cfcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25afd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e5706000", 0x1000}}, 0x1006)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000040)=""/239, 0xef}], 0x1, 0xe, 0x79)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r3, &(0x7f0000000180)=""/83, 0x53)
membarrier(0x20, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

3.840454836s ago: executing program 0 (id=547):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x6c6882, 0x13d)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x9)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = landlock_create_ruleset(&(0x7f00000001c0)={0x2fbd, 0x1}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', r1, &(0x7f0000000000)='./file0\x00', 0x4)

3.654127757s ago: executing program 2 (id=548):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

3.40452682s ago: executing program 4 (id=549):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x20000000)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x7, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast, @null]})
ioctl$sock_rose_SIOCDELRT(r4, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@null, @default, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})

3.334870941s ago: executing program 2 (id=550):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000010901030000"], 0x14}}, 0x40000010)

3.272110658s ago: executing program 4 (id=551):
inotify_init()
openat(0xffffffffffffff9c, 0x0, 0x68cd42, 0x4)
close(0xffffffffffffffff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000100)={0x3b, 0x0, '\x00', [@pad1]}, 0x10)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_io_uring_setup(0x2e47, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
bind$rxrpc(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

3.271726804s ago: executing program 0 (id=552):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xff}]})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, &(0x7f0000000340)="41000000010001", 0x7)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a44000010400010902"], 0x0)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, 0x0)
bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000040)="05000000010000", 0x7)

3.095169805s ago: executing program 4 (id=553):
socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0x40000004}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000804)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {}, {0xd, 0xb}, {0xffe0, 0xd}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x9, 0xb, 0x4}}}}]}, 0x40}}, 0x4010004)
ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

2.566528335s ago: executing program 3 (id=554):
r0 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$kcm(0x2b, 0x1, 0x0)
close(r4)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000040)={0x1, {"40a568bf607c2094e9c6a0c0f550f7f8", "241e6a0b37e28869f574458eb6417d55", "a34d3bcc4817356e5c266b26fe399bde"}, 0x7, 0x4})

2.30404907s ago: executing program 2 (id=555):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x20000000)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@null, @default, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})

1.815844281s ago: executing program 1 (id=556):
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

1.694822006s ago: executing program 4 (id=557):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

1.694216588s ago: executing program 2 (id=567):
sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x20000000)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@null, @default, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})

1.563901702s ago: executing program 3 (id=558):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=@newqdisc={0x434, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r4, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x1, 0x9, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x4, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0x400, 0x1007fc, 0xffff8000, 0x6, 0x403, 0x9, 0x8, 0xffffe4f5, 0xd6, 0x4, 0xfffb, 0x7, 0x0, 0xfffff4f0, 0x9, 0x1, 0xfffffffc, 0x4, 0x1, 0x6f2151b1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x5, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x7fbffffe, 0x400, 0x8, 0xfffffa72, 0xcd, 0x4, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xf, 0x9, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x1, 0x1, 0x7, 0x40, 0x7, 0x12, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x7fffffff, 0xff, 0x9, 0xa7, 0xf, 0x1, 0x0, 0x3, 0x1001, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4f, 0xffffffff, 0x80000000, 0x1966f9ad, 0x200, 0x20200, 0xed5, 0xfffffc00, 0x6, 0x4, 0x8, 0x485e, 0xa85, 0x80000040, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0x2, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x5, 0xfffffc00, 0x5, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0xfffffffb, 0x1, 0x0, 0x3, 0x2, 0x5, 0x8, 0x3, 0x0, 0x800, 0x2, 0x8, 0x7ff, 0x1, 0x9, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x3, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x3, 0x8, 0x42ba, 0x4, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0xcd34, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0x40fff, 0x1ff, 0x8000, 0x3, 0x8, 0x80, 0x6, 0x9a6, 0xe4cb, 0x402, 0x1, 0x1ff, 0x5, 0x9b4, 0x1, 0x8, 0x0, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x901, 0x5, 0x2, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x6, 0x9fd, 0x10000006, 0x200, 0x2]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0xa}, {0x0, 0xfff1}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24008010}, 0x20000000)
r8 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="2703", 0x2}], 0x1}, 0x4)

1.484794992s ago: executing program 2 (id=559):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
write$tcp_congestion(r1, &(0x7f0000000180)='nv\x00', 0x3)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000777a078afbd825c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000db2100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cc2351270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r4, 0xffffffffffffffff)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)

765.708914ms ago: executing program 1 (id=560):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

