last executing test programs:

8m50.128885912s ago: executing program 1 (id=1602):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000003000000000a0000205e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000000000070000000000000000000000000000000000000000000000e02700000000000000000000000000002d00000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c00000000000000ac14142c000000000000000000000000000000000000560000000000fdffffff01000000ac141410000000000000000000000000000000003200000000000000fe800000000000000000000000000500023500000000000000000000feffffff00000000ff010000000000000000000000000001000000003c00000002000000ff0200000000000000000000000000010000000001030000000000000000000000000000ff020000000000000000000000000001000004d33c00000002000000ffffffff00000000000000000000000000000000000000000000000003000000000000000a010102000000000000000000000000000000003200000002000000ac141400000000000000000000000000ffffffff0002000000000000000000000300000020010000000000000000000000000001000000003c00000002"], 0x23c}}, 0x0) (fail_nth: 6)

8m49.5922676s ago: executing program 1 (id=1604):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="6c0000001000010028bd700001000000007fffff", @ANYRES32=0x0, @ANYBLOB="0500000061510400140003006e657464657673696d30000000000000300016802c000180280001"], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

8m49.268622336s ago: executing program 1 (id=1605):
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000008c0)=0x400002)
ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000140)={0x2, &(0x7f00000000c0)=[{0x48, 0x7, 0x29, 0xd5}, {0x6, 0x3}]})
ioctl$PPPIOCSDEBUG(r2, 0x40047440, &(0x7f0000000080)=0x9)
write(r2, &(0x7f0000000280)="4591", 0x2)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x4e21, @remote}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0xfffffffffffffe85, 0x67, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)

8m47.296068026s ago: executing program 1 (id=1615):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)}, 0x404c080)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x380, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a741e54006598080a8030000004023493b87aafaff0500ffffffe723732472eefa45ad96579269748e254c1e4a948b580a9bc430d3be27df3e34060000ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000100000000001995319cff"}, {0x3, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x3, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x2000000000000040, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bce65f81ed"}]}}}}}}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000007c0)={0x1f, 0x4, 0x70})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000008902"])
r3 = socket$kcm(0x2, 0x5, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = getpid()
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r8 = syz_pidfd_open(r5, 0x0)
setns(r8, 0x24020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x8100, &(0x7f0000000200)={0x87, 0x1, 0x80000}, 0x20)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$inet(r3, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x3e8)

8m46.194285167s ago: executing program 1 (id=1622):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x800000002, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000000)={{0x2, 0x4e22, @empty}, {0x6, @random="b16f7311fce6"}, 0x3a, {0x2, 0x4e20, @empty}, 'vlan0\x00'})
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0xc26bfe8e8f6baca8}, 0x20)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6000ed6a000b2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa33000003"], 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000000080)=0x6, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008132, 0xffffffffffffffff, 0x0)

8m45.845981431s ago: executing program 1 (id=1627):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x40000105, 0x0, 0x0, 0xfffffd30})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000ffffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x38, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}, @typed={0xc, 0x5, 0x0, 0x0, @u64=0xffffffffffffff78}]}, 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000a40)={0x24, 0x12, 0x1, 0x70bd29, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x0, [@typed={0xc, 0x135, 0x0, 0x0, @u64}]}, @nested={0x4, 0x35}]}, 0x24}], 0x1}, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000f3000040"])
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r11, &(0x7f0000000200), 0x2, 0x0)
rmdir(&(0x7f0000000080)='./cgroup/../file0\x00')
openat$cgroup_subtree(r11, &(0x7f00000000c0), 0x2, 0x0)
r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r12, 0x1, 0x0, 0x0, {0x3d}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xffffffffffffff64, 0x82}, {0x8, 0x87}}]}, 0x4c}}, 0x0)
r14 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r14, 0x400, 0x1)
r15 = getpid()
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0xa8, r12, 0x200, 0x70bd2b, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r15}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r15}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4091}, 0x5a6f36dc7a5870be)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
recvmmsg(r0, &(0x7f0000004980)=[{{0x0, 0x0, &(0x7f0000002300)=[{&(0x7f00000020c0)=""/10, 0xa}, {0x0}], 0x2}, 0x9}], 0x1, 0x2, 0x0)

8m45.417734463s ago: executing program 32 (id=1627):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x40000105, 0x0, 0x0, 0xfffffd30})
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000ffffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x38, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}, @typed={0xc, 0x5, 0x0, 0x0, @u64=0xffffffffffffff78}]}, 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000a40)={0x24, 0x12, 0x1, 0x70bd29, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x0, [@typed={0xc, 0x135, 0x0, 0x0, @u64}]}, @nested={0x4, 0x35}]}, 0x24}], 0x1}, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000f3000040"])
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r11, &(0x7f0000000200), 0x2, 0x0)
rmdir(&(0x7f0000000080)='./cgroup/../file0\x00')
openat$cgroup_subtree(r11, &(0x7f00000000c0), 0x2, 0x0)
r12 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r12, 0x1, 0x0, 0x0, {0x3d}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xffffffffffffff64, 0x82}, {0x8, 0x87}}]}, 0x4c}}, 0x0)
r14 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r14, 0x400, 0x1)
r15 = getpid()
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0xa8, r12, 0x200, 0x70bd2b, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r15}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r15}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4091}, 0x5a6f36dc7a5870be)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
recvmmsg(r0, &(0x7f0000004980)=[{{0x0, 0x0, &(0x7f0000002300)=[{&(0x7f00000020c0)=""/10, 0xa}, {0x0}], 0x2}, 0x9}], 0x1, 0x2, 0x0)

8m10.389011248s ago: executing program 5 (id=1760):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x14, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) (fail_nth: 7)

8m9.748784851s ago: executing program 5 (id=1761):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000bc0)=@newqdisc={0x5c, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x5, 0x5, 0x800, 0x0, 0x1aa2, 0xc}}, {0x4}}]}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) (fail_nth: 8)

8m9.113731079s ago: executing program 5 (id=1763):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000e5876e4040200516940a0000000109022d00010000000009040000035883b200090589000000000000090585"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x8040)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a3200000000f70007404884b24b02a8a7758a688958ed60ecfd057e10926ba77e5596b13e43cd4488e4aa68a75f7236ec205b6e4cac2a0d86c336bf07dbe861f4f57bcef92dcf818d532d4475b5daa4dadc1690f228e860bba5a0b5d9bde86862e8f7fc08f0debd4974c6fae7d737a0007ec948ac4d8714ebff6b25648fb910e0d6d07f023cf5fa4051627b9c5b69e265538f9ba683bf172a5ff815afa543c12e550a1bcc9287080c7c12cc89d216c56febb0b06134672ea6b0077c846396169475f271319988f49ec94f2996e5d0e1cb151fb223e556f10fb681d068e055eb34e5f8fc7a524ffe5f4632a6c74ad0fe0b1542497d76a5a4416c47805e001c0005800800014000000008080002"], 0x1ec}, 0x1, 0x0, 0x0, 0x4000840}, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x0)
r3 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x400, 0x0, 0x207}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
poll(&(0x7f00000000c0)=[{r3}], 0x1, 0x9)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000080)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f00000004c0)={0x94, 0x0, 0x300, 0x70bd27, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x7}, {0x5, 0x12, 0x1}}]}, 0x94}, 0x1, 0x0, 0x0, 0x80}, 0x4)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000000206030500000000000000008a0000077374ded98419bb0e4aa6e8a789171bcf5500f3e6038d479e8556eb77be3b656501d7c32f277457911253820015ee33b0019975b9fbca0e8bd61c78f396a8f12996361c516fa77b6cd2b10fe69c97de1aa1d283b41f2c41ff409ba9445c3a7481b9be3d76b21c30cf57125253f89793632162f7b72f970fed53d9f0f0ffcb91ffbf8597ebd6294779e5d95545dd57d4fad8ab120351a4c44bf8216e470481f6c0800f65faec5633630e4d33c80565da43585812cf3e1bac0a1eb9d27c72f9c29cf3529faecd445886e1d24de42744d4d9eccbce1f6277eb4d0d6fd7d64e6a8637c5b2bb8cd34d0800004629c4a967"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x8044)
syz_usb_connect(0x0, 0x34, &(0x7f0000000100)=ANY=[@ANYBLOB="12010300a6ff0540cdabeecdb905000000010902220001000000000904000001010351000905f6fefffffff000072501"], 0x0)

8m6.622943934s ago: executing program 5 (id=1782):
ioctl$sock_ifreq(0xffffffffffffffff, 0x8991, &(0x7f0000000000)={'bond0\x00', @ifru_names='bond_slave_1\x00'})
r0 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
unshare(0x2c020400)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0xc00000000000018, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x0, 0xffffffffffffffff, 0x1e, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x11}, 0x48)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c00000010000104000000020000000000000000", @ANYRES32=0x0, @ANYBLOB="01310100220002003c0012800e000100a538ce75727370616e000080280002a0141e050000000000000000000000ffffac141426080004000000050000000c0051000000"], 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x40000)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x5c}}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCBRDELBR(r9, 0x89a2, &(0x7f0000000000)='bridge0\x00')
close(r0)

8m5.58452459s ago: executing program 5 (id=1791):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r0, 0x7ac, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r1, 0x6)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1, 0x3, 0x8000000000007, 0xaa, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x8, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3f7, 0x1}}, {0x0, 0x11}}}, 0xa0)
r2 = syz_io_uring_setup(0x65fb, &(0x7f0000000240)={0x0, 0x2000f3ec, 0x2, 0x0, 0x34d}, &(0x7f0000000440)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup(r2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000500)={'syzkaller1\x00', @local})
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), 0xffffffffffffffff)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000040)={{}, @hyper, 0x0, 0x4, 0x9, 0xffbffffffffffffd, 0x0, 0x2, 0x4})
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r9 = dup(r8)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r9, r7, &(0x7f00002bc000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000480)="2e67652aad6900c4e3fd01d18e66b8fc008ee0c744240008000000c744240200800000c7442406000000000f011424c4c178ae5cc7570f01c867660f388017b9800000c00f3235004000000f30660f01ba05000000660f2b0d0c000000", 0x5d}], 0x1, 0x34, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
sendmsg$IPVS_CMD_GET_SERVICE(r5, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="08002dbd7000fddbdf25040000000800060000000000080004000f0000003800018014000300ac1414aa000000000000000000000000080005000200000008000b0073697000060004004e230000080009007b0000001c000180060001000200000008000b007369700008000b007369700008000500f9ffffff2000038014000600fc020000000000000000000000000000060007004e2000005800028005000d000000000006000e004e230000080006000500000006000e004e2100000800060004000000080004008100000008000500ff0f000005000d000000000014000100ac14141100"/242, @ANYRES16], 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x80)
pipe(&(0x7f0000000080))
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00')
socket(0x10, 0x3, 0x0)
write(r9, &(0x7f0000000000)="3c00000058001f000307f4f9002304000a04d65f0800010002010002170003800500000099db973b91aa057972513500b0406700912deb5b85932234", 0x3c)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="5c0000001000010028bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="317a040094980000140003006e657464657673696d3000000000000014001680100001800c0005"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x80)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})

8m4.870029662s ago: executing program 5 (id=1793):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x30, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

8m4.220850521s ago: executing program 33 (id=1793):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x30, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

3m57.509839863s ago: executing program 4 (id=1987):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14, 0x10, 0x1, 0x66000000, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0xd1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xdc}}, 0x0)

3m57.38966565s ago: executing program 4 (id=1989):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,\x00'])
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x181942, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x8000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000004c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ff8}]})
r2 = socket$inet6(0xa, 0x3, 0xff)
dup2(r2, r2)
socketpair(0x1d, 0x2, 0x2, &(0x7f0000000280))
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240), 0x4000095, 0x0)
getpeername$l2tp6(0xffffffffffffffff, 0x0, 0x0)

3m57.125905477s ago: executing program 4 (id=1990):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r1=>0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'pim6reg0\x00', 0x2})
ioctl$TUNSETOFFLOAD(r3, 0x400454c9, 0x3)
ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x16)
connect$unix(r2, &(0x7f0000000040)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, 0x0, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x200000d5}, 0x40000)
sendmsg(r0, 0x0, 0x40c0)

3m56.87857317s ago: executing program 4 (id=1991):
r0 = socket(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[])
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00')
sendfile(r3, r3, &(0x7f0000000000)=0x2eb4, 0x2000007ff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'vlan1\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="000000000000000010010c"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, 0x0, 0x8)
connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, 0x0)
capset(0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200002, 0x3, &(0x7f0000a00000/0x600000)=nil)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002340)={0xffffffffffffffff, 0x35, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0x8155, 0x0}}, 0x10)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0)
sendto$inet6(r5, &(0x7f0000000440)="f0b6d2", 0x3, 0x3b00, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0)

3m55.959535055s ago: executing program 4 (id=1996):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a30000000090a010400000000000000000a0000090900010073797a3100000000080005400000002b080009"], 0x58}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x8000000)

3m55.009493823s ago: executing program 4 (id=2002):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000040)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=r0], 0x80}}, 0x0)

3m54.029330226s ago: executing program 34 (id=2002):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000040)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=r0], 0x80}}, 0x0)

2m43.413715666s ago: executing program 6 (id=2347):
syz_open_dev$evdev(&(0x7f000001fa80), 0x20000000, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200)={0x0, 0x49e74, 0x1000, 0x1}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r5, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080), 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_LINK_TIMEOUT={0xf, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1})
io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="6e65772064656661756ccbb5b2ee2c1a2a480d187539217420747275737465643a73795189ac2930fcc948303030303030303030303430393600"], 0x2d, 0xfffffffffffffff9)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_trie\x00')
preadv(r6, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/188, 0xbc}], 0x1, 0x7ff, 0x3)
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r8, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000980)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c003a5eca2000000000000000000000000000b49828799524b2a60000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000feffffffff7f400002000000000100080000000000000000010000000000000044000500ac1414aa000000000000007400000000000000003c00000000000000ac1414aa00000000000000000000000006000000040300000000000000000000000000000944f1747b78338cae1d3e3a38db2401a520d76ad98848a723855cf85cc21903f0467857dd11e7ceca35f55461ec33e31ae7241f8575805712f0a8f5e33adc072ad0e2244e2a097a35888236ffcb83a146e16c090b68a69d027db50050f6e3a22ddf4262ba46931e311ea2b5fdb679304fc9ce3635cc1ccab8d40a1d7903e5b605e89816b476ca81599b359508e30ac6de26437f725328b9010974f3ffad98246008e00a6f07f89707ac280374084747a25a"], 0xfc}}, 0x0)
r10 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r10, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f00000000c0)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000100)={@host})
r11 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r11, 0x7a7, &(0x7f00000000c0)=0xa0000)
r12 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r12, 0xc0905664, &(0x7f0000000540)={0x0, 0x0, '\x00', @bt={0x7bb, 0x3, 0x0, 0x4, 0x2, 0x8, 0x1a, 0xa}})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r11, 0x7a0, &(0x7f0000000040)={@host})

2m43.17721007s ago: executing program 6 (id=2349):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000bc0)=@newqdisc={0x5c, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x5, 0x5, 0x800, 0x0, 0x1aa2, 0xc}}, {0x4}}]}, @qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x2000000)

2m42.934068347s ago: executing program 6 (id=2352):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="7c0000000001010000000002000002240001801400018008000100ac1e004108000200ac1414000c0002800500010000000008240002800c00028005000100000000001e03010800020000000000080007400000000018000e801400018008000100ac14142a08000200ac14143800"/124], 0x7c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
fgetxattr(r2, &(0x7f0000000040)=@known='system.sockprotoname\x00', 0x0, 0x0)
sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xe8, 0x0, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x10}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7ff}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xaf}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xf0}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x5e}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xd}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8af0}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffffff}]}, 0xe8}, 0x1, 0x0, 0x0, 0x41}, 0x24000004)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000003000000000a0000205e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000000000070000000000000000000000000000000000000000000000e02700000000000000000000000000002d00000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c00000000000000ac14142c000000000000000000000000000000000000560000000000fdffffff01000000ac141410000000000000000000000000000000003200000000000000fe800000000000000000000000000500023500000000000000000000feffffff00000000ff010000000000000000000000000001000000003c00000002000000ff0200000000000000000000000000010000000001030000000000000000000000000000ff020000000000000000000000000001000004d33c00000002000000ffffffff00000000000000000000000000000000000000000000000003000000000000000a010102000000000000000000000000000000003200000002000000ac141400000000000000000000000000ffffffff0002000000000000000000000300000020010000000000000000000000000001000000003c00000002"], 0x23c}}, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0x80087601, &(0x7f00000002c0))

2m42.589031999s ago: executing program 6 (id=2354):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0xc70, 0xf011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x40}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00')
sendfile(r4, r4, &(0x7f0000000000)=0x2eb4, 0x2000007ff)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r5, 0x1, 0xb, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000200)={0x18, &(0x7f0000000040)={0x3a, 0x2, 0x7, {0x7, 0x0, "34fe801d5e"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

2m39.807421974s ago: executing program 6 (id=2364):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket(0x80000000000000a, 0x2, 0x0)
r5 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2a, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1d, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff0000000015040200000000001d400200000000004704000001ed000062030000000000001d440000000000007a0a00fe00ffffffdb03000040000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa5b4e377184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7592566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6cb5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
sendto$inet6(r6, &(0x7f0000000340)="d4d7efad020efa27e4b5b271825ef53d030f992ff58468566c6fc090ac508f876b89a6004f4d6aa59f13c8afda4bfc2137c8a1d584595b77c2a5f6a72a6d627f3408143aae7315bb608e1557b707b38c30f447a288036c", 0x57, 0x10, 0x0, 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b000000000000000000000000000400000000009b9a8b3e8fb5aae71dc2eae5862f4edce40f5911d803d8b0e81a0159eed235ba1a270baef8d5ba02f94bb6abe1c0926de13b49e11311ee9bdf6c76f1eca0391ce325ee906e6d38990b81f64a863a89844e153cf3b32747f5e32accb8a581775b80aa60bc8c16f9437e88064123c42d9c083d99df9e167548450e9318b3", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r7, 0x2c9ab000)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
close(r4)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f00000001c0)={0x60, 0x3, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000001000/0x4000)=nil, 0x0, 0x0, 0x88, 0xfffffffffffffffd, 0xc, 0x0, 0x0, 0x24})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f00000001c0)={0x48, 0x4})

