last executing test programs:

7m59.754776496s ago: executing program 1 (id=887):
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
r5 = syz_open_dev$audion(&(0x7f0000000140), 0x6, 0x40500)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r7=>0x0})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r8)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x14, r9, 0x303, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x88d0}, 0x40000)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="2000330040bc0100ffffffffffff0802110000005050505047e6ba2aac0146c0"], 0x5c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be70}, 0x3c008010)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r5, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x4040800)

7m58.677303893s ago: executing program 1 (id=889):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
read$FUSE(0xffffffffffffffff, &(0x7f0000002400)={0x2020}, 0xfffffec2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setresuid(0xee01, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), r4)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffff0000000008000700263a09091400"], 0x44}, 0x1, 0x1000000}, 0x0)
keyctl$get_persistent(0x16, 0x0, 0xfffffffffffffffb)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed00efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6342103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033df58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca30ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28defa300"})
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r6, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@mask_fadd={0x58, 0x118, 0x8, {{0x0, 0x3}, 0x0, 0x0, 0x5c, 0x8}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x6}], 0x70}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$kcm(0x2b, 0x1, 0x0)
listen(r7, 0x6)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000180)={0x0, 0x8}, &(0x7f00000000c0)=0x8)

7m56.295466127s ago: executing program 1 (id=890):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc)
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
recvmmsg(r5, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x39}, 0x0, 0x1, 0x0, 0x4}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r7, 0x400452c8, &(0x7f0000000100))
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x83}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x5}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x8c}}, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r0, 0x0)

7m53.533594649s ago: executing program 1 (id=894):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8}, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x28, 0x0, &(0x7f0000000780))
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
pipe(&(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'lo\x00', <r7=>0x0})
r8 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r8, &(0x7f0000000180)={0x2, 0x0, 0x7fffffff, @dev}, 0x3)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x70bd27, 0x25dfdbff, {0xa, 0x40, 0xc0, 0x0, r7}, [@IFA_ADDRESS={0x14, 0x1, @local}, @IFA_FLAGS={0x8, 0x8, 0x142}]}, 0x34}, 0x1, 0x0, 0x0, 0x2004c041}, 0x400c0c0)
write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc)
splice(r3, 0x0, r5, 0x0, 0x8001, 0xd)
r9 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, 0x0, 0x0)
syz_emit_ethernet(0x7a, 0x0, 0x0)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000500)=""/74, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4})
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r8, 0x29, 0x30, &(0x7f0000000e80)={0xa, {{0xa, 0x4e23, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}}, 0x0, 0x5, [{{0xa, 0x4e24, 0x8, @mcast2, 0x3}}, {{0xa, 0x4e20, 0x5, @empty, 0x3ff}}, {{0xa, 0x4e22, 0x2, @ipv4={'\x00', '\xff\xff', @local}}}, {{0xa, 0x4e22, 0x2, @private2, 0x8000}}, {{0xa, 0x4e22, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xc0}}]}, 0x310)
shmget(0x0, 0x3000, 0x1, &(0x7f000037d000/0x3000)=nil)

7m50.992258129s ago: executing program 1 (id=899):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
read$FUSE(0xffffffffffffffff, &(0x7f0000002400)={0x2020}, 0xfffffec2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setresuid(0xee01, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), r4)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffff0000000008000700263a09091400"], 0x44}, 0x1, 0x1000000}, 0x0)
keyctl$get_persistent(0x16, 0x0, 0xfffffffffffffffb)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed00efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6342103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033df58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca30ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28defa300"})
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r6, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@mask_fadd={0x58, 0x118, 0x8, {{0x0, 0x3}, 0x0, 0x0, 0x5c, 0x8}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x6}], 0x70}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
listen(0xffffffffffffffff, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x16, 0xa, 0x0, 0x0, 0x8000000, 0x61, 0x10, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xce, &(0x7f0000000580)=""/206, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000180)={0x0, 0x8}, &(0x7f00000000c0)=0x8)

7m49.15490507s ago: executing program 1 (id=902):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1)
sendmsg$IEEE802154_START_REQ(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x8800}, 0x20000040)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r2=>0x0})
getsockopt$inet_int(r0, 0x0, 0x16, 0x0, &(0x7f0000000400))
r3 = socket(0x10, 0x80002, 0x0)
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x220800, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TUNSETIFF(r4, 0x400454ca, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, 0x0)
bind$can_j1939(r8, &(0x7f0000000380)={0x1d, 0x0, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r8, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'sit0\x00', &(0x7f00000003c0)={'sit0\x00', 0x0, 0x8, 0x8, 0x5, 0xff, {{0x5, 0x4, 0x1, 0x3c, 0x14, 0x67, 0x0, 0x8, 0x29, 0x0, @local, @rand_addr=0x64010101}}}})
r9 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x3, 0x0)
readv(r9, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0)

7m33.71398875s ago: executing program 32 (id=902):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1)
sendmsg$IEEE802154_START_REQ(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x8800}, 0x20000040)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r2=>0x0})
getsockopt$inet_int(r0, 0x0, 0x16, 0x0, &(0x7f0000000400))
r3 = socket(0x10, 0x80002, 0x0)
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x220800, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TUNSETIFF(r4, 0x400454ca, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, 0x0)
bind$can_j1939(r8, &(0x7f0000000380)={0x1d, 0x0, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r8, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r2, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'sit0\x00', &(0x7f00000003c0)={'sit0\x00', 0x0, 0x8, 0x8, 0x5, 0xff, {{0x5, 0x4, 0x1, 0x3c, 0x14, 0x67, 0x0, 0x8, 0x29, 0x0, @local, @rand_addr=0x64010101}}}})
r9 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x3, 0x0)
readv(r9, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0)

5m44.196505171s ago: executing program 3 (id=1074):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000034700)=""/102400, 0x19000)
socket$inet6(0xa, 0x3, 0xff)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @private=0xa010101, 0x1}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000a000000"], 0x5c}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010200000000000000000a0000010500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000013c0)=@raw={'raw\x00', 0x8, 0x3, 0x1370, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x12a0, 0xffffffff, 0xffffffff, 0x12a0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {0xff}, {0xff}, 0x0, 0xfd, 0x0, 0x13}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x87, 0x7, 0x1, 0x5, 0x6, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @empty, @local, [0xffffff00, 0xffffff00, 0xff000000, 0xffffff00], [0xff000000, 0xff, 0xff000000, 0xff000000], [0xffffffff, 0xffffff00, 0xff000000], 0x700, 0x2440}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x7fff, 0x30, 0x1}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0x0, 0x0, 0xff000000], [], 'wg1\x00', 'ip6gretap0\x00', {}, {}, 0x3b, 0x0, 0x0, 0x3}, 0x0, 0x1100, 0x1140, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x2, './cgroup.cpu/syz0\x00', 0x2, {0x8}}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x54, 0xffff42f2, 0x5, 0x5ee, 0x8, 0x1c, 0x8001, 0x7]}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x13d0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fc, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x81, 0x7, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x8, 0xaff2, 0x0, 0x8, 0x4, 0x1, 0x8, 0x3, 0x0, 0x53, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0xfb, 0x4, 0x15, 0x0, 0x3, 0x40000000000002}], 0x9})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10004, 0xfffffffffffffffd, 0x4002004c4, 0x1000, 0x0, 0xfff, 0x10, 0x0, 0x0, 0x1, 0x8, 0x800000001], 0x0, 0x2011c0})
syz_open_dev$tty1(0xc, 0x4, 0x3)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10)
close(r1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

5m40.922157874s ago: executing program 3 (id=1079):
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
syz_open_dev$audion(&(0x7f0000000140), 0x6, 0x40500)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r6=>0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r7)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x14, r8, 0x303, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x88d0}, 0x40000)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010029bd7000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="2000330040bc0100ffffffffffff0802110000005050505047e6ba2aac0146c0"], 0x5c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be70}, 0x3c008010)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00'})

5m39.223392821s ago: executing program 3 (id=1083):
ioprio_set$pid(0x2, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="c0ae6872e90000000008e7847fa3"], &(0x7f0000000180)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e24, 0x2, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x48)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
writev(r4, &(0x7f0000000740)=[{&(0x7f0000000280)="581a17919cc77431510e7fc4ed9fb860505f1495ff92f16a44f8a13d58751d926def1f80b315bdc726cdd8b5d1a91f485854af8fc854b0da7a02522fe7b2c21db7a46c48473099d4a4654cfd97a67c9e79afc0d444e6c78b0216d2201b128df9d4ed5b4dbe676fe56a6354f819d997a6acb8595633cff6f77473b2b3abcc65b51cb3d3a30bf9b0b2ce59d568d3a89b49331904da2a37c89ea236f5d5640c32c3ac74e4bde1a62c560cb63836552f881c8a8305d2a13d838a5160a6c06c63decc86", 0xc1}], 0x1)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
readv(r4, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xff1}], 0x1)
syz_emit_vhci(&(0x7f00000007c0)=ANY=[@ANYBLOB="040e06006220"], 0x9)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)

5m36.074904311s ago: executing program 3 (id=1088):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000759, &(0x7f00000006c0)={[{@jqfmt_vfsold}, {@noblock_validity}, {@discard}, {@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xff}, 0x0}, {@noauto_da_alloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xc}}, {@jqfmt_vfsv1}, {@journal_path={'journal_path', 0x3d, './file0'}}, {@lazytime}, {@resuid}, {@dax_always}, {@test_dummy_encryption_v1}, {@auto_da_alloc}, {@nodioread_nolock}, {@data_writeback}, {@noblock_validity}], [], 0x2c}, 0x0, 0x51b, &(0x7f0000001300)="$eJzs3M9vFNcdAPDvrtc2LlC79Be/WralVa1Wxdj8PPQAqJW4VKrUqqLHrW0QxUCFXQksq5iqAqmHVvwF/XGrlL8gp+QSJVEOiXIF5RpFQpEvkByiiWZ3ZrPr3bXXZu2V8ecjzfJm5s3M+87Mw2/e29kAdq1y+lGI2BcRTyJitDbbnKFc++fFytL0ZytL04VIkt9+Wqjme76yNJ1nzbfbm82MFyOKfy/EkdbDDs/fW7xRmZubvZMtmFgoZqmblWuz12ZvTZ0/f/rUyLmzU2d6EmdapueH/3r76KHLf3j86+krj//4zmtpeZNsfWMcNWPVz6GujzDQsqQc5eZz2eDH3Rd9R9jfkC6U0s9i/wpD19K7tpTV3ScxGgPVuZrR+NXf+lo4YEslSZIMtyyt/y1bThoVCrUNkuRBArwCCtHvEgD9kf+hf76SPgEsTbc+B7/anl2M6hNQGveLbKqtKVWfYMtjEYNRm7bCtyLiyvLn/06naNsPAQDQW29cjHh0qdbuyKfammJ8pyHf17OxobGI+EZEHIiIb2btl29HVPN+NyIONmyzv4tRgPKq+db2zwcjWaKxudozafvvF9nYVnP7r17ysYFsbn81/sHC1etzsyezczIeg8Pp/GTrruvdam/+8sN/dTp+uaH9l07p8fO2YFaOT0qrOuhmKguVl4079+xB9cTeb42/EKVCnoo4FBGHN7H/9Jxd/+n/j3Za3xR/GmdL/P/svPPSJgq0SvLfiJ/Urv9yVOPP+z5rwQ9lqYmFm3+emL+3+PPrjeOTk+fOTp2Z2BNzsycn8rui1bvvP/xNlmx5jGi+/knScP3zqrGlA2np9f9a2/u/PnI5lqbq47XzGz/Gw6ePOj7TbPb+Hyr8rprOx2fvVhYW7kxGDBWWW5dPfbXt3cpIU/40/vHj7ev/gYgv/pNtdyQi0pv4exHx/Yg4lpX9BxHxw4g4vkb8b1/60Z86PUKuH//WSuOf2dD1v7c4ElmiviRNXHgvonlJnhi48dbrLQf+R7kl/sHodP1PV1Pj2ZKZysKe9eJqU8C2iZc+gQAAALADHIuIfVEonsg6mvZFsXjiRMTeeg/K/MLPrt7+y62Z2jsCYzFYzHu6Rhv6QyezvuF0Pt1qqmE+XX+q2m+cJEkyks6nz+9zB/sbOux6ezvU/9THra+0AK+aDY2jdXqjDdiRVtf/p11v2fsvZADbqwffowF2KPUfdq+u6/9WvQUH9E27+n8/4kUfigJss3b1//ctSy5sS1mA7dWu/hv7h91h8/1/vgwAO53+f9iVunpJfhOJA5fXyFModbefUtev8a+XKMbavwIwFvXfNMjbNGvv8KNiRG/O2EBPz/xI0zUtts2zJ3pxrCium6e0gR9i2N5EsTI3l7/g0vfyDEfEOndv/Wa7nycWt7pg1XPzv/79zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAbXwYAAP//363OhA==")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0xb, &(0x7f0000000280)={0x3, 0x3})
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0xd}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c)
r5 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000000)={0x2, @pix_mp={0x7, 0xf05, 0x3234564e, 0x4, 0xa, [{0x4, 0x52b}, {0x1, 0x7}, {0x4, 0x4}, {0x495b, 0x7ff}, {0x8, 0xcdc}, {0x80000000}, {0xdb, 0x1}, {0x80, 0xa}], 0x7, 0x80, 0x6, 0x0, 0x3}})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5m33.628315022s ago: executing program 3 (id=1092):
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
close(r2)
close(r1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = memfd_secret(0x0)
ftruncate(r4, 0x51a9497)

5m31.19986732s ago: executing program 3 (id=1098):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000034700)=""/102400, 0x19000)
socket$inet6(0xa, 0x3, 0xff)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @private=0xa010101, 0x1}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000a00000005"], 0x5c}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010200000000000000000a0000010500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000013c0)=@raw={'raw\x00', 0x8, 0x3, 0x1370, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x12a0, 0xffffffff, 0xffffffff, 0x12a0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {0xff}, {0xff}, 0x0, 0xfd, 0x0, 0x13}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x87, 0x7, 0x1, 0x5, 0x6, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @empty, @local, [0xffffff00, 0xffffff00, 0xff000000, 0xffffff00], [0xff000000, 0xff, 0xff000000, 0xff000000], [0xffffffff, 0xffffff00, 0xff000000], 0x700, 0x2440}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x7fff, 0x30, 0x1}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0x0, 0x0, 0xff000000], [], 'wg1\x00', 'ip6gretap0\x00', {}, {}, 0x3b, 0x0, 0x0, 0x3}, 0x0, 0x1100, 0x1140, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x2, './cgroup.cpu/syz0\x00', 0x2, {0x8}}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x54, 0xffff42f2, 0x5, 0x5ee, 0x8, 0x1c, 0x8001, 0x7]}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x13d0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fc, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x81, 0x7, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x8, 0xaff2, 0x0, 0x8, 0x4, 0x1, 0x8, 0x3, 0x0, 0x53, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0xfb, 0x4, 0x15, 0x0, 0x3, 0x40000000000002}], 0x9})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10004, 0xfffffffffffffffd, 0x4002004c4, 0x1000, 0x0, 0xfff, 0x10, 0x0, 0x0, 0x1, 0x8, 0x800000001], 0x0, 0x2011c0})
syz_open_dev$tty1(0xc, 0x4, 0x3)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10)
close(r1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

5m16.052121782s ago: executing program 33 (id=1098):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000034700)=""/102400, 0x19000)
socket$inet6(0xa, 0x3, 0xff)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @private=0xa010101, 0x1}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000a00000005"], 0x5c}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010200000000000000000a0000010500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000013c0)=@raw={'raw\x00', 0x8, 0x3, 0x1370, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x12a0, 0xffffffff, 0xffffffff, 0x12a0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {0xff}, {0xff}, 0x0, 0xfd, 0x0, 0x13}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x87, 0x7, 0x1, 0x5, 0x6, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @empty, @local, [0xffffff00, 0xffffff00, 0xff000000, 0xffffff00], [0xff000000, 0xff, 0xff000000, 0xff000000], [0xffffffff, 0xffffff00, 0xff000000], 0x700, 0x2440}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x7fff, 0x30, 0x1}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0x0, 0x0, 0xff000000], [], 'wg1\x00', 'ip6gretap0\x00', {}, {}, 0x3b, 0x0, 0x0, 0x3}, 0x0, 0x1100, 0x1140, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x2, './cgroup.cpu/syz0\x00', 0x2, {0x8}}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x54, 0xffff42f2, 0x5, 0x5ee, 0x8, 0x1c, 0x8001, 0x7]}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x13d0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fc, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x81, 0x7, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x8, 0xaff2, 0x0, 0x8, 0x4, 0x1, 0x8, 0x3, 0x0, 0x53, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0xfb, 0x4, 0x15, 0x0, 0x3, 0x40000000000002}], 0x9})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10004, 0xfffffffffffffffd, 0x4002004c4, 0x1000, 0x0, 0xfff, 0x10, 0x0, 0x0, 0x1, 0x8, 0x800000001], 0x0, 0x2011c0})
syz_open_dev$tty1(0xc, 0x4, 0x3)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10)
close(r1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

22.539616651s ago: executing program 0 (id=1562):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000002040), r3)
ptrace(0x10, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x3000c003}, 0x80)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='befs\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x53, 0x3, 0x8, 0x2, 0xb, 0x0, 0x1}, 0x0, &(0x7f0000000280)={0x3fd, 0x252c, 0x2000000000000, 0x2, 0x0, 0x9, 0x466}, 0x0, 0x0)
sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000002080)={0x34, r4, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x4]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x882}, 0x0)
ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000240)=0x4)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x2, 0x8001})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x9, 0x7, 0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0x6, 0x1, 0x5], 0x8000000, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

20.161316705s ago: executing program 2 (id=1567):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[], 0xfffffe2b}}, 0x2200c840)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x3b, 0x1, [{0xfbfffffa}]}})
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6000003, 0x42031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r6)
process_mrelease(0xffffffffffffffff, 0x0)
r9 = dup(r8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r7}, 0x10)
io_uring_setup(0xa39, &(0x7f00000004c0)={0x0, 0xeeeb, 0x2, 0x3, 0x5, 0x0, r9})
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

18.122769826s ago: executing program 0 (id=1569):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000100000000af7ff060900010073797a31000000000900030073797a320000000014000000110001022e1d00d6e13a0764e5cae9443c246c27e21a7ab0fc3921157a09ab7c473b4c9abbb80d8e704ad9e7b5edafd7efde971d3237eb9079cd"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newtaction={0x19c, 0x30, 0x1, 0x0, 0x0, {}, [{0x188, 0x1, [@m_tunnel_key={0x54, 0x1e, 0x0, 0x0, {{0xf}, {0x1c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @multicast1}]}, {0x9, 0x6, "2e7aa6e72b"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_tunnel_key={0x130, 0x13, 0x0, 0x0, {{0xf}, {0x64, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x5}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x2}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @multicast1}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x1, 0x9, 0x2, 0x5, 0x9}, 0x1}}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}]}, {0x9e, 0x6, "67d58fac960e75912676c2a96e9c3ed08f03d83a6c18cab43c342149937025fef2e5620936cbbf82083557d3f7ef45ea3a07c6d3ce45696f06f77f545393d3cb6bf4d5ddae37b523b54e2e5ca419ddb5d8bed06b43a7b0705ed36ae77ccedee2c89afd6f27ed818a3de12abbdf8371ebe20d470f98ba95270a24710e65cec4cbae54392c00d463557a95eee01490acd0463474c0e984a252e0ab"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x19c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1c8, 0x12)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = dup(r6)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x10, 0xd78121e7262ecb63, &(0x7f00000005c0)=ANY=[@ANYBLOB="b130f9c1a22f8ca9b0bb48059b9bd5ecf2cb12616ae6eb616fd46433f212b4e5701c9b05d5523dacad0c7500a9acaa3c81c74313b7dc9ecbca977e618c7444dac158e0e9a329383ea7a1266a87a21c22fd72af835eaa3de552a189a1f0827ad5d3429fa4464d84056be1ae5f6b83eeb18717268b9141bcb03d5497a27f3d72ecb7d85ac837d171deceda234d63ac9c59d8f9ae92fdde4fa4ab0d83f4ad12ee1bd4c1fd5ac4c5a5a19ecb4c2e49420d05e8d8b6c551c69e8e21351b1d83287e31542823b3af2ace087667f95639e036d631a33924282784839b55ce4e7ff923ea1af624bf28e127c0d83835693af81feefa3ad8", @ANYRESDEC=0x0, @ANYRES64=r7, @ANYRES8=r5], &(0x7f0000000340)='syzkaller\x00', 0xb, 0x0, 0x0, 0x0, 0x4}, 0x94)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e20, 0x0, @private1}}, 0x0, 0x0, 0x3f8, 0x1000, 0x32}, 0x9c)
bind$inet6(r8, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274140000001100"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

17.430204674s ago: executing program 2 (id=1571):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000034700)=""/102400, 0x19000)
socket$inet6(0xa, 0x3, 0xff)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @private=0xa010101, 0x1}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000a00000005"], 0x5c}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010200000000000000000a0000010500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000013c0)=@raw={'raw\x00', 0x8, 0x3, 0x1370, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x12a0, 0xffffffff, 0xffffffff, 0x12a0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {0xff}, {0xff}, 0x0, 0xfd, 0x0, 0x13}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x87, 0x7, 0x1, 0x5, 0x6, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @empty, @local, [0xffffff00, 0xffffff00, 0xff000000, 0xffffff00], [0xff000000, 0xff, 0xff000000, 0xff000000], [0xffffffff, 0xffffff00, 0xff000000], 0x700, 0x2440}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x7fff, 0x30, 0x1}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [0x0, 0x0, 0xff000000], [], 'wg1\x00', 'ip6gretap0\x00', {}, {}, 0x3b, 0x0, 0x0, 0x3}, 0x0, 0x1100, 0x1140, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x2, './cgroup.cpu/syz0\x00', 0x2, {0x8}}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x54, 0xffff42f2, 0x5, 0x5ee, 0x8, 0x1c, 0x8001, 0x7]}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x13d0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fc, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x81, 0x7, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x8, 0xaff2, 0x0, 0x8, 0x4, 0x1, 0x8, 0x3, 0x0, 0x53, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0xfb, 0x4, 0x15, 0x0, 0x3, 0x40000000000002}], 0x9})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10004, 0xfffffffffffffffd, 0x4002004c4, 0x1000, 0x0, 0xfff, 0x10, 0x0, 0x0, 0x1, 0x8, 0x800000001], 0x0, 0x2011c0})
syz_open_dev$tty1(0xc, 0x4, 0x3)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10)
close(r1)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

