last executing test programs:

12m36.925241696s ago: executing program 1 (id=98):
socket(0x40000000015, 0x5, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
socket$kcm(0x11, 0x3, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000100))
syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_rdma(0x10, 0x3, 0x14)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000640000/0x2000)=nil, 0x2000, 0x0, 0xfffffffffffffffd, 0x20000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4c090}, 0x4010)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
io_setup(0x2, 0xffffffffffffffff)

12m29.281985493s ago: executing program 1 (id=105):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r5, &(0x7f0000003000)=@file={0x1}, 0x6e)
connect$unix(r4, &(0x7f0000000640)=@file={0x1}, 0x6e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000140)=0x2)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x200000000000000)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, 0x0, 0xffffffffffffffdc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0)
socket$inet6(0xa, 0x1, 0x0)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r8, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})

12m27.879075678s ago: executing program 1 (id=106):
socket(0x40000000015, 0x5, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
socket$kcm(0x11, 0x3, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000100))
syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_rdma(0x10, 0x3, 0x14)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000640000/0x2000)=nil, 0x2000, 0x0, 0xfffffffffffffffd, 0x20000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4c090}, 0x4010)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
io_setup(0x2, 0xffffffffffffffff)

12m26.623839409s ago: executing program 1 (id=108):
write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c00071bab09250009", 0xd)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioperm(0x400, 0x7, 0x200000005)
ioperm(0x9, 0x7ff, 0x100000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x610)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000003c0)=@nat={'nat\x00', 0x62, 0x5, 0x1368, 0x1180, 0x1180, 0xffffffff, 0x1180, 0x10c8, 0x12d0, 0x12d0, 0xffffffff, 0x12d0, 0x12d0, 0x5, 0x0, {[{{@ip={@multicast2, @dev={0xac, 0x14, 0x14, 0x29}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00', {0xff}}, 0x0, 0x10a0, 0x10c8, 0x0, {0x22e}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.net/syz0\x00', 0x9, {0x100000001}}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0xe286, 0xc9b0, 0x2}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x7, @ipv6=@loopback, @ipv4=@dev={0xac, 0x14, 0x14, 0x3a}, @icmp_id=0x68, @port=0x4e20}}}, {{@uncond, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x18, @multicast2, @multicast1, @port=0x4e21, @icmp_id=0x68}}}}, {{@ip={@remote, @dev={0xac, 0x14, 0x14, 0x12}, 0x0, 0x0, 'pimreg1\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x1, 0x8}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x13c8)
bind$inet6(r3, &(0x7f0000000400)={0xa, 0x2, 0x13, @ipv4={'\x00', '\xff\xff', @loopback}, 0xa}, 0x1c)
setsockopt$inet6_tcp_int(r3, 0x6, 0xa, &(0x7f0000000000)=0x1, 0x4)
setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f0000000080)=0xffff, 0x4)
sendto$inet6(r3, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0x88f}}, {{0xa, 0x4e08, 0x4a3, @private2, 0x4f0}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000780)={0x3, {{0xa, 0x4e23, 0x9, @mcast1, 0x8}}}, 0x90)

12m24.238964763s ago: executing program 1 (id=110):
mq_open(&(0x7f0000000080)='!selin\xdb\xa1\x02\xbf\xd9l\xd7\xcd\xc0uxse\xee\x0e\xcd\xce6\xbf\xfa;\xb9-a\xb8\xef\x8de\x14\xbc\x9ej\xa1q\xa2\xa5\t\x98\x8a\x8f>\xba', 0x40, 0x30, 0x0)
r0 = socket(0x10, 0x803, 0xf3b)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'team_slave_0\x00'})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r2=>0x0}, 0x8)
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
semget(0x1, 0x6, 0x200)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x0, 0x185, 0x842ead2, 0x2, 0x1}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r8, &(0x7f0000000b80))
r9 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000200)=r2, 0x2)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r9, 0x4)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')

12m21.681976247s ago: executing program 1 (id=113):
mq_open(&(0x7f0000000080)='!selin\xdb\xa1\x02\xbf\xd9l\xd7\xcd\xc0uxse\xee\x0e\xcd\xce6\xbf\xfa;\xb9-a\xb8\xef\x8de\x14\xbc\x9ej\xa1q\xa2\xa5\t\x98\x8a\x8f>\xba', 0x40, 0x30, 0x0)
r0 = socket(0x10, 0x803, 0xf3b)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'team_slave_0\x00', <r1=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={0xffffffffffffffff, r1, 0x25, 0x0, @void}, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r2=>0x0}, 0x8)
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
semget(0x1, 0x6, 0x200)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x0, 0x185, 0x842ead2, 0x2, 0x1}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r8, &(0x7f0000000b80))
r9 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000200)=r2, 0x2)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r9, 0x4)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')

12m5.314589442s ago: executing program 32 (id=113):
mq_open(&(0x7f0000000080)='!selin\xdb\xa1\x02\xbf\xd9l\xd7\xcd\xc0uxse\xee\x0e\xcd\xce6\xbf\xfa;\xb9-a\xb8\xef\x8de\x14\xbc\x9ej\xa1q\xa2\xa5\t\x98\x8a\x8f>\xba', 0x40, 0x30, 0x0)
r0 = socket(0x10, 0x803, 0xf3b)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'team_slave_0\x00', <r1=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={0xffffffffffffffff, r1, 0x25, 0x0, @void}, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r2=>0x0}, 0x8)
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
semget(0x1, 0x6, 0x200)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x0, 0x185, 0x842ead2, 0x2, 0x1}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r8, &(0x7f0000000b80))
r9 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000200)=r2, 0x2)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r9, 0x4)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')

9m56.820572785s ago: executing program 0 (id=257):
write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c00071bab09250009", 0xd)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x24}, 0x1, 0x5502000000000000}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioperm(0x400, 0x7, 0x200000005)
ioperm(0x9, 0x7ff, 0x100000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x610)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f00000003c0)=@nat={'nat\x00', 0x62, 0x5, 0x1368, 0x1180, 0x1180, 0xffffffff, 0x1180, 0x10c8, 0x12d0, 0x12d0, 0xffffffff, 0x12d0, 0x12d0, 0x5, 0x0, {[{{@ip={@multicast2, @dev={0xac, 0x14, 0x14, 0x29}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00', {0xff}}, 0x0, 0x10a0, 0x10c8, 0x0, {0x22e}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.net/syz0\x00', 0x9, {0x100000001}}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0xe286, 0xc9b0, 0x2}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x7, @ipv6=@loopback, @ipv4=@dev={0xac, 0x14, 0x14, 0x3a}, @icmp_id=0x68, @port=0x4e20}}}, {{@uncond, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x18, @multicast2, @multicast1, @port=0x4e21, @icmp_id=0x68}}}}, {{@ip={@remote, @dev={0xac, 0x14, 0x14, 0x12}, 0x0, 0x0, 'pimreg1\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x1, 0x8}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x13c8)
bind$inet6(r4, &(0x7f0000000400)={0xa, 0x2, 0x13, @ipv4={'\x00', '\xff\xff', @loopback}, 0xa}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0xa, &(0x7f0000000000)=0x1, 0x4)
setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000080)=0xffff, 0x4)
sendto$inet6(r4, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0x88f}}, {{0xa, 0x4e08, 0x4a3, @private2, 0x4f0}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000780)={0x3, {{0xa, 0x4e23, 0x9, @mcast1, 0x8}}}, 0x90)

9m50.051364624s ago: executing program 0 (id=264):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r6=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000023c0)={0x2c, r5, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x20}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x2c}}, 0x18)
openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x53d040)
dup3(0xffffffffffffffff, r3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r3, 0xc02054a5, 0x0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000000), 0xff, 0x0)
bind$bt_hci(r1, 0x0, 0x0)
ioctl$sock_bt_hci(r1, 0x400448e6, &(0x7f0000000380)='G')
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)

9m47.608103258s ago: executing program 0 (id=266):
mq_open(&(0x7f0000000080)='!selin\xdb\xa1\x02\xbf\xd9l\xd7\xcd\xc0uxse\xee\x0e\xcd\xce6\xbf\xfa;\xb9-a\xb8\xef\x8de\x14\xbc\x9ej\xa1q\xa2\xa5\t\x98\x8a\x8f>\xba', 0x40, 0x30, 0x0)
r0 = socket(0x10, 0x803, 0xf3b)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'team_slave_0\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={0xffffffffffffffff, r2, 0x25, 0x0, @void}, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r3=>0x0}, 0x8)
r4 = getpgrp(0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5)
semget(0x1, 0x6, 0x200)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r6, 0x84, 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x1, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
r9 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r9, &(0x7f0000000b80))
r10 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000200)=r3, 0x2)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r10, 0x4)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')

9m44.41113611s ago: executing program 0 (id=269):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x13, &(0x7f0000000000)=0xff, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200cc0c5, &(0x7f0000000080)={0xa, 0x4c20, 0x0, @mcast2}, 0x1c)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
setsockopt$inet6_int(r3, 0x29, 0x42, 0x0, 0x0)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xfb}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000100)="ac", 0x1)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d0000000000000000", @ANYRES8, @ANYRESHEX=r2, @ANYRES32, @ANYRES64, @ANYRES64, @ANYBLOB="ac57e0e3f5b780e7846aa6ab4866ef4248d6fc2111d7e28cdc626e81c86fa71fd1a5bc0305b50a4e5dd8f24964d1a58520e4e2cc8c6aa20c9dc6d6a094d1eb4b427e430c9ee73c745e3b3f145b7ed6b59744b0c9ee6e1dfdb888a62a17809113bc75f97cb6328c3809ecee3a021695e6d5db575263f60a500a3c4cf7d14dc45ebf7d6fc877105c9b5e95890f93c1c189103a4d600e2e35bfc700e8eac98857dc8dac899e0ceb85"], 0x1, 0x194, &(0x7f0000000640)="$eJzsmD9P+kAYx7/X8if88ktw1UUTScDB0hY1MjgwO2ii0bhJpBK0iIEOwGZ8Ec6+AmfiwvvQQZ0cxM3Joebawx4oYuI/jM9neO57dw/Hc0+Tb5OCIIg/y831w9VZMhHj+j8SiIr1WzXIUaT8Vvxx5qK0cn6i31+22svZ/vMYANd9//+HALRzKhwxd93eXyfEuA6lq8Py/iYYNKG3oWBDaAsMW0LvSbrC8zVtt2Rb2k7FLnCh82DwYPKQ6a+vc8RQkOpj0n6t0dzP27ZV/UIxrH+dnIIlqT75eXV7owf9gwEFhtAZMKwJvYhotzd+S6T7T4SC89Vvvv/vFuPxITlhjEqpJD5BMHBxFwNGo56fEoE/uacMScmfQpJ/pJ3yYbrWaM6WyvmiVbQOTDOzoM/p+ryZ9ozIj2/4X8zzp3/S+eEBuREWQT3vOFXDj89zsx6FUzVfc9yI538KUtN+1UysyXjvgzE2xYeUChwPrJYgCIIgCIIgCIIgCIIgCOIjTIJ5X0F7yL5YMle97KcAAAD//5Z1cak=")
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x6a)

9m39.175865967s ago: executing program 0 (id=277):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000900)={'wlan1\x00', &(0x7f0000000080)=@ethtool_sset_info={0x11, 0x7, 0xfffffffffffffffe}})
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf5c5d000)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = fanotify_init(0x8, 0x1)
fanotify_mark(r5, 0x105, 0x40001032, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
openat(0xffffffffffffff9c, 0x0, 0x40, 0x4)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
read$FUSE(r5, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000006c0)=@bpf_lsm={0xd, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="760a0000fc00000000101800000000000000000009000000009500000000000000cd9d7da65e1352000000000000e2cb42efcfd0b2dcb1824e30dc1400004b7226bd89bb40f8786c4a023b1f475856464693dcd0a2f8ed80a0c66f3271a0be3300c2e3b250da17a2627d5e2a38ecc591e4133db64efeab1867b9b8f25114227577873fa1bb328fde494726fefa8a6f91884c69d9963652bb1b14242dc4ab4fc57674e15f7dfda327c8d1ae9330c5ffa9f28823e48349ff15f270bd9d40f3b420de6ef2eab2d037ec52391c6bad3af18fc142070241e24a38a5090ff913304d0417f7089a23b2986d2637262f0722edeac42a6a64876bae566fea3310f9478e10c54c27a9602715360e9957a56d6fb35b33dc89fc4dd8406f0c8ae5a5dd696542efee0b3e120fdb94"], &(0x7f0000000000)='GPL\x00'}, 0x94)
timer_create(0x0, 0x0, &(0x7f0000000100))
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000180)={'vlan0\x00', &(0x7f00000000c0)=@ethtool_test={0x1a, 0x2, 0x2, 0x1, [0xfffffffffffffffb]}})
mknodat$null(0xffffffffffffff9c, 0x0, 0x8000, 0x103)
utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x100000001})

9m37.167306707s ago: executing program 0 (id=280):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r6=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000023c0)={0x2c, r5, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x20}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x2c}}, 0x18)
openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x53d040)
dup3(0xffffffffffffffff, r3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r3, 0xc02054a5, 0x0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000000), 0xff, 0x0)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r1, 0x400448e6, &(0x7f0000000380))
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)

9m21.952855153s ago: executing program 33 (id=280):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r6=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000023c0)={0x2c, r5, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x20}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x2c}}, 0x18)
openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x53d040)
dup3(0xffffffffffffffff, r3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r3, 0xc02054a5, 0x0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000000), 0xff, 0x0)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r1, 0x400448e6, &(0x7f0000000380))
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)

8m14.890723924s ago: executing program 5 (id=371):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)=@base={0x12, 0x6, 0x8, 0x2}, 0x48)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000140), &(0x7f0000000240)=@udp6=r1}, 0x20)
r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

8m13.404080145s ago: executing program 5 (id=374):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r5=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000023c0)={0x2c, r4, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x20}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x2c}}, 0x18)
openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x53d040)
dup3(0xffffffffffffffff, r2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r2, 0xc02054a5, 0x0)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f0000000000), 0xff, 0x0)
bind$bt_hci(r1, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r1, 0x400448e6, &(0x7f0000000380)='G')
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)

8m12.218280038s ago: executing program 5 (id=375):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f0000003000)=@file={0x1}, 0x6e)
connect$unix(r3, &(0x7f0000000640)=@file={0x1}, 0x6e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000140)=0x2)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x200000000000000)

8m11.13995449s ago: executing program 5 (id=377):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r5, &(0x7f0000003000)=@file={0x1}, 0x6e)
connect$unix(r4, &(0x7f0000000640)=@file={0x1}, 0x6e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000140)=0x2)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x200000000000000)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, 0x0, 0xffffffffffffffdc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0)
socket$inet6(0xa, 0x1, 0x0)
mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r8, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})