2m38.756189118s ago: executing program 6 (id=2368):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
unshare(0x28000080)
syz_clone(0x142000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x8, &(0x7f0000000300)=0x1000001, 0x4)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="580000000206010300000000000000000000000005000400000000000900020073797a31000000001400078008000840000000200500140005000000050005000200000005000100060000000c000300686173683a6970"], 0x58}}, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="600100001000130726bd70000000000000000000000000000000ffffe0000002ac1414130000000000000000000000004e22000100000003020000003a000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8800000000000000000000000000010000000032000000fe8000000000000000000000000000aa000000000000000000000000000000000b000000000000000a000000000000000600000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000200000000000000f8ffffffffffffff0c000000000000000200000029bd70000000000002000000280000000000000068001200726663343534332867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e000000080000000316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa080016"], 0x160}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x8, 0x0, 0x20)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='uid_map\x00')
r6 = socket$pptp(0x18, 0x1, 0x2)
connect(r6, &(0x7f0000000480)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80)
pread64(r6, &(0x7f0000000500)=""/133, 0x85, 0x3)
preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x0)
connect$unix(r5, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000100)=[{0x4, 0x8, 0x9, 0x8}]})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$SIOCSIFMTU(r0, 0x89fb, &(0x7f0000000040)={'bond0\x00', 0x40})

2m37.903108035s ago: executing program 35 (id=2368):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
unshare(0x28000080)
syz_clone(0x142000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x8, &(0x7f0000000300)=0x1000001, 0x4)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="580000000206010300000000000000000000000005000400000000000900020073797a31000000001400078008000840000000200500140005000000050005000200000005000100060000000c000300686173683a6970"], 0x58}}, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="600100001000130726bd70000000000000000000000000000000ffffe0000002ac1414130000000000000000000000004e22000100000003020000003a000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8800000000000000000000000000010000000032000000fe8000000000000000000000000000aa000000000000000000000000000000000b000000000000000a000000000000000600000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000200000000000000f8ffffffffffffff0c000000000000000200000029bd70000000000002000000280000000000000068001200726663343534332867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e000000080000000316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa080016"], 0x160}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x8, 0x0, 0x20)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='uid_map\x00')
r6 = socket$pptp(0x18, 0x1, 0x2)
connect(r6, &(0x7f0000000480)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80)
pread64(r6, &(0x7f0000000500)=""/133, 0x85, 0x3)
preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x0)
connect$unix(r5, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000100)=[{0x4, 0x8, 0x9, 0x8}]})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$SIOCSIFMTU(r0, 0x89fb, &(0x7f0000000040)={'bond0\x00', 0x40})

11.496358563s ago: executing program 2 (id=2908):
socket$unix(0x1, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
accept4$inet6(r0, 0x0, 0x0, 0x0)

11.301768933s ago: executing program 2 (id=2910):
r0 = syz_open_procfs(0x0, &(0x7f0000000640)='mountinfo\x00')
io_setup(0x3, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x9, r0, 0x0, 0x0, 0xbda, 0x0, 0x0, r0}])

11.07699056s ago: executing program 2 (id=2912):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002980)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f00000003c0)={0x50, 0x0, r1, {0x7, 0x1f, 0x2000, 0xa68d7c519f008ff1, 0xffbc, 0x6, 0x8, 0x0, 0x0, 0x0, 0x100}}, 0x50)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x6}, 0x1c)
connect$inet6(r2, 0x0, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/165, 0xa5, 0x1, 0x0}, 0x0)
read$FUSE(r0, &(0x7f00000049c0)={0x2020}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000deff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200", 0x2000, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x100, 0x8)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040), 0x0)

10.037892891s ago: executing program 2 (id=2921):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x10}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x10}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {}, {0x8, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1ec6b}, @TCA_FLOW_XOR={0x8, 0x7, 0x7}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x8}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000009}, 0x4848)

9.778894977s ago: executing program 2 (id=2926):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000240)={0x1, 0x0, [{0xc0010117, 0x0, 0x800}]})

9.485119791s ago: executing program 2 (id=2931):
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @ioapic={0x10000, 0x2004, 0x8, 0xfffffbc5, 0x0, [{0x6d, 0x4, 0xb0, '\x00', 0xd}, {0x7, 0x8, 0x1, '\x00', 0x15}, {0x6, 0x41, 0x9, '\x00', 0x4}, {0x51, 0x3, 0x8, '\x00', 0x9}, {0x8, 0x50, 0x82, '\x00', 0x5e}, {0x0, 0xf0, 0x4, '\x00', 0x87}, {0x3, 0xf4, 0x1, '\x00', 0x8}, {0xa, 0x7, 0xb, '\x00', 0x45}, {0x7b, 0x5, 0xfe, '\x00', 0xff}, {0x6, 0x6, 0x0, '\x00', 0x6}, {0x2, 0x11, 0x2, '\x00', 0x1}, {0x8, 0x24, 0x4, '\x00', 0xff}, {0x3, 0x86, 0xc, '\x00', 0xe9}, {0x5, 0x4e, 0x2}, {0x4, 0x4, 0x2, '\x00', 0x7}, {0x0, 0x0, 0x5, '\x00', 0x7f}, {0x3, 0xd, 0xd1, '\x00', 0x4}, {0x4c, 0x3, 0x2, '\x00', 0xfe}, {0x8, 0x1, 0xbe, '\x00', 0xf7}, {0x2, 0x3, 0xb, '\x00', 0x48}, {0x7, 0x3, 0x2, '\x00', 0x4}, {0x5, 0x0, 0x0, '\x00', 0x4}, {0x93, 0xae, 0x4, '\x00', 0xe6}, {0x83, 0x3f, 0x9, '\x00', 0x57}]}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x82042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000071000040"])

2.490808364s ago: executing program 8 (id=2997):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26)
r1 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)

1.62586688s ago: executing program 3 (id=2998):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r1 = socket$netlink(0x10, 0x3, 0x0)
preadv(r0, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000380)=""/183, 0xb7}], 0x2, 0x4, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

1.536831896s ago: executing program 8 (id=2999):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg$inet_sctp(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1, &(0x7f0000000180)=[@prinfo={0x18, 0x84, 0x5, {0x30, 0x8}}, @sndrcv={0x30, 0x84, 0x1, {0x8, 0x6, 0x2, 0x9, 0x7, 0x1, 0x7, 0xa}}], 0x48, 0x4048801}, 0x54)

1.397713783s ago: executing program 8 (id=3002):
r0 = syz_open_dev$loop(&(0x7f00000014c0), 0xe, 0x100)
ioctl$BLKFRAGET(r0, 0x1265, &(0x7f0000001500))

1.300691943s ago: executing program 8 (id=3003):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r3, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, r4, 0x3, 0x610c0}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e22}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x8001}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)

1.15254926s ago: executing program 7 (id=3006):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r1}, 0x8)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000700)=@sack_info={r3, 0x1, 0x6}, &(0x7f0000000740)=0xc)

1.09775608s ago: executing program 0 (id=3008):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000fcffffff000000000000000095"], &(0x7f0000000300)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="09030000ffffffffffff29"], 0x14}}, 0x0)

1.077629884s ago: executing program 3 (id=3009):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000000380)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1000000}, [@call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)

998.574131ms ago: executing program 7 (id=3010):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f315217", 0xe8}], 0x1}}], 0x1, 0x4000001)

888.578399ms ago: executing program 0 (id=3011):
r0 = socket(0x200000000000011, 0x2, 0xd)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'syz_tun\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000080)={0x11, 0x800, r2, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r3=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000580)={@local, @link_local={0x3}, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x3, 0xd7}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

888.478304ms ago: executing program 3 (id=3012):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000001480)=0x1, 0x4)

888.062551ms ago: executing program 7 (id=3013):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x83, &(0x7f00000002c0)="1a00000002000000", 0x8)

713.78129ms ago: executing program 8 (id=3014):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x8442, 0xdc)
fcntl$getflags(r0, 0x3)

705.757508ms ago: executing program 0 (id=3015):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000040)={0xa0000001})
epoll_pwait2(0xffffffffffffffff, &(0x7f0000000080)=[{}], 0x1, &(0x7f00000000c0), 0x0, 0x0)

625.699979ms ago: executing program 7 (id=3016):
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$netlink(0x10, 0x3, 0x4)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={r2, 0x2590}, 0x8)

565.877808ms ago: executing program 3 (id=3017):
unshare(0x2c020400)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = epoll_create1(0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, 0xffffffffffffffff, 0xfe33)

565.765516ms ago: executing program 8 (id=3018):
r0 = socket$packet(0x11, 0x3, 0x300)
readv(r0, &(0x7f0000000180)=[{0x0}, {&(0x7f0000000080)=""/57, 0x39}], 0x2)

526.6968ms ago: executing program 0 (id=3019):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r1}, 0x8)
socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000700)=@sack_info={0x0, 0x1, 0x6}, &(0x7f0000000740)=0xc)

433.869105ms ago: executing program 7 (id=3020):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)

389.76544ms ago: executing program 3 (id=3021):
r0 = socket$inet6(0xa, 0x800000000000007, 0x0)
setsockopt$inet_opts(r0, 0x0, 0xb, 0x0, 0x0)

270.926562ms ago: executing program 0 (id=3022):
mprotect(&(0x7f0000001000/0x400000)=nil, 0x400000, 0x0)
msgsnd(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="01"], 0x401, 0x0)

199.314453ms ago: executing program 7 (id=3023):
pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RFSYNC(r0, &(0x7f0000000200)={0x7, 0x33, 0x2}, 0x7)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r2 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2)
ftruncate(r2, 0xffff)
fcntl$addseals(r2, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000140)={r2, 0x1, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000001, 0x11, r3, 0x4000)
write$P9_RSETATTR(r0, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)

105.916µs ago: executing program 0 (id=3024):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3c, &(0x7f0000000280)=0x9, 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000180)={{0x2, 0x0, @empty}, {0x20000010304, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, 0x2, {0x2, 0x4e20, @multicast2}})

0s ago: executing program 3 (id=3025):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000001000010400000200ffffffff00000000", @ANYRES32=0x0, @ANYBLOB="07950000800e02002c001280110001006272696467655f736c61766500000000140005800600020000000000080003000f000900140003006272696467655f736c6176655f31"], 0x60}, 0x1, 0x0, 0x0, 0x20004885}, 0x4014)

kernel console output (not intermixed with test programs):