15.658583548s ago: executing program 4 (id=1573):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
close(r4)
close(r3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = memfd_secret(0x0)
ftruncate(r7, 0x51a9497)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000b00)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000005000000010000000100001304000000020000"], 0x0, 0x35, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x1ff}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75746638006d61703d6f983c756661703d6e6f726d616c2c6909000000f2ff00003dda5de4d586f0df206d61656b416d6f64653d3078303030300910303071303030303030302c73657373696f6e3d307830faffffff30303030303030f4e4b4f82c6d61736b3d4d4159574b50be30c8486470722677b93165cfe6f62127553b2017754598752d977369672c7063723d303030303030303030303030303030303030332c64566e745f6d6561737572652c00000000000000006bbf4d6406b59dbc529c00000000000000fada265ab14119997628704268c93600a2299d2c35a2efc1bf037787a0d801f26d335ef2ba9ac2423a358ccbb776b21e1d3b", @ANYRESDEC=0x0, @ANYRESOCT], 0xfe, 0x677, &(0x7f0000000c00)="$eJzs3UtvG9fdx/HfUNT1AYwHbREYhmOd2A0goy5NUrECwV2UHQ6lSUkOMUMV0ipwYykwTDmt7QK1Nqk2vQDtG+gumyz6Igp0nXXfQJcFgnZXoBsWc+NFnBFp3ew234+Q8HDOf+b85+I5GpFzRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJZdL5crlppue2fX5LPrvtc6pT5e2rzuxoW7U9uVrPA/LS3pejzp+neG1e+E/7utm/G7m1oKX5Z09H/v/P/DbxcL6fynJHQWet0Fvnh19PRRr7f//Gyt9a2zzHcpJjJRYYa5tpy2G3huq7blGDfwzObGRvn+diMwDbfpBHtB12kZ23cKXc83a/ZdU9ncXDdOac/baW/Va00nnfjh96vl8ob5aDHZ/fc/KgX2tttsuu2tKCasDmMWB0eIU2sZc/Ckt78+LckwqDJLUHVaULVcrVYq1Wpl48Hmgw/L5eLEhPIJmogYHrRvz87HVbqgMzdwfoWw//+bJTW1pLZ2tCuT+WOrLl+eWjn1ibT/f/++c2q7o/1/2stfH1bfUNT/34rf3crr/3NyMTLRDFk1Vs70s/280Csd6akeqaee9vX8Ypa7enEZXu7PllSUXAXy5KqlmrbkyCRTjDa1oQ2V9bG21VAgo4ZcNeUo0J4CdeWoFe0TX45q6sqTL6M12boro4o2tal1GTkqaU+edtTWluqq6V/9fv9AT6Ltvn5KjkqDKrMEFQfH4GRQXv//08/jOV6v/8f/nsGxM0MM8Mb1k+v/fHNZE1cvLyMAAAAAAHDRrOiv71b02f27kvpquE2n/KbTAgAAAAAAFyj65P9m+DIflt6VlXP937/63AAAAAAAwMWwonvsLEkr0Zf6reGdULN8CSDz5gAAAAAAAPB2iT7/v7Ug9aOh1VZlvdb1PwAAAAAA+C/w25Ex9ovpGLv99GP9gqSgs2j9+R+L8uet487ud63DWlhTO0xiJr4B0G3csIqKB+qNxutdkBS9s52bVjI+cDIIphUP7Ct9fTBtrH/LP5HAwlz654uMBK4djSSwUUze6fd6L455L2n38VFBUU3cykrDbTol22s+rKhWu1boOrvdXzx78kvJH6znwZPefumTz3qPo1yOw0nHh2Een4+lU5iWy8tovIXonousNV5WI23yd+3WihW1W07Xf061w8JoQ7Ot/691O465vRK/rhyle0DWr5JCpRTtsuHaR6NDWMMsKifXPGtH5GSxFGVxJ465s3Ynfknzi/fC0vfmpGppch/4o1lUR7OYvi2sf05siylZhMfCepjFX8IF5WSx/npZTOwRAHhTDoa9UDSI+eQY+yf73Yyz3HLymnuWm967/3C8lZd/7Mc3HM5JRfUXk+6ln9+vKDyjr8VhC/Eo7sUbGWf0ctKvLCnnjF4+R+8WtvWn4TOQkqfVJDXFQRb/7vf7DytRu3840at+Ec7wRW67QbM6F27C+y8PfxYNgB/6dP/T/WfV6vpG+YNy+UFV89FqJC/0PQCADNOfsTMesTTszwZ99weDq+rHf38/Lo31u98afKWgpE/0mXp6rHvpIwRWs9tdGfkawr3Jq9YwNvqtYzy2onu5V3VRXzoSWx3EziudZfz3hWHs+mXvBgAArtTtKf3wyf4/69r9XnrdvXYj87p7vC8/+YTgvNjKFW8JAAC+ORz/a2ul+xvL993Ox5XNzUqtu+0Y37N/bHy3vuUYt911fHu71t5yTMf3up7tNU3H16JbdwIT7HQ6nt81Dc83HS9wd6Mnv5vk0e+B06q1u64ddJpOLXCM7bW7Nbtr6m5gm87Oj5pusO340cxBx7HdhmvXuq7XNoG3LNspGRM4zkigW3faXbfhhsW26fhuq+bvmZ94zZ2WY+pOYPtup+vFC0zbctsNz29Fiy2pf9qDDgEA+MZ48ero6aNeb//5KYVjxYX0+2hJ1VcZwQtZC3zDqwgAAE6glwYAAAAAAAAAAAAAAAAAAAAA4O03y/1/pxbSmwLTKfPKCJYGU35+baYlWxpO+fKv58rwDIXCySnJSLv96bN/FReKWTHLYWFBUi/d/KMxx1MTm8uYK6+wOtOaKi4UL34bLktZR8KlFX5wMH4cTsSElZlVi4OtWjz/P4eswrMvc6qmH1GL49tw4bQVHC8UJT1fOMcuuNrzEICr958AAAD//7gMOck=")
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000180)={0x28, r0, 0x801, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x0)

13.6125928s ago: executing program 5 (id=1574):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
close(r4)
close(r3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = memfd_secret(0x0)
ftruncate(r8, 0x51a9497)
r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000b00)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000005000000010000000100001304000000020000"], 0x0, 0x35, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r9, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x1ff}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75746638006d61703d6f983c756661703d6e6f726d616c2c6909000000f2ff00003dda5de4d586f0df206d61656b416d6f64653d3078303030300910303071303030303030302c73657373696f6e3d307830faffffff30303030303030f4e4b4f82c6d61736b3d4d4159574b50be30c8486470722677b93165cfe6f62127553b2017754598752d977369672c7063723d303030303030303030303030303030303030332c64566e745f6d6561737572652c00000000000000006bbf4d6406b59dbc529c00000000000000fada265ab14119997628704268c93600a2299d2c35a2efc1bf037787a0d801f26d335ef2ba9ac2423a358ccbb776b21e1d3b", @ANYRESDEC=0x0, @ANYRESOCT], 0xfe, 0x677, &(0x7f0000000c00)="$eJzs3UtvG9fdx/HfUNT1AYwHbREYhmOd2A0goy5NUrECwV2UHQ6lSUkOMUMV0ipwYykwTDmt7QK1Nqk2vQDtG+gumyz6Igp0nXXfQJcFgnZXoBsWc+NFnBFp3ew234+Q8HDOf+b85+I5GpFzRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJZdL5crlppue2fX5LPrvtc6pT5e2rzuxoW7U9uVrPA/LS3pejzp+neG1e+E/7utm/G7m1oKX5Z09H/v/P/DbxcL6fynJHQWet0Fvnh19PRRr7f//Gyt9a2zzHcpJjJRYYa5tpy2G3huq7blGDfwzObGRvn+diMwDbfpBHtB12kZ23cKXc83a/ZdU9ncXDdOac/baW/Va00nnfjh96vl8ob5aDHZ/fc/KgX2tttsuu2tKCasDmMWB0eIU2sZc/Ckt78+LckwqDJLUHVaULVcrVYq1Wpl48Hmgw/L5eLEhPIJmogYHrRvz87HVbqgMzdwfoWw//+bJTW1pLZ2tCuT+WOrLl+eWjn1ibT/f/++c2q7o/1/2stfH1bfUNT/34rf3crr/3NyMTLRDFk1Vs70s/280Csd6akeqaee9vX8Ypa7enEZXu7PllSUXAXy5KqlmrbkyCRTjDa1oQ2V9bG21VAgo4ZcNeUo0J4CdeWoFe0TX45q6sqTL6M12boro4o2tal1GTkqaU+edtTWluqq6V/9fv9AT6Ltvn5KjkqDKrMEFQfH4GRQXv//08/jOV6v/8f/nsGxM0MM8Mb1k+v/fHNZE1cvLyMAAAAAAHDRrOiv71b02f27kvpquE2n/KbTAgAAAAAAFyj65P9m+DIflt6VlXP937/63AAAAAAAwMWwonvsLEkr0Zf6reGdULN8CSDz5gAAAAAAAPB2iT7/v7Ug9aOh1VZlvdb1PwAAAAAA+C/w25Ex9ovpGLv99GP9gqSgs2j9+R+L8uet487ud63DWlhTO0xiJr4B0G3csIqKB+qNxutdkBS9s52bVjI+cDIIphUP7Ct9fTBtrH/LP5HAwlz654uMBK4djSSwUUze6fd6L455L2n38VFBUU3cykrDbTol22s+rKhWu1boOrvdXzx78kvJH6znwZPefumTz3qPo1yOw0nHh2Een4+lU5iWy8tovIXonousNV5WI23yd+3WihW1W07Xf061w8JoQ7Ot/691O465vRK/rhyle0DWr5JCpRTtsuHaR6NDWMMsKifXPGtH5GSxFGVxJ465s3Ynfknzi/fC0vfmpGppch/4o1lUR7OYvi2sf05siylZhMfCepjFX8IF5WSx/npZTOwRAHhTDoa9UDSI+eQY+yf73Yyz3HLymnuWm967/3C8lZd/7Mc3HM5JRfUXk+6ln9+vKDyjr8VhC/Eo7sUbGWf0ctKvLCnnjF4+R+8WtvWn4TOQkqfVJDXFQRb/7vf7DytRu3840at+Ec7wRW67QbM6F27C+y8PfxYNgB/6dP/T/WfV6vpG+YNy+UFV89FqJC/0PQCADNOfsTMesTTszwZ99weDq+rHf38/Lo31u98afKWgpE/0mXp6rHvpIwRWs9tdGfkawr3Jq9YwNvqtYzy2onu5V3VRXzoSWx3EziudZfz3hWHs+mXvBgAArtTtKf3wyf4/69r9XnrdvXYj87p7vC8/+YTgvNjKFW8JAAC+ORz/a2ul+xvL993Ox5XNzUqtu+0Y37N/bHy3vuUYt911fHu71t5yTMf3up7tNU3H16JbdwIT7HQ6nt81Dc83HS9wd6Mnv5vk0e+B06q1u64ddJpOLXCM7bW7Nbtr6m5gm87Oj5pusO340cxBx7HdhmvXuq7XNoG3LNspGRM4zkigW3faXbfhhsW26fhuq+bvmZ94zZ2WY+pOYPtup+vFC0zbctsNz29Fiy2pf9qDDgEA+MZ48ero6aNeb//5KYVjxYX0+2hJ1VcZwQtZC3zDqwgAAE6glwYAAAAAAAAAAAAAAAAAAAAA4O03y/1/pxbSmwLTKfPKCJYGU35+baYlWxpO+fKv58rwDIXCySnJSLv96bN/FReKWTHLYWFBUi/d/KMxx1MTm8uYK6+wOtOaKi4UL34bLktZR8KlFX5wMH4cTsSElZlVi4OtWjz/P4eswrMvc6qmH1GL49tw4bQVHC8UJT1fOMcuuNrzEICr958AAAD//7gMOck=")
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000180)={0x28, r0, 0x801, 0x70bd2d, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x0)

13.533718308s ago: executing program 2 (id=1575):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x52, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x20000b, 0x1, 0x2, "f819ebf45608e255b61c5deb3eb574d486d27e0600000000040000000006f100"})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mq_open(0x0, 0x40, 0x22, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r2 = timerfd_create(0x7, 0x0)
timerfd_settime(r2, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
readv(r2, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1)
close(r0)
mknodat(0xffffffffffffff9c, 0x0, 0x21c0, 0x103)
r3 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8b18, &(0x7f0000000300)={'wlan1\x00', @random="010000000700"})
ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
socketpair$unix(0x1, 0x5, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x2, 0x0, &(0x7f0000002b80), 0x41000004, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1e, &(0x7f0000000000), 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000051)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d00000002000001090224000100000000090400000103000000092100000001220500090581"], 0x0)

11.953313653s ago: executing program 0 (id=1576):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@bridge_dellink={0x2c, 0x11, 0x5, 0x0, 0x300, {0x7, 0x0, 0x0, r2, 0x1}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x4, 0x0, 0x1, {0x4, 0x6}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x6}, @NFTA_CHAIN_HOOK={0x4}]}], {0x14}}, 0x80}}, 0x44000)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x76}, [@call={0x27}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8}, 0x3f)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1}, 0x37)
close(r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000004008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001440)='GPL\x00'}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r6, r9, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r6}, &(0x7f0000000100), &(0x7f0000000140)=r5}, 0x20)
sendmsg(r7, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001400)='H', 0x20001401}], 0x1}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000480)={{0x1, 0x1, 0x18, <r10=>r3}, './file0\x00'})
r11 = socket$netlink(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r11)
sendmsg$SEG6_CMD_GET_TUNSRC(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)={0x28, r12, 0x223, 0x0, 0x0, {0x3}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x440d4)
sendmsg$SEG6_CMD_SET_TUNSRC(r10, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x24, r12, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0xfffffffc}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x3ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x40885}, 0x0)
r13 = epoll_create1(0x0)
r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$IOCTL_GET_NCIDEV_IDX(r10, 0x0, &(0x7f00000005c0)=<r15=>0x0)
ioctl$sock_SIOCADDRT(r10, 0x890b, &(0x7f00000006c0)={0x0, @phonet={0x23, 0x4a, 0x9}, @xdp={0x2c, 0x2, r2, 0x13}, @nfc={0x27, r15, 0x1, 0x3}, 0x1, 0x0, 0x0, 0x0, 0xa5d5, &(0x7f0000000600)='veth0_virt_wifi\x00', 0x7, 0x8, 0x9})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x7c, r14, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x48c}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x17}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x43}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xd}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3c}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2c1}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}]]}, 0x7c}, 0x1, 0x0, 0x0, 0x8d0}, 0x4040010)
ioctl$int_out(r13, 0x5460, 0x0)
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x1c, 0x13, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008881}, 0x4040040)

11.661834242s ago: executing program 4 (id=1577):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x20004e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r3)
r5 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x3}, 0x0, 0x0, r4)
close(0xffffffffffffffff)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
keyctl$invalidate(0x15, r5)
syz_mount_image$udf(&(0x7f0000000100), &(0x7f00000000c0)='./file1\x00', 0x210048, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0000005733010312bb6086da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc2d, &(0x7f0000001100)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', r6, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
unlink(&(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYRES8], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x29}, 0x94)
pivot_root(&(0x7f0000000180)='./file1\x00', 0x0)
ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x4010942a, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r4, r4, r3, 0x0)

9.222844842s ago: executing program 0 (id=1578):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000002040), r3)
ptrace(0x10, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x3000c003}, 0x80)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{0x0}], 0x1)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='befs\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x53, 0x3, 0x8, 0x2, 0xb, 0x0, 0x1}, 0x0, &(0x7f0000000280)={0x3fd, 0x252c, 0x2000000000000, 0x2, 0x0, 0x9, 0x466}, 0x0, 0x0)
sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000002080)={0x34, r4, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x4]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x882}, 0x0)
ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000240)=0x4)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x2, 0x8001})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x9, 0x7, 0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0x6, 0x1, 0x5], 0x8000000, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9.104301394s ago: executing program 4 (id=1579):
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
r5 = syz_open_dev$audion(&(0x7f0000000140), 0x6, 0x40500)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r7=>0x0})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r8)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x14, r9, 0x303, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x88d0}, 0x40000)
r10 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010029bd7000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="2000330040bc0100ffffffffffff0802110000005050505047e6ba2aac0146c0"], 0x5c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be70}, 0x3c008010)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r5, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, r10, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x4040800)

8.359367267s ago: executing program 5 (id=1580):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
read$FUSE(0xffffffffffffffff, &(0x7f0000002400)={0x2020}, 0xfffffec2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setresuid(0xee01, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), r4)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffff0000000008000700263a09091400"], 0x44}, 0x1, 0x1000000}, 0x0)
keyctl$get_persistent(0x16, 0x0, 0xfffffffffffffffb)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed00efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6342103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033df58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca30ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28defa300"})
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r6, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@mask_fadd={0x58, 0x118, 0x8, {{0x0, 0x3}, 0x0, 0x0, 0x5c, 0x8}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x6}], 0x70}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$kcm(0x2b, 0x1, 0x0)
listen(r7, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x16, 0xa, 0x0, 0x0, 0x8000000, 0x61, 0x10, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xce, &(0x7f0000000580)=""/206, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000180)={0x0, 0x8}, &(0x7f00000000c0)=0x8)

7.358830415s ago: executing program 4 (id=1581):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
read$FUSE(0xffffffffffffffff, &(0x7f0000002400)={0x2020}, 0xfffffec2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setresuid(0xee01, 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), r3)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffff0000000008000700263a09091400"], 0x44}, 0x1, 0x1000000}, 0x0)
keyctl$get_persistent(0x16, 0x0, 0xfffffffffffffffb)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed00efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6342103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033df58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca30ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28defa300"})
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@mask_fadd={0x58, 0x118, 0x8, {{0x0, 0x3}, 0x0, 0x0, 0x5c, 0x8}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x6}], 0x70}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$kcm(0x2b, 0x1, 0x0)
listen(r6, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x16, 0xa, 0x0, 0x0, 0x8000000, 0x61, 0x10, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xce, &(0x7f0000000580)=""/206, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000180)={0x0, 0x8}, &(0x7f00000000c0)=0x8)

7.358332455s ago: executing program 2 (id=1582):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@name}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]})
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, &(0x7f0000000000))
r5 = socket$packet(0x11, 0x3, 0x300)
sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r0, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000880}, 0x4000000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080))
sendto$packet(r5, &(0x7f0000000100)="f257a8ea7bc273dfaeab96854305", 0xe, 0x0, 0x0, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r5, 0x1, 0x53, &(0x7f00000000c0)={0x8, 0x7, 0x0, 'syz1\x00'}, &(0x7f0000000280)=0x2c)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000005c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="21012cbd7000000000001400000008000300", @ANYRES32=r6], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x0)

6.237569646s ago: executing program 5 (id=1583):
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x1b})
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600)
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xfb998b673fdec582)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff858500000071000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r7, 0xc0d05604, &(0x7f0000000080)={0x9, @raw_data="e8de1cdaafd7c71ca7356738ee1c18b123352c3b451eb42d84643a4e8b4389688636a7af4566b401943cdcaaa024b7de60cbea33e79f2e2df7f80f7902b1a73a1dbc819e48e668d4f603000000000000009a3c221f031dc85bda679a73358a0861df22f30b8ae8845bd5f3b877474c7c0bdef54c1f59b9a94b422b8673d080da4b700f991fd06603868a8f1a7594a56941832d13d1a00803535263d4bc2a39a469b1b78dcf782a26495c0837622e03b8125fd22d71d39727c9939400"})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
mount$overlay(0x0, 0x0, &(0x7f0000000480), 0x3196846, &(0x7f0000000400))
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_open_dev$MSR(0x0, 0x4, 0x0)
bind$inet6(r8, &(0x7f0000001100)={0xa, 0x3, 0x0, @loopback, 0xfffffffe}, 0x1c)
connect$inet6(r8, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000100)='cubic', 0x6)