8m10.024065356s ago: executing program 5 (id=378):
mkdir(0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000087}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_emit_ethernet(0x134, &(0x7f00000004c0)={@local, @random, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x126, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xd}}, {{0x0, 0x8080, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"55f4973ae8522d378a0f8cde990e676a5123e6880de8ebdc99f1b5dd689236e2254a0e7d1994d730bd0226b0f166000000000000000000000000000000b039ae2c68721928befb2e48bac427367d2cf096599c54c729f4fc26b1ddffbcde18c38692b2ba1797c125e74a16423148582967a824949089ea4b827318ef2b2cb7c32a052d9b8eee452fa6bc46f79a1945ba581f43fea1b8bdf42b6707cac12aa9524217e1ffbf12f13dd2333147d4274a7c54a7cd2513c4a3a0a7e7be1212668849f2e95ce063b71e867b19ae44b6bd938687fe426c69f23edc6772939661711cc84e16f7d308659052b3e7b58e8d92ddc1fa2044ca345d0980af52a03d9076"}}}}}}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
getpid()
setns(0xffffffffffffffff, 0x24020000)
syz_clone(0x12000000, 0x0, 0x16, 0x0, 0x0, 0x0)

8m8.929813795s ago: executing program 5 (id=381):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x13, &(0x7f0000000000)=0xff, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200cc0c5, &(0x7f0000000080)={0xa, 0x4c20, 0x0, @mcast2}, 0x1c)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002480), 0x0, 0x40002003, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xfb}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000100)="ac", 0x1)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10003, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x6a)
read(r3, &(0x7f0000000200)=""/189, 0xbd)

7m53.864599496s ago: executing program 34 (id=381):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x13, &(0x7f0000000000)=0xff, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200cc0c5, &(0x7f0000000080)={0xa, 0x4c20, 0x0, @mcast2}, 0x1c)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002480), 0x0, 0x40002003, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xfb}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000100)="ac", 0x1)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10003, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x6a)
read(r3, &(0x7f0000000200)=""/189, 0xbd)

26.739772211s ago: executing program 3 (id=1608):
syz_open_dev$sg(&(0x7f0000001300), 0xfffffffeffffffff, 0x140)

26.593229934s ago: executing program 3 (id=1612):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

26.431668914s ago: executing program 3 (id=1616):
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, 0xffffffffffffffff, 0x0)

26.251816739s ago: executing program 3 (id=1620):
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x2021044, 0x0, 0x1, 0x0, 0x0)
mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./cgroup\x00', 0x0, 0x2001015, 0x0)
mount(0x0, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000dc0)='tmpfs\x00', 0x8000, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x100419, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./cgroup\x00', 0x0, 0x101015, 0x0)
mount(&(0x7f0000000080)=@filename='./cgroup\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1001, 0x0)

26.075953656s ago: executing program 3 (id=1623):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000840)={0x40000000})
close(0x3)

24.959559275s ago: executing program 3 (id=1640):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
mount(0x0, &(0x7f0000000d80)='./file0\x00', &(0x7f0000000dc0)='sysfs\x00', 0x8000, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100419, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./cgroup\x00', 0x0, 0x101015, 0x0)
mount(&(0x7f0000000080)=@filename='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r0, 0x0, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0x2)

24.632735924s ago: executing program 35 (id=1640):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
mount(0x0, &(0x7f0000000d80)='./file0\x00', &(0x7f0000000dc0)='sysfs\x00', 0x8000, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100419, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./cgroup\x00', 0x0, 0x101015, 0x0)
mount(&(0x7f0000000080)=@filename='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r0, 0x0, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0x2)

3.729892344s ago: executing program 4 (id=1850):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000040)=@arm64)

2.999810436s ago: executing program 4 (id=1860):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, <r3=>0x0})
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x0, [<r5=>0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000240)={<r7=>0x0, 0x0, r6})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000280)={r7})

2.677022475s ago: executing program 4 (id=1865):
r0 = inotify_init()
syz_usb_connect(0x5, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000)
close_range(r0, 0xffffffffffffffff, 0x0)

2.391028711s ago: executing program 6 (id=1871):
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, &(0x7f0000000100)={0x28, 0x4, 0x0, 0x0, 0x0, 0x1b, 0xfffffffffffffffd})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xfffff34, 0x0, [{0xf88e470f, 0xed}]})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}], 0x10)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x2, 0x0, 0x4002004c4, 0x1004, 0x7ffffffffffffffd, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.094059085s ago: executing program 6 (id=1875):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x9c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x37, 0xe, {{{}, {}, @device_b, @device_a, @from_mac=@device_b}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0xd, {0x62, 0xe9, 0xf5, "64152db91a1d5577bf6b"}}, @void, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_IE_PROBE_RESP={0x4}, @NL80211_ATTR_FTM_RESPONDER={0x34, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x2c, 0x3, "e699b8674450ac074e77a016aff908e594725f3534bae9cdd9d64a090563b06a175c9d7bf976c3a0"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x9c}}, 0x0)

1.944006447s ago: executing program 2 (id=1876):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r0 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r0)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000002c0)={0x1, r0})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2000, 0x25)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x6, 0x12, r1, 0x0)

1.829019365s ago: executing program 2 (id=1879):
syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="042c5ffa5baf4ea433a243dccbb7a6f2d376ade3cb9bcc0eb1778310511aaa1f5d"], 0x14)
mount$overlay(0x0, 0x0, 0x0, 0x2004000, 0x0)

1.759968372s ago: executing program 6 (id=1880):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x200, 0x3}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x20040084)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)

1.599843392s ago: executing program 2 (id=1883):
fsopen(&(0x7f0000000040)='ceph\x00', 0x0)