0s ago: executing program 1 (id=561):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x20000000)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x7, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast, @null]})
ioctl$sock_rose_SIOCDELRT(r4, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@null, @default, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.28' (ED25519) to the list of known hosts.
[   62.990917][ T5830] cgroup: Unknown subsys name 'net'
[   63.144468][ T5830] cgroup: Unknown subsys name 'cpuset'
[   63.153972][ T5830] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   64.436636][ T5830] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   66.352793][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   66.368363][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   66.378845][ T5856] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   66.379704][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   66.387574][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   66.402226][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   66.403357][ T5856] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   66.412061][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   66.426033][ T5860] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   66.426957][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   66.433137][ T5856] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   66.433740][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   66.442082][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   66.448145][ T5860] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   66.454418][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   66.469850][ T5860] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   66.476306][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   66.483319][ T5860] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   66.490314][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   66.503825][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   66.512868][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   66.514585][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   66.528997][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   66.542894][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   66.550890][ T5857] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   67.024139][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   67.083191][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   67.214343][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   67.285191][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   67.352661][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.360173][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.367508][ T5843] bridge_slave_0: entered allmulticast mode
[   67.374877][ T5843] bridge_slave_0: entered promiscuous mode
[   67.424351][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.431696][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.438920][ T5843] bridge_slave_1: entered allmulticast mode
[   67.448918][ T5843] bridge_slave_1: entered promiscuous mode
[   67.473581][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.480794][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.488044][ T5842] bridge_slave_0: entered allmulticast mode
[   67.495120][ T5842] bridge_slave_0: entered promiscuous mode
[   67.532005][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.539244][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.546608][ T5842] bridge_slave_1: entered allmulticast mode
[   67.553659][ T5842] bridge_slave_1: entered promiscuous mode
[   67.560288][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   67.613410][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.627578][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.635352][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.642554][ T5846] bridge_slave_0: entered allmulticast mode
[   67.649650][ T5846] bridge_slave_0: entered promiscuous mode
[   67.682484][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.694380][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.713885][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.721078][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.728294][ T5846] bridge_slave_1: entered allmulticast mode
[   67.735758][ T5846] bridge_slave_1: entered promiscuous mode
[   67.754137][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.818426][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.825706][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.833464][ T5852] bridge_slave_0: entered allmulticast mode
[   67.840503][ T5852] bridge_slave_0: entered promiscuous mode
[   67.875062][ T5843] team0: Port device team_slave_0 added
[   67.880913][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.888236][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.895466][ T5852] bridge_slave_1: entered allmulticast mode
[   67.902848][ T5852] bridge_slave_1: entered promiscuous mode
[   67.912937][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.929170][ T5842] team0: Port device team_slave_0 added
[   67.937592][ T5843] team0: Port device team_slave_1 added
[   67.957775][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.978318][ T5842] team0: Port device team_slave_1 added
[   68.047563][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.067169][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.074654][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.082066][ T5844] bridge_slave_0: entered allmulticast mode
[   68.089439][ T5844] bridge_slave_0: entered promiscuous mode
[   68.107749][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.114971][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.141135][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.155226][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.166807][ T5846] team0: Port device team_slave_0 added
[   68.173134][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.180314][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.187587][ T5844] bridge_slave_1: entered allmulticast mode
[   68.196799][ T5844] bridge_slave_1: entered promiscuous mode
[   68.204666][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.211669][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.237585][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.250841][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.257822][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.283762][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.295646][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.302827][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.328862][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.352532][ T5846] team0: Port device team_slave_1 added
[   68.417342][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.430701][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.443219][ T5852] team0: Port device team_slave_0 added
[   68.460519][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.467857][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.493758][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.512112][ T5857] Bluetooth: hci1: command tx timeout
[   68.539855][ T5852] team0: Port device team_slave_1 added
[   68.556517][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.563731][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.589640][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.600647][ T5845] Bluetooth: hci2: command tx timeout
[   68.601704][ T5851] Bluetooth: hci3: command tx timeout
[   68.606668][ T5857] Bluetooth: hci4: command tx timeout
[   68.612145][ T5861] Bluetooth: hci0: command tx timeout
[   68.635465][ T5844] team0: Port device team_slave_0 added
[   68.682749][ T5843] hsr_slave_0: entered promiscuous mode
[   68.689660][ T5843] hsr_slave_1: entered promiscuous mode
[   68.698731][ T5844] team0: Port device team_slave_1 added
[   68.709278][ T5842] hsr_slave_0: entered promiscuous mode
[   68.715862][ T5842] hsr_slave_1: entered promiscuous mode
[   68.722174][ T5842] debugfs: 'hsr0' already exists in 'hsr'
[   68.727959][ T5842] Cannot create hsr debugfs directory
[   68.746358][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.753569][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.779893][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.793061][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.799991][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.825915][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.896671][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.903875][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   68.929821][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.958972][ T5846] hsr_slave_0: entered promiscuous mode
[   68.966044][ T5846] hsr_slave_1: entered promiscuous mode
[   68.972869][ T5846] debugfs: 'hsr0' already exists in 'hsr'
[   68.978619][ T5846] Cannot create hsr debugfs directory
[   68.996519][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.003519][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   69.029429][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.161945][ T5852] hsr_slave_0: entered promiscuous mode
[   69.168382][ T5852] hsr_slave_1: entered promiscuous mode
[   69.175639][ T5852] debugfs: 'hsr0' already exists in 'hsr'
[   69.181428][ T5852] Cannot create hsr debugfs directory
[   69.265509][ T5844] hsr_slave_0: entered promiscuous mode
[   69.272097][ T5844] hsr_slave_1: entered promiscuous mode
[   69.279065][ T5844] debugfs: 'hsr0' already exists in 'hsr'
[   69.285322][ T5844] Cannot create hsr debugfs directory
