last executing test programs:

18m3.947918923s ago: executing program 2 (id=468):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000080)=@req3={0x54c, 0x4, 0x3, 0x3, 0xc, 0x6, 0x7}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000100)={0x0, 0x314f, 0x400, 0x3, 0x286}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)

18m1.856918985s ago: executing program 2 (id=481):
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r3, 0x40046103, 0x0)
write$UHID_INPUT(r0, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5b09094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32310d076def35cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c2a7466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153bdf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da033d5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

17m59.373919593s ago: executing program 2 (id=489):
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x403, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x48}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000)={0xffffffff}, 0xf1, 0x10, &(0x7f0000000000)={0x0, 0x7}, 0x7}, 0x48)

17m57.854884824s ago: executing program 2 (id=492):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1400c, &(0x7f0000000840)={[{@stripe={'stripe', 0x3d, 0x3d}}, {@init_itable}, {@bsdgroups}]}, 0x3, 0x457, &(0x7f00000008c0)="$eJzs281vFOUfAPDvzHbLj1+BVsQ38KWKxsaXlgIqBw9qNPGAiYke9Ni0hSALGFoTISSCMXgyxsS78ei/4Ekvxngy8ap3Q0IMF8HTmtmZaXeX7dKWXbayn08y8DzzzPR5vjvz7Dwzz04AQ2sy+yeJ2BERv0fEeJ5t3WAy/+/6tQvzN65dmE+iXn/nr6Sx3d/XLsyXm5b7jRWZqTQi/SyJfR3qXTp3/uRcrbZ4tsjPLJ/6cGbp3PnnT5yaO754fPH0wSNHDh+afenFgy/0JM6xSIvUm+9/9dbRL1rib4ujRya7FT5Vr/e4usHa2ZRORgbYEDakEhHZ4ao2+v94VGL14I3HG58OtHFAX9Xr9frY2sUX68BdLInWvC4Pw6K80Gf3v+XSPgh4pX/Dj4G7+mp+A5TFfb1Y8pKRlScG1bb7216ajIj3Lv7zTbZEf55DAAC0+CEb/zyXjXbax39p3N+03a5ibmgiIu6JiN0RcW+cjj0RcV9EY9sHIuLBDdbfPkly8/gnvbKpwNYpG/+9XMxttY7/ytFfTFSK3M5G/NXk2Ina4oHiM5mK6rYsP9uljh9f/+3Ltcqax3/ZktVfjgWLdlwZ2da6z8Lc8tztxNzs6qWIvSOd4k9WZgKSiHgoIvZuso4Tz3z38Fplt46/ix7MM9W/jXg6P/4Xoy3+UtJ9fnLmf1FbPDBTnhU3++XXy2+vVf9txd8D2fH/f8fzfyX+iaR5vnZp43Vc/uPzNe9pNnv+jybvNtKjxbqP55aXz85GjCZH80Y3rz+4um+ZL7fP4p/a37n/747VT2JfRGQn8SMR8WhEPFa0/fGIeCIi9neJ/+fXnvygfd32dcffvkdvZfEvbOj4ryZGo31N50Tl5E/ft1Q6sZos4r/R/fgfbqSmijXr+f5bT7s2dzYDAADAf08aETsiSadX0mk6vSv/Df+eiLR2Zmn52WNnPjq9kL8jMBHVtHzSNd70PHS2uK3P85ciIv9pQVl+qHhu/HVleyM/PX+mtjDo4GHIjXXq/9N52Z+VQbcO6Dvva8Hw0v9heOn/MLw21v+39a0dwJ3Xof/359eGwJbT6fr/yQDaAdx5bf3ftB8MEc//YHjl/d9lH4aR6z8MpaXtceuX5Lsmyr+0yd3v2kRUt0Qz+paIdEs0Q6JPicF+LwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTKvwEAAP//jW/dKQ==")
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0x210048, &(0x7f00000003c0)=ANY=[], 0xfd, 0x1f0, &(0x7f0000000080)="$eJzslruO00AUhv8ZW3aCuEiUNBREAgoc2wFEE4lIiIoCiUtEgUQkTBSSAEpckEgo4Qno6SjoeQEkaHkIFGigCRVbezUXO87Fu8nuelPs+aSMf4/mcnxm9J+AIIgTy+9fO5Pof/VPAcBplGDr/r/GbAxPjf9Z+Pfu+7279Q9PP/+wJ05x1ZpRtP7+JoBvNQNhMnd+dkk/H4In+hE4rmpdB4Oj9TNwPBZibCMAwxMUZHwvpVa8FuMd50WrEzgMgBCuaDzR+KKpLMY3fc/wPBUfk+qs7hm2G51O0OsPchP75W9a46im4lOHYukeFa2byp8HDk/rChgeaH0LdpwblZLU918wZ+unrgaWw7Vyz4gIZYNZ589khdoXOZrvMTO/a16IvB7R52Cstsz1DilhLMZsQIr4RHO/yscuYG58tTLPYrR0W/IQBzmLr7fVnLgnGql3OeZcxoLRaM0tLKwZRlwNVOYTf4o+MVxO+ZMpK8pHWWrKYfcNx2B4rdVtNINm8Mr3Kzfd6657w78DYURlaUd7+F9R+tOp2fora5J0RGbhbSMMe55qk3dftascl0v/47hyKXbTKHFWgb2wB9M/Lp/Se9tfMqMnCILYHheFo2nMWOhqguS/LnB/izESBEEQBEEQBEEQBHE4dgMAAP//Id89jw==")
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc13, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x77, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0xc0105500, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r1, &(0x7f0000006b40)={0x2020}, 0x2020)

17m57.186519316s ago: executing program 2 (id=495):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x14, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}})
io_setup(0x8, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x1}}, 0x20)
io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0)

17m55.060371691s ago: executing program 2 (id=502):
syz_usb_connect(0x5, 0x24, &(0x7f0000001900)={{0x12, 0x1, 0x200, 0x2, 0xcd, 0x77, 0x10, 0x403, 0xb8d8, 0x30bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xde, 0x0, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xd0, 0x76, 0xd8, 0xe}}]}}]}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
pipe(&(0x7f0000000000))
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r3=>0x0, &(0x7f00000005c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x148, 0x80543, 0x12345})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

17m53.978149697s ago: executing program 32 (id=502):
syz_usb_connect(0x5, 0x24, &(0x7f0000001900)={{0x12, 0x1, 0x200, 0x2, 0xcd, 0x77, 0x10, 0x403, 0xb8d8, 0x30bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xde, 0x0, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xd0, 0x76, 0xd8, 0xe}}]}}]}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
pipe(&(0x7f0000000000))
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r3=>0x0, &(0x7f00000005c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x148, 0x80543, 0x12345})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

13m21.860144816s ago: executing program 0 (id=1223):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000200)={0x2, &(0x7f0000000180)=[{0x45}, {0x6}]})

13m20.831462615s ago: executing program 0 (id=1226):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setresuid(0xffffffffffffffff, 0xee00, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x27fabbafe}, 0xc)

13m19.720008862s ago: executing program 0 (id=1229):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), r3)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)={0x14, r4, 0x301, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4040020)

13m18.682049761s ago: executing program 0 (id=1230):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000680)={[{@fat=@time_offset={'time_offset', 0x3d, 0x39e}}, {@numtail}, {@uni_xlate}, {@fat=@discard}, {@shortname_win95}, {@shortname_mixed}, {@numtail}, {@shortname_win95}, {@fat=@dmask={'dmask', 0x3d, 0x81}}, {@shortname_lower}, {@fat=@flush}, {@shortname_win95}]}, 0x0, 0x29f, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
socketpair$unix(0x1, 0x1, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0x19, &(0x7f0000000180)=0x3, 0x4)
syz_emit_ethernet(0x15e, &(0x7f00000003c0)={@random="e33110495bfd", @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x128, 0x3a, 0xff, @dev, @local, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1, [{0x4, 0x20, "9595f429ae08a565c9a41d413a70a44d2e6f790a3872d50bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402659c29eb0ce380654c1bb0f61d255b1556b7a311096b7aab867396997ffab76abca01185b08d1e29ee14d8fe61245487104b1c5205c6adc794ba413b92d2d208b86f40983c4819c33b59c1abe2a4b0aa661fcb54e0855d6bb5dd267878ff59bcfc6079e7a5e0135118be22dc6c97e730f7053d6ec34ca11b5c7c3830af6b26868600f042ff"}]}}}}}}, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000080)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002c00)={0x2020}, 0x2020)

13m17.752078497s ago: executing program 0 (id=1234):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x141200, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

13m17.027912921s ago: executing program 0 (id=1240):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newtfilter={0xc4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x98, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x6, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x6}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x8, 0x42}, {0x6, 0x4, 0x8, 0x8}, {0x8001, 0x0, 0x0, 0x8001}, {0x1, 0x1800004, 0xa525}]}}]}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x80}, 0xc040)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

13m16.466913619s ago: executing program 33 (id=1240):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newtfilter={0xc4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x98, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x6, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x6}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x8, 0x42}, {0x6, 0x4, 0x8, 0x8}, {0x8001, 0x0, 0x0, 0x8001}, {0x1, 0x1800004, 0xa525}]}}]}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x80}, 0xc040)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

22.160000198s ago: executing program 1 (id=3035):
creat(&(0x7f0000000400)='./bus\x00', 0x0)
socket$kcm(0x2d, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$kcm(0x2, 0xa, 0x2)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000280)={0x0, 0xec25, 0x400, 0x3, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f00000004c0)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @remote, 0x100}, {0xa, 0x4e20, 0x6, @mcast2, 0x3}, r6}}, 0x48)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x2, 0x5}}, 0x20)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r7 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$IMADDTIMER(r7, 0x80044940, &(0x7f00000002c0))
read(r7, &(0x7f00000019c0)=""/4097, 0x1001)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1})
io_uring_enter(r2, 0x47ba, 0x0, 0x28, 0x0, 0x0)

13.575527917s ago: executing program 3 (id=3050):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f00000003c0)={{0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}, {0xa, 0x4e24, 0xffffffc6, @remote, 0x2876}, 0xffffffffffffffff, {[0x7509, 0xe6, 0x9, 0x16, 0x4198b869, 0x978, 0xf, 0xd]}}, 0x5c)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f00000000c0)=""/173)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r2=>0x0})
socket(0x18, 0x5, 0x10000000)
write(r0, 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r2, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000900))
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1)

11.94263883s ago: executing program 1 (id=3051):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x282c01, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000540)=0x9)
syz_clone3(0x0, 0x0)
syz_open_dev$evdev(&(0x7f00000002c0), 0x1, 0xa00)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r3, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r3, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff14)

11.881112891s ago: executing program 3 (id=3053):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
r5 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
setuid(0xee00)
r6 = syz_pidfd_open(r5, 0x0)
setns(r6, 0x10000000)

10.494101317s ago: executing program 3 (id=3055):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff)
socket$key(0xf, 0x3, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0xfdff)

8.832946756s ago: executing program 1 (id=3057):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
execve(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_io_uring_setup(0x95, &(0x7f0000000140)={0x0, 0x201, 0x0, 0x0, 0x3}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x20102, 0x0, 0x28}, &(0x7f0000000500)='./file0\x00', 0x18, 0x0, 0x0, {0x0, r5}})
setreuid(0x0, 0x0)
io_uring_enter(r2, 0x4536, 0x6aaf, 0x0, 0x0, 0x0)

7.867897145s ago: executing program 4 (id=3058):
r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000004c0)='j\x95\'\x8aC\x16\xca\\', &(0x7f0000000c40)='\xe6usek\v\xf6u%\x9b\x00\x00\xad\xeb\x00\x00\x00\x00\x01\x80\x00\x00\xcf\x9b\x9f\b\xb6\xfe\xc8\xda~-\xf5S>\xb8\x86\xfc\x9cVR\x82\x9a\xbdp\xbd\x83w\xf9Z\xd2\xcb\xcdF\xd0#N7\x17\xfc\x1e\xf1\x97\xffxi\xe0KE}]\x8e\xca\xe3+\xc8\x98\x03\x91\x88(\bn\x7f\x0e\x85\xa5\xb4\n?_\xc9\xef\xe0Q\xdb\xb6\xa5\x81t\x06\xda\x95\x935\xf1\x18\xac\x00\xf0\xff\xff\xbd\xb5\xa1\x06\xfd\x01\x00\x00\x00\x0f\xf8\xe3\x8a\x1f\x9c\xf3\xc5\x1f\xf9\xbf[\xd13\xb3\xd3j\r6\x7f', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000140)='{:\'@-\x00', &(0x7f0000000180)='%*.\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000003c0)='\x00', &(0x7f0000000400)='(!\xef(.(\\-]\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='^](*\r\\!\x00', &(0x7f0000000500)='{:\'@-\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b80)='\xe0\"\xef\xb1\xea\xe6\x9c\xe6\xc8M\xdb\x86\xb3\x8b\xbe\xd5\xbdB\x92\xa0\x19-+a\x13qQ\xd5f39hSr\xafbB\xe2\xe8\xcd\x1bf\x18\x7f\xf27E#\"\xab\x99\xec\x88\x8d\xd8C\x0f\x95\xff\xfeG\xf9t\xb1 \xcc\xc5\xbb\x88\xb6\xd2\xf2Jwq\xf8oG<v\xb8\x18\x80\xe1Kf\xf8R\xdd\x06\xe8\xfbl\v\xb0\xdd\x05\x05\xd8\xdb\xfd`\xf9\xf8\x915\b\x8c\xad\xc8\x9d=\xfeN\x8b\x1eR\x1e\xf8\x9dn\x19H\xd2aE\xa0\x06\xb0Yv\xf9^\x8c\x8f\xc3\xa5\x985\x85U\x8cZ/\'\xbd\xe2\xdc\xe3\xb9\x8e$Z\xef\xa8\xe5(Mt\xd3\xd9\xf6X\x1a\x9b\t$N\xd0U\xe2z\xeb\x01\x80!0\xe8\xc3\xce\xf8\x03\xde\x92s\xf9', &(0x7f0000000ac0)='fuseblk\x00M\x13k\x92#\x05z)\xe0c\\35\xdf%\xa3\xac!zoO\xf8\xcex\xb3\f\xad@\x853o\x0f0\x1a\xc0\"\xf7\x11Z\x01\xc1\xd9\x9fbJ7\xd1\xad\xe1\xed\x87\xae\x11-s\xb4\xbd\x1e\x9a\xd7\xc1crt\x88%\x92\x8fL\x8d\xb3-\xb60O \xc5\xd1q\xcc\x97\xe0\xe8\xb0\n\v\xa9V\xfa\xeb\x1e|M\x98W\x81\xa2@{_\xba^\xa2\x82k\x10G\xfc\xd4\x99Pl\xfa\xe8\x7f\xc9 h\xd0\xfd\x04\x95\x8c\xb1\xe7', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000a40)='^,/\x00', &(0x7f0000000a80)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='\x1c@\\\x00', &(0x7f00000002c0)='\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, 0x0, &(0x7f0000000340)="0f", 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000380)='}\x00', &(0x7f0000000880)='\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xf6\x83\xeb\xba_6\xfdR\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xecQ\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849@\x15=kxS\x1c\xc1\xdaT\x9c\b\xb6\xd8\xa0st~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xf4b\xdc\x19_P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;\xf1C\xea!J\x19\xe1\xfe\x0f\x84\xdfY\x10\xed\x1c\xb2n\xc0ME\xaa\x9e\xd1f\x92q\xeb\xdb)\xcd1(>\x8e\x0f}\x03\xdd\xf8\x84\x9bz!\x80F\xc5ls< \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\x1c\x9f\xbd\xcd\xea\xc3w\xa3\xf5\x1d.\x00\x00\x00\xa0\xf4\xe9\xe2\x83\xac\xde\x95cmvM\x12\xc1O\x1f#\xcd\x90\x1e\x03\x1e}\xe7w\xe7\"Oh`\xed\bM9\xaf\xa3BQ\xbf\xfd1\x1cG\xb5\xed\x86\xb9Q(\x19dZ\x8da\x008e*\x928\xcf\x0f\x0e\x05\x1dM?\x11$E\xc3\x12\x1e\xffI\x84t0D\xec\xf3T\xe2\xddJm\x87\xc9\xb1\xff\n\xa1\x13\xcbo\xc6\xda\x84\x02\xa3\x14\xf2q\x96\xa8Sa\xe4\x1f\x01\xa2]\xb2\xc9\xd5\xff\xfd\xf2\xb5\xf5\xef \xc7\x02\x927\xdb\xa5\a\x9eS\xb6\xe2\xbaL\x99n\xb4\xe3\xf7\x0eU\xc0', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='(\xed\xef(.(\\-]\x00', &(0x7f00000000c0)='f\xf0p\xce\x97\xbb\xd2dH\xdf\xbd\x18\x9baE\xef\x90\x90\x057g\x85\xf4\xf0\xba\xb0\xb1\x06\xa6q\xef\x03H\xda\"`\xd6', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='^](*\r\\!\x00', &(0x7f0000000100)='/*\x1d\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000240)='fuseblk\x00', 0x0, r0)
read(r0, 0x0, 0xfffffea1)
close(r0)