1.599042552s ago: executing program 6 (id=1884):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.594594701s ago: executing program 2 (id=1885):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$overlay(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x2003020, 0x0)
read$FUSE(r0, &(0x7f0000004280)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x10000, 0xffffffff80813248, 0x2d, 0x0, 0x6, 0x5, 0x0, 0x0, 0x20}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000066c0)="a062030607792c01386f28a428828947de99f79cc542703d923c7cb9d4e1f6fd95fbf2f747ab32f6fb041861fb3f87a88cb85405b4e73c0b6b12c81e42a9f13d82c32b7ddb172bcba1aac5c38f083747ac179f08d4d6d342a87ba8dd9bb7a9680f27433c3357b4f6ac97b19a973592f1ac6e7853a0b15ba42a28efb9cc30b146346b546018966e94976ca28f26a1950dd64c0adbb0c2e09bbd9caa9e7886a2b3d6e2b6d6616b718f1322ea2881ca59ef73948b1bcdc2dd3970e63cbc1043ce42af0ea1f95d17268cbc3ef062c8c31a537e94a20c1c505a6022d5ece7f51bd9c754d8c47cbe80bbb30b2159991a94dd3a25e64aff8a7a17374b5a71e0c7c241cbfd7f084e18a50bea512ada902210a3881ffcd42071ab09c4d80139d8980d6dc5d12c2595ced445caf22f80d8fb1a4c243da47fadb8e28e9c04fea820a8a2f032f5adff8b7d9269e63db68d196bf7f416405e52b6b8abd8bb9d9694b8b5eddae348209963738cd9710bd6c291af1c8eaf0e52d2f2f24bef8c8bc9f77eed40104e07c8ee1b4cb358fc73e2653fef6232b5e9f5d0be26b91a0b7967ed5e3bf10c449424ff4d11951d963677001d9576425d6a9c4503268a407d74854f5e1caacc0ccc463dc56e684db1d80b370da238915579ab82cdbd7d155adf10b96ed71100ea92834e8a4e4f5b7b831bff6fb4febe01bb398ea4065446f277f107aa3cc06e0b7a6e98434bf57744ba9ecb8effe704d7f852e16bc33ac113649f7540b7a7a67cf5493b400ce06e571d485af1732938b79ded4de7dad97a7e1c0be7bd479dc264647bb76503168423e3f6fc95f8ac8ea35e39f476ab54e88286fcf73eead1f794784465592fe4ad112ac63bbc3b3f35b87c40bc5fa6e3ca6cad878f9772a61a23aa00491a9e2442eb90a32af2bd74e99d075bcda20288bfc30f3b00a7e8e1a0b4791573abd65284bbb53e2b7d667239b95b332dd423e4d7c512de559bd53fde5285add9795bda81ec142620e693af9c787a4499dd76ca0d77d9c7c4043e537ec6c1cd0b9a642b12adc782a0e00f6c1ed7379d5fff4c2feb19182db977f657b195e4710ff00f78e35a146119897495b0e1a0068a6606292ee72bf65adcd2cd29b4e59a4b3f82eac77d5254013d03d2fb2511975558906741912d09304f0d4cf08c8f62690c67968c869f75a4025224d8e84baf7a42e01b4ecf7e55d7c45839778c2266880d1bb73e3aad618d1a4f8d5a16914d64d70438a88512649fd4caa90506e5a2d58a33ecaebc9b2e5f8a4fbeca57c829ae02fd2dc146e939c3d295ada7df4a07e74b356c6ffd7a9c546b9eddf7e013cbcb2b57ae0d225249f7e06a415681d9f597a060fd55e39bd56f04b863efeca458a0cbc54b660db50ca40d27a3fda3416860e691cfc780593f06b467700968bb918c32547e378b14b4e0dcd11cb0b2fb36ea70946ac62290184b4eed38b51c322a75367b50f558e063bf363341a17c28ddcbf9ce53da06f26303fd156423a25f686809bc9845a78e0cc3d94e04bc8da85f22a4a8ece2c4ac2c79e54dcc4eabc61e067060ad880377a71fe0c2c0305256e4f3c637575f086e4ae3d7ab5d106fde03d24c47dccba3da23a244c1f50a4f60cd8d71b77390c5ce6d5612fd0260a2f33389b064ae6acac783eca62874232fd3808fb2188151a43de6cebc7e245106183f7d929f1eeff6f972da3e3d967170247925fb0f04bf38e88d06321f9ff9d2c296553d842b69036a2b6de2aad3879aedee723ff00736f7b0dffe6182104105ff0f0b636f5192d6bb5ae7ef950825827d2f3d6285d83aedca3f31474e0ad50ce6290a0e546c30d900e5b4208ecc8b3aca0ba3d110fc3c0a7e004a53e5d0ba1cc1c2bb42c3dbcbb4ceb6674151932ae56f6b03cc34ce450c292fecd2456ddcf42b075e6fd49305fbf265a36f3cff61321dd60f16e844089d659130947672a2d059e04af9ef653e8afec926b5a5d411f60a2a435437095a1df8dc60a616bd1a1ce7b5251ed8f905becffebd635eee8ff0055c40f146f1350a406b853ecb005c6ede4dc270ce6751cff915aa27f5f6b0736da14c9949de599d57868c29cc97ad03bd89502a34b88ad29c8762d0dc24a6df759821882a32e70531cab51fa1752a4fc49cf0706cb24d203174b2940f29ef8b0ce65b40cfde4e0c7310c685cc8de8384e485a951192fa8c36c11f9b88a48caf027dca480caa4fccae70ea6c837eb82f926ad7691c7709f217220d71f6e374fb8522a84c118b5c25f3d56acfb25afbe676fc9e574b6c5a59c00a0bbeeff61fd82a1677f3da9bb596133db491a8f11b945d930c8a67de9ce80025c764d518efcbae25d9194dc96c31ed02c63b1ac976715f7233ffed7cb6e929bbb5afabd34bc37c095acd0abbbdb1ea48e40a30ac99550f0ccca19ecef5acb2604c48fffb53b352d114fac72d6fc019ddec558406668f773fed9476148133c0f9ca4d1fd7e70dd04bfa089dc57e5940f29a5fd33dc79913ff48853794fdaf891d71de94c4a4fed0544e09f2bd578b07003031b8602f08ca8a79fa5ebfd5477f4d4f031c3efe0db273446a99d0cbe21a3cf43f3b82774e4657bb4f9675adbaf71c52953f0b18a61e05a9c770536fbad215848f8238e8730b9085189ea4621780dac500d7d7dc7815b45e232f86592498f1515ac8c50306013524cc5f0a74b67bc85d435d332ce69f00641c86a3e91be84b78ac358f35b18d69679df4197d3be8554417cf44aee6dc623f68ce3388df18168efa1c87c776cbda792f6110b6af178eb8200a91dfb72c1e23b5e5a66b5a3ee3f4c2bba2ccac939dcb036006b86e894093922a95fd70baba9424a3d0327a0f209fe10b39f3cec3f669d301a2834e58fd56f94d622dccf653f08e776c9f3e1b0e5b3cdef133834b93c41c70438d51a0b127262868d49ca91623c3d8b75c2cce0b771b9ac941bb96029e782224a3686a7c0dd164e162ede667e0e5817e7bde85ad3bf30a6a5bdc420f751679be74a02f84aa93b971c3f45a67d155f7ecb1d5284660918dbf102bc16f496fb62a1290e6b88ddaff55740583cba13076afd623276634e0c11663be50766980949095003ef5bc6f90a98bbad436b67928513e70115224f672ca2a24e27bb98bd5288c49ea23d47ef13c5ff28c43ce53ca16a6caeccc1f601226253c4a38a88a93828f6c800547cadbaa6d7ad26db618cccd38a671507cad5ba0065ce2edba81a059b95c36c5d04ab456fd6fd81ec3738ebe546d973c0886a5e7b83dd9c2f58f5d6c19519e67575b3732a486555f8d8c4ae004a62e8d07ab2c8ef74cdb96aa99d75aeb1c25985996f281d71106910a3c3da17de35e04dbe00e2b7b75ec2fed177a7f2d04fbf68bd0b8af682b30911867d4d1497ba060b662f4e97a8e7fd3613015cc34302377497cd08bcdc29f06dae240820d2ccddbf8c95c76a4ba5d3e1b37a62369ce3f79fb74ebd9bc82c3fa3edad4034b6715c2853fa7781c974b5a4e541e8b69bf4bd653fcce4e4340d9409fe9112e4d253a3b7e9d43f4426127b10f2d5d3fcd2193490f7d933e0cc53dae552f2d7c9d77b8f9b27c59105cfae43a0aab314a0820fbb5684bf20986e3be215688b42938d272c4c0edd17bcdc84a514d2483456d6cfb4f5c1218859ee55bfc77da36c9c75734932a12fd03df38232063ed92024f8ee7c21f314129feb10670bb4d6a0ad4fb3dc57a64cfe6509a0770650cdec0efd5e0b1fd29433cf871c9ddbe648319bd481357326ac1eb32b4bef4ad89ab6122e92dc786decac88624a4a3963ae771f8023b9a92e446114764c53d7efc07e3ea77a9daac5cabbe648a223e249db62102ef7b7b6d06df46b6ff913911b89848a47aecc0563fb06b6d77fe1daf4541cf619105ab68e0bcdf7a05af22b0551323bf33dec8167df2b7fac62dc9e286dd3462f488c82ad194f7fd5d3ca72fe9c0c37cdb6d75684326e5cb30319ab333fc70bb197320acda161d2e685e78ac2cb1417223f64742b12a316d590b18a4173b2a105a381baf6f383ec2e81d04860b5cc536475d7c5d05bd6a7db1a5d93930bacba8c1de63707bd24785e19fc1f15ba724660ac00d0f2ebbcd5528b8cbe4f3ca332e8611e937a310fc79d234be6c1cd09d6a5cb06ab36a9d667188144c81f86aaf0851763573b36cc21462ba4f3d6e95d38d1e9b943085661d234ef6d079bc9d84c7447c85baba88263451ba10559e1ce326fee5074b26b54872e690a9a1e589e1c444daa3224b292bf9ec4a604dc512760084084f27386c89a1190b8905f0d720508c0ed69272f396725805480188aa4602a26e833c16aa5079c0577a8203ec0b2b929ef3b410bb427c168b7fefd1be652f06efc61c7a295a5d07a9fd61bd5bfe67ac5f74e485a66c92950a1b460257084ca3a3489943ad450300967234b487fa3def4010f9b715196562ebb0846b7ac3eba47646af6285582b4402f64aa684dff7d9cf81fbe1aa88959f7906f06839389f2ad56efb5029afe1d5ceac99a3e698f49ff0da7db06d7c9e94a8773a13fab93def139667b4dc6b741bd2769da7786acecbe315f9006bb6b72abe5bdc587d8d5aa8f67aaefef68197fd2e7874d9b7da2c3a5618720c12e8fc31db3e334c47abcbf10c6181ec14af4f9e90e19a35360a793b1e9b336e49b3ed67568a860cd4c298f967ba323d315821959629e5b7aaac367e1ddb8a1c5d61500afa69331a4c90861852f533657b28b97a343bc531a11ff634b157a6d859a35f0d2a595375e11a32457575f1d73da033bf5eeda12337b9fdd46bce192d3aaaa240a8c65bf47704d6aa64a9531f9de14a96fc9fe380db35dd5ec52321c67fb4c18abcaf22fbe8f602ed201232251317e1a1b71e1e2c924a92d84685de348eec97fed954b7f6681ddf521b4ee03a1aeb2e446ee2a7f4dfa37b1c53831139fc624c14dcc4d144ccdf758fd9f344b4cdc1df70f6a24fa78cab136c912d1ebffa7053ccbc9b9445762236dca409820f738370117d5c369dfc50fd42277f14eeaf29110aedcd503008c42914d04e219a8b6c01e337d04724919b07157e2275ba6365a9dba5ebc8019bd1aa1b8668023f64cf47e1b49b4fbcfc10d560bb74405c90751504db8100d8a8a1a3ff84d98f1262fbbd6b962f492b9531a7411c08e7e56eb0f838075f754b6a395b6b58a8e4c47eb46bfaba2ac94800a396749d18ba0e6219f8d616ec71a1e60b3bcc24e19d4a20ddbc6a871e6d7efa50a362610598d892a5adecbcfe217534deee3620dfc88c7992ec2e710e083ef0a50c20621405f654804d1af4f24d22b8ca48f26303e6969127a74f0b276a5624c3b84410d4d5ee3c62605876e60a88df2bd6e8db8c7e486fdb452178563e7add6bc126b721b9ef8b12181989b87031573a4010d88e34f15a2344e4808b74c99ad68f0c2aca4e8d504397c03e1328c4b1ec43fd902d206c3cfb63d7541ac57fdbc70b0033f87514286101231fe7e79668c802e1c23d61540cdf13a5e675b736e221ddc29ab747d9c64f6213f51d3c1ded2e2b0efc4e45183d90468f61ec1720f7a0b87947e2c54125cebe6563ee4415d886bbe869d17d36371c942c11db1e13c1dd40ed24cabaf7ee80eae6c4db934e982d9619d753dcd679c5650cd95d21582e31b259043a0d03371cd294f4cc028042c75070c9b534a2d79f164ab9d773295795280d1584ca664b53b263fe2e23534d27b0d85742fae8061e03187795129dd272041c6eb9c10c3406da1f752f4ca697bdbddd74975cd4dbba5687fb30ac4fd5d2579494eac73053a63821a852cf41a80f6668006f7e1c4e30b48d638ebab470c558d42baeed1adc8fc71f73e95f3ca212a4b009b508e89898727f805685e4e7650a2961d62c117d1ee9017236a6bffa0c36ae11bc52d346c83399e43c42cdb9f443aa307109a97ee66ceb7a29eeb2f1a2bb3ee1492229116db07301b2aa4126aee7775daa2d0eab4d206fae11b3c6b565dcc4c7b4dd1cf2abec81150d0629803f6eb221be384b8772fe6d6c4fa98c928a9d0a02e9ff8bb7a2168dbebe140323d93bee8983c496bccf752c372b795a3493624cefb3cfeb4307bd39826cac1ea3f18912deef1b8c8db30bc016990a477bc0a925fb36453a9e21354b2d7e6e3d4ca4dd20f27a8db05429d44b7a485365191dc4ba977a815958faf6434813a9f4046054763dd55dbb7fae892b746e169ae046ae3361a9f75cf622b03f75b1633da864395bd1c3a594fab0b1fb37f088dd1f2776e2b795c78635c2026a8ce7ff40968a1960786049a217dd8872ac0c01f4bafcf2d3d751dd46a5e1bec00540a9ca7afca3ef37575d4a8b1291d05be94913092890a9b4bfff39edbff307e5654896e79228777c0f8ea46c55bfe19e522bf457ab4e6b0167d776dbcd0160598370a12c4a03e4edc82b245a7608797b03d4ed89dfc2a5bf07b9fcb251fb8608553f3b3774818717a9aabe6b2ded811515ba454b390a6065bbc59552f3bfe51d38f139792e1aae60093a7c5770b52a1730feb1049c14a7d5261d644f6b738e22ee72aafa422bd93f61e1ccac0a5ef4726c66f61bb539acb937bd63da82c700c0860be90ce5621ced22b52b63d041266fc258fbfa6641aef22e97804e5138ad2ce4405eaf76bb0acd7fc61b2d6de4aabc5c28a850fcf219cff77c97d3cb6bec0067c171b912d11d82c56cbad56c0032a9657d4cdd1eacaca53f40f5e3fe911127e1cd30781351f180e1413933cee2d46ca0eea31ee01fe4e99a567edd0b10565d47b87c8a48366143e889e52d0ff13c920aea092c2545fa9b7056204fec156549d3c0a997bc1cf4a01338483bf5c69d6958ae038f1c3e3b84baeb2c1f9e064c0750602c34c6c483c316391d975f94f21f6dfe74e92c33228b408a9e2b9abcda33c497abba9c48a63e5c8f1a8d0f4c24d36a44e1601e8a09e8a5c7179bd4c44b17e542dd99cace87aab60a5e53325d544c991b6fa5deffa49fd886332980deeca9229cb2f67f495a7b743153854ed81e1623b12dbd65512d08a5732fee2db3fb455cf6df5a1701a2b8674633c6792162dc86ac76e30da225b0167a7e704ad33ba694f9c902afbeed58eef609874767053f59414d4d3eccbbcdbc7eba997c71f9b1f5139bb020d5dae1db6e2dcfbb51b5371b08bdbc3312b05ee6d8c03c8b5a7d4f23da45f276394f222b1a0bdf4e2603243cdba60ee0530387c88bb457ca9932f2283a4d55bb1195e6d325ed93f714e21908b1baafa467f1cec7fa26e5c384ee6828e77978bd1abd014de549a5e5966f2b2f4ba000f9d77f1abfe3a6c337cdb852c1ec59f61b63d543f3062dd2616a163ed7ca60168b0347b5c5646a678dafb4c502c333a0a48f0341b47f5c5946e42e571db0bfa0682a449ca64e71b5661a842975182399245c6de241512c67ac918d7e0c5cb66565010e881b8333567ca584321ead1c383b099d8bf1c56dac08cb218cde4226ad420d6d6313f9c4884d6394722304fdaa76e61db8c0d54eb1151344c41ce1130272928eecb2f9f0f23c752622374eb1223a80efcf0b937dff7d813d7be0340226c0a7b163741d9aecafcb7ddae5a219323323f621c802be82399e06d2e1cc582e759ffa303c5103f8a44d7129d2853b02e506abda57ad2836d7ff16f95232149fbeb8b62e586d3536bb4ae042ecd9e25d1dee789353071f9c89d4361000c47b763556e8902f1f25cbd8ae71679e03ff27db0ec75eeee3fccafc7fcf22c377ac60d3c61a43cb53abf6162118f2efc86a5ce80e69a02bc1db80018beeef6d567941232e4412a958ed012bf7a832c1eaf68134ecabc4927ad666b3d0f21d4e8d52fa37e0a9751124efed8bf47544299138a6f69d89e295677f12606c79b72451c263fca3eec22bf0c47c641159a0bbfb3b2b03154af533e5c06a149e52adcfae31bfc55f30064a8903c8d3b828d275a937b1e4adffa0597da5e253b50bd71b33f057ffeff0b2a0829b3bf33350fbe67c7c79034f80d69e6a21be495a848d328f416f15966491b218eab390544e39d498258ad80ddae248634c845cbe6f1c1e93e7c2b02075411e075fe936bcc75f4a4e1a3687cb3dbbb61cb31ddfbbc87a1859b3a48fccdd8e5915c8bf4eebe8f7093cef6a7a91c8682915f9908c854c483e90c9643467292884d284134dbaddafdbc74d94a5f9713719d62b4f6b4236803d210181847ca27129fde264156895f4e1822ef78a3b215ef56d7e36d2b94c93f5e931a0d13a3a3030061ce62de595eecf47eae6bf698530145757700df18f66fd7261a12c119d6679663b3c0f99d1705aebe66dc862eb21ccb7360b93f54507149b577abf521113991e06f345e8282fdc18de673e1ca7b188ee34b14f37f86ddcf97fef0b913c33cf8e5d5d33707dbcdbe4b27cef056670252f186735cdd02f6ed6bfe5318a704f00e34ffc4fda9855bf37c51be6a7423e44dd8a98883c8fa82ca37c90d681fb7a0db915576b50e49aff545b99aa3aa6343b814ba0bf64e53b2a1edcae2231bf20d65e4bb4da6dc8382120ede652adfb7c30a46e0ee784cbde74563d83eb8d89a1573fa104fddca9d4833c49dc904bda905426c7dee3e48b596c8ee201bea57fedb1a0649457eaac3c5b5f4519af3adb66f10b861e711cd4034448890e15047c2f8902588268b5645051f3f3968ed8d630e050ccef0d01b61ffeade51e4e72d8fd46bba4c20009396e984c424d174934a67a1930665fbea04c809e7cda0a2cdfd3a14d6b99c3a8d8b3691825830456876f188ff871fc861e4c6a0ca377dc1f0cb0f929f7eb1f5da045d9a588a393312acacca5c5a3b15bb1b488b08fc40ad65ae2c1df187eccd8377525a81d80df57579ae52f775fb2efdd172a41c370300fcc594c2635dcf50e9eb9d34fa8b4bbfd13078422e3a7734a8ae6cc09e39d07c7ee19838f8da4cbafe4162c8f8dc44e284840bd0a5c80bfc657c22e37e0d9a96dda34a51ce616c9ccdc95955cf85d93860da902ab30f11aa333eacc25c47981d8636038761ed4d84fcbb0ca92dd2e07863b9505b451c3c49e36a172527578123049ff2dc2b4e258a3f698a12ca4705a6fd0ce6bc4f1767b4d9c2e57c9ed1388527964ac96ff5e4cf5ad6fdb6a853b43905df32af8bd788b520fd526cbb95195a1bc00d654cb080acdf67938517a6cdac741d86730358be16465b4e1301f47f6a444c4e8d2980b8bd98a8dcd6617cde0b287e2d1f59167b5c445146fa49728111b8a2729428cabd02facb8fbddbdb2769680f288648d6baac53e0d909335da3e2b4c13ebd41f32820c9f491e9124ca444a0532f60e2816e15a5810baa91f64454aa355f9d362c7d1a461561689d08b1350a216b6f1bda57aae0706b3710a1b8e52a7e3084e600b5ee3dc540bba0c16267d549304a7840659a32e40070715c9bb912792d4a7b84fa06e73b9ddbc2f06c4edc19d25f5a198c7e3fc6226842e6215da5d826fcf5949612889f78e9de39d4e64b86b7033b5717a21f8f2b81c799a3fc0bfe6f5837b252eefa360c91a6148296bd19d50a343d909c1edf5261e70c8dfb2c488940cf236941ad3fd01247e37902a4bbfdd1839f7c92c260a2c494022fac08629303c8e54108d78ae2c94289c7f998ba3b622b48931ee7c17c59f5499d282467a1b8050acc94a0b17b21836c80b69f519b9b077d18e33c027faad562fa09f2cc6120f8cf5ee18cf7db9d729ffbb9de58885713215b7aebb8c98d9fa009be0a9ef3ceccdb2b31968db555b26c5c94e382d06ebf6d356e8caa85def5813dd1596d823924c4fb63dba5bd094cb64f204d1e59d31287715f831a1f0be95d8749f2166ba0b0b6b64a37991be1fe1c1e922835f2da0c074ec9413561d52166576b1c4f1e18f078dc046d1c284964b80217b55c59a474740c3649116b33e927479736bff6005859c7c00598f22cb8eca38af802f4c86836e8330492ac7ef3707890a8ff856dc7786ed769bba75b18484b257b3b022eeb51aa720639f79e6e6bd3d3c9a61f7822abe562867b4693f0b2f61135aaeaa510b31112efeec48d2602c6d4f2ddeeb51bb03ab18c18d8e127a37e22881febca47742b9332d3f2251003b1a46c40eca111d02446466b669568c70971bd33254ca577777f126f86f8a3665f065b645ff261e78e0f532e83a81b99c5de3488de74ca82daa0e4e7404eff911ae955acbb800f9f91b774e472bc14aa92817b6d85877b1861a6ca92c03c83b6f1490068bad8eab1f58c9e91e1029683de2ca45c99966966031ee86d8c9995f0612480e2a6d5396e8ae361d6fd2e24557613a1191f5019d4c8078628013512ea3a59532efffa6cfe4970d28d8c7aa8c866c4275ff2b0b4ef1a7e56854d7ee4bc445713da9349d13e30a4a802cb9db2f10280fd9ea043b5b3480441e8ed2d907eae1259befba9d87a04ce42b0010c70af157b90e0bf72549852fd122edd6cf3475f76852b13b4bf887cf32e25ad34aed7fd5a6e97b307f9b4ff1c07b2b55beef5ef3dd96eeb2a57720c18209d911a55341cee67e6ff577f7acaba01c2c9690b15a3b8aaa5b9d734196467a8c074b2eeeb5ae931ddf3deb15b1a8d603e72125c2e68ad206f2c4252a659f8248ff882a8e54126ebc0c77a46101072272460e683d465279a3695be6b64c9eeb4a576d95fd520be42eab5c95cbace0dfd80e2d67bab9f683a1cc9c006c02f0f90a21a0f51218c628f5608fbf1abc79aa63452bde1002383033578f32980e3779a8edeb226f6d3f9b36d8f07bddd7479b60346a4b4fa883940e3aef8ad8d834dad4405960a4409a6255e8753d0c0ad0960ff3ef48ce93fbe6b165e86eab36fccb8b989f5b54e6ccaa19749ff065a0a732d15c41b9072bbc6f07e1fd5a3df2775874e46b61ed50714e8c403fbed6884ec06f52ab71d2c191fcc56ac0b17ba3c46d2dab3e11c79383bd8867ff14b5fbca73b9ae594b6a09fb73a2e8f15aee59150e8d6d3dad9659025d045bbd1b9ca257c67bb78abe8f7eb9c8b3bc32951c41f7390bacc8c7059a2a9b078ab50413605aec604e4666a6ace765b0e7ab558fe6232f2703d07811e3d0ac5bf9434e87876e99250ee9db6527a8ccb4a3ee3bde738563c9746f941cf2cd7efacdbd2593cafdbe5171864b2982b54dc5a32c86638c0e650a331625033b8dd65851965ae791880349d5cd52548f4422a317f96ed79e7ccf3bd671e6dc70365f521c65206386eb1f99570a544d11b3d36fea285f8a3770ca303a965a0c1d598ebe3696e647be734ccf760d3d47dec75e236d7ac08019b6622a7b9f08bc8f0937ab75e75a047a7386befbd56fc4b2f89c852dadce8df946cb3fafe4eed2678caadf1a913ae32b2c0b8a37984cb700343c5e24609f8c5ddeff5e653837a9332a41c8e21466a13d79224125d5f6a4fef79b5adae7f4ab7d351c55400545edd3c00637bd27164828925e9bb5d79f1f1e6eb3270ab799ae38772f779565d92c47503de695f7aad7ddacda6f6c71e755b3737231b64715bf07849d3466e4f92239f733436ce674389bd16900", 0x2000, &(0x7f0000008b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x90, 0x0, 0x0, {0x100000000404, 0x0, 0xc, 0x0, 0x4, 0x0, {0x5, 0x3ff, 0x0, 0x4, 0x4, 0x10000, 0x200, 0x0, 0x0, 0xa000, 0x8, 0x0, 0x0, 0x5}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)