failed. (-71)
[  821.385699][ T5236] Dev loop2: unable to read RDB block 7
[  821.392181][T11229] az6027: usb out operation failed. (-71)
[  821.397972][T11229] stb0899_attach: Driver disabled by Kconfig
[  821.405443][ T5236]  loop2: unable to read partition table
[  821.413024][ T5236] loop2: partition table beyond EOD, truncated
[  821.419531][T11229] az6027: no front-end attached
[  821.419531][T11229] 
[  821.438104][T11229] az6027: usb out operation failed. (-71)
[  821.449278][T11229] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  821.477700][T11229] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input49
[  821.777190][ T5958] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  821.788685][ T5958] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  821.800727][ T5958] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  821.814673][ T5958] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  821.825835][T11229] dvb-usb: schedule remote query interval to 400 msecs.
[  821.852073][T11229] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  821.913881][ T5958] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.960874][T11229] usb 3-1: USB disconnect, device number 62
[  822.010670][ T5958] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  822.124769][ T5236] Dev loop2: unable to read RDB block 7
[  822.154248][T11229] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  822.174203][ T5236]  loop2: unable to read partition table
[  822.191691][ T5236] loop2: partition table beyond EOD, truncated
[  822.334253][T14445] netlink: 'syz.8.2456': attribute type 2 has an invalid length.
[  822.416470][ T5236] Dev loop2: unable to read RDB block 7
[  822.424578][ T5236]  loop2: unable to read partition table
[  822.440140][ T5236] loop2: partition table beyond EOD, truncated
[  822.440599][T14450] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2459'.
[  822.510702][T14450] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2459'.
[  822.686517][T14460] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2460'.
[  822.787406][ T5236] Dev loop2: unable to read RDB block 7
[  822.921695][ T5236]  loop2: unable to read partition table
[  822.945505][ T5236] loop2: partition table beyond EOD, truncated
[  823.160261][T14468] netlink: zone id is out of range
[  823.165423][T14468] netlink: zone id is out of range
[  823.170693][T14468] netlink: zone id is out of range
[  823.175856][T14468] netlink: zone id is out of range
[  823.181031][T14468] netlink: zone id is out of range
[  823.186157][T14468] netlink: zone id is out of range
[  823.191388][T14468] netlink: zone id is out of range
[  823.196511][T14468] netlink: zone id is out of range
[  823.201687][T14468] netlink: zone id is out of range
[  823.206808][T14468] netlink: zone id is out of range
[  824.167287][T14471] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  824.222877][ T5944] usb 1-1: USB disconnect, device number 78
[  824.571607][ T5236] Dev loop2: unable to read RDB block 7
[  824.577212][ T5236]  loop2: unable to read partition table
[  824.706942][ T5236] loop2: partition table beyond EOD, truncated
[  824.798585][   T54] usb 1-1: new full-speed USB device number 79 using dummy_hcd
[  824.844775][T14484] FAULT_INJECTION: forcing a failure.
[  824.844775][T14484] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  824.898722][T14484] CPU: 1 UID: 0 PID: 14484 Comm: syz.7.2466 Not tainted syzkaller #0 PREEMPT(full) 
[  824.898749][T14484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  824.898760][T14484] Call Trace:
[  824.898767][T14484]  <TASK>
[  824.898776][T14484]  dump_stack_lvl+0x189/0x250
[  824.898802][T14484]  ? __pfx____ratelimit+0x10/0x10
[  824.898816][T14484]  ? __pfx_dump_stack_lvl+0x10/0x10
[  824.898828][T14484]  ? __pfx__printk+0x10/0x10
[  824.898842][T14484]  ? __might_fault+0xb0/0x130
[  824.898862][T14484]  should_fail_ex+0x414/0x560
[  824.898880][T14484]  _copy_from_user+0x2d/0xb0
[  824.898900][T14484]  ___sys_sendmsg+0x158/0x2a0
[  824.898916][T14484]  ? __pfx____sys_sendmsg+0x10/0x10
[  824.898951][T14484]  ? __might_fault+0xb0/0x130
[  824.898965][T14484]  __sys_sendmmsg+0x227/0x430
[  824.898981][T14484]  ? __pfx___sys_sendmmsg+0x10/0x10
[  824.898992][T14484]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  824.899017][T14484]  ? ksys_write+0x22a/0x250
[  824.899031][T14484]  ? __pfx_ksys_write+0x10/0x10
[  824.899043][T14484]  ? rcu_is_watching+0x15/0xb0
[  824.899057][T14484]  __x64_sys_sendmmsg+0xa0/0xc0
[  824.899070][T14484]  do_syscall_64+0xfa/0x3b0
[  824.899081][T14484]  ? lockdep_hardirqs_on+0x9c/0x150
[  824.899091][T14484]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.899102][T14484]  ? clear_bhb_loop+0x60/0xb0
[  824.899114][T14484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.899123][T14484] RIP: 0033:0x7f8b0178eec9
[  824.899134][T14484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  824.899143][T14484] RSP: 002b:00007f8b025c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  824.899154][T14484] RAX: ffffffffffffffda RBX: 00007f8b019e5fa0 RCX: 00007f8b0178eec9
[  824.899162][T14484] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[  824.899169][T14484] RBP: 00007f8b025c0090 R08: 0000000000000000 R09: 0000000000000000
[  824.899175][T14484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  824.899182][T14484] R13: 00007f8b019e6038 R14: 00007f8b019e5fa0 R15: 00007f8b01b0fa28
[  824.899197][T14484]  </TASK>
[  825.119415][ T5867] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  825.250320][   T54] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  825.258764][   T54] usb 1-1: config 0 has no interface number 0
[  825.265578][   T54] usb 1-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F
[  825.277543][   T54] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  825.288639][   T54] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  825.299115][ T5867] usb 3-1: Using ep0 maxpacket: 8
[  825.308558][   T54] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  825.317803][   T54] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  825.317829][   T54] usb 1-1: Product: syz
[  825.317842][   T54] usb 1-1: SerialNumber: syz
[  825.321288][   T54] usb 1-1: config 0 descriptor??
[  825.331088][   T54] cm109 1-1:0.8: invalid payload size 0, expected 4
[  825.352615][ T5867] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  825.362329][   T54] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input51
[  825.425296][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  825.498612][ T5867] usb 3-1: Product: syz
[  825.502938][ T5867] usb 3-1: Manufacturer: syz
[  825.529748][T14478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  825.548350][ T5867] usb 3-1: SerialNumber: syz
[  825.557919][T14478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  825.587733][ T5867] usb 3-1: config 0 descriptor??
[  825.628350][ T5867] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  825.929107][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  825.930688][ T5958] usb 1-1: USB disconnect, device number 79
[  825.936094][    C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  826.034596][ T5958] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  826.578557][   T54] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  826.660920][ T5867] gspca_sonixj: reg_w1 err -71
[  826.698889][ T5867] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  826.728720][   T54] usb 9-1: Using ep0 maxpacket: 8
[  826.735793][   T54] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  826.743989][ T5867] usb 3-1: USB disconnect, device number 63
[  826.786131][   T54] usb 9-1: config 0 has no interface number 0
[  826.813267][   T54] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  826.843658][   T54] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  826.863352][   T54] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  826.896001][   T54] usb 9-1: config 0 descriptor??
[  826.925666][   T54] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  827.254997][ T5236] Dev loop2: unable to read RDB block 7
[  827.268288][ T5236]  loop2: unable to read partition table
[  827.282009][ T5236] loop2: partition table beyond EOD, truncated
[  828.153428][T14543] netlink: 'syz.7.2475': attribute type 15 has an invalid length.
[  828.197588][T14543] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2475'.
[  828.681994][ T5958] usb 9-1: USB disconnect, device number 6
[  828.944840][T14543] netlink: 140 bytes leftover after parsing attributes in process `syz.7.2475'.
[  829.128310][ T5236] Dev loop2: unable to read RDB block 7
[  829.218485][ T5236]  loop2: unable to read partition table
[  829.224378][ T5236] loop2: partition table beyond EOD, truncated
[  829.615476][ T5236] Dev loop2: unable to read RDB block 7
[  829.650353][ T5236]  loop2: unable to read partition table
[  829.670008][ T5236] loop2: partition table beyond EOD, truncated
[  829.968493][ T5236] Dev loop2: unable to read RDB block 7
[  829.974748][ T5236]  loop2: unable to read partition table
[  830.003849][T14572] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2481'.
[  830.017374][ T5236] loop2: partition table beyond EOD, truncated
[  830.224043][ T5236] Dev loop2: unable to read RDB block 7
[  830.277098][ T5236]  loop2: unable to read partition table
[  830.299369][ T5236] loop2: partition table beyond EOD, truncated
[  832.415041][T14609] loop7: detected capacity change from 0 to 7
[  832.817372][T14609] Dev loop7: unable to read RDB block 7
[  832.825172][T14609]  loop7: unable to read partition table
[  832.849701][T14609] loop7: partition table beyond EOD, truncated
[  832.856010][T14609] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  833.559841][ T5236] Dev loop2: unable to read RDB block 7
[  833.565553][ T5236]  loop2: unable to read partition table
[  833.573460][ T5236] loop2: partition table beyond EOD, truncated
[  833.600530][T14623] fuse: Unknown parameter '��{;�wJ�ש�Rfd'
[  833.780657][T14627] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2496'.
[  833.808993][T14627] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2496'.
[  833.864535][ T5236] Dev loop2: unable to read RDB block 7
[  833.888605][ T5236]  loop2: unable to read partition table
[  833.894647][ T5236] loop2: partition table beyond EOD, truncated
[  834.033159][T14635] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2497'.
[  834.066582][T14635] syzkaller1: entered promiscuous mode
[  834.078719][T14635] syzkaller1: entered allmulticast mode
[  834.267660][T14643] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2500'.
[  834.278076][ T5236] Dev loop2: unable to read RDB block 7
[  834.293268][ T5236]  loop2: unable to read partition table
[  834.300309][ T5236] loop2: partition table beyond EOD, truncated
[  834.352231][ T5236] Dev loop2: unable to read RDB block 7
[  834.359881][ T5236]  loop2: unable to read partition table
[  834.365847][ T5236] loop2: partition table beyond EOD, truncated
[  834.463901][ T5236] Dev loop2: unable to read RDB block 7
[  834.476113][ T5236]  loop2: unable to read partition table
[  834.482795][ T5236] loop2: partition table beyond EOD, truncated
[  834.499791][T14652] FAULT_INJECTION: forcing a failure.
[  834.499791][T14652] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  834.515651][T14652] CPU: 1 UID: 0 PID: 14652 Comm: syz.2.2504 Not tainted syzkaller #0 PREEMPT(full) 
[  834.515676][T14652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  834.515687][T14652] Call Trace:
[  834.515694][T14652]  <TASK>
[  834.515703][T14652]  dump_stack_lvl+0x189/0x250
[  834.515728][T14652]  ? __pfx____ratelimit+0x10/0x10
[  834.515746][T14652]  ? __pfx_dump_stack_lvl+0x10/0x10
[  834.515765][T14652]  ? __pfx__printk+0x10/0x10
[  834.515810][T14652]  should_fail_ex+0x414/0x560
[  834.515836][T14652]  _copy_to_user+0x31/0xb0
[  834.515859][T14652]  simple_read_from_buffer+0xe1/0x170
[  834.515887][T14652]  proc_fail_nth_read+0x1b3/0x220
[  834.515910][T14652]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  834.515933][T14652]  ? rw_verify_area+0x2a6/0x4d0
[  834.515953][T14652]  ? __lock_acquire+0xab9/0xd20
[  834.515976][T14652]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  834.515995][T14652]  vfs_read+0x200/0xa30
[  834.516015][T14652]  ? fdget_pos+0x247/0x320
[  834.516034][T14652]  ? __pfx___mutex_lock+0x10/0x10
[  834.516055][T14652]  ? __pfx_vfs_read+0x10/0x10
[  834.516079][T14652]  ? __fget_files+0x2a/0x420
[  834.516098][T14652]  ? __fget_files+0x3a0/0x420
[  834.516113][T14652]  ? __fget_files+0x2a/0x420
[  834.516139][T14652]  ksys_read+0x145/0x250
[  834.516164][T14652]  ? __pfx_ksys_read+0x10/0x10
[  834.516183][T14652]  ? rcu_is_watching+0x15/0xb0
[  834.516208][T14652]  ? do_syscall_64+0xbe/0x3b0
[  834.516230][T14652]  do_syscall_64+0xfa/0x3b0
[  834.516247][T14652]  ? lockdep_hardirqs_on+0x9c/0x150
[  834.516265][T14652]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.516283][T14652]  ? clear_bhb_loop+0x60/0xb0
[  834.516304][T14652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.516321][T14652] RIP: 0033:0x7f17fed8d8dc
[  834.516338][T14652] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  834.516354][T14652] RSP: 002b:00007f17ffb89030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  834.516374][T14652] RAX: ffffffffffffffda RBX: 00007f17fefe5fa0 RCX: 00007f17fed8d8dc
[  834.516388][T14652] RDX: 000000000000000f RSI: 00007f17ffb890a0 RDI: 0000000000000005
[  834.516400][T14652] RBP: 00007f17ffb89090 R08: 0000000000000000 R09: 0000000000000000
[  834.516411][T14652] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000002
[  834.516423][T14652] R13: 00007f17fefe6038 R14: 00007f17fefe5fa0 R15: 00007f17ff10fa28
[  834.516455][T14652]  </TASK>
[  834.785546][ T5236] Dev loop2: unable to read RDB block 7
[  834.792014][ T5236]  loop2: unable to read partition table
[  834.798120][ T5236] loop2: partition table beyond EOD, truncated
[  835.881164][ T5236] Dev loop2: unable to read RDB block 7
[  835.890823][ T5236]  loop2: unable to read partition table
[  835.896681][ T5236] loop2: partition table beyond EOD, truncated
[  836.187660][T14681] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2514'.
[  836.205164][ T5236] Dev loop2: unable to read RDB block 7
[  836.232100][ T5236]  loop2: unable to read partition table
[  836.237401][T14681] binder: 14680:14681 ioctl c018620c 200000000240 returned -22
[  836.297047][ T5236] loop2: partition table beyond EOD, truncated
[  836.306185][   T30] audit: type=1326 audit(1759136331.125:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  836.424775][ T5236] Dev loop2: unable to read RDB block 7
[  836.430987][   T30] audit: type=1326 audit(1759136331.125:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  836.467273][ T5236]  loop2: unable to read partition table
[  836.488200][ T5236] loop2: partition table beyond EOD, truncated
[  836.548818][   T30] audit: type=1326 audit(1759136331.125:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  836.603762][ T5236] Dev loop2: unable to read RDB block 7
[  836.618534][ T5236]  loop2: unable to read partition table
[  836.624531][ T5236] loop2: partition table beyond EOD, truncated
[  836.652107][   T30] audit: type=1326 audit(1759136331.125:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  836.757485][   T30] audit: type=1326 audit(1759136331.125:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  836.895607][   T30] audit: type=1326 audit(1759136331.125:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  836.981097][ T5236] Dev loop2: unable to read RDB block 7
[  836.996966][ T5236]  loop2: unable to read partition table
[  837.006431][ T5236] loop2: partition table beyond EOD, truncated
[  837.014958][   T30] audit: type=1326 audit(1759136331.135:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  837.109671][   T30] audit: type=1326 audit(1759136331.135:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  837.148116][   T30] audit: type=1326 audit(1759136331.135:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  837.229945][   T30] audit: type=1326 audit(1759136331.135:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.7.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b0178eec9 code=0x7ffc0000
[  837.738751][ T5958] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  837.888646][ T5958] usb 3-1: Using ep0 maxpacket: 32
[  837.900108][ T5958] usb 3-1: config 0 interface 0 has no altsetting 0
[  837.910273][ T5958] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  837.921438][ T5958] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  837.939745][ T5958] usb 3-1: Product: syz
[  837.953839][ T5958] usb 3-1: Manufacturer: syz
[  837.959746][ T5958] usb 3-1: SerialNumber: syz
[  837.971025][ T5958] usb 3-1: config 0 descriptor??
[  838.016960][   T24] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  838.328233][   T24] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  838.358019][   T24] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  838.381895][   T24] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  838.411624][   T24] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  838.425100][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.433993][   T24] usb 9-1: Product: syz
[  838.438332][   T24] usb 9-1: Manufacturer: syz
[  838.444980][   T24] usb 9-1: SerialNumber: syz
[  838.623154][ T5958] gs_usb 3-1:0.0: Configuring for 1 interfaces
[  838.649257][   T24] hub 9-1:1.0: bad descriptor, ignoring hub
[  838.659940][   T24] hub 9-1:1.0: probe with driver hub failed with error -5
[  838.921687][   T24] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  840.108158][T14750] netlink: 552 bytes leftover after parsing attributes in process `syz.0.2535'.
[  840.790500][T11229] usb 9-1: USB disconnect, device number 7
[  840.808048][T11229] usblp0: removed
[  840.809587][   T54] usb 3-1: USB disconnect, device number 64
[  840.961776][ T5236] Dev loop2: unable to read RDB block 7
[  841.003144][ T5236]  loop2: unable to read partition table
[  841.013452][ T5236] loop2: partition table beyond EOD, truncated
[  841.254628][T14769] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2540'.
[  841.514162][T14779] netlink: 'syz.3.2541': attribute type 15 has an invalid length.
[  841.522344][T14779] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2541'.
[  841.606374][T14783] netlink: 140 bytes leftover after parsing attributes in process `syz.3.2541'.
[  841.937088][ T5236] Dev loop2: unable to read RDB block 7
[  842.075820][ T5236]  loop2: unable to read partition table
[  842.093401][ T5236] loop2: partition table beyond EOD, truncated
[  842.238673][ T5958] usb 1-1: new low-speed USB device number 80 using dummy_hcd
[  842.318674][ T5236] Dev loop2: unable to read RDB block 7
[  842.336219][ T5236]  loop2: unable to read partition table
[  842.368785][ T5236] loop2: partition table beyond EOD, truncated
[  842.399155][ T5958] usb 1-1: Invalid ep0 maxpacket: 16
[  842.450829][ T5236] Dev loop2: unable to read RDB block 7
[  842.465148][ T5236]  loop2: unable to read partition table
[  842.472129][ T5236] loop2: partition table beyond EOD, truncated
[  842.549066][ T5958] usb 1-1: new low-speed USB device number 81 using dummy_hcd
[  842.798615][ T5958] usb 1-1: Invalid ep0 maxpacket: 16
[  842.806177][ T5958] usb usb1-port1: attempt power cycle
[  843.201941][ T5958] usb 1-1: new low-speed USB device number 82 using dummy_hcd
[  843.290656][ T5958] usb 1-1: Invalid ep0 maxpacket: 16
[  843.488785][ T5958] usb 1-1: new low-speed USB device number 83 using dummy_hcd
[  843.888468][ T5958] usb 1-1: Invalid ep0 maxpacket: 16
[  843.979969][ T5958] usb usb1-port1: unable to enumerate USB device
[  844.628596][   T54] usb 4-1: new full-speed USB device number 64 using dummy_hcd
[  844.725358][ T5236] Dev loop2: unable to read RDB block 7
[  844.748582][ T5236]  loop2: unable to read partition table
[  844.764745][ T5236] loop2: partition table beyond EOD, truncated
[  844.802835][   T54] usb 4-1: unable to get BOS descriptor or descriptor too short
[  844.815580][   T54] usb 4-1: not running at top speed; connect to a high speed hub
[  844.850395][   T54] usb 4-1: config 14 has an invalid interface number: 242 but max is 0
[  844.870053][   T54] usb 4-1: config 14 has no interface number 0
[  844.895531][   T54] usb 4-1: config 14 interface 242 has no altsetting 0
[  844.926451][   T54] usb 4-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=43.0d