[   69.691251][ T5843] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   69.703544][ T5843] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   69.714565][ T5843] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   69.735656][ T5843] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   69.795013][ T5842] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   69.805891][ T5842] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   69.823021][ T5842] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   69.844184][ T5842] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   69.920838][ T5852] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.932413][ T5852] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.943842][ T5852] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.954720][ T5852] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   70.054879][ T5846] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   70.076568][ T5846] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   70.086471][ T5846] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   70.106532][ T5846] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   70.156139][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.240365][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[   70.254967][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   70.265100][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   70.279749][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   70.290386][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   70.318429][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.325798][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.347022][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.354154][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.446533][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.499213][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.519403][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[   70.567610][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.574786][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.591807][ T5861] Bluetooth: hci1: command tx timeout
[   70.626579][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.633771][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.646353][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   70.672980][ T5861] Bluetooth: hci0: command tx timeout
[   70.673000][ T5851] Bluetooth: hci3: command tx timeout
[   70.678392][ T5857] Bluetooth: hci4: command tx timeout
[   70.683856][ T5851] Bluetooth: hci2: command tx timeout
[   70.717252][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.728071][ T3551] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.735222][ T3551] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.744426][ T3551] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.751595][ T3551] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.801325][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   70.833122][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.840225][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.882813][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.900168][  T685] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.907295][  T685] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.942944][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.034054][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   71.060437][ T3551] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.067623][ T3551] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.120531][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.127763][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.158295][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   71.167542][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   71.269179][ T5843] veth0_vlan: entered promiscuous mode
[   71.327886][ T5843] veth1_vlan: entered promiscuous mode
[   71.356704][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.418959][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.507509][ T5843] veth0_macvtap: entered promiscuous mode
[   71.545937][ T5843] veth1_macvtap: entered promiscuous mode
[   71.570388][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.607880][ T5852] veth0_vlan: entered promiscuous mode
[   71.666336][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.702081][ T5852] veth1_vlan: entered promiscuous mode
[   71.716075][ T5842] veth0_vlan: entered promiscuous mode
[   71.727481][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.790031][ T5842] veth1_vlan: entered promiscuous mode
[   71.799185][  T685] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.820213][ T3579] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.832908][ T3579] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.848122][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.860973][   T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.960784][ T5852] veth0_macvtap: entered promiscuous mode
[   72.007643][ T5842] veth0_macvtap: entered promiscuous mode
[   72.028306][ T5852] veth1_macvtap: entered promiscuous mode
[   72.046574][ T5842] veth1_macvtap: entered promiscuous mode
[   72.080253][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.093565][ T5844] veth0_vlan: entered promiscuous mode
[   72.095367][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.100825][ T5846] veth0_vlan: entered promiscuous mode
[   72.125832][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.151168][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.183832][ T5846] veth1_vlan: entered promiscuous mode
[   72.197563][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.210668][ T5844] veth1_vlan: entered promiscuous mode
[   72.222504][  T685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.230205][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.238485][  T685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.239347][ T3579] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.255736][ T3579] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.267139][ T1100] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.280404][ T1100] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.327296][ T3579] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.336726][ T3579] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.358669][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   72.384368][ T3579] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.413476][ T3579] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.628013][ T5844] veth0_macvtap: entered promiscuous mode
[   72.649304][ T5844] veth1_macvtap: entered promiscuous mode
[   72.673509][ T5851] Bluetooth: hci1: command tx timeout
[   72.688033][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.712616][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.754761][ T5851] Bluetooth: hci4: command tx timeout
[   72.754865][ T5861] Bluetooth: hci3: command tx timeout
[   72.760451][ T5851] Bluetooth: hci2: command tx timeout
[   72.766177][ T5857] Bluetooth: hci0: command tx timeout
[   72.789980][  T685] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.797213][ T5846] veth0_macvtap: entered promiscuous mode
[   72.808432][  T685] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.816391][ T5846] veth1_macvtap: entered promiscuous mode
[   73.213443][ T3551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.277968][ T3551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.319189][ T3551] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.328358][ T3551] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.340783][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.346433][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.356002][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.362843][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.364146][ T3551] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.374130][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.388414][ T3551] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.545742][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.610492][ T3551] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.710601][ T3551] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.766809][ T3551] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.985350][ T3551] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.135390][ T3551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.158551][ T3551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.339826][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.542075][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.371476][ T5851] Bluetooth: hci1: command tx timeout
[   75.376937][ T5851] Bluetooth: hci2: command tx timeout
[   75.377701][ T5861] Bluetooth: hci3: command tx timeout
[   75.382409][ T5851] Bluetooth: hci0: command tx timeout
[   75.387707][ T5857] Bluetooth: hci4: command tx timeout
[   76.168321][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.211949][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.357598][ T5988] loop0: detected capacity change from 0 to 8
[   77.065101][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.161869][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.429899][   T30] audit: type=1326 audit(1773834831.663:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9959c799 code=0x7ffc0000
[   78.542036][   T30] audit: type=1326 audit(1773834831.703:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9959c799 code=0x7ffc0000
[   78.645732][ T6006] can: request_module (can-proto-5) failed.
[   78.675291][   T30] audit: type=1326 audit(1773834831.703:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4a9955cfce code=0x7ffc0000
[   78.682506][ T6011] loop0: detected capacity change from 0 to 1024
[   78.810346][   T30] audit: type=1326 audit(1773834831.703:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f4a9959da97 code=0x7ffc0000
[   78.928582][   T30] audit: type=1326 audit(1773834831.703:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4a9959c799 code=0x7ffc0000
[   79.000810][   T30] audit: type=1326 audit(1773834831.703:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f4a9959da97 code=0x7ffc0000
[   79.024334][   T30] audit: type=1326 audit(1773834831.703:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f4a9955cfce code=0x7ffc0000
[   79.026755][ T6011] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.047284][   T30] audit: type=1326 audit(1773834831.703:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9959c799 code=0x7ffc0000
[   79.087757][   T30] audit: type=1326 audit(1773834831.743:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9959c799 code=0x7ffc0000
[   79.309729][ T6022] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   79.762612][   T30] audit: type=1326 audit(1773834831.743:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6005 comm="syz.0.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4a9959c799 code=0x7ffc0000
[   79.893204][ T6006] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #11: comm syz.0.12: missing EA_INODE flag
[   79.984502][ T6006] EXT4-fs (loop0): Remounting filesystem read-only
[   80.118066][ T6006] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   80.122842][ T6027] Bluetooth: MGMT ver 1.23
[   80.211192][ T6028] random: crng reseeded on system resumption
[   80.661532][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[   80.870859][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.038656][ T6032] tipc: Started in network mode
[   81.063958][ T6032] tipc: Node identity 62d6dbdadf4c, cluster identity 4711