1.206741168s ago: executing program 7 (id=1888):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001300)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0x9}, {}, {0x6, 0xffff}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0xc858}, 0x80)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)

1.186468284s ago: executing program 4 (id=1889):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340)="1c0000005e001f", 0x7)
syz_emit_ethernet(0x56, &(0x7f0000000040)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd308", 0x20, 0x6, 0x1, @dev={0xfe, 0x80, '\x00', 0x23}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xc5833c80, 0x7}]}}}}}}}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x800)
pwritev(0xffffffffffffffff, &(0x7f0000000d40)=[{&(0x7f0000000500)}, {&(0x7f0000000600)}, {&(0x7f00000002c0)="fb4a738b8fff03179d36d97a7e768c605c5a276efb8604f121d8c3432483ec477b13316313b6ebd165904c8e245bcd4fda069923032292004d8efce529dab99fa5d682b52473829f561f11ac11a428eab9985d916240ec7d21a11926bc5353ea29c9", 0x62}, {&(0x7f0000000880)="b8e4d28ec970bdf146d717bed673a03be982338e021e1058d00776227b342db7671f5a0a2d75e9e5a7fbd4ecc62684a793ab69989c8836473cf7744072ef0bd03758c8c6cb740f2c8abc1b69715c98796adbec917f572e32a4f6977abd032183f498075de23e212c05e37d608df3d5ca7f4b7e08f974d4f12d6c3b6c90c44b9355f52cf1e5a88049a7ab8952d5232e812f6cf20679d54d51950da095fbacb3365e30f62093a40e3c28728a31fb2de8702c", 0xb1}, {&(0x7f0000000780)="5c06f00294cc721081e366131c0fcd179066c58c4951ef284a51dfc59d67e247edf1b4fc93718f3d1d6f3bd71ab442cb6b6ebc9f4bb562848ec35bfd1a443267ca11db6125b298f33c1fc9ab4fc7e8d2900d1d916b3c", 0x56}, {&(0x7f0000000980)="65b426e7fb8932534948519e6381e5e369fc65a3128f6056c7d77c618f08eae1cd2944eee2ab50617c99c5c7f640757950d3ec8b33b136a5c8a541bcacab7a99019c662a3067ab866343906828fc89ff22fa46ada5", 0x55}, {0x0}, {&(0x7f0000000e00)="bf83903af3912b25320771861a97d9099887b5133b772fd4b99cb75c05cc6056c51d5bb95835f9b0158c4cfee49435eee968d62cc9e3f2170f885492ef045fe78a057d2f5d22250b0d1832e4e7d9caf59cb596b09bdb792e92381b57fa01c34b662c00464d755260824c4afcf590616c92c6de993cbafa1a807e0aec7041984a7f5fa2427ca65c438e1d1cf9bb58e0c1", 0x90}, {&(0x7f0000000c40)="8c87ae7dc3a1e41d808b729a7f992fcd10bf446bba2823fa0867f4ebbc9858852027a4c0a9681773961d1e44be4f2b9181e639856ced68ac4a29c8dd327abb9200876aae3fc55bcc6ff8f9a32a00b60448f8b57890578daddcddcad87ee7da5dd0df0f7fe978b92dfd2d2dbea58a81a037131eb4e1", 0x75}], 0x9, 0xfffffffd, 0x2000008)
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f0000000100)={0x1, 0x2, 0x1, 0x0, 0x8})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

922.963044ms ago: executing program 7 (id=1890):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r1, 0x25, 0x0, @val=@tcx={@void, @value=r4}}, 0x1c)
syz_emit_ethernet(0xd81, &(0x7f0000002740)=ANY=[], 0x0)

803.838701ms ago: executing program 4 (id=1891):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000880)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x1}, @TCA_TBF_PARMS={0x28, 0x1, {{0x40, 0x2, 0xad63, 0x9, 0x1}, {0x0, 0x2, 0x8000, 0x5, 0xe}, 0x1, 0x100, 0x15a5}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0xb, 0xd}, {0x6}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

698.040662ms ago: executing program 2 (id=1892):
write(0xffffffffffffffff, &(0x7f0000000340)="1c0000005e001f", 0x7)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[], 0x188}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
pwritev(0xffffffffffffffff, &(0x7f0000000d80)=[{&(0x7f0000000780)="42ebe7f5d8dde5f3e9c5c7e7bc09d8d80f373ae4dc85e6cb597bd322663b986ff272399bec41d811a763bcd2cdc221d2ac6cdeeca815ce250ce959444e7f296cb11433530cfccd0c6f450147b46eb5bbe281810c76577aaf554801815d1ee516cc0752832233d7610ce165a593e43cbaa4f52db28e5aead94767ad0d0ccf1cd422", 0x81}, {&(0x7f0000000540)}, {&(0x7f0000000580)="1ab9a1fec95331b4b1bb5f840b0a198cb5add980a1e5cd402aaabeb7a27d1418376394238ae0a1ca9c", 0x29}, {0x0}, {&(0x7f0000000ac0)}], 0x5, 0x4d9e, 0x8)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

659.152484ms ago: executing program 7 (id=1893):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xd)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xc2f02, 0x0)
sendfile(r0, r1, 0x0, 0x2000fb)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)

535.833421ms ago: executing program 4 (id=1894):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vlan0\x00'})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[], 0x68}}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, 0x0, 0x0)
r3 = msgget$private(0x0, 0x330)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r4, 0x0, 0x40)
ioctl$sock_SIOCINQ(r4, 0x541b, 0x0)
msgrcv(r3, 0x0, 0x0, 0x98ce86d7921f6527, 0x2000)
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x1)
ioctl$XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r5, 0xc02054a5, 0x0)
msgsnd(r3, 0x0, 0x0, 0x800)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x78bd27, 0xf0, {0x0, 0x0, 0x0, r7, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x841}, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0)
r9 = accept4(r8, 0x0, 0x0, 0x80000)
dup(r9)

490.408412ms ago: executing program 7 (id=1895):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(0xffffffffffffffff, 0x4068aea3, 0x0)
setrlimit(0xf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009"], 0x7c}, 0x1, 0x0, 0x0, 0x48008}, 0x44004)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x12)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8)
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(0xffffffffffffffff, 0x3b8b, 0x0)

458.386426ms ago: executing program 6 (id=1896):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2000, 0x25)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x6, 0x12, r2, 0x0)

288.068694ms ago: executing program 7 (id=1897):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000008c0)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_TIMER_SLACK={0x8}]}}]}, 0x38}}, 0x4048000)

251.123707ms ago: executing program 2 (id=1898):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x60, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, 0x0, &(0x7f0000000200))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB], 0x3c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000040)=r5, 0x4)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4040850}, 0x0)
sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x30, r4, 0x1, 0x3, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_TID={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0)
r6 = socket(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0)

226.383612ms ago: executing program 6 (id=1899):
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000021c0), 0x2000, 0x0)
fcntl$lock(0xffffffffffffffff, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa9525000)
r1 = syz_open_dev$evdev(&(0x7f0000001bc0), 0x0, 0x8801)
ioctl$EVIOCGEFFECTS(r1, 0x80044584, &(0x7f0000001c00)=""/15)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7000fedbdf25030040000800010000000000100007800c000180080001", @ANYRES8], 0x2c}, 0x1, 0x0, 0x0, 0x150}, 0x20008040)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x150}, 0x20008040)

0s ago: executing program 7 (id=1900):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001380)={0xe, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], &(0x7f0000000200)='syzkaller\x00', 0x6}, 0x94)

kernel console output (not intermixed with test programs):