[  844.945888][   T54] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.959085][   T54] usb 4-1: Product: syz
[  844.965420][   T54] usb 4-1: Manufacturer: syz
[  844.975538][   T54] usb 4-1: SerialNumber: syz
[  845.148581][   T24] usb 9-1: new full-speed USB device number 8 using dummy_hcd
[  845.320645][   T24] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  845.335136][   T24] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2
[  845.348166][   T24] usb 9-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  845.358026][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.371886][   T24] usb 9-1: config 0 descriptor??
[  845.390041][   T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  845.406516][   T24] dvb-usb: bulk message failed: -22 (3/0)
[  845.423004][   T24] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  845.446255][   T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  845.453891][   T24] usb 9-1: media controller created
[  845.462641][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  845.491716][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  845.498756][T11229] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  845.506183][   T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  845.529756][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input53
[  845.565799][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  845.585349][   T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  845.662894][T11229] usb 1-1: Using ep0 maxpacket: 32
[  845.670695][T11229] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  845.683005][T11229] usb 1-1: config 0 has no interface number 0
[  845.698688][T11229] usb 1-1: config 0 interface 12 has no altsetting 0
[  845.739431][T11229] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  845.742815][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  845.761980][T11229] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.802597][T11229] usb 1-1: Product: syz
[  845.808154][   T24] dvb-usb: error while querying for an remote control event.
[  845.821745][ T5236] Dev loop2: unable to read RDB block 7
[  845.824901][T11229] usb 1-1: Manufacturer: syz
[  845.855192][ T5236]  loop2: unable to read partition table
[  845.857340][T11229] usb 1-1: SerialNumber: syz
[  845.888782][ T5236] loop2: partition table beyond EOD, truncated
[  845.909829][T11229] usb 1-1: config 0 descriptor??
[  846.018489][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  846.049843][   T24] dvb-usb: error while querying for an remote control event.
[  846.555147][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  846.639204][ T5864] Bluetooth: hci3: command 0x0406 tx timeout
[  846.647673][   T24] dvb-usb: error while querying for an remote control event.
[  846.820256][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  846.826054][   T24] dvb-usb: error while querying for an remote control event.
[  846.999008][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  847.005233][   T24] dvb-usb: error while querying for an remote control event.
[  847.164483][   T54] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  847.178617][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  847.184407][   T24] dvb-usb: error while querying for an remote control event.
[  847.205199][   T54] pctv452e: pctv452e_power_ctrl: 1
[  847.205199][   T54] 
[  847.249763][T11229] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  847.258050][T11229] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[  847.278553][   T54] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  847.278553][   T54] 
[  847.291101][T11229] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  847.308661][T11229] f81534 1-1:0.12: probe with driver f81534 failed with error -71
[  847.325858][   T54] dvb-usb: bulk message failed: -22 (5/0)
[  847.327312][T11229] usb 1-1: USB disconnect, device number 84
[  847.376193][   T54] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  847.399365][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  847.431303][   T24] dvb-usb: error while querying for an remote control event.
[  847.471656][   T54] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  847.487267][ T5236] Dev loop2: unable to read RDB block 7
[  847.495456][ T5236]  loop2: unable to read partition table
[  847.504441][ T5236] loop2: partition table beyond EOD, truncated
[  847.522173][   T54] usb 4-1: USB disconnect, device number 64
[  847.638698][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  847.654982][   T24] dvb-usb: error while querying for an remote control event.
[  847.819530][   T54] dvb-usb: bulk message failed: -22 (1/0)
[  847.829238][   T54] dvb-usb: error while querying for an remote control event.
[  847.989225][   T54] dvb-usb: bulk message failed: -22 (1/0)
[  847.995269][   T24] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  848.101909][   T54] dvb-usb: error while querying for an remote control event.
[  848.248224][ T5958] usb 9-1: USB disconnect, device number 8
[  848.261192][   T24] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  848.278529][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  848.294480][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  848.307439][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  848.327057][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  848.373688][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  848.385395][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  848.402322][   T24] usb 4-1: config 0 descriptor??
[  848.463177][T14871] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  848.496971][ T5958] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  848.595835][ T5236] Dev loop2: unable to read RDB block 7
[  848.606318][ T5236]  loop2: unable to read partition table
[  848.626767][ T5236] loop2: partition table beyond EOD, truncated
[  848.714148][T14275] IPVS: starting estimator thread 0...
[  848.790638][ T5236] Dev loop2: unable to read RDB block 7
[  848.811324][ T5236]  loop2: unable to read partition table
[  848.812777][T14887] IPVS: using max 50 ests per chain, 120000 per kthread
[  848.895364][ T5236] loop2: partition table beyond EOD, truncated
[  848.909112][T14871] net_ratelimit: 226 callbacks suppressed
[  848.909124][T14871] netlink: zone id is out of range
[  848.930997][T14871] netlink: zone id is out of range
[  848.945321][T14871] netlink: zone id is out of range
[  848.978195][T14871] netlink: zone id is out of range
[  849.154065][T14871] netlink: zone id is out of range
[  849.207266][   T24] plantronics 0003:047F:FFFF.001E: reserved main item tag 0xd
[  849.225096][   T24] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  849.310002][T14871] netlink: zone id is out of range
[  849.340040][T14871] netlink: zone id is out of range
[  849.418515][T14871] netlink: zone id is out of range
[  849.433921][T14871] netlink: zone id is out of range
[  849.444498][T14871] netlink: zone id is out of range
[  849.705696][ T5236] Dev loop2: unable to read RDB block 7
[  849.718166][ T5236]  loop2: unable to read partition table
[  849.745130][ T5236] loop2: partition table beyond EOD, truncated
[  850.780227][ T5958] usb 4-1: reset high-speed USB device number 65 using dummy_hcd
[  850.803909][ T5236] Dev loop2: unable to read RDB block 7
[  850.813204][ T5236]  loop2: unable to read partition table
[  850.819709][ T5236] loop2: partition table beyond EOD, truncated
[  850.846811][T14908] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2574'.
[  851.068545][ T5236] Dev loop2: unable to read RDB block 7
[  851.078339][ T5236]  loop2: unable to read partition table
[  851.095870][ T5236] loop2: partition table beyond EOD, truncated
[  851.159022][ T5958] usb 4-1: device descriptor read/64, error -71
[  851.428940][ T5958] usb 4-1: reset high-speed USB device number 65 using dummy_hcd
[  851.446574][ T5958] usb 4-1: device reset changed ep0 maxpacket size!
[  851.473040][T11229] usb 4-1: USB disconnect, device number 65
[  851.778499][T11229] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  851.976064][T11229] usb 4-1: Using ep0 maxpacket: 32
[  852.020557][T11229] usb 4-1: config 0 interface 0 has no altsetting 0
[  852.040522][T11229] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  852.074254][T11229] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  852.093710][T11229] usb 4-1: Product: syz
[  852.103876][T11229] usb 4-1: Manufacturer: syz
[  852.114050][T11229] usb 4-1: SerialNumber: syz
[  852.149149][T11229] usb 4-1: config 0 descriptor??
[  852.237558][ T5236] Dev loop2: unable to read RDB block 7
[  852.276229][ T5236]  loop2: unable to read partition table
[  852.292548][ T5236] loop2: partition table beyond EOD, truncated
[  852.304467][T14921] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2581'.
[  852.404260][ T5236] Dev loop2: unable to read RDB block 7
[  852.415688][ T5236]  loop2: unable to read partition table
[  852.439201][ T5236] loop2: partition table beyond EOD, truncated
[  852.565484][   T24] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  852.565630][T11229] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  852.744850][   T24] usb 9-1: Using ep0 maxpacket: 32
[  852.745177][T14931] FAULT_INJECTION: forcing a failure.
[  852.745177][T14931] name failslab, interval 1, probability 0, space 0, times 0
[  852.757435][   T24] usb 9-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  852.793130][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  852.794208][T14931] CPU: 0 UID: 0 PID: 14931 Comm: syz.0.2585 Not tainted syzkaller #0 PREEMPT(full) 
[  852.794234][T14931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  852.794246][T14931] Call Trace:
[  852.794254][T14931]  <TASK>
[  852.794262][T14931]  dump_stack_lvl+0x189/0x250
[  852.794287][T14931]  ? __pfx____ratelimit+0x10/0x10
[  852.794307][T14931]  ? __pfx_dump_stack_lvl+0x10/0x10
[  852.794327][T14931]  ? __pfx__printk+0x10/0x10
[  852.794363][T14931]  ? __lock_acquire+0xab9/0xd20
[  852.794394][T14931]  should_fail_ex+0x414/0x560
[  852.794425][T14931]  should_failslab+0xa8/0x100
[  852.794452][T14931]  __kmalloc_cache_noprof+0x70/0x3d0
[  852.794475][T14931]  ? inet6_dump_fib+0x319/0xa10
[  852.794498][T14931]  inet6_dump_fib+0x319/0xa10
[  852.794518][T14931]  ? inet6_dump_fib+0x11a/0xa10
[  852.794537][T14931]  ? __pfx_inet6_dump_fib+0x10/0x10
[  852.794552][T14931]  ? inet_dump_fib+0x124/0x8e0
[  852.794592][T14931]  ? __pfx_inet6_dump_fib+0x10/0x10
[  852.794608][T14931]  rtnl_dump_all+0x325/0x550
[  852.794638][T14931]  ? __pfx_rtnl_dump_all+0x10/0x10
[  852.794657][T14931]  rtnl_dumpit+0x9f/0x200
[  852.794680][T14931]  netlink_dump+0x6e4/0xe90
[  852.794712][T14931]  ? __pfx_netlink_dump+0x10/0x10
[  852.794759][T14931]  netlink_recvmsg+0x676/0xa30
[  852.794788][T14931]  ? __pfx_netlink_recvmsg+0x10/0x10
[  852.794806][T14931]  ? irqentry_exit+0x74/0x90
[  852.794823][T14931]  ? exc_page_fault+0x9f/0xf0
[  852.794852][T14931]  ? __pfx_netlink_recvmsg+0x10/0x10
[  852.794872][T14931]  sock_recvmsg_nosec+0x186/0x1c0
[  852.794895][T14931]  ____sys_recvmsg+0x3aa/0x460
[  852.794927][T14931]  ? __pfx_____sys_recvmsg+0x10/0x10
[  852.794965][T14931]  ? import_iovec+0x74/0xa0
[  852.794992][T14931]  ___sys_recvmsg+0x1b5/0x510
[  852.795020][T14931]  ? __pfx____sys_recvmsg+0x10/0x10
[  852.795069][T14931]  ? __pfx_set_normalized_timespec64+0x10/0x10
[  852.795105][T14931]  do_recvmmsg+0x307/0x770
[  852.795137][T14931]  ? __pfx_do_recvmmsg+0x10/0x10
[  852.795173][T14931]  ? _copy_from_user+0x94/0xb0
[  852.795213][T14931]  __x64_sys_recvmmsg+0x1af/0x240
[  852.795238][T14931]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  852.795267][T14931]  ? do_syscall_64+0xbe/0x3b0
[  852.795291][T14931]  do_syscall_64+0xfa/0x3b0
[  852.795311][T14931]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.795328][T14931]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  852.795350][T14931]  ? clear_bhb_loop+0x60/0xb0
[  852.795371][T14931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.795388][T14931] RIP: 0033:0x7fd90898eec9
[  852.795404][T14931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  852.795419][T14931] RSP: 002b:00007fd909764038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  852.795438][T14931] RAX: ffffffffffffffda RBX: 00007fd908be5fa0 RCX: 00007fd90898eec9
[  852.795451][T14931] RDX: 0400000000000ec0 RSI: 0000200000002ec0 RDI: 0000000000000003
[  852.795463][T14931] RBP: 00007fd909764090 R08: 00002000000001c0 R09: 0000000000000000
[  852.795475][T14931] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[  852.795486][T14931] R13: 00007fd908be6038 R14: 00007fd908be5fa0 R15: 00007fd908d0fa28
[  852.795517][T14931]  </TASK>
[  853.092396][T11229] gs_usb 4-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  853.215881][   T24] usb 9-1: Product: syz
[  853.264373][T11229] gs_usb 4-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[  853.303528][T11229] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71
[  853.318581][   T24] usb 9-1: Manufacturer: syz
[  853.324441][ T5236] Dev loop2: unable to read RDB block 7
[  853.324579][   T24] usb 9-1: SerialNumber: syz
[  853.338593][ T5236]  loop2: unable to read partition table
[  853.341228][   T24] usb 9-1: config 0 descriptor??
[  853.358339][   T24] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  853.386893][ T5236] loop2: partition table beyond EOD, truncated
[  853.416868][T11229] usb 4-1: USB disconnect, device number 66
[  853.792034][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  853.792051][   T30] audit: type=1326 audit(1759136348.625:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14940 comm="syz.2.2587" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17fed8eec9 code=0x0
[  853.823917][   T24] gspca_stk1135: reg_w 0x0 err -71
[  853.849623][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  853.938456][   T24] gspca_stk1135: Sensor write failed
[  853.965932][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  853.984875][   T24] gspca_stk1135: Sensor write failed
[  854.035481][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  854.066747][   T24] gspca_stk1135: Sensor read failed
[  854.093563][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  854.478489][   T24] gspca_stk1135: Sensor read failed
[  854.483728][   T24] gspca_stk1135: Detected sensor type unknown (0x0)
[  854.508526][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  854.541400][   T24] gspca_stk1135: Sensor read failed
[  854.546653][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  854.578509][   T24] gspca_stk1135: Sensor read failed
[  854.583951][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  854.621129][   T24] gspca_stk1135: Sensor write failed
[  854.679565][T14966] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2592'.
[  854.807584][   T24] gspca_stk1135: serial bus timeout: status=0x00
[  855.008789][   T24] gspca_stk1135: Sensor write failed
[  855.014218][   T24] stk1135 9-1:0.0: probe with driver stk1135 failed with error -71
[  855.717644][   T24] usb 9-1: USB disconnect, device number 9
[  856.295040][T14950] bond0 (unregistering): left promiscuous mode
[  856.358224][T14950] bond_slave_0: left promiscuous mode
[  856.368548][T14950] bond_slave_1: left promiscuous mode
[  856.378086][T14950] batadv0: left promiscuous mode
[  856.532477][T14950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  856.590764][T14980] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2596'.
[  856.888813][T14950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  856.974501][T14950] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  857.052114][T14950] bond0 (unregistering): Released all slaves
[  857.741101][ T5236] Dev loop2: unable to read RDB block 7
[  857.747163][ T5236]  loop2: unable to read partition table
[  857.797454][ T5236] loop2: partition table beyond EOD, truncated
[  858.035655][ T5236] Dev loop2: unable to read RDB block 7
[  858.052997][ T5236]  loop2: unable to read partition table
[  858.102340][ T5236] loop2: partition table beyond EOD, truncated
[  858.291599][T15006] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(7)
[  858.298281][T15006] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  858.516982][T15006] vhci_hcd vhci_hcd.0: Device attached
[  858.591207][T15012] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  858.597746][T15012] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  858.690177][T15012] vhci_hcd vhci_hcd.0: Device attached
[  858.788575][ T5944] usb 47-1: new high-speed USB device number 2 using vhci_hcd
[  859.028627][T11229] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  859.140353][T15007] vhci_hcd: connection reset by peer
[  859.191259][   T48] vhci_hcd: stop threads
[  859.195531][   T48] vhci_hcd: release socket
[  859.228927][   T48] vhci_hcd: disconnect device
[  860.216878][T15013] vhci_hcd: connection reset by peer
[  860.229186][ T9857] vhci_hcd: stop threads
[  860.233608][ T9857] vhci_hcd: release socket
[  860.261192][ T9857] vhci_hcd: disconnect device
[  860.312704][ T5236] Dev loop2: unable to read RDB block 7
[  860.318288][ T5236]  loop2: unable to read partition table
[  860.458693][ T5236] loop2: partition table beyond EOD, truncated
[  860.613654][   T24] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  860.840656][   T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  860.858515][   T24] usb 3-1: config 0 has no interface number 0
[  860.875053][   T24] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  860.989334][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  861.051367][   T24] usb 3-1: config 0 descriptor??
[  861.157692][   T24] cp210x 3-1:0.1: cp210x converter detected
[  861.960122][   T24] cp210x 3-1:0.1: failed to get vendor val 0x000e size 3: -32
[  862.241689][   T24] usb 3-1: cp210x converter now attached to ttyUSB0
[  862.446911][   T24] usb 3-1: USB disconnect, device number 65
[  862.475703][T14107] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  862.475932][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  862.520942][T14107] hid-generic 0000:0000:0000.001F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  862.537400][T15067] netlink: 'syz.0.2620': attribute type 15 has an invalid length.
[  862.545601][T15067] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2620'.
[  862.679329][T15069] netlink: 140 bytes leftover after parsing attributes in process `syz.0.2620'.
[  863.096407][   T24] cp210x 3-1:0.1: device disconnected
[  863.177547][ T5236] Dev loop2: unable to read RDB block 7
[  863.200921][ T5236]  loop2: unable to read partition table
[  863.218707][ T5236] loop2: partition table beyond EOD, truncated
[  864.318714][ T5944] vhci_hcd: vhci_device speed not set
[  864.348991][T11229] vhci_hcd: vhci_device speed not set
[  864.448645][   T24] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  864.478558][ T5236] Dev loop2: unable to read RDB block 7
[  864.493127][ T5236]  loop2: unable to read partition table
[  864.529056][ T5236] loop2: partition table beyond EOD, truncated
[  864.843776][T15087] Failed to get privilege flags for destination (handle=0x2:0x0)
[  865.323270][T15099] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  865.796941][T15106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  865.849558][T15106] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  865.987856][T15085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  866.018217][T15085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  866.028742][ T5867] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  866.041196][T15085] bond0 (unregistering): Released all slaves
[  866.080725][T15106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  866.097380][T15106] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  866.113790][ T5236] Dev loop2: unable to read RDB block 7
[  866.123880][ T5236]  loop2: unable to read partition table
[  866.136328][ T5236] loop2: partition table beyond EOD, truncated
[  866.213416][ T5867] usb 4-1: unable to get BOS descriptor or descriptor too short
[  866.256978][ T5867] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  866.297347][ T5236] Dev loop2: unable to read RDB block 7
[  866.309170][ T5867] usb 4-1: string descriptor 0 read error: -22
[  866.322408][ T5236]  loop2: unable to read partition table
[  866.334850][ T5867] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  866.348682][ T5236] loop2: partition table beyond EOD, truncated