6.186894241s ago: executing program 0 (id=1584):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0x50)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x400, 0x802, 0xff, 0x16, 0x402, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$netlink(0x10, 0x3, 0xb)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000600)=0x1d, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000000), 0xd)
setsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f0000000080)=0x4, 0x4)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000200)='./file0\x00', 0xa00010, &(0x7f0000000840)=ANY=[@ANYBLOB='nodecompose,decompose,nobarrier,gid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767164f5f6431bbdeaef96a4f2bce64b5cfa76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad825cfd9ef5ee9e89e04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c699812"], 0x6, 0x635, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iVtK0SGUkB56FrYcC6+VIClFCaWo79BTD/kD0oNuPRV6N6Tn9parjoFCLznppjKzs9LaWil6s1ZqPx/z7PM888w888xvZ2Zndi0mwP+t+Yk0n6TI/MTb62V9a3OmvbU5c6Vubicpy42k2clSLCfFZ8nddFK+Xk6s5y8OWs8nS3Pvfv7l1hedWrNO1fyNw5Y7mo06ZTzJUJ0/o/Wn4/Q33CmU/dzr398xFLtbWAbsVjdwMGg7+2wcZ/FTHrfARVB0Pjf3GUuuJhmprwNSnx0a5zu6s3essxwAAABcUi9sZzvruTbocQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBlUj//v6hTo1seT9F9/n+rnpa6fKk9GfQAAAAAAAAAAOAMfHM721nPtW59p6h+83+9qlyvXr+WD7OaxazkdtazkLWsZSVTScZ6OmqtL6ytrUwdYcnpvktOn8/2AgAAAAAAAMD/qN9kfu/3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKShOi86xaJO17vlsTSaSUaStMr5NpJ/dcuXRNFv4pPzHwcAAACcysgJlnlhO9tZz7Vufaeo7vlfqe6XR/JhlrOWpaylncXcr++hy7v+xtbmTHtrc+Zxmfb3+8P/HGsYVY+7X0P0W/PNao7RPMhSNeV27lWDuZ9GtWTpZnc8/cf163JMxVu1I47sfp2XK/vzQd8iDMRYFZHh3YhM1mMro/Hi4ZH4yneneeiaptLY/ebn+nOI+dU6L7fnDxcz5o1UkZju2fteOTwSybf+/tefP2wvP3r4YHXi4mzSCT27T8z0ROLVSx2J5jHnn6wicWO3Pp+f5GeZyHjeyUqW8ossZC2L2anbF+r9uXwdOzxSd5+qvfNVI2nV70vnLHqUMY3nx1VpIa9Xy17LUoq8n/tZzJvVv+lM5XuZzWzmet7hGweOu9q26qhvHO+ov/XtujCa5I91Pmidj9Qyri/2xLX3nDtWtfVO2YvSS2d/bmx+oy6U6/htnV8Mz0ZiqicSLx8eib9Ux8Zqe/nRysOFDw7of+OZ+ht1Xu5xv79QnxLl/vJSRuozydN7R9n28u5Z5ul4tepfXDptjX1tN6q2ougeqT898Eht1ddw+3uartpe7ds2U7Xd7Gl76nor76e9ez0EwAV29TtXW6P/Hv3n6Kejvxt9OPr2yI+ufP/Ka60M/2P4B83JoTcarxV/y6f51d79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHKrH338aKHdXlzpX2gc3HS2haJ+kM95rEth0IXuQwRP3eHdC7E5l7owlKRfU/0WneThosClcGft8Qd3Vj/6+LtLjxfeW3xvcXl4dnZucm72zZk7D5bai5Od10GPEnge9j70+7cXF+oBmwAAAAAAAAAAAECO9vc2O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy21+Is0nKTI1eXuyrG9tzrTL1C3vzdlM0mgkxS+T4rPkbjopYz3dFW8dsJ5Plube/fzLrS/2+mpW85ed1vkpbNQp40mG6vys+rt36v6K3S0sA3arGzgYtP8GAAD//+IHAOM=")
setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='osx.:'], 0x0, 0x0, 0x0)
listxattr(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6.053737644s ago: executing program 4 (id=1585):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000100000000af7ff060900010073797a31000000000900030073797a320000000014000000110001022e1d00d6e13a0764e5cae9443c246c27e21a7ab0fc3921157a09ab7c473b4c9abbb80d8e704ad9e7b5edafd7efde971d3237eb9079cd"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newtaction={0x19c, 0x30, 0x1, 0x0, 0x0, {}, [{0x188, 0x1, [@m_tunnel_key={0x54, 0x1e, 0x0, 0x0, {{0xf}, {0x1c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @multicast1}]}, {0x9, 0x6, "2e7aa6e72b"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_tunnel_key={0x130, 0x13, 0x0, 0x0, {{0xf}, {0x64, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x5}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x2}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @multicast1}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x1, 0x9, 0x2, 0x5, 0x9}, 0x1}}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}]}, {0x9e, 0x6, "67d58fac960e75912676c2a96e9c3ed08f03d83a6c18cab43c342149937025fef2e5620936cbbf82083557d3f7ef45ea3a07c6d3ce45696f06f77f545393d3cb6bf4d5ddae37b523b54e2e5ca419ddb5d8bed06b43a7b0705ed36ae77ccedee2c89afd6f27ed818a3de12abbdf8371ebe20d470f98ba95270a24710e65cec4cbae54392c00d463557a95eee01490acd0463474c0e984a252e0ab"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x19c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1c8, 0x12)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = dup(r6)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x10, 0xd78121e7262ecb63, &(0x7f00000005c0)=ANY=[@ANYBLOB="b130f9c1a22f8ca9b0bb48059b9bd5ecf2cb12616ae6eb616fd46433f212b4e5701c9b05d5523dacad0c7500a9acaa3c81c74313b7dc9ecbca977e618c7444dac158e0e9a329383ea7a1266a87a21c22fd72af835eaa3de552a189a1f0827ad5d3429fa4464d84056be1ae5f6b83eeb18717268b9141bcb03d5497a27f3d72ecb7d85ac837d171deceda234d63ac9c59d8f9ae92fdde4fa4ab0d83f4ad12ee1bd4c1fd5ac4c5a5a19ecb4c2e49420d05e8d8b6c551c69e8e21351b1d83287e31542823b3af2ace087667f95639e036d631a33924282784839b55ce4e7ff923ea1af624bf28e127c0d83835693af81feefa3ad8", @ANYRESDEC=0x0, @ANYRES64=r7, @ANYRES8=r5], &(0x7f0000000340)='syzkaller\x00', 0xb, 0x0, 0x0, 0x0, 0x4}, 0x94)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e20, 0x0, @private1}}, 0x0, 0x0, 0x3f8, 0x1000, 0x32}, 0x9c)
bind$inet6(r8, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274140000001100"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

5.921637177s ago: executing program 2 (id=1586):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r7 = creat(0x0, 0x10)
ioctl$FS_IOC_SETFLAGS(r7, 0x40086602, &(0x7f00000010c0)=0x40)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x8, r6}, 0x38)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8000000, 0x3, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [], [], 'ip6tnl0\x00', 'nicvf0\x00', {}, {}, 0x3a}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [], [], 'veth1\x00', 'veth0_to_hsr\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x386)
mount(0x0, &(0x7f0000000800)='.\x00', 0x0, 0x0, &(0x7f00000006c0)='=\n\x9b\xa1Q\a\x00\n@\xf6\"2a\xd7\x1fch\x1a}#\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nR\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|\xd8ZE\x92\xb4\x18|\x14\xc8\x14\xab\xe3\xd2\xb8\xf9J\x13\xbc\xea\xccp;\xa5\xe8\r=\n\x9e\xfb\x17\"\xc4QJ\xdf\xa9\x02BQ\x11\b\xab\x14\xf7\x16\xde\xc3\x89\xc6d\xdd\x18\x01\xdd\xf3\xe2\xa5\xef\x02\x17T\x94\xb9\xd4v\xb1\xe3\xb7L\xe6>*\x11e\x18\xe7-\b\xe9\x87\x81,N\x1f\x94\xa4\xe5\xd6\xd4m\x92\xccg3jNvd\xd2O|c\xb3\xa0\xf2\xc6\\\x8a\'\xb3\x81S\x9b6\xf5\xb7\x93\v\xb0\aD\xb9\xf7>\xcf?\xea\xfb\xfc\xb9\x9d\xa5\xb5\xbc\xe2\xddUJN\xb2\xb7\x9c\xc3qk\x06\xdb\xd69\x8b\x00'/288)
r8 = syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r8, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r8, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa8f, 0x86c, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3, 0x19ef, 0xfffffff7, 0x5, 0x2800, 0x6, 0x9, 0x4, 0xc, 0x11, {0x4, 0xffffffff}, 0xd0, 0x1}})
r9 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r9, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r9, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
sendto$inet(r9, &(0x7f00000012c0)='\t', 0x1, 0x11, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000000)={'ipvlan1\x00', {0x2, 0x4e22, @empty}})
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={'ipvlan0\x00', {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x37}}})

4.737864294s ago: executing program 0 (id=1587):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000759, &(0x7f00000006c0)={[{@jqfmt_vfsold}, {@noblock_validity}, {@discard}, {@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xff}, 0x0}, {@noauto_da_alloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xc}}, {@jqfmt_vfsv1}, {@journal_path={'journal_path', 0x3d, './file0'}}, {@lazytime}, {@resuid}, {@dax_always}, {@test_dummy_encryption_v1}, {@auto_da_alloc}, {@nodioread_nolock}, {@data_writeback}, {@noblock_validity}], [], 0x2c}, 0x0, 0x51b, &(0x7f0000001300)="$eJzs3M9vFNcdAPDvrtc2LlC79Be/WralVa1Wxdj8PPQAqJW4VKrUqqLHrW0QxUCFXQksq5iqAqmHVvwF/XGrlL8gp+QSJVEOiXIF5RpFQpEvkByiiWZ3ZrPr3bXXZu2V8ecjzfJm5s3M+87Mw2/e29kAdq1y+lGI2BcRTyJitDbbnKFc++fFytL0ZytL04VIkt9+Wqjme76yNJ1nzbfbm82MFyOKfy/EkdbDDs/fW7xRmZubvZMtmFgoZqmblWuz12ZvTZ0/f/rUyLmzU2d6EmdapueH/3r76KHLf3j86+krj//4zmtpeZNsfWMcNWPVz6GujzDQsqQc5eZz2eDH3Rd9R9jfkC6U0s9i/wpD19K7tpTV3ScxGgPVuZrR+NXf+lo4YEslSZIMtyyt/y1bThoVCrUNkuRBArwCCtHvEgD9kf+hf76SPgEsTbc+B7/anl2M6hNQGveLbKqtKVWfYMtjEYNRm7bCtyLiyvLn/06naNsPAQDQW29cjHh0qdbuyKfammJ8pyHf17OxobGI+EZEHIiIb2btl29HVPN+NyIONmyzv4tRgPKq+db2zwcjWaKxudozafvvF9nYVnP7r17ysYFsbn81/sHC1etzsyezczIeg8Pp/GTrruvdam/+8sN/dTp+uaH9l07p8fO2YFaOT0qrOuhmKguVl4079+xB9cTeb42/EKVCnoo4FBGHN7H/9Jxd/+n/j3Za3xR/GmdL/P/svPPSJgq0SvLfiJ/Urv9yVOPP+z5rwQ9lqYmFm3+emL+3+PPrjeOTk+fOTp2Z2BNzsycn8rui1bvvP/xNlmx5jGi+/knScP3zqrGlA2np9f9a2/u/PnI5lqbq47XzGz/Gw6ePOj7TbPb+Hyr8rprOx2fvVhYW7kxGDBWWW5dPfbXt3cpIU/40/vHj7ev/gYgv/pNtdyQi0pv4exHx/Yg4lpX9BxHxw4g4vkb8b1/60Z86PUKuH//WSuOf2dD1v7c4ElmiviRNXHgvonlJnhi48dbrLQf+R7kl/sHodP1PV1Pj2ZKZysKe9eJqU8C2iZc+gQAAALADHIuIfVEonsg6mvZFsXjiRMTeeg/K/MLPrt7+y62Z2jsCYzFYzHu6Rhv6QyezvuF0Pt1qqmE+XX+q2m+cJEkyks6nz+9zB/sbOux6ezvU/9THra+0AK+aDY2jdXqjDdiRVtf/p11v2fsvZADbqwffowF2KPUfdq+u6/9WvQUH9E27+n8/4kUfigJss3b1//ctSy5sS1mA7dWu/hv7h91h8/1/vgwAO53+f9iVunpJfhOJA5fXyFModbefUtev8a+XKMbavwIwFvXfNMjbNGvv8KNiRG/O2EBPz/xI0zUtts2zJ3pxrCium6e0gR9i2N5EsTI3l7/g0vfyDEfEOndv/Wa7nycWt7pg1XPzv/79zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAbXwYAAP//363OhA==")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0xd}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'wrr\x00', 0x17, 0x81, 0x5}, {@multicast1, 0x4e23, 0x3, 0x1cb, 0x12d5c, 0x12d5c}}, 0x44)
r3 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000000)={0x2, @pix_mp={0x7, 0xf05, 0x3234564e, 0x4, 0xa, [{0x4, 0x52b}, {0x1, 0x7}, {0x4, 0x4}, {0x495b, 0x7ff}, {0x8, 0xcdc}, {0x80000000}, {0xdb, 0x1}, {0x80, 0xa}], 0x7, 0x80, 0x6, 0x0, 0x3}})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.736438483s ago: executing program 5 (id=1588):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
close(r4)
close(r3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = memfd_secret(0x0)
ftruncate(r8, 0x51a9497)
r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000b00)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000005000000010000000100001304000000020000"], 0x0, 0x35, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r9, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x1ff}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="75746638006d61703d6f983c756661703d6e6f726d616c2c6909000000f2ff00003dda5de4d586f0df206d61656b416d6f64653d3078303030300910303071303030303030302c73657373696f6e3d307830faffffff30303030303030f4e4b4f82c6d61736b3d4d4159574b50be30c8486470722677b93165cfe6f62127553b2017754598752d977369672c7063723d303030303030303030303030303030303030332c64566e745f6d6561737572652c00000000000000006bbf4d6406b59dbc529c00000000000000fada265ab14119997628704268c93600a2299d2c35a2efc1bf037787a0d801f26d335ef2ba9ac2423a358ccbb776b21e1d3b", @ANYRESDEC=0x0, @ANYRESOCT], 0xfe, 0x677, &(0x7f0000000c00)="$eJzs3UtvG9fdx/HfUNT1AYwHbREYhmOd2A0goy5NUrECwV2UHQ6lSUkOMUMV0ipwYykwTDmt7QK1Nqk2vQDtG+gumyz6Igp0nXXfQJcFgnZXoBsWc+NFnBFp3ew234+Q8HDOf+b85+I5GpFzRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJZdL5crlppue2fX5LPrvtc6pT5e2rzuxoW7U9uVrPA/LS3pejzp+neG1e+E/7utm/G7m1oKX5Z09H/v/P/DbxcL6fynJHQWet0Fvnh19PRRr7f//Gyt9a2zzHcpJjJRYYa5tpy2G3huq7blGDfwzObGRvn+diMwDbfpBHtB12kZ23cKXc83a/ZdU9ncXDdOac/baW/Va00nnfjh96vl8ob5aDHZ/fc/KgX2tttsuu2tKCasDmMWB0eIU2sZc/Ckt78+LckwqDJLUHVaULVcrVYq1Wpl48Hmgw/L5eLEhPIJmogYHrRvz87HVbqgMzdwfoWw//+bJTW1pLZ2tCuT+WOrLl+eWjn1ibT/f/++c2q7o/1/2stfH1bfUNT/34rf3crr/3NyMTLRDFk1Vs70s/280Csd6akeqaee9vX8Ypa7enEZXu7PllSUXAXy5KqlmrbkyCRTjDa1oQ2V9bG21VAgo4ZcNeUo0J4CdeWoFe0TX45q6sqTL6M12boro4o2tal1GTkqaU+edtTWluqq6V/9fv9AT6Ltvn5KjkqDKrMEFQfH4GRQXv//08/jOV6v/8f/nsGxM0MM8Mb1k+v/fHNZE1cvLyMAAAAAAHDRrOiv71b02f27kvpquE2n/KbTAgAAAAAAFyj65P9m+DIflt6VlXP937/63AAAAAAAwMWwonvsLEkr0Zf6reGdULN8CSDz5gAAAAAAAPB2iT7/v7Ug9aOh1VZlvdb1PwAAAAAA+C/w25Ex9ovpGLv99GP9gqSgs2j9+R+L8uet487ud63DWlhTO0xiJr4B0G3csIqKB+qNxutdkBS9s52bVjI+cDIIphUP7Ct9fTBtrH/LP5HAwlz654uMBK4djSSwUUze6fd6L455L2n38VFBUU3cykrDbTol22s+rKhWu1boOrvdXzx78kvJH6znwZPefumTz3qPo1yOw0nHh2Een4+lU5iWy8tovIXonousNV5WI23yd+3WihW1W07Xf061w8JoQ7Ot/691O465vRK/rhyle0DWr5JCpRTtsuHaR6NDWMMsKifXPGtH5GSxFGVxJ465s3Ynfknzi/fC0vfmpGppch/4o1lUR7OYvi2sf05siylZhMfCepjFX8IF5WSx/npZTOwRAHhTDoa9UDSI+eQY+yf73Yyz3HLymnuWm967/3C8lZd/7Mc3HM5JRfUXk+6ln9+vKDyjr8VhC/Eo7sUbGWf0ctKvLCnnjF4+R+8WtvWn4TOQkqfVJDXFQRb/7vf7DytRu3840at+Ec7wRW67QbM6F27C+y8PfxYNgB/6dP/T/WfV6vpG+YNy+UFV89FqJC/0PQCADNOfsTMesTTszwZ99weDq+rHf38/Lo31u98afKWgpE/0mXp6rHvpIwRWs9tdGfkawr3Jq9YwNvqtYzy2onu5V3VRXzoSWx3EziudZfz3hWHs+mXvBgAArtTtKf3wyf4/69r9XnrdvXYj87p7vC8/+YTgvNjKFW8JAAC+ORz/a2ul+xvL993Ox5XNzUqtu+0Y37N/bHy3vuUYt911fHu71t5yTMf3up7tNU3H16JbdwIT7HQ6nt81Dc83HS9wd6Mnv5vk0e+B06q1u64ddJpOLXCM7bW7Nbtr6m5gm87Oj5pusO340cxBx7HdhmvXuq7XNoG3LNspGRM4zkigW3faXbfhhsW26fhuq+bvmZ94zZ2WY+pOYPtup+vFC0zbctsNz29Fiy2pf9qDDgEA+MZ48ero6aNeb//5KYVjxYX0+2hJ1VcZwQtZC3zDqwgAAE6glwYAAAAAAAAAAAAAAAAAAAAA4O03y/1/pxbSmwLTKfPKCJYGU35+baYlWxpO+fKv58rwDIXCySnJSLv96bN/FReKWTHLYWFBUi/d/KMxx1MTm8uYK6+wOtOaKi4UL34bLktZR8KlFX5wMH4cTsSElZlVi4OtWjz/P4eswrMvc6qmH1GL49tw4bQVHC8UJT1fOMcuuNrzEICr958AAAD//7gMOck=")
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000180)={0x28, r0, 0x801, 0x70bd2d, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x0)

3.588208347s ago: executing program 5 (id=1589):
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
r5 = syz_open_dev$audion(&(0x7f0000000140), 0x6, 0x40500)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r7=>0x0})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r8)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x14, r9, 0x303, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x88d0}, 0x40000)
r10 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010029bd7000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="2000330040bc0100ffffffffffff0802110000005050505047e6ba2aac0146c0"], 0x5c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be70}, 0x3c008010)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r5, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x24, r10, 0x4, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x4040800)

168.185943ms ago: executing program 5 (id=1590):
epoll_create1(0x0)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x8, 0x2, 0x11f}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x2, 0x40024e}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x108, &(0x7f00000003c0)=0xffb, 0x0, 0x4)
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x8, 0x4004, @fd=r3, 0x10, 0x0, 0x0, 0x18, 0x1, {0x2, r6}})
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f00000000c0)={'pcl818\x00', [0x4f27, 0x5, 0x2, 0x401, 0x1, 0xcc7, 0xfff, 0x5c952399, 0x5, 0x3ff, 0x2, 0x1, 0x1, 0x1, 0x9, 0xe1cb, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xfffffffd, 0x0, 0x20001e56, 0xb, 0xe69, 0x3c, 0x8, 0x106, 0x8000000, 0xdffffff8]})
io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x80044940, &(0x7f0000001b00))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r9 = syz_open_dev$vbi(&(0x7f0000000180), 0x1, 0x2)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002e00010000000000fbdbdf250401f2800c00180008ac0f00000000001400010000000000000000000000ffffac14141650bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e88234ac26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r9, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r9, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4e, 0x0, 0x0, {}, {0x1, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)
exit(0x7)

62.496094ms ago: executing program 4 (id=1591):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
read$FUSE(0xffffffffffffffff, &(0x7f0000002400)={0x2020}, 0xfffffec2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setresuid(0xee01, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), r4)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffff0000000008000700263a09091400"], 0x44}, 0x1, 0x1000000}, 0x0)
keyctl$get_persistent(0x16, 0x0, 0xfffffffffffffffb)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed00efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6342103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033df58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca30ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28defa300"})
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r6, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@mask_fadd={0x58, 0x118, 0x8, {{0x0, 0x3}, 0x0, 0x0, 0x5c, 0x8}}, @zcopy_cookie={0x18, 0x114, 0xc, 0x6}], 0x70}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$kcm(0x2b, 0x1, 0x0)
listen(r7, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x16, 0xa, 0x0, 0x0, 0x8000000, 0x61, 0x10, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xce, &(0x7f0000000580)=""/206, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000180)={0x0, 0x8}, &(0x7f00000000c0)=0x8)

0s ago: executing program 2 (id=1592):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000002040), r3)
ptrace(0x10, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x3000c003}, 0x80)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{0x0}], 0x1)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='befs\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x53, 0x3, 0x8, 0x2, 0xb, 0x0, 0x1}, 0x0, &(0x7f0000000280)={0x3fd, 0x252c, 0x2000000000000, 0x2, 0x0, 0x9, 0x466}, 0x0, 0x0)
sendmsg$SEG6_CMD_SETHMAC(r3, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f0000002080)={0x34, r4, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x4]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x882}, 0x0)
ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000240)=0x4)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x2, 0x8001})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x9, 0x7, 0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0x6, 0x1, 0x5], 0x8000000, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