SB Raw Gadget: couldn't find an available UDC or it's busy
[  682.997085][T10027] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  683.653454][ T5833] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  683.732631][   T23] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  684.652779][   T23] usb 4-1: Using ep0 maxpacket: 8
[  684.658022][ T5833] usb 5-1: Using ep0 maxpacket: 32
[  684.675536][   T23] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  684.685721][ T5833] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  685.432697][   T23] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  685.445901][ T5833] usb 5-1: string descriptor 0 read error: -71
[  685.452233][ T5833] usb 5-1: New USB device found, idVendor=2b73, idProduct=0029, bcdDevice= 0.40
[  685.472595][   T23] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  685.488228][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.496387][   T23] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  685.530464][ T5833] usb 5-1: can't set config #1, error -71
[  685.556129][   T23] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  685.575943][ T5833] usb 5-1: USB disconnect, device number 12
[  685.644540][   T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.722882][   T23] usb 4-1: can't set config #16, error -71
[  685.741161][   T23] usb 4-1: USB disconnect, device number 9
[  685.830064][T10043] loop3: detected capacity change from 0 to 64
[  686.026964][ T5833] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  686.070595][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  686.077105][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  686.234597][ T5833] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  686.313583][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.343320][ T5833] usb 5-1: config 0 descriptor??
[  686.437403][T10049] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  687.368022][T10057] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  689.997277][ T5833] [drm:udl_init] *ERROR* Selecting channel failed
[  690.093557][ T5833] [drm] Initialized udl 0.0.1 20120220 for 5-1:0.0 on minor 2
[  690.101123][ T5833] [drm] Initialized udl on minor 2
[  690.142410][ T5833] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  691.484697][ T5833] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  691.497136][ T5811] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  691.531382][ T5833] usb 5-1: USB disconnect, device number 13
[  691.544152][ T5811] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  691.573246][ T5811] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  694.901809][T10086] loop3: detected capacity change from 0 to 128
[  694.939976][T10086] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  694.970267][T10086] hpfs: filesystem error: improperly stopped
[  694.992980][T10086] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  695.000767][T10086] hpfs: You really don't want any checks? You are crazy...
[  695.036967][T10086] hpfs: Code page index out of array
[  695.042315][T10086] hpfs: code page support is disabled
[  695.075731][T10086] hpfs: hpfs_map_4sectors(): unaligned read
[  695.085174][T10086] hpfs: hpfs_map_4sectors(): unaligned read
[  695.091113][T10086] hpfs: filesystem error: unable to find root dir
[  695.153356][T10086] hpfs: bad mount options.
[  695.300591][T10090] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.855'.
[  695.320724][T10090] net_ratelimit: 44 callbacks suppressed
[  695.320740][T10090] openvswitch: netlink: Tunnel attr 0 has unexpected len 3060 expected 8
[  695.674842][T10096] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  696.437428][T10101] loop2: detected capacity change from 0 to 128
[  696.465203][T10101] affs: Unrecognized mount option "ÅL€\±/m·9اþó´G³De"¾-ü)vEà‹uv#[Òcke�Œàj�Ä8ÊÅͤ«=À6jÕfâ�y)šèìÍŒh⡱_Øœ8Ò.í%" or missing value
[  696.503828][T10101] affs: Error parsing options
[  696.669061][T10104] loop6: detected capacity change from 0 to 32768
[  696.992421][T10109] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  697.882236][T10110] read_mapping_page failed!
[  698.598919][T10120] loop6: detected capacity change from 0 to 32768
[  698.852403][T10124] loop2: detected capacity change from 0 to 128
[  699.577517][T10125] ERROR: (device loop6): dbAlloc: the hint is outside the map
[  699.577517][T10125] 
[  699.598531][T10125] ERROR: (device loop6): remounting filesystem as read-only
[  699.615134][T10125] syz.6.864: attempt to access beyond end of device
[  699.615134][T10125] loop6: rw=2049, sector=44032, nr_sectors = 8 limit=32768
[  700.032975][  T113] blkno = 1580, nblocks = 1
[  700.037528][  T113] ERROR: (device loop6): dbUpdatePMap: blocks are outside the map
[  700.037528][  T113] 
[  700.237033][T10118] loop3: detected capacity change from 0 to 32768
[  700.276877][T10118] overlay: filesystem on ./bus not supported
[  700.403167][T10129] FAULT_INJECTION: forcing a failure.
[  700.403167][T10129] name failslab, interval 1, probability 0, space 0, times 0
[  700.456219][T10129] CPU: 1 PID: 10129 Comm: syz.2.869 Not tainted syzkaller #0
[  700.463654][T10129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  700.473736][T10129] Call Trace:
[  700.477040][T10129]  <TASK>
[  700.479986][T10129]  dump_stack_lvl+0x18c/0x250
[  700.484675][T10129]  ? show_regs_print_info+0x20/0x20
[  700.489891][T10129]  ? load_image+0x400/0x400
[  700.494390][T10129]  ? __might_sleep+0xe0/0xe0
[  700.498976][T10129]  ? __lock_acquire+0x7d40/0x7d40
[  700.503999][T10129]  ? trace_raw_output_contention_end+0xd0/0xd0
[  700.510151][T10129]  should_fail_ex+0x39d/0x4d0
[  700.514830][T10129]  should_failslab+0x9/0x20
[  700.519329][T10129]  slab_pre_alloc_hook+0x59/0x310
[  700.524353][T10129]  ? xdp_umem_create+0x58/0x7e0
[  700.529200][T10129]  __kmem_cache_alloc_node+0x53/0x250
[  700.534575][T10129]  ? xdp_umem_create+0x58/0x7e0
[  700.539419][T10129]  kmalloc_trace+0x2a/0xe0
[  700.543830][T10129]  xdp_umem_create+0x58/0x7e0
[  700.548501][T10129]  ? __might_fault+0xc6/0x120
[  700.553165][T10129]  ? __might_fault+0xaa/0x120
[  700.557835][T10129]  xsk_setsockopt+0x68c/0x760
[  700.562510][T10129]  ? xsk_poll+0x680/0x680
[  700.566844][T10129]  ? 0xffffffffff600000
[  700.570990][T10129]  ? __fget_files+0x28/0x4b0
[  700.575574][T10129]  ? __fget_files+0x28/0x4b0
[  700.580158][T10129]  ? aa_sock_opt_perm+0x74/0x100
[  700.585092][T10129]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  700.590629][T10129]  ? security_socket_setsockopt+0x7e/0xa0
[  700.596339][T10129]  ? xsk_poll+0x680/0x680
[  700.600671][T10129]  do_sock_setsockopt+0x175/0x1a0
[  700.605700][T10129]  ? __fdget+0x180/0x210
[  700.609941][T10129]  __x64_sys_setsockopt+0x182/0x200
[  700.615135][T10129]  do_syscall_64+0x55/0xa0
[  700.619550][T10129]  ? clear_bhb_loop+0x40/0x90
[  700.624220][T10129]  ? clear_bhb_loop+0x40/0x90
[  700.628920][T10129]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  700.634830][T10129] RIP: 0033:0x7f6e2019c799
[  700.639245][T10129] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  700.658843][T10129] RSP: 002b:00007f6e1e3f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  700.667253][T10129] RAX: ffffffffffffffda RBX: 00007f6e20415fa0 RCX: 00007f6e2019c799
[  700.675222][T10129] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003
[  700.683181][T10129] RBP: 00007f6e1e3f6090 R08: 0000000000000020 R09: 0000000000000000
[  700.691143][T10129] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001
[  700.699103][T10129] R13: 00007f6e20416038 R14: 00007f6e20415fa0 R15: 00007ffc7adf32b8
[  700.707089][T10129]  </TASK>
[  701.026635][T10137] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  701.928719][T10145] loop2: detected capacity change from 0 to 16
[  702.007286][T10145] erofs: (device loop2): mounted with root inode @ nid 36.
[  702.028407][T10144] loop6: detected capacity change from 0 to 4096
[  702.059238][T10144] ntfs3: loop6: Different NTFS sector size (2048) and media sector size (512).
[  702.063875][T10147] netlink: 12 bytes leftover after parsing attributes in process `syz.4.873'.
[  702.098428][T10145] syz.2.875: attempt to access beyond end of device
[  702.098428][T10145] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  702.124830][T10144] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  702.150197][T10144] ntfs3: loop6: try to read out of volume at offset 0x1ff000
[  702.175973][T10144] ntfs3: loop6: Failed to load $MFT.
[  702.195540][T10145] syz.2.875: attempt to access beyond end of device
[  702.195540][T10145] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  702.226072][T10145] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  702.251154][   T27] audit: type=1800 audit(1772749563.492:158): pid=10145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.875" name="file2" dev="loop2" ino=89 res=0 errno=0
[  703.800125][T10152] loop6: detected capacity change from 0 to 4096
[  703.868051][T10152] ntfs3: loop6: Different NTFS sector size (2048) and media sector size (512).
[  703.899250][T10152] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  703.925080][T10152] ntfs3: loop6: try to read out of volume at offset 0x1ff000
[  703.948737][T10152] ntfs3: loop6: Failed to load $MFT.
[  704.179896][T10160] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[  704.502645][   T23] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  704.703166][   T23] usb 7-1: Using ep0 maxpacket: 8
[  704.730424][   T23] usb 7-1: config index 0 descriptor too short (expected 29970, got 18)
[  704.750001][   T23] usb 7-1: config 0 has too many interfaces: 168, using maximum allowed: 32
[  704.774905][   T23] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 168
[  704.805191][   T23] usb 7-1: New USB device found, idVendor=0545, idProduct=800c, bcdDevice= 3.0a
[  704.824694][   T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  704.842651][   T23] usb 7-1: Product: syz
[  704.852667][   T23] usb 7-1: Manufacturer: syz
[  704.857768][   T23] usb 7-1: SerialNumber: syz
[  704.873891][   T23] usb 7-1: config 0 descriptor??
[  704.886388][   T23] gspca_main: xirlink-cit-2.14.0 probing 0545:800c
[  704.938389][   T23] input: xirlink-cit as /devices/platform/dummy_hcd.6/usb7/7-1/input/input5
[  705.096129][T10149] loop3: detected capacity change from 0 to 32768
[  705.256008][   T23] usb 7-1: USB disconnect, device number 6
[  705.541846][T10172] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  707.508918][T10184] netlink: 12 bytes leftover after parsing attributes in process `syz.6.888'.
[  707.538923][ T7467] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (7467)
[  707.700589][T10190] loop2: detected capacity change from 0 to 1024
[  707.894662][T10189] loop4: detected capacity change from 0 to 32768
[  707.926985][ T5784] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  709.263937][ T5845] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  711.026479][T10208] netlink: 12 bytes leftover after parsing attributes in process `syz.4.893'.
[  711.036087][ T5845] usb 3-1: Using ep0 maxpacket: 16
[  711.056908][ T5845] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  711.076414][ T5845] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  711.094887][ T5845] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  711.110428][ T5845] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  711.149511][ T5845] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  711.177218][ T5845] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  711.207002][ T5845] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  711.230576][ T5845] usb 3-1: config 0 descriptor??
[  712.828922][T10217] process 'syz.4.893' launched '<' with NULL argv: empty string added
[  712.896961][ T5845] rc_core: IR keymap rc-hauppauge not found
[  712.904835][ T5845] Registered IR keymap rc-empty
[  712.927620][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  712.978829][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.045086][ T5845] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  713.097097][ T5845] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input6
[  713.172956][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.212650][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.262764][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.302657][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.342709][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.382816][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.432864][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.474166][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.522812][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.565017][ T5845] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  713.618728][ T5845] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[  713.639691][ T5845] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  713.652938][ T8194] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  713.799267][ T5811] usb 3-1: USB disconnect, device number 5
[  713.949676][ T8194] usb 5-1: config 150 has an invalid interface number: 204 but max is 1
[  714.096310][ T8194] usb 5-1: config 150 has no interface number 0
[  714.122590][ T8194] usb 5-1: config 150 interface 204 has no altsetting 0
[  714.196992][ T8194] usb 5-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  714.240520][ T8194] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  714.282646][ T8194] usb 5-1: Product: syz
[  714.292853][ T8194] usb 5-1: Manufacturer: syz
[  714.307705][ T8194] usb 5-1: SerialNumber: syz
[  714.528783][ T8194] xr_serial 5-1:150.204: xr_serial converter detected
[  715.146442][ T8194] usb 5-1: xr_serial converter now attached to ttyUSB0
[  715.289303][T10237] loop6: detected capacity change from 0 to 32768
[  715.383116][ T5773] usb 5-1: USB disconnect, device number 14
[  715.460975][T10240] ERROR: (device loop6): dbAlloc: the hint is outside the map
[  715.460975][T10240] 
[  715.473955][T10240] ERROR: (device loop6): remounting filesystem as read-only
[  715.487878][T10240] syz.6.900: attempt to access beyond end of device
[  715.487878][T10240] loop6: rw=2049, sector=44032, nr_sectors = 8 limit=32768
[  715.736286][ T5773] xr_serial ttyUSB0: xr_serial converter now disconnected from ttyUSB0
[  715.963077][ T5773] xr_serial 5-1:150.204: device disconnected
[  716.313380][  T114] blkno = 1580, nblocks = 1
[  716.317949][  T114] ERROR: (device loop6): dbUpdatePMap: blocks are outside the map
[  716.317949][  T114] 
[  716.467460][T10249] fuse: Bad value for 'rootmode'
[  717.712395][T10253] loop3: detected capacity change from 0 to 128
[  717.777071][T10253] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  717.842711][T10253] hpfs: filesystem error: improperly stopped
[  717.848763][T10253] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  717.939816][T10253] hpfs: You really don't want any checks? You are crazy...
[  717.959325][T10253] hpfs: Code page index out of array
[  717.975192][T10253] hpfs: code page support is disabled
[  717.998759][T10253] hpfs: hpfs_map_4sectors(): unaligned read
[  718.033362][T10253] hpfs: hpfs_map_4sectors(): unaligned read
[  718.039409][T10253] hpfs: filesystem error: unable to find root dir
[  718.214760][T10253] hpfs: bad mount options.
[  718.224690][T10259] loop2: detected capacity change from 0 to 16
[  718.297224][T10266] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  719.554515][T10259] erofs: (device loop2): mounted with root inode @ nid 36.
[  719.587416][T10259] syz.2.905: attempt to access beyond end of device
[  719.587416][T10259] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  719.616819][T10259] syz.2.905: attempt to access beyond end of device
[  719.616819][T10259] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  719.892812][T10277] loop3: detected capacity change from 0 to 16
[  719.915538][T10259] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  720.224640][T10277] erofs: (device loop3): mounted with root inode @ nid 36.
[  720.241723][T10277] syz.3.910: attempt to access beyond end of device
[  720.241723][T10277] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  720.280139][T10277] syz.3.910: attempt to access beyond end of device
[  720.280139][T10277] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16
[  720.294780][T10277] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  720.323964][   T27] audit: type=1800 audit(1772749581.552:159): pid=10277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.910" name="file2" dev="loop3" ino=89 res=0 errno=0