[  866.362239][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  866.662443][ T5867] usb 4-1: reset high-speed USB device number 67 using dummy_hcd
[  867.398496][ T5944] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  867.530258][ T5867] usb 4-1: USB disconnect, device number 67
[  867.589864][ T5944] usb 1-1: Using ep0 maxpacket: 16
[  867.603106][ T5944] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[  867.651885][ T5944] usb 1-1: config 0 has no interface number 0
[  867.677379][ T5944] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  867.695921][ T5944] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  867.714550][ T5944] usb 1-1: config 0 interface 41 has no altsetting 0
[  867.724776][ T5944] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  867.736924][ T5944] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  867.746248][ T5944] usb 1-1: Product: syz
[  867.755213][ T5944] usb 1-1: Manufacturer: syz
[  867.762429][ T5944] usb 1-1: SerialNumber: syz
[  867.854544][ T5944] usb 1-1: config 0 descriptor??
[  867.871489][T15132] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  867.879249][T15132] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  868.099128][T15132] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  868.113753][T15132] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  868.738342][ T5944] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  868.862343][T15143] netlink: 'syz.7.2645': attribute type 10 has an invalid length.
[  869.332085][T15147] 8021q: adding VLAN 0 to HW filter on device bond0
[  869.679537][ T5236] Dev loop2: unable to read RDB block 7
[  869.685158][ T5236]  loop2: unable to read partition table
[  869.692611][ T5236] loop2: partition table beyond EOD, truncated
[  869.848702][T15166] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2651'.
[  869.877073][T15166] bond0: entered promiscuous mode
[  869.893774][T15166] bond_slave_0: entered promiscuous mode
[  869.900348][T15166] bond_slave_1: entered promiscuous mode
[  869.916099][T15168] netlink: 'syz.3.2650': attribute type 15 has an invalid length.
[  869.924093][T15168] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2650'.
[  870.003183][T15166] batadv0: entered promiscuous mode
[  870.043735][ T5944] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Error reading RX_CTL register:ffffffb9
[  870.077700][ T5944] CoreChips 1-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9
[  870.093461][T15166] bond0: left promiscuous mode
[  870.107985][T15166] bond_slave_0: left promiscuous mode
[  870.115679][T15166] bond_slave_1: left promiscuous mode
[  870.128738][ T5944] CoreChips 1-1:0.41: probe with driver CoreChips failed with error -71
[  870.128786][T15166] batadv0: left promiscuous mode
[  870.170905][T15172] netlink: 140 bytes leftover after parsing attributes in process `syz.3.2650'.
[  870.180095][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  870.180191][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  870.201866][ T5944] usb 1-1: USB disconnect, device number 85
[  870.361734][ T5236] Dev loop2: unable to read RDB block 7
[  870.367463][ T5236]  loop2: unable to read partition table
[  870.385759][T15180] netlink: 'syz.7.2653': attribute type 15 has an invalid length.
[  870.394092][T15180] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2653'.
[  870.413906][ T5236] loop2: partition table beyond EOD, truncated
[  870.585995][T15181] netlink: 140 bytes leftover after parsing attributes in process `syz.7.2653'.
[  870.924479][T15187] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  871.334139][T15193] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2657'.
[  871.748728][ T5944] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  872.020404][ T5944] usb 4-1: Using ep0 maxpacket: 16
[  872.078886][ T5944] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  872.087163][ T5944] usb 4-1: config 0 has no interface number 0
[  872.093636][ T5944] usb 4-1: too many endpoints for config 0 interface 41 altsetting 2: 171, using maximum allowed: 30
[  872.135166][T15211] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2663'.
[  872.163684][ T5944] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  872.174142][ T5944] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  872.206061][ T5944] usb 4-1: config 0 interface 41 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 171
[  872.269135][ T5944] usb 4-1: config 0 interface 41 has no altsetting 0
[  872.281239][ T5944] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  872.290856][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  872.300443][ T5944] usb 4-1: Product: syz
[  872.305911][ T5944] usb 4-1: Manufacturer: syz
[  872.315921][ T5944] usb 4-1: SerialNumber: syz
[  872.329226][ T5944] usb 4-1: config 0 descriptor??
[  872.336220][T15197] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  872.344011][T15197] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  872.554973][T15197] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  872.565474][T15197] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  873.187385][ T5944] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffea
[  873.838134][T15228] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2666'.
[  873.863714][T15214] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  874.007332][T15214] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  874.068259][T15214] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  874.104988][T15214] bond0 (unregistering): Released all slaves
[  874.443288][ T5236] Dev loop2: unable to read RDB block 7
[  874.460563][ T5236]  loop2: unable to read partition table
[  874.504266][ T5236] loop2: partition table beyond EOD, truncated
[  874.702799][ T5236] Dev loop2: unable to read RDB block 7
[  874.727444][ T5236]  loop2: unable to read partition table
[  874.745495][ T5236] loop2: partition table beyond EOD, truncated
[  874.757829][ T5944] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  874.811018][ T5944] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to power down PHY : -71
[  874.854342][ T5944] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71
[  874.925862][ T5944] usb 4-1: USB disconnect, device number 68
[  874.992139][ T5236] Dev loop2: unable to read RDB block 7
[  874.997804][T14107] IPVS: starting estimator thread 0...
[  875.049293][ T5236]  loop2: unable to read partition table
[  875.076719][ T5236] loop2: partition table beyond EOD, truncated
[  875.122466][T15253] IPVS: using max 27 ests per chain, 64800 per kthread
[  875.213657][ T5236] Dev loop2: unable to read RDB block 7
[  875.223111][ T5236]  loop2: unable to read partition table
[  875.237638][ T5236] loop2: partition table beyond EOD, truncated
[  875.425272][ T5944] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  875.577864][ T5236] Dev loop2: unable to read RDB block 7
[  875.589073][ T5236]  loop2: unable to read partition table
[  875.600565][ T5944] usb 9-1: config index 0 descriptor too short (expected 23569, got 27)
[  875.621483][ T5236] loop2: partition table beyond EOD, truncated
[  875.628510][ T5944] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  875.686444][ T5944] usb 9-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  875.719846][ T5944] usb 9-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  875.755942][ T5944] usb 9-1: Manufacturer: syz
[  875.791934][ T5944] usb 9-1: config 0 descriptor??
[  876.378509][ T5944] rc_core: IR keymap rc-hauppauge not found
[  876.397818][ T5944] Registered IR keymap rc-empty
[  876.413432][ T5944] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[  876.505812][ T5944] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input58
[  877.177784][ T5944] usb 9-1: USB disconnect, device number 10
[  878.738494][   T24] usb 1-1: new full-speed USB device number 86 using dummy_hcd
[  879.193944][   T24] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  879.208437][   T24] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  879.245725][   T24] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  879.245911][ T5236] Dev loop2: unable to read RDB block 7
[  879.270706][ T5236]  loop2: unable to read partition table
[  879.287520][ T5236] loop2: partition table beyond EOD, truncated
[  879.326857][   T24] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  879.444943][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  879.614366][   T24] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  879.768768][T14107] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  880.056596][T14107] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  880.071943][T14107] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  880.141735][T15313] syzkaller0: entered promiscuous mode
[  880.147465][T15313] syzkaller0: entered allmulticast mode
[  880.176580][T15314] sock: sock_timestamping_bind_phc: sock not bind to device
[  880.217419][T14107] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  880.247012][T14107] usb 3-1: config 1 has no interface number 1
[  880.285193][T14107] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  880.344598][T14107] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  880.471838][T14107] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  880.538096][T14107] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  880.602575][T14107] usb 3-1: Product: syz
[  880.625435][T14107] usb 3-1: Manufacturer: syz
[  880.666300][T14107] usb 3-1: SerialNumber: syz
[  880.940504][T15300] trusted_key: syz.2.2689 sent an empty control message without MSG_MORE.
[  880.973681][T14107] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  880.981545][T14107] usb 3-1: MIDIStreaming interface descriptor not found
[  881.145863][T14107] usb 3-1: USB disconnect, device number 67
[  881.233896][T11229] usb 1-1: USB disconnect, device number 86
[  881.369821][T12538] udevd[12538]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  881.519351][T15327] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2697'.
[  881.593619][ T5236] Dev loop2: unable to read RDB block 7
[  881.604782][ T5236]  loop2: unable to read partition table
[  881.620637][ T5236] loop2: partition table beyond EOD, truncated
[  881.942987][T14107] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  882.157040][T14107] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  882.168337][T14107] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  882.321666][T14107] usb 3-1: Product: syz
[  882.325882][T14107] usb 3-1: Manufacturer: syz
[  882.332074][T14107] usb 3-1: SerialNumber: syz
[  882.379373][T14107] usb 3-1: config 0 descriptor??
[  882.403743][T14107] hso 3-1:0.0: Not our interface
[  882.410130][T14107] usb-storage 3-1:0.0: USB Mass Storage device detected
[  882.611597][T14107] usb 3-1: USB disconnect, device number 68
[  883.222145][ T5236] Dev loop2: unable to read RDB block 7
[  883.232860][ T5236]  loop2: unable to read partition table
[  883.242662][ T5236] loop2: partition table beyond EOD, truncated
[  883.404819][ T5236] Dev loop2: unable to read RDB block 7
[  883.420054][ T5236]  loop2: unable to read partition table
[  883.426913][ T5236] loop2: partition table beyond EOD, truncated
[  884.497906][T15353] netlink: 'syz.3.2704': attribute type 1 has an invalid length.
[  884.641279][T15353] 8021q: adding VLAN 0 to HW filter on device bond0
[  884.862690][T15361] netlink: 140 bytes leftover after parsing attributes in process `syz.8.2706'.
[  885.005845][ T5236] Dev loop2: unable to read RDB block 7
[  885.014931][ T5236]  loop2: unable to read partition table
[  885.026490][ T5236] loop2: partition table beyond EOD, truncated
[  885.234044][   T30] audit: type=1326 audit(1759136380.045:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  885.408784][T11229] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  885.470402][ T5236] Dev loop2: unable to read RDB block 7
[  885.487312][ T5236]  loop2: unable to read partition table
[  885.504997][   T30] audit: type=1326 audit(1759136380.055:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  885.552618][ T5236] loop2: partition table beyond EOD, truncated
[  885.560948][T15380] binder: BINDER_SET_CONTEXT_MGR already set
[  885.598188][   T30] audit: type=1326 audit(1759136380.055:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  885.637794][T11229] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  885.638826][T15380] binder: 15378:15380 ioctl 4018620d 2000000000c0 returned -16
[  885.649034][T11229] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  885.675372][   T30] audit: type=1326 audit(1759136380.055:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  885.698514][T11229] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  885.707584][T11229] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.716015][   T30] audit: type=1326 audit(1759136380.055:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  885.740327][   T30] audit: type=1326 audit(1759136380.055:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  885.763821][T11229] usb 1-1: config 0 descriptor??
[  885.774053][T11229] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  885.901751][   T30] audit: type=1326 audit(1759136380.055:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  885.961596][ T5236] Dev loop2: unable to read RDB block 7
[  885.967300][ T5236]  loop2: unable to read partition table
[  885.973370][   T30] audit: type=1326 audit(1759136380.055:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  885.985193][ T5236] loop2: partition table beyond EOD, truncated
[  886.048155][   T30] audit: type=1326 audit(1759136380.055:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  886.213408][   T30] audit: type=1326 audit(1759136380.055:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15368 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b178eec9 code=0x7ffc0000
[  886.236031][    C0] vkms_vblank_simulate: vblank timer overrun
[  886.287989][ T5236] Dev loop2: unable to read RDB block 7
[  886.294796][ T5236]  loop2: unable to read partition table
[  886.316256][ T5236] loop2: partition table beyond EOD, truncated
[  886.845418][T15407] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2721'.
[  886.867742][T15405] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2710'.
[  886.986631][ T5236] Dev loop2: unable to read RDB block 7
[  886.992646][ T5236]  loop2: unable to read partition table
[  887.098318][ T5236] loop2: partition table beyond EOD, truncated
[  887.527109][ T5236] Dev loop2: unable to read RDB block 7
[  887.573625][ T5236]  loop2: unable to read partition table
[  887.872479][ T5236] loop2: partition table beyond EOD, truncated
[  888.479174][T14107] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  888.761783][T15432] netlink: 92 bytes leftover after parsing attributes in process `syz.7.2726'.
[  888.788473][T14107] usb 3-1: Using ep0 maxpacket: 8
[  888.805515][T14107] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  888.834647][T14107] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  888.846263][T15432] netlink: 92 bytes leftover after parsing attributes in process `syz.7.2726'.
[  888.890026][T14107] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  888.978426][T14107] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  889.052563][T14107] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  889.111282][T14107] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  889.229912][T14107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  889.605985][T15448] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  889.710686][T11229] usb 4-1: new full-speed USB device number 69 using dummy_hcd
[  889.718539][T14107] usb 3-1: GET_CAPABILITIES returned 0
[  889.724271][T14107] usbtmc 3-1:16.0: can't read capabilities
[  889.859181][T15454] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2735'.
[  889.900645][T11229] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  889.921436][T11229] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  889.982174][   T24] usb 1-1: USB disconnect, device number 87
[  889.988802][T11229] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  890.037720][T11229] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  890.158962][T11229] usb 4-1: config 0 descriptor??
[  890.231493][T11229] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  890.303739][T15463] loop6: detected capacity change from 0 to 7
[  890.313990][T11229] dvb-usb: bulk message failed: -22 (3/0)
[  890.342744][T11229] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  890.376924][T11229] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  890.385242][T15463] Dev loop6: unable to read RDB block 7
[  890.794632][T15463]  loop6: AHDI p3 p4
[  890.818629][T15463] loop6: partition table partially beyond EOD, truncated
[  890.869110][T11229] usb 4-1: media controller created
[  890.887176][T11229] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  890.890892][T15463] loop6: p3 start 536870936 is beyond EOD, truncated
[  890.946128][T11229] dvb-usb: bulk message failed: -22 (6/0)
[  890.998508][T11229] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  891.017217][T15446] dvb-usb: bulk message failed: -22 (2/0)
[  891.050268][T11229] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input59
[  891.137398][T11229] dvb-usb: schedule remote query interval to 150 msecs.
[  891.163628][T11229] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  891.263291][T11229] usb 4-1: USB disconnect, device number 69
[  891.380284][T11229] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  892.158613][T11229] usb 4-1: new full-speed USB device number 70 using dummy_hcd
[  892.341245][T11229] usb 4-1: config 4 has an invalid interface number: 9 but max is 0
[  892.354983][T11229] usb 4-1: config 4 has no interface number 0
[  892.381519][T11229] usb 4-1: New USB device found, idVendor=0733, idProduct=0430, bcdDevice=d7.0c
[  892.408606][T11229] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  892.437577][T11229] usb 4-1: Product: syz
[  892.447708][T11229] usb 4-1: Manufacturer: syz
[  892.468899][T11229] usb 4-1: SerialNumber: syz
[  892.508075][T11229] gspca_main: spca505-2.14.0 probing 0733:0430
[  892.946016][T15498] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  893.219388][T15503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  893.289492][T11229] gspca_spca505: reg write: error -110
[  893.295032][T11229] spca505 4-1:4.9: probe with driver spca505 failed with error -5
[  893.310058][T15503] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  893.659962][T11229] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  893.818515][T11229] usb 1-1: device descriptor read/64, error -71
[  894.028499][ T5958] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  894.068796][T11229] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  894.198470][ T5958] usb 9-1: Using ep0 maxpacket: 32
[  894.208509][T11229] usb 1-1: device descriptor read/64, error -71
[  894.220273][ T5958] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  894.246540][ T5958] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  894.272405][ T5958] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  894.306446][ T5958] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.322931][ T5958] usb 9-1: config 0 descriptor??
[  894.345198][ T5958] hub 9-1:0.0: USB hub found
[  894.350517][T11229] usb usb1-port1: attempt power cycle
[  894.543671][ T5958] hub 9-1:0.0: 1 port detected
[  894.708494][T11229] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  894.749886][T11229] usb 1-1: device descriptor read/8, error -71
[  894.951542][T15427] usbtmc 3-1:16.0: usb_control_msg returned -110
[  894.998863][T11229] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  895.025194][ T5977] usb 4-1: USB disconnect, device number 70
[  895.032945][T11229] usb 1-1: device descriptor read/8, error -71
[  895.141130][T14107] usb 3-1: USB disconnect, device number 69
[  895.167345][ T5958] hub 9-1:0.0: activate --> -90
[  895.194819][T11229] usb usb1-port1: unable to enumerate USB device
[  895.228170][ T5236] Dev loop2: unable to read RDB block 7
[  895.268805][ T5236]  loop2: unable to read partition table
[  895.286158][ T5236] loop2: partition table beyond EOD, truncated
[  895.381849][ T5867] hub 9-1:0.0: hub_ext_port_status failed (err = -71)
[  895.391243][ T5867] usb 9-1: Failed to suspend device, error -71
[  895.405714][T14274] usb 9-1: USB disconnect, device number 11