[   81.150275][ T6032] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   81.268987][ T6038] syzkaller0: entered promiscuous mode
[   81.399154][ T6038] syzkaller0: entered allmulticast mode
[   81.453990][   T55] cfg80211: failed to load regulatory.db
[   81.733353][ T6038] tipc: Resetting bearer <eth:syzkaller0>
[   82.329972][   T24] tipc: Node number set to 3181042650
[   82.469036][ T6031] tipc: Resetting bearer <eth:syzkaller0>
[   82.613231][ T6031] tipc: Disabling bearer <eth:syzkaller0>
[   88.430440][ T6091] loop1: detected capacity change from 0 to 8
[   88.705392][ T6091] SQUASHFS error: lzo decompression failed, data probably corrupt
[   88.723043][ T6091] SQUASHFS error: Failed to read block 0x91: -5
[   88.731027][ T6091] SQUASHFS error: Unable to read metadata cache entry [8f]
[   88.746695][ T6091] SQUASHFS error: Unable to read inode 0x11f
[   89.384220][ T6091] Zero length message leads to an empty skb
[   89.505731][ T6100] capability: warning: `syz.3.36' uses deprecated v2 capabilities in a way that may be insecure
[   89.553630][ T6104] faux_driver vkms: [drm] Unknown color mode 7; guessing buffer size.
[   89.572722][ T6100] capability: warning: `syz.3.36' uses 32-bit capabilities (legacy support in use)
[   89.730338][ T6100] netlink: 996 bytes leftover after parsing attributes in process `syz.3.36'.
[   89.755010][ T6100] mmap: syz.3.36 (6100) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   93.307709][ T6143] =======================================================
[   93.307709][ T6143] WARNING: The mand mount option has been deprecated and
[   93.307709][ T6143]          and is ignored by this kernel. Remove the mand
[   93.307709][ T6143]          option from the mount to silence this warning.
[   93.307709][ T6143] =======================================================
[   93.350939][ T6143] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[   93.362941][ T6143] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[   93.373292][ T6143] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[   93.380959][ T6143] UDF-fs: Scanning with blocksize 512 failed
[   93.392966][ T6143] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[   93.403569][ T6143] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[   93.413199][ T6143] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[   93.420860][ T6143] UDF-fs: Scanning with blocksize 1024 failed
[   93.431183][ T6143] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[   93.441590][ T6143] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[   93.451636][ T6143] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[   93.459328][ T6143] UDF-fs: Scanning with blocksize 2048 failed
[   93.468968][ T6143] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[   93.479600][ T6143] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[   93.489263][ T6143] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[   93.496967][ T6143] UDF-fs: Scanning with blocksize 4096 failed
[   93.503075][ T6143] UDF-fs: warning (device loop4): udf_fill_super: No partition found (1)
[   95.189752][ T6165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   95.399188][ T6164] netlink: 10 bytes leftover after parsing attributes in process `syz.2.54'.
[   95.598588][ T6167] loop4: detected capacity change from 0 to 32768
[   96.481047][   T55] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   96.502142][ T6173] syzkaller0: entered promiscuous mode
[   96.511202][ T6173] syzkaller0: entered allmulticast mode
[   96.539872][   T55] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   96.738920][ T6177] loop0: detected capacity change from 0 to 2048
[   96.861811][ T6177] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   97.318136][ T6181] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   98.123155][ T6183] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   98.130857][ T6183] IPv6: NLM_F_CREATE should be set when creating new route
[   98.143373][ T6179] fido_id[6179]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   99.836872][ T6186] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.844961][ T6186] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.915091][ T6207] tmpfs: Invalid gid '0x00000000ffffffff'
[  100.767875][ T6211] loop3: detected capacity change from 0 to 1024
[  100.797332][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  100.830318][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.032204][ T6211] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  101.097232][ T6211] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  102.029912][ T1177] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.454370][  T685] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.509058][  T685] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.548478][ T6223] loop2: detected capacity change from 0 to 256
[  102.564451][ T1177] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.599854][ T6223] FAT-fs (loop2): invalid media value (0x2f)
[  102.619846][ T6223] FAT-fs (loop2): Can't find a valid FAT filesystem
[  102.795044][ T6224] EXT4-fs error (device loop3): ext4_map_blocks:821: inode #15: comm syz.3.64: lblock 0 mapped to illegal pblock 0 (length 4)
[  103.701610][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  103.797214][ T6224] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 117
[  103.932466][ T6224] EXT4-fs (loop3): This should not happen!! Data will be lost
[  103.932466][ T6224] 
[  104.095801][  T685] EXT4-fs error (device loop3): ext4_map_blocks:821: inode #15: block 4: comm kworker/u8:6: lblock 4 mapped to illegal pblock 4 (length 2)
[  104.145213][  T685] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2 with error 117
[  104.157693][  T685] EXT4-fs (loop3): This should not happen!! Data will be lost
[  104.157693][  T685] 
[  104.174699][  T685] EXT4-fs error (device loop3): ext4_map_blocks:821: inode #15: block 8: comm kworker/u8:6: lblock 8 mapped to illegal pblock 8 (length 8)
[  104.190944][  T685] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  104.228610][  T685] EXT4-fs (loop3): This should not happen!! Data will be lost
[  104.228610][  T685] 
[  105.066299][ T5843] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  105.851752][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  105.885773][ T6251] loop3: detected capacity change from 0 to 131072
[  106.432191][ T6251] F2FS-fs (loop3): Invalid log sectorsize (67108873)
[  106.439346][ T6251] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  106.449381][ T6251] F2FS-fs (loop3): invalid crc value
[  106.775921][ T6251] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  106.835947][ T6251] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  106.843134][ T6251] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  107.774161][ T6251] vivid-002: =================  START STATUS  =================
[  107.781995][ T6251] vivid-002: Radio HW Seek Mode: Bounded
[  107.788073][ T6251] vivid-002: Radio Programmable HW Seek: false
[  107.794308][ T6251] vivid-002: RDS Rx I/O Mode: Block I/O
[  107.800696][ T6251] vivid-002: Generate RBDS Instead of RDS: false
[  107.807046][ T6251] vivid-002: RDS Reception: true
[  107.812159][ T6251] vivid-002: RDS Program Type: 0 inactive
[  107.817867][ T6251] vivid-002: RDS PS Name:  inactive
[  107.823069][ T6251] vivid-002: RDS Radio Text:  inactive
[  107.828514][ T6251] vivid-002: RDS Traffic Announcement: false inactive
[  107.835269][ T6251] vivid-002: RDS Traffic Program: false inactive
[  107.841611][ T6251] vivid-002: RDS Music: false inactive
[  107.847085][ T6251] vivid-002: ==================  END STATUS  ==================
[  108.833555][ T6275] warning: `syz.0.78' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  108.894149][ T6275] netlink: 'syz.0.78': attribute type 10 has an invalid length.
[  109.028512][ T6275] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  111.704833][ T6298] netlink: 'syz.3.80': attribute type 1 has an invalid length.
[  115.466133][ T6332] ADFS-fs (loop1): error: unable to read block 3, try 0
[  118.530616][ T6353] fuse: Bad value for 'fd'
[  118.605527][ T6360] netlink: 'syz.3.101': attribute type 1 has an invalid length.
[  119.061466][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  119.980868][ T5949] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  120.150596][ T6361] bond1: (slave gretap1): making interface the new active one
[  120.171441][ T5949] usb 3-1: Using ep0 maxpacket: 32
[  120.184332][ T6361] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  120.214499][ T5949] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  120.244450][ T5949] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  120.279808][ T6366] vlan2: entered allmulticast mode
[  120.288799][ T5949] usb 3-1: config 0 interface 0 has no altsetting 0
[  120.302812][ T6366] bond1: entered allmulticast mode
[  120.313663][ T5949] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  120.330413][ T6366] gretap1: entered allmulticast mode
[  120.338360][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.353608][ T5949] usb 3-1: Product: syz
[  120.365711][ T6366] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  120.383147][ T5949] usb 3-1: Manufacturer: syz
[  120.393635][ T5949] usb 3-1: SerialNumber: syz
[  120.425153][ T5949] usb 3-1: config 0 descriptor??
[  120.583263][ T6376] ADFS-fs (loop3): error: unable to read block 3, try 0
[  121.106816][ T5949] usb 3-1: can't set config #0, error -71
[  121.136821][ T5949] usb 3-1: USB disconnect, device number 2
[  122.261952][ T6401] loop3: detected capacity change from 0 to 32768
[  122.279055][ T6401] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.114 (6401)
[  122.336310][ T6401] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  122.346919][ T6401] BTRFS info (device loop3): using sha256 checksum algorithm
[  122.745481][ T6401] BTRFS info (device loop3): enabling ssd optimizations
[  122.752906][ T6401] BTRFS info (device loop3): turning on async discard
[  122.759654][ T6401] BTRFS info (device loop3): enabling free space tree
[  123.702405][ T5843] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  123.805700][ T6427] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  124.530537][ T6439] netlink: 'syz.2.122': attribute type 1 has an invalid length.
[  124.644133][ T6442] xt_ecn: cannot match TCP bits for non-tcp packets
[  125.541815][ T6443] vlan2: entered allmulticast mode
[  125.547028][ T6443] bond1: entered allmulticast mode
[  126.083901][ T6454] loop3: detected capacity change from 0 to 1024