1 (9750): drop_caches: 2
[  753.807480][ T9751] syz.1.781: attempt to access beyond end of device
[  753.807480][ T9751] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  755.371845][ T9765] loop3: detected capacity change from 0 to 16
[  755.387649][ T9765] erofs: (device loop3): mounted with root inode @ nid 36.
[  755.502586][ T9765] syz.3.784: attempt to access beyond end of device
[  755.502586][ T9765] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  755.578677][ T9766] syz.2.775: attempt to access beyond end of device
[  755.578677][ T9766] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  755.593441][ T9766] syz.2.775: attempt to access beyond end of device
[  755.593441][ T9766] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  755.611788][ T9766] Mount JFS Failure: -5
[  755.616222][ T9766] jfs_mount failed w/return code = -5
[  756.320378][ T9768] syz.3.784 (9768): drop_caches: 2
[  756.349568][ T9768] syz.3.784: attempt to access beyond end of device
[  756.349568][ T9768] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  757.712918][ T9774] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[9774]
[  758.009907][ T9775] befs: (nbd0): No write support. Marking filesystem read-only
[  758.029960][ T9775] syz.0.787: attempt to access beyond end of device
[  758.029960][ T9775] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[  759.980888][ T9775] befs: (nbd0): unable to read superblock
[  760.701211][ T9784] loop3: detected capacity change from 0 to 4096
[  760.719913][ T9784] NILFS (loop3): invalid segment: Checksum error in segment payload
[  760.729710][ T9784] NILFS (loop3): trying rollback from an earlier position
[  760.754718][ T9784] NILFS (loop3): recovery complete
[  762.132746][ T9788] loop2: detected capacity change from 0 to 32768
[  762.153113][ T9788] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.778 (9788)
[  762.272640][ T9788] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  762.285080][ T9788] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  762.293974][ T9788] BTRFS info (device loop2): using free space tree
[  762.295203][ T9795] loop3: detected capacity change from 0 to 512
[  762.313918][ T9795] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  762.694733][ T9795] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  762.945706][ T9788] BTRFS info (device loop2): enabling ssd optimizations
[  762.953120][ T9788] BTRFS info (device loop2): auto enabling async discard
[  763.003551][ T1000] BTRFS warning (device loop2): checksum verify failed on logical 5308416 mirror 1 wanted 0x77808b7ecca445f549ae3d233ea0eb27adb628f92d0be59092c566b0ee5e6744 found 0x311bfb1612b2753cc312413fb73db904ebab18a99522a2031b0e3be5616ccef9 level 0
[  763.066973][ T9795] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.780: Invalid inode table block 1 in block_group 0
[  763.087034][ T9788] BTRFS: error (device loop2) in btrfs_fill_super:1172: errno=-5 IO failure
[  763.097915][ T9788] BTRFS error (device loop2: state E): commit super ret -30
[  763.117206][ T9795] EXT4-fs (loop3): get root inode failed
[  763.122964][ T9795] EXT4-fs (loop3): mount failed
[  763.243686][ T6097] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  763.269779][ T5790] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by udevd (5790)
[  768.685877][ T9845] loop1: detected capacity change from 0 to 16
[  768.821255][ T9845] erofs: (device loop1): mounted with root inode @ nid 36.
[  768.873747][ T9845] syz.1.789: attempt to access beyond end of device
[  768.873747][ T9845] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  769.234070][ T9848] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[9848]
[  769.414159][ T9852] syz.1.789 (9852): drop_caches: 2
[  769.423436][ T9852] syz.1.789: attempt to access beyond end of device
[  769.423436][ T9852] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  770.372355][ T9853] befs: (nbd2): No write support. Marking filesystem read-only
[  770.877603][ T9853] syz.2.791: attempt to access beyond end of device
[  770.877603][ T9853] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  771.521829][ T9853] befs: (nbd2): unable to read superblock
[  771.612021][ T9856] netlink: 3 bytes leftover after parsing attributes in process `syz.0.790'.
[  771.687576][ T9856] batadv1: entered allmulticast mode
[  773.402299][ T9865] ptrace attach of "./syz-executor exec"[5794] was attempted by "./syz-executor exec"[9865]
[  776.251203][ T9872] befs: (nbd3): No write support. Marking filesystem read-only
[  776.314903][ T9872] syz.3.794: attempt to access beyond end of device
[  776.314903][ T9872] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  776.333132][ T9872] befs: (nbd3): unable to read superblock
[  777.554522][ T9881] loop2: detected capacity change from 0 to 164
[  777.572357][ T9881] Unable to read rock-ridge attributes
[  778.887678][ T9896] binder: BINDER_SET_CONTEXT_MGR already set
[  778.893806][ T9896] binder: 9894:9896 ioctl 4018620d 2000000002c0 returned -16
[  779.417115][ T9899] binder: BINDER_SET_CONTEXT_MGR already set
[  779.423424][ T9899] binder: 9892:9899 ioctl 4018620d 2000000002c0 returned -16
[  779.619543][ T9902] loop3: detected capacity change from 0 to 16
[  779.699403][ T9902] erofs: (device loop3): mounted with root inode @ nid 36.
[  779.912028][ T9904] ptrace attach of "./syz-executor exec"[5786] was attempted by "./syz-executor exec"[9904]
[  780.435460][ T9911] befs: (nbd1): No write support. Marking filesystem read-only
[  780.444524][ T9911] syz.1.803: attempt to access beyond end of device
[  780.444524][ T9911] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[  780.457629][ T9911] befs: (nbd1): unable to read superblock
[  781.710659][ T9918] syz.3.802 (9918): drop_caches: 2
[  782.360189][ T9920] loop0: detected capacity change from 0 to 512
[  782.373379][ T9920] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  782.383747][ T9920] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  782.425414][ T9920] EXT4-fs error (device loop0): __ext4_get_inode_loc:4489: comm syz.0.806: Invalid inode table block 1 in block_group 0
[  782.451612][ T9920] EXT4-fs (loop0): get root inode failed
[  782.457588][ T9920] EXT4-fs (loop0): mount failed
[  785.899447][ T9943] binder: BINDER_SET_CONTEXT_MGR already set
[  785.905604][ T9943] binder: 9938:9943 ioctl 4018620d 2000000002c0 returned -16
[  786.922546][ T9955] binder: BINDER_SET_CONTEXT_MGR already set
[  786.929001][ T9955] binder: 9947:9955 ioctl 4018620d 2000000002c0 returned -16
[  787.646837][ T9960] capability: warning: `syz.3.816' uses deprecated v2 capabilities in a way that may be insecure
[  787.800718][ T9961] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[9961]
[  787.827315][ T9963] loop0: detected capacity change from 0 to 2048
[  787.845880][ T9963] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  787.919764][ T9966] befs: (nbd2): No write support. Marking filesystem read-only
[  787.928213][ T9966] syz.2.815: attempt to access beyond end of device
[  787.928213][ T9966] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  787.941146][ T9966] befs: (nbd2): unable to read superblock
[  788.380495][ T9969] loop0: detected capacity change from 0 to 16
[  788.395724][ T9969] erofs: (device loop0): mounted with root inode @ nid 36.
[  788.913142][ T9977] loop1: detected capacity change from 0 to 164
[  789.037761][ T9977] Unable to read rock-ridge attributes
[  790.108544][ T9981] syz.0.818 (9981): drop_caches: 2
[  792.425217][ T9994] loop2: detected capacity change from 0 to 16
[  792.444825][ T9994] erofs: (device loop2): mounted with root inode @ nid 36.
[  792.511676][ T9994] syz.2.825: attempt to access beyond end of device
[  792.511676][ T9994] loop2: rw=0, sector=8, nr_sectors = 16 limit=16
[  792.970496][ T9999] syz.2.825 (9999): drop_caches: 2
[  792.978108][ T9999] syz.2.825: attempt to access beyond end of device
[  792.978108][ T9999] loop2: rw=0, sector=8, nr_sectors = 16 limit=16
[  793.993877][ T9997] loop1: detected capacity change from 0 to 512
[  794.026465][ T9997] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  794.105457][ T9997] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  794.141592][T10002] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[10002]
[  794.166901][ T9997] EXT4-fs error (device loop1): __ext4_get_inode_loc:4489: comm syz.1.826: Invalid inode table block 1 in block_group 0
[  794.200708][ T9997] EXT4-fs (loop1): get root inode failed
[  794.206429][ T9997] EXT4-fs (loop1): mount failed
[  794.326322][T10004] loop0: detected capacity change from 0 to 2048
[  794.346727][T10004] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  794.373250][T10002] befs: (nbd2): No write support. Marking filesystem read-only
[  794.381928][T10002] syz.2.828: attempt to access beyond end of device
[  794.381928][T10002] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  794.394743][T10002] befs: (nbd2): unable to read superblock
[  795.881945][T10013] loop0: detected capacity change from 0 to 16
[  795.924829][T10013] erofs: (device loop0): mounted with root inode @ nid 36.
[  795.933643][T10015] loop1: detected capacity change from 0 to 512
[  795.962668][T10015] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  796.005196][T10015] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  796.042135][T10015] EXT4-fs error (device loop1): __ext4_get_inode_loc:4489: comm syz.1.830: Invalid inode table block 1 in block_group 0
[  796.058155][T10015] EXT4-fs (loop1): get root inode failed
[  796.063858][T10015] EXT4-fs (loop1): mount failed
[  797.133642][T10033] loop2: detected capacity change from 0 to 16
[  797.303687][T10033] erofs: (device loop2): mounted with root inode @ nid 36.
[  797.634994][T10033] syz.2.836: attempt to access beyond end of device
[  797.634994][T10033] loop2: rw=0, sector=8, nr_sectors = 16 limit=16
[  798.866005][T10037] syz.2.836 (10037): drop_caches: 2
[  798.883436][T10037] syz.2.836: attempt to access beyond end of device
[  798.883436][T10037] loop2: rw=0, sector=8, nr_sectors = 16 limit=16
[  799.950504][T10040] loop3: detected capacity change from 0 to 2048
[  800.062525][T10040] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  800.156494][T10043] loop0: detected capacity change from 0 to 512
[  800.166787][T10044] netlink: 8 bytes leftover after parsing attributes in process `syz.1.838'.
[  800.210569][T10043] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  800.232408][T10046] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[10046]
[  800.236816][T10043] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  801.218635][T10043] EXT4-fs error (device loop0): __ext4_get_inode_loc:4489: comm syz.0.839: Invalid inode table block 1 in block_group 0
[  801.290495][T10054] befs: (nbd2): No write support. Marking filesystem read-only
[  802.249507][T10054] syz.2.840: attempt to access beyond end of device
[  802.249507][T10054] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  802.262556][T10054] befs: (nbd2): unable to read superblock
[  802.539149][T10043] EXT4-fs (loop0): get root inode failed
[  802.618685][T10043] EXT4-fs (loop0): mount failed
[  804.704111][T10061] loop3: detected capacity change from 0 to 32768
[  805.359997][T10061] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  805.371349][T10061] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  805.380164][T10061] BTRFS info (device loop3): using free space tree
[  805.745430][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  805.746197][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  805.755755][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  805.765223][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  805.774660][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  805.784862][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  805.794341][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  805.804830][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  805.815536][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  805.825957][T10061] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  805.857879][T10061] BTRFS error (device loop3): open_ctree failed: -12
[  806.132904][T10082] input: syz1 as /devices/virtual/input/input25
[  808.411341][ T6097] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by udevd (6097)
[  808.469474][T10093] loop1: detected capacity change from 0 to 16
[  808.587143][T10093] erofs: (device loop1): mounted with root inode @ nid 36.
[  808.633885][T10093] syz.1.846: attempt to access beyond end of device
[  808.633885][T10093] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  809.003984][T10097] syz.1.846 (10097): drop_caches: 2
[  809.014171][T10097] syz.1.846: attempt to access beyond end of device
[  809.014171][T10097] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  809.957751][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  809.964201][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  809.992251][T10098] loop0: detected capacity change from 0 to 16
[  810.046728][T10098] erofs: (device loop0): mounted with root inode @ nid 36.
[  810.254202][T10101] loop3: detected capacity change from 0 to 16
[  810.282735][T10101] erofs: (device loop3): mounted with root inode @ nid 36.
[  810.503956][T10101] syz.3.848: attempt to access beyond end of device
[  810.503956][T10101] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  811.961216][T10112] syz.3.848 (10112): drop_caches: 2
[  812.010379][T10112] syz.3.848: attempt to access beyond end of device
[  812.010379][T10112] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  812.591492][T10114] loop2: detected capacity change from 0 to 512
[  812.602264][T10114] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  812.615548][T10114] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  812.720417][T10114] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm syz.2.851: Invalid inode table block 1 in block_group 0
[  812.789339][T10114] EXT4-fs (loop2): get root inode failed
[  812.808110][T10114] EXT4-fs (loop2): mount failed
[  814.025132][T10119] netlink: 8 bytes leftover after parsing attributes in process `syz.2.852'.
[  815.350941][T10123] binder: BINDER_SET_CONTEXT_MGR already set
[  815.357126][T10123] binder: 10122:10123 ioctl 4018620d 2000000002c0 returned -16
[  815.398354][T10121] loop1: detected capacity change from 0 to 128
[  816.953721][T10135] binder: BINDER_SET_CONTEXT_MGR already set
[  816.960140][T10135] binder: 10131:10135 ioctl 4018620d 2000000002c0 returned -16
[  819.188441][T10139] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[10139]
[  819.346688][T10136] befs: (nbd2): No write support. Marking filesystem read-only
[  819.355235][T10136] syz.2.854: attempt to access beyond end of device
[  819.355235][T10136] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  819.368406][T10136] befs: (nbd2): unable to read superblock
[  819.658123][T10147] input: syz1 as /devices/virtual/input/input26
[  821.335435][T10155] binder: BINDER_SET_CONTEXT_MGR already set
[  821.341916][T10155] binder: 10153:10155 ioctl 4018620d 2000000002c0 returned -16
[  824.092573][T10171] netlink: 8 bytes leftover after parsing attributes in process `syz.0.864'.
[  824.113295][T10167] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[10167]
[  824.265807][T10172] No such timeout policy "syz1"
[  824.872089][T10169] befs: (nbd2): No write support. Marking filesystem read-only
[  824.880586][T10169] syz.2.865: attempt to access beyond end of device
[  824.880586][T10169] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  824.893447][T10169] befs: (nbd2): unable to read superblock
[  825.241245][T10165] loop3: detected capacity change from 0 to 2048
[  825.395351][T10165] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  825.493122][T10179] loop1: detected capacity change from 0 to 16
[  825.529947][T10179] erofs: (device loop1): mounted with root inode @ nid 36.
[  826.184582][T10181] syz.1.866 (10181): drop_caches: 2
[  827.954184][T10192] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[10192]
[  828.154636][T10199] input: syz1 as /devices/virtual/input/input27
[  828.623583][T10194] befs: (nbd2): No write support. Marking filesystem read-only
[  828.631480][T10194] syz.2.869: attempt to access beyond end of device
[  828.631480][T10194] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  828.644324][T10194] befs: (nbd2): unable to read superblock
[  829.842195][T10209] binder: BINDER_SET_CONTEXT_MGR already set
[  829.848925][T10209] binder: 10205:10209 ioctl 4018620d 2000000002c0 returned -16
[  831.739144][T10223] No such timeout policy "syz1"
[  832.990713][T10221] loop2: detected capacity change from 0 to 32768
[  834.392655][T10227] binder: BINDER_SET_CONTEXT_MGR already set
[  834.399455][T10227] binder: 10225:10227 ioctl 4018620d 2000000002c0 returned -16
[  835.119618][T10230] loop0: detected capacity change from 0 to 16
[  835.140176][T10230] erofs: (device loop0): mounted with root inode @ nid 36.
[  835.698946][T10235] input: syz1 as /devices/virtual/input/input28
[  836.069111][T10241] loop3: detected capacity change from 0 to 512
[  836.103006][T10241] EXT4-fs (loop3): Test dummy encryption mode enabled
[  836.154421][T10241] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  836.213787][T10243] ptrace attach of "./syz-executor exec"[5786] was attempted by "./syz-executor exec"[10243]
[  836.274319][T10241] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.877: bad orphan inode 131083
[  836.388289][T10246] syz.0.885 (10246): drop_caches: 2
[  836.787565][T10250] befs: (nbd1): No write support. Marking filesystem read-only
[  836.796006][T10250] syz.1.880: attempt to access beyond end of device
[  836.796006][T10250] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[  836.809789][T10250] befs: (nbd1): unable to read superblock
[  836.974284][T10241] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  839.933113][T10258] fscrypt (loop3): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))")
[  840.204687][T10267] binder: BINDER_SET_CONTEXT_MGR already set
[  840.211084][T10267] binder: 10265:10267 ioctl 4018620d 2000000002c0 returned -16
[  841.968755][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  842.366871][T10274] No such timeout policy "syz1"
[  843.101746][T10284] binder: BINDER_SET_CONTEXT_MGR already set
[  843.108000][T10284] binder: 10278:10284 ioctl 4018620d 2000000002c0 returned -16
[  843.930815][T10281] loop3: detected capacity change from 0 to 2048
[  844.926141][T10281] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  845.405278][T10289] veth0_to_team: entered promiscuous mode
[  846.804578][T10301] befs: (nbd2): No write support. Marking filesystem read-only
[  846.813187][T10301] syz.2.891: attempt to access beyond end of device
[  846.813187][T10301] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  846.826061][T10301] befs: (nbd2): unable to read superblock
[  847.017508][T10304] netlink: 16 bytes leftover after parsing attributes in process `syz.1.890'.
[  847.975392][T10307] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[10307]
[  848.659718][T10309] befs: (nbd0): No write support. Marking filesystem read-only
[  848.668598][T10309] syz.0.892: attempt to access beyond end of device
[  848.668598][T10309] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[  848.681575][T10309] befs: (nbd0): unable to read superblock
[  849.289963][T10318] loop0: detected capacity change from 0 to 512
[  849.351087][T10318] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  849.373355][T10318] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  849.398205][T10318] EXT4-fs error (device loop0): __ext4_get_inode_loc:4489: comm syz.0.895: Invalid inode table block 1 in block_group 0
[  849.412728][T10318] EXT4-fs (loop0): get root inode failed
[  849.420359][T10318] EXT4-fs (loop0): mount failed
[  849.537962][T10323] binder: BINDER_SET_CONTEXT_MGR already set
[  849.544471][T10323] binder: 10320:10323 ioctl 4018620d 2000000002c0 returned -16
[  853.078508][T10343] loop0: detected capacity change from 0 to 16
[  853.112780][T10343] erofs: (device loop0): mounted with root inode @ nid 36.
[  853.437213][T10343] syz.0.900: attempt to access beyond end of device
[  853.437213][T10343] loop0: rw=0, sector=8, nr_sectors = 16 limit=16
[  854.560543][T10352] syz.0.900 (10352): drop_caches: 2
[  854.569453][T10352] syz.0.900: attempt to access beyond end of device
[  854.569453][T10352] loop0: rw=0, sector=8, nr_sectors = 16 limit=16
[  856.704900][T10356] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[10356]
[  856.800703][T10358] befs: (nbd2): No write support. Marking filesystem read-only
[  856.809582][T10358] syz.2.903: attempt to access beyond end of device
[  856.809582][T10358] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  856.822515][T10358] befs: (nbd2): unable to read superblock
[  858.628756][T10361] loop3: detected capacity change from 0 to 512
[  858.846797][T10361] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  858.884488][T10361] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  858.997626][T10361] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.905: Invalid inode table block 1 in block_group 0
[  859.062186][T10361] EXT4-fs (loop3): get root inode failed
[  859.075263][T10365] loop0: detected capacity change from 0 to 2048
[  859.107110][T10361] EXT4-fs (loop3): mount failed
[  859.451881][T10365] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  860.290313][T10371] binder: BINDER_SET_CONTEXT_MGR already set
[  860.296520][T10371] binder: 10368:10371 ioctl 4018620d 2000000002c0 returned -16
[  860.976228][T10375] binder: BINDER_SET_CONTEXT_MGR already set
[  860.982609][T10375] binder: 10373:10375 ioctl 4018620d 2000000002c0 returned -16
[  865.235600][T10395] loop2: detected capacity change from 0 to 512
[  865.250655][T10395] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  865.261987][T10395] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  865.284585][T10395] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm syz.2.912: Invalid inode table block 1 in block_group 0
[  865.302097][T10395] EXT4-fs (loop2): get root inode failed
[  865.321225][T10395] EXT4-fs (loop2): mount failed
[  865.625856][T10399] loop0: detected capacity change from 0 to 16
[  865.634286][T10399] erofs: (device loop0): mounted with root inode @ nid 36.
[  866.430866][T10399] syz.0.913: attempt to access beyond end of device
[  866.430866][T10399] loop0: rw=0, sector=8, nr_sectors = 16 limit=16
[  867.268801][T10407] syz.0.913 (10407): drop_caches: 2
[  867.300555][T10407] syz.0.913: attempt to access beyond end of device
[  867.300555][T10407] loop0: rw=0, sector=8, nr_sectors = 16 limit=16
[  868.337056][T10413] netlink: 16 bytes leftover after parsing attributes in process `syz.2.915'.
[  869.501118][T10421] binder: BINDER_SET_CONTEXT_MGR already set
[  869.507493][T10421] binder: 10419:10421 ioctl 4018620d 2000000002c0 returned -16
[  870.520281][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  870.526816][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  871.755809][T10403] netlink: 'syz.3.914': attribute type 10 has an invalid length.
[  871.821822][T10403] netlink: 40 bytes leftover after parsing attributes in process `syz.3.914'.
[  871.842107][T10403] team0: entered promiscuous mode
[  871.880394][T10403] team0: entered allmulticast mode
[  871.886488][T10403] bridge0: port 1(team0) entered blocking state
[  871.936066][T10403] bridge0: port 1(team0) entered disabled state
[  872.882712][ T5791] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  873.261231][ T5791] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  873.276438][ T5791] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  873.294670][ T5791] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  873.307907][ T5791] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  873.317231][ T5791] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  873.516654][ T5789] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  873.528189][ T5789] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  873.539834][ T5789] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  873.556066][ T5789] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  873.573645][ T5789] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  873.625171][ T5789] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  874.026283][T10439] befs: (nbd3): No write support. Marking filesystem read-only