[  895.557871][ T5236] Dev loop2: unable to read RDB block 7
[  895.577117][ T5236]  loop2: unable to read partition table
[  895.591638][ T5236] loop2: partition table beyond EOD, truncated
[  895.692718][ T5236] Dev loop2: unable to read RDB block 7
[  895.698341][ T5236]  loop2: unable to read partition table
[  895.717555][ T5236] loop2: partition table beyond EOD, truncated
[  895.791503][T15524] net_ratelimit: 171 callbacks suppressed
[  895.791520][T15524] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  896.010542][ T5236] Dev loop2: unable to read RDB block 7
[  896.016165][ T5236]  loop2: unable to read partition table
[  896.070248][ T5236] loop2: partition table beyond EOD, truncated
[  896.290951][ T5236] Dev loop2: unable to read RDB block 7
[  896.296584][ T5236]  loop2: unable to read partition table
[  896.337545][ T5236] loop2: partition table beyond EOD, truncated
[  896.474739][T12757] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  896.497391][T12757] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  896.510420][T12757] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  896.532305][T12757] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  896.540213][T12757] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  897.071478][ T5867] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  897.228518][ T5867] usb 1-1: Using ep0 maxpacket: 32
[  897.256163][ T5867] usb 1-1: config 0 has an invalid interface number: 115 but max is 0
[  897.275998][ T5867] usb 1-1: config 0 has no interface number 0
[  897.305527][ T5867] usb 1-1: config 0 interface 115 has no altsetting 0
[  897.324848][ T5867] usb 1-1: New USB device found, idVendor=5032, idProduct=0fa0, bcdDevice=c1.79
[  897.355177][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.372676][  T997] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  897.412340][ T5867] usb 1-1: Product: syz
[  897.417950][ T5867] usb 1-1: Manufacturer: syz
[  897.420328][  T997] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  897.424974][ T5867] usb 1-1: SerialNumber: syz
[  897.510098][ T5867] usb 1-1: config 0 descriptor??
[  897.550013][ T5867] dvb-usb: found a 'Grandtec USB1.1 DVB-T' in cold state, will try to load a firmware
[  897.618324][ T5867] usb 1-1: Direct firmware load for dvb-usb-dibusb-5.0.0.11.fw failed with error -2
[  897.683140][ T5867] usb 1-1: Falling back to sysfs fallback for: dvb-usb-dibusb-5.0.0.11.fw
[  897.700606][ T5923] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  897.833313][  T997] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  897.847538][T15546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  897.856038][  T997] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  897.872885][ T5923] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  897.888750][T15546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  897.903247][ T5923] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  897.936440][ T5923] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  897.961985][ T5923] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.001448][ T5923] usb 9-1: config 0 descriptor??
[  898.202858][  T997] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  898.213898][  T997] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  898.271829][T15540] chnl_net:caif_netlink_parms(): no params data found
[  898.331022][  T997] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  898.343194][  T997] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  898.370083][ T5236] Dev loop2: unable to read RDB block 7
[  898.400703][ T5236]  loop2: unable to read partition table
[  898.409058][ T5236] loop2: partition table beyond EOD, truncated
[  898.434900][ T5923] cp2112 0003:10C4:EA90.0020: unknown main item tag 0x0
[  898.443344][ T5923] cp2112 0003:10C4:EA90.0020: unknown main item tag 0x0
[  898.462226][ T5923] cp2112 0003:10C4:EA90.0020: unknown main item tag 0x0
[  898.497969][ T5923] cp2112 0003:10C4:EA90.0020: unknown main item tag 0x0
[  898.536116][ T5923] cp2112 0003:10C4:EA90.0020: unknown main item tag 0x0
[  898.564100][ T5923] cp2112 0003:10C4:EA90.0020: unknown main item tag 0x0
[  898.576074][ T5923] cp2112 0003:10C4:EA90.0020: unknown main item tag 0x0
[  898.628559][T12757] Bluetooth: hci5: command tx timeout
[  898.648979][ T5923] cp2112 0003:10C4:EA90.0020: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0
[  898.967471][T15540] bridge0: port 1(bridge_slave_0) entered blocking state
[  898.975003][T15540] bridge0: port 1(bridge_slave_0) entered disabled state
[  898.988104][T15540] bridge_slave_0: entered allmulticast mode
[  899.007486][T15540] bridge_slave_0: entered promiscuous mode
[  899.053281][ T5923] cp2112 0003:10C4:EA90.0020: Part Number: 0x00 Device Version: 0x00
[  899.168603][T15540] bridge0: port 2(bridge_slave_1) entered blocking state
[  899.176062][T15540] bridge0: port 2(bridge_slave_1) entered disabled state
[  899.191188][T15540] bridge_slave_1: entered allmulticast mode
[  899.202304][T15540] bridge_slave_1: entered promiscuous mode
[  899.615258][T15540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  899.662616][T15570] cp2112 0003:10C4:EA90.0020: Unsupported transaction 0
[  899.672631][T15570] cp2112 0003:10C4:EA90.0020: Error starting transaction: -38
[  899.740474][  T997] bridge_slave_1: left allmulticast mode
[  899.757619][  T997] bridge_slave_1: left promiscuous mode
[  899.851015][  T997] bridge0: port 2(bridge_slave_1) entered disabled state
[  899.908040][  T997] bridge_slave_0: left allmulticast mode
[  899.932815][  T997] bridge_slave_0: left promiscuous mode
[  899.947812][  T997] bridge0: port 1(bridge_slave_0) entered disabled state
[  899.973470][  T997] veth0_to_bond: left allmulticast mode
[  899.985582][  T997] veth0_to_bond: left promiscuous mode
[  900.000653][  T997] bridge1: port 1(veth0_to_bond) entered disabled state
[  900.708739][T12757] Bluetooth: hci5: command tx timeout
[  901.734938][ T5923] cp2112 0003:10C4:EA90.0020: error reading lock byte: -71
[  901.801877][ T5923] usb 9-1: USB disconnect, device number 12
[  902.245598][ T5236] Dev loop2: unable to read RDB block 7
[  902.254000][ T5236]  loop2: unable to read partition table
[  902.262693][ T5236] loop2: partition table beyond EOD, truncated
[  902.788591][T12757] Bluetooth: hci5: command tx timeout
[  903.336612][  T997] bond1 (unregistering): (slave bond2): Releasing backup interface
[  903.345751][ T5236] Dev loop2: unable to read RDB block 7
[  903.354939][  T997] bond2 (unregistering): left promiscuous mode
[  903.365539][ T5236]  loop2: unable to read partition table
[  903.375475][ T5236] loop2: partition table beyond EOD, truncated
[  903.383765][  T997] bond1 (unregistering): Released all slaves
[  903.493899][ T5236] Dev loop2: unable to read RDB block 7
[  903.501155][ T5236]  loop2: unable to read partition table
[  903.507242][ T5236] loop2: partition table beyond EOD, truncated
[  903.625079][  T997] bond2 (unregistering): Released all slaves
[  903.758701][  T997] bond3 (unregistering): (slave bond4): Releasing backup interface
[  903.766648][  T997] bond4 (unregistering): left promiscuous mode
[  903.773692][  T997] bond3 (unregistering): Released all slaves
[  903.809961][ T5923] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  903.905898][  T997] bond4 (unregistering): Released all slaves
[  903.974583][ T5923] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  903.984605][ T5923] usb 3-1: config 0 interface 0 has no altsetting 0
[  903.992054][ T5923] usb 3-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00
[  904.004524][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  904.019424][ T5923] usb 3-1: config 0 descriptor??
[  904.068685][  T997] bond5 (unregistering): (slave bond6): Releasing backup interface
[  904.076693][  T997] bond6 (unregistering): left promiscuous mode
[  904.084024][  T997] bond5 (unregistering): Released all slaves
[  904.222610][  T997] bond6 (unregistering): Released all slaves
[  904.362462][  T997] bond7 (unregistering): Released all slaves
[  904.450481][ T5923] usbhid 3-1:0.0: can't add hid device: -71
[  904.458650][ T5923] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  904.477326][ T5923] usb 3-1: USB disconnect, device number 70
[  904.526957][  T997] bond8 (unregistering): (slave bond9): Releasing backup interface
[  904.535427][  T997] bond9 (unregistering): left promiscuous mode
[  904.542580][  T997] bond8 (unregistering): Released all slaves
[  904.673821][  T997] bond9 (unregistering): Released all slaves
[  904.803745][  T997] bond10 (unregistering): (slave bond11): Releasing backup interface
[  904.812039][  T997] bond11 (unregistering): left promiscuous mode
[  904.819399][  T997] bond10 (unregistering): Released all slaves
[  904.873263][T12757] Bluetooth: hci5: command tx timeout
[  904.992416][ T5236] Dev loop2: unable to read RDB block 7
[  904.998115][ T5236]  loop2: unable to read partition table
[  905.005437][ T5236] loop2: partition table beyond EOD, truncated
[  905.010580][  T997] bond11 (unregistering): Released all slaves
[  905.177006][  T997] bond12 (unregistering): Released all slaves
[  905.258553][ T5923] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  905.310684][  T997] bond13 (unregistering): Released all slaves
[  905.408595][ T5923] usb 3-1: Using ep0 maxpacket: 32
[  905.428822][ T5923] usb 3-1: config 0 has an invalid interface number: 115 but max is 0
[  905.437058][ T5923] usb 3-1: config 0 has no interface number 0
[  905.447778][ T5923] usb 3-1: config 0 interface 115 has no altsetting 0
[  905.456790][ T5923] usb 3-1: New USB device found, idVendor=5032, idProduct=0fa0, bcdDevice=c1.79
[  905.468001][  T997] bond0 (unregistering): Released all slaves
[  905.469231][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  905.485907][ T5923] usb 3-1: Product: syz
[  905.487478][T15540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  905.491030][ T5923] usb 3-1: Manufacturer: syz
[  905.506317][T15582] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2769'.
[  905.518340][ T5923] usb 3-1: SerialNumber: syz
[  905.566602][ T5923] usb 3-1: config 0 descriptor??
[  905.597271][ T5923] dvb-usb: found a 'Grandtec USB1.1 DVB-T' in cold state, will try to load a firmware
[  905.716757][  T997] _�Z`Ԁ@��: left promiscuous mode
[  905.790558][T15540] team0: Port device team_slave_0 added
[  905.819631][T15540] team0: Port device team_slave_1 added
[  905.992279][  T997] tipc: Disabling bearer <udp:syz0>
[  906.012483][  T997] tipc: Left network mode
[  906.022912][T15540] batman_adv: batadv0: Adding interface: batadv_slave_0
[  906.037301][T15540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  906.093245][T15540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  906.117662][T15540] batman_adv: batadv0: Adding interface: batadv_slave_1
[  906.198464][  T997] IPVS: stopping backup sync thread 12560 ...
[  906.275276][T15540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  906.387740][T15540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  906.450182][ T5236] Dev loop2: unable to read RDB block 7
[  906.476635][ T5236]  loop2: unable to read partition table
[  906.496111][ T5236] loop2: partition table beyond EOD, truncated
[  906.754403][ T5236] Dev loop2: unable to read RDB block 7
[  906.815078][ T5236]  loop2: unable to read partition table
[  906.859228][ T5236] loop2: partition table beyond EOD, truncated
[  906.928844][T14275] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  906.976291][T15540] hsr_slave_0: entered promiscuous mode
[  907.127218][T14275] usb 9-1: Using ep0 maxpacket: 8
[  907.132906][T15540] hsr_slave_1: entered promiscuous mode
[  907.151427][T15540] debugfs: 'hsr0' already exists in 'hsr'
[  907.154768][ T5236] Dev loop2: unable to read RDB block 7
[  907.160015][T14275] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  907.171969][ T5236]  loop2: unable to read partition table
[  907.172214][ T5236] loop2: partition table beyond EOD, truncated
[  907.199346][T15540] Cannot create hsr debugfs directory
[  907.204864][T14275] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.251952][T14275] usb 9-1: config 0 descriptor??
[  907.465246][T14275] asix 9-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  907.665539][ T5236] Dev loop2: unable to read RDB block 7
[  907.672214][T14275] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  907.688505][ T5236]  loop2: unable to read partition table
[  907.704906][T14275] asix 9-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffc3
[  907.715890][ T5236] loop2: partition table beyond EOD, truncated
[  907.735867][T14275] asix 9-1:0.0: probe with driver asix failed with error -61
[  907.924348][T15666] fuse: Bad value for 'user_id'
[  907.929360][T15666] fuse: Bad value for 'user_id'
[  908.217300][  T997] batadv_slave_0: left promiscuous mode
[  908.239915][  T997] hsr_slave_0: left promiscuous mode
[  908.255300][  T997] hsr_slave_1: left promiscuous mode
[  908.264045][  T997] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  908.275719][  T997] batman_adv: batadv0: Removing interface: batadv_slave_0
[  908.297119][  T997] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  908.305297][  T997] batman_adv: batadv0: Removing interface: batadv_slave_1
[  908.332237][  T997] veth1_vlan: left promiscuous mode
[  908.337775][  T997] veth0_vlan: left promiscuous mode
[  908.994652][T15681] loop6: detected capacity change from 0 to 7
[  909.003445][T15681] Dev loop6: unable to read RDB block 7
[  909.011067][T15681]  loop6: AHDI p3 p4
[  909.015238][T15681] loop6: partition table partially beyond EOD, truncated
[  909.025621][T15681] loop6: p3 start 536870936 is beyond EOD, truncated
[  909.445714][ T5236] Dev loop2: unable to read RDB block 7
[  909.454572][ T5236]  loop2: unable to read partition table
[  909.462691][ T5236] loop2: partition table beyond EOD, truncated
[  909.707105][T15688] netlink: 'syz.2.2793': attribute type 15 has an invalid length.
[  909.715480][  T997] team0 (unregistering): Port device team_slave_1 removed
[  909.724189][T15688] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2793'.
[  909.761743][ T5958] usb 9-1: USB disconnect, device number 13
[  909.931549][T15692] netlink: 140 bytes leftover after parsing attributes in process `syz.2.2793'.
[  909.952048][  T997] team0 (unregistering): Port device team_slave_0 removed
[  911.552000][ T5236] Dev loop2: unable to read RDB block 7
[  911.557623][ T5236]  loop2: unable to read partition table
[  911.582660][ T5236] loop2: partition table beyond EOD, truncated
[  912.027642][ T5236] Dev loop2: unable to read RDB block 7
[  912.036150][ T5236]  loop2: unable to read partition table
[  912.050542][   T30] kauditd_printk_skb: 47 callbacks suppressed
[  912.050560][   T30] audit: type=1326 audit(1759136406.885:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15715 comm="syz.0.2800" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd90898eec9 code=0x0
[  912.070249][ T5236] loop2: partition table beyond EOD, 
[  912.078521][    C0] vkms_vblank_simulate: vblank timer overrun
[  912.103054][ T5236] truncated
[  912.706022][  T997] IPVS: stop unused estimator thread 0...
[  913.154210][T15540] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  913.211423][T15540] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  913.255440][T15540] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  913.319029][T15540] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  913.778030][T15540] 8021q: adding VLAN 0 to HW filter on device bond0
[  913.861589][T15540] 8021q: adding VLAN 0 to HW filter on device team0
[  913.927734][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[  913.934983][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[  914.018073][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state
[  914.025415][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  914.058644][T11229] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  914.186609][T15540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  914.224816][T11229] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  914.252335][T11229] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  914.289653][T11229] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  914.335703][T11229] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  914.348115][T15540] 8021q: adding VLAN 0 to HW filter on device batadv0
[  914.358116][T11229] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  914.385361][T11229] usb 9-1: config 0 descriptor??
[  914.507767][T15540] veth0_vlan: entered promiscuous mode
[  914.555190][T15540] veth1_vlan: entered promiscuous mode
[  914.607844][T15755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  914.624969][T15755] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  914.653526][T15755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  914.675707][T15540] veth0_macvtap: entered promiscuous mode
[  914.687787][T15755] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  914.725357][T15540] veth1_macvtap: entered promiscuous mode
[  914.733283][T15755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  914.757207][T15755] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  914.795625][T15755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  914.816799][T15540] batman_adv: batadv0: Interface activated: batadv_slave_0
[  914.832758][T15755] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  914.862885][T15755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  914.867936][T15540] batman_adv: batadv0: Interface activated: batadv_slave_1
[  914.918326][T15755] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  914.948011][  T997] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  914.983947][  T997] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  915.023168][T11229] usbhid 9-1:0.0: can't add hid device: -71
[  915.044369][T11229] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  915.067760][  T997] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  915.094111][T11229] usb 9-1: USB disconnect, device number 14
[  915.116723][  T997] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  915.333089][ T9857] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  915.341582][ T5236] Dev loop2: unable to read RDB block 7
[  915.358955][ T9857] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  915.377713][ T5236]  loop2: unable to read partition table
[  915.391354][ T5236] loop2: partition table beyond EOD, truncated
[  915.426667][T12854] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  915.451340][T12854] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  915.617141][T15781] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2756'.
[  915.646520][T15781] batadv0: entered promiscuous mode
[  915.894719][T15792] FAULT_INJECTION: forcing a failure.
[  915.894719][T15792] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  915.929620][T15792] CPU: 1 UID: 0 PID: 15792 Comm: syz.8.2812 Not tainted syzkaller #0 PREEMPT(full) 
[  915.929647][T15792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  915.929659][T15792] Call Trace:
[  915.929668][T15792]  <TASK>
[  915.929676][T15792]  dump_stack_lvl+0x189/0x250
[  915.929703][T15792]  ? __pfx____ratelimit+0x10/0x10
[  915.929720][T15792]  ? __pfx_dump_stack_lvl+0x10/0x10
[  915.929739][T15792]  ? __pfx__printk+0x10/0x10
[  915.929761][T15792]  ? __might_fault+0xb0/0x130
[  915.929792][T15792]  should_fail_ex+0x414/0x560
[  915.929821][T15792]  _copy_from_user+0x2d/0xb0
[  915.929848][T15792]  ___sys_sendmsg+0x158/0x2a0
[  915.929874][T15792]  ? __pfx____sys_sendmsg+0x10/0x10
[  915.929932][T15792]  ? __fget_files+0x2a/0x420
[  915.929948][T15792]  ? __fget_files+0x3a0/0x420
[  915.929975][T15792]  __x64_sys_sendmsg+0x19b/0x260
[  915.929999][T15792]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  915.930037][T15792]  ? __pfx_ksys_write+0x10/0x10
[  915.930056][T15792]  ? rcu_is_watching+0x15/0xb0
[  915.930080][T15792]  ? do_syscall_64+0xbe/0x3b0
[  915.930104][T15792]  do_syscall_64+0xfa/0x3b0
[  915.930122][T15792]  ? lockdep_hardirqs_on+0x9c/0x150
[  915.930140][T15792]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  915.930157][T15792]  ? clear_bhb_loop+0x60/0xb0
[  915.930179][T15792]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  915.930196][T15792] RIP: 0033:0x7fdcc1f8eec9