[  126.147299][ T6454] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.222473][ T6454] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  126.655956][ T6464] process 'syz.0.127' launched './file0' with NULL argv: empty string added
[  127.186178][ T6466] syzkaller0: entered promiscuous mode
[  127.201696][ T6466] syzkaller0: entered allmulticast mode
[  128.075154][ T6459] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  128.513428][ T6474] tipc: Started in network mode
[  128.520469][ T6474] tipc: Node identity , cluster identity 4711
[  128.536027][  T135] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 16 with error 117
[  129.042975][  T135] EXT4-fs (loop3): This should not happen!! Data will be lost
[  129.042975][  T135] 
[  129.146697][   T13] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 36 with error 117
[  129.220275][   T13] EXT4-fs (loop3): This should not happen!! Data will be lost
[  129.220275][   T13] 
[  129.293414][ T6485] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[6485]
[  129.678476][ T5843] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  129.711430][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  129.828051][ T6487] loop2: detected capacity change from 0 to 32768
[  130.824428][ T6500] binder: 6499:6500 ioctl c0306201 2000000001c0 returned -14
[  130.867203][ T6500] netlink: 16 bytes leftover after parsing attributes in process `syz.3.139'.
[  132.597483][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  132.607116][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  132.928709][ T6527] bridge0: entered promiscuous mode
[  133.338893][ T6528] futex_wake_op: syz.2.140 tries to shift op by -1; fix this program
[  135.949222][ T6550] loop1: detected capacity change from 0 to 32768
[  140.809811][ T6572] loop0: detected capacity change from 0 to 512
[  140.898874][ T6572] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.021579][ T6572] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.101463][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  142.961642][ T6577] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  143.978990][ T6604] loop2: detected capacity change from 0 to 2048
[  144.082270][ T6604] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  144.338345][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.537015][ T6607] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  145.368304][ T6614] syzkaller0: entered promiscuous mode
[  145.426155][ T6614] syzkaller0: entered allmulticast mode
[  147.490225][ T6654] loop1: detected capacity change from 0 to 512
[  147.572022][ T6654] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.585078][ T6654] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  149.371660][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  150.593455][ T6675] netlink: 'syz.2.180': attribute type 21 has an invalid length.
[  150.602064][ T6675] netlink: 'syz.2.180': attribute type 6 has an invalid length.
[  150.609736][ T6675] netlink: 132 bytes leftover after parsing attributes in process `syz.2.180'.
[  151.119569][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.025749][ T6696] tipc: Started in network mode
[  154.051227][ T6696] tipc: Node identity f2d74f30934, cluster identity 4711
[  154.092387][ T6696] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  154.116097][ T6704] syzkaller0: entered promiscuous mode
[  154.140066][ T6704] syzkaller0: entered allmulticast mode
[  154.231650][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  154.274333][ T6707] tipc: Started in network mode
[  154.279334][ T6707] tipc: Node identity 080211000001, cluster identity 4711
[  154.291412][ T6707] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  154.300977][ T6696] tipc: Resetting bearer <eth:syzkaller0>
[  154.317802][ T6696] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  154.451395][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  154.591568][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  154.731390][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  154.871389][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  154.951527][ T6706] mac80211_hwsim hwsim9 syzkaller0: entered promiscuous mode
[  155.011403][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  155.298530][ T6706] mac80211_hwsim hwsim9 syzkaller0: entered allmulticast mode
[  155.320397][ T5968] tipc: Node number set to 1637306160
[  155.424335][ T6694] tipc: Resetting bearer <eth:syzkaller0>
[  155.558472][ T6694] tipc: Disabling bearer <eth:syzkaller0>
[  155.682408][ T5961] tipc: Node number set to 134418688
[  155.729956][ T6707] tipc: Resetting bearer <eth:syzkaller0>
[  156.084009][ T6727] loop0: detected capacity change from 0 to 40427
[  156.153495][ T6727] F2FS-fs (loop0): invalid crc value
[  156.230408][ T6727] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  156.245076][ T6727] F2FS-fs (loop0): Start checkpoint disabled!
[  156.265303][ T6727] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  156.274669][ T6727] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  156.411432][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  156.411446][   T30] audit: type=1800 audit(1773834909.563:29): pid=6727 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.206" name="file1" dev="loop0" ino=10 res=0 errno=0
[  156.770688][ T6736] syz.0.206: attempt to access beyond end of device
[  156.770688][ T6736] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  156.786272][ T6736] syz.0.206: attempt to access beyond end of device
[  156.786272][ T6736] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  156.801606][ T6736] syz.0.206: attempt to access beyond end of device
[  156.801606][ T6736] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  156.815650][ T6736] syz.0.206: attempt to access beyond end of device
[  156.815650][ T6736] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  156.829814][ T6736] syz.0.206: attempt to access beyond end of device
[  156.829814][ T6736] loop0: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  156.844317][ T6736] syz.0.206: attempt to access beyond end of device
[  156.844317][ T6736] loop0: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  156.859201][ T6736] syz.0.206: attempt to access beyond end of device
[  156.859201][ T6736] loop0: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  156.873234][ T6736] syz.0.206: attempt to access beyond end of device
[  156.873234][ T6736] loop0: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  156.887248][ T6736] syz.0.206: attempt to access beyond end of device
[  156.887248][ T6736] loop0: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  156.908761][ T6736] syz.0.206: attempt to access beyond end of device
[  156.908761][ T6736] loop0: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  157.783079][ T3551] CPU: 1 UID: 0 PID: 3551 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  157.783106][ T3551] Tainted: [L]=SOFTLOCKUP
[  157.783111][ T3551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  157.783119][ T3551] Workqueue: writeback wb_workfn (flush-7:0)
[  157.783152][ T3551] Call Trace:
[  157.783161][ T3551]  <TASK>
[  157.783169][ T3551]  dump_stack_lvl+0xe8/0x150
[  157.783193][ T3551]  f2fs_handle_critical_error+0x37c/0x540
[  157.783219][ T3551]  f2fs_write_end_io+0x1274/0x1740
[  157.783259][ T3551]  __submit_merged_bio+0x256/0x700
[  157.783284][ T3551]  __submit_merged_write_cond+0x3c9/0x4e0
[  157.783312][ T3551]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  157.783360][ T3551]  f2fs_write_data_pages+0x287e/0x34f0
[  157.783379][ T3551]  ? unwind_next_frame+0xa5/0x23c0
[  157.783394][ T3551]  ? lock_release+0x4b/0x3d0
[  157.783446][ T3551]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.783479][ T3551]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  157.783525][ T3551]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  157.783566][ T3551]  ? __lock_acquire+0x6b5/0x2cf0
[  157.783599][ T3551]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  157.783617][ T3551]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.783639][ T3551]  do_writepages+0x32e/0x550
[  157.783664][ T3551]  ? reacquire_held_locks+0x104/0x190
[  157.783680][ T3551]  ? writeback_sb_inodes+0x477/0x1a20
[  157.783704][ T3551]  __writeback_single_inode+0x133/0x11a0
[  157.783724][ T3551]  ? do_raw_spin_unlock+0xf5/0x210
[  157.783749][ T3551]  writeback_sb_inodes+0x992/0x1a20
[  157.783787][ T3551]  ? __lock_acquire+0x6b5/0x2cf0
[  157.783812][ T3551]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  157.783829][ T3551]  ? do_raw_spin_lock+0x12b/0x2f0
[  157.783882][ T3551]  ? rcu_is_watching+0x15/0xb0
[  157.783907][ T3551]  wb_writeback+0x456/0xb70
[  157.783928][ T3551]  ? queue_io+0x211/0x4a0
[  157.783954][ T3551]  ? __pfx_wb_writeback+0x10/0x10
[  157.783970][ T3551]  ? do_raw_spin_lock+0x12b/0x2f0
[  157.784004][ T3551]  wb_workfn+0x414/0xf50
[  157.784022][ T3551]  ? look_up_lock_class+0x57/0x110
[  157.784052][ T3551]  ? __pfx_wb_workfn+0x10/0x10
[  157.784072][ T3551]  ? do_raw_spin_lock+0x12b/0x2f0
[  157.784092][ T3551]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  157.784131][ T3551]  ? process_one_work+0x8bb/0x1780
[  157.784150][ T3551]  process_one_work+0x9ab/0x1780
[  157.784191][ T3551]  ? __pfx_process_one_work+0x10/0x10
[  157.784209][ T3551]  ? do_raw_spin_lock+0x12b/0x2f0
[  157.784243][ T3551]  worker_thread+0xba8/0x11e0
[  157.784282][ T3551]  kthread+0x388/0x470
[  157.784300][ T3551]  ? __pfx_worker_thread+0x10/0x10
[  157.784313][ T3551]  ? __pfx_kthread+0x10/0x10
[  157.784337][ T3551]  ret_from_fork+0x51e/0xb90
[  157.784361][ T3551]  ? __pfx_ret_from_fork+0x10/0x10
[  157.784379][ T3551]  ? __switch_to+0xc7d/0x1450
[  157.784402][ T3551]  ? __pfx_kthread+0x10/0x10
[  157.784421][ T3551]  ret_from_fork_asm+0x1a/0x30
[  157.784452][ T3551]  </TASK>
[  158.075036][ T3551] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  159.859022][ T6750] loop2: detected capacity change from 0 to 1024
[  161.054824][ T6748] hfsplus: b-tree write err: -5, ino 2
[  161.072124][ T6748] hfsplus: trying to free free bnode 0(1)
[  161.078715][ T6748] hfsplus: b-tree write err: -5, ino 2
[  161.822481][ T3515] hfsplus: b-tree write err: -5, ino 25
[  161.838428][ T3515] hfsplus: b-tree write err: -5, ino 4
[  161.850707][ T3515] hfsplus: b-tree write err: -5, ino 2
[  161.873874][ T3515] hfsplus: b-tree write err: -5, ino 26
[  162.623814][ T6765] syz.1.204 (6765): drop_caches: 2
[  166.527112][ T6799] netlink: 'syz.4.214': attribute type 1 has an invalid length.
[  166.711932][ T6802] netlink: 20 bytes leftover after parsing attributes in process `syz.4.214'.
[  166.896235][ T6802] bond1: (slave bridge1): making interface the new active one