[  874.034724][T10439] syz.3.920: attempt to access beyond end of device
[  874.034724][T10439] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  874.047699][T10439] befs: (nbd3): unable to read superblock
[  874.506997][T10426] vxcan1 speed is unknown, defaulting to 1000
[  875.069764][T10443] loop2: detected capacity change from 0 to 2048
[  875.153026][T10443] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  875.717171][ T5789] Bluetooth: hci4: command tx timeout
[  875.798512][T10426] wlan0 speed is unknown, defaulting to 1000
[  876.433102][T10426] chnl_net:caif_netlink_parms(): no params data found
[  876.729195][T10426] bridge0: port 1(bridge_slave_0) entered blocking state
[  876.777529][T10426] bridge0: port 1(bridge_slave_0) entered disabled state
[  876.799470][T10426] bridge_slave_0: entered allmulticast mode
[  876.825008][T10426] bridge_slave_0: entered promiscuous mode
[  876.861294][T10426] bridge0: port 2(bridge_slave_1) entered blocking state
[  876.891254][T10426] bridge0: port 2(bridge_slave_1) entered disabled state
[  876.912323][T10426] bridge_slave_1: entered allmulticast mode
[  876.951679][T10426] bridge_slave_1: entered promiscuous mode
[  877.116084][T10426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  877.130900][T10426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  877.180138][T10426] team0: Port device team_slave_0 added
[  877.189397][T10426] team0: Port device team_slave_1 added
[  877.222533][T10426] batman_adv: batadv0: Adding interface: batadv_slave_0
[  877.229701][T10426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  877.257177][T10426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  877.272416][T10426] batman_adv: batadv0: Adding interface: batadv_slave_1
[  877.279493][T10426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  877.305674][T10426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  877.367962][T10426] hsr_slave_0: entered promiscuous mode
[  877.375458][T10426] hsr_slave_1: entered promiscuous mode
[  877.384090][T10426] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  877.393691][T10426] Cannot create hsr debugfs directory
[  877.574197][T10426] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  877.585810][T10426] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  877.596431][T10426] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  877.609435][T10426] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  877.705220][T10426] 8021q: adding VLAN 0 to HW filter on device bond0
[  877.729329][T10426] 8021q: adding VLAN 0 to HW filter on device team0
[  877.744953][ T6363] bridge0: port 1(bridge_slave_0) entered blocking state
[  877.752177][ T6363] bridge0: port 1(bridge_slave_0) entered forwarding state
[  877.772227][ T6363] bridge0: port 2(bridge_slave_1) entered blocking state
[  877.779453][ T6363] bridge0: port 2(bridge_slave_1) entered forwarding state
[  877.797820][ T5789] Bluetooth: hci4: command tx timeout
[  878.009442][T10426] 8021q: adding VLAN 0 to HW filter on device batadv0
[  878.264019][T10426] veth0_vlan: entered promiscuous mode
[  878.278561][T10426] veth1_vlan: entered promiscuous mode
[  878.315189][T10426] veth0_macvtap: entered promiscuous mode
[  878.325993][T10426] veth1_macvtap: entered promiscuous mode
[  878.351313][T10426] batman_adv: batadv0: Interface activated: batadv_slave_0
[  878.363127][T10426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  878.375924][T10426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  878.386861][T10426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  878.397602][T10426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  878.407822][T10426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  878.418477][T10426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  878.430562][T10426] batman_adv: batadv0: Interface activated: batadv_slave_1
[  878.448472][T10426] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  878.457521][T10426] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  878.466284][T10426] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  878.475717][T10426] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  878.569317][ T1000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  878.582050][ T1000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  878.614533][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  878.623254][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  878.753803][T10467] loop4: detected capacity change from 0 to 512
[  878.790927][T10467] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  878.804336][T10467] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  878.816011][T10467] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.916: Invalid inode table block 1 in block_group 0
[  878.859921][T10467] EXT4-fs (loop4): get root inode failed
[  878.873416][T10467] EXT4-fs (loop4): mount failed
[  878.934587][T10477] binder: BINDER_SET_CONTEXT_MGR already set
[  878.940910][T10477] binder: 10468:10477 ioctl 4018620d 2000000002c0 returned -16
[  879.767985][ T5878] IPVS: starting estimator thread 0...
[  879.886858][ T5789] Bluetooth: hci4: command tx timeout
[  880.366850][T10485] IPVS: using max 17 ests per chain, 40800 per kthread
[  880.452512][T10487] loop3: detected capacity change from 0 to 512
[  880.471371][T10487] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  880.482621][T10487] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  880.495198][T10487] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.923: Invalid inode table block 1 in block_group 0
[  880.539784][T10487] EXT4-fs (loop3): get root inode failed
[  880.560785][T10487] EXT4-fs (loop3): mount failed
[  882.012513][ T5789] Bluetooth: hci4: command tx timeout
[  882.185593][T10504] netlink: 16 bytes leftover after parsing attributes in process `syz.0.924'.
[  882.744471][T10507] binder: BINDER_SET_CONTEXT_MGR already set
[  882.750826][T10507] binder: 10505:10507 ioctl 4018620d 2000000002c0 returned -16
[  883.619993][T10511] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[10511]
[  883.821755][T10512] befs: (nbd2): No write support. Marking filesystem read-only
[  883.830618][T10512] syz.2.927: attempt to access beyond end of device
[  883.830618][T10512] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  883.843693][T10512] befs: (nbd2): unable to read superblock
[  883.891726][   T28] audit: type=1326 audit(2000000668.380:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  884.115818][   T28] audit: type=1326 audit(2000000668.390:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  884.819899][   T28] audit: type=1326 audit(2000000668.440:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  884.869246][T10516] netlink: 136 bytes leftover after parsing attributes in process `syz.3.932'.
[  884.988075][   T28] audit: type=1326 audit(2000000668.470:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  885.010678][   T28] audit: type=1326 audit(2000000668.480:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  885.033737][   T28] audit: type=1326 audit(2000000668.540:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  885.056910][   T28] audit: type=1326 audit(2000000668.540:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  885.080521][   T28] audit: type=1326 audit(2000000668.540:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  885.322372][T10525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.933'.
[  885.371035][T10525] netlink: 20 bytes leftover after parsing attributes in process `syz.4.933'.
[  885.819899][T10525] workqueue: Failed to create a rescuer kthread for wq "nbd63-recv": -EINTR
[  885.823034][T10525] block (null): Could not allocate knbd recv work queue.
[  885.840243][T10525] nbd: failed to add new device
[  885.938077][   T28] audit: type=1326 audit(2000000668.560:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  886.007193][T10532] loop2: detected capacity change from 0 to 512
[  886.015632][T10532] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  886.025891][   T28] audit: type=1326 audit(2000000668.560:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10514 comm="syz.3.932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9a78efc9 code=0x7ffc0000
[  886.048336][T10532] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  886.070383][T10532] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm syz.2.935: Invalid inode table block 1 in block_group 0
[  886.174827][T10532] EXT4-fs (loop2): get root inode failed
[  886.261071][T10536] netlink: 24 bytes leftover after parsing attributes in process `syz.0.934'.
[  886.546151][T10532] EXT4-fs (loop2): mount failed
[  887.388937][T10547] binder: BINDER_SET_CONTEXT_MGR already set
[  887.396815][T10547] binder: 10542:10547 ioctl 4018620d 2000000002c0 returned -16
[  890.654015][T10566] binder: BINDER_SET_CONTEXT_MGR already set
[  890.660835][T10566] binder: 10558:10566 ioctl 4018620d 2000000002c0 returned -16
[  891.706903][T10571] netlink: 16 bytes leftover after parsing attributes in process `syz.4.939'.
[  891.984898][T10574] loop2: detected capacity change from 0 to 16
[  892.010721][T10574] erofs: (device loop2): mounted with root inode @ nid 36.
[  892.687960][T10581] syz.2.943 (10581): drop_caches: 2
[  894.541474][T10588] loop2: detected capacity change from 0 to 512
[  894.673104][T10588] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  894.695307][T10588] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  895.240230][T10588] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm syz.2.946: Invalid inode table block 1 in block_group 0
[  895.282999][T10588] EXT4-fs (loop2): get root inode failed
[  895.305637][T10588] EXT4-fs (loop2): mount failed
[  895.428789][T10605] netlink: 24 bytes leftover after parsing attributes in process `syz.0.949'.
[  897.278627][T10613] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[10613]
[  897.399225][T10620] befs: (nbd4): No write support. Marking filesystem read-only
[  897.409958][T10620] syz.4.952: attempt to access beyond end of device
[  897.409958][T10620] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[  897.423925][T10620] befs: (nbd4): unable to read superblock
[  898.329503][T10629] binder: 10623:10629 unknown command 1074553619
[  898.339160][T10629] binder: 10623:10629 ioctl c0306201 200000000040 returned -22
[  898.419984][T10632] loop2: detected capacity change from 0 to 512
[  898.461226][T10629] 8021q: adding VLAN 0 to HW filter on device bond0
[  898.478799][T10629] bond0: (slave rose0): Enslaving as an active interface with an up link
[  898.680070][T10634] netlink: 'syz.0.953': attribute type 10 has an invalid length.
[  898.704612][T10632] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  898.831221][T10644] netlink: 16 bytes leftover after parsing attributes in process `syz.3.955'.
[  899.277556][T10632] ext4 filesystem being mounted at /239/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  899.301297][T10634] team0: Device hsr_slave_0 failed to register rx_handler
[  900.182373][T10652] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  900.204661][T10652] __quota_error: 64 callbacks suppressed
[  900.204746][T10652] Quota error (device loop2): write_blk: dquota write failed
[  900.222869][T10652] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota
[  900.234388][T10652] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.954: Failed to acquire dquot type 0
[  900.386444][T10647] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  900.400895][T10647] cramfs: wrong magic
[  900.638737][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  902.020035][T10666] TCP: TCP_TX_DELAY enabled
[  902.289433][T10670] binder: BINDER_SET_CONTEXT_MGR already set
[  902.295557][T10670] binder: 10660:10670 ioctl 4018620d 2000000002c0 returned -16
[  904.312073][T10694] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[10694]
[  904.912902][T10698] befs: (nbd2): No write support. Marking filesystem read-only
[  904.921997][T10698] syz.2.964: attempt to access beyond end of device
[  904.921997][T10698] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  904.934956][T10698] befs: (nbd2): unable to read superblock
[  907.413388][T10712] netlink: 16 bytes leftover after parsing attributes in process `syz.0.967'.
[  908.527352][T10729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.969'.
[  908.579337][T10729] netlink: 20 bytes leftover after parsing attributes in process `syz.3.969'.
[  908.873501][T10734] binder: BINDER_SET_CONTEXT_MGR already set
[  908.879793][T10734] binder: 10724:10734 ioctl 4018620d 2000000002c0 returned -16
[  909.016761][T10729] workqueue: Failed to create a rescuer kthread for wq "nbd63-recv": -EINTR
[  909.017217][T10729] block (null): Could not allocate knbd recv work queue.
[  909.034330][T10729] nbd: failed to add new device
[  910.188712][T10737] loop4: detected capacity change from 0 to 512
[  910.548619][T10737] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  910.576789][T10737] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  910.631783][T10743] ptrace attach of "./syz-executor exec"[5794] was attempted by "./syz-executor exec"[10743]
[  911.658027][T10764] binder: BINDER_SET_CONTEXT_MGR already set
[  911.664641][T10764] binder: 10754:10764 ioctl 4018620d 2000000002c0 returned -16
[  912.995269][T10743] befs: (nbd3): No write support. Marking filesystem read-only
[  913.841950][T10743] syz.3.972: attempt to access beyond end of device
[  913.841950][T10743] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  913.861522][T10743] befs: (nbd3): unable to read superblock
[  913.924438][T10426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  916.848728][T10803] binder: BINDER_SET_CONTEXT_MGR already set
[  916.854885][T10803] binder: 10795:10803 ioctl 4018620d 2000000002c0 returned -16
[  919.142486][T10791] binder: 10790:10791 unknown command 1074553619
[  919.150742][T10791] binder: 10790:10791 ioctl c0306201 200000000040 returned -22
[  919.282466][T10802] netlink: 16 bytes leftover after parsing attributes in process `syz.2.984'.
[  919.330609][T10791] netlink: 'syz.3.981': attribute type 10 has an invalid length.
[  919.543596][T10791] team0: Device hsr_slave_0 failed to register rx_handler
[  919.642518][T10810] binder: BINDER_SET_CONTEXT_MGR already set
[  919.648759][T10810] binder: 10808:10810 ioctl 4018620d 2000000002c0 returned -16
[  922.268177][T10821] binder: BINDER_SET_CONTEXT_MGR already set
[  922.274442][T10821] binder: 10816:10821 ioctl 4018620d 2000000002c0 returned -16
[  924.222200][T10829] ptrace attach of "./syz-executor exec"[5794] was attempted by "./syz-executor exec"[10829]
[  925.270224][T10829] befs: (nbd3): No write support. Marking filesystem read-only
[  925.317119][T10829] syz.3.989: attempt to access beyond end of device
[  925.317119][T10829] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  925.353516][T10829] befs: (nbd3): unable to read superblock
[  926.597461][T10857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.999'.
[  926.682601][T10854] netlink: 20 bytes leftover after parsing attributes in process `syz.0.999'.
[  926.994407][T10865] loop4: detected capacity change from 0 to 512
[  927.009005][T10865] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  927.019451][T10865] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  927.042655][T10865] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.994: Invalid inode table block 1 in block_group 0
[  927.057613][T10865] EXT4-fs (loop4): get root inode failed
[  927.063320][T10865] EXT4-fs (loop4): mount failed
[  927.188538][T10869] loop3: detected capacity change from 0 to 512
[  927.760634][T10869] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  927.894039][T10869] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  928.037610][T10869] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.995: Invalid inode table block 1 in block_group 0
[  928.158428][T10877] binder: BINDER_SET_CONTEXT_MGR already set
[  928.164666][T10877] binder: 10870:10877 ioctl 4018620d 2000000002c0 returned -16
[  928.175965][T10869] EXT4-fs (loop3): get root inode failed
[  928.349599][T10869] EXT4-fs (loop3): mount failed
[  929.477919][T10883] netlink: 'syz.4.997': attribute type 10 has an invalid length.
[  929.488306][T10883] netlink: 40 bytes leftover after parsing attributes in process `syz.4.997'.
[  929.499988][T10883] team0: entered promiscuous mode
[  929.505355][T10883] team_slave_0: entered promiscuous mode
[  929.516818][T10883] team_slave_1: entered promiscuous mode
[  929.526757][T10883] team0: entered allmulticast mode
[  929.534370][T10883] team_slave_0: entered allmulticast mode
[  929.592893][T10883] team_slave_1: entered allmulticast mode
[  929.855925][T10887] binder: BINDER_SET_CONTEXT_MGR already set
[  929.862179][T10887] binder: 10884:10887 ioctl 4018620d 2000000002c0 returned -16
[  929.888860][T10883] bridge0: port 3(team0) entered blocking state
[  929.939313][T10883] bridge0: port 3(team0) entered disabled state
[  930.033431][T10883] bridge0: port 3(team0) entered blocking state
[  930.040381][T10883] bridge0: port 3(team0) entered forwarding state
[  932.346204][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  932.358626][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  932.470040][T10895] netlink: 'syz.0.1001': attribute type 4 has an invalid length.
[  932.533211][T10892] ptrace attach of "./syz-executor exec"[5794] was attempted by "./syz-executor exec"[10892]
[  932.672412][T10897] befs: (nbd3): No write support. Marking filesystem read-only
[  932.692787][T10895] netlink: 'syz.0.1001': attribute type 10 has an invalid length.
[  932.700989][T10895] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1001'.
[  932.730631][T10897] syz.3.1000: attempt to access beyond end of device
[  932.730631][T10897] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  932.744152][T10897] befs: (nbd3): unable to read superblock
[  933.009674][T10056] libceph: connect (1)[c::]:6789 error -101
[  933.016039][T10056] libceph: mon0 (1)[c::]:6789 connect error
[  933.723479][T10056] libceph: connect (1)[c::]:6789 error -101
[  933.785608][T10902] ceph: No mds server is up or the cluster is laggy
[  933.827284][T10056] libceph: mon0 (1)[c::]:6789 connect error
[  934.611498][T10915] loop4: detected capacity change from 0 to 512
[  934.948375][T10915] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  935.660549][T10931] pimreg: entered allmulticast mode
[  936.139643][T10915] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  936.627681][T10936] loop3: detected capacity change from 0 to 512
[  937.255820][T10936] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  937.283261][T10939] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  937.299749][T10939] Quota error (device loop4): write_blk: dquota write failed
[  937.307519][T10939] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[  937.317919][T10939] EXT4-fs error (device loop4): ext4_acquire_dquot:6940: comm syz.4.1006: Failed to acquire dquot type 0
[  937.342060][T10936] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  937.459117][T10936] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.1009: Invalid inode table block 1 in block_group 0
[  937.591607][T10936] EXT4-fs (loop3): get root inode failed
[  937.608858][T10426] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  937.631502][T10936] EXT4-fs (loop3): mount failed
[  938.569061][T10952] loop4: detected capacity change from 0 to 512
[  938.769823][T10952] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  938.815708][T10952] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  938.859869][T10952] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1011: Invalid inode table block 1 in block_group 0
[  938.897587][T10952] EXT4-fs (loop4): get root inode failed
[  939.075773][T10952] EXT4-fs (loop4): mount failed
[  939.823352][T10967] loop3: detected capacity change from 0 to 512
[  940.121493][T10967] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  940.207125][T10967] ext4 filesystem being mounted at /252/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  940.270283][T10977] netlink: 'syz.2.1013': attribute type 4 has an invalid length.
[  941.360274][   T28] audit: type=1800 audit(2000000725.870:128): pid=10988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1012" name="file1" dev="loop3" ino=15 res=0 errno=0
[  941.504278][T10978] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  941.515049][T10978] cramfs: wrong magic
[  941.519327][ T5794] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  941.567698][T10979] netlink: 'syz.2.1013': attribute type 10 has an invalid length.
[  941.649047][T10992] loop4: detected capacity change from 0 to 8
[  942.610446][T10979] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1013'.
[  942.671317][T10992] SQUASHFS error: xz decompression failed, data probably corrupt
[  942.679365][T10992] SQUASHFS error: Failed to read block 0x108: -5
[  942.685799][T10992] SQUASHFS error: Unable to read metadata cache entry [106]
[  942.693658][T10992] SQUASHFS error: Unable to read inode 0x11f
[  944.249684][T10999] binder: BINDER_SET_CONTEXT_MGR already set
[  944.255885][T10999] binder: 10995:10999 ioctl 4018620d 2000000002c0 returned -16
[  945.022094][T11001] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11001]
[  945.354241][ T5789] Bluetooth: hci4: unexpected Set CIG Parameters response data
[  945.910623][T11001] befs: (nbd0): No write support. Marking filesystem read-only
[  945.965059][T11001] syz.0.1016: attempt to access beyond end of device
[  945.965059][T11001] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[  946.009743][T11001] befs: (nbd0): unable to read superblock
[  947.714496][T11022] loop4: detected capacity change from 0 to 256
[  947.740285][T11023] ptrace attach of "./syz-executor exec"[5794] was attempted by "./syz-executor exec"[11023]
[  948.658011][T11034] befs: (nbd3): No write support. Marking filesystem read-only
[  948.667605][T11034] syz.3.1019: attempt to access beyond end of device
[  948.667605][T11034] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  948.684781][T11034] befs: (nbd3): unable to read superblock
[  949.223054][T11033] GUP no longer grows the stack in syz.2.1024 (11033): 200000005000-200000008000 (200000004000)
[  949.397216][ T5789] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  949.408083][ T5789] Bluetooth: hci4: Injecting HCI hardware error event
[  949.419838][ T5789] Bluetooth: hci4: hardware error 0x00
[  949.472369][T11033] CPU: 1 PID: 11033 Comm: syz.2.1024 Not tainted syzkaller #0
[  949.480325][T11033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  949.490445][T11033] Call Trace:
[  949.493941][T11033]  <TASK>
[  949.496920][T11033]  dump_stack_lvl+0x16c/0x230
[  949.501750][T11033]  ? show_regs_print_info+0x20/0x20
[  949.507006][T11033]  ? load_image+0x3b0/0x3b0
[  949.511646][T11033]  ? find_vma+0x12e/0x1b0
[  949.516037][T11033]  fixup_user_fault+0x652/0x710
[  949.520949][T11033]  fault_in_user_writeable+0x71/0xe0
[  949.526291][T11033]  futex_lock_pi+0x21b/0x8d0
[  949.530940][T11033]  ? fixup_pi_state_owner+0x5c0/0x5c0
[  949.536403][T11033]  ? do_futex+0x21f/0x3e0
[  949.540900][T11033]  do_futex+0x23d/0x3e0
[  949.545112][T11033]  ? __ia32_sys_get_robust_list+0x90/0x90
[  949.550905][T11033]  __se_sys_futex+0x36f/0x3f0
[  949.555851][T11033]  ? __x64_sys_futex+0xf0/0xf0
[  949.560677][T11033]  ? __x64_sys_futex+0x21/0xf0
[  949.565661][T11033]  do_syscall_64+0x55/0xb0
[  949.570125][T11033]  ? clear_bhb_loop+0x40/0x90
[  949.574849][T11033]  ? clear_bhb_loop+0x40/0x90
[  949.579624][T11033]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  949.585576][T11033] RIP: 0033:0x7f471738efc9
[  949.590139][T11033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  949.609802][T11033] RSP: 002b:00007f47182a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  949.618271][T11033] RAX: ffffffffffffffda RBX: 00007f47175e5fa0 RCX: 00007f471738efc9
[  949.626281][T11033] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000