7.867515246s ago: executing program 5 (id=3059):
execve(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_io_uring_setup(0x95, &(0x7f0000000140)={0x0, 0x201, 0x0, 0x0, 0x3}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x20102, 0x0, 0x28}, &(0x7f0000000500)='./file0\x00', 0x18, 0x0, 0x0, {0x0, r6}})
setreuid(0x0, 0x0)
io_uring_enter(r3, 0x4536, 0x6aaf, 0x0, 0x0, 0x0)

7.687277908s ago: executing program 4 (id=3060):
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="00e789da34e04a1ffb124b2c2fb684c70b90bbb45efd97899a16f2df4fa2e8f06ac2c5352509e3c51d882eb3ec0dd3b1c96e980163890d2d0d1b8d3d62f6d77b0209e166e2ca4c35483d49316daf522556a16cab12d75a852bc680da7ea837480feb2060a1e20a59b7745235030000004ed0351cb5b416ba1c57217be5a338392f831617ee8c35bb61f0a9eeed3b1226b18c4b455ab222d7ae1b5258d5643d70000000000000000000ae468a387d9e63008000000000000063a454d1ab8760076a893752105f030c49caf2fdfe6bc9743a68593b576e2f2f6ab69e1b974ac90855ac250f8f73e16bc593730b88d7a3346b945e276875915040ce4901262cd8ce8191ee84e3ce5526a0a43b707cc711a3311f840cad641a013c6dd783aa895227b3d50a86e15a57e26666aaa296b7ddc4c8f421cf9d76d344bf6522f5d1138659d3de84ce13b085a2ed9d66c93767378423521cc4ea440e0ac3b953e1ca1675a716a97a5c3106aba648f119eeab4747b9b53000475e0a34514ccf397ea6f170e018122a98f135beac48d2ed195e20fdd226c7f5a20000ad1fcfbee59924e161280a8b78fe34b2fa3efa7c1d4268bf090000ecb4ece3234c232659fee3ff9e6d21e008a570bb490a65b84ea8b6d6507355cb1112fae6e3456bf8da53e1df20458e59456822dbb8dbd7ce0f928d5fbd6414fe8ab5277f3fd5ce6be044993f93e697a69484cc0e65ec742443c84e21a440998c8d69c12c2db7aee2872c6e0671d639e8f6bece219dcd0f69b9867dfc3187c882c035809c81832d7416f90c734be30c2faf0c22bfc8d95dfc7b9bac96b838c98ae5a75b9dc9e967ef5edf311bbebd7ca803cea8f5b9ec5b3edd6c44d633b71bde97a3c10a468432ff3d4e63ce3ecfa640d44b70b68744d26e72389e6c61767725d2c692443bc949c28b1a374e541bd352ca2f3bf64d883862dc24d8e27d86b6e38bc269f110c3d563f8e4ec9a98016b6b58157deeefa8fa022514bdc75f794094700cb8fa2b61310cbf9058bce5f2399055929e0fc732e0d5db926fe1b09a2993ff038d8099c229bda0801f8b81719d73b4abac97f704a0942051bae38b00b69d7fa69d738f99f73b19082ec0c99442d97ddbf68a4822aa2a2673478f81f14f67beee619b9d9882f7eabfb5000000000000000000003ff8795b5ec2de11479e781396117c84449647684239c9b9475b389a6a76d36c31f39539d928d2c58f188b4bf713d0915df4cc7de48a930935dbb01c9422d604467d209fd1421c7fc503cabde4bb193ff3654377c6e4fb72dcfc835f760bae7447068c2e43433e3d77c6805b559a04f3ebb741a9bbf57274b1da7800000000000000000000000000000000000000001c4f225672f3465b2638e921d80d58dca4ee4592d8cc0c06b2e390b7b1c713a46bc8ece9be25f055a59032576bc00a844c32b46040a607eaeb886ec0cb8e90c5a4075caa8a358ab81e78ad794a20f772b73466a43cd696401521793e54b1c4aa58d506b661f393e7233337473f36c2dbb15ae673afe82ebe45cc6f776162e43b74d9b9ca6f68d6bc8261600b27431e0f6f4f1e0947f69d2d812ebc9d2a8869b14a84dbdcdc5055b97a241e2f707740bb966b6c58408aceb9f6a943f614d2a6093c60c0dfb511b02f191ef6fa6e5a1a86687a44ec6098439a2ef55a4ba07e2b0f62ae86e1458f63f6b8b2d2b9990495f17b6d1052b19472a97d41204a8be48e380be2e6885c7de0807f2c154ad4f25b16027bc4aeb85dc798e7eef25631bfd79c8e0aff725dcd4b91c61bf8d72f74e4dbae"], 0x1, 0x11fa, &(0x7f0000003100)="$eJzs3M+LG2UYB/DH3a6tW/eHWqvtpS960cvQ3YMXBVlkC9KA0jZCKwhTd1ZDxiRkQiAiRk9e/TvEozdBvHnai3+Dt7147EEcMbE/dlkPpdKp4fO55CHv+yXPS0LgHeadw7e+/ay7X2X7+SiWnno7lgYR6U6KFEtx11fx+pu/LMf1m7eu7rRau9dSurJzY+uNlNL6pZ8+/OL7V34enf3gh/UfT8fB5keHv2//dnD+4MLhnzc+7VSpU6Vef5TydLvfH+W3yyLtdapultL7ZZFXRer0qmJ4ZHy/7A8Gk5T39tZWB8OiqlLem6RuMUmjfhoNJyn/JO/0UpZlaW01eBTt7+7UdR1R1yvxdNR1XT8Tq3E2no21WI+N2Izn4vl4Ic7Fi3E+XoqX48JsVtN9AwAAAAAAAAAAAAAAAAAAwGJ5pPP/lxpuHgAAAAAAAAAAAAAAAAAAABbE9Zu3ru60WrvXUjoTUX4zbo/b89f5+M5+dKKMIi7HRvwRs9P/c/P6yrut3ctpZjO+Lqf/5Kfj9vLR/NbscQIn5rfm+XQvvxLTcft0rD6Y346NOHdyfvt4fvb5Z+K1Vx/IZ7ERv34c/ShjL/7O3s9/uZXSO++1juUvzuYBAADAIsjSPSfu37Ps38bn+Ye4PnBsf30qLp5qdu1EVJPPu3lZFsPGi7sdzd+ZRsQT0tgCFytPRhv/bbF85IfUfD//06K5/yQen/tfetOdAAAAAAAAAAAA8DAex+2ETa8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiLHTgWAAAAABDmb51GxwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfBQAA//8aBcwX")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x84042, 0x1fb)
write$P9_RUNLINKAT(r0, &(0x7f0000000000)={0xfffffffffffffecb, 0x4d, 0x1}, 0xffffffd7)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000001c0)={0xf030000, 0x1, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980909, 0x10000000, '\x00', @p_u32=0x0}})
bind$inet(0xffffffffffffffff, 0x0, 0x0)

7.130958765s ago: executing program 6 (id=3061):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000d30000000800000002"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffdfe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket(0x2a, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000001d80), &(0x7f0000001d40)=r0}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r1, &(0x7f0000000300), 0x0}, 0x20)

7.059017394s ago: executing program 1 (id=3062):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x106}}, 0x20)
r3 = syz_open_dev$radio(&(0x7f0000000280), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r3, 0x40305652, &(0x7f00000002c0)={0x0, 0x1, 0x0, 0x0, 0x80, 0xfa000, 0x8})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x3)
sendmsg$IPCTNL_MSG_CT_NEW(r4, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)

7.044243996s ago: executing program 3 (id=3063):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe(&(0x7f00000007c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r4)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x4e22, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8)
bind$inet(r5, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x240087f9, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10)
splice(r3, 0x0, r4, 0x0, 0xfffd, 0x0)

6.007044229s ago: executing program 6 (id=3064):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
syz_emit_ethernet(0x76, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000))
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0x80000011})
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x30, 0x6, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008000}, 0x880)

5.746761835s ago: executing program 3 (id=3065):
setrlimit(0xf, &(0x7f0000000000)={0x0, 0xffffffffffffffff})
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000600)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0xc05c5340, &(0x7f0000000440))
r1 = socket(0x2, 0xa, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
prlimit64(0x0, 0x0, &(0x7f0000000080)={0xb, 0x100000000}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
dup(r3)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_int(r5, 0x0, 0x32, 0x0, &(0x7f0000000500))
pwritev2(r4, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x6000, 0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r6, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

5.745687733s ago: executing program 4 (id=3066):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0xfffffff0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000000c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000001c0)='kfree\x00', r6}, 0x10)
request_key(&(0x7f0000002740)='asymmetric\x00', &(0x7f0000002780)={'syz', 0x3}, 0x0, 0xffffffffffffffff)

5.001320511s ago: executing program 6 (id=3067):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff)
socket$key(0xf, 0x3, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c)
sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0xfdff)

4.77663852s ago: executing program 5 (id=3068):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
dup(r0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380))
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40))
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$unix(0x1, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08001400fc000000080011000700000008000e00800000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

4.00786789s ago: executing program 4 (id=3069):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r2}, 0x8)
getpid()
setns(0xffffffffffffffff, 0x24020000)
r3 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
setuid(0xee00)
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x10000000)

3.9819647s ago: executing program 3 (id=3070):
modify_ldt$write(0x1, 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc8902, 0x0)
r1 = fsopen(&(0x7f00000002c0)='exfat\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='source', &(0x7f0000000100)='\\\x00', 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)=0x3)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x7, 0x8}, 0x0)
fanotify_init(0xa00, 0x0)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/82, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000180))
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000600)={0x17})

3.773933321s ago: executing program 5 (id=3071):
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x40)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000100)={0x1, {0xf8000002, 0x8ba, 0x27, 0xb}})
r1 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000380)={0x1, @pix={0x404, 0x93d5, 0x58565559, 0x7, 0x10001, 0x1000008, 0x5, 0x5, 0x0, 0x3, 0x1, 0x2}})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
ioctl$COMEDI_SETWSUBD(0xffffffffffffffff, 0x6411)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000900, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x201000c, &(0x7f0000000040))
chdir(0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x8811}, 0x4008898)
recvmsg(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f000000b600)}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24000044, 0x0, 0x0)

3.010914085s ago: executing program 6 (id=3072):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf7473000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x238, 0x238, 0x238, 0x98, 0x98, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x18}, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x4, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x4000, &(0x7f0000000f00)=ANY=[@ANYBLOB="6c617374626c6f636b3d30303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756e64656c6574652c6c6f6e6761642c73686f727461642c7569643d666f726765742c756e64656c6574652c696f636861727365743d757466382c73686f727461642c696f636861727365743d64656661756c742c7569643d666f726765742c6e6f7374726963742c73657373696f6e3d30303030303030303030303030303030303030302c706172746974696f6e3d30303030303030303030303030303030303030362c00b2e01f5c0b5c8fb2623d8f888e41dfceb3ecf959d23d90b071660660b17884bd109d37086024cf83fa"], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
ppoll(0x0, 0x0, &(0x7f0000000340)={0x0, 0xff}, 0x0, 0x0)

3.010508269s ago: executing program 5 (id=3073):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
r5 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
setuid(0xee00)
r6 = syz_pidfd_open(r5, 0x0)
setns(r6, 0x10000000)

3.010310989s ago: executing program 4 (id=3074):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
execve(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_io_uring_setup(0x95, &(0x7f0000000140)={0x0, 0x201, 0x0, 0x0, 0x3}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x20102, 0x0, 0x28}, &(0x7f0000000500)='./file0\x00', 0x18, 0x0, 0x0, {0x0, r5}})
setreuid(0x0, 0x0)
io_uring_enter(r2, 0x4536, 0x6aaf, 0x0, 0x0, 0x0)

2.949371758s ago: executing program 1 (id=3075):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c)

1.191348361s ago: executing program 1 (id=3076):
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000180)='./bus\x00', 0x200000, &(0x7f0000000140)=ANY=[], 0xfb, 0x2b0, &(0x7f0000000540)="$eJzs3E1rE10UwPHTtOlLSpssHh5QEA+60c3Qxk8QpAUxoNRGtAvh1k40ZExKJkYiYrtz6+coLt0J1i9QEHfuxU0RBDddSEc6L3Zaom1j22mb/w/C3My9Z+6dyUw4MzB3/d7rJ9Wya5VNU1LDKimRZdkQyW2VQn3hMuWXByVuWa6O/vh84c79uZuFYnFqRnW6MHstr6rjF98/e/Hm0ofm6N234++GZC33YP17/sva/2vn1jdno63Xm2p0vl5vmnnH1oWKW7VUbzu2cW2t1Fy7saO+7NQXF9tqagtjmcWG7bpqam2t2m1t1rXZaKt5ZCo1tSxLxzLSa/oPHFFamZkxhSMZDJIw0mllo1Ew/R0rSyvHMSgAAHCydJv/z30M1nWb/z+uuFpxtbZX/p+SA+X/ffKH/H/4+A7pKeLn/5sdk0acDemtG4CCyYTX707k/wAAAAAAAAAAAAAAAAAAAAAAnAYbnpf1PC8bLaPPUPjOTPQ96XHiaHTx+/clOFwcstiLe8MizqtWqVUKlkF9oSwVccSWibTIT/98CAXl6RvFqQn15WTVWQrj/ZcEh6L4SK5z/GQQr7H4pVYpLZl4/3nJyn+d4/O74tMi0ioNypXLsXhLsvLpodTFkQX/vN6Ofzmpev1WcVf/I347AAAAAADOAkt/y+28/w1mk7QsjaYN2VUfrFyW6PmAZPd4PqCyOijb8QNyfiC5/QYAAAAAoJe47edV4zh2g8LBCr146KxwFuW/NvY8b2mr0b93mhKRhPb0m4icgAMeK6QP44L9+jTYyH4aJ/WPBAAAAOCobCf9SY8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDetd/Jw6L23cw9FuuuP5m9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6GXwEAAP//2MgYNQ==")
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x260140, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
umount2(&(0x7f00000001c0)='./file0\x00', 0x2)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x4040)

1.183093661s ago: executing program 5 (id=3077):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
r5 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
setuid(0xee00)
r6 = syz_pidfd_open(r5, 0x0)
setns(r6, 0x10000000)

935.801437ms ago: executing program 6 (id=3078):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r2}, 0x8)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
r5 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
setuid(0xee00)
r6 = syz_pidfd_open(r5, 0x0)
setns(r6, 0x10000000)

645.710593ms ago: executing program 4 (id=3079):
execve(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_io_uring_setup(0x95, &(0x7f0000000140)={0x0, 0x201, 0x0, 0x0, 0x3}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x20102, 0x0, 0x28}, &(0x7f0000000500)='./file0\x00', 0x18, 0x0, 0x0, {0x0, r6}})
setreuid(0x0, 0x0)
io_uring_enter(r3, 0x4536, 0x6aaf, 0x0, 0x0, 0x0)

196.520381ms ago: executing program 5 (id=3080):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r2}, 0x8)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
r5 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
setuid(0xee00)
r6 = syz_pidfd_open(r5, 0x0)
setns(r6, 0x10000000)