[  166.911204][ T6802] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  167.546630][ T6799] netlink: 28 bytes leftover after parsing attributes in process `syz.4.214'.
[  167.574806][ T6799] 8021q: adding VLAN 0 to HW filter on device bond1
[  167.781438][ T6816] syzkaller0: entered promiscuous mode
[  167.795226][ T6816] syzkaller0: entered allmulticast mode
[  167.802106][ T6818] netlink: 12 bytes leftover after parsing attributes in process `syz.3.219'.
[  167.823278][ T6816] 0: reclassify loop, rule prio 0, protocol 800
[  167.830876][ T6820] loop2: detected capacity change from 0 to 256
[  167.947609][ T6825] netlink: 20 bytes leftover after parsing attributes in process `syz.3.219'.
[  168.361969][ T6818] netlink: 28 bytes leftover after parsing attributes in process `syz.3.219'.
[  168.372863][ T6820] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  168.426304][ T6825] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  168.483410][ T6820] netlink: 228 bytes leftover after parsing attributes in process `syz.2.221'.
[  168.497391][ T6818] 8021q: adding VLAN 0 to HW filter on device bond2
[  170.134399][ T6844] syz.0.224 (6844): drop_caches: 2
[  172.381013][ T6867] loop0: detected capacity change from 0 to 32768
[  172.426631][ T6867] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  172.462930][ T6867] XFS (loop0): Ending clean mount
[  172.474802][ T6867] XFS (loop0): Quotacheck needed: Please wait.
[  172.495488][ T6868] loop2: detected capacity change from 0 to 4096
[  172.528076][ T6867] XFS (loop0): Quotacheck: Done.
[  173.086074][ T6868] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  173.634832][ T5852] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  174.490164][ T6906] loop2: detected capacity change from 0 to 32768
[  174.501164][ T6906] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.242 (6906)
[  174.537434][ T6906] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  174.547611][ T6906] BTRFS info (device loop2): using crc32c checksum algorithm
[  174.555226][ T6906] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  175.377815][ T6906] BTRFS info (device loop2): rebuilding free space tree
[  175.410446][ T6906] BTRFS info (device loop2): disabling free space tree
[  175.417585][ T6906] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  175.427596][ T6906] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  175.448015][ T6906] BTRFS info (device loop2): enabling ssd optimizations
[  175.455029][ T6906] BTRFS info (device loop2): turning on async discard
[  175.461861][ T6906] BTRFS info (device loop2): enabling disk space caching
[  175.468916][ T6906] BTRFS info (device loop2): force clearing of disk cache
[  175.476466][ T6906] BTRFS info (device loop2): use zstd compression, level 3
[  176.071405][ T5925] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  176.536918][ T6948] fuse: fd is not a fuse device
[  176.573885][ T5925] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 959
[  176.618448][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  176.647806][ T5925] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  176.673736][ T5844] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  176.691611][ T5925] usb 2-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[  176.715867][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.726591][ T5925] usb 2-1: Product: syz
[  176.767633][ T5925] usb 2-1: Manufacturer: syz
[  176.789563][ T5925] usb 2-1: SerialNumber: syz
[  177.317682][ T5925] usb 2-1: config 0 descriptor??
[  177.827364][ T6942] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  178.256758][ T6963] loop2: detected capacity change from 0 to 40427
[  178.789900][ T6963] F2FS-fs (loop2): invalid crc value
[  178.828107][ T6963] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  178.848177][ T6963] F2FS-fs (loop2): Start checkpoint disabled!
[  178.858908][ T6963] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  178.869248][ T6963] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  178.895494][   T30] audit: type=1800 audit(2000000005.470:30): pid=6963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.252" name="file1" dev="loop2" ino=10 res=0 errno=0
[  179.210989][ T6973] bio_check_eod: 176 callbacks suppressed
[  179.211022][ T6973] syz.2.252: attempt to access beyond end of device
[  179.211022][ T6973] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  179.233221][ T6973] syz.2.252: attempt to access beyond end of device
[  179.233221][ T6973] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  179.249136][ T6973] syz.2.252: attempt to access beyond end of device
[  179.249136][ T6973] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  179.265214][ T6973] syz.2.252: attempt to access beyond end of device
[  179.265214][ T6973] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  179.281882][ T6973] syz.2.252: attempt to access beyond end of device
[  179.281882][ T6973] loop2: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  179.298419][ T6973] syz.2.252: attempt to access beyond end of device
[  179.298419][ T6973] loop2: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  179.333480][ T6973] syz.2.252: attempt to access beyond end of device
[  179.333480][ T6973] loop2: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  179.349418][ T6973] syz.2.252: attempt to access beyond end of device
[  179.349418][ T6973] loop2: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  179.365302][ T6973] syz.2.252: attempt to access beyond end of device
[  179.365302][ T6973] loop2: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  179.382136][ T6973] syz.2.252: attempt to access beyond end of device
[  179.382136][ T6973] loop2: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  179.552816][ T5968] usb 2-1: USB disconnect, device number 2
[  180.122609][ T3515] CPU: 1 UID: 0 PID: 3515 Comm: kworker/u8:10 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  180.122637][ T3515] Tainted: [L]=SOFTLOCKUP
[  180.122642][ T3515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  180.122651][ T3515] Workqueue: writeback wb_workfn (flush-7:2)
[  180.122676][ T3515] Call Trace:
[  180.122683][ T3515]  <TASK>
[  180.122689][ T3515]  dump_stack_lvl+0xe8/0x150
[  180.122714][ T3515]  f2fs_handle_critical_error+0x37c/0x540
[  180.122740][ T3515]  f2fs_write_end_io+0x1274/0x1740
[  180.122780][ T3515]  __submit_merged_bio+0x256/0x700
[  180.122806][ T3515]  __submit_merged_write_cond+0x3c9/0x4e0
[  180.122833][ T3515]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  180.122875][ T3515]  f2fs_write_data_pages+0x287e/0x34f0
[  180.122928][ T3515]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  180.122947][ T3515]  ? cfg80211_inform_single_bss_data+0x13c6/0x1b70
[  180.123017][ T3515]  ? __lock_acquire+0x6b5/0x2cf0
[  180.123054][ T3515]  ? unwind_next_frame+0xa5/0x23c0
[  180.123090][ T3515]  ? unwind_next_frame+0xa5/0x23c0
[  180.123104][ T3515]  ? unwind_next_frame+0x1aaf/0x23c0
[  180.123120][ T3515]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  180.123142][ T3515]  do_writepages+0x32e/0x550
[  180.123168][ T3515]  ? reacquire_held_locks+0x104/0x190
[  180.123184][ T3515]  ? writeback_sb_inodes+0x477/0x1a20
[  180.123208][ T3515]  __writeback_single_inode+0x133/0x11a0
[  180.123228][ T3515]  ? do_raw_spin_unlock+0xf5/0x210
[  180.123251][ T3515]  writeback_sb_inodes+0x992/0x1a20
[  180.123296][ T3515]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  180.123313][ T3515]  ? do_raw_spin_lock+0x12b/0x2f0
[  180.123368][ T3515]  ? rcu_is_watching+0x15/0xb0
[  180.123392][ T3515]  wb_writeback+0x456/0xb70
[  180.123414][ T3515]  ? queue_io+0x211/0x4a0
[  180.123440][ T3515]  ? __pfx_wb_writeback+0x10/0x10
[  180.123456][ T3515]  ? do_raw_spin_lock+0x12b/0x2f0
[  180.123489][ T3515]  wb_workfn+0x414/0xf50
[  180.123508][ T3515]  ? look_up_lock_class+0x57/0x110
[  180.123541][ T3515]  ? __pfx_wb_workfn+0x10/0x10
[  180.123563][ T3515]  ? do_raw_spin_unlock+0xf5/0x210
[  180.123584][ T3515]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  180.123618][ T3515]  ? process_one_work+0x8bb/0x1780
[  180.123638][ T3515]  process_one_work+0x9ab/0x1780
[  180.123677][ T3515]  ? __pfx_process_one_work+0x10/0x10
[  180.123696][ T3515]  ? do_raw_spin_lock+0x12b/0x2f0
[  180.123730][ T3515]  worker_thread+0xba8/0x11e0
[  180.123769][ T3515]  kthread+0x388/0x470
[  180.123787][ T3515]  ? __pfx_worker_thread+0x10/0x10
[  180.123800][ T3515]  ? __pfx_kthread+0x10/0x10
[  180.123819][ T3515]  ret_from_fork+0x51e/0xb90
[  180.123843][ T3515]  ? __pfx_ret_from_fork+0x10/0x10
[  180.123862][ T3515]  ? __switch_to+0xc7d/0x1450
[  180.123884][ T3515]  ? __pfx_kthread+0x10/0x10
[  180.123903][ T3515]  ret_from_fork_asm+0x1a/0x30
[  180.123934][ T3515]  </TASK>
[  180.479968][ T3515] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  181.557992][ T6991] netlink: 'syz.3.261': attribute type 10 has an invalid length.
[  182.694168][ T6979] syzkaller0: entered promiscuous mode
[  182.701437][ T6979] syzkaller0: entered allmulticast mode
[  182.720129][ T6991] veth1_macvtap: left promiscuous mode
[  182.835449][ T7003] fuse: fd is not a fuse device
[  187.216018][ T7071] fuse: fd is not a fuse device
[  187.349362][ T7078] loop2: detected capacity change from 0 to 1024
[  187.356549][ T7078] EXT4-fs: Ignoring removed orlov option
[  187.363013][ T7078] EXT4-fs: Ignoring removed mblk_io_submit option
[  187.385525][ T7078] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  187.394062][ T7078] System zones: 0-1, 3-12
[  187.401141][ T7078] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.416440][ T7063] syzkaller0: entered promiscuous mode
[  187.424194][ T7063] syzkaller0: entered allmulticast mode
[  187.630448][ T7088] syz.2.282 uses obsolete (PF_INET,SOCK_PACKET)
[  189.192195][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.242035][ T7105] kAFS: unable to lookup cell '('
[  189.360483][ T7108] NILFS (nbd1): device size too small
[  189.486401][ T7106] kAFS: unable to lookup cell '(,c��L'
[  189.533572][ T7115] fuse: fd is not a fuse device
[  189.983465][ T7134] netlink: 28 bytes leftover after parsing attributes in process `syz.3.298'.
[  190.000221][ T7134] netlink: 28 bytes leftover after parsing attributes in process `syz.3.298'.
[  191.072693][ T5851] Bluetooth: hci4: command 0x0406 tx timeout
[  191.074236][ T5845] Bluetooth: hci0: command 0x0406 tx timeout
[  191.087338][ T5851] Bluetooth: hci3: command 0x0406 tx timeout
[  191.087365][ T5851] Bluetooth: hci2: command 0x0406 tx timeout
[  191.087386][ T5851] Bluetooth: hci1: command 0x0406 tx timeout
[  191.483420][ T7134] syz_tun: entered promiscuous mode