[  949.634320][T11033] RBP: 00007f4717411f91 R08: 0000000000000000 R09: 0000000000000000
[  949.642333][T11033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  949.650372][T11033] R13: 00007f47175e6038 R14: 00007f47175e5fa0 R15: 00007ffc3ca9dc28
[  949.658432][T11033]  </TASK>
[  950.249078][T11040] loop4: detected capacity change from 0 to 512
[  950.316714][   T27] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  950.471211][T11040] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  950.511110][   T27] usb 3-1: config 0 has an invalid descriptor of length 233, skipping remainder of the config
[  950.532091][   T27] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  950.532162][T11040] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  950.862476][   T27] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  950.971479][T11040] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1033: Invalid inode table block 1 in block_group 0
[  950.997379][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  951.310835][   T27] usb 3-1: config 0 descriptor??
[  951.337473][T11040] EXT4-fs (loop4): get root inode failed
[  951.356667][T11040] EXT4-fs (loop4): mount failed
[  951.481134][ T6097] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  951.686689][   T27] usb 3-1: can't set config #0, error -71
[  951.703577][   T27] usb 3-1: USB disconnect, device number 6
[  952.335227][T11050] netlink: 'syz.0.1026': attribute type 10 has an invalid length.
[  952.343717][T11050] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1026'.
[  952.357396][ T5789] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  953.380447][T11057] binder: BINDER_SET_CONTEXT_MGR already set
[  953.386903][T11057] binder: 11052:11057 ioctl 4018620d 2000000002c0 returned -16
[  954.110121][T11067] netlink: 'syz.4.1031': attribute type 4 has an invalid length.
[  954.151764][T11063] ptrace attach of "./syz-executor exec"[5794] was attempted by "./syz-executor exec"[11063]
[  954.357753][T11069] netlink: 'syz.4.1031': attribute type 10 has an invalid length.
[  955.296759][T11069] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1031'.
[  955.323126][T11063] befs: (nbd3): No write support. Marking filesystem read-only
[  955.374711][T11063] syz.3.1030: attempt to access beyond end of device
[  955.374711][T11063] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[  955.454035][T11063] befs: (nbd3): unable to read superblock
[  955.616804][T11069] loop4: detected capacity change from 0 to 512
[  955.974672][T11079] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1034'.
[  956.384512][T11082] ALSA: seq fatal error: cannot create timer (-22)
[  957.253698][T11089] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11089]
[  957.371894][T11090] befs: (nbd0): No write support. Marking filesystem read-only
[  957.380358][T11090] syz.0.1036: attempt to access beyond end of device
[  957.380358][T11090] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[  957.393437][T11090] befs: (nbd0): unable to read superblock
[  958.201313][T11069] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  958.201630][T11069] EXT4-fs: failed to create workqueue
[  958.516270][T11094] syz.0.1037 (11094): drop_caches: 2
[  958.957220][T11069] EXT4-fs (loop4): mount failed
[  960.331762][T11116] loop4: detected capacity change from 0 to 512
[  960.364909][T11116] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  960.991195][T11116] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  961.017085][T11116] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1043: Invalid inode table block 1 in block_group 0
[  961.031960][T11116] EXT4-fs (loop4): get root inode failed
[  961.037937][T11116] EXT4-fs (loop4): mount failed
[  961.307204][T11127] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11127]
[  962.026112][T11134] befs: (nbd0): No write support. Marking filesystem read-only
[  962.035484][T11134] syz.0.1045: attempt to access beyond end of device
[  962.035484][T11134] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[  962.049412][T11134] befs: (nbd0): unable to read superblock
[  962.433598][T11138] loop3: detected capacity change from 0 to 16
[  962.505401][T11138] erofs: (device loop3): mounted with root inode @ nid 36.
[  962.535729][T11138] syz.3.1046: attempt to access beyond end of device
[  962.535729][T11138] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  962.562217][T11140] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[11140]
[  962.785715][T11138] syz.3.1046 (11138): drop_caches: 2
[  962.793718][T11138] syz.3.1046: attempt to access beyond end of device
[  962.793718][T11138] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  963.475591][T11151] pimreg: entered allmulticast mode
[  964.245338][T11147] befs: (nbd4): No write support. Marking filesystem read-only
[  964.256997][T11147] syz.4.1047: attempt to access beyond end of device
[  964.256997][T11147] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[  964.272913][T11147] befs: (nbd4): unable to read superblock
[  965.195349][T11164] binder: BINDER_SET_CONTEXT_MGR already set
[  965.202093][T11164] binder: 11159:11164 ioctl 4018620d 2000000002c0 returned -16
[  969.387552][T11185] loop4: detected capacity change from 0 to 512
[  969.437524][T11185] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  969.479085][T11185] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  969.551450][T11185] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1056: Invalid inode table block 1 in block_group 0
[  969.582736][T11185] EXT4-fs (loop4): get root inode failed
[  969.602241][T11185] EXT4-fs (loop4): mount failed
[  969.828083][T11192] loop3: detected capacity change from 0 to 16
[  969.899343][T11193] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1057'.
[  969.949740][T11193] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1057'.
[  969.973843][T11192] erofs: (device loop3): mounted with root inode @ nid 36.
[  970.052904][T11169] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  970.490656][T11192] syz.3.1058: attempt to access beyond end of device
[  970.490656][T11192] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  971.453005][T11192] syz.3.1058 (11192): drop_caches: 2
[  971.459718][T11192] syz.3.1058: attempt to access beyond end of device
[  971.459718][T11192] loop3: rw=0, sector=8, nr_sectors = 16 limit=16
[  972.139117][T11206] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[11206]
[  972.560698][T11206] befs: (nbd2): No write support. Marking filesystem read-only
[  972.569530][T11206] syz.2.1059: attempt to access beyond end of device
[  972.569530][T11206] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  972.582517][T11206] befs: (nbd2): unable to read superblock
[  973.875338][T11220] binder: BINDER_SET_CONTEXT_MGR already set
[  973.881782][T11220] binder: 11215:11220 ioctl 4018620d 2000000002c0 returned -16
[  974.825218][T11218] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[11218]
[  974.930576][T11218] befs: (nbd4): No write support. Marking filesystem read-only
[  974.938976][T11218] syz.4.1064: attempt to access beyond end of device
[  974.938976][T11218] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[  974.952116][T11218] befs: (nbd4): unable to read superblock
[  975.037825][T11227] binder: BINDER_SET_CONTEXT_MGR already set
[  975.043985][T11227] binder: 11225:11227 ioctl 4018620d 2000000002c0 returned -16
[  977.541647][T11241] loop3: detected capacity change from 0 to 164
[  977.609238][T11241] Unable to read rock-ridge attributes
[  978.196267][T11253] loop4: detected capacity change from 0 to 512
[  978.252490][T11253] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  978.339240][T11253] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  978.393071][T11253] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1072: Invalid inode table block 1 in block_group 0
[  978.441122][T11253] EXT4-fs (loop4): get root inode failed
[  978.465105][T11253] EXT4-fs (loop4): mount failed
[  980.245171][T11263] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1074'.
[  980.753804][T11273] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[11273]
[  980.904875][T11273] befs: (nbd2): No write support. Marking filesystem read-only
[  980.912954][T11273] syz.2.1076: attempt to access beyond end of device
[  980.912954][T11273] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[  980.926084][T11273] befs: (nbd2): unable to read superblock
[  982.723568][T11284] binder: BINDER_SET_CONTEXT_MGR already set
[  982.730159][T11284] binder: 11281:11284 ioctl 4018620d 2000000002c0 returned -16
[  984.221851][T11298] loop4: detected capacity change from 0 to 164
[  984.357557][T11298] Unable to read rock-ridge attributes
[  985.503760][T11311] binder: BINDER_SET_CONTEXT_MGR already set
[  985.510911][T11311] binder: 11306:11311 ioctl 4018620d 2000000002c0 returned -16
[  985.624850][T11310] loop4: detected capacity change from 0 to 512
[  985.734349][T11310] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  985.809706][T11310] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  986.406841][T11310] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1086: Invalid inode table block 1 in block_group 0
[  986.472037][T11310] EXT4-fs (loop4): get root inode failed
[  986.494505][T11310] EXT4-fs (loop4): mount failed
[  986.553832][T11317] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1087'.
[  987.116491][T11320] loop3: detected capacity change from 0 to 512
[  987.153508][T11320] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  987.205639][T11320] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  987.261029][T11320] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.1088: Invalid inode table block 1 in block_group 0
[  987.324150][T11320] EXT4-fs (loop3): get root inode failed
[  987.331236][T11320] EXT4-fs (loop3): mount failed
[  988.918907][T11335] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11335]
[  988.992769][T11333] befs: (nbd0): No write support. Marking filesystem read-only
[  989.000851][T11333] syz.0.1091: attempt to access beyond end of device
[  989.000851][T11333] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[  989.013781][T11333] befs: (nbd0): unable to read superblock
[  989.061839][T11339] loop4: detected capacity change from 0 to 512
[  989.084496][T11339] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  989.103114][T11339] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  989.123244][T11339] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1093: Invalid inode table block 1 in block_group 0
[  989.152745][T11339] EXT4-fs (loop4): get root inode failed
[  989.163530][T11339] EXT4-fs (loop4): mount failed
[  990.318682][T11346] binder: BINDER_SET_CONTEXT_MGR already set
[  990.324842][T11346] binder: 11344:11346 ioctl 4018620d 2000000002c0 returned -16
[  993.139671][T11363] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1098'.
[  993.269791][T11374] loop4: detected capacity change from 0 to 512
[  993.408113][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  993.818741][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  993.940979][T11374] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  993.983953][T11374] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  994.094651][T11374] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1101: Invalid inode table block 1 in block_group 0
[  994.138909][T11374] EXT4-fs (loop4): get root inode failed
[  994.176243][T11374] EXT4-fs (loop4): mount failed
[  995.967687][T11397] binder: BINDER_SET_CONTEXT_MGR already set
[  995.974259][T11397] binder: 11392:11397 ioctl 4018620d 2000000002c0 returned -16
[  998.658828][T11408] loop4: detected capacity change from 0 to 512
[  998.695265][T11408] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  998.726783][T11408] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[  998.767624][T11408] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1108: Invalid inode table block 1 in block_group 0
[  998.793293][T11408] EXT4-fs (loop4): get root inode failed
[  998.808189][T11408] EXT4-fs (loop4): mount failed
[  999.897873][T11417] (null): rxe_set_mtu: Set mtu to 1024
[  999.903822][T11417] rdma_rxe: rxe_newlink: failed to add syz_tun
[ 1000.272252][T11422] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[11422]
[ 1000.381448][T11424] befs: (nbd2): No write support. Marking filesystem read-only
[ 1000.390187][T11424] syz.2.1112: attempt to access beyond end of device
[ 1000.390187][T11424] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1000.403158][T11424] befs: (nbd2): unable to read superblock
[ 1000.557039][T11426] loop4: detected capacity change from 0 to 16
[ 1000.651201][T11426] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1000.863236][T11426] syz.4.1111: attempt to access beyond end of device
[ 1000.863236][T11426] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1002.274173][T11427] syz.4.1111 (11427): drop_caches: 2
[ 1002.275831][T11432] syz.4.1111: attempt to access beyond end of device
[ 1002.275831][T11432] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1003.809951][T11443] binder: BINDER_SET_CONTEXT_MGR already set
[ 1003.816054][T11443] binder: 11439:11443 ioctl 4018620d 2000000002c0 returned -16
[ 1005.398957][T11448] syz.0.1117 (11448): drop_caches: 2
[ 1007.686742][T11456] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1119'.
[ 1007.708436][T11456] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1119'.
[ 1008.603861][T11468] loop4: detected capacity change from 0 to 16
[ 1008.622139][T11468] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1008.674557][T11468] syz.4.1123: attempt to access beyond end of device
[ 1008.674557][T11468] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1009.610308][T11473] syz.4.1123 (11473): drop_caches: 2
[ 1009.617125][T11473] syz.4.1123: attempt to access beyond end of device
[ 1009.617125][T11473] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1009.697824][T11475] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11475]
[ 1009.843678][T11477] befs: (nbd0): No write support. Marking filesystem read-only
[ 1009.852447][T11477] syz.0.1124: attempt to access beyond end of device
[ 1009.852447][T11477] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1009.865827][T11477] befs: (nbd0): unable to read superblock
[ 1010.807495][T11480] loop4: detected capacity change from 0 to 512
[ 1010.827206][ T5791] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1010.856396][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1010.868709][ T5791] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1010.878979][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1010.879084][T11480] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1010.908415][ T5791] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1010.920401][ T5791] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1010.994488][T11481] vxcan1 speed is unknown, defaulting to 1000
[ 1011.011028][T11480] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1011.062911][T11480] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1125: Invalid inode table block 1 in block_group 0
[ 1011.731133][T11480] EXT4-fs (loop4): get root inode failed
[ 1011.755801][T11480] EXT4-fs (loop4): mount failed
[ 1013.007852][ T5789] Bluetooth: hci0: command tx timeout
[ 1013.079129][T11481] wlan0 speed is unknown, defaulting to 1000
[ 1013.238485][T11500] binder: BINDER_SET_CONTEXT_MGR already set
[ 1013.244831][T11500] binder: 11497:11500 ioctl 4018620d 2000000002c0 returned -16
[ 1015.076684][ T5789] Bluetooth: hci0: command tx timeout
[ 1016.936467][T11514] loop4: detected capacity change from 0 to 16
[ 1016.959805][T11514] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1016.960733][T11481] chnl_net:caif_netlink_parms(): no params data found
[ 1017.005044][T11514] syz.4.1132: attempt to access beyond end of device
[ 1017.005044][T11514] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1017.200234][ T5789] Bluetooth: hci0: command tx timeout
[ 1017.409214][T11519] syz.4.1132 (11519): drop_caches: 2
[ 1017.416140][T11519] syz.4.1132: attempt to access beyond end of device
[ 1017.416140][T11519] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1019.152934][T11525] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11525]
[ 1019.266202][ T5789] Bluetooth: hci0: command tx timeout
[ 1019.724248][T11523] befs: (nbd0): No write support. Marking filesystem read-only
[ 1019.734020][T11523] syz.0.1134: attempt to access beyond end of device
[ 1019.734020][T11523] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1019.747334][T11523] befs: (nbd0): unable to read superblock
[ 1020.234244][T11539] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[11539]
[ 1020.704645][T11541] befs: (nbd4): No write support. Marking filesystem read-only
[ 1020.714535][T11541] syz.4.1135: attempt to access beyond end of device
[ 1020.714535][T11541] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1020.728041][T11541] befs: (nbd4): unable to read superblock
[ 1021.403184][T11481] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1021.451921][T11481] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1021.459567][T11481] bridge_slave_0: entered allmulticast mode
[ 1021.466924][T11481] bridge_slave_0: entered promiscuous mode
[ 1021.477889][T11481] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1021.490198][T11481] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1021.497997][T11481] bridge_slave_1: entered allmulticast mode
[ 1021.505958][T11481] bridge_slave_1: entered promiscuous mode
[ 1021.605099][T11481] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1021.634545][T11481] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1021.726622][T11481] team0: Port device team_slave_0 added
[ 1021.737988][T11481] team0: Port device team_slave_1 added
[ 1021.880040][T11481] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1021.888149][T11481] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1022.003508][T11562] loop4: detected capacity change from 0 to 164
[ 1022.108678][ T2128] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 1022.125553][T11562] Unable to read rock-ridge attributes
[ 1022.268708][T11481] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1022.483231][ T2128] usb 1-1: config 0 has an invalid descriptor of length 233, skipping remainder of the config
[ 1022.621830][T11481] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1022.624296][ T2128] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1022.648286][ T2128] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1022.658745][ T2128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1022.667902][T11481] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1022.705893][ T2128] usb 1-1: config 0 descriptor??
[ 1022.744936][T11481] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1023.848006][T11556] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1138'.
[ 1024.013491][T11481] hsr_slave_0: entered promiscuous mode
[ 1024.058793][T11481] hsr_slave_1: entered promiscuous mode
[ 1024.077417][T11481] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1024.085257][T11481] Cannot create hsr debugfs directory
[ 1024.792477][ T5173] usb 1-1: USB disconnect, device number 5
[ 1024.810263][T11576] loop4: detected capacity change from 0 to 512
[ 1024.866857][T11576] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1024.894068][T11576] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1024.936416][T11576] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1142: Invalid inode table block 1 in block_group 0
[ 1024.974760][T11576] EXT4-fs (loop4): get root inode failed
[ 1024.992344][T11576] EXT4-fs (loop4): mount failed
[ 1027.327352][T11590] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[11590]
[ 1027.534858][T11594] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11594]
[ 1027.910470][T11597] befs: (nbd2): No write support. Marking filesystem read-only
[ 1027.919185][T11597] syz.2.1145: attempt to access beyond end of device
[ 1027.919185][T11597] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1027.933228][T11597] befs: (nbd2): unable to read superblock
[ 1028.045222][T11598] befs: (nbd0): No write support. Marking filesystem read-only
[ 1028.054673][T11598] syz.0.1146: attempt to access beyond end of device
[ 1028.054673][T11598] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1028.068513][T11598] befs: (nbd0): unable to read superblock
[ 1028.977290][T11481] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1028.999547][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1029.300384][T11481] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1029.360728][T11481] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1029.414619][T11603] binder: BINDER_SET_CONTEXT_MGR already set
[ 1029.420972][T11603] binder: 11601:11603 ioctl 4018620d 2000000002c0 returned -16
[ 1031.687031][T11481] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1032.660877][T11481] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1032.683722][T11481] 8021q: adding VLAN 0 to HW filter on device team0
[ 1032.718366][T10513] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1032.725561][T10513] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1032.764957][T10513] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1032.772253][T10513] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1032.808213][T11623] binder: BINDER_SET_CONTEXT_MGR already set
[ 1032.814414][T11623] binder: 11621:11623 ioctl 4018620d 2000000002c0 returned -16
[ 1033.884544][T11481] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1034.616096][T11633] syz.2.1152 (11633): drop_caches: 2
[ 1035.260844][T11639] binder: BINDER_SET_CONTEXT_MGR already set
[ 1035.267186][T11639] binder: 11634:11639 ioctl 4018620d 2000000002c0 returned -16
[ 1036.723545][T11651] binder: BINDER_SET_CONTEXT_MGR already set
[ 1036.730553][T11651] binder: 11646:11651 ioctl 4018620d 2000000002c0 returned -16
[ 1038.418078][T11656] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[11656]
[ 1038.963090][T11663] befs: (nbd4): No write support. Marking filesystem read-only
[ 1038.972167][T11663] syz.4.1157: attempt to access beyond end of device
[ 1038.972167][T11663] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1038.986448][T11663] befs: (nbd4): unable to read superblock
[ 1039.042393][T11481] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1041.572667][T11685] syz.2.1162 (11685): drop_caches: 2
[ 1044.009526][T11481] veth0_vlan: entered promiscuous mode
[ 1044.024773][T11481] veth1_vlan: entered promiscuous mode
[ 1044.236911][T11705] syz_tun: entered allmulticast mode
[ 1045.386401][T11481] veth0_macvtap: entered promiscuous mode
[ 1045.481072][T11481] veth1_macvtap: entered promiscuous mode
[ 1045.686274][T11481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1045.696892][T11481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1045.712591][T11481] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1046.454130][T11481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1046.476842][T11481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1046.496663][T11481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1046.512077][T11481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1046.527787][T11481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1046.552889][T11481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1046.725942][T11481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1046.737263][T11481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1046.760734][T11481] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1047.252500][T11481] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1047.309554][T11481] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1047.342656][T11481] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1047.354960][T11481] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1049.743216][ T2975] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1049.777252][ T2975] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1049.853236][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1049.861647][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1050.101525][T11748] loop4: detected capacity change from 0 to 164