0s ago: executing program 6 (id=3081):
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="00e789da34e04a1ffb124b2c2fb684c70b90bbb45efd97899a16f2df4fa2e8f06ac2c5352509e3c51d882eb3ec0dd3b1c96e980163890d2d0d1b8d3d62f6d77b0209e166e2ca4c35483d49316daf522556a16cab12d75a852bc680da7ea837480feb2060a1e20a59b7745235030000004ed0351cb5b416ba1c57217be5a338392f831617ee8c35bb61f0a9eeed3b1226b18c4b455ab222d7ae1b5258d5643d70000000000000000000ae468a387d9e63008000000000000063a454d1ab8760076a893752105f030c49caf2fdfe6bc9743a68593b576e2f2f6ab69e1b974ac90855ac250f8f73e16bc593730b88d7a3346b945e276875915040ce4901262cd8ce8191ee84e3ce5526a0a43b707cc711a3311f840cad641a013c6dd783aa895227b3d50a86e15a57e26666aaa296b7ddc4c8f421cf9d76d344bf6522f5d1138659d3de84ce13b085a2ed9d66c93767378423521cc4ea440e0ac3b953e1ca1675a716a97a5c3106aba648f119eeab4747b9b53000475e0a34514ccf397ea6f170e018122a98f135beac48d2ed195e20fdd226c7f5a20000ad1fcfbee59924e161280a8b78fe34b2fa3efa7c1d4268bf090000ecb4ece3234c232659fee3ff9e6d21e008a570bb490a65b84ea8b6d6507355cb1112fae6e3456bf8da53e1df20458e59456822dbb8dbd7ce0f928d5fbd6414fe8ab5277f3fd5ce6be044993f93e697a69484cc0e65ec742443c84e21a440998c8d69c12c2db7aee2872c6e0671d639e8f6bece219dcd0f69b9867dfc3187c882c035809c81832d7416f90c734be30c2faf0c22bfc8d95dfc7b9bac96b838c98ae5a75b9dc9e967ef5edf311bbebd7ca803cea8f5b9ec5b3edd6c44d633b71bde97a3c10a468432ff3d4e63ce3ecfa640d44b70b68744d26e72389e6c61767725d2c692443bc949c28b1a374e541bd352ca2f3bf64d883862dc24d8e27d86b6e38bc269f110c3d563f8e4ec9a98016b6b58157deeefa8fa022514bdc75f794094700cb8fa2b61310cbf9058bce5f2399055929e0fc732e0d5db926fe1b09a2993ff038d8099c229bda0801f8b81719d73b4abac97f704a0942051bae38b00b69d7fa69d738f99f73b19082ec0c99442d97ddbf68a4822aa2a2673478f81f14f67beee619b9d9882f7eabfb5000000000000000000003ff8795b5ec2de11479e781396117c84449647684239c9b9475b389a6a76d36c31f39539d928d2c58f188b4bf713d0915df4cc7de48a930935dbb01c9422d604467d209fd1421c7fc503cabde4bb193ff3654377c6e4fb72dcfc835f760bae7447068c2e43433e3d77c6805b559a04f3ebb741a9bbf57274b1da7800000000000000000000000000000000000000001c4f225672f3465b2638e921d80d58dca4ee4592d8cc0c06b2e390b7b1c713a46bc8ece9be25f055a59032576bc00a844c32b46040a607eaeb886ec0cb8e90c5a4075caa8a358ab81e78ad794a20f772b73466a43cd696401521793e54b1c4aa58d506b661f393e7233337473f36c2dbb15ae673afe82ebe45cc6f776162e43b74d9b9ca6f68d6bc8261600b27431e0f6f4f1e0947f69d2d812ebc9d2a8869b14a84dbdcdc5055b97a241e2f707740bb966b6c58408aceb9f6a943f614d2a6093c60c0dfb511b02f191ef6fa6e5a1a86687a44ec6098439a2ef55a4ba07e2b0f62ae86e1458f63f6b8b2d2b9990495f17b6d1052b19472a97d41204a8be48e380be2e6885c7de0807f2c154ad4f25b16027bc4aeb85dc798e7eef25631bfd79c8e0aff725dcd4b91c61bf8d72f74e4dbae"], 0x1, 0x11fa, &(0x7f0000003100)="$eJzs3M+LG2UYB/DH3a6tW/eHWqvtpS960cvQ3YMXBVlkC9KA0jZCKwhTd1ZDxiRkQiAiRk9e/TvEozdBvHnai3+Dt7147EEcMbE/dlkPpdKp4fO55CHv+yXPS0LgHeadw7e+/ay7X2X7+SiWnno7lgYR6U6KFEtx11fx+pu/LMf1m7eu7rRau9dSurJzY+uNlNL6pZ8+/OL7V34enf3gh/UfT8fB5keHv2//dnD+4MLhnzc+7VSpU6Vef5TydLvfH+W3yyLtdapultL7ZZFXRer0qmJ4ZHy/7A8Gk5T39tZWB8OiqlLem6RuMUmjfhoNJyn/JO/0UpZlaW01eBTt7+7UdR1R1yvxdNR1XT8Tq3E2no21WI+N2Izn4vl4Ic7Fi3E+XoqX48JsVtN9AwAAAAAAAAAAAAAAAAAAwGJ5pPP/lxpuHgAAAAAAAAAAAAAAAAAAABbE9Zu3ru60WrvXUjoTUX4zbo/b89f5+M5+dKKMIi7HRvwRs9P/c/P6yrut3ctpZjO+Lqf/5Kfj9vLR/NbscQIn5rfm+XQvvxLTcft0rD6Y346NOHdyfvt4fvb5Z+K1Vx/IZ7ERv34c/ShjL/7O3s9/uZXSO++1juUvzuYBAADAIsjSPSfu37Ps38bn+Ye4PnBsf30qLp5qdu1EVJPPu3lZFsPGi7sdzd+ZRsQT0tgCFytPRhv/bbF85IfUfD//06K5/yQen/tfetOdAAAAAAAAAAAA8DAex+2ETa8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiLHTgWAAAAABDmb51GxwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfBQAA//8aBcwX")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x84042, 0x1fb)
write$P9_RUNLINKAT(r0, &(0x7f0000000000)={0xfffffffffffffecb, 0x4d, 0x1}, 0xffffffd7)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000001c0)={0xf030000, 0x1, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980909, 0x10000000, '\x00', @p_u32=0x0}})
bind$inet(0xffffffffffffffff, 0x0, 0x0)

kernel console output (not intermixed with test programs):