[  191.498691][ T7134] syz_tun: left promiscuous mode
[  191.653330][ T7142] syzkaller0: entered promiscuous mode
[  191.698243][ T7142] syzkaller0: entered allmulticast mode
[  193.081811][ T7157] overlayfs: failed to clone lowerpath
[  193.095204][ T7157] overlayfs: failed to clone upperpath
[  193.927391][ T7163] syzkaller0: entered promiscuous mode
[  193.971612][ T7163] syzkaller0: entered allmulticast mode
[  194.025582][ T7167] IPVS: rr: FWM 3 0x00000003 - no destination available
[  194.059198][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  194.067707][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  194.127511][   T29] IPVS: starting estimator thread 0...
[  194.353094][ T7169] IPVS: using max 32 ests per chain, 76800 per kthread
[  196.237548][ T7193] netlink: 'syz.3.316': attribute type 10 has an invalid length.
[  196.349697][ T7193] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  196.544900][ T7204] loop2: detected capacity change from 0 to 2048
[  196.567871][ T7200] loop0: detected capacity change from 0 to 512
[  196.675381][ T7200] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  196.727202][ T7205] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  196.847833][ T7206] nilfs2: Unknown parameter '��������������18446744073709551615�����@�LqE�:��� �艞�t}�0��$�'
[  196.879981][ T7200] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  197.437339][ T7200] EXT4-fs (loop0): 1 truncate cleaned up
[  197.447317][ T7200] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.855738][ T7200] netlink: 'syz.0.319': attribute type 10 has an invalid length.
[  198.120262][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.660042][ T7231] loop2: detected capacity change from 0 to 32768
[  198.736863][ T7231] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.328 (7231)
[  198.783502][ T7231] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  198.795264][ T7231] BTRFS info (device loop2): using crc32c checksum algorithm
[  198.802682][ T7231] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  198.886016][ T7231] BTRFS info (device loop2): rebuilding free space tree
[  198.900561][ T7231] BTRFS info (device loop2): disabling free space tree
[  198.907486][ T7231] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  198.917145][ T7231] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  198.930685][ T7231] BTRFS info (device loop2): enabling ssd optimizations
[  198.938732][ T7231] BTRFS info (device loop2): turning on async discard
[  198.945709][ T7231] BTRFS info (device loop2): enabling disk space caching
[  198.952789][ T7231] BTRFS info (device loop2): force clearing of disk cache
[  198.959903][ T7231] BTRFS info (device loop2): use zstd compression, level 3
[  200.289948][ T7259] loop0: detected capacity change from 0 to 512
[  200.302611][ T5844] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  200.833720][ T7259] msdos: Unknown parameter '0xffffffffffffffff��g��e���L���T�Z鶳�<�O��./c��>p�#N�@rl��YwJ{'
[  201.840596][ T7283] loop0: detected capacity change from 0 to 1024
[  201.847934][ T7283] EXT4-fs: Ignoring removed orlov option
[  201.853757][ T7283] EXT4-fs: Ignoring removed mblk_io_submit option
[  201.880970][ T7283] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  201.889469][ T7283] System zones: 0-1, 3-12
[  201.901884][ T7283] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.120371][ T7289] netlink: 4 bytes leftover after parsing attributes in process `syz.1.342'.
[  203.462491][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.870714][ T7318] mac80211_hwsim hwsim9 syzkaller0: left promiscuous mode
[  205.099577][ T7318] mac80211_hwsim hwsim9 syzkaller0: left allmulticast mode
[  205.595028][ T7332] hfs: can't find a HFS filesystem on dev nullb0
[  206.340163][ T7338] loop0: detected capacity change from 0 to 1024
[  206.347307][ T7338] EXT4-fs: Ignoring removed orlov option
[  206.353017][ T7338] EXT4-fs: Ignoring removed mblk_io_submit option
[  206.376405][ T7338] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  206.384670][ T7338] System zones: 0-1, 3-12
[  206.391960][ T7338] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  208.230310][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.452155][ T7370] netlink: 28 bytes leftover after parsing attributes in process `syz.1.366'.
[  209.726382][ T7384] loop0: detected capacity change from 0 to 32768
[  209.848324][ T7384] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  210.171364][ T7384] XFS (loop0): Ending clean mount
[  210.203314][ T7384] XFS (loop0): Quotacheck needed: Please wait.
[  210.408933][ T7384] XFS (loop0): Quotacheck: Done.
[  211.101478][ T5852] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  212.511943][ T7426] mac80211_hwsim hwsim9 syzkaller0: entered promiscuous mode
[  212.540145][ T7426] mac80211_hwsim hwsim9 syzkaller0: entered allmulticast mode
[  212.614607][ T7432] loop0: detected capacity change from 0 to 1024
[  212.621817][ T7432] EXT4-fs: Ignoring removed orlov option
[  212.627470][ T7432] EXT4-fs: Ignoring removed mblk_io_submit option
[  212.647653][ T7432] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  212.656895][ T7432] System zones: 0-1, 3-12
[  212.665351][ T7432] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.561274][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.834559][ T7458] syzkaller0: entered promiscuous mode
[  213.848612][ T7458] syzkaller0: entered allmulticast mode
[  214.938047][   T55] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  215.347019][   T55] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  215.387783][   T55] usb 2-1: config 0 has no interfaces?
[  215.404455][   T55] usb 2-1: New USB device found, idVendor=abcd, idProduct=cde3, bcdDevice= 5.b9
[  215.437551][   T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.465042][ T7479] loop2: detected capacity change from 0 to 2048
[  215.466551][   T55] usb 2-1: config 0 descriptor??
[  216.092126][ T7479] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.257833][ T7458] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  216.266493][   T55] usb 2-1: USB disconnect, device number 3
[  216.285403][ T7457] tipc: Resetting bearer <eth:syzkaller0>
[  216.779242][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.937500][ T7457] tipc: Disabling bearer <eth:syzkaller0>
[  217.752673][ T7507] SQUASHFS error: Failed to read block 0x0: -5
[  217.781097][ T7507] unable to read squashfs_super_block
[  220.536047][ T7532] loop0: detected capacity change from 0 to 8192
[  223.611584][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  226.147782][ T5949] IPVS: starting estimator thread 0...
[  226.281589][ T7575] IPVS: using max 33 ests per chain, 79200 per kthread
[  232.234813][ T7619] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  232.241568][ T7619] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  232.250325][ T7619] vhci_hcd vhci_hcd.0: Device attached
[  232.691535][ T5949] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  232.838696][ T7620] vhci_hcd: connection reset by peer
[  232.906029][  T135] vhci_hcd vhci_hcd.0: stop threads
[  232.994531][  T135] vhci_hcd vhci_hcd.0: release socket
[  233.081014][  T135] vhci_hcd vhci_hcd.0: disconnect device
[  236.006227][ T7655] loop0: detected capacity change from 0 to 256
[  237.925377][ T5949] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  238.431469][ T7690] ptrace attach of "./syz-executor exec"[5843] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  240.169394][ T7701] loop0: detected capacity change from 0 to 256
[  240.375154][ T7701] FAT-fs (loop0): invalid media value (0x59)
[  240.381457][ T7701] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; no bootstrapping code
[  240.390668][ T7701] FAT-fs (loop0): Can't find a valid FAT filesystem
[  242.195716][ T7724] loop1: detected capacity change from 0 to 1024
[  242.202667][ T7724] EXT4-fs: Ignoring removed orlov option
[  242.208307][ T7724] EXT4-fs: Ignoring removed mblk_io_submit option
[  242.225799][ T7724] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  242.234088][ T7724] System zones: 0-1, 3-12
[  242.240427][ T7724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.484360][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.321938][ T7745] tipc: Started in network mode
[  244.336944][ T7745] tipc: Node identity dec05eb3bd16, cluster identity 4711
[  244.365725][ T7745] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  244.391996][ T7748] syzkaller0: entered promiscuous mode
[  244.410294][ T7748] syzkaller0: entered allmulticast mode
[  244.523549][ T7745] tipc: Resetting bearer <eth:syzkaller0>
[  244.550306][ T7744] tipc: Resetting bearer <eth:syzkaller0>
[  244.595933][ T7744] tipc: Disabling bearer <eth:syzkaller0>
[  244.771547][   T29] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  245.097252][   T29] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  245.168417][   T29] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  245.188212][ T7756] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  245.240899][   T29] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.623440][   T29] usb 3-1: config 0 descriptor??
[  245.923242][   T29] pwc: Askey VC010 type 2 USB webcam detected.
[  246.145374][ T7759] loop1: detected capacity change from 0 to 32768
[  246.212096][ T7759] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  246.272719][ T7759] XFS (loop1): Ending clean mount
[  246.293332][ T7759] XFS (loop1): Quotacheck needed: Please wait.
[  246.370706][   T29] pwc: recv_control_msg error -32 req 02 val 2b00
[  246.398682][ T7759] XFS (loop1): Quotacheck: Done.
[  246.407536][   T29] pwc: recv_control_msg error -32 req 02 val 2700
[  246.440306][ T7772] loop0: detected capacity change from 0 to 1024
[  246.448272][ T7772] EXT4-fs: Ignoring removed orlov option
[  246.454024][ T7772] EXT4-fs: Ignoring removed mblk_io_submit option
[  246.505244][ T7772] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  246.516565][ T7772] System zones: 0-1, 3-12
[  246.523448][ T7772] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  246.578250][   T29] pwc: recv_control_msg error -32 req 02 val 2c00
[  246.586372][   T29] pwc: recv_control_msg error -32 req 04 val 1000
[  246.596307][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.608584][   T29] pwc: recv_control_msg error -32 req 04 val 1300
[  246.705250][ T7778] netlink: 168 bytes leftover after parsing attributes in process `syz.1.460'.
[  246.991819][ T7785] loop0: detected capacity change from 0 to 1024
[  246.999030][ T7785] EXT4-fs: Ignoring removed orlov option
[  247.004734][ T7785] EXT4-fs: Ignoring removed mblk_io_submit option