[ 1050.408180][T11750] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11750]
[ 1050.429634][T11748] Unable to read rock-ridge attributes
[ 1050.556369][T11750] befs: (nbd0): No write support. Marking filesystem read-only
[ 1050.569985][T11750] syz.0.1175: attempt to access beyond end of device
[ 1050.569985][T11750] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1050.584494][T11750] befs: (nbd0): unable to read superblock
[ 1052.252570][T11773] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11773]
[ 1052.827718][T11773] befs: (nbd0): No write support. Marking filesystem read-only
[ 1052.836660][T11773] syz.0.1181: attempt to access beyond end of device
[ 1052.836660][T11773] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1052.849730][T11773] befs: (nbd0): unable to read superblock
[ 1055.139385][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1055.318767][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[ 1056.129216][T11792] loop4: detected capacity change from 0 to 2048
[ 1056.436143][T11793] loop5: detected capacity change from 0 to 2048
[ 1057.269455][T11792] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 1059.148572][T11792] NILFS (loop4): error -4 creating segctord thread
[ 1059.292994][T11793] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1060.738435][T11803] loop4: detected capacity change from 0 to 164
[ 1060.772181][T11803] Unable to read rock-ridge attributes
[ 1062.014928][T11822] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[11822]
[ 1062.783226][T11821] befs: (nbd0): No write support. Marking filesystem read-only
[ 1062.792008][T11821] syz.0.1192: attempt to access beyond end of device
[ 1062.792008][T11821] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1062.805438][T11821] befs: (nbd0): unable to read superblock
[ 1064.710474][T11835] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[11835]
[ 1067.176047][T11838] befs: (nbd5): No write support. Marking filesystem read-only
[ 1067.185010][T11838] syz.5.1195: attempt to access beyond end of device
[ 1067.185010][T11838] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1067.198098][T11838] befs: (nbd5): unable to read superblock
[ 1071.013745][T11857] loop5: detected capacity change from 0 to 512
[ 1071.097136][T11857] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1071.139451][T11858] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[11858]
[ 1071.166635][T11857] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1071.630228][T11865] befs: (nbd4): No write support. Marking filesystem read-only
[ 1071.647804][T11865] syz.4.1199: attempt to access beyond end of device
[ 1071.647804][T11865] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1071.661022][T11865] befs: (nbd4): unable to read superblock
[ 1071.790440][T11857] EXT4-fs error (device loop5): __ext4_get_inode_loc:4489: comm syz.5.1198: Invalid inode table block 1 in block_group 0
[ 1072.221540][T11857] EXT4-fs (loop5): get root inode failed
[ 1072.277799][T11857] EXT4-fs (loop5): mount failed
[ 1073.367240][T11882] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[11882]
[ 1073.528242][T11882] befs: (nbd2): No write support. Marking filesystem read-only
[ 1073.536139][T11882] syz.2.1204: attempt to access beyond end of device
[ 1073.536139][T11882] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1073.549711][T11882] befs: (nbd2): unable to read superblock
[ 1074.212430][T11886] binder: BINDER_SET_CONTEXT_MGR already set
[ 1074.231445][T11886] binder: 11883:11886 ioctl 4018620d 2000000002c0 returned -16
[ 1074.670824][T11897] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[11897]
[ 1075.596640][T11900] befs: (nbd5): No write support. Marking filesystem read-only
[ 1075.605844][T11900] syz.5.1207: attempt to access beyond end of device
[ 1075.605844][T11900] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1075.619239][T11900] befs: (nbd5): unable to read superblock
[ 1075.761230][T11902] loop4: detected capacity change from 0 to 2048
[ 1077.907223][T11902] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1079.176899][T11920] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[11920]
[ 1079.307682][T11920] befs: (nbd5): No write support. Marking filesystem read-only
[ 1079.316201][T11920] syz.5.1212: attempt to access beyond end of device
[ 1079.316201][T11920] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1079.330089][T11920] befs: (nbd5): unable to read superblock
[ 1079.643844][T11922] loop4: detected capacity change from 0 to 164
[ 1079.706920][T11922] Unable to read rock-ridge attributes
[ 1080.456742][T11931] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[11931]
[ 1080.972118][T11934] befs: (nbd4): No write support. Marking filesystem read-only
[ 1080.981154][T11934] syz.4.1213: attempt to access beyond end of device
[ 1080.981154][T11934] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1080.994545][T11934] befs: (nbd4): unable to read superblock
[ 1081.070659][T11936] loop5: detected capacity change from 0 to 512
[ 1081.245120][T11936] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1081.316867][T11936] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1081.402814][T11936] EXT4-fs error (device loop5): __ext4_get_inode_loc:4489: comm syz.5.1215: Invalid inode table block 1 in block_group 0
[ 1081.498960][T11936] EXT4-fs (loop5): get root inode failed
[ 1081.505034][T11936] EXT4-fs (loop5): mount failed
[ 1081.639575][T11940] loop4: detected capacity change from 0 to 512
[ 1081.815273][T11940] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1081.844370][T11940] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1082.338557][T11940] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1216: Invalid inode table block 1 in block_group 0
[ 1082.381863][T11940] EXT4-fs (loop4): get root inode failed
[ 1082.446680][T11940] EXT4-fs (loop4): mount failed
[ 1082.644124][T11944] bond0: entered promiscuous mode
[ 1082.670063][T11949] Bluetooth: MGMT ver 1.22
[ 1082.737469][T11944] bond_slave_0: entered promiscuous mode
[ 1082.874280][T11944] bond_slave_1: entered promiscuous mode
[ 1083.550565][T11944] batadv0: entered promiscuous mode
[ 1084.287475][T11944] dummy0: entered promiscuous mode
[ 1084.347711][T11944] hsr1: entered promiscuous mode
[ 1084.368854][T11944] hsr1: entered allmulticast mode
[ 1084.373968][T11944] bond0: entered allmulticast mode
[ 1084.386711][T11944] bond_slave_0: entered allmulticast mode
[ 1084.392530][T11944] bond_slave_1: entered allmulticast mode
[ 1084.413931][T11944] batadv0: entered allmulticast mode
[ 1084.446948][T11944] dummy0: entered allmulticast mode
[ 1085.290946][T11960] hub 9-0:1.0: USB hub found
[ 1085.307484][T11960] hub 9-0:1.0: 1 port detected
[ 1087.013021][T11981] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1221'.
[ 1087.416532][T11978] loop5: detected capacity change from 0 to 164
[ 1087.942122][T11978] Unable to read rock-ridge attributes
[ 1088.204485][T11986] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[11986]
[ 1088.458222][T11987] befs: (nbd2): No write support. Marking filesystem read-only
[ 1088.466181][T11987] syz.2.1224: attempt to access beyond end of device
[ 1088.466181][T11987] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1088.479242][T11987] befs: (nbd2): unable to read superblock
[ 1089.415665][T11999] syz.0.1226 (11999): drop_caches: 2
[ 1090.761761][T12017] binder: BINDER_SET_CONTEXT_MGR already set
[ 1090.768306][T12017] binder: 12008:12017 ioctl 4018620d 2000000002c0 returned -16
[ 1091.879365][T12027] loop4: detected capacity change from 0 to 164
[ 1092.042375][T12027] Unable to read rock-ridge attributes
[ 1092.085252][T12032] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1231'.
[ 1092.705388][T12038] loop4: detected capacity change from 0 to 16
[ 1092.732549][T12038] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1092.764225][T12038] syz.4.1236: attempt to access beyond end of device
[ 1092.764225][T12038] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1094.366244][T12051] syz.4.1236 (12051): drop_caches: 2
[ 1094.374331][T12051] syz.4.1236: attempt to access beyond end of device
[ 1094.374331][T12051] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1095.236695][ T5789] Bluetooth: hci0: command 0x0405 tx timeout
[ 1095.913675][T12057] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1238'.
[ 1098.260389][T12082] loop4: detected capacity change from 0 to 512
[ 1098.288579][T12082] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1098.310194][T12082] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1098.326775][T12082] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1245: Invalid inode table block 1 in block_group 0
[ 1098.348694][T12082] EXT4-fs (loop4): get root inode failed
[ 1098.354670][T12082] EXT4-fs (loop4): mount failed
[ 1099.402889][T11561] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1099.845659][T12090] syz.2.1246 (12090): drop_caches: 2
[ 1101.696070][T12096] loop5: detected capacity change from 0 to 16
[ 1101.898156][T12096] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1102.321377][T12103] binder: BINDER_SET_CONTEXT_MGR already set
[ 1102.328236][T12103] binder: 12097:12103 ioctl 4018620d 2000000002c0 returned -16
[ 1102.447317][T12096] syz.5.1248: attempt to access beyond end of device
[ 1102.447317][T12096] loop5: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1104.361189][T12109] syz.5.1248 (12109): drop_caches: 2
[ 1104.369001][T12109] syz.5.1248: attempt to access beyond end of device
[ 1104.369001][T12109] loop5: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1105.772172][T12125] trusted_key: encrypted_key: insufficient parameters specified
[ 1107.655871][T12133] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1254'.
[ 1108.616383][ T5789] Bluetooth: hci0: unexpected Set CIG Parameters response data
[ 1108.626627][ T5789] Bluetooth: hci0: unexpected event for opcode 0x2062
[ 1109.993748][T12148] loop5: detected capacity change from 0 to 512
[ 1110.480107][T12151] syz.0.1260 (12151): drop_caches: 2
[ 1110.865685][T12148] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1111.035406][T12148] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1111.135203][T12148] EXT4-fs error (device loop5): __ext4_get_inode_loc:4489: comm syz.5.1258: Invalid inode table block 1 in block_group 0
[ 1111.852175][T12148] EXT4-fs (loop5): get root inode failed
[ 1111.969377][T12148] EXT4-fs (loop5): mount failed
[ 1112.200614][T12168] binder: BINDER_SET_CONTEXT_MGR already set
[ 1112.206855][T12168] binder: 12165:12168 ioctl 4018620d 2000000002c0 returned -16
[ 1112.802250][ T5789] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[ 1112.844716][ T5789] Bluetooth: hci0: Injecting HCI hardware error event
[ 1112.881496][ T5791] Bluetooth: hci0: hardware error 0x00
[ 1113.099059][ T5878] IPVS: starting estimator thread 0...
[ 1113.187174][T12172] IPVS: using max 18 ests per chain, 43200 per kthread
[ 1114.384064][ T5789] Bluetooth: hci0: unexpected Set CIG Parameters response data
[ 1114.391969][ T5789] Bluetooth: hci0: unexpected event for opcode 0x2062
[ 1114.469080][T12182] loop4: detected capacity change from 0 to 32768
[ 1114.544172][T12182] XFS (loop4): DAX unsupported by block device. Turning off DAX.
[ 1114.557640][T12182] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1114.650759][T12182] XFS (loop4): Ending clean mount
[ 1114.689080][T12182] XFS (loop4): Quotacheck needed: Please wait.
[ 1115.310708][ T5791] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1115.716409][T12182] XFS (loop4): Quotacheck: Done.
[ 1115.850540][T12205] loop5: detected capacity change from 0 to 16
[ 1115.870535][T12205] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1116.128108][T10426] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1116.173599][T12207] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1269'.
[ 1116.292915][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.381304][T12205] syz.5.1270: attempt to access beyond end of device
[ 1116.381304][T12205] loop5: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1117.948274][T12209] syz.5.1270: attempt to access beyond end of device
[ 1117.948274][T12209] loop5: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1118.345852][T12215] loop5: detected capacity change from 0 to 512
[ 1118.354776][T12215] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1118.365634][T12215] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1118.377285][T12215] EXT4-fs error (device loop5): __ext4_get_inode_loc:4489: comm syz.5.1273: Invalid inode table block 1 in block_group 0
[ 1118.391087][T12215] EXT4-fs (loop5): get root inode failed
[ 1118.397020][T12215] EXT4-fs (loop5): mount failed
[ 1122.251008][T12249] pim6reg: entered allmulticast mode
[ 1123.557363][   T23] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[ 1123.619975][T12254] Cannot find add_set index 0 as target
[ 1125.042037][   T23] usb 3-1: Using ep0 maxpacket: 8
[ 1125.071336][   T23] usb 3-1: device descriptor read/all, error -71
[ 1125.576152][T12265] loop5: detected capacity change from 0 to 512
[ 1125.807415][T12265] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[ 1125.829242][T12264] binder: BINDER_SET_CONTEXT_MGR already set
[ 1125.835421][T12264] binder: 12261:12264 ioctl 4018620d 2000000002c0 returned -16
[ 1126.333380][T12267] loop4: detected capacity change from 0 to 164
[ 1126.404988][T12267] Unable to read rock-ridge attributes
[ 1128.616826][T12290] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1289'.
[ 1128.626037][T12290] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[ 1128.710859][   T28] audit: type=1326 audit(2000000913.170:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.4.1289" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f158278efc9 code=0x0
[ 1128.738587][ T6225] bridge0: port 3(team0) entered disabled state
[ 1128.989766][T12289] netlink: 'syz.2.1288': attribute type 4 has an invalid length.
[ 1129.696838][T12295] loop4: detected capacity change from 0 to 32768
[ 1130.269725][T12295] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1130.281297][T12295] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[ 1130.290584][T12295] BTRFS info (device loop4): using free space tree
[ 1130.419202][T12295] BTRFS info (device loop4): enabling ssd optimizations
[ 1130.427334][T12295] BTRFS info (device loop4): auto enabling async discard
[ 1130.487143][T12319] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1282'.
[ 1131.165300][T12323] bond0: entered promiscuous mode
[ 1131.170785][T12323] bond_slave_0: entered promiscuous mode
[ 1131.181112][T12323] bond_slave_1: entered promiscuous mode
[ 1131.763624][   T28] audit: type=1800 audit(2000000916.110:130): pid=12328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1290" name="file2" dev="loop4" ino=261 res=0 errno=0
[ 1132.437811][T12323] dummy0: entered promiscuous mode
[ 1132.686898][T12323] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[ 1132.756863][T12323] Cannot create hsr debugfs directory
[ 1132.763104][T12323] hsr1: entered promiscuous mode
[ 1132.792892][T10426] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 1132.834158][T12323] hsr1: entered allmulticast mode
[ 1132.846901][T12323] bond0: entered allmulticast mode
[ 1132.852192][T12323] bond_slave_0: entered allmulticast mode
[ 1132.879534][T12323] bond_slave_1: entered allmulticast mode
[ 1132.885451][T12323] dummy0: entered allmulticast mode
[ 1134.519676][T11561] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop4 scanned by udevd (11561)
[ 1134.664227][T12333] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1294'.
[ 1134.731456][T12346] binder: BINDER_SET_CONTEXT_MGR already set
[ 1134.744943][T12346] binder: 12342:12346 ioctl 4018620d 2000000002c0 returned -16
[ 1141.022833][T12376] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1304'.
[ 1141.639091][T12382] loop4: detected capacity change from 0 to 512
[ 1141.665974][T12382] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1141.746719][T12382] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1141.781113][T12382] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1306: Invalid inode table block 1 in block_group 0
[ 1141.805871][T12382] EXT4-fs (loop4): get root inode failed
[ 1141.837949][T12382] EXT4-fs (loop4): mount failed
[ 1141.917066][T10056] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 1142.355753][T12391] binder: BINDER_SET_CONTEXT_MGR already set
[ 1142.362558][T12391] binder: 12385:12391 ioctl 4018620d 2000000002c0 returned -16
[ 1143.567571][T10056] usb 1-1: Using ep0 maxpacket: 32
[ 1143.577316][T10056] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1143.595521][T10056] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[ 1143.605515][T10056] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1143.742476][T10056] usb 1-1: Product: syz
[ 1143.866886][T10056] usb 1-1: Manufacturer: syz
[ 1143.871647][T10056] usb 1-1: SerialNumber: syz
[ 1143.963086][T10056] usb 1-1: config 0 descriptor??
[ 1144.411332][T10056] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[ 1145.356833][T10056] gspca_pac7302: reg_w() failed i: ff v: 01 error -110
[ 1145.368600][T10056] gspca_pac7302: probe of 1-1:0.0 failed with error -110
[ 1145.450331][T12415] binder: BINDER_SET_CONTEXT_MGR already set
[ 1145.456936][T12415] binder: 12411:12415 ioctl 4018620d 2000000002c0 returned -16
[ 1145.655171][T10056] usb 1-1: USB disconnect, device number 6
[ 1147.239398][T12423] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1316'.
[ 1148.520118][T12450] binder: BINDER_SET_CONTEXT_MGR already set
[ 1148.526769][T12450] binder: 12440:12450 ioctl 4018620d 2000000002c0 returned -16
[ 1148.923375][T12453] loop4: detected capacity change from 0 to 512
[ 1149.912535][T12453] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1149.937617][T12453] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1149.972190][T12453] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1320: Invalid inode table block 1 in block_group 0
[ 1150.038196][T12453] EXT4-fs (loop4): get root inode failed
[ 1150.043971][T12453] EXT4-fs (loop4): mount failed
[ 1151.061238][T12475] binder: BINDER_SET_CONTEXT_MGR already set
[ 1151.067942][T12475] binder: 12466:12475 ioctl 4018620d 2000000002c0 returned -16
[ 1151.383048][T12467] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[12467]
[ 1152.054532][T12470] befs: (nbd5): No write support. Marking filesystem read-only
[ 1152.072507][T12470] syz.5.1325: attempt to access beyond end of device
[ 1152.072507][T12470] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1152.240667][T12470] befs: (nbd5): unable to read superblock
[ 1153.944397][T12495] loop4: detected capacity change from 0 to 512
[ 1153.960906][T12495] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1153.992445][T12495] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1154.038205][T12495] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1329: Invalid inode table block 1 in block_group 0
[ 1154.069936][T12495] EXT4-fs (loop4): get root inode failed
[ 1154.077314][T12495] EXT4-fs (loop4): mount failed
[ 1155.516785][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x0
[ 1155.524925][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x1
[ 1155.542602][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x0
[ 1155.572665][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x0
[ 1155.586969][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x0
[ 1155.594591][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x0
[ 1155.661294][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x0
[ 1155.722610][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x2
[ 1155.763449][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x0
[ 1155.789366][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x0
[ 1155.806668][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x4
[ 1155.814310][    T8] hid-generic 000F:0004:0000.0001: unknown main item tag 0x0
[ 1155.852211][    T8] hid-generic 000F:0004:0000.0001: hidraw0: <UNKNOWN> HID v0.02 Device [syz0] on syz1
[ 1156.993460][T12516] fido_id[12516]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1157.818433][T12524] loop5: detected capacity change from 0 to 512
[ 1157.844330][T12524] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1157.865647][T12524] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1158.032317][T12524] EXT4-fs error (device loop5): __ext4_get_inode_loc:4489: comm syz.5.1335: Invalid inode table block 1 in block_group 0
[ 1158.062166][T12527] binder: BINDER_SET_CONTEXT_MGR already set
[ 1158.069957][T12527] binder: 12525:12527 ioctl 4018620d 2000000002c0 returned -16
[ 1158.237519][T12524] EXT4-fs (loop5): get root inode failed
[ 1158.320850][T12524] EXT4-fs (loop5): mount failed
[ 1159.810503][T12536] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[12536]
[ 1160.315089][T12542] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[12542]
[ 1160.462734][T12541] befs: (nbd2): No write support. Marking filesystem read-only
[ 1160.654619][T12541] syz.2.1338: attempt to access beyond end of device
[ 1160.654619][T12541] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1160.661751][T12542] befs: (nbd5): No write support. Marking filesystem read-only
[ 1160.682889][T12541] befs: (nbd2): unable to read superblock
[ 1160.701481][T12542] syz.5.1339: attempt to access beyond end of device
[ 1160.701481][T12542] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1160.715374][T12542] befs: (nbd5): unable to read superblock
[ 1163.918612][T12570] loop5: detected capacity change from 0 to 512
[ 1164.000268][T12570] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1164.031686][T12570] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1164.187140][T12570] EXT4-fs error (device loop5): __ext4_get_inode_loc:4489: comm syz.5.1346: Invalid inode table block 1 in block_group 0
[ 1164.226887][T12570] EXT4-fs (loop5): get root inode failed
[ 1164.245806][T12570] EXT4-fs (loop5): mount failed
[ 1165.168791][T12593] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[12593]
[ 1165.330564][T12597] befs: (nbd4): No write support. Marking filesystem read-only
[ 1165.354290][T12597] syz.4.1350: attempt to access beyond end of device
[ 1165.354290][T12597] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1165.999732][T12597] befs: (nbd4): unable to read superblock
[ 1167.185788][T12610] loop5: detected capacity change from 0 to 164
[ 1167.304832][T12610] Unable to read rock-ridge attributes
[ 1169.245985][T12624] loop4: detected capacity change from 0 to 164
[ 1170.326357][T12620] loop5: detected capacity change from 0 to 2048
[ 1170.347942][T12620] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1170.366246][T12624] Unable to read rock-ridge attributes
[ 1172.421401][T12642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1359'.
[ 1173.892777][T12657] loop4: detected capacity change from 0 to 16
[ 1173.921320][T12657] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1173.985580][T12657] syz.4.1365: attempt to access beyond end of device
[ 1173.985580][T12657] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1174.769536][T12665] loop5: detected capacity change from 0 to 8
[ 1174.798883][T12665] squashfs: Unknown parameter '/dev/uinput'
[ 1174.823901][T12665] xt_hashlimit: max too large, truncated to 1048576
[ 1176.831923][T12674] loop5: detected capacity change from 0 to 2048
[ 1177.101866][T12674] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1177.722762][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.579128][T12719] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[ 1182.605628][T12719] CIFS mount error: No usable UNC path provided in device string!
[ 1182.605628][T12719] 
[ 1182.616406][T12719] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1182.632255][T12719] loop5: detected capacity change from 0 to 8
[ 1186.364383][T12753] fuse: Unknown parameter '0x0000000000000008'
[ 1186.384441][T12753] 9pnet_fd: Insufficient options for proto=fd
[ 1188.896783][T12762] binder: BINDER_SET_CONTEXT_MGR already set
[ 1188.903030][T12762] binder: 12757:12762 ioctl 4018620d 2000000002c0 returned -16
[ 1189.861228][T12774] siw: device registration error -23
[ 1189.867118][T12774] smc: removing ib device syz2
[ 1193.766200][T12802] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[12802]