rocess `syz.4.1174'.
[  506.683975][T13527] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1174'.
[  506.685008][T13529] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1174'.
[  506.694228][ T7359] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  506.721114][ T7359] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  506.773963][ T7359] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  506.791406][ T7359] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  510.779576][T13566] sctp: [Deprecated]: syz.3.1169 (pid 13566) Use of int in max_burst socket option.
[  510.779576][T13566] Use struct sctp_assoc_value instead
[  511.159525][T13569] loop5: detected capacity change from 0 to 40427
[  511.172970][T13569] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  511.180760][T13569] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  511.195249][T13569] F2FS-fs (loop5): invalid crc value
[  511.725745][T13569] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  511.743020][T13569] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  511.750062][T13569] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  512.841488][T13586] bridge0: entered allmulticast mode
[  517.561157][T13631] program syz.0.1199 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  521.339496][T13671] loop1: detected capacity change from 0 to 512
[  521.357487][T13671] EXT4-fs: Ignoring removed orlov option
[  521.370016][T13671] ext4: Unknown parameter 'noacl'
[  521.551780][T13677] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1211'.
[  522.284918][T13673] vlan3: entered promiscuous mode
[  522.290121][T13673] vlan3: entered allmulticast mode
[  522.453552][T13673] hsr_slave_1: entered allmulticast mode
[  524.292953][   T30] audit: type=1326 audit(1762868405.278:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  524.348157][   T30] audit: type=1326 audit(1762868405.278:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  524.414647][   T30] audit: type=1326 audit(1762868405.308:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  524.506108][   T30] audit: type=1326 audit(1762868405.308:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  524.569368][   T30] audit: type=1326 audit(1762868405.308:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  524.610008][T13703] loop1: detected capacity change from 0 to 32768
[  524.618139][T13703] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1222 (13703)
[  524.629424][   T30] audit: type=1326 audit(1762868405.308:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  524.683379][T13703] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  524.693840][T13703] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  524.955647][   T30] audit: type=1326 audit(1762868405.308:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  524.990026][   T30] audit: type=1326 audit(1762868405.308:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  525.386655][   T30] audit: type=1326 audit(1762868405.308:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  525.417000][   T30] audit: type=1326 audit(1762868405.308:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13696 comm="syz.3.1221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  525.769673][T13703] BTRFS info (device loop1): setting nodatasum
[  525.776151][T13703] BTRFS info (device loop1): setting nodatacow
[  525.782480][T13703] BTRFS info (device loop1): turning on async discard
[  525.789256][T13703] BTRFS info (device loop1): enabling free space tree
[  525.797067][T13703] BTRFS info (device loop1): enabling auto defrag
[  525.803541][T13703] BTRFS info (device loop1): max_inline set to 0
[  526.871359][   T24] libceph: connect (1)[c::]:6789 error -101
[  526.909495][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  527.070619][T13735] ceph: No mds server is up or the cluster is laggy
[  527.093571][   T24] libceph: connect (1)[c::]:6789 error -101
[  527.108853][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  527.714731][   T24] libceph: connect (1)[c::]:6789 error -101
[  527.821152][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  527.844868][T13752] loop0: detected capacity change from 0 to 128
[  528.706062][ T5826] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  529.031534][ T9498] syz_tun (unregistering): left allmulticast mode
[  529.901063][   T24] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 121 sec
[  530.013096][T13779] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1241'.
[  530.030354][ T5896] libceph: connect (1)[c::]:6789 error -101
[  530.070189][ T5896] libceph: mon0 (1)[c::]:6789 connect error
[  530.351863][  T795] libceph: connect (1)[c::]:6789 error -101
[  530.364917][  T795] libceph: mon0 (1)[c::]:6789 connect error
[  530.947808][T13802] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0
[  531.273499][ T5896] libceph: connect (1)[c::]:6789 error -101
[  531.357625][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  531.458278][T13773] ceph: No mds server is up or the cluster is laggy
[  531.472016][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  531.482107][ T5896] libceph: mon0 (1)[c::]:6789 connect error
[  531.482909][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  531.496890][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  531.504715][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  531.616573][T13807] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  532.558262][T13819] netlink: 'syz.1.1250': attribute type 7 has an invalid length.
[  532.566217][T13819] netlink: 'syz.1.1250': attribute type 5 has an invalid length.
[  532.574049][T13819] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1250'.
[  533.079829][T13823] overlayfs: failed to clone upperpath
[  533.246369][T13823] overlayfs: failed to clone upperpath
[  533.374162][T13832] loop1: detected capacity change from 0 to 512
[  533.632369][ T5840] Bluetooth: hci0: command tx timeout
[  533.742480][T13832] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  533.893163][T13832] EXT4-fs (loop1): Test dummy encryption mode enabled
[  533.931059][T13832] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.1256: inode has both inline data and extents flags
[  534.046295][T13832] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1256: couldn't read orphan inode 15 (err -117)
[  534.104537][T13832] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  535.391697][T13803] chnl_net:caif_netlink_parms(): no params data found
[  535.434114][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  535.670962][ T5840] Bluetooth: hci0: command tx timeout
[  536.026335][T13803] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.040177][T13803] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.048201][T13803] bridge_slave_0: entered allmulticast mode
[  536.084639][T13803] bridge_slave_0: entered promiscuous mode
[  536.104674][T13803] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.126119][T13803] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.160138][T13803] bridge_slave_1: entered allmulticast mode
[  536.312940][T13803] bridge_slave_1: entered promiscuous mode
[  536.414035][T13803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  536.437074][T13803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  536.950093][T13875] netdevsim netdevsim4: Direct firmware load for ./file0/file1 failed with error -2
[  536.960797][T13875] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0/file1
[  537.380687][T13878] loop1: detected capacity change from 0 to 1024
[  537.463659][T13803] team0: Port device team_slave_0 added
[  537.491049][T13878] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  537.494004][T13803] team0: Port device team_slave_1 added
[  537.536936][T13878] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  537.568836][T13878] JBD2: no valid journal superblock found
[  537.584961][T13878] EXT4-fs (loop1): Could not load journal inode
[  537.649058][T13803] batman_adv: batadv0: Adding interface: batadv_slave_0
[  537.672038][T13803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  537.711898][T13803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  537.737112][T13803] batman_adv: batadv0: Adding interface: batadv_slave_1
[  537.740908][ T5840] Bluetooth: hci0: command tx timeout
[  537.749540][T13803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  537.998813][T13803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  538.598392][T13803] hsr_slave_0: entered promiscuous mode
[  538.612104][T13803] hsr_slave_1: entered promiscuous mode
[  538.618635][T13803] debugfs: 'hsr0' already exists in 'hsr'
[  538.620821][T13892] Process accounting resumed
[  538.662419][T13803] Cannot create hsr debugfs directory
[  538.850387][T13887] loop1: detected capacity change from 0 to 8192
[  538.921525][T13887] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  539.821960][ T5840] Bluetooth: hci0: command tx timeout
[  540.338797][T13910] x_tables: ip_tables: tcp match: only valid for protocol 6
[  540.955703][T13803] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  541.002057][T13803] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  541.138173][T13803] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  541.163580][T13803] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  542.168529][T13803] 8021q: adding VLAN 0 to HW filter on device bond0
[  542.248033][T13803] 8021q: adding VLAN 0 to HW filter on device team0
[  542.285562][ T8926] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.292734][ T8926] bridge0: port 1(bridge_slave_0) entered forwarding state
[  542.416239][ T8926] bridge0: port 2(bridge_slave_1) entered blocking state
[  542.423492][ T8926] bridge0: port 2(bridge_slave_1) entered forwarding state
[  543.266192][T13803] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  543.277999][T13803] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  544.159599][ T5896] IPVS: starting estimator thread 0...
[  544.270843][T13946] IPVS: using max 29 ests per chain, 69600 per kthread
[  544.370981][ T5896] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  544.632948][ T5896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  545.249031][ T5896] usb 6-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice= 0.00
[  545.259079][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.399472][ T5896] usb 6-1: config 0 descriptor??
[  546.024340][T13803] 8021q: adding VLAN 0 to HW filter on device batadv0
[  546.301984][ T5896] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input8
[  546.941630][T13943] IPVS: sh: TCP [::]:0 - no destination available
[  547.092120][ T5180] bcm5974 6-1:0.0: could not read from device
[  547.122078][   T24] usb 6-1: USB disconnect, device number 5
[  547.143430][ T8962] bcm5974 6-1:0.0: could not read from device
[  547.767960][ T8962] udevd[8962]: Error opening device "/dev/input/event4": No such device
[  547.817211][ T8962] udevd[8962]: Unable to EVIOCGABS device "/dev/input/event4"
[  547.856783][ T8962] udevd[8962]: Unable to EVIOCGABS device "/dev/input/event4"
[  547.921308][ T8962] udevd[8962]: Unable to EVIOCGABS device "/dev/input/event4"
[  547.971597][ T8962] udevd[8962]: Unable to EVIOCGABS device "/dev/input/event4"
[  549.435772][T13989] vcan0: tx drop: invalid sa for name 0xfffffffffffffffd
[  551.364771][T13803] veth0_vlan: entered promiscuous mode
[  551.388334][T13803] veth1_vlan: entered promiscuous mode
[  551.564483][T13803] veth0_macvtap: entered promiscuous mode
[  551.613600][T13803] veth1_macvtap: entered promiscuous mode
[  552.368977][T13803] batman_adv: batadv0: Interface activated: batadv_slave_0
[  552.382116][T13803] batman_adv: batadv0: Interface activated: batadv_slave_1
[  552.563542][ T8924] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  553.256391][ T8924] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  553.368992][ T8924] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  553.400858][ T8925] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  554.293803][ T8924] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.331345][ T8924] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.620788][ T8924] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.638911][ T8924] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  556.931002][T14039] capability: warning: `syz.5.1310' uses 32-bit capabilities (legacy support in use)
[  559.269222][T14069] Invalid ELF header magic: != ELF
[  560.140213][T14078] netlink: 'syz.6.1322': attribute type 4 has an invalid length.
[  563.335000][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  563.341538][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  566.481823][T14133] kvm: requested 19276 ns i8254 timer period limited to 200000 ns
[  567.312388][T14139] loop5: detected capacity change from 0 to 8
[  567.502878][T14139] SQUASHFS error: Unable to read directory block [1d0:0]
[  567.552119][T14148] syzkaller0: entered promiscuous mode
[  567.567902][T14148] syzkaller0: entered allmulticast mode
[  568.446075][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  568.446500][   T30] audit: type=1326 audit(1762868449.418:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  568.465070][T14158] sd 0:0:1:0: PR command failed: 1026
[  568.548517][T14158] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  568.567614][T14158] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  568.575072][   T30] audit: type=1326 audit(1762868449.418:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  568.602613][   T30] audit: type=1326 audit(1762868449.418:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  568.625382][   T30] audit: type=1326 audit(1762868449.418:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  568.733952][   T30] audit: type=1326 audit(1762868449.418:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  568.782946][   T30] audit: type=1326 audit(1762868449.428:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  568.847845][   T30] audit: type=1326 audit(1762868449.428:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  568.926538][   T30] audit: type=1326 audit(1762868449.428:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  568.979132][T14170] loop6: detected capacity change from 0 to 64
[  569.000676][   T30] audit: type=1326 audit(1762868449.428:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  569.076429][   T30] audit: type=1326 audit(1762868449.428:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14160 comm="syz.6.1342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[  570.682159][T14186] binder_alloc: 14184: binder_alloc_buf, no vma
[  572.732420][T14202] netlink: 'syz.6.1354': attribute type 20 has an invalid length.
[  572.740663][T14202] IPv6: NLM_F_CREATE should be specified when creating new route
[  572.749448][T14202] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  572.757085][T14202] IPv6: NLM_F_CREATE should be set when creating new route
[  574.079715][T14220] loop5: detected capacity change from 0 to 32768
[  574.095490][T14220] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1360 (14220)
[  574.128451][T14220] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  574.140785][T14220] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  575.370121][T14220] BTRFS info (device loop5): enabling ssd optimizations
[  575.377366][T14220] BTRFS info (device loop5): turning on async discard
[  575.384241][T14220] BTRFS info (device loop5): enabling free space tree
[  576.230131][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  576.230147][   T30] audit: type=1800 audit(1762868456.718:227): pid=14249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1360" name="file2" dev="loop5" ino=261 res=0 errno=0
[  576.241691][T14247] loop1: detected capacity change from 0 to 1024
[  576.295215][T14247] EXT4-fs (loop1): stripe (4) is not aligned with cluster size (4096), stripe is disabled
[  576.454756][T14247] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 2: comm syz.1.1364: lblock 2 mapped to illegal pblock 2 (length 1)
[  576.504869][T14247] Quota error (device loop1): qtree_write_dquot: dquota write failed
[  576.549989][T14247] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 48: comm syz.1.1364: lblock 0 mapped to illegal pblock 48 (length 1)
[  576.613181][T14247] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  576.651216][T14247] EXT4-fs error (device loop1): ext4_acquire_dquot:6946: comm syz.1.1364: Failed to acquire dquot type 0
[  576.689950][T14247] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6317: Corrupt filesystem
[  576.770823][T14247] EXT4-fs error (device loop1): ext4_evict_inode:253: inode #11: comm syz.1.1364: mark_inode_dirty error
[  577.287987][T14247] EXT4-fs warning (device loop1): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  577.307739][T14247] EXT4-fs (loop1): 1 orphan inode deleted
[  577.317148][T14247] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  577.330448][ T8925] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:31: lblock 1 mapped to illegal pblock 1 (length 1)
[  577.557668][ T8925] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  577.581411][ T8925] EXT4-fs error (device loop1): ext4_release_dquot:6982: comm kworker/u8:31: Failed to release dquot type 0
[  578.178086][ T7751] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  579.149546][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  579.168993][ T8905] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:20: lblock 1 mapped to illegal pblock 1 (length 1)
[  580.160587][ T8905] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  580.173031][ T8905] EXT4-fs error (device loop1): ext4_release_dquot:6982: comm kworker/u8:20: Failed to release dquot type 0
[  580.188164][ T5826] EXT4-fs error (device loop1): __ext4_get_inode_loc:4836: comm syz-executor: Invalid inode table block 1 in block_group 0
[  580.850833][ T5826] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6317: Corrupt filesystem
[  581.117220][ T5826] EXT4-fs error (device loop1): ext4_quota_off:7230: inode #3: comm syz-executor: mark_inode_dirty error
[  581.446315][ T5840] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  581.456608][ T5840] Bluetooth: hci0: Injecting HCI hardware error event
[  581.811315][ T5840] Bluetooth: hci0: hardware error 0x00
[  582.748670][T14296] loop5: detected capacity change from 32768 to 0
[  582.786558][T14307] loop6: detected capacity change from 0 to 736
[  583.083520][T14308] gfs2: gfs2 mount does not exist
[  583.214575][T14307] rock: directory entry would overflow storage
[  583.242691][T14307] rock: sig=0x3b10, size=4, remaining=3
[  583.657445][T14317] loop6: detected capacity change from 0 to 128
[  584.780946][ T5840] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  584.937647][T14323] overlayfs: failed to get inode (-116)
[  585.321805][T14323] overlayfs: failed to look up (bus) for ino (-116)
[  588.587960][T14360] IPv6: Can't replace route, no match found
[  590.164778][   T24] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 181 sec
[  591.800509][T14391] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1399'.
[  591.885471][T14391] netlink: 'syz.4.1399': attribute type 10 has an invalid length.
[  591.994846][T14391] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  597.845428][T14471] loop6: detected capacity change from 0 to 1024
[  597.983220][T14471] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  598.064061][T14471] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  599.551171][ T5945] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  599.781735][   T30] audit: type=1326 audit(1762868480.758:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  599.812851][ T5945] usb 7-1: config 220 has an invalid interface number: 76 but max is 2
[  599.824187][ T5945] usb 7-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  599.850975][ T5945] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  599.867047][   T30] audit: type=1326 audit(1762868480.758:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  599.905875][ T5945] usb 7-1: config 220 has no interface number 2
[  599.919795][ T5945] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  599.950016][   T30] audit: type=1326 audit(1762868480.758:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  599.985673][ T5945] usb 7-1: config 220 interface 0 has no altsetting 0
[  600.003408][ T5945] usb 7-1: config 220 interface 76 has no altsetting 0
[  600.061570][T14480] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  600.176669][ T5945] usb 7-1: config 220 interface 1 has no altsetting 0
[  600.201589][   T30] audit: type=1326 audit(1762868480.758:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  600.415613][ T5945] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  600.433474][ T5945] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  600.442659][   T30] audit: type=1326 audit(1762868480.768:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  600.476803][ T5945] usb 7-1: Product: syz
[  600.858766][ T5945] usb 7-1: Manufacturer: syz
[  600.864073][ T5945] usb 7-1: SerialNumber: syz
[  600.871943][   T30] audit: type=1326 audit(1762868480.768:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  600.894655][   T30] audit: type=1326 audit(1762868480.768:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  600.950964][ T5945] usb 7-1: can't set config #220, error -71
[  601.357786][ T5945] usb 7-1: USB disconnect, device number 2
[  601.421736][T13803] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  601.427878][   T30] audit: type=1326 audit(1762868480.768:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  601.539913][   T30] audit: type=1326 audit(1762868480.768:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  601.575975][   T30] audit: type=1326 audit(1762868480.768:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14492 comm="syz.3.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0d1c18f6c9 code=0x7ffc0000
[  602.117706][T14519] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1427'.
[  602.126945][T14519] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1427'.
[  602.143283][T14519] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1427'.
[  602.152576][T14519] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1427'.
[  603.091114][  T795] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  603.233508][T14536] Cannot find set identified by id 3 to match