[  915.930212][T15792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  915.930227][T15792] RSP: 002b:00007fdcc2ebe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  915.930246][T15792] RAX: ffffffffffffffda RBX: 00007fdcc21e5fa0 RCX: 00007fdcc1f8eec9
[  915.930260][T15792] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  915.930271][T15792] RBP: 00007fdcc2ebe090 R08: 0000000000000000 R09: 0000000000000000
[  915.930282][T15792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  915.930293][T15792] R13: 00007fdcc21e6038 R14: 00007fdcc21e5fa0 R15: 00007fdcc230fa28
[  915.930322][T15792]  </TASK>
[  916.893285][T15815] syz_tun: tun_net_xmit 42
[  916.907553][T15815] syz_tun: tun_net_xmit 42
[  916.923253][T15815] syz_tun: tun_net_xmit 42
[  916.981619][T15815] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  916.985174][T15757] IPVS: starting estimator thread 0...
[  917.158916][T15822] IPVS: using max 50 ests per chain, 120000 per kthread
[  917.199060][T15757] usb 4-1: new full-speed USB device number 71 using dummy_hcd
[  917.370139][T15757] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10
[  917.415643][T15834] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2821'.
[  917.431022][T15757] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  917.478254][T15757] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  917.508032][T15757] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  917.545212][T15757] usb 4-1: Product: syz
[  917.550647][T15757] usb 4-1: Manufacturer: syz
[  917.555814][T15757] usb 4-1: SerialNumber: syz
[  917.700081][T15757] usb 4-1: config 0 descriptor??
[  917.765590][T15757] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -90
[  917.970852][T15757] usb 4-1: USB disconnect, device number 71
[  918.474648][ T5236] Dev loop2: unable to read RDB block 7
[  918.494291][ T5236]  loop2: unable to read partition table
[  918.510375][ T5236] loop2: partition table beyond EOD, truncated
[  918.743344][T15867] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3089888063 (3089888063 ns) > initial count (2126324423 ns). Using initial count to start timer.
[  918.915847][ T5236] Dev loop2: unable to read RDB block 7
[  918.936938][ T5236]  loop2: unable to read partition table
[  918.977780][ T5236] loop2: partition table beyond EOD, truncated
[  919.075942][T15884] random: crng reseeded on system resumption
[  919.265468][ T5236] Dev loop2: unable to read RDB block 7
[  919.302193][ T5236]  loop2: unable to read partition table
[  919.308280][ T5236] loop2: partition table beyond EOD, truncated
[  919.907702][ T5236] Dev loop2: unable to read RDB block 7
[  920.015070][ T5236]  loop2: unable to read partition table
[  920.078793][ T5236] loop2: partition table beyond EOD, truncated
[  920.128498][T14275] usb 4-1: new full-speed USB device number 72 using dummy_hcd
[  920.304589][ T5864] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  920.314418][ T5864] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  920.340057][ T5864] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  920.354288][ T5864] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  920.379296][ T5864] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  920.427831][T14275] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  920.471799][T14275] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  920.533736][T14275] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  920.592233][ T5236] Dev loop2: unable to read RDB block 7
[  920.608465][T14275] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  920.624253][ T5236]  loop2: unable to read partition table
[  920.643067][T14275] usb 4-1: config 0 descriptor??
[  920.652423][ T5236] loop2: partition table beyond EOD, truncated
[  920.667483][T14275] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  920.695356][T14275] dvb-usb: bulk message failed: -22 (3/0)
[  920.762576][T14275] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  920.775714][T15911] loop9: detected capacity change from 0 to 7
[  920.810190][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  920.849276][T14275] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  920.856394][T14275] usb 4-1: media controller created
[  920.908021][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  920.926027][T14275] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  920.958644][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  920.966732][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  920.971672][T14275] dvb-usb: bulk message failed: -22 (6/0)
[  920.992901][T14275] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  921.044429][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  921.071747][ T5236] Dev loop2: unable to read RDB block 7
[  921.077474][ T5236]  loop2: unable to read partition table
[  921.097506][T14275] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input60
[  921.127755][ T5236] loop2: partition table beyond EOD, truncated
[  921.145612][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  921.176147][T14275] dvb-usb: schedule remote query interval to 150 msecs.
[  921.211684][T14275] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  921.243637][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  921.262240][T14275] usb 4-1: USB disconnect, device number 72
[  921.278538][T15911] ldm_validate_partition_table(): Disk read failed.
[  921.363777][ T3519] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  921.382260][T14275] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  921.391074][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  921.445962][ T3519] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  921.456830][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  921.512522][T15911] Buffer I/O error on dev loop9, logical block 0, async page read
[  921.612293][T15911] Dev loop9: unable to read RDB block 0
[  921.620703][T15911]  loop9: unable to read partition table
[  921.626585][T15911] loop9: partition table beyond EOD, truncated
[  921.633501][T15911] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  921.633501][T15911] 
) failed (rc=-5)
[  921.716015][ T3519] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  921.768957][ T3519] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  921.977486][ T3519] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  922.017036][ T3519] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  922.096739][T15933] netlink: 'syz.8.2846': attribute type 15 has an invalid length.
[  922.105504][T15933] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2846'.
[  922.250219][T15935] netlink: 140 bytes leftover after parsing attributes in process `syz.8.2846'.
[  922.468748][ T5864] Bluetooth: hci1: command tx timeout
[  922.507815][ T5236] Dev loop2: unable to read RDB block 7
[  922.521702][ T5236]  loop2: unable to read partition table
[  922.543535][ T5236] loop2: partition table beyond EOD, truncated
[  922.570288][ T3519] netdevsim netdevsim0 netdevsim0 (unregistering): left allmulticast mode
[  922.667578][   T30] audit: type=1326 audit(1759136417.495:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15936 comm="syz.2.2847" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17fed8eec9 code=0x0
[  922.694954][ T3519] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  922.806367][ T3519] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  923.430260][ T5864] Bluetooth: hci2: command 0x0406 tx timeout
[  923.554226][T15904] chnl_net:caif_netlink_parms(): no params data found
[  923.744860][ T3519] tipc: Resetting bearer <eth:syzkaller0>
[  924.293721][   T30] audit: type=1326 audit(1759136419.115:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15957 comm="syz.3.2852" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f637918eec9 code=0x0
[  924.548840][T12757] Bluetooth: hci1: command tx timeout
[  924.874999][ T3519] tipc: Disabling bearer <eth:syzkaller0>
[  924.928708][ T3519] bond21 (unregistering): (slave bridge2): Releasing backup interface
[  925.126123][ T3519] bond1 (unregistering): (slave bond2): Releasing backup interface
[  925.134209][ T3519] bond2 (unregistering): left promiscuous mode
[  925.144293][ T3519] bond1 (unregistering): Released all slaves
[  925.271867][ T3519] bond2 (unregistering): Released all slaves
[  925.397402][ T3519] bond3 (unregistering): (slave bond4): Releasing backup interface
[  925.405394][ T3519] bond4 (unregistering): left promiscuous mode
[  925.414613][ T3519] bond3 (unregistering): Released all slaves
[  925.538750][ T3519] bond4 (unregistering): Released all slaves
[  925.679054][ T3519] bond5 (unregistering): (slave bond6): Releasing backup interface
[  925.686998][ T3519] bond6 (unregistering): left promiscuous mode
[  925.694220][ T3519] bond5 (unregistering): Released all slaves
[  925.819881][ T3519] bond6 (unregistering): Released all slaves
[  925.949544][ T3519] bond7 (unregistering): (slave bond8): Releasing backup interface
[  925.957569][ T3519] bond8 (unregistering): left promiscuous mode
[  925.964831][ T3519] bond7 (unregistering): Released all slaves
[  926.091092][ T3519] bond8 (unregistering): Released all slaves
[  926.235672][ T3519] bond9 (unregistering): (slave bond10): Releasing backup interface
[  926.243915][ T3519] bond10 (unregistering): left promiscuous mode
[  926.251891][ T3519] bond9 (unregistering): Released all slaves
[  926.390440][ T3519] bond10 (unregistering): Released all slaves
[  926.540062][ T3519] bond11 (unregistering): (slave bond12): Releasing backup interface
[  926.548258][ T3519] bond12 (unregistering): left promiscuous mode
[  926.556376][ T3519] bond11 (unregistering): Released all slaves
[  926.635110][T12757] Bluetooth: hci1: command tx timeout
[  926.706760][ T3519] bond12 (unregistering): Released all slaves
[  926.963287][ T3519] bond13 (unregistering): (slave bond14): Releasing backup interface
[  926.971762][ T3519] bond14 (unregistering): left promiscuous mode
[  926.979594][ T3519] bond13 (unregistering): Released all slaves
[  927.131718][ T3519] bond14 (unregistering): Released all slaves
[  927.146328][ T3519] bond15 (unregistering): Released all slaves
[  927.295709][ T3519] bond16 (unregistering): Released all slaves
[  927.437350][ T3519] bond17 (unregistering): (slave bond18): Releasing backup interface
[  927.445573][ T3519] bond18 (unregistering): left promiscuous mode
[  927.453277][ T3519] bond17 (unregistering): Released all slaves
[  927.784319][ T3519] bond18 (unregistering): Released all slaves
[  927.959066][ T3519] bond19 (unregistering): (slave bond20): Releasing backup interface
[  927.973200][ T3519] bond20 (unregistering): left promiscuous mode
[  927.988646][ T3519] bond19 (unregistering): Released all slaves
[  928.023103][T15974] netlink: 308 bytes leftover after parsing attributes in process `syz.7.2857'.
[  928.148896][ T3519] bond20 (unregistering): Released all slaves
[  928.163417][ T3519] bond21 (unregistering): Released all slaves
[  928.191306][T15953] bridge3: entered promiscuous mode
[  928.483043][ T5236] Dev loop2: unable to read RDB block 7
[  928.495871][ T5236]  loop2: unable to read partition table
[  928.528719][ T5236] loop2: partition table beyond EOD, truncated
[  928.603833][ T3519] tipc: Left network mode
[  928.716039][T12757] Bluetooth: hci1: command tx timeout
[  929.003891][T15904] bridge0: port 1(bridge_slave_0) entered blocking state
[  929.018550][T15904] bridge0: port 1(bridge_slave_0) entered disabled state
[  929.025836][T15904] bridge_slave_0: entered allmulticast mode
[  929.065675][T15904] bridge_slave_0: entered promiscuous mode
[  929.113775][T15904] bridge0: port 2(bridge_slave_1) entered blocking state
[  929.138683][T15904] bridge0: port 2(bridge_slave_1) entered disabled state
[  929.168770][T15904] bridge_slave_1: entered allmulticast mode
[  929.176913][T15904] bridge_slave_1: entered promiscuous mode
[  929.372096][ T5236] Dev loop2: unable to read RDB block 7
[  929.377803][ T5236]  loop2: unable to read partition table
[  929.440035][ T5236] loop2: partition table beyond EOD, truncated
[  930.135013][T15904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  930.157465][T15904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  930.504595][ T3519] hsr_slave_0: left promiscuous mode
[  930.516677][ T3519] hsr_slave_1: left promiscuous mode
[  930.523847][ T3519] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  930.544817][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_0
[  930.561643][ T3519] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  930.583871][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_1
[  930.720733][ T3519] veth1_macvtap: left promiscuous mode
[  930.746331][ T3519] veth0_macvtap: left promiscuous mode
[  930.761499][ T3519] veth1_vlan: left promiscuous mode
[  930.766869][ T3519] veth0_vlan: left promiscuous mode
[  930.801754][T16035] netlink: 308 bytes leftover after parsing attributes in process `syz.3.2871'.
[  931.461286][ T3519] team0 (unregistering): Port device team_slave_1 removed
[  931.510968][ T3519] team0 (unregistering): Port device team_slave_0 removed
[  931.594068][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  931.600656][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  932.154899][T16042] warning: `syz.3.2874' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  932.183198][T15904] team0: Port device team_slave_0 added
[  932.201446][T15904] team0: Port device team_slave_1 added
[  932.319472][T15904] batman_adv: batadv0: Adding interface: batadv_slave_0
[  932.332006][T15904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  932.368715][T16046] FAULT_INJECTION: forcing a failure.
[  932.368715][T16046] name failslab, interval 1, probability 0, space 0, times 0
[  932.392139][T15904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  932.403529][T16046] CPU: 0 UID: 0 PID: 16046 Comm: syz.3.2875 Not tainted syzkaller #0 PREEMPT(full) 
[  932.403552][T16046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  932.403563][T16046] Call Trace:
[  932.403571][T16046]  <TASK>
[  932.403581][T16046]  dump_stack_lvl+0x189/0x250
[  932.403606][T16046]  ? __pfx____ratelimit+0x10/0x10
[  932.403626][T16046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  932.403647][T16046]  ? __pfx__printk+0x10/0x10
[  932.403674][T16046]  ? __pfx___might_resched+0x10/0x10
[  932.403692][T16046]  ? fs_reclaim_acquire+0x7d/0x100
[  932.403714][T16046]  should_fail_ex+0x414/0x560
[  932.403746][T16046]  should_failslab+0xa8/0x100
[  932.403772][T16046]  __kmalloc_noprof+0xcb/0x4f0
[  932.403794][T16046]  ? ethnl_default_set_doit+0x168/0x890
[  932.403822][T16046]  ethnl_default_set_doit+0x168/0x890
[  932.403843][T16046]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  932.403866][T16046]  ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0
[  932.403895][T16046]  genl_family_rcv_msg_doit+0x215/0x300
[  932.403926][T16046]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  932.403963][T16046]  ? bpf_lsm_capable+0x9/0x20
[  932.403985][T16046]  ? security_capable+0x7e/0x2e0
[  932.404018][T16046]  genl_rcv_msg+0x60e/0x790
[  932.404049][T16046]  ? __pfx_genl_rcv_msg+0x10/0x10
[  932.404070][T16046]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  932.404094][T16046]  ? __asan_memcpy+0x40/0x70
[  932.404113][T16046]  ? __pfx_ref_tracker_free+0x10/0x10
[  932.404148][T16046]  netlink_rcv_skb+0x205/0x470
[  932.404165][T16046]  ? __lock_acquire+0xab9/0xd20
[  932.404190][T16046]  ? __pfx_genl_rcv_msg+0x10/0x10
[  932.404214][T16046]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  932.404254][T16046]  ? down_read+0x1ad/0x2e0
[  932.404279][T16046]  genl_rcv+0x28/0x40
[  932.404299][T16046]  netlink_unicast+0x82f/0x9e0
[  932.404335][T16046]  ? __pfx_netlink_unicast+0x10/0x10
[  932.404363][T16046]  ? netlink_sendmsg+0x642/0xb30
[  932.404380][T16046]  ? skb_put+0x11b/0x210
[  932.404405][T16046]  netlink_sendmsg+0x805/0xb30
[  932.404435][T16046]  ? __pfx_netlink_sendmsg+0x10/0x10
[  932.404459][T16046]  ? aa_sock_msg_perm+0xf1/0x1d0
[  932.404480][T16046]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  932.404498][T16046]  ? __pfx_netlink_sendmsg+0x10/0x10
[  932.404519][T16046]  __sock_sendmsg+0x219/0x270
[  932.404548][T16046]  ____sys_sendmsg+0x505/0x830
[  932.404576][T16046]  ? __pfx_____sys_sendmsg+0x10/0x10
[  932.404608][T16046]  ? import_iovec+0x74/0xa0
[  932.404635][T16046]  ___sys_sendmsg+0x21f/0x2a0
[  932.404659][T16046]  ? __pfx____sys_sendmsg+0x10/0x10
[  932.404720][T16046]  ? __fget_files+0x2a/0x420
[  932.404736][T16046]  ? __fget_files+0x3a0/0x420
[  932.404765][T16046]  __x64_sys_sendmsg+0x19b/0x260
[  932.404790][T16046]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  932.404822][T16046]  ? __pfx_ksys_write+0x10/0x10
[  932.404843][T16046]  ? rcu_is_watching+0x15/0xb0
[  932.404867][T16046]  ? do_syscall_64+0xbe/0x3b0
[  932.404892][T16046]  do_syscall_64+0xfa/0x3b0
[  932.404910][T16046]  ? lockdep_hardirqs_on+0x9c/0x150
[  932.404929][T16046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  932.404946][T16046]  ? clear_bhb_loop+0x60/0xb0
[  932.404969][T16046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  932.404986][T16046] RIP: 0033:0x7f637918eec9
[  932.405003][T16046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  932.405018][T16046] RSP: 002b:00007f6379fcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  932.405037][T16046] RAX: ffffffffffffffda RBX: 00007f63793e6090 RCX: 00007f637918eec9
[  932.405051][T16046] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  932.405063][T16046] RBP: 00007f6379fcf090 R08: 0000000000000000 R09: 0000000000000000
[  932.405075][T16046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  932.405086][T16046] R13: 00007f63793e6128 R14: 00007f63793e6090 R15: 00007f637950fa28
[  932.405124][T16046]  </TASK>
[  932.415242][T15904] batman_adv: batadv0: Adding interface: batadv_slave_1
[  932.535545][ T5236] Dev loop2: unable to read RDB block 7
[  932.540767][T15904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  932.550108][ T5236]  loop2: unable to read partition table
[  932.551136][T15904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  932.570097][ T5236] loop2: partition table beyond EOD, truncated
[  933.024736][T15904] hsr_slave_0: entered promiscuous mode
[  933.049902][T15904] hsr_slave_1: entered promiscuous mode
[  933.105814][ T5236] Dev loop2: unable to read RDB block 7
[  933.123337][ T5236]  loop2: unable to read partition table
[  933.145930][ T5236] loop2: partition table beyond EOD, truncated
[  933.464000][ T5236] Dev loop2: unable to read RDB block 7
[  933.628547][ T5236]  loop2: unable to read partition table
[  933.654477][ T5236] loop2: partition table beyond EOD, truncated
[  934.203609][T16074] loop4: detected capacity change from 0 to 2560
[  934.237778][T16074] buffer_io_error: 9 callbacks suppressed
[  934.237858][T16074] Buffer I/O error on dev loop4, logical block 0, lost async page write
[  934.258962][T12534] Buffer I/O error on dev loop4, logical block 256, lost async page write
[  934.275083][T16074] Buffer I/O error on dev loop4, logical block 1, lost async page write
[  934.292136][T16074] Buffer I/O error on dev loop4, logical block 2, lost async page write
[  934.309452][T16074] Buffer I/O error on dev loop4, logical block 3, lost async page write
[  934.406076][T12534] Buffer I/O error on dev loop4, logical block 257, lost async page write
[  934.425412][T12534] Buffer I/O error on dev loop4, logical block 258, lost async page write
[  934.446246][T12534] Buffer I/O error on dev loop4, logical block 259, lost async page write
[  934.449249][T16074] Buffer I/O error on dev loop4, logical block 4, lost async page write
[  934.464461][T16074] Buffer I/O error on dev loop4, logical block 5, lost async page write
[  934.684622][T16075] hub 9-0:1.0: USB hub found
[  934.708815][T16075] hub 9-0:1.0: 1 port detected
[  936.255937][ T5236] Dev loop2: unable to read RDB block 7
[  936.262610][ T5236]  loop2: unable to read partition table
[  936.270866][ T5236] loop2: partition table beyond EOD, truncated
[  936.370793][T15904] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  936.406230][T15904] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  936.454757][T15904] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  936.479730][T15904] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  936.567681][ T5236] Dev loop2: unable to read RDB block 7
[  936.596388][T16099] netlink: 'syz.7.2883': attribute type 1 has an invalid length.
[  936.607215][ T5236]  loop2: unable to read partition table