[ 1193.845981][T12801] befs: (nbd4): No write support. Marking filesystem read-only
[ 1193.890689][T12799] trusted_key: encrypted_key: insufficient parameters specified
[ 1193.916877][T12801] syz.4.1397: attempt to access beyond end of device
[ 1193.916877][T12801] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1193.971052][T12801] befs: (nbd4): unable to read superblock
[ 1197.600338][T12835] binder: BINDER_SET_CONTEXT_MGR already set
[ 1197.606616][T12835] binder: 12833:12835 ioctl 4018620d 2000000002c0 returned -16
[ 1198.821830][T12842] loop5: detected capacity change from 0 to 16
[ 1198.840394][T12842] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1199.441288][T12843] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1405'.
[ 1199.450648][T12843] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[ 1199.484399][T12842] syz.5.1407: attempt to access beyond end of device
[ 1199.484399][T12842] loop5: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1199.564292][ T6363] bridge0: port 3(team0) entered disabled state
[ 1199.702389][   T28] audit: type=1326 audit(2000000984.150:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12837 comm="syz.0.1405" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0e5f58efc9 code=0x0
[ 1200.530480][T12848] syz.5.1407: attempt to access beyond end of device
[ 1200.530480][T12848] loop5: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1201.032487][T12851] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[12851]
[ 1201.078513][T12851] befs: (nbd0): No write support. Marking filesystem read-only
[ 1201.086329][T12851] syz.0.1408: attempt to access beyond end of device
[ 1201.086329][T12851] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1201.099440][T12851] befs: (nbd0): unable to read superblock
[ 1201.776278][T12863] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[ 1201.787050][T12863] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[ 1201.855730][T12863] loop4: detected capacity change from 0 to 2048
[ 1204.634812][T12863] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1206.220804][T12873] binder: BINDER_SET_CONTEXT_MGR already set
[ 1206.228389][T12873] binder: 12872:12873 ioctl 4018620d 2000000002c0 returned -16
[ 1206.986054][T12886] loop4: detected capacity change from 0 to 164
[ 1207.034126][T12886] Unable to read rock-ridge attributes
[ 1208.493623][T12896] loop4: detected capacity change from 0 to 16
[ 1208.607018][T12896] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1208.647376][T12896] syz.4.1418: attempt to access beyond end of device
[ 1208.647376][T12896] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1209.082161][T12905] syz.4.1418: attempt to access beyond end of device
[ 1209.082161][T12905] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1212.649640][T12927] binder: BINDER_SET_CONTEXT_MGR already set
[ 1212.655952][T12927] binder: 12925:12927 ioctl 4018620d 2000000002c0 returned -16
[ 1215.145285][T12947] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[12947]
[ 1215.199769][T12947] befs: (nbd5): No write support. Marking filesystem read-only
[ 1215.207571][T12947] syz.5.1430: attempt to access beyond end of device
[ 1215.207571][T12947] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1215.220934][T12947] befs: (nbd5): unable to read superblock
[ 1215.701583][T12953] tipc: Failed to remove unknown binding: 66,1,1/0:1801047815/1801047817
[ 1215.711002][T12953] tipc: Failed to remove unknown binding: 66,1,1/0:1801047815/1801047817
[ 1215.788501][T12953] sp0: Synchronizing with TNC
[ 1218.009640][T12961] loop4: detected capacity change from 0 to 16
[ 1218.032228][T12961] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1218.269630][T12961] syz.4.1434: attempt to access beyond end of device
[ 1218.269630][T12961] loop4: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1226.074031][T13011] xt_hashlimit: max too large, truncated to 1048576
[ 1226.096265][T13009] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[13009]
[ 1226.360380][T13003] befs: (nbd4): No write support. Marking filesystem read-only
[ 1226.368212][T13003] syz.4.1444: attempt to access beyond end of device
[ 1226.368212][T13003] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1226.382222][T13003] befs: (nbd4): unable to read superblock
[ 1227.581154][T13020] loop5: detected capacity change from 0 to 16
[ 1227.596930][T13020] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1227.621281][T13020] syz.5.1448: attempt to access beyond end of device
[ 1227.621281][T13020] loop5: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1228.609139][T13026] loop4: detected capacity change from 0 to 164
[ 1228.830903][T13026] Unable to read rock-ridge attributes
[ 1231.498141][T13046] syz.5.1448 (13046): drop_caches: 2
[ 1231.505818][T13046] syz.5.1448: attempt to access beyond end of device
[ 1231.505818][T13046] loop5: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1234.156685][T13054] loop4: detected capacity change from 0 to 2048
[ 1234.532020][T13054] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1235.064327][T13058] loop4: detected capacity change from 0 to 1024
[ 1235.089264][T13058] hfsplus: bad catalog file entry
[ 1235.094904][T13058] hfsplus: failed to load root directory
[ 1240.054165][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1240.509305][T13073] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[13073]
[ 1241.248074][T13073] befs: (nbd5): No write support. Marking filesystem read-only
[ 1241.255929][T13073] syz.5.1459: attempt to access beyond end of device
[ 1241.255929][T13073] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1241.269150][T13073] befs: (nbd5): unable to read superblock
[ 1241.642094][T13088] loop4: detected capacity change from 0 to 2048
[ 1241.672422][T13088] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[ 1241.686014][T13088] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1243.737954][T13100] binder: BINDER_SET_CONTEXT_MGR already set
[ 1243.744188][T13100] binder: 13099:13100 ioctl 4018620d 2000000002c0 returned -16
[ 1245.127296][T13109] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[13109]
[ 1245.245927][T13115] befs: (nbd2): No write support. Marking filesystem read-only
[ 1245.254843][T13115] syz.2.1466: attempt to access beyond end of device
[ 1245.254843][T13115] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1245.267963][T13115] befs: (nbd2): unable to read superblock
[ 1247.802762][T13114] loop5: detected capacity change from 0 to 16
[ 1247.828438][T13114] erofs: (device loop5): mounted with root inode @ nid 36.
[ 1247.859918][T13114] syz.5.1468: attempt to access beyond end of device
[ 1247.859918][T13114] loop5: rw=0, sector=8, nr_sectors = 16 limit=16
[ 1247.901580][T13116] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[13116]
[ 1248.079304][T13119] befs: (nbd0): No write support. Marking filesystem read-only
[ 1248.088011][T13119] syz.0.1470: attempt to access beyond end of device
[ 1248.088011][T13119] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1248.101230][T13119] befs: (nbd0): unable to read superblock
[ 1250.113679][T13137] loop4: detected capacity change from 0 to 512
[ 1250.143017][T13137] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1250.160409][T13137] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1250.310263][T13137] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1474: Invalid inode table block 1 in block_group 0
[ 1250.346595][T13137] EXT4-fs (loop4): get root inode failed
[ 1250.352412][T13137] EXT4-fs (loop4): mount failed
[ 1250.633514][T13142] loop5: detected capacity change from 0 to 2048
[ 1250.647722][T13142] UDF-fs: bad mount option "18446744073709551615" or missing value
[ 1252.123370][T13150] ptrace attach of "./syz-executor exec"[10426] was attempted by "./syz-executor exec"[13150]
[ 1252.193099][T13150] befs: (nbd4): No write support. Marking filesystem read-only
[ 1252.201116][T13150] syz.4.1476: attempt to access beyond end of device
[ 1252.201116][T13150] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1252.214064][T13150] befs: (nbd4): unable to read superblock
[ 1252.264275][T13155] binder: BINDER_SET_CONTEXT_MGR already set
[ 1252.270406][T13155] binder: 13153:13155 ioctl 4018620d 2000000002c0 returned -16
[ 1253.547638][T13163] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[13163]
[ 1253.565854][T13164] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[13164]
[ 1253.665462][T13169] befs: (nbd2): No write support. Marking filesystem read-only
[ 1253.673994][T13169] syz.2.1479: attempt to access beyond end of device
[ 1253.673994][T13169] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1253.687227][T13169] befs: (nbd2): unable to read superblock
[ 1253.891855][T13175] befs: (nbd5): No write support. Marking filesystem read-only
[ 1253.901314][T13175] syz.5.1480: attempt to access beyond end of device
[ 1253.901314][T13175] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1253.914937][T13175] befs: (nbd5): unable to read superblock
[ 1257.990940][T13202] loop5: detected capacity change from 0 to 1024
[ 1258.002097][T13202] ext4: Unknown parameter 'subj_role'
[ 1258.061756][T13206] binder: BINDER_SET_CONTEXT_MGR already set
[ 1258.068174][T13206] binder: 13201:13206 ioctl 4018620d 2000000002c0 returned -16
[ 1260.071225][T13225] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[13225]
[ 1260.097747][T13225] befs: (nbd2): No write support. Marking filesystem read-only
[ 1260.105575][T13225] syz.2.1492: attempt to access beyond end of device
[ 1260.105575][T13225] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1260.118781][T13225] befs: (nbd2): unable to read superblock
[ 1264.263305][T13261] binder: BINDER_SET_CONTEXT_MGR already set
[ 1264.269676][T13261] binder: 13259:13261 ioctl 4018620d 2000000002c0 returned -16
[ 1264.342206][T13266] Error parsing options; rc = [-22]
[ 1264.442288][T13266] loop5: detected capacity change from 0 to 64
[ 1265.349890][T13268] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[13268]
[ 1265.397718][T13268] befs: (nbd0): No write support. Marking filesystem read-only
[ 1265.405647][T13268] syz.0.1503: attempt to access beyond end of device
[ 1265.405647][T13268] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1265.419019][T13268] befs: (nbd0): unable to read superblock
[ 1266.690136][T13283] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[ 1268.189651][T13297] lo speed is unknown, defaulting to 1000
[ 1268.189876][T13297] lo speed is unknown, defaulting to 1000
[ 1268.197317][T13297] lo speed is unknown, defaulting to 1000
[ 1268.266359][T13297] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1268.543272][T13297] lo speed is unknown, defaulting to 1000
[ 1268.553823][T13297] lo speed is unknown, defaulting to 1000
[ 1268.564480][T13297] lo speed is unknown, defaulting to 1000
[ 1268.571571][T13297] lo speed is unknown, defaulting to 1000
[ 1268.606235][T13297] lo speed is unknown, defaulting to 1000
[ 1268.617965][T13297] lo speed is unknown, defaulting to 1000
[ 1269.083849][T13300] binder: BINDER_SET_CONTEXT_MGR already set
[ 1269.083861][T13300] binder: 13299:13300 ioctl 4018620d 2000000002c0 returned -16
[ 1270.473099][T13318] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[13318]
[ 1270.502740][T13318] befs: (nbd0): No write support. Marking filesystem read-only
[ 1270.511525][T13318] syz.0.1515: attempt to access beyond end of device
[ 1270.511525][T13318] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1270.524769][T13318] befs: (nbd0): unable to read superblock
[ 1274.153840][T13335] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[13335]
[ 1274.189169][T13335] befs: (nbd0): No write support. Marking filesystem read-only
[ 1274.197808][T13335] syz.0.1520: attempt to access beyond end of device
[ 1274.197808][T13335] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1274.210753][T13335] befs: (nbd0): unable to read superblock
[ 1274.353638][ T5878] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1274.558792][ T5878] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1274.569556][ T5878] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1274.583619][ T5878] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1274.602464][ T5878] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1274.620691][ T5878] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1274.634221][ T5878] usb 6-1: Product: syz
[ 1274.641569][ T5878] usb 6-1: Manufacturer: syz
[ 1274.646341][ T5878] usb 6-1: SerialNumber: syz
[ 1274.822461][T13344] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1519'.
[ 1275.465798][ T5878] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1275.570031][T13349] binder: BINDER_SET_CONTEXT_MGR already set
[ 1275.576060][T13349] binder: 13346:13349 ioctl 4018620d 2000000002c0 returned -16
[ 1277.347782][T13357] genirq: Flags mismatch irq 5. 00000000 (pcl818) vs. 00000000 (dt2814)
[ 1277.419808][   T23] usb 6-1: USB disconnect, device number 2
[ 1277.525475][   T23] usblp0: removed
[ 1277.680661][T13370] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[13370]
[ 1277.919998][T13374] dvmrp17: entered allmulticast mode
[ 1278.617508][T13366] befs: (nbd5): No write support. Marking filesystem read-only
[ 1278.625342][T13366] syz.5.1528: attempt to access beyond end of device
[ 1278.625342][T13366] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1278.638614][T13366] befs: (nbd5): unable to read superblock
[ 1279.944768][T13387] ptrace attach of "./syz-executor exec"[11481] was attempted by "./syz-executor exec"[13387]
[ 1279.979853][T13387] befs: (nbd5): No write support. Marking filesystem read-only
[ 1279.987890][T13387] syz.5.1531: attempt to access beyond end of device
[ 1279.987890][T13387] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1280.001418][T13387] befs: (nbd5): unable to read superblock
[ 1283.898680][T13416] xt_l2tp: v2 tid > 0xffff: 37482740
[ 1287.350629][T13441] loop5: detected capacity change from 0 to 164
[ 1287.579597][T13441] Unable to read rock-ridge attributes
[ 1288.220876][T13443] loop4: detected capacity change from 0 to 512
[ 1288.412879][T13443] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[ 1288.487268][   T28] audit: type=1804 audit(2000001072.880:132): pid=13446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1543" name="file0" dev="hugetlbfs" ino=40705 res=1 errno=0
[ 1288.542935][T13443] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (45506!=33349)
[ 1288.723129][T13443] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz.4.1542: Invalid inode table block 1 in block_group 0
[ 1288.921150][T13443] EXT4-fs (loop4): get root inode failed
[ 1289.000305][T13443] EXT4-fs (loop4): mount failed
[ 1290.362718][T13458] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1544'.
[ 1290.909584][T13460] loop4: detected capacity change from 0 to 2048
[ 1290.917441][T13462] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[13462]
[ 1290.933599][T13460] NILFS (loop4): invalid segment: Magic number mismatch
[ 1290.940715][T13460] NILFS (loop4): trying rollback from an earlier position
[ 1291.091981][T13464] befs: (nbd2): No write support. Marking filesystem read-only
[ 1291.100716][T13464] syz.2.1547: attempt to access beyond end of device
[ 1291.100716][T13464] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1291.113754][T13464] befs: (nbd2): unable to read superblock
[ 1291.210359][T13460] NILFS (loop4): recovery complete
[ 1291.795346][T13466] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1294.700787][T13494] loop4: detected capacity change from 0 to 164
[ 1295.032837][T13494] Unable to read rock-ridge attributes
[ 1297.914971][T13511] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1557'.
[ 1299.417581][T13523] 
@0Ù: renamed from syz_tun (while UP)
[ 1300.754940][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 1301.009815][T13530] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[13530]
[ 1301.324040][T13536] befs: (nbd0): No write support. Marking filesystem read-only
[ 1301.332993][T13536] syz.0.1562: attempt to access beyond end of device
[ 1301.332993][T13536] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1301.345815][T13536] befs: (nbd0): unable to read superblock
[ 1301.555140][T13544] loop4: detected capacity change from 0 to 164
[ 1301.813106][T13544] Unable to read rock-ridge attributes
[ 1303.017081][T13556] Error parsing options; rc = [-22]
[ 1303.091261][T13556] loop4: detected capacity change from 0 to 64
[ 1305.347754][T13574] netlink: 'syz.4.1570': attribute type 10 has an invalid length.
[ 1305.730921][T13574] team0: Device hsr_slave_0 failed to register rx_handler
[ 1305.869741][T13575] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1571'.
[ 1306.243488][T13576] block device autoloading is deprecated and will be removed.
[ 1309.083802][T13589] loop4: detected capacity change from 0 to 164
[ 1309.094942][T13589] Unable to read rock-ridge attributes
[ 1310.377065][   T27] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[ 1310.616208][   T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1310.653646][   T27] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1310.674144][   T27] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1310.696451][   T27] usb 3-1: Manufacturer: syz
[ 1310.703887][   T27] usb 3-1: config 0 descriptor??
[ 1310.730050][   T27] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1310.811842][T13601] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1576'.
[ 1310.927230][   T27] usb 3-1: USB disconnect, device number 9
[ 1311.425415][T13605] loop4: detected capacity change from 0 to 2048
[ 1313.170662][T13605] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1313.557297][T13610] loop5: detected capacity change from 0 to 164
[ 1313.683891][T13610] Unable to read rock-ridge attributes
[ 1314.281069][T13615] binder: BINDER_SET_CONTEXT_MGR already set
[ 1314.287287][T13615] binder: 13609:13615 ioctl 4018620d 2000000002c0 returned -16
[ 1315.217722][T13614] ptrace attach of "./syz-executor exec"[5787] was attempted by "./syz-executor exec"[13614]
[ 1315.271139][T13613] befs: (nbd0): No write support. Marking filesystem read-only
[ 1315.278974][T13613] syz.0.1578: attempt to access beyond end of device
[ 1315.278974][T13613] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1315.291814][T13613] befs: (nbd0): unable to read superblock
[ 1316.082096][   T28] audit: type=1326 audit(2000001100.560:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13624 comm="syz.2.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f471738efc9 code=0x7ffc0000
[ 1316.239165][T13627] cgroup: Bad value for 'name'
[ 1316.248372][T13627] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1582'.
[ 1316.257168][   T28] audit: type=1326 audit(2000001100.560:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13624 comm="syz.2.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f471738efc9 code=0x7ffc0000
[ 1316.398042][   T28] audit: type=1326 audit(2000001100.580:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13624 comm="syz.2.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f471738efc9 code=0x7ffc0000
[ 1316.586562][   T28] audit: type=1326 audit(2000001100.890:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13624 comm="syz.2.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f471738efc9 code=0x7ffc0000
[ 1316.947861][   T28] audit: type=1326 audit(2000001100.890:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13624 comm="syz.2.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f471738efc9 code=0x7ffc0000
[ 1317.450405][T13641] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[ 1318.660417][T13657] loop5: detected capacity change from 0 to 164
[ 1318.709249][T13657] Unable to read rock-ridge attributes
[ 1319.210527][T13664] binder: BINDER_SET_CONTEXT_MGR already set
[ 1319.217009][T13664] binder: 13660:13664 ioctl 4018620d 2000000002c0 returned -16
[ 1322.549480][T13667] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN
[ 1322.561280][T13667] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[ 1322.569731][T13667] CPU: 1 PID: 13667 Comm: syz.5.1590 Not tainted syzkaller #0
[ 1322.577234][T13667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1322.587336][T13667] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[ 1322.592956][T13667] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 b9 df f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 b9 df f9 4d 8b 24 24 48 83 c3
[ 1322.612704][T13667] RSP: 0018:ffffc9000d28fa80 EFLAGS: 00010206
[ 1322.618890][T13667] RAX: 0000000000000005 RBX: ffff88802648bd80 RCX: 0000000000080000
[ 1322.626888][T13667] RDX: ffffc90010072000 RSI: 00000000000007c4 RDI: 00000000000007c5
[ 1322.634971][T13667] RBP: 0000000000000001 R08: ffff88814c30512f R09: 1ffff11029860a25
[ 1322.642974][T13667] R10: dffffc0000000000 R11: ffffed1029860a26 R12: 0000000000000028
[ 1322.651067][T13667] R13: dffffc0000000000 R14: ffff88814c305000 R15: dffffc0000000000
[ 1322.659148][T13667] FS:  00007f6ff82606c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 1322.668101][T13667] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1322.674705][T13667] CR2: 000000110c368897 CR3: 000000001f765000 CR4: 00000000003506e0
[ 1322.682697][T13667] Call Trace:
[ 1322.685992][T13667]  <TASK>
[ 1322.689072][T13667]  pcl818_detach+0x66/0xd0
[ 1322.693515][T13667]  comedi_device_detach_locked+0x172/0x710
[ 1322.699438][T13667]  comedi_unlocked_ioctl+0xccc/0xfe0
[ 1322.704758][T13667]  ? comedi_poll+0x8c0/0x8c0
[ 1322.709478][T13667]  ? __fget_files+0x28/0x4d0
[ 1322.714088][T13667]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1322.719066][T13667]  ? security_file_ioctl+0x80/0xa0
[ 1322.724199][T13667]  ? comedi_poll+0x8c0/0x8c0
[ 1322.728809][T13667]  __se_sys_ioctl+0xfd/0x170
[ 1322.733451][T13667]  do_syscall_64+0x55/0xb0
[ 1322.738161][T13667]  ? clear_bhb_loop+0x40/0x90
[ 1322.742897][T13667]  ? clear_bhb_loop+0x40/0x90
[ 1322.747683][T13667]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1322.753769][T13667] RIP: 0033:0x7f6ff738efc9
[ 1322.758289][T13667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1322.778090][T13667] RSP: 002b:00007f6ff8260038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1322.786526][T13667] RAX: ffffffffffffffda RBX: 00007f6ff75e5fa0 RCX: 00007f6ff738efc9
[ 1322.794597][T13667] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000007
[ 1322.802707][T13667] RBP: 00007f6ff7411f91 R08: 0000000000000000 R09: 0000000000000000
[ 1322.811047][T13667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1322.819117][T13667] R13: 00007f6ff75e6038 R14: 00007f6ff75e5fa0 R15: 00007ffd7bfeeb08
[ 1322.827226][T13667]  </TASK>
[ 1322.830359][T13667] Modules linked in:
[ 1322.849861][T13672] ptrace attach of "./syz-executor exec"[5785] was attempted by "./syz-executor exec"[13672]
[ 1322.860285][T13667] ---[ end trace 0000000000000000 ]---
[ 1322.860303][T13667] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[ 1322.860339][T13667] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 49 b9 df f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 28 b9 df f9 4d 8b 24 24 48 83 c3
[ 1322.860358][T13667] RSP: 0018:ffffc9000d28fa80 EFLAGS: 00010206
[ 1322.860378][T13667] RAX: 0000000000000005 RBX: ffff88802648bd80 RCX: 0000000000080000
[ 1322.860392][T13667] RDX: ffffc90010072000 RSI: 00000000000007c4 RDI: 00000000000007c5
[ 1322.860407][T13667] RBP: 0000000000000001 R08: ffff88814c30512f R09: 1ffff11029860a25
[ 1322.860421][T13667] R10: dffffc0000000000 R11: ffffed1029860a26 R12: 0000000000000028
[ 1322.860436][T13667] R13: dffffc0000000000 R14: ffff88814c305000 R15: dffffc0000000000
[ 1322.941590][T13667] FS:  00007f6ff82606c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1322.952132][T13672] befs: (nbd2): No write support. Marking filesystem read-only
[ 1322.960318][T13672] syz.2.1592: attempt to access beyond end of device
[ 1322.960318][T13672] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1322.973302][T13672] befs: (nbd2): unable to read superblock
[ 1322.987874][T13667] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1322.994780][T13667] CR2: 000000110c35201b CR3: 000000001f765000 CR4: 00000000003526f0
[ 1323.003248][T13667] Kernel panic - not syncing: Fatal exception
[ 1323.009785][T13667] Kernel Offset: disabled
[ 1323.014147][T13667] Rebooting in 86400 seconds..