[  247.036649][   T29] pwc: recv_control_msg error -32 req 04 val 1400
[  247.116625][   T29] pwc: recv_control_msg error -32 req 02 val 2000
[  247.143285][ T7785] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a854c018, mo2=0002]
[  247.155376][ T7785] System zones: 0-1, 3-12
[  247.162421][ T7785] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.212854][   T29] pwc: recv_control_msg error -32 req 02 val 2100
[  247.226718][   T29] pwc: recv_control_msg error -32 req 04 val 1500
[  247.236838][   T29] pwc: recv_control_msg error -32 req 02 val 2500
[  247.237259][ T5842] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  248.209082][   T29] pwc: recv_control_msg error -32 req 02 val 2400
[  248.232537][   T29] pwc: recv_control_msg error -32 req 02 val 2600
[  248.260683][ T5852] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.728671][   T29] pwc: recv_control_msg error -71 req 02 val 2800
[  248.784034][   T29] pwc: recv_control_msg error -71 req 04 val 1100
[  248.792204][   T29] pwc: recv_control_msg error -71 req 04 val 1200
[  248.808823][   T29] pwc: Registered as video103.
[  248.834906][   T29] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5
[  248.903208][ T7802] netlink: 'syz.0.475': attribute type 10 has an invalid length.
[  248.974880][   T29] usb 3-1: USB disconnect, device number 3
[  249.103438][ T7802] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  249.143391][ T7806] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  250.756849][ T7841] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  251.666370][ T7837] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  252.973046][ T7865] netlink: 'syz.2.494': attribute type 10 has an invalid length.
[  252.993840][ T7865] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  253.249343][ T7872] trusted_key: syz.4.495 sent an empty control message without MSG_MORE.
[  254.328911][ T7884] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  255.717820][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  255.927334][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  256.883802][ T7926] 9p: Bad value for 'rfdno'
[  256.936272][ T7930] netlink: 'syz.1.511': attribute type 10 has an invalid length.
[  257.668953][ T7930] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  258.507994][ T7941] netlink: 'syz.4.514': attribute type 15 has an invalid length.
[  258.517988][ T7941] netlink: 'syz.4.514': attribute type 7 has an invalid length.
[  260.058023][ T7961] loop1: detected capacity change from 0 to 512
[  260.058793][ T7962] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  260.085290][ T7961] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  260.127820][ T7961] EXT4-fs (loop1): 1 truncate cleaned up
[  260.135275][ T7961] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  261.421194][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.913424][ T7989] loop6: detected capacity change from 0 to 7
[  263.283340][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.293087][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.366789][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.376384][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.385095][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.394670][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.439910][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.449507][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.459992][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.469597][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.480742][ T7993] fuse: fd is not a fuse device
[  263.491557][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.501253][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.513021][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.522588][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.530495][ T7989] ldm_validate_partition_table(): Disk read failed.
[  263.551964][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.561566][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.571310][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.580885][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.590421][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  263.600026][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.608040][ T7989] Dev loop6: unable to read RDB block 0
[  263.743669][ T7989]  loop6: unable to read partition table
[  263.774202][ T7989] loop6: partition table beyond EOD, truncated
[  264.721336][ T7989] loop_reread_partitions: partition scan of loop6 (���������S�j̖�P=ý?�}X���	���%��`��ր����5) failed (rc=-5)
[  264.950889][ T8000] netlink: 'syz.3.536': attribute type 10 has an invalid length.
[  266.785484][ T8028] fuse: fd is not a fuse device
[  268.656265][   T30] audit: type=1326 audit(2000000095.230:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8050 comm="syz.0.552" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4a9959c799 code=0x0
[  268.706226][ T8055] netlink: 'syz.4.551': attribute type 10 has an invalid length.
[  268.727182][ T8055] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  269.032929][ T5925] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  269.269220][ T8059] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  269.404695][ T5925] usb 1-1: config 0 has no interfaces?
[  269.518344][ T5925] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  269.562553][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  269.609971][ T5925] usb 1-1: Product: syz
[  270.042602][ T5925] usb 1-1: Manufacturer: syz
[  270.089525][ T5925] usb 1-1: config 0 descriptor??
[  270.374995][ T5855] Bluetooth: hci0: Opcode 0x0401 failed: -112
[  271.373158][ T5845] Bluetooth: hci0: command 0x0406 tx timeout
[  271.383713][ T5855] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  271.854387][ T8087] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] SMP KASAN PTI
[  271.866315][ T8087] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
[  271.874730][ T8087] CPU: 0 UID: 0 PID: 8087 Comm: syz.2.559 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  271.885660][ T8087] Tainted: [L]=SOFTLOCKUP
[  271.889971][ T8087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  271.900026][ T8087] RIP: 0010:fuse_opt_fd+0x49/0x220
[  271.905138][ T8087] Code: 4c 8d bb 98 00 00 00 4c 89 f8 48 c1 e8 03 80 3c 28 00 74 08 4c 89 ff e8 c5 ee e4 fe 4d 8b 3f 4d 8d 66 48 4c 89 e0 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 e7 e8 a9 ee e4 fe 49 81 3c 24 80 28 09 8c
[  271.924735][ T8087] RSP: 0018:ffffc9000fdffa68 EFLAGS: 00010206
[  271.930808][ T8087] RAX: 0000000000000009 RBX: ffff888057825c00 RCX: 0000000000080000
[  271.938771][ T8087] RDX: ffffc9000e4ea000 RSI: 0000000000000664 RDI: 0000000000000665
[  271.946740][ T8087] RBP: dffffc0000000000 R08: ffffffff824b142a R09: ffffffff8e75d6a0
[  271.954731][ T8087] R10: 0000000000000009 R11: 0000000000000002 R12: 0000000000000048
[  271.962695][ T8087] R13: 0000000000000002 R14: 0000000000000000 R15: ffff888029aefd80
[  271.970664][ T8087] FS:  00007f49c7ae86c0(0000) GS:ffff888125435000(0000) knlGS:0000000000000000
[  271.979589][ T8087] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  271.986164][ T8087] CR2: 0000200000003000 CR3: 0000000074c78000 CR4: 00000000003526f0
[  271.994133][ T8087] Call Trace:
[  271.997414][ T8087]  <TASK>
[  272.000341][ T8087]  fuse_parse_param+0x69b/0xa80
[  272.005179][ T8087]  ? __pfx_fuse_parse_param+0x10/0x10
[  272.010533][ T8087]  ? static_key_count+0x41/0x70
[  272.015368][ T8087]  vfs_parse_fs_param+0x1a9/0x420
[  272.020379][ T8087]  vfs_parse_monolithic_sep+0x283/0x360
[  272.025901][ T8087]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  272.031508][ T8087]  ? __pfx_vfs_parse_monolithic_sep+0x10/0x10
[  272.037556][ T8087]  ? alloc_fs_context+0x9e9/0xd50
[  272.042561][ T8087]  do_new_mount+0x304/0xd30
[  272.047049][ T8087]  ? apparmor_capable+0x126/0x170
[  272.052057][ T8087]  ? security_capable+0x7e/0x2c0
[  272.056996][ T8087]  ? __pfx_do_new_mount+0x10/0x10
[  272.062004][ T8087]  ? ns_capable+0x89/0xe0
[  272.066315][ T8087]  ? path_mount+0x690/0x10e0
[  272.070886][ T8087]  ? user_path_at+0xd4/0x160
[  272.075479][ T8087]  __se_sys_mount+0x31d/0x420
[  272.080141][ T8087]  ? __pfx___se_sys_mount+0x10/0x10
[  272.085323][ T8087]  ? __x64_sys_mount+0x20/0xc0
[  272.090078][ T8087]  do_syscall_64+0x14d/0xf80
[  272.094648][ T8087]  ? trace_irq_disable+0x3b/0x150
[  272.099654][ T8087]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.105699][ T8087]  ? clear_bhb_loop+0x40/0x90
[  272.110357][ T8087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.116234][ T8087] RIP: 0033:0x7f49c6b9c799
[  272.120651][ T8087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  272.140234][ T8087] RSP: 002b:00007f49c7ae8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  272.148628][ T8087] RAX: ffffffffffffffda RBX: 00007f49c6e15fa0 RCX: 00007f49c6b9c799
[  272.156579][ T8087] RDX: 0000200000002100 RSI: 00002000000020c0 RDI: 0000000000000000
[  272.164533][ T8087] RBP: 00007f49c6c32c99 R08: 0000200000002140 R09: 0000000000000000
[  272.172483][ T8087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  272.180779][ T8087] R13: 00007f49c6e16038 R14: 00007f49c6e15fa0 R15: 00007fff6cf771d8
[  272.188735][ T8087]  </TASK>
[  272.191746][ T8087] Modules linked in:
[  272.196821][ T8087] ---[ end trace 0000000000000000 ]---
[  272.202330][ T8087] RIP: 0010:fuse_opt_fd+0x49/0x220
[  272.207446][ T8087] Code: 4c 8d bb 98 00 00 00 4c 89 f8 48 c1 e8 03 80 3c 28 00 74 08 4c 89 ff e8 c5 ee e4 fe 4d 8b 3f 4d 8d 66 48 4c 89 e0 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 e7 e8 a9 ee e4 fe 49 81 3c 24 80 28 09 8c
[  272.227470][ T8087] RSP: 0018:ffffc9000fdffa68 EFLAGS: 00010206
[  272.233574][ T8087] RAX: 0000000000000009 RBX: ffff888057825c00 RCX: 0000000000080000
[  272.241567][ T8087] RDX: ffffc9000e4ea000 RSI: 0000000000000664 RDI: 0000000000000665
[  272.249561][ T8087] RBP: dffffc0000000000 R08: ffffffff824b142a R09: ffffffff8e75d6a0
[  272.257883][ T8087] R10: 0000000000000009 R11: 0000000000000002 R12: 0000000000000048
[  272.266255][ T8087] R13: 0000000000000002 R14: 0000000000000000 R15: ffff888029aefd80
[  272.274258][ T8087] FS:  00007f49c7ae86c0(0000) GS:ffff888125435000(0000) knlGS:0000000000000000
[  272.283259][ T8087] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  272.289846][ T8087] CR2: 0000200000003000 CR3: 0000000074c78000 CR4: 00000000003526f0
[  272.297852][ T8087] Kernel panic - not syncing: Fatal exception
[  272.304143][ T8087] Kernel Offset: disabled
[  272.308448][ T8087] Rebooting in 86400 seconds..