[  604.713618][  T795] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  604.724298][  T795] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  604.736992][  T795] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  604.750875][  T795] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.831025][  T795] usb 6-1: config 0 descriptor??
[  605.210375][T14545] netlink: 165 bytes leftover after parsing attributes in process `syz.6.1435'.
[  609.060842][   T24] usb 6-1: USB disconnect, device number 6
[  612.430605][T14571] loop5: detected capacity change from 0 to 512
[  612.523399][T14571] ext4: Unknown parameter 'smackfshat'
[  612.596823][T14575] netlink: 4 bytes leftover after parsing attributes in process `GPL'.
[  614.560661][T14584] loop1: detected capacity change from 0 to 16
[  614.667656][T14584] erofs (device loop1): mounted with root inode @ nid 36.
[  615.721813][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  615.721828][   T30] audit: type=1326 audit(1762868496.698:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14586 comm="syz.3.1447" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x0
[  616.693057][T14595] loop1: detected capacity change from 0 to 256
[  616.991230][T14611] syz_tun: entered allmulticast mode
[  617.725659][T14611] dvmrp1: entered allmulticast mode
[  617.938598][T14610] syz_tun: left allmulticast mode
[  619.403646][T14629] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1455'.
[  619.646193][   T30] audit: type=1326 audit(1762868500.628:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14630 comm="syz.3.1456" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d1c18f6c9 code=0x0
[  620.823762][T14639] loop1: detected capacity change from 0 to 2048
[  621.083744][T14639] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  624.386560][ T1101] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  624.440857][ T1101] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 482 with error 28
[  624.456111][ T1101] EXT4-fs (loop1): This should not happen!! Data will be lost
[  624.456111][ T1101] 
[  624.465900][ T1101] EXT4-fs (loop1): Total free blocks count 0
[  624.472374][ T1101] EXT4-fs (loop1): Free/Dirty block details
[  624.481184][ T1101] EXT4-fs (loop1): free_blocks=2415919504
[  624.486996][ T1101] EXT4-fs (loop1): dirty_blocks=512
[  624.492854][ T1101] EXT4-fs (loop1): Block reservation details
[  624.498918][ T1101] EXT4-fs (loop1): i_reserved_data_blocks=32
[  624.547400][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  624.570958][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  624.617216][ T8918] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[  625.130619][T14686] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1468'.
[  625.341292][T14691] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1470'.
[  625.898941][T14694] syz.3.1471 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  625.910823][T14694] netlink: 'syz.3.1471': attribute type 1 has an invalid length.
[  631.604583][T14741] netlink: 'syz.5.1483': attribute type 83 has an invalid length.
[  632.237212][T14750] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1486'.
[  633.890285][T14800] netlink: 'syz.4.1493': attribute type 4 has an invalid length.
[  634.956481][T14808] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1496'.
[  635.301372][T14821] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1497'.
[  638.340588][T14848] netlink: 'syz.5.1506': attribute type 1 has an invalid length.
[  639.709839][T14861] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1506'.
[  641.140546][T14848] bond1: (slave veth7): Enslaving as an active interface with a down link
[  641.171143][T14867] 9p: Bad value for 'wfdno'
[  641.429477][T14858] bond1: (slave veth9): Enslaving as an active interface with a down link
[  642.014418][T14861] 8021q: adding VLAN 0 to HW filter on device bond1
[  643.226237][T14890] loop5: detected capacity change from 0 to 1024
[  643.379300][T14890] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  644.395800][ T7751] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  645.406438][T14910] syzkaller0: entered promiscuous mode
[  645.424218][T14910] syzkaller0: entered allmulticast mode
[  645.606226][T14913] netlink: 'syz.3.1524': attribute type 10 has an invalid length.
[  645.649888][T14913] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  648.630804][  T795] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  648.990865][  T795] usb 7-1: Using ep0 maxpacket: 32
[  650.306206][  T795] usb 7-1: New USB device found, idVendor=ae6f, idProduct=79f4, bcdDevice=8f.99
[  650.328779][  T795] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.382720][  T795] usb 7-1: Product: syz
[  650.404178][  T795] usb 7-1: Manufacturer: syz
[  650.432191][  T795] usb 7-1: SerialNumber: syz
[  650.446573][  T795] usb 7-1: config 0 descriptor??
[  651.473384][   T24] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 242 sec
[  651.541582][T14932] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1528'.
[  651.578525][T14932] dummy0: entered promiscuous mode
[  651.687215][T14932] dummy0: left promiscuous mode
[  653.387062][  T795] usb 7-1: USB disconnect, device number 3
[  654.672844][T14991] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1544'.
[  655.368632][T15006] netlink: 'syz.4.1547': attribute type 1 has an invalid length.
[  656.781067][ T5896] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  657.148554][ T5896] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  657.238094][ T5896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.268034][ T5896] usb 2-1: config 0 descriptor??
[  657.333039][ T5896] cp210x 2-1:0.0: cp210x converter detected
[  658.431632][ T5896] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  659.502283][ T5896] usb 2-1: cp210x converter now attached to ttyUSB0
[  659.611035][ T5896] usb 2-1: USB disconnect, device number 8
[  659.689578][ T5896] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  659.873796][ T5896] cp210x 2-1:0.0: device disconnected
[  659.958851][T15060] netlink: 'syz.4.1562': attribute type 21 has an invalid length.
[  659.966963][T15060] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1562'.
[  659.976644][T15060] netlink: 'syz.4.1562': attribute type 5 has an invalid length.
[  659.984494][T15060] netlink: 'syz.4.1562': attribute type 6 has an invalid length.
[  659.992321][T15060] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1562'.
[  662.016401][T15072] ptrace attach of ""[15073] was attempted by "./syz-executor exec"[15072]
[  662.602957][T15078] loop1: detected capacity change from 0 to 40427
[  662.661455][T15078] F2FS-fs (loop1): invalid crc value
[  662.719194][T15078] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  662.728855][T15078] F2FS-fs (loop1): Start checkpoint disabled!
[  662.744506][T15078] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  662.753582][T15078] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  662.850146][   T30] audit: type=1800 audit(1762868543.828:250): pid=15078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1567" name="file1" dev="loop1" ino=10 res=0 errno=0
[  663.253477][T15083] syz.1.1567: attempt to access beyond end of device
[  663.253477][T15083] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  663.272422][T15083] syz.1.1567: attempt to access beyond end of device
[  663.272422][T15083] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  663.289757][T15083] syz.1.1567: attempt to access beyond end of device
[  663.289757][T15083] loop1: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  663.307666][T15083] syz.1.1567: attempt to access beyond end of device
[  663.307666][T15083] loop1: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  663.326548][T15083] syz.1.1567: attempt to access beyond end of device
[  663.326548][T15083] loop1: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  663.380712][T15083] syz.1.1567: attempt to access beyond end of device
[  663.380712][T15083] loop1: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  663.398270][T15083] syz.1.1567: attempt to access beyond end of device
[  663.398270][T15083] loop1: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  663.415653][T15083] syz.1.1567: attempt to access beyond end of device
[  663.415653][T15083] loop1: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  663.434392][T15083] syz.1.1567: attempt to access beyond end of device
[  663.434392][T15083] loop1: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  663.451470][T15083] syz.1.1567: attempt to access beyond end of device
[  663.451470][T15083] loop1: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  663.854789][T15088] netlink: 'syz.6.1568': attribute type 4 has an invalid length.
[  663.862836][T15088] netlink: 152 bytes leftover after parsing attributes in process `syz.6.1568'.
[  663.939503][T15088] : renamed from bond0 (while UP)
[  664.100959][ T8880] CPU: 1 UID: 0 PID: 8880 Comm: kworker/u8:15 Not tainted syzkaller #0 PREEMPT(full) 
[  664.100988][ T8880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  664.101000][ T8880] Workqueue: writeback wb_workfn (flush-7:1)
[  664.101027][ T8880] Call Trace:
[  664.101034][ T8880]  <TASK>
[  664.101041][ T8880]  dump_stack_lvl+0x189/0x250
[  664.101068][ T8880]  ? preempt_schedule_thunk+0x16/0x30
[  664.101094][ T8880]  ? __pfx_dump_stack_lvl+0x10/0x10
[  664.101126][ T8880]  ? __pfx_queue_work_on+0x10/0x10
[  664.101147][ T8880]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  664.101175][ T8880]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  664.101213][ T8880]  f2fs_handle_critical_error+0x37c/0x540
[  664.101250][ T8880]  f2fs_write_end_io+0x886/0xb60
[  664.101287][ T8880]  __submit_merged_bio+0x256/0x6a0
[  664.101321][ T8880]  __submit_merged_write_cond+0x255/0x530
[  664.101354][ T8880]  f2fs_write_data_pages+0x261d/0x3000
[  664.101410][ T8880]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  664.101444][ T8880]  ? finish_task_switch+0x162/0x960
[  664.101497][ T8880]  ? trace_sched_exit_tp+0x36/0x110
[  664.101518][ T8880]  ? __schedule+0x184c/0x4ed0
[  664.101578][ T8880]  ? __pfx___schedule+0x10/0x10
[  664.101624][ T8880]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  664.101647][ T8880]  do_writepages+0x32e/0x550
[  664.101677][ T8880]  ? preempt_schedule+0xae/0xc0
[  664.101704][ T8880]  ? __pfx_preempt_schedule+0x10/0x10
[  664.101729][ T8880]  ? reacquire_held_locks+0x127/0x1d0
[  664.101756][ T8880]  ? writeback_sb_inodes+0x3bc/0x1950
[  664.101791][ T8880]  __writeback_single_inode+0x133/0x12f0
[  664.101827][ T8880]  writeback_sb_inodes+0x984/0x1950
[  664.101852][ T8880]  ? lockdep_hardirqs_on+0x9c/0x150
[  664.101906][ T8880]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  664.101973][ T8880]  ? rcu_is_watching+0x15/0xb0
[  664.102010][ T8880]  wb_writeback+0x42b/0xb10
[  664.102043][ T8880]  ? queue_io+0x361/0x590
[  664.102070][ T8880]  ? __pfx_wb_writeback+0x10/0x10
[  664.102105][ T8880]  ? _raw_spin_unlock_irq+0x23/0x50
[  664.102140][ T8880]  wb_workfn+0x3f9/0xef0
[  664.102176][ T8880]  ? __pfx_wb_workfn+0x10/0x10
[  664.102200][ T8880]  ? __lock_acquire+0xab9/0xd20
[  664.102234][ T8880]  ? process_one_work+0x868/0x15e0
[  664.102269][ T8880]  ? process_one_work+0x868/0x15e0
[  664.102290][ T8880]  process_one_work+0x93a/0x15e0
[  664.102310][ T8880]  ? __lock_acquire+0xab9/0xd20
[  664.102355][ T8880]  ? __pfx_process_one_work+0x10/0x10
[  664.102384][ T8880]  ? assign_work+0x3a1/0x410
[  664.102412][ T8880]  worker_thread+0x9b0/0xee0
[  664.102469][ T8880]  kthread+0x711/0x8a0
[  664.102491][ T8880]  ? __pfx_worker_thread+0x10/0x10
[  664.102514][ T8880]  ? __pfx_kthread+0x10/0x10
[  664.102537][ T8880]  ? _raw_spin_unlock_irq+0x23/0x50
[  664.102562][ T8880]  ? lockdep_hardirqs_on+0x9c/0x150
[  664.102586][ T8880]  ? __pfx_kthread+0x10/0x10
[  664.102606][ T8880]  ret_from_fork+0x599/0xb30
[  664.102632][ T8880]  ? __pfx_ret_from_fork+0x10/0x10
[  664.102666][ T8880]  ? __switch_to_asm+0x39/0x70
[  664.102689][ T8880]  ? __switch_to_asm+0x33/0x70
[  664.102706][ T8880]  ? __pfx_kthread+0x10/0x10
[  664.102724][ T8880]  ret_from_fork_asm+0x1a/0x30
[  664.102763][ T8880]  </TASK>
[  664.583008][ T8880] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  664.960358][T15097] overlayfs: failed to clone lowerpath
[  665.629465][T15096] binder: 15095:15096 unknown command 813332851
[  665.644956][T15096] binder: 15095:15096 ioctl c0306201 200000000080 returned -22
[  669.256303][   T30] audit: type=1326 audit(1762868550.238:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  669.353710][   T30] audit: type=1326 audit(1762868550.238:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  669.621886][   T30] audit: type=1326 audit(1762868550.238:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  669.662359][   T30] audit: type=1326 audit(1762868550.238:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  670.682656][   T30] audit: type=1326 audit(1762868550.238:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  670.706831][   T30] audit: type=1326 audit(1762868550.238:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  671.459043][T15158] loop6: detected capacity change from 0 to 1024
[  671.495480][T15158] EXT4-fs: Ignoring removed i_version option
[  671.696804][   T30] audit: type=1326 audit(1762868550.238:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  671.719621][T15158] EXT4-fs: inline encryption not supported
[  672.513456][T15158] EXT4-fs (loop6): Test dummy encryption mode enabled
[  672.602563][T15158] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  672.720767][   T30] audit: type=1326 audit(1762868550.238:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  672.803348][T15158] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1588'.
[  672.879487][   T30] audit: type=1326 audit(1762868550.238:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  672.909938][   T30] audit: type=1326 audit(1762868550.238:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15134 comm="syz.1.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  672.939677][T13803] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  673.089646][T15174] loop6: detected capacity change from 0 to 256
[  673.137851][T15174] vfat: Deprecated parameter 'posix'
[  673.159969][T15174] FAT-fs: "posix" option is obsolete, not supported now
[  674.261929][T15188] batman_adv: batadv0: Adding interface: dummy0
[  674.347704][T15188] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  674.429355][T15188] batman_adv: batadv0: Interface activated: dummy0
[  674.481319][T15190] batadv0: mtu less than device minimum
[  674.488492][T15190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  674.500397][T15190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  674.511657][T15190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  674.523624][T15190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  674.535579][T15190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  674.547478][T15190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  674.559395][T15190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  674.571344][T15190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  674.583229][T15190] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  677.134408][ T5945] IPVS: starting estimator thread 0...
[  677.673196][T15218] IPVS: using max 26 ests per chain, 62400 per kthread
[  678.510088][T15228] loop6: detected capacity change from 0 to 8
[  678.746084][T15228] SQUASHFS error: lzo decompression failed, data probably corrupt
[  678.768746][T15228] SQUASHFS error: Failed to read block 0x91: -5
[  678.820914][T15228] SQUASHFS error: Unable to read metadata cache entry [8f]
[  678.890874][T15228] SQUASHFS error: Unable to read inode 0x11f
[  681.443209][T15266] loop1: detected capacity change from 0 to 2048
[  681.694061][T15266] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  683.868708][T15279] loop1: detected capacity change from 0 to 1024
[  684.094340][T15279] hfsplus: xattr searching failed
[  684.361565][T15287] : entered promiscuous mode
[  684.631055][ T5945] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  685.055302][ T5945] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  685.080716][ T5945] usb 2-1: config 0 has no interface number 0
[  685.109680][ T5945] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  685.150783][ T5945] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.189517][ T5945] usb 2-1: Product: syz
[  685.200754][ T5945] usb 2-1: Manufacturer: syz
[  685.215852][ T5945] usb 2-1: SerialNumber: syz
[  685.301686][ T5945] usb 2-1: config 0 descriptor??
[  685.879465][ T5945] hub 2-1:0.132: bad descriptor, ignoring hub
[  685.890359][ T5945] hub 2-1:0.132: probe with driver hub failed with error -5
[  685.902788][ T5945] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input9
[  685.979365][T15294] netlink: 1272 bytes leftover after parsing attributes in process `syz.6.1630'.
[  685.995911][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  685.996002][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  686.191695][ T5945] usb 2-1: USB disconnect, device number 9
[  686.941873][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  686.941905][   T30] audit: type=1107 audit(1762868567.298:288): pid=15300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  687.423732][ T7359] hfsplus: b-tree write err: -5, ino 3
[  687.479145][T15315] 9p: Bad value for 'wfdno'
[  687.489689][T15315] loop1: detected capacity change from 0 to 8
[  687.502585][T15315] SQUASHFS error: Failed to read block 0x636: -5
[  687.512224][T15315] SQUASHFS error: Unable to read metadata cache entry [634]
[  687.519561][T15315] SQUASHFS error: Unable to read metadata cache entry [634]
[  687.556666][T15317] SQUASHFS error: Unable to read metadata cache entry [634]
[  687.566937][T15315] SQUASHFS error: Unable to read directory block [634:0]
[  687.580332][T15317] SQUASHFS error: Unable to read metadata cache entry [634]
[  688.175483][T15317] SQUASHFS error: Unable to read directory block [629:0]
[  691.211696][ T5973] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  691.484979][ T5973] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  692.035566][ T5973] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.121361][ T5973] usb 6-1: Product: syz
[  692.242234][ T5973] usb 6-1: Manufacturer: syz
[  692.247410][ T5973] usb 6-1: SerialNumber: syz
[  692.464609][ T5973] usb 6-1: config 0 descriptor??
[  692.779754][ T5973] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  694.798036][ T5973] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  695.180370][ T5973] usb 6-1: USB disconnect, device number 7
[  700.656129][T15443] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1673'.
[  700.712166][T15440] loop1: detected capacity change from 0 to 512
[  700.974701][T15440] EXT4-fs: Ignoring removed nomblk_io_submit option
[  702.013588][T15440] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  702.085834][T15440] EXT4-fs (loop1): 1 truncate cleaned up
[  702.122523][T15440] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  702.193182][T15440] EXT4-fs (loop1): shut down requested (1)
[  702.341098][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  702.398633][ T5896] IPVS: starting estimator thread 0...
[  702.488620][T15449] : entered promiscuous mode
[  703.048574][T15456] IPVS: using max 29 ests per chain, 69600 per kthread
[  703.777287][T15469] overlayfs: failed to clone lowerpath
[  704.327896][T15477] loop5: detected capacity change from 0 to 512
[  704.991298][T15477] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  706.103435][T15477] EXT4-fs error (device loop5): __ext4_fill_super:5513: inode #2: comm syz.5.1680: inode has both inline data and extents flags
[  706.263547][T15477] EXT4-fs (loop5): get root inode failed
[  706.304465][T15477] EXT4-fs (loop5): mount failed
[  707.664835][T15508] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1686'.
[  708.210320][T15513] loop6: detected capacity change from 0 to 32768
[  708.742114][T15513] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1685 (15513)
[  708.786506][T15513] BTRFS info (device loop6): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  708.796757][T15513] BTRFS info (device loop6): using blake2b (blake2b-256-lib) checksum algorithm
[  708.982804][T15513] BTRFS info (device loop6): enabling ssd optimizations
[  708.990816][T15513] BTRFS info (device loop6): turning on async discard
[  708.998195][T15513] BTRFS info (device loop6): enabling free space tree
[  709.041959][T15526] binder: 15517:15526 ioctl c0306201 200000000180 returned -14
[  709.623975][ T5840] Bluetooth: hci4: unexpected subevent 0x1a length: 10 > 6
[  711.670461][   T24] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 302 sec
[  713.401752][T13803] BTRFS info (device loop6): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  713.427282][T15558] batman_adv: batadv0: Interface deactivated: gretap1
[  713.457667][T15558] bond1: left promiscuous mode
[  713.480820][T15558] bridge1: left promiscuous mode
[  717.101083][T15599] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0
[  721.708038][T15634] overlayfs: failed to clone lowerpath
[  726.414719][T15687] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0
[  727.647333][T15694] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1731'.
[  730.633388][T15723] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1739'.
[  730.773778][T15730] CUSE: unknown device info ""
[  730.778771][T15730] CUSE: zero length info key specified
[  734.299843][T15757] No source specified
[  735.981225][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  735.990896][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  736.000541][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  736.010306][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  736.021397][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  736.031773][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  736.042697][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  736.053234][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  736.067958][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  736.078766][T15770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  743.452005][T15840] __nla_validate_parse: 67 callbacks suppressed
[  743.452046][T15840] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1769'.