[  936.616850][ T5236] loop2: partition table beyond EOD, truncated
[  936.903329][T15904] 8021q: adding VLAN 0 to HW filter on device bond0
[  936.956144][T15904] 8021q: adding VLAN 0 to HW filter on device team0
[  936.984170][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  936.991499][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  937.147041][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  937.154333][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  937.397607][T15904] 8021q: adding VLAN 0 to HW filter on device batadv0
[  937.584611][T15904] veth0_vlan: entered promiscuous mode
[  937.597429][ T5236] Dev loop2: unable to read RDB block 7
[  937.648800][ T5236]  loop2: unable to read partition table
[  937.657321][ T5236] loop2: partition table beyond EOD, truncated
[  937.666307][T15904] veth1_vlan: entered promiscuous mode
[  937.682609][T16128] loop6: detected capacity change from 0 to 7
[  937.697058][T16128] Dev loop6: unable to read RDB block 7
[  937.704368][T16128]  loop6: AHDI p3 p4
[  937.716708][T16128] loop6: partition table partially beyond EOD, truncated
[  937.727217][T16128] loop6: p3 start 536870936 is beyond EOD, truncated
[  937.839408][ T5236] Dev loop2: unable to read RDB block 7
[  937.850955][T15904] veth0_macvtap: entered promiscuous mode
[  937.872420][ T5236]  loop2: unable to read partition table
[  937.887129][T16131] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2890'.
[  937.900006][T15904] veth1_macvtap: entered promiscuous mode
[  937.909115][ T5236] loop2: partition table beyond EOD, truncated
[  938.083662][T15904] batman_adv: batadv0: Interface activated: batadv_slave_0
[  938.196032][T15904] batman_adv: batadv0: Interface activated: batadv_slave_1
[  938.206072][T16136] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2891'.
[  938.239896][ T5236] Dev loop2: unable to read RDB block 7
[  938.255785][ T5236]  loop2: unable to read partition table
[  938.265667][ T5236] loop2: partition table beyond EOD, truncated
[  938.431319][ T3519] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  938.497706][ T3519] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  938.527167][ T3519] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  938.623343][ T3519] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  939.163193][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  939.177732][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  939.185399][T14274] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  939.337526][ T3519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  939.372582][ T3519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  939.387270][T14274] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  939.412911][T14274] usb 4-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00
[  939.423693][T14274] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  939.435495][T14274] usb 4-1: config 0 descriptor??
[  939.876275][T14274] logitech 0003:046D:C50C.0021: unbalanced collection at end of report description
[  939.904621][T14274] logitech 0003:046D:C50C.0021: parse failed
[  939.921676][T14274] logitech 0003:046D:C50C.0021: probe with driver logitech failed with error -22
[  939.963081][ T5236] Dev loop2: unable to read RDB block 7
[  939.978583][ T5236]  loop2: unable to read partition table
[  939.996307][ T5236] loop2: partition table beyond EOD, truncated
[  940.022793][T16176] tipc: Started in network mode
[  940.052429][T16176] tipc: Node identity aa2ab72d1807, cluster identity 4711
[  940.089750][T16176] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  940.090546][T14274] usb 4-1: USB disconnect, device number 73
[  940.216567][T16174] hsr0: entered allmulticast mode
[  940.262840][T16174] hsr_slave_0: entered allmulticast mode
[  940.276378][T16174] hsr_slave_1: entered allmulticast mode
[  940.338196][T16181] hsr_slave_0: left promiscuous mode
[  940.352721][T16181] hsr_slave_1: left promiscuous mode
[  940.380822][T16181] hsr0 (unregistering): left allmulticast mode
[  940.403777][T16176] tipc: Disabling bearer <eth:syzkaller0>
[  940.470160][ T5236] Dev loop2: unable to read RDB block 7
[  940.484727][ T5236]  loop2: unable to read partition table
[  940.498741][    T9] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  940.506679][ T5236] loop2: partition table beyond EOD, truncated
[  940.702356][    T9] usb 9-1: Using ep0 maxpacket: 8
[  940.816811][    T9] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  940.908267][T16206] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2903'.
[  940.986067][    T9] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  941.119507][    T9] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  941.196861][    T9] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 50464, setting to 1024
[  941.244035][    T9] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  941.278641][    T9] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  941.318427][    T9] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  941.370575][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  941.721200][    T9] usb 9-1: GET_CAPABILITIES returned 0
[  941.740300][    T9] usbtmc 9-1:16.0: can't read capabilities
[  942.052311][T15757] usb 9-1: USB disconnect, device number 15
[  942.058747][T16185] usbtmc 9-1:16.0: usb_control_msg returned -71
[  942.287732][T16229] bridge_slave_0: left allmulticast mode
[  942.316601][ T5944] syz_tun: tun_net_xmit 110
[  942.328542][T16229] bridge_slave_0: left promiscuous mode
[  942.357066][T16229] bridge0: port 1(bridge_slave_0) entered disabled state
[  942.467066][ T5236] Dev loop2: unable to read RDB block 7
[  942.498029][T16229] bridge_slave_1: left allmulticast mode
[  942.504706][T16229] bridge_slave_1: left promiscuous mode
[  942.510549][ T5236]  loop2: unable to read partition table
[  942.517200][T16229] bridge0: port 2(bridge_slave_1) entered disabled state
[  942.538025][ T5236] loop2: partition table beyond EOD, truncated
[  942.651626][ T5236] Dev loop2: unable to read RDB block 7
[  942.662468][T16229] team0: Port device team_slave_0 removed
[  942.668585][ T5236]  loop2: unable to read partition table
[  942.676382][ T5236] loop2: partition table beyond EOD, truncated
[  942.715698][T16229] team0: Port device team_slave_1 removed
[  942.739700][T16229] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  942.775182][T16229] batman_adv: batadv0: Removing interface: batadv_slave_0
[  942.842713][T16229] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  942.875006][T16229] batman_adv: batadv0: Removing interface: batadv_slave_1
[  942.971750][T16230] vlan0: entered promiscuous mode
[  943.001656][T16230] team0: Port device vlan0 added
[  943.113476][T14275] syz_tun: tun_net_xmit 110
[  943.278788][ T5944] usb 4-1: new full-speed USB device number 74 using dummy_hcd
[  943.472249][ T5944] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  943.505653][ T5944] usb 4-1: config 0 has no interface number 0
[  943.525613][ T5944] usb 4-1: config 0 interface 41 has no altsetting 0
[  943.564448][ T5944] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  943.593958][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.631474][ T5944] usb 4-1: Product: syz
[  943.650877][ T5944] usb 4-1: Manufacturer: syz
[  943.662194][T16263] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  943.678699][ T5944] usb 4-1: SerialNumber: syz
[  943.687174][T14274] syz_tun: tun_net_xmit 110
[  943.694347][ T5944] usb 4-1: config 0 descriptor??
[  943.876284][ T5236] Dev loop2: unable to read RDB block 7
[  943.893462][ T5236]  loop2: unable to read partition table
[  943.921400][ T5236] loop2: partition table beyond EOD, truncated
[  944.115543][ T5236] Dev loop2: unable to read RDB block 7
[  944.125475][ T5236]  loop2: unable to read partition table
[  944.132209][ T5236] loop2: partition table beyond EOD, truncated
[  944.366490][ T5236] Dev loop2: unable to read RDB block 7
[  944.377675][ T5236]  loop2: unable to read partition table
[  944.397310][ T5236] loop2: partition table beyond EOD, truncated
[  944.511896][ T5944] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  944.709582][T14274] syz_tun: tun_net_xmit 110
[  944.857409][ T5236] Dev loop2: unable to read RDB block 7
[  944.857455][ T5236]  loop2: unable to read partition table
[  944.857777][ T5236] loop2: partition table beyond EOD, truncated
[  945.644029][ T5864] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  945.654471][ T5864] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  945.664573][ T5864] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  945.688815][ T5864] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  945.699827][ T5864] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  945.877849][T16320] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2938'.
[  945.904308][ T3519] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  945.934553][ T3519] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  946.067602][T16320] bond0: entered allmulticast mode
[  946.237100][ T3519] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  946.265073][ T3519] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  946.345621][T16338] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  946.425304][ T5944] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9
[  946.439381][ T5944] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71
[  946.459920][ T3519] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  946.471550][ T5944] usb 4-1: USB disconnect, device number 74
[  946.478694][ T3519] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  947.072548][T16314] chnl_net:caif_netlink_parms(): no params data found
[  947.165399][ T3519] bridge0: port 3(team0) entered disabled state
[  947.225320][ T3519] bridge_slave_1: left allmulticast mode
[  947.238696][ T3519] bridge_slave_1: left promiscuous mode
[  947.252579][ T3519] bridge0: port 2(bridge_slave_1) entered disabled state
[  947.356083][ T3519] bridge_slave_0: left allmulticast mode
[  947.378639][ T3519] bridge_slave_0: left promiscuous mode
[  947.384520][ T3519] bridge0: port 1(bridge_slave_0) entered disabled state
[  947.748515][ T5864] Bluetooth: hci0: command tx timeout
[  948.712051][T16415] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2973'.
[  949.829333][ T5864] Bluetooth: hci0: command tx timeout
[  949.844132][ T3519] vxlan0 (unregistering): left promiscuous mode
[  949.850612][ T3519] vxlan0 (unregistering): left allmulticast mode
[  949.858966][ T3519] team0: Port device vxlan0 removed
[  950.523914][ T3519] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  950.546282][ T3519] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  950.579620][ T3519] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  950.589344][ T3519] tipc: Resetting bearer <eth:batadv0>
[  950.600571][ T3519] tipc: Resetting bearer <eth:batadv0>
[  950.606196][ T3519] bond0 (unregistering): Released all slaves
[  950.940598][ T3519] bond1 (unregistering): (slave bond2): Releasing backup interface
[  950.958447][ T3519] bond2 (unregistering): left promiscuous mode
[  950.966618][ T3519] bond1 (unregistering): Released all slaves
[  951.255421][ T3519] bond2 (unregistering): Released all slaves
[  951.533527][ T3519] bond3 (unregistering): (slave bond4): Releasing backup interface
[  951.542018][ T3519] bond4 (unregistering): left promiscuous mode
[  951.549447][ T3519] bond3 (unregistering): Released all slaves
[  951.746200][ T3519] bond4 (unregistering): Released all slaves
[  951.918946][ T5864] Bluetooth: hci0: command tx timeout
[  951.926540][ T3519] bond5 (unregistering): (slave bond6): Releasing backup interface
[  951.936984][ T3519] bond6 (unregistering): left promiscuous mode
[  951.951178][ T3519] bond5 (unregistering): Released all slaves
[  952.136053][ T3519] bond6 (unregistering): Released all slaves
[  952.273647][T16443] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  952.328123][ T3519] tipc: Disabling bearer <eth:batadv0>
[  952.363404][ T3519] tipc: Left network mode
[  952.820146][T16496] sctp: [Deprecated]: syz.7.3006 (pid 16496) Use of struct sctp_assoc_value in delayed_ack socket option.
[  952.820146][T16496] Use struct sctp_sack_info instead
[  953.068813][T16314] bridge0: port 1(bridge_slave_0) entered blocking state
[  953.106704][T16314] bridge0: port 1(bridge_slave_0) entered disabled state
[  953.143447][T16314] bridge_slave_0: entered allmulticast mode
[  953.187301][T16314] bridge_slave_0: entered promiscuous mode
[  953.481120][T16523] sctp: [Deprecated]: syz.0.3019 (pid 16523) Use of struct sctp_assoc_value in delayed_ack socket option.
[  953.481120][T16523] Use struct sctp_sack_info instead
[  953.518580][T16314] bridge0: port 2(bridge_slave_1) entered blocking state
[  953.536027][T16314] bridge0: port 2(bridge_slave_1) entered disabled state
[  953.545820][T16314] bridge_slave_1: entered allmulticast mode
[  953.590066][T16314] bridge_slave_1: entered promiscuous mode
[  953.804501][ T3519] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  953.820008][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_0
[  953.848982][ T3519] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  953.866010][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_1
[  953.883875][T16538] ------------[ cut here ]------------
[  953.890242][T16538] WARNING: CPU: 0 PID: 16538 at fs/exec.c:119 path_noexec+0x1af/0x200
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  953.898510][T16538] Modules linked in:
[  953.903069][T16538] CPU: 0 UID: 0 PID: 16538 Comm: syz.7.3023 Not tainted syzkaller #0 PREEMPT(full) 
[  953.912637][T16538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  953.922858][T16538] RIP: 0010:path_noexec+0x1af/0x200
[  953.928095][T16538] Code: 02 31 ff 48 89 de e8 20 e4 89 ff d1 eb eb 07 e8 37 df 89 ff b3 01 89 d8 5b 41 5e 41 5f 5d e9 58 90 47 09 cc e8 22 df 89 ff 90 <0f> 0b 90 e9 48 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c a6
[  953.948183][T16538] RSP: 0018:ffffc90003c2fbd8 EFLAGS: 00010283
[  953.955231][T16538] RAX: ffffffff8235dbce RBX: ffff888029b6b200 RCX: 0000000000080000
[  953.963462][T16538] RDX: ffffc9000ffa6000 RSI: 0000000000000067 RDI: 0000000000000068
[  953.971499][T16538] RBP: 0000000000080000 R08: ffff88802c191e00 R09: 0000000000000003
[  953.979733][T16538] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000011
[  953.987733][T16538] R13: 1ffff92000785f90 R14: 0000000000000000 R15: dffffc0000000000
[  953.995853][T16538] FS:  00007f8b025c06c0(0000) GS:ffff888125c12000(0000) knlGS:0000000000000000
[  954.006137][T16538] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  954.008516][ T5864] Bluetooth: hci0: command tx timeout
[  954.012917][T16538] CR2: 00007efe073957e8 CR3: 0000000076616000 CR4: 00000000003526f0
[  954.026898][T16538] DR0: 0000000000000006 DR1: 0000000000000000 DR2: 0000000000000080
[  954.035021][T16538] DR3: 000000000f000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  954.043295][T16538] Call Trace:
[  954.046604][T16538]  <TASK>
[  954.049782][T16538]  do_mmap+0xa43/0x10d0
[  954.054040][T16538]  ? __pfx_do_mmap+0x10/0x10
[  954.058682][T16538]  ? down_write_killable+0x178/0x230
[  954.064001][T16538]  ? __pfx_down_write_killable+0x10/0x10
[  954.070124][T16538]  ? common_file_perm+0x1b5/0x230
[  954.075177][T16538]  vm_mmap_pgoff+0x2a6/0x4d0
[  954.079863][T16538]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  954.085214][T16538]  ? __fget_files+0x2a/0x420
[  954.089879][T16538]  ? __fget_files+0x3a0/0x420
[  954.094583][T16538]  ? __fget_files+0x2a/0x420
[  954.099370][T16538]  ksys_mmap_pgoff+0x51f/0x760
[  954.104165][T16538]  do_syscall_64+0xfa/0x3b0
[  954.108819][T16538]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.114055][T16538]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.120195][T16538]  ? clear_bhb_loop+0x60/0xb0
[  954.124895][T16538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.130864][T16538] RIP: 0033:0x7f8b0178eec9
[  954.135291][T16538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  954.155140][T16538] RSP: 002b:00007f8b025c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  954.163647][T16538] RAX: ffffffffffffffda RBX: 00007f8b019e5fa0 RCX: 00007f8b0178eec9
[  954.171707][T16538] RDX: 0000000003000001 RSI: 0000000000003000 RDI: 0000200000000000
[  954.180649][T16538] RBP: 00007f8b01811f91 R08: 0000000000000007 R09: 0000000000004000
[  954.188705][T16538] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  954.196708][T16538] R13: 00007f8b019e6038 R14: 00007f8b019e5fa0 R15: 00007f8b01b0fa28
[  954.204826][T16538]  </TASK>
[  954.207887][T16538] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  954.215186][T16538] CPU: 0 UID: 0 PID: 16538 Comm: syz.7.3023 Not tainted syzkaller #0 PREEMPT(full) 
[  954.224606][T16538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  954.234680][T16538] Call Trace:
[  954.237974][T16538]  <TASK>
[  954.240911][T16538]  dump_stack_lvl+0x99/0x250
[  954.245512][T16538]  ? __asan_memcpy+0x40/0x70
[  954.250096][T16538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.255319][T16538]  ? __pfx__printk+0x10/0x10
[  954.259915][T16538]  vpanic+0x281/0x750
[  954.263889][T16538]  ? __pfx__printk+0x10/0x10
[  954.268750][T16538]  ? __pfx_vpanic+0x10/0x10
[  954.273266][T16538]  ? is_bpf_text_address+0x292/0x2b0
[  954.278569][T16538]  panic+0xb9/0xc0
[  954.282290][T16538]  ? __pfx_panic+0x10/0x10
[  954.286718][T16538]  __warn+0x31b/0x4b0
[  954.290743][T16538]  ? path_noexec+0x1af/0x200
[  954.295333][T16538]  ? path_noexec+0x1af/0x200
[  954.299916][T16538]  report_bug+0x2be/0x4f0
[  954.304234][T16538]  ? path_noexec+0x1af/0x200
[  954.308817][T16538]  ? path_noexec+0x1af/0x200
[  954.313405][T16538]  ? path_noexec+0x1b1/0x200
[  954.317981][T16538]  handle_bug+0x84/0x160
[  954.322215][T16538]  exc_invalid_op+0x1a/0x50
[  954.326735][T16538]  asm_exc_invalid_op+0x1a/0x20
[  954.331576][T16538] RIP: 0010:path_noexec+0x1af/0x200
[  954.336764][T16538] Code: 02 31 ff 48 89 de e8 20 e4 89 ff d1 eb eb 07 e8 37 df 89 ff b3 01 89 d8 5b 41 5e 41 5f 5d e9 58 90 47 09 cc e8 22 df 89 ff 90 <0f> 0b 90 e9 48 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c a6
[  954.356726][T16538] RSP: 0018:ffffc90003c2fbd8 EFLAGS: 00010283
[  954.362892][T16538] RAX: ffffffff8235dbce RBX: ffff888029b6b200 RCX: 0000000000080000
[  954.370860][T16538] RDX: ffffc9000ffa6000 RSI: 0000000000000067 RDI: 0000000000000068
[  954.378920][T16538] RBP: 0000000000080000 R08: ffff88802c191e00 R09: 0000000000000003
[  954.386966][T16538] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000011
[  954.394929][T16538] R13: 1ffff92000785f90 R14: 0000000000000000 R15: dffffc0000000000
[  954.403342][T16538]  ? path_noexec+0x1ae/0x200
[  954.407935][T16538]  ? path_noexec+0x1ae/0x200
[  954.412517][T16538]  do_mmap+0xa43/0x10d0
[  954.416671][T16538]  ? __pfx_do_mmap+0x10/0x10
[  954.421253][T16538]  ? down_write_killable+0x178/0x230
[  954.426620][T16538]  ? __pfx_down_write_killable+0x10/0x10
[  954.432260][T16538]  ? common_file_perm+0x1b5/0x230
[  954.437297][T16538]  vm_mmap_pgoff+0x2a6/0x4d0
[  954.441890][T16538]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  954.446997][T16538]  ? __fget_files+0x2a/0x420
[  954.451755][T16538]  ? __fget_files+0x3a0/0x420
[  954.456423][T16538]  ? __fget_files+0x2a/0x420
[  954.461006][T16538]  ksys_mmap_pgoff+0x51f/0x760
[  954.465861][T16538]  do_syscall_64+0xfa/0x3b0
[  954.470356][T16538]  ? lockdep_hardirqs_on+0x9c/0x150
[  954.475543][T16538]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.481602][T16538]  ? clear_bhb_loop+0x60/0xb0
[  954.486275][T16538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.492331][T16538] RIP: 0033:0x7f8b0178eec9
[  954.496740][T16538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  954.516686][T16538] RSP: 002b:00007f8b025c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  954.525098][T16538] RAX: ffffffffffffffda RBX: 00007f8b019e5fa0 RCX: 00007f8b0178eec9
[  954.533156][T16538] RDX: 0000000003000001 RSI: 0000000000003000 RDI: 0000200000000000
[  954.541151][T16538] RBP: 00007f8b01811f91 R08: 0000000000000007 R09: 0000000000004000
[  954.549113][T16538] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  954.557074][T16538] R13: 00007f8b019e6038 R14: 00007f8b019e5fa0 R15: 00007f8b01b0fa28
[  954.565051][T16538]  </TASK>
[  954.568337][T16538] Kernel Offset: disabled
[  954.572666][T16538] Rebooting in 86400 seconds..