[  720.693822][   T27] audit: type=1800 audit(1772749581.942:160): pid=10259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.905" name="file2" dev="loop2" ino=89 res=0 errno=0
[  720.720293][T10279] loop4: detected capacity change from 0 to 512
[  720.929755][T10279] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  720.974175][T10284] loop3: detected capacity change from 0 to 8
[  721.011111][T10279] ext4 filesystem being mounted at /182/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  721.136066][T10279] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  721.236508][T10274] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  722.903480][ T6408] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  723.492716][ T5773] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  723.726817][ T5773] usb 4-1: Using ep0 maxpacket: 16
[  723.734172][ T5773] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  723.762713][  T789] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  723.802803][ T5773] usb 4-1: config 0 interface 0 has no altsetting 0
[  723.809892][ T5773] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  723.832538][ T5773] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.847938][T10312] fuse: Unknown parameter 'use00000000000000000000'
[  723.858263][ T5773] usb 4-1: config 0 descriptor??
[  723.982667][  T789] usb 5-1: Using ep0 maxpacket: 16
[  724.015357][  T789] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  724.051500][  T789] usb 5-1: config 0 interface 0 has no altsetting 0
[  724.072596][  T789] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  724.081734][  T789] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  724.285743][  T789] usb 5-1: config 0 descriptor??
[  724.329756][T10316] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  724.831286][ T5773] nzxt-smart2 0003:1E71:2009.0002: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  725.238533][T10321] FAULT_INJECTION: forcing a failure.
[  725.238533][T10321] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  725.275419][T10308] tmpfs: Unknown parameter 'gHd'
[  725.335282][T10321] CPU: 1 PID: 10321 Comm: syz.6.919 Not tainted syzkaller #0
[  725.342716][T10321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  725.342866][  T789] nzxt-smart2 0003:1E71:2009.0003: hidraw1: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[  725.352773][T10321] Call Trace:
[  725.352817][T10321]  <TASK>
[  725.352827][T10321]  dump_stack_lvl+0x18c/0x250
[  725.352859][T10321]  ? show_regs_print_info+0x20/0x20
[  725.352881][T10321]  ? load_image+0x400/0x400
[  725.352902][T10321]  ? __might_fault+0xaa/0x120
[  725.389730][T10321]  ? __lock_acquire+0x7d40/0x7d40
[  725.394797][T10321]  should_fail_ex+0x39d/0x4d0
[  725.399517][T10321]  _copy_from_user+0x2f/0xe0
[  725.404144][T10321]  snd_seq_write+0x312/0x820
[  725.408763][T10321]  ? aa_path_link+0xf70/0xf70
[  725.413483][T10321]  ? snd_seq_read+0x670/0x670
[  725.418191][T10321]  ? common_file_perm+0x198/0x1f0
[  725.423252][T10321]  ? fsnotify_perm+0x5d/0x5e0
[  725.427967][T10321]  ? security_file_permission+0x79/0xa0
[  725.433547][T10321]  ? snd_seq_read+0x670/0x670
[  725.438261][T10321]  vfs_write+0x296/0x990
[  725.442541][T10321]  ? file_end_write+0x250/0x250
[  725.447430][T10321]  ? __fget_files+0x28/0x4b0
[  725.452055][T10321]  ? __fget_files+0x28/0x4b0
[  725.456680][T10321]  ? __fget_files+0x43d/0x4b0
[  725.461372][T10321]  ? __fdget_pos+0x1d8/0x330
[  725.465975][T10321]  ? ksys_write+0x75/0x260
[  725.470401][T10321]  ksys_write+0x150/0x260
[  725.474737][T10321]  ? __ia32_sys_read+0x90/0x90
[  725.479515][T10321]  ? lockdep_hardirqs_on+0x98/0x150
[  725.484717][T10321]  do_syscall_64+0x55/0xa0
[  725.489135][T10321]  ? clear_bhb_loop+0x40/0x90
[  725.493816][T10321]  ? clear_bhb_loop+0x40/0x90
[  725.498505][T10321]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  725.504400][T10321] RIP: 0033:0x7f217cf9c799
[  725.508817][T10321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  725.528425][T10321] RSP: 002b:00007f217def2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  725.536842][T10321] RAX: ffffffffffffffda RBX: 00007f217d216090 RCX: 00007f217cf9c799
[  725.544921][T10321] RDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000005
[  725.552930][T10321] RBP: 00007f217def2090 R08: 0000000000000000 R09: 0000000000000000
[  725.560925][T10321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  725.568920][T10321] R13: 00007f217d216128 R14: 00007f217d216090 R15: 00007ffcc701abe8
[  725.576930][T10321]  </TASK>
[  725.661323][  T789] usb 4-1: USB disconnect, device number 10
[  725.824223][T10310] FAULT_INJECTION: forcing a failure.
[  725.824223][T10310] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  725.882459][T10310] CPU: 1 PID: 10310 Comm: syz.4.915 Not tainted syzkaller #0
[  725.889901][T10310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  725.899985][T10310] Call Trace:
[  725.903286][T10310]  <TASK>
[  725.906238][T10310]  dump_stack_lvl+0x18c/0x250
[  725.910958][T10310]  ? show_regs_print_info+0x20/0x20
[  725.916195][T10310]  ? load_image+0x400/0x400
[  725.920740][T10310]  ? __might_fault+0xaa/0x120
[  725.925449][T10310]  ? __lock_acquire+0x7d40/0x7d40
[  725.930505][T10310]  should_fail_ex+0x39d/0x4d0
[  725.935219][T10310]  _copy_from_user+0x2f/0xe0
[  725.939842][T10310]  kstrtouint_from_user+0xde/0x170
[  725.944993][T10310]  ? kstrtol_from_user+0x190/0x190
[  725.950160][T10310]  proc_fail_nth_write+0x8f/0x250
[  725.955237][T10310]  ? proc_fail_nth_read+0x260/0x260
[  725.960485][T10310]  ? proc_fail_nth_read+0x260/0x260
[  725.965747][T10310]  vfs_write+0x296/0x990
[  725.970048][T10310]  ? file_end_write+0x250/0x250
[  725.974939][T10310]  ? __fget_files+0x28/0x4b0
[  725.979557][T10310]  ? __fget_files+0x28/0x4b0
[  725.984178][T10310]  ? __fget_files+0x43d/0x4b0
[  725.988898][T10310]  ? __fdget_pos+0x2a3/0x330
[  725.993520][T10310]  ? ksys_write+0x75/0x260
[  725.997978][T10310]  ksys_write+0x150/0x260
[  726.002346][T10310]  ? __ia32_sys_read+0x90/0x90
[  726.007150][T10310]  ? lockdep_hardirqs_on+0x98/0x150
[  726.012382][T10310]  do_syscall_64+0x55/0xa0
[  726.016834][T10310]  ? clear_bhb_loop+0x40/0x90
[  726.021541][T10310]  ? clear_bhb_loop+0x40/0x90
[  726.026248][T10310]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  726.032171][T10310] RIP: 0033:0x7f9edb35cfce
[  726.036610][T10310] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  726.056245][T10310] RSP: 002b:00007f9edc1e2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  726.064679][T10310] RAX: ffffffffffffffda RBX: 00007f9edc1e36c0 RCX: 00007f9edb35cfce
[  726.072667][T10310] RDX: 0000000000000001 RSI: 00007f9edc1e30a0 RDI: 0000000000000005
[  726.080665][T10310] RBP: 00007f9edc1e3090 R08: 0000000000000000 R09: 0000000000000000
[  726.088674][T10310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  726.096689][T10310] R13: 00007f9edb616038 R14: 00007f9edb615fa0 R15: 00007ffda0f4aee8
[  726.104701][T10310]  </TASK>
[  726.359214][ T5773] usb 5-1: USB disconnect, device number 15
[  726.375993][T10329] loop2: detected capacity change from 0 to 16
[  726.399431][T10329] erofs: (device loop2): mounted with root inode @ nid 36.
[  726.415073][T10329] syz.2.920: attempt to access beyond end of device
[  726.415073][T10329] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  726.440853][T10329] syz.2.920: attempt to access beyond end of device
[  726.440853][T10329] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  726.548925][T10329] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  726.560668][T10330] loop3: detected capacity change from 0 to 4096
[  726.628329][T10330] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[  726.686278][T10330] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  726.701763][T10330] ntfs3: loop3: try to read out of volume at offset 0x1ff000
[  726.734135][T10330] ntfs3: loop3: Failed to load $MFT.
[  726.736694][   T27] audit: type=1800 audit(1772749587.982:161): pid=10329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.920" name="file2" dev="loop2" ino=89 res=0 errno=0
[  726.812788][T10330] netlink: 40 bytes leftover after parsing attributes in process `syz.3.921'.
[  729.653436][T10343] fuse: Unknown parameter 'use00000000000000000000'
[  730.123829][T10345] FAULT_INJECTION: forcing a failure.
[  730.123829][T10345] name failslab, interval 1, probability 0, space 0, times 0
[  730.182586][T10345] CPU: 0 PID: 10345 Comm: syz.4.928 Not tainted syzkaller #0
[  730.190020][T10345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  730.200099][T10345] Call Trace:
[  730.203398][T10345]  <TASK>
[  730.206349][T10345]  dump_stack_lvl+0x18c/0x250
[  730.211052][T10345]  ? show_regs_print_info+0x20/0x20
[  730.216264][T10345]  ? load_image+0x400/0x400
[  730.220773][T10345]  ? __might_sleep+0xe0/0xe0
[  730.225359][T10345]  ? __lock_acquire+0x7d40/0x7d40
[  730.230377][T10345]  should_fail_ex+0x39d/0x4d0
[  730.235050][T10345]  should_failslab+0x9/0x20
[  730.239543][T10345]  slab_pre_alloc_hook+0x59/0x310
[  730.244560][T10345]  ? snd_pcm_oss_change_params_locked+0x1b2/0x3cf0
[  730.251048][T10345]  __kmem_cache_alloc_node+0x53/0x250
[  730.256414][T10345]  ? snd_pcm_oss_change_params_locked+0x1b2/0x3cf0
[  730.262903][T10345]  kmalloc_trace+0x2a/0xe0
[  730.267313][T10345]  snd_pcm_oss_change_params_locked+0x1b2/0x3cf0
[  730.273635][T10345]  ? __mutex_trylock_common+0x159/0x260
[  730.279166][T10345]  ? trace_raw_output_contention_end+0xd0/0xd0
[  730.285311][T10345]  ? rcu_is_watching+0x15/0xb0
[  730.290067][T10345]  ? __mutex_lock+0x315/0xcc0
[  730.294738][T10345]  ? aa_file_perm+0x11b/0xee0
[  730.299410][T10345]  ? snd_pcm_oss_read2+0x3d0/0x3d0
[  730.304518][T10345]  ? aa_file_perm+0x3e3/0xee0
[  730.309190][T10345]  ? snd_pcm_oss_write+0x209/0xaf0
[  730.314311][T10345]  ? mutex_lock_nested+0x20/0x20
[  730.319285][T10345]  ? aa_path_link+0xf70/0xf70
[  730.323990][T10345]  snd_pcm_oss_write+0x27e/0xaf0
[  730.328956][T10345]  ? snd_pcm_oss_read+0x8c0/0x8c0
[  730.334004][T10345]  vfs_write+0x296/0x990
[  730.338277][T10345]  ? file_end_write+0x250/0x250
[  730.343145][T10345]  ? __fget_files+0x28/0x4b0
[  730.347749][T10345]  ? __fget_files+0x28/0x4b0
[  730.352355][T10345]  ? __fget_files+0x43d/0x4b0
[  730.357056][T10345]  ? __fdget_pos+0x1d8/0x330
[  730.361658][T10345]  ? ksys_write+0x75/0x260
[  730.366095][T10345]  ksys_write+0x150/0x260
[  730.370444][T10345]  ? __ia32_sys_read+0x90/0x90
[  730.375227][T10345]  ? lockdep_hardirqs_on+0x98/0x150
[  730.380457][T10345]  do_syscall_64+0x55/0xa0
[  730.384890][T10345]  ? clear_bhb_loop+0x40/0x90
[  730.389586][T10345]  ? clear_bhb_loop+0x40/0x90
[  730.394289][T10345]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  730.400202][T10345] RIP: 0033:0x7f9edb39c799
[  730.404636][T10345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  730.424259][T10345] RSP: 002b:00007f9edc1e3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  730.432670][T10345] RAX: ffffffffffffffda RBX: 00007f9edb615fa0 RCX: 00007f9edb39c799
[  730.440634][T10345] RDX: 000000000000fdbc RSI: 0000200000000500 RDI: 0000000000000003
[  730.448623][T10345] RBP: 00007f9edc1e3090 R08: 0000000000000000 R09: 0000000000000000
[  730.456581][T10345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  730.464544][T10345] R13: 00007f9edb616038 R14: 00007f9edb615fa0 R15: 00007ffda0f4aee8
[  730.472526][T10345]  </TASK>
[  730.597229][T10347] loop3: detected capacity change from 0 to 256
[  730.830811][T10347] FAT-fs (loop3): Directory bread(block 64) failed
[  730.872622][T10347] FAT-fs (loop3): Directory bread(block 65) failed
[  730.892775][T10347] FAT-fs (loop3): Directory bread(block 66) failed
[  730.900078][T10347] FAT-fs (loop3): Directory bread(block 67) failed
[  730.962801][T10347] FAT-fs (loop3): Directory bread(block 68) failed
[  730.969398][T10347] FAT-fs (loop3): Directory bread(block 69) failed
[  731.003350][T10347] FAT-fs (loop3): Directory bread(block 70) failed
[  731.009945][T10347] FAT-fs (loop3): Directory bread(block 71) failed
[  731.047143][T10347] FAT-fs (loop3): Directory bread(block 72) failed
[  731.077529][T10347] FAT-fs (loop3): Directory bread(block 73) failed
[  731.473560][T10360] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  733.767078][T10381] fuse: Unknown parameter 'use00000000000000000000'
[  734.379099][T10392] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  734.862810][T10394] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  736.437808][T10416] fuse: Unknown parameter 'user_i00000000000000000000'
[  736.587534][T10422] FAULT_INJECTION: forcing a failure.
[  736.587534][T10422] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  736.621961][T10422] CPU: 0 PID: 10422 Comm: syz.3.950 Not tainted syzkaller #0
[  736.629396][T10422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  736.639460][T10422] Call Trace:
[  736.642729][T10422]  <TASK>
[  736.645650][T10422]  dump_stack_lvl+0x18c/0x250
[  736.650319][T10422]  ? show_regs_print_info+0x20/0x20
[  736.655509][T10422]  ? load_image+0x400/0x400
[  736.660000][T10422]  ? __lock_acquire+0x7d40/0x7d40
[  736.665010][T10422]  ? snprintf+0xe9/0x140
[  736.669239][T10422]  should_fail_ex+0x39d/0x4d0
[  736.673908][T10422]  _copy_to_user+0x2f/0xa0
[  736.678308][T10422]  simple_read_from_buffer+0xe7/0x150
[  736.683669][T10422]  proc_fail_nth_read+0x1e8/0x260
[  736.688683][T10422]  ? proc_fault_inject_write+0x360/0x360
[  736.694318][T10422]  ? fsnotify_perm+0x271/0x5e0
[  736.699097][T10422]  ? proc_fault_inject_write+0x360/0x360
[  736.704724][T10422]  vfs_read+0x28b/0x970
[  736.708874][T10422]  ? kernel_read+0x1e0/0x1e0
[  736.713450][T10422]  ? __fget_files+0x28/0x4b0
[  736.718022][T10422]  ? __fget_files+0x28/0x4b0
[  736.722609][T10422]  ? __fget_files+0x43d/0x4b0
[  736.727293][T10422]  ? __fdget_pos+0x2a3/0x330
[  736.731870][T10422]  ? ksys_read+0x75/0x260
[  736.736187][T10422]  ksys_read+0x150/0x260
[  736.740417][T10422]  ? vfs_write+0x990/0x990
[  736.744835][T10422]  ? lockdep_hardirqs_on+0x98/0x150
[  736.750032][T10422]  do_syscall_64+0x55/0xa0
[  736.754446][T10422]  ? clear_bhb_loop+0x40/0x90
[  736.759109][T10422]  ? clear_bhb_loop+0x40/0x90
[  736.763775][T10422]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  736.769650][T10422] RIP: 0033:0x7f43f235cfce
[  736.774051][T10422] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  736.793645][T10422] RSP: 002b:00007f43f32bffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  736.802040][T10422] RAX: ffffffffffffffda RBX: 00007f43f32c06c0 RCX: 00007f43f235cfce
[  736.810004][T10422] RDX: 000000000000000f RSI: 00007f43f32c00a0 RDI: 0000000000000003
[  736.817994][T10422] RBP: 00007f43f32c0090 R08: 0000000000000000 R09: 0000000000000000
[  736.825980][T10422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.833940][T10422] R13: 00007f43f2616038 R14: 00007f43f2615fa0 R15: 00007ffc2a7d6818
[  736.841905][T10422]  </TASK>
[  737.329978][T10431] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  738.321200][T10438] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  740.087399][T10448] loop4: detected capacity change from 0 to 16
[  740.120720][T10448] erofs: (device loop4): mounted with root inode @ nid 36.
[  740.155705][T10448] syz.4.947: attempt to access beyond end of device
[  740.155705][T10448] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  740.211485][T10448] syz.4.947: attempt to access beyond end of device
[  740.211485][T10448] loop4: rw=524288, sector=16, nr_sectors = 40 limit=16
[  740.259586][T10448] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  740.301904][   T27] audit: type=1800 audit(1772749601.542:162): pid=10448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.947" name="file2" dev="loop4" ino=89 res=0 errno=0
[  740.720723][T10450] netlink: 872 bytes leftover after parsing attributes in process `syz.2.957'.
[  741.057996][T10440] loop6: detected capacity change from 0 to 32768
[  741.079427][T10454] fuse: Unknown parameter 'user_i00000000000000000000'
[  741.230158][T10456] netlink: 12 bytes leftover after parsing attributes in process `syz.6.959'.
[  741.281350][T10458] FAULT_INJECTION: forcing a failure.
[  741.281350][T10458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  741.318949][T10458] CPU: 0 PID: 10458 Comm: syz.2.960 Not tainted syzkaller #0
[  741.326388][T10458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  741.336470][T10458] Call Trace:
[  741.339769][T10458]  <TASK>
[  741.342716][T10458]  dump_stack_lvl+0x18c/0x250
[  741.347405][T10458]  ? show_regs_print_info+0x20/0x20
[  741.352604][T10458]  ? load_image+0x400/0x400
[  741.357105][T10458]  ? __lock_acquire+0x7d40/0x7d40
[  741.362134][T10458]  ? snprintf+0xe9/0x140
[  741.366377][T10458]  should_fail_ex+0x39d/0x4d0
[  741.371058][T10458]  _copy_to_user+0x2f/0xa0
[  741.375473][T10458]  simple_read_from_buffer+0xe7/0x150
[  741.380850][T10458]  proc_fail_nth_read+0x1e8/0x260
[  741.385876][T10458]  ? proc_fault_inject_write+0x360/0x360
[  741.391507][T10458]  ? fsnotify_perm+0x271/0x5e0
[  741.396268][T10458]  ? proc_fault_inject_write+0x360/0x360
[  741.401896][T10458]  vfs_read+0x28b/0x970
[  741.406052][T10458]  ? kernel_read+0x1e0/0x1e0
[  741.410639][T10458]  ? __fget_files+0x28/0x4b0
[  741.415223][T10458]  ? __fget_files+0x28/0x4b0
[  741.419806][T10458]  ? __fget_files+0x43d/0x4b0
[  741.424483][T10458]  ? __fdget_pos+0x2a3/0x330
[  741.429070][T10458]  ? ksys_read+0x75/0x260
[  741.433399][T10458]  ksys_read+0x150/0x260
[  741.437640][T10458]  ? vfs_write+0x990/0x990
[  741.442053][T10458]  ? lockdep_hardirqs_on+0x98/0x150
[  741.447249][T10458]  do_syscall_64+0x55/0xa0
[  741.451661][T10458]  ? clear_bhb_loop+0x40/0x90
[  741.456329][T10458]  ? clear_bhb_loop+0x40/0x90
[  741.461001][T10458]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  741.466892][T10458] RIP: 0033:0x7f6e2015cfce
[  741.471300][T10458] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  741.490900][T10458] RSP: 002b:00007f6e1e3f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  741.499308][T10458] RAX: ffffffffffffffda RBX: 00007f6e1e3f66c0 RCX: 00007f6e2015cfce
[  741.507273][T10458] RDX: 000000000000000f RSI: 00007f6e1e3f60a0 RDI: 0000000000000004
[  741.515236][T10458] RBP: 00007f6e1e3f6090 R08: 0000000000000000 R09: 0000000000000000
[  741.523198][T10458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  741.531160][T10458] R13: 00007f6e20416038 R14: 00007f6e20415fa0 R15: 00007ffc7adf32b8
[  741.539137][T10458]  </TASK>
[  742.931799][T10482] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  743.712412][T10488] fuse: Unknown parameter 'user_i00000000000000000000'
[  743.990744][T10491] loop2: detected capacity change from 0 to 512
[  744.044765][T10491] EXT4-fs: Invalid uid value -1
[  744.094266][T10498] loop3: detected capacity change from 0 to 16
[  744.136189][T10498] erofs: (device loop3): mounted with root inode @ nid 36.
[  744.225533][T10498] syz.3.970: attempt to access beyond end of device
[  744.225533][T10498] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  744.293619][T10498] syz.3.970: attempt to access beyond end of device
[  744.293619][T10498] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16
[  744.308007][T10498] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  744.320039][   T27] audit: type=1800 audit(1772749605.562:163): pid=10498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.970" name="file2" dev="loop3" ino=89 res=0 errno=0
[  744.967587][T10510] capability: warning: `syz.6.974' uses 32-bit capabilities (legacy support in use)
[  745.188017][T10509] program syz.6.974 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  745.284590][T10514] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  745.995159][T10519] loop2: detected capacity change from 0 to 64
[  746.095788][T10519] hfs: get root inode failed
[  746.371338][T10522] fuse: Unknown parameter 'user_id00000000000000000000'
[  747.755916][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  747.762264][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  749.232626][T10545] fuse: Unknown parameter 'user_id00000000000000000000'
[  749.699524][T10551] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  753.906280][T10579] fuse: Unknown parameter 'user_id00000000000000000000'
[  754.559113][T10588] loop2: detected capacity change from 0 to 16
[  754.592709][T10588] erofs: (device loop2): mounted with root inode @ nid 36.
[  754.602628][T10588] syz.2.999: attempt to access beyond end of device
[  754.602628][T10588] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  754.619547][T10588] syz.2.999: attempt to access beyond end of device
[  754.619547][T10588] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  754.633336][T10588] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  754.673911][   T27] audit: type=1800 audit(1772749615.892:164): pid=10588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.999" name="file2" dev="loop2" ino=89 res=0 errno=0
[  756.372642][  T789] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  756.573920][  T789] usb 3-1: Using ep0 maxpacket: 16
[  756.595870][  T789] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  756.627686][  T789] usb 3-1: config 0 interface 0 has no altsetting 0
[  756.665143][  T789] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  756.689073][  T789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.712429][T10603] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1002'.
[  756.720897][  T789] usb 3-1: config 0 descriptor??
[  757.232435][  T789] nzxt-smart2 0003:1E71:2009.0004: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0
[  757.671180][T10601] loop3: detected capacity change from 0 to 32768
[  757.841497][   T23] usb 3-1: USB disconnect, device number 6
[  757.996492][T10613] fuse: Bad value for 'fd'
[  758.318401][T10617] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  759.193694][T10622] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1009'.
[  759.255671][   T27] audit: type=1326 audit(1772749620.502:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  759.313773][   T27] audit: type=1326 audit(1772749620.502:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  759.385263][   T27] audit: type=1326 audit(1772749620.502:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  759.451568][   T27] audit: type=1326 audit(1772749620.502:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  759.525676][   T27] audit: type=1326 audit(1772749620.502:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  759.725830][T10634] loop6: detected capacity change from 0 to 32768
[  760.394138][   T27] audit: type=1326 audit(1772749620.502:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  760.525755][   T27] audit: type=1326 audit(1772749620.502:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  760.559924][   T27] audit: type=1326 audit(1772749620.502:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  760.614541][T10637] loop3: detected capacity change from 0 to 4096
[  760.617700][   T27] audit: type=1326 audit(1772749620.502:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  760.639350][T10637] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[  760.699820][T10637] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  760.729985][T10637] ntfs3: loop3: try to read out of volume at offset 0x1ff000
[  760.751060][T10637] ntfs3: loop3: Failed to load $MFT.
[  760.801301][   T27] audit: type=1326 audit(1772749620.562:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  760.810826][T10637] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1013'.
[  760.905831][   T27] audit: type=1326 audit(1772749620.562:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  761.077392][   T27] audit: type=1326 audit(1772749620.562:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6e2019c502 code=0x7ffc0000
[  761.158381][   T27] audit: type=1326 audit(1772749620.562:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f6e2019c597 code=0x7ffc0000
[  761.242554][   T27] audit: type=1326 audit(1772749620.562:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f6e20159491 code=0x7ffc0000
[  761.302573][   T27] audit: type=1326 audit(1772749620.562:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10623 comm="syz.2.1010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f6e2019d589 code=0x7ffc0000
[  761.353534][T10648] fuse: Bad value for 'fd'
[  761.366537][T10625] loop2: detected capacity change from 0 to 512
[  761.474216][T10625] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  761.521963][T10625] FAT-fs (loop2): Filesystem has been set read-only
[  761.559133][T10625] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 548)
[  761.860146][T10653] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  762.867029][T10658] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  763.770293][T10666] loop3: detected capacity change from 0 to 32768
[  764.701692][T10674] loop2: detected capacity change from 0 to 16
[  764.763344][T10670] netlink: 'syz.6.1019': attribute type 1 has an invalid length.
[  764.771609][T10670] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1019'.
[  764.782192][T10674] erofs: (device loop2): mounted with root inode @ nid 36.
[  764.825184][T10674] syz.2.1023: attempt to access beyond end of device
[  764.825184][T10674] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  764.931116][T10674] syz.2.1023: attempt to access beyond end of device
[  764.931116][T10674] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  765.022340][T10674] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  765.084756][T10681] fuse: Bad value for 'fd'
[  765.725206][T10690] loop2: detected capacity change from 0 to 1024
[  765.744332][T10690] EXT4-fs: Ignoring removed bh option
[  765.760625][T10690] EXT4-fs: inline encryption not supported
[  765.785387][T10690] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  765.879286][T10690] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 2: comm syz.2.1029: lblock 2 mapped to illegal pblock 2 (length 1)
[  765.897673][T10690] __quota_error: 99 callbacks suppressed
[  765.897691][T10690] Quota error (device loop2): qtree_write_dquot: dquota write failed
[  765.922015][T10690] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 48: comm syz.2.1029: lblock 0 mapped to illegal pblock 48 (length 1)
[  765.946122][T10690] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  765.957055][T10690] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.1029: Failed to acquire dquot type 0
[  765.972917][T10690] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5920: Corrupt filesystem
[  765.995993][T10690] EXT4-fs error (device loop2): ext4_evict_inode:252: inode #11: comm syz.2.1029: mark_inode_dirty error
[  766.029754][T10690] EXT4-fs warning (device loop2): ext4_evict_inode:255: couldn't mark inode dirty (err -117)
[  766.056106][T10690] EXT4-fs (loop2): 1 orphan inode deleted
[  766.078595][T10690] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  766.104196][   T78] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:5: lblock 1 mapped to illegal pblock 1 (length 1)
[  766.150350][   T78] Quota error (device loop2): remove_tree: Can't read quota data block 1
[  766.184644][   T78] EXT4-fs error (device loop2): ext4_release_dquot:6985: comm kworker/u4:5: Failed to release dquot type 0
[  766.261599][   T78] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 2: comm kworker/u4:5: lblock 2 mapped to illegal pblock 2 (length 1)
[  766.274644][T10683] loop3: detected capacity change from 0 to 32768
[  766.328724][   T78] Quota error (device loop2): qtree_write_dquot: dquota write failed
[  766.349344][   T78] EXT4-fs error (device loop2): ext4_write_dquot:6929: comm kworker/u4:5: Failed to commit dquot type 0
[  766.386314][   T78] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -117). Quota may get out of sync!
[  766.502383][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  766.557154][T10693] ERROR: (device loop3): dbAlloc: the hint is outside the map
[  766.557154][T10693] 
[  766.575861][ T5767] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm syz-executor: Invalid inode table block 1 in block_group 0
[  766.654425][T10693] ERROR: (device loop3): remounting filesystem as read-only
[  766.662416][T10693] syz.3.1026: attempt to access beyond end of device
[  766.662416][T10693] loop3: rw=2049, sector=44032, nr_sectors = 8 limit=32768
[  766.712603][ T5767] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5920: Corrupt filesystem
[  766.762573][ T5767] EXT4-fs error (device loop2): ext4_quota_off:7233: inode #3: comm syz-executor: mark_inode_dirty error
[  767.009415][  T113] blkno = 1580, nblocks = 1
[  767.014385][  T113] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[  767.014385][  T113] 
[  767.219720][T10685] loop4: detected capacity change from 0 to 32768
[  767.324425][T10698] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  768.065738][T10685] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  768.074733][T10685] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  768.246762][T10685] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  768.337128][  T789] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  768.370179][  T789] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  768.526968][  T789] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 156ms
[  768.558625][  T789] gfs2: fsid=syz:syz.0: jid=0: Done
[  768.590986][T10685] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  768.710098][T10713] fuse: Unknown parameter '0x0000000000000003'
[  768.845491][T10715] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1037'.
[  772.170591][T10742] netlink: 'syz.2.1045': attribute type 64 has an invalid length.
[  772.192840][T10742] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1045'.
[  772.233103][T10742] netlink: 'syz.2.1045': attribute type 64 has an invalid length.
[  772.260922][T10744] fuse: Unknown parameter '0x0000000000000003'
[  772.272003][T10742] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1045'.
[  772.378701][T10742] loop2: detected capacity change from 0 to 64
[  773.558968][T10748] loop3: detected capacity change from 0 to 32768
[  773.847348][T10750] loop4: detected capacity change from 0 to 32768
[  774.552274][T10758] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  777.382975][   T42] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  777.593961][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  777.622540][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  777.645357][   T42] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  777.685857][   T42] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  777.714267][   T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.767257][   T42] usb 3-1: config 0 descriptor??
[  777.844921][T10778] loop6: detected capacity change from 0 to 4096
[  777.930088][T10778] ntfs3: loop6: Different NTFS sector size (2048) and media sector size (512).
[  778.162769][T10778] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  778.211829][T10778] ntfs3: loop6: try to read out of volume at offset 0x1ff000
[  778.317983][T10778] ntfs3: loop6: Failed to load $MFT.
[  778.360190][   T42] plantronics 0003:047F:FFFF.0005: unbalanced collection at end of report description
[  778.401099][   T42] plantronics 0003:047F:FFFF.0005: parse failed
[  778.424092][   T42] plantronics: probe of 0003:047F:FFFF.0005 failed with error -22
[  778.519400][T10785] loop4: detected capacity change from 0 to 16
[  778.592945][T10785] erofs: (device loop4): mounted with root inode @ nid 36.
[  778.667094][T10785] syz.4.1059: attempt to access beyond end of device
[  778.667094][T10785] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  778.707744][T10766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  778.727582][T10766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  778.757836][   T42] usb 3-1: USB disconnect, device number 7
[  778.805013][T10785] syz.4.1059: attempt to access beyond end of device
[  778.805013][T10785] loop4: rw=524288, sector=16, nr_sectors = 40 limit=16
[  778.887134][T10785] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  778.955434][   T27] audit: type=1800 audit(1772749640.202:279): pid=10785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1059" name="file2" dev="loop4" ino=89 res=0 errno=0
[  780.287327][T10801] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  780.904109][T10797] loop6: detected capacity change from 0 to 16
[  780.938343][T10797] erofs: (device loop6): mounted with root inode @ nid 36.
[  780.950379][T10797] syz.6.1061: attempt to access beyond end of device
[  780.950379][T10797] loop6: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  780.981981][T10797] syz.6.1061: attempt to access beyond end of device
[  780.981981][T10797] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16