[  743.468012][T15840] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1769'.
[  744.050078][T15846] netlink: 'syz.3.1770': attribute type 39 has an invalid length.
[  745.410960][T15862] netlink: 'syz.3.1775': attribute type 1 has an invalid length.
[  745.474252][T15866] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1775'.
[  745.568049][T15862] bond2: entered promiscuous mode
[  745.574618][T15862] 8021q: adding VLAN 0 to HW filter on device bond2
[  745.663676][T15867] syzkaller0: entered promiscuous mode
[  745.708823][T15867] syzkaller0: entered allmulticast mode
[  745.720370][T15866] bond2: entered allmulticast mode
[  745.783471][T15862] bond2: (slave bridge3): making interface the new active one
[  745.791898][T15862] bridge3: entered promiscuous mode
[  745.797460][T15862] bridge3: entered allmulticast mode
[  745.805444][T15862] bond2: (slave bridge3): Enslaving as an active interface with an up link
[  747.424500][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  747.443988][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  753.136484][T15912] loop5: detected capacity change from 0 to 2048
[  753.816479][T15923] loop6: detected capacity change from 0 to 1024
[  753.843013][T15912] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  753.876205][T15923] EXT4-fs: Ignoring removed i_version option
[  753.926214][T15923] EXT4-fs: inline encryption not supported
[  753.974101][T15923] ext4: Bad value for 'auto_da_alloc'
[  755.016914][T15926] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  756.696578][T15934] overlayfs: failed to verify upper root origin
[  756.918064][ T7751] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  760.564650][T15987] syzkaller0: entered promiscuous mode
[  760.570193][T15987] syzkaller0: entered allmulticast mode
[  763.380905][   T30] audit: type=1326 audit(1762868644.358:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15999 comm="syz.6.1807" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fddb8d8f6c9 code=0x0
[  763.922175][T16010] ptrace attach of "./syz-executor exec"[5822] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  764.625270][T16015] loop5: detected capacity change from 0 to 128
[  764.747424][T16005] warning: `syz.6.1807' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  764.909298][T16015] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  765.053640][T16021] loop6: detected capacity change from 0 to 64
[  769.497505][T16058] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1818'.
[  771.900935][   T24] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 363 sec
[  772.558341][T16093] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1828'.
[  776.545957][T16113] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  776.647620][T16118] cgroup: Unknown subsys name 'cpuset'
[  778.801709][T16145] loop1: detected capacity change from 0 to 2048
[  779.488222][T16145] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  780.281183][T16156] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  780.523867][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  789.233178][T16247] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  790.022830][T16252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  790.056777][T16247] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  793.937641][T16297] loop1: detected capacity change from 0 to 16
[  794.093868][T16297] erofs (device loop1): too large lz4 pclusterblks 16832
[  798.060229][T16318] loop1: detected capacity change from 0 to 1024
[  799.476347][T16332] hfsplus: found bad thread record in catalog
[  801.250403][ T8880] hfsplus: b-tree write err: -5, ino 4
[  802.770098][T16355] net_ratelimit: 10 callbacks suppressed
[  802.775913][T16355] netlink: zone id is out of range
[  802.790703][T16355] netlink: set zone limit has 8 unknown bytes
[  808.714334][T16410] macvtap1: entered promiscuous mode
[  808.721403][T16410] macvtap1: entered allmulticast mode
[  808.727546][T16410] veth1_vlan: entered allmulticast mode
[  809.101387][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  809.107927][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  811.560944][T16439] loop1: detected capacity change from 0 to 512
[  811.569084][T16439] EXT4-fs: Ignoring removed mblk_io_submit option
[  811.575953][T16439] EXT4-fs: inline encryption not supported
[  811.583036][T16439] EXT4-fs: Ignoring removed mblk_io_submit option
[  811.658896][T16439] EXT4-fs (loop1): Test dummy encryption mode enabled
[  811.666071][T16439] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  812.333581][T16439] EXT4-fs (loop1): 1 truncate cleaned up
[  812.347311][T16439] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  814.241690][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  817.947828][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  819.333526][T16479] loop1: detected capacity change from 0 to 1024
[  819.642503][T16479] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  819.810814][T16479] ext4 filesystem being mounted at /370/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  819.940795][T16466] syz.3.1927(16466): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  820.274989][T16500] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  821.170163][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  821.421573][ T5973] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  821.707047][ T5973] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  822.180747][ T5973] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.211073][ T5973] usb 6-1: Product: syz
[  822.235263][ T5973] usb 6-1: Manufacturer: syz
[  822.270864][ T5973] usb 6-1: SerialNumber: syz
[  823.011012][ T5973] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  823.074219][ T5973] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  824.101490][T16532] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  825.008582][T16542] loop1: detected capacity change from 0 to 1024
[  825.992464][ T8911] hfsplus: b-tree write err: -5, ino 4
[  826.075351][T16554] loop6: detected capacity change from 0 to 64
[  826.552156][ T5973] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x000000e0. ret = -EPROTO
[  826.958532][ T5973] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to init LTM with error -EPROTO
[  827.594103][ T5973] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  827.631032][ T5973] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  828.101683][ T5973] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71
[  828.135242][ T5973] usb 6-1: USB disconnect, device number 8
[  829.126768][T16589] virtio-fs: tag </dev/md0> not found
[  829.577979][   T30] audit: type=1326 audit(1762868710.558:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  829.641739][   T30] audit: type=1326 audit(1762868710.588:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  829.736512][   T30] audit: type=1326 audit(1762868710.708:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  829.866354][T16595] loop6: detected capacity change from 0 to 64
[  830.740983][   T30] audit: type=1326 audit(1762868710.708:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  830.798017][   T30] audit: type=1326 audit(1762868710.708:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  830.885794][T16606] hfs: request for non-existent node 327680 in B*Tree
[  830.893641][T16606] hfs: request for non-existent node 327680 in B*Tree
[  831.367679][   T30] audit: type=1326 audit(1762868710.708:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  831.501291][   T30] audit: type=1326 audit(1762868710.708:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  831.546085][   T30] audit: type=1326 audit(1762868710.708:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  831.726398][   T30] audit: type=1326 audit(1762868710.718:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  832.600713][   T30] audit: type=1326 audit(1762868710.718:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16584 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[  832.707183][T16604] kvm: kvm [16603]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x6200000000
[  832.833603][ T9881] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 424 sec
[  835.862134][T16639] lo: entered allmulticast mode
[  836.837946][T16639] lo: left allmulticast mode
[  845.496745][T16700] loop5: detected capacity change from 0 to 40427
[  845.654203][T16700] F2FS-fs (loop5): invalid crc value
[  845.701010][T16700] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  845.751359][T16700] F2FS-fs (loop5): Start checkpoint disabled!
[  845.808283][T16700] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  845.941789][T16700] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  846.077503][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  846.077523][   T30] audit: type=1800 audit(1762868727.058:315): pid=16700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1984" name="file1" dev="loop5" ino=10 res=0 errno=0
[  846.697267][T16710] bio_check_eod: 176 callbacks suppressed
[  846.697290][T16710] syz.5.1984: attempt to access beyond end of device
[  846.697290][T16710] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  846.718570][T16710] syz.5.1984: attempt to access beyond end of device
[  846.718570][T16710] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  846.732905][T16710] syz.5.1984: attempt to access beyond end of device
[  846.732905][T16710] loop5: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  846.747680][T16710] syz.5.1984: attempt to access beyond end of device
[  846.747680][T16710] loop5: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  846.762117][T16710] syz.5.1984: attempt to access beyond end of device
[  846.762117][T16710] loop5: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  846.776609][T16710] syz.5.1984: attempt to access beyond end of device
[  846.776609][T16710] loop5: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  846.791134][T16710] syz.5.1984: attempt to access beyond end of device
[  846.791134][T16710] loop5: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  846.805392][T16710] syz.5.1984: attempt to access beyond end of device
[  846.805392][T16710] loop5: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  846.921159][T16710] syz.5.1984: attempt to access beyond end of device
[  846.921159][T16710] loop5: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  846.935482][T16710] syz.5.1984: attempt to access beyond end of device
[  846.935482][T16710] loop5: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  847.691769][ T1101] CPU: 0 UID: 0 PID: 1101 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  847.691799][ T1101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  847.691811][ T1101] Workqueue: writeback wb_workfn (flush-7:5)
[  847.691843][ T1101] Call Trace:
[  847.691851][ T1101]  <TASK>
[  847.691860][ T1101]  dump_stack_lvl+0x189/0x250
[  847.691895][ T1101]  ? __pfx_dump_stack_lvl+0x10/0x10
[  847.691923][ T1101]  ? __pfx_queue_work_on+0x10/0x10
[  847.691948][ T1101]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  847.691977][ T1101]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  847.692017][ T1101]  f2fs_handle_critical_error+0x37c/0x540
[  847.692054][ T1101]  f2fs_write_end_io+0x886/0xb60
[  847.692094][ T1101]  __submit_merged_bio+0x256/0x6a0
[  847.692130][ T1101]  __submit_merged_write_cond+0x255/0x530
[  847.692166][ T1101]  f2fs_write_data_pages+0x261d/0x3000
[  847.692230][ T1101]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  847.692265][ T1101]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  847.692325][ T1101]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  847.692368][ T1101]  ? trace_f2fs_writepages+0x7f/0x200
[  847.692399][ T1101]  ? f2fs_write_node_pages+0x478/0x6e0
[  847.692432][ T1101]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  847.692474][ T1101]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  847.692496][ T1101]  do_writepages+0x32e/0x550
[  847.692530][ T1101]  ? reacquire_held_locks+0x127/0x1d0
[  847.692557][ T1101]  ? writeback_sb_inodes+0x3bc/0x1950
[  847.692591][ T1101]  __writeback_single_inode+0x133/0x12f0
[  847.692626][ T1101]  writeback_sb_inodes+0x984/0x1950
[  847.692683][ T1101]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  847.692752][ T1101]  ? rcu_is_watching+0x15/0xb0
[  847.692790][ T1101]  wb_writeback+0x42b/0xb10
[  847.692823][ T1101]  ? queue_io+0x361/0x590
[  847.692851][ T1101]  ? __pfx_wb_writeback+0x10/0x10
[  847.692885][ T1101]  ? _raw_spin_unlock_irq+0x23/0x50
[  847.692917][ T1101]  wb_workfn+0x3f9/0xef0
[  847.692953][ T1101]  ? __pfx_wb_workfn+0x10/0x10
[  847.692978][ T1101]  ? __lock_acquire+0xab9/0xd20
[  847.693013][ T1101]  ? process_one_work+0x868/0x15e0
[  847.693044][ T1101]  ? _raw_spin_unlock_irq+0x23/0x50
[  847.693074][ T1101]  ? process_one_work+0x868/0x15e0
[  847.693097][ T1101]  process_one_work+0x93a/0x15e0
[  847.693117][ T1101]  ? __lock_acquire+0xab9/0xd20
[  847.693162][ T1101]  ? __pfx_process_one_work+0x10/0x10
[  847.693199][ T1101]  ? assign_work+0x3a1/0x410
[  847.693226][ T1101]  worker_thread+0x9b0/0xee0
[  847.693278][ T1101]  kthread+0x711/0x8a0
[  847.693299][ T1101]  ? __pfx_worker_thread+0x10/0x10
[  847.693324][ T1101]  ? __pfx_kthread+0x10/0x10
[  847.693343][ T1101]  ? _raw_spin_unlock_irq+0x23/0x50
[  847.693369][ T1101]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.693395][ T1101]  ? __pfx_kthread+0x10/0x10
[  847.693415][ T1101]  ret_from_fork+0x599/0xb30
[  847.693439][ T1101]  ? __pfx_ret_from_fork+0x10/0x10
[  847.693470][ T1101]  ? __switch_to_asm+0x39/0x70
[  847.693481][ T1101]  ? __switch_to_asm+0x33/0x70
[  847.693490][ T1101]  ? __pfx_kthread+0x10/0x10
[  847.693500][ T1101]  ret_from_fork_asm+0x1a/0x30
[  847.693520][ T1101]  </TASK>
[  847.696089][ T1101] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  850.061591][T16685] veth1_vlan: left allmulticast mode
[  850.129719][T16714] 
@�: renamed from veth0_vlan (while UP)
[  850.284419][ T1101] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  850.371713][   T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  850.421747][   T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  850.456184][   T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  852.933039][T16753] tipc: Enabled bearer <eth:batadv0>, priority 15
[  860.529106][T16800] netlink: 'syz.1.2009': attribute type 13 has an invalid length.
[  864.103730][T16848] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  866.431507][T16868] bridge0: port 3(gretap0) entered blocking state
[  866.648557][T16868] bridge0: port 3(gretap0) entered disabled state
[  866.655492][T16868] gretap0: entered allmulticast mode
[  866.662260][T16868] gretap0: entered promiscuous mode
[  866.668006][T16868] bridge0: port 3(gretap0) entered blocking state
[  866.674549][T16868] bridge0: port 3(gretap0) entered forwarding state
[  867.806227][T16876] (syz.1.2024,16876,0):ocfs2_get_sector:1714 ERROR: status = -5
[  867.823492][T16876] (syz.1.2024,16876,0):ocfs2_sb_probe:753 ERROR: status = -5
[  867.831231][T16876] (syz.1.2024,16876,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  867.842584][T16876] (syz.1.2024,16876,0):ocfs2_fill_super:1177 ERROR: status = -5
[  870.304250][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  870.420706][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  870.510426][T16899] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  871.119640][T16910] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  871.164653][T16910] syzkaller0: entered promiscuous mode
[  871.186166][T16910] syzkaller0: entered allmulticast mode
[  871.337654][T16910] tipc: Resetting bearer <eth:syzkaller0>
[  871.424843][T16909] tipc: Resetting bearer <eth:syzkaller0>
[  871.625318][T16909] tipc: Disabling bearer <eth:syzkaller0>
[  874.386328][  T795] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  875.400757][  T795] usb 2-1: Using ep0 maxpacket: 32
[  875.433026][  T795] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  875.502357][  T795] usb 2-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  875.526631][T16940] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2041'.
[  875.528067][  T795] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  875.572808][  T795] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  876.184651][  T795] hub 2-1:4.0: bad descriptor, ignoring hub
[  876.232781][  T795] hub 2-1:4.0: probe with driver hub failed with error -5
[  876.275526][  T795] usbhid 2-1:4.0: couldn't find an input interrupt endpoint
[  876.563770][  T795] usb 2-1: USB disconnect, device number 10
[  878.873116][T16975] vivid-002: disconnect
[  879.461228][T16948] vivid-002: reconnect
[  879.694409][T16981] batman_adv: batadv0: Adding interface: dummy0
[  879.703386][T16981] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  880.321793][T16981] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  880.360423][T16982] tipc: Started in network mode
[  880.490945][T16982] tipc: Node identity a6dcb91e87a7, cluster identity 4711
[  880.528461][T16982] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  880.705038][T16986] syzkaller0: entered promiscuous mode
[  880.720601][T16986] syzkaller0: entered allmulticast mode
[  881.540085][T16986] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2048'.
[  881.582452][T16989] tipc: Resetting bearer <eth:syzkaller0>
[  881.614190][T16980] tipc: Resetting bearer <eth:syzkaller0>
[  881.744037][T16980] tipc: Disabling bearer <eth:syzkaller0>
[  881.796430][ T5973] tipc: Node number set to 561756446
[  881.830937][T17008] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  881.930310][T17014] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  883.915300][T17025] loop5: detected capacity change from 0 to 16
[  884.105589][T17025] erofs (device loop5): mounted with root inode @ nid 36.
[  889.044852][T17075] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  893.674226][ T9881] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 484 sec
[  894.208841][T17123] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  899.630951][T17159] 9pnet_fd: p9_fd_create_tcp (17159): problem connecting socket to 127.0.0.1
[  905.510696][ T9881] IPVS: starting estimator thread 0...
[  905.621357][T17211] IPVS: using max 48 ests per chain, 115200 per kthread
[  906.279624][T17218] netlink: 'syz.4.2111': attribute type 10 has an invalid length.
[  906.854331][T17218] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  909.915524][T17252] loop5: detected capacity change from 0 to 1024
[  910.622618][T17259] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  912.233285][   T65] hfsplus: b-tree write err: -5, ino 4
[  913.365213][T17279] xt_CT: You must specify a L4 protocol and not use inversions on it
[  918.698091][T17331] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  919.285685][T17327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  919.391875][T17333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  924.176998][T17368] loop6: detected capacity change from 0 to 512
[  924.361249][T17368] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2
[  924.372500][T17368] EXT4-fs (loop6): 1 truncate cleaned up
[  924.379839][T17368] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  924.442089][T17368] IPVS: set_ctl: invalid protocol: 60 172.20.20.187:20004
[  926.403970][T13803] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  927.221505][T17395] loop1: detected capacity change from 0 to 256
[  932.547645][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  932.554569][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  934.910827][T17472] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  936.913808][T17491] block device autoloading is deprecated and will be removed.
[  937.937308][T14297] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11
[  938.381776][T17516] overlayfs: failed to resolve './file0': -2
[  941.534327][T17540] loop1: detected capacity change from 0 to 64
[  941.771091][T17537] hfs: inconsistency in B*Tree (1,0,2,2,3)
[  941.786922][T17545] loop5: detected capacity change from 0 to 128
[  941.897791][T17545] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  941.996303][T17545] ext4 filesystem being mounted at /295/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  942.072661][T17555] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  942.092648][T17555] syzkaller0: entered promiscuous mode
[  942.098168][T17555] syzkaller0: entered allmulticast mode
[  942.113289][T17545] fscrypt: loop5: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  942.176199][T17555] tipc: Resetting bearer <eth:syzkaller0>
[  942.194003][T17554] tipc: Resetting bearer <eth:syzkaller0>
[  942.223304][ T7751] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  942.279316][T17554] tipc: Disabling bearer <eth:syzkaller0>
[  942.297422][T17558] vet�0_virt: renamed from dummy0 (while UP)
[  942.368627][T17558] batman_adv: batadv0: Interface deactivated: vet�0_virt
[  942.617252][T17566] syzkaller0: entered promiscuous mode
[  942.637281][T17566] syzkaller0: entered allmulticast mode
[  942.750628][  T795] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  943.750612][  T795] usb 6-1: Using ep0 maxpacket: 16
[  943.767826][  T795] usb 6-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[  943.814636][  T795] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  943.833369][  T795] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  943.954904][  T795] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.963903][  T795] usb 6-1: Product: syz
[  943.968130][  T795] usb 6-1: Manufacturer: syz
[  943.995065][  T795] usb 6-1: SerialNumber: syz
[  944.220982][T14297] Bluetooth: hci4: command 0x0406 tx timeout
[  946.728966][  T795] usb 6-1: 0:2 : does not exist
[  947.352319][  T795] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  948.668254][  T795] usb 6-1: USB disconnect, device number 9
[  949.174995][T17087] udevd[17087]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  950.014227][T17631] xt_CONNSECMARK: invalid mode: 66
[  950.448452][T17638] netlink: 'syz.3.2224': attribute type 1 has an invalid length.
[  950.489414][T17640] loop6: detected capacity change from 0 to 32768
[  950.507729][T17640] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2226 (17640)
[  950.539164][T17640] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  950.550467][T17640] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  950.651830][T17642] syzkaller0: entered promiscuous mode
[  950.684097][T17642] syzkaller0: entered allmulticast mode
[  950.734306][T17640] BTRFS info (device loop6): enabling ssd optimizations
[  950.741508][T17640] BTRFS info (device loop6): turning on async discard
[  950.748288][T17640] BTRFS info (device loop6): enabling free space tree
[  951.417162][T17638] 8021q: adding VLAN 0 to HW filter on device bond3
[  951.589551][T13803] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  951.686614][T17645] gretap2: entered promiscuous mode
[  951.757245][T17645] bond3: (slave gretap2): making interface the new active one
[  951.806735][T17645] bond3: (slave gretap2): Enslaving as an active interface with an up link
[  951.873798][T17648] macvlan2: entered promiscuous mode
[  951.909081][T17648] macvlan2: entered allmulticast mode
[  951.929731][T17648] bond3: entered promiscuous mode
[  951.978636][T17648] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  952.005813][T17648] bond3: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  952.073641][T17648] bond3: left promiscuous mode
[  954.623565][ T5973] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 545 sec
[  956.868718][T17716] x_tables: ip6_tables: mh match: only valid for protocol 135
[  957.721162][T17725] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  957.793293][T17729] syzkaller0: entered promiscuous mode
[  957.810467][T17729] syzkaller0: entered allmulticast mode
[  957.894185][T17725] tipc: Resetting bearer <eth:syzkaller0>
[  957.952201][T17724] tipc: Resetting bearer <eth:syzkaller0>
[  958.143505][T17724] tipc: Disabling bearer <eth:syzkaller0>
[  960.790053][T17748] loop6: detected capacity change from 0 to 2048
[  960.886928][T17748] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  960.998918][T17761] xt_cgroup: invalid path, errno=-2
[  961.962529][T13803] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  962.309493][T17775] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  962.327401][T17775] syzkaller0: entered promiscuous mode
[  962.356952][T17775] syzkaller0: entered allmulticast mode
[  962.519486][T17775] tipc: Resetting bearer <eth:syzkaller0>
[  962.594031][T17774] tipc: Resetting bearer <eth:syzkaller0>
[  962.850653][T17774] tipc: Disabling bearer <eth:syzkaller0>
[  964.712431][T17797] loop5: detected capacity change from 0 to 40427
[  965.564036][T17797] F2FS-fs (loop5): invalid crc value
[  965.637474][T17797] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  965.653401][T17797] F2FS-fs (loop5): Start checkpoint disabled!
[  965.738378][T17797] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  965.756315][T17797] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  966.689952][T17810] F2FS-fs (loop5): Stopped filesystem due to reason: 0
[  967.460095][T17814] loop6: detected capacity change from 0 to 512
[  967.471293][T17814] EXT4-fs: Ignoring removed mblk_io_submit option
[  967.531700][T17814] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  967.730654][T17814] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c118, mo2=0002]
[  967.738665][T17814] System zones: 1-12
[  968.334583][T17814] EXT4-fs error (device loop6): ext4_iget_extra_inode:5079: inode #15: comm syz.6.2261: corrupted in-inode xattr: e_value size too large
[  968.358957][T17814] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2261: couldn't read orphan inode 15 (err -117)
[  968.594595][T17814] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  969.836892][T17812] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  974.094060][T17871] loop1: detected capacity change from 0 to 128
[  975.077528][T17871] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
[  975.085946][T17871] FAT-fs (loop1): Filesystem has been set read-only
[  975.101527][   T30] audit: type=1800 audit(1762868855.632:316): pid=17871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2277" name="file2" dev="loop1" ino=1048659 res=0 errno=0
[  978.211621][T16998] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  979.052413][T16998] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  979.070944][T16998] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  979.501520][T16998] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  980.530405][T16998] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  980.561177][T16998] usb 6-1: can't set config #16, error -71
[  983.028334][T16998] usb 6-1: USB disconnect, device number 10
[  984.312306][T17939] loop5: detected capacity change from 0 to 128
[  984.374838][   T30] audit: type=1800 audit(1762868865.352:317): pid=17939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2294" name="file2" dev="loop5" ino=1048660 res=0 errno=0
[  984.398692][T17939] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[  984.408815][T17939] FAT-fs (loop5): Filesystem has been set read-only
[  985.124201][T17948] loop5: detected capacity change from 0 to 1024
[  985.161140][T17948] EXT4-fs: Ignoring removed i_version option
[  985.169588][T17950] vlan2: entered promiscuous mode
[  985.178366][T17950] vlan2: entered allmulticast mode
[  985.190692][T17948] EXT4-fs: inline encryption not supported
[  985.193416][T17950] hsr_slave_1: entered allmulticast mode
[  985.232640][T17948] EXT4-fs (loop5): Test dummy encryption mode enabled
[  985.265144][   T30] audit: type=1804 audit(1762868866.242:318): pid=17956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2301" name="bus" dev="ramfs" ino=46842 res=1 errno=0
[  985.424160][T17948] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  985.688934][T17961] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2304'.
[  986.082037][T17958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2303'.
[  986.137793][ T7751] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  987.377348][T17976] tipc: Started in network mode
[  987.383012][T17976] tipc: Node identity 5669ef782bf2, cluster identity 4711
[  987.391357][T17976] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  987.405824][T17976] syzkaller0: entered promiscuous mode
[  987.420918][T17976] syzkaller0: entered allmulticast mode
[  987.433577][T17976] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  987.467375][T17976] tipc: Resetting bearer <eth:syzkaller0>
[  987.478929][T17975] tipc: Resetting bearer <eth:syzkaller0>
[  987.542346][T17975] tipc: Disabling bearer <eth:syzkaller0>
[  989.046366][T17993] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  990.160770][ T9881] tipc: Node number set to 2886997007
[  993.338824][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  993.357663][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  996.285208][T18059] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  996.305392][T18056] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  996.318619][T18056] syzkaller0: entered promiscuous mode
[  997.062051][T18056] syzkaller0: entered allmulticast mode
[  997.377800][T18056] tipc: Resetting bearer <eth:syzkaller0>
[  997.395164][T18054] tipc: Resetting bearer <eth:syzkaller0>
[  999.599265][T18054] tipc: Disabling bearer <eth:syzkaller0>
[ 1000.164423][T18101] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2343'.
[ 1003.058035][T18104] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2344'.
[ 1003.290449][T18132] delete_channel: no stack
[ 1004.831553][T18142] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2354'.
[ 1005.682080][T18148] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[ 1006.443655][T18152] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1006.638093][T18159] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1010.903437][T18188] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[ 1013.777883][T18224] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1013.976630][T18221] loop5: detected capacity change from 0 to 4096
[ 1014.979764][T16510] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 606 sec
[ 1015.392845][T18239] overlayfs: failed to clone upperpath
[ 1017.970233][T18274] netlink: 384 bytes leftover after parsing attributes in process `syz.6.2385'.
[ 1017.980283][T18274] netlink: 'syz.6.2385': attribute type 2 has an invalid length.
[ 1017.988716][T18274] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2385'.
[ 1020.233699][T18288] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2389'.
[ 1021.478569][T18300] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1021.487289][T18300] syzkaller0: entered promiscuous mode
[ 1021.493360][T18300] syzkaller0: entered allmulticast mode
[ 1021.513762][T18300] tipc: Resetting bearer <eth:syzkaller0>
[ 1021.552884][T18299] tipc: Resetting bearer <eth:syzkaller0>
[ 1021.710444][T18299] tipc: Disabling bearer <eth:syzkaller0>
[ 1021.812747][T18308] overlayfs: failed to clone upperpath
[ 1023.139226][T18320] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2398'.
[ 1025.076940][T18334] overlayfs: failed to clone upperpath
[ 1027.063292][T18338] kvm: kvm [18335]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x808
[ 1030.576298][T18374] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2412'.
[ 1031.252874][T18381] loop5: detected capacity change from 0 to 256
[ 1031.307976][T18381] FAT-fs (loop5): Directory bread(block 64) failed
[ 1031.315475][T18381] FAT-fs (loop5): Directory bread(block 65) failed
[ 1031.333390][T18381] FAT-fs (loop5): Directory bread(block 66) failed
[ 1031.339963][T18381] FAT-fs (loop5): Directory bread(block 67) failed
[ 1031.441715][T18381] FAT-fs (loop5): Directory bread(block 68) failed
[ 1031.560778][T18381] FAT-fs (loop5): Directory bread(block 69) failed
[ 1031.649170][T18381] FAT-fs (loop5): Directory bread(block 70) failed
[ 1032.189545][T18381] FAT-fs (loop5): Directory bread(block 71) failed
[ 1032.199842][T18381] FAT-fs (loop5): Directory bread(block 72) failed
[ 1032.206944][T18381] FAT-fs (loop5): Directory bread(block 73) failed
[ 1032.233650][T18381] bio_check_eod: 176 callbacks suppressed
[ 1032.233669][T18381] syz.5.2416: attempt to access beyond end of device
[ 1032.233669][T18381] loop5: rw=524288, sector=1160, nr_sectors = 4 limit=256
[ 1032.264286][T18381] syz.5.2416: attempt to access beyond end of device
[ 1032.264286][T18381] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[ 1032.308771][   T30] audit: type=1800 audit(1762868913.292:319): pid=18381 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2416" name="file0" dev="loop5" ino=1048661 res=0 errno=0
[ 1032.484654][T18381] syz.5.2416: attempt to access beyond end of device
[ 1032.484654][T18381] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[ 1032.506148][T18400] syz.5.2416: attempt to access beyond end of device
[ 1032.506148][T18400] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[ 1032.539446][T18381] syz.5.2416: attempt to access beyond end of device
[ 1032.539446][T18381] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[ 1033.239416][T18381] syz.5.2416: attempt to access beyond end of device
[ 1033.239416][T18381] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[ 1033.273909][T18381] syz.5.2416: attempt to access beyond end of device
[ 1033.273909][T18381] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[ 1033.398926][T18381] syz.5.2416: attempt to access beyond end of device
[ 1033.398926][T18381] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[ 1033.497234][T18410] syz.5.2416: attempt to access beyond end of device
[ 1033.497234][T18410] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[ 1033.512165][T18409] syz.5.2416: attempt to access beyond end of device
[ 1033.512165][T18409] loop5: rw=0, sector=1160, nr_sectors = 4 limit=256
[ 1034.769352][T18423] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 1043.291907][T18529] netlink: 548 bytes leftover after parsing attributes in process `syz.1.2458'.
[ 1050.461681][   T30] audit: type=1326 audit(1762868931.442:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1050.533751][   T30] audit: type=1326 audit(1762868931.442:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1050.614554][   T30] audit: type=1326 audit(1762868931.492:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1050.652081][   T30] audit: type=1326 audit(1762868931.492:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1050.877324][   T30] audit: type=1326 audit(1762868931.492:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1051.472085][   T30] audit: type=1326 audit(1762868931.502:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1051.495083][   T30] audit: type=1326 audit(1762868931.502:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1051.520097][   T30] audit: type=1326 audit(1762868931.502:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1052.191275][   T30] audit: type=1326 audit(1762868931.502:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1052.321339][   T30] audit: type=1326 audit(1762868931.502:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18593 comm="syz.1.2467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1052.459068][T18617] bridge2: entered allmulticast mode
[ 1054.632350][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.641714][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.712837][T18635] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2482'.
[ 1054.999962][  T795] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1055.594223][T18647] Invalid ELF header type: 2 != 1
[ 1056.367048][  T795] usb 6-1: device descriptor read/all, error -71
[ 1060.994255][T18695] loop1: detected capacity change from 0 to 2048
[ 1061.382771][T18695] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1061.433331][T18652] udevd[18652]: incorrect nilfs2 checksum on /dev/loop1
[ 1061.890928][T18713] loop5: detected capacity change from 0 to 256
[ 1061.958643][T18713] vfat filesystem being mounted at /341/file0 supports timestamps until 2107-12-31 (0x10391447e)
[ 1062.197879][T18714] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1064.627937][T18726] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1068.328410][T18752] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1075.261318][T16510] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 666 sec
[ 1078.862859][T18837] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1081.024236][ T9881] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[ 1081.283156][ T9881] usb 6-1: config 0 has no interfaces?
[ 1081.330930][ T9881] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1081.371386][ T9881] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1081.422520][ T9881] usb 6-1: Product: syz
[ 1081.940745][ T9881] usb 6-1: Manufacturer: syz
[ 1082.059798][ T9881] usb 6-1: SerialNumber: syz
[ 1082.068050][ T9881] usb 6-1: config 0 descriptor??
[ 1083.394595][  T795] usb 6-1: USB disconnect, device number 13
[ 1086.099636][T18924] Device name cannot be null; rc = [-22]
[ 1087.185713][T18934] loop5: detected capacity change from 0 to 512
[ 1087.198174][T18934] EXT4-fs: Ignoring removed oldalloc option
[ 1087.242530][T18934] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[ 1087.847480][T18934] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2853: Unable to expand inode 11. Delete some EAs or run e2fsck.
[ 1087.890728][T18934] EXT4-fs (loop5): 1 truncate cleaned up
[ 1087.912736][T18934] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1089.393657][ T7751] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1091.577021][T18982] MTD: Couldn't look up '/dev/nullb0': -15
[ 1091.974311][T18984] evm: overlay not supported
[ 1094.222769][T19010] loop5: detected capacity change from 0 to 512
[ 1094.542945][T19010] EXT4-fs: Ignoring removed oldalloc option
[ 1096.549395][T19010] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[ 1096.550147][T19010] EXT4-fs: failed to create workqueue
[ 1096.565313][T19010] EXT4-fs (loop5): mount failed
[ 1096.944823][   T30] kauditd_printk_skb: 35 callbacks suppressed
[ 1096.944842][   T30] audit: type=1326 audit(3910352625.927:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1097.060663][   T30] audit: type=1326 audit(3910352625.927:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1097.140769][   T30] audit: type=1326 audit(3910352625.927:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1097.322853][   T30] audit: type=1326 audit(3910352625.927:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1097.938243][   T30] audit: type=1326 audit(3910352625.927:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1098.114781][   T30] audit: type=1326 audit(3910352625.967:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1098.371808][   T30] audit: type=1326 audit(3910352625.967:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1098.926306][   T30] audit: type=1326 audit(3910352625.967:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1098.973978][   T30] audit: type=1326 audit(3910352625.967:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1099.182836][   T30] audit: type=1326 audit(3910352625.967:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19014 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1099.642158][T19043] overlayfs: failed to clone upperpath
[ 1106.663095][T19080] netlink: 'syz.4.2600': attribute type 1 has an invalid length.
[ 1107.384623][T19080] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1107.432532][T19089] bond2: (slave ip6gretap1): making interface the new active one
[ 1107.443027][T19089] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[ 1108.482632][T19080] veth3: entered promiscuous mode
[ 1108.498946][T19080] bond2: (slave veth3): Enslaving as an active interface with a down link
[ 1108.691082][T19089] erspan0: entered allmulticast mode
[ 1108.716026][T19089] bond2: (slave erspan0): Enslaving as an active interface with an up link
[ 1108.759168][T19098] debugfs: 'netdev:nicvf0' already exists in 'phy23'
[ 1110.690535][T19133] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2610'.
[ 1110.699615][T19133] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2610'.
[ 1111.768531][T19144] xt_HMARK: spi-set and port-set can't be combined
[ 1116.073293][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.075448][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.873077][T19188] loop5: detected capacity change from 0 to 512
[ 1116.884812][T19188] EXT4-fs: Ignoring removed nobh option
[ 1116.913634][T19188] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.2626: iget: bad i_size value: 38620345925642
[ 1116.948846][T19188] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2626: couldn't read orphan inode 15 (err -117)
[ 1116.963823][T19188] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1117.758532][T19190] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[ 1117.986014][ T7751] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1119.950857][T19178] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2624'.
[ 1120.055774][T19178] tipc: Invalid UDP bearer configuration
[ 1120.055819][T19178] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1132.871023][T19291] Bluetooth: hci4: command 0x0406 tx timeout
[ 1133.249345][T19304] loop1: detected capacity change from 0 to 2048
[ 1134.226919][T19304] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1134.257858][T19310] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2655'.
[ 1135.165931][T19323] program syz.1.2654 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1135.182780][T19323] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1136.551441][T16510] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 727 sec
[ 1137.641056][T19338] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[ 1139.611499][T19364] loop5: detected capacity change from 0 to 128
[ 1140.476176][T19364] vfat filesystem being mounted at /368/bus supports timestamps until 2107-12-31 (0x10391447e)
[ 1140.828318][T19371] FAT-fs (loop5): error, corrupted directory (invalid entries)
[ 1140.836407][T19371] FAT-fs (loop5): Filesystem has been set read-only
[ 1145.458279][T19417] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2677'.
[ 1149.906498][T19460] netlink: 'syz.4.2687': attribute type 1 has an invalid length.
[ 1150.013448][T19462] bridge0: port 3(gretap0) entered blocking state
[ 1150.021086][T19462] bridge0: port 3(gretap0) entered disabled state
[ 1150.028079][T19462] gretap0: entered allmulticast mode
[ 1150.035719][T19462] gretap0: entered promiscuous mode
[ 1150.042281][T19462] bridge0: port 3(gretap0) entered blocking state
[ 1150.049348][T19462] bridge0: port 3(gretap0) entered forwarding state
[ 1150.098170][T19462] gretap0: left allmulticast mode
[ 1150.103361][T19462] gretap0: left promiscuous mode
[ 1150.109622][T19462] bridge0: port 3(gretap0) entered disabled state
[ 1153.009577][T19493] loop5: detected capacity change from 0 to 128
[ 1153.079884][T19493] vfat filesystem being mounted at /374/bus supports timestamps until 2107-12-31 (0x10391447e)
[ 1153.426546][T19504] FAT-fs (loop5): error, corrupted directory (invalid entries)
[ 1153.434322][T19504] FAT-fs (loop5): Filesystem has been set read-only
[ 1156.558398][T19526] Process accounting resumed
[ 1158.230849][T19291] Bluetooth: hci4: command 0x0406 tx timeout
[ 1159.937120][T19551] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1159.944500][T19551] overlayfs: failed to set xattr on upper
[ 1159.950278][T19551] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1159.957515][T19551] overlayfs: ...falling back to index=off.
[ 1159.963520][T19551] overlayfs: maximum fs stacking depth exceeded
[ 1166.403850][T19622] input: syz0 as /devices/virtual/input/input10
[ 1172.561151][T19680] overlayfs: failed to clone upperpath
[ 1173.305902][T19687] loop5: detected capacity change from 0 to 1024
[ 1174.260628][T19693] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[ 1175.559786][   T30] kauditd_printk_skb: 38 callbacks suppressed
[ 1175.559837][   T30] audit: type=1326 audit(3910352704.537:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1176.736794][   T30] audit: type=1326 audit(3910352704.537:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1176.844866][   T30] audit: type=1326 audit(3910352704.537:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1176.904698][   T30] audit: type=1326 audit(3910352704.537:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1176.927518][   T30] audit: type=1326 audit(3910352704.537:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1176.950435][   T30] audit: type=1326 audit(3910352704.537:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1176.950856][T19720] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1176.973193][   T30] audit: type=1326 audit(3910352704.537:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1176.973245][   T30] audit: type=1326 audit(3910352704.537:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1176.973287][   T30] audit: type=1326 audit(3910352704.537:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1176.973328][   T30] audit: type=1326 audit(3910352704.537:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19704 comm="syz.1.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65fd78f6c9 code=0x7ffc0000
[ 1177.123725][T19726] loop5: detected capacity change from 0 to 1024
[ 1177.343954][T19726] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1177.389987][T19725] bond_slave_0: entered promiscuous mode
[ 1177.396140][T19725] bond_slave_1: entered promiscuous mode
[ 1177.401930][T19725] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[ 1177.404289][T19726] ext4 filesystem being mounted at /387/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1177.409714][T19725] mac80211_hwsim hwsim10 wlan1: entered promiscuous mode
[ 1177.504180][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.520654][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.609360][T19725] 8021q: adding VLAN 0 to HW filter on device macvlan3
[ 1177.638414][T19725] bond3: (slave macvlan3): Enslaving as a backup interface with an up link
[ 1178.105974][T19728] bond3: (slave ip6gretap2): Enslaving as a backup interface with an up link
[ 1180.541457][T19731] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[ 1181.045117][T19762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2763'.
[ 1181.055697][T19762] bond0: option lp_interval: invalid value (0)
[ 1181.073781][T19762] bond0: option lp_interval: allowed values 1 - 2147483647
[ 1182.454496][ T7751] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1185.079690][T19802] nvme_fabrics: unknown parameter or missing value '��{$n����������hF� ��zt�*�h~��y�e��xR#[�Y�_j�AF��' in ctrl creation request
[ 1185.255150][T19803] delete_channel: no stack
[ 1192.018651][T19873] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1193.292251][T19893] loop1: detected capacity change from 0 to 4096
[ 1194.079279][T19903] delete_channel: no stack
[ 1194.778291][   T30] kauditd_printk_skb: 5 callbacks suppressed
[ 1194.778333][   T30] audit: type=1804 audit(3910352723.737:428): pid=19906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2798" name="/newroot/513/file0/file1" dev="loop1" ino=30 res=1 errno=0
[ 1197.180855][T16510] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 788 sec
[ 1199.155904][T19959] set match dimension is over the limit!
[ 1202.795015][T19995] loop1: detected capacity change from 0 to 2048
[ 1202.839342][T19995] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1204.881524][   T30] audit: type=1800 audit(3910352733.587:429): pid=20012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2825" name="bus" dev="loop1" ino=1436 res=0 errno=0
[ 1205.093397][T16998] Process accounting resumed
[ 1205.625730][T16510] Process accounting resumed
[ 1207.229941][   T30] audit: type=1326 audit(3910352736.207:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20035 comm="syz.6.2835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[ 1207.252919][   T30] audit: type=1326 audit(3910352736.207:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20035 comm="syz.6.2835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[ 1207.276932][   T30] audit: type=1326 audit(3910352736.207:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20035 comm="syz.6.2835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[ 1208.072387][T20047] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2836'.
[ 1208.082449][T20047] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2836'.
[ 1208.132449][   T30] audit: type=1326 audit(3910352736.207:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20035 comm="syz.6.2835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[ 1208.155029][   T30] audit: type=1326 audit(3910352736.207:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20035 comm="syz.6.2835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[ 1208.198011][   T30] audit: type=1326 audit(3910352736.207:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20035 comm="syz.6.2835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[ 1208.258130][   T30] audit: type=1326 audit(3910352736.287:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20035 comm="syz.6.2835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[ 1208.329832][   T30] audit: type=1326 audit(3910352736.287:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20035 comm="syz.6.2835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[ 1208.381513][   T30] audit: type=1326 audit(3910352736.287:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20035 comm="syz.6.2835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fddb8d8f6c9 code=0x7ffc0000
[ 1208.450499][T16998] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1208.903360][T16998] usb 6-1: Using ep0 maxpacket: 16
[ 1208.922040][T16998] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1208.953791][T16998] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d
[ 1208.994083][T16998] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1209.221247][T16998] usb 6-1: Product: syz
[ 1209.244379][T16998] usb 6-1: Manufacturer: syz
[ 1209.270665][T16998] usb 6-1: SerialNumber: syz
[ 1209.355211][T16998] usb 6-1: config 0 descriptor??
[ 1209.526839][T16998] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1209.772796][ T8911] usb 6-1: Failed to submit usb control message: -71
[ 1209.773045][ T9881] usb 6-1: USB disconnect, device number 14
[ 1209.795257][ T8911] usb 6-1: unable to send the bmi data to the device: -71
[ 1209.810886][ T8911] usb 6-1: unable to get target info from device
[ 1209.837898][ T8911] usb 6-1: could not get target info (-71)
[ 1209.860736][ T8911] usb 6-1: could not probe fw (-71)
[ 1214.217296][T20109] loop5: detected capacity change from 0 to 128
[ 1214.220951][T20108] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2852'.
[ 1214.257821][T20109] vfat filesystem being mounted at /405/bus supports timestamps until 2107-12-31 (0x10391447e)
[ 1214.804774][T20117] FAT-fs (loop5): error, corrupted directory (invalid entries)
[ 1214.812471][T20117] FAT-fs (loop5): Filesystem has been set read-only
[ 1215.619046][T20124] netlink: 76 bytes leftover after parsing attributes in process `syz.6.2856'.
[ 1216.748304][T20138] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.2857' sets config #0
[ 1218.839122][T20138] No such timeout policy "syz1"
[ 1225.503703][T20190] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2871'.
[ 1225.613740][T20190] x_tables: unsorted underflow at hook 3
[ 1230.189115][T20233] loop1: detected capacity change from 0 to 128
[ 1230.199718][T20233] vfat filesystem being mounted at /526/bus supports timestamps until 2107-12-31 (0x10391447e)
[ 1230.264337][T20234] netlink: 'syz.4.2879': attribute type 79 has an invalid length.
[ 1231.290857][T20244] FAT-fs (loop1): error, corrupted directory (invalid entries)
[ 1231.298457][T20244] FAT-fs (loop1): Filesystem has been set read-only
[ 1231.761115][T20243] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1231.890332][T20243] loop5: detected capacity change from 0 to 2048
[ 1232.001285][T20243] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1232.952049][T20248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2884'.
[ 1234.377838][T20262] loop1: detected capacity change from 0 to 256
[ 1234.402235][T20262] exfat: Deprecated parameter 'namecase'
[ 1234.576936][T20262] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d)
[ 1234.601330][T14297] Bluetooth: hci3: unexpected event for opcode 0x0c22
[ 1234.611663][T20262] exfat filesystem being mounted at /527/file0 supports timestamps until 2107-12-31 (0x10391447f)
[ 1238.947984][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.954543][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1241.212686][T20323] delete_channel: no stack
[ 1241.218624][T20323] loop5: detected capacity change from 0 to 22
[ 1241.226052][T20323] MTD: Attempt to mount non-MTD device "/dev/loop5"
[ 1241.283418][T20323] romfs: Mounting image 'rom 637cf1fa' through the block layer
[ 1245.316206][T20348] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2908'.
[ 1248.035197][T20368] delete_channel: no stack
[ 1258.421206][T20378] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 849 sec
[ 1259.387345][T20436] netlink: 'syz.5.2932': attribute type 10 has an invalid length.
[ 1259.396369][T20436] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1259.403910][T20436] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1259.826140][T20437] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2932'.
[ 1259.836887][T20436] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1259.844185][T20436] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1259.851783][T20436] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1259.858989][T20436] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1259.874677][T20436] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1259.899815][T20437] bridge_slave_1: left allmulticast mode
[ 1259.906385][T20437] bridge_slave_1: left promiscuous mode
[ 1259.912473][T20437] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1259.979644][T20437] bridge_slave_0: left allmulticast mode
[ 1260.020455][T20437] bridge_slave_0: left promiscuous mode
[ 1260.026325][T20437] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1264.063266][T20437] bond0: (slave bridge0): Releasing backup interface
[ 1266.543113][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 1266.543131][   T30] audit: type=1326 audit(3910352795.517:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20474 comm="syz.4.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1267.218497][   T30] audit: type=1326 audit(3910352795.527:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20474 comm="syz.4.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6a438f6c9 code=0x7ffc0000
[ 1270.179715][T20506] overlayfs: failed to resolve './file1': -2
[ 1275.386367][T20564] xt_socket: unknown flags 0x50
[ 1276.021738][T20562] netlink: 'syz.6.2964': attribute type 4 has an invalid length.
[ 1277.581591][   T30] audit: type=1804 audit(3910352806.257:450): pid=20575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2957" name="file0" dev="tmpfs" ino=3274 res=1 errno=0
[ 1278.975656][T20583] loop1: detected capacity change from 0 to 256
[ 1279.003658][T20583] exfat: Deprecated parameter 'namecase'
[ 1279.033459][T20583] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x8d1bf2bd, utbl_chksum : 0xe619d30d)
[ 1279.622481][T20583] exfat filesystem being mounted at /548/file0 supports timestamps until 2107-12-31 (0x10391447f)
[ 1280.152912][T20608] ptrace attach of "./syz-executor exec"[5829] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[ 1282.256686][T14297] Bluetooth: Wrong link type (-71)
[ 1282.900163][T20641] overlayfs: failed to resolve './file0': -2
[ 1285.788912][T20659] bridge0: port 3(gretap0) entered blocking state
[ 1285.798061][T20659] bridge0: port 3(gretap0) entered disabled state
[ 1285.805384][T20659] gretap0: entered allmulticast mode
[ 1285.812559][T20659] gretap0: entered promiscuous mode
[ 1288.484631][T20713] loop5: detected capacity change from 0 to 4096
[ 1288.596263][T20713] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1290.198334][ T7751] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1290.539116][T20726] loop1: detected capacity change from 0 to 8192
[ 1290.747489][T20726] vfat filesystem being mounted at /554/file0 supports timestamps until 2107-12-31 (0x10391447e)
[ 1291.089960][T20733] loop5: detected capacity change from 0 to 256
[ 1291.223358][T20733] exfat: Deprecated parameter 'namecase'
[ 1291.250849][   T30] audit: type=1800 audit(3910352820.127:451): pid=20726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3001" name="file1" dev="loop1" ino=1048668 res=0 errno=0
[ 1291.346316][T20733] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x8d1bf2bd, utbl_chksum : 0xe619d30d)
[ 1291.811352][T20733] exfat filesystem being mounted at /441/file0 supports timestamps until 2107-12-31 (0x10391447f)
[ 1292.389760][T20741] Invalid ELF header magic: != ELF
[ 1292.433792][T20741] bridge4: entered promiscuous mode
[ 1292.439024][T20741] bridge4: entered allmulticast mode
[ 1300.176235][T20823] bridge0: port 3(gretap0) entered blocking state
[ 1300.182944][T20823] bridge0: port 3(gretap0) entered forwarding state
[ 1300.216931][T20823] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1300.239015][T20823] batman_adv: batadv0: Interface activated: dummy0
[ 1300.248161][T20823] batadv0: mtu less than device minimum
[ 1300.255624][T20823] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1300.267603][T20823] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1300.279538][T20823] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1300.291528][T20823] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1300.303384][T20823] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1300.315250][T20823] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1300.327117][T20823] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1300.338412][T20823] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1300.349768][T20823] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1300.389602][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.396176][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1308.860059][T20887] loop5: detected capacity change from 0 to 8192
[ 1308.901821][T20887] vfat filesystem being mounted at /452/file0 supports timestamps until 2107-12-31 (0x10391447e)
[ 1308.986261][   T30] audit: type=1800 audit(3910352837.967:452): pid=20887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3041" name="file1" dev="loop5" ino=1048669 res=0 errno=0
[ 1311.350100][T20903] netlink: 14560 bytes leftover after parsing attributes in process `syz.6.3044'.
[ 1312.261960][T20913] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3046'.
[ 1314.622232][T20921] ALSA: mixer_oss: invalid OSS volume 'PHONEX�0�IN'
[ 1317.974918][T20946] loop5: detected capacity change from 0 to 2048
[ 1318.058269][T20946] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1318.546757][T20378] page_pool_release_retry() stalled pool shutdown: id 33, 24 inflight 909 sec
[ 1321.763504][T20985] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3066'.
[ 1325.217027][T21014] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1325.495963][T21020] loop1: detected capacity change from 0 to 128
[ 1326.047238][T21020] vfat filesystem being mounted at /563/bus supports timestamps until 2107-12-31 (0x10391447e)
[ 1326.588355][T21035] ------------[ cut here ]------------
[ 1326.593908][T21035] WARNING: ./include/linux/ns_common.h:288 at nsproxy_ns_active_get+0x88f/0xcb0, CPU#1: syz.5.3080/21035
[ 1326.605185][T21035] Modules linked in:
[ 1326.609071][T21035] CPU: 1 UID: 0 PID: 21035 Comm: syz.5.3080 Not tainted syzkaller #0 PREEMPT(full) 
[ 1326.618456][T21035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1326.628670][T21035] RIP: 0010:nsproxy_ns_active_get+0x88f/0xcb0
[ 1326.634810][T21035] Code: 00 e8 a5 ea 76 ff eb 0c e8 9e ea 76 ff eb 05 e8 97 ea 76 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 82 ea 76 ff 90 <0f> 0b 90 e9 ee f7 ff ff e8 74 ea 76 ff 90 0f 0b 90 e9 12 f8 ff ff
[ 1326.654767][T21038] ------------[ cut here ]------------
[ 1326.654784][T21038] WARNING: ./include/linux/ns_common.h:288 at nsproxy_ns_active_get+0x8c7/0xcb0, CPU#0: syz.5.3080/21038
[ 1326.654831][T21038] Modules linked in:
[ 1326.654855][T21038] CPU: 0 UID: 0 PID: 21038 Comm: syz.5.3080 Not tainted syzkaller #0 PREEMPT(full) 
[ 1326.654876][T21038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1326.654889][T21038] RIP: 0010:nsproxy_ns_active_get+0x8c7/0xcb0
[ 1326.654916][T21038] Code: 0f 0b 90 e9 12 f8 ff ff e8 66 ea 76 ff 90 0f 0b 90 e9 dc f8 ff ff e8 58 ea 76 ff 90 0f 0b 90 e9 03 f9 ff ff e8 4a ea 76 ff 90 <0f> 0b 90 e9 cd f9 ff ff e8 3c ea 76 ff 90 0f 0b 90 e9 f4 f9 ff ff
[ 1326.654933][T21038] RSP: 0018:ffffc900112ef9e0 EFLAGS: 00010283
[ 1326.654951][T21038] RAX: ffffffff824a3536 RBX: ffff88801d2ff410 RCX: 0000000000080000
[ 1326.660443][T21035] RSP: 0018:ffffc90011b47d40 EFLAGS: 00010287
[ 1326.660469][T21035] RAX: ffffffff824a34fe RBX: ffff888060bf92d8 RCX: 0000000000080000
[ 1326.660485][T21035] RDX: ffffc90012fd2000 RSI: 0000000000000205 RDI: 0000000000000206
[ 1326.660500][T21035] RBP: ffffc90011b47e01 R08: ffff88805803f0bb R09: 1ffff1100b007e17
[ 1326.660515][T21035] R10: dffffc0000000000 R11: ffffed100b007e18 R12: dffffc0000000000
[ 1326.660531][T21035] R13: dffffc0000000000 R14: ffff88805803f0b8 R15: ffff88805803f000
[ 1326.660548][T21035] FS:  00007fd89d9f66c0(0000) GS:ffff888125fcc000(0000) knlGS:0000000000000000
[ 1326.660568][T21035] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1326.660583][T21035] CR2: 00007fddaec5f000 CR3: 00000000558c0000 CR4: 00000000003526f0
[ 1326.660603][T21035] Call Trace:
[ 1326.660611][T21035]  <TASK>
[ 1326.660625][T21035]  switch_task_namespaces+0x3e/0x110
[ 1326.660659][T21035]  __se_sys_setns+0x784/0x17d0
[ 1326.660687][T21035]  ? __se_sys_setns+0x565/0x17d0
[ 1326.660721][T21035]  ? __pfx___se_sys_setns+0x10/0x10
[ 1326.660752][T21035]  ? do_syscall_64+0xbe/0xfa0
[ 1326.673240][T21038] RDX: ffffc900137d4000 RSI: 0000000000049c6c RDI: 0000000000049c6d
[ 1326.676110][T21035]  do_syscall_64+0xfa/0xfa0
[ 1326.685606][T21038] RBP: 00000000f0000901 R08: ffff88804adb0a23 R09: 1ffff110095b6144
[ 1326.695603][T21035]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1326.695632][T21035]  ? clear_bhb_loop+0x60/0xb0
[ 1326.701884][T21038] R10: dffffc0000000000 R11: ffffed10095b6145 R12: dffffc0000000000
[ 1326.721579][T21035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1326.727395][T21038] R13: 1ffff1100f48eb69 R14: ffff88804adb0a20 R15: ffff88804adb0000
[ 1326.735382][T21035] RIP: 0033:0x7fd89f78f6c9
[ 1326.735403][T21035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1326.735422][T21035] RSP: 002b:00007fd89d9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000134
[ 1326.741529][T21038] FS:  00007fd89d9d56c0(0000) GS:ffff888125ecc000(0000) knlGS:0000000000000000
[ 1326.749464][T21035] RAX: ffffffffffffffda RBX: 00007fd89f9e6090 RCX: 00007fd89f78f6c9
[ 1326.749482][T21035] RDX: 0000000000000000 RSI: 0000000024020000 RDI: 0000000000000005
[ 1326.749496][T21035] RBP: 00007fd89f811f91 R08: 0000000000000000 R09: 0000000000000000
[ 1326.757473][T21038] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1326.757490][T21038] CR2: 00007fd89d9d4f98 CR3: 00000000558c0000 CR4: 00000000003526f0
[ 1326.765707][T21035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1326.765724][T21035] R13: 00007fd89f9e6128 R14: 00007fd89f9e6090 R15: 00007ffdccf4a0d8
[ 1326.765760][T21035]  </TASK>
[ 1326.765788][T21035] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1326.765802][T21035] CPU: 1 UID: 0 PID: 21035 Comm: syz.5.3080 Not tainted syzkaller #0 PREEMPT(full) 
[ 1326.765825][T21035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1326.765839][T21035] Call Trace:
[ 1326.765845][T21035]  <TASK>
[ 1326.765854][T21035]  dump_stack_lvl+0x99/0x250
[ 1326.765889][T21035]  ? __asan_memcpy+0x40/0x70
[ 1326.765920][T21035]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1326.765951][T21035]  ? __pfx__printk+0x10/0x10
[ 1326.765988][T21035]  vpanic+0x237/0x6d0
[ 1326.766006][T21035]  ? __pfx_vpanic+0x10/0x10
[ 1326.766023][T21035]  ? is_bpf_text_address+0x292/0x2b0
[ 1326.766047][T21035]  ? is_bpf_text_address+0x26/0x2b0
[ 1326.766078][T21035]  panic+0xb9/0xc0
[ 1326.766096][T21035]  ? __pfx_panic+0x10/0x10
[ 1326.766132][T21035]  __warn+0x318/0x4d0
[ 1326.766150][T21035]  ? nsproxy_ns_active_get+0x88f/0xcb0
[ 1326.766180][T21035]  ? nsproxy_ns_active_get+0x88f/0xcb0
[ 1326.766206][T21035]  report_bug+0x2be/0x4f0
[ 1326.766233][T21035]  ? nsproxy_ns_active_get+0x88f/0xcb0
[ 1326.766262][T21035]  ? nsproxy_ns_active_get+0x88f/0xcb0
[ 1326.766291][T21035]  ? nsproxy_ns_active_get+0x891/0xcb0
[ 1326.766319][T21035]  handle_bug+0x84/0x160
[ 1326.766342][T21035]  exc_invalid_op+0x1a/0x50
[ 1326.766363][T21035]  asm_exc_invalid_op+0x1a/0x20
[ 1326.766382][T21035] RIP: 0010:nsproxy_ns_active_get+0x88f/0xcb0
[ 1326.766413][T21035] Code: 00 e8 a5 ea 76 ff eb 0c e8 9e ea 76 ff eb 05 e8 97 ea 76 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 82 ea 76 ff 90 <0f> 0b 90 e9 ee f7 ff ff e8 74 ea 76 ff 90 0f 0b 90 e9 12 f8 ff ff
[ 1326.766439][T21035] RSP: 0018:ffffc90011b47d40 EFLAGS: 00010287
[ 1326.766457][T21035] RAX: ffffffff824a34fe RBX: ffff888060bf92d8 RCX: 0000000000080000
[ 1326.766473][T21035] RDX: ffffc90012fd2000 RSI: 0000000000000205 RDI: 0000000000000206
[ 1326.766487][T21035] RBP: ffffc90011b47e01 R08: ffff88805803f0bb R09: 1ffff1100b007e17
[ 1326.766502][T21035] R10: dffffc0000000000 R11: ffffed100b007e18 R12: dffffc0000000000
[ 1326.766518][T21035] R13: dffffc0000000000 R14: ffff88805803f0b8 R15: ffff88805803f000
[ 1326.766541][T21035]  ? nsproxy_ns_active_get+0x88e/0xcb0
[ 1326.766581][T21035]  switch_task_namespaces+0x3e/0x110
[ 1326.766608][T21035]  __se_sys_setns+0x784/0x17d0
[ 1326.766635][T21035]  ? __se_sys_setns+0x565/0x17d0
[ 1326.766667][T21035]  ? __pfx___se_sys_setns+0x10/0x10
[ 1326.766699][T21035]  ? do_syscall_64+0xbe/0xfa0
[ 1326.766721][T21035]  do_syscall_64+0xfa/0xfa0
[ 1326.766740][T21035]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1326.766759][T21035]  ? clear_bhb_loop+0x60/0xb0
[ 1326.766784][T21035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1326.766803][T21035] RIP: 0033:0x7fd89f78f6c9
[ 1326.766820][T21035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1326.766837][T21035] RSP: 002b:00007fd89d9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000134
[ 1326.766857][T21035] RAX: ffffffffffffffda RBX: 00007fd89f9e6090 RCX: 00007fd89f78f6c9
[ 1326.766872][T21035] RDX: 0000000000000000 RSI: 0000000024020000 RDI: 0000000000000005
[ 1326.766885][T21035] RBP: 00007fd89f811f91 R08: 0000000000000000 R09: 0000000000000000
[ 1326.766899][T21035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1326.766911][T21035] R13: 00007fd89f9e6128 R14: 00007fd89f9e6090 R15: 00007ffdccf4a0d8
[ 1326.766943][T21035]  </TASK>
[ 1326.774276][T21035] Kernel Offset: disabled