[  780.996560][T10797] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  781.007734][   T27] audit: type=1800 audit(1772749642.262:280): pid=10797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1061" name="file2" dev="loop6" ino=89 res=0 errno=0
[  782.924770][   T27] audit: type=1326 audit(1772749644.172:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10822 comm="syz.6.1068" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f217cf9c799 code=0x0
[  783.045937][T10825] loop6: detected capacity change from 0 to 128
[  783.451761][T10827] loop3: detected capacity change from 0 to 4096
[  783.506006][T10827] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[  783.554404][T10827] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  783.568340][T10832] loop4: detected capacity change from 0 to 16
[  783.572931][T10827] ntfs3: loop3: try to read out of volume at offset 0x1ff000
[  783.611931][T10832] erofs: (device loop4): mounted with root inode @ nid 36.
[  783.620208][T10827] ntfs3: loop3: Failed to load $MFT.
[  783.683922][   T42] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  783.862683][   T42] usb 7-1: device descriptor read/64, error -71
[  784.114084][T10840] loop2: detected capacity change from 0 to 512
[  784.297284][   T42] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  784.882698][   T42] usb 7-1: device descriptor read/64, error -71
[  784.890266][T10840] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  785.023036][   T42] usb usb7-port1: attempt power cycle
[  785.254663][T10832] erofs: (device loop4): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 32768
[  785.325843][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  785.398318][T10832] erofs: (device loop4): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 32768
[  785.412219][T10832] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 32811 of nid 36
[  785.445910][   T42] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  785.574774][   T42] usb 7-1: device descriptor read/8, error -71
[  785.853309][   T42] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  785.936937][   T42] usb 7-1: device descriptor read/8, error -71
[  786.100196][   T42] usb usb7-port1: unable to enumerate USB device
[  786.986884][T10857] loop2: detected capacity change from 0 to 8
[  787.087765][T10858] loop6: detected capacity change from 0 to 16
[  787.529386][T10858] erofs: (device loop6): mounted with root inode @ nid 36.
[  787.624802][T10864] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1077'.
[  787.634818][T10858] syz.6.1074: attempt to access beyond end of device
[  787.634818][T10858] loop6: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  787.809921][T10858] syz.6.1074: attempt to access beyond end of device
[  787.809921][T10858] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16
[  788.052059][T10858] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  788.228186][   T27] audit: type=1800 audit(1772749649.472:282): pid=10858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1074" name="file2" dev="loop6" ino=89 res=0 errno=0
[  788.604825][T10875] loop3: detected capacity change from 0 to 32768
[  789.105583][T10879] loop4: detected capacity change from 0 to 16
[  789.118301][T10879] erofs: (device loop4): mounted with root inode @ nid 36.
[  789.127574][T10879] syz.4.1080: attempt to access beyond end of device
[  789.127574][T10879] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  789.175675][T10879] syz.4.1080: attempt to access beyond end of device
[  789.175675][T10879] loop4: rw=524288, sector=16, nr_sectors = 40 limit=16
[  789.189957][T10879] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  789.201228][   T27] audit: type=1800 audit(1772749650.442:283): pid=10879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1080" name="file2" dev="loop4" ino=89 res=0 errno=0
[  789.439358][T10881] loop3: detected capacity change from 0 to 2048
[  789.499032][T10881]  loop3: p1 p2 p3
[  789.499032][T10881]  p1: <netbsd:bad subpartition - ignored
[  789.499032][T10881]  >
[  789.516049][T10881] loop3: p2 size 458752 extends beyond EOD, truncated
[  789.525498][T10881] loop3: p3 start 65280 is beyond EOD, truncated
[  789.601871][T10883] loop6: detected capacity change from 0 to 256
[  789.654753][ T5761] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  789.720828][   T27] audit: type=1800 audit(1772749650.962:284): pid=10883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1082" name="file1" dev="loop6" ino=1048611 res=0 errno=0
[  789.861487][   T27] audit: type=1800 audit(1772749651.102:285): pid=10883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1082" name="file1" dev="loop6" ino=1048611 res=0 errno=0
[  790.278705][T10887] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  790.921517][ T5761] udevd[5761]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  790.934758][ T7467] udevd[7467]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  791.605771][T10903] FAULT_INJECTION: forcing a failure.
[  791.605771][T10903] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  791.659581][T10903] CPU: 1 PID: 10903 Comm: syz.4.1088 Not tainted syzkaller #0
[  791.667110][T10903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  791.677189][T10903] Call Trace:
[  791.680478][T10903]  <TASK>
[  791.683442][T10903]  dump_stack_lvl+0x18c/0x250
[  791.688147][T10903]  ? show_regs_print_info+0x20/0x20
[  791.693363][T10903]  ? load_image+0x400/0x400
[  791.697884][T10903]  ? __lock_acquire+0x7d40/0x7d40
[  791.702921][T10903]  ? __kasan_slab_alloc+0x6c/0x80
[  791.707941][T10903]  should_fail_ex+0x39d/0x4d0
[  791.712626][T10903]  strncpy_from_user+0x36/0x2d0
[  791.717479][T10903]  getname_flags+0xf6/0x500
[  791.721972][T10903]  __x64_sys_renameat2+0xb0/0xe0
[  791.726901][T10903]  do_syscall_64+0x55/0xa0
[  791.731306][T10903]  ? clear_bhb_loop+0x40/0x90
[  791.735979][T10903]  ? clear_bhb_loop+0x40/0x90
[  791.740687][T10903]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  791.746607][T10903] RIP: 0033:0x7f9edb39c799
[  791.751029][T10903] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  791.770647][T10903] RSP: 002b:00007f9edc1e3028 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  791.779085][T10903] RAX: ffffffffffffffda RBX: 00007f9edb615fa0 RCX: 00007f9edb39c799
[  791.787075][T10903] RDX: 0000000000000004 RSI: 00002000000001c0 RDI: 0000000000000004
[  791.795037][T10903] RBP: 00007f9edc1e3090 R08: 0000000000000000 R09: 0000000000000000
[  791.803001][T10903] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  791.810956][T10903] R13: 00007f9edb616038 R14: 00007f9edb615fa0 R15: 00007ffda0f4aee8
[  791.818919][T10903]  </TASK>
[  792.416958][T10912] loop6: detected capacity change from 0 to 16
[  792.502773][T10912] erofs: (device loop6): mounted with root inode @ nid 36.
[  792.531352][T10914] loop2: detected capacity change from 0 to 512
[  792.541456][T10914] EXT4-fs: Ignoring removed nomblk_io_submit option
[  792.549420][T10912] syz.6.1091: attempt to access beyond end of device
[  792.549420][T10912] loop6: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  792.677431][T10912] syz.6.1091: attempt to access beyond end of device
[  792.677431][T10912] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16
[  792.678462][T10914] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  792.703802][T10914] ext4 filesystem being mounted at /286/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  792.872872][T10912] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  792.917871][T10922] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0
[  792.930159][   T27] audit: type=1800 audit(1772749654.182:286): pid=10912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1091" name="file2" dev="loop6" ino=89 res=0 errno=0
[  792.933729][T10908] loop3: detected capacity change from 0 to 32768
[  792.950082][  T789] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  793.053273][T10922] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  793.157524][T10922] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.1093: Failed to acquire dquot type 1
[  793.585754][  T789] usb 5-1: Using ep0 maxpacket: 8
[  793.616069][T10925] blkno = 8ed2c, nblocks = 1
[  793.627225][T10925] ERROR: (device loop3): dbFree: block to be freed is outside the map
[  793.627225][T10925] 
[  793.775773][  T789] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  793.786679][  T789] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  793.792592][T10925] ERROR: (device loop3): remounting filesystem as read-only
[  793.813235][  T789] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  793.849966][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  793.861508][  T789] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  793.882894][T10925] ialloc: diAlloc returned -17!
[  793.912105][  T789] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  793.934273][  T789] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  794.244216][  T789] usb 5-1: GET_CAPABILITIES returned 0
[  794.249766][  T789] usbtmc 5-1:16.0: can't read capabilities
[  794.375625][T10927] loop2: detected capacity change from 0 to 4096
[  794.447116][T10927] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing.
[  794.472779][T10927] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  794.541801][T10927] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  794.593694][T10927] ntfs: volume version 3.1.
[  794.771754][    C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  794.877971][T10927] netlink: 'syz.2.1094': attribute type 10 has an invalid length.
[  794.891043][    T9] usb 5-1: USB disconnect, device number 16
[  794.924062][T10927] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.1094'.
[  794.959611][T10927] ntfs: (device loop2): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -28).
[  794.975225][T10927] ntfs: (device loop2): ntfs_attr_extend_allocation(): Cannot extend allocation of inode 0x43, attribute type 0x80, because the allocation of clusters failed with error code -28.
[  795.152658][   T27] audit: type=1804 audit(1772749656.372:287): pid=10935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1094" name="/newroot/287/file2/file1" dev="loop2" ino=67 res=1 errno=0
[  795.375254][T10939] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  796.118080][T10943] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1094'.
[  796.344922][T10950] loop4: detected capacity change from 0 to 4096
[  796.423433][T10950] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512).
[  796.442407][ T5767] ntfs: (device loop2): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  796.483367][T10950] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  796.551260][T10950] ntfs3: loop4: try to read out of volume at offset 0x1ff000
[  796.585556][T10950] ntfs3: loop4: Failed to load $MFT.
[  797.323521][T10967] loop6: detected capacity change from 0 to 32768
[  797.371955][T10967] ERROR: (device loop6): dbAlloc: the hint is outside the map
[  797.371955][T10967] 
[  797.389018][T10967] ERROR: (device loop6): remounting filesystem as read-only
[  797.397170][T10967] syz.6.1106: attempt to access beyond end of device
[  797.397170][T10967] loop6: rw=2049, sector=44032, nr_sectors = 8 limit=32768
[  797.411131][   T23] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  797.516691][  T113] blkno = 1580, nblocks = 1
[  797.524013][  T113] ERROR: (device loop6): dbUpdatePMap: blocks are outside the map
[  797.524013][  T113] 
[  797.612679][   T23] usb 3-1: Using ep0 maxpacket: 8
[  797.626262][   T23] usb 3-1: unable to get BOS descriptor or descriptor too short
[  797.645829][   T23] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  797.656353][   T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  797.664740][   T23] usb 3-1: Product: syz
[  797.669807][   T23] usb 3-1: Manufacturer: syz
[  797.684345][   T23] usb 3-1: SerialNumber: syz
[  797.929731][   T23] usb 3-1: 1:1: invalid format type 0x1002 is detected, processed as PCM
[  797.945823][   T23] usb 3-1: 1:1 : invalid UAC_FORMAT_TYPE desc
[  797.962578][   T23] usb 3-1: 1:1 : invalid channels 0
[  797.975421][   T23] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  798.019168][   T23] usb 3-1: USB disconnect, device number 8
[  798.076258][ T5784] udevd[5784]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  798.098195][T10978] netlink: 'syz.6.1110': attribute type 1 has an invalid length.
[  798.148660][T10978] bond1: entered promiscuous mode
[  798.154206][T10978] 8021q: adding VLAN 0 to HW filter on device bond1
[  798.318143][T10978] 8021q: adding VLAN 0 to HW filter on device bond1
[  798.336043][T10978] bond1: (slave vcan2): The slave device specified does not support setting the MAC address
[  798.356249][T10982] loop3: detected capacity change from 0 to 4096
[  798.376816][T10978] bond1: (slave vcan2): Setting fail_over_mac to active for active-backup mode
[  798.395866][T10982] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing.
[  798.417111][T10978] bond1: (slave vcan2): making interface the new active one
[  798.425925][T10982] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  798.440519][T10978] vcan2: entered promiscuous mode
[  798.446549][T10982] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  798.461728][T10978] bond1: (slave vcan2): Enslaving as an active interface with an up link
[  798.511947][T10982] ntfs: volume version 3.1.
[  798.659852][T10982] netlink: 'syz.3.1111': attribute type 10 has an invalid length.
[  798.707045][T10982] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.1111'.
[  798.789199][T10986] loop2: detected capacity change from 0 to 4096
[  798.816508][T10986] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512).
[  798.978512][T10986] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  798.994944][T10986] ntfs3: loop2: try to read out of volume at offset 0x1ff000
[  799.008342][T10986] ntfs3: loop2: Failed to load $MFT.
[  799.034327][T10992] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1111'.
[  799.699561][T11003] FAULT_INJECTION: forcing a failure.
[  799.699561][T11003] name failslab, interval 1, probability 0, space 0, times 0
[  799.717637][T11003] CPU: 1 PID: 11003 Comm: syz.2.1117 Not tainted syzkaller #0
[  799.725147][T11003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  799.735208][T11003] Call Trace:
[  799.738479][T11003]  <TASK>
[  799.741403][T11003]  dump_stack_lvl+0x18c/0x250
[  799.746089][T11003]  ? show_regs_print_info+0x20/0x20
[  799.751284][T11003]  ? load_image+0x400/0x400
[  799.755783][T11003]  ? __might_sleep+0xe0/0xe0
[  799.760368][T11003]  ? __lock_acquire+0x7d40/0x7d40
[  799.765387][T11003]  ? kasan_set_track+0x5f/0x70
[  799.770141][T11003]  ? __kasan_kmalloc+0x8f/0xa0
[  799.774901][T11003]  ? __kmalloc+0xb4/0x230
[  799.779230][T11003]  should_fail_ex+0x39d/0x4d0
[  799.783909][T11003]  should_failslab+0x9/0x20
[  799.788405][T11003]  slab_pre_alloc_hook+0x59/0x310
[  799.793428][T11003]  kmem_cache_alloc_lru+0x4d/0x2d0
[  799.798535][T11003]  ? shmem_alloc_inode+0x28/0x40
[  799.803474][T11003]  shmem_alloc_inode+0x28/0x40
[  799.808228][T11003]  ? shmem_match+0x160/0x160
[  799.812807][T11003]  new_inode_pseudo+0x63/0x1d0
[  799.817562][T11003]  new_inode+0x22/0x1b0
[  799.821705][T11003]  ? __rwlock_init+0x150/0x150
[  799.826476][T11003]  shmem_get_inode+0x34f/0xcc0
[  799.831251][T11003]  __shmem_file_setup+0x167/0x2c0
[  799.836273][T11003]  __se_sys_memfd_create+0x357/0x660
[  799.841579][T11003]  do_syscall_64+0x55/0xa0
[  799.846015][T11003]  ? clear_bhb_loop+0x40/0x90
[  799.850698][T11003]  ? clear_bhb_loop+0x40/0x90
[  799.855373][T11003]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  799.861264][T11003] RIP: 0033:0x7f6e2019c799
[  799.865674][T11003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  799.885273][T11003] RSP: 002b:00007f6e1e3f5e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  799.893680][T11003] RAX: ffffffffffffffda RBX: 000000000000019e RCX: 00007f6e2019c799
[  799.901645][T11003] RDX: 00007f6e1e3f5ee0 RSI: 0000000000000000 RDI: 00007f6e20232db9
[  799.909604][T11003] RBP: 0000200000000440 R08: 00000000ffffffff R09: 0000000000000000
[  799.917564][T11003] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000200
[  799.925525][T11003] R13: 00007f6e1e3f5ee0 R14: 00007f6e1e3f5ea0 R15: 0000200000000b80
[  799.933501][T11003]  </TASK>
[  799.976586][T11004] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1118'.
[  799.993856][ T5768] __ntfs_warning: 3 callbacks suppressed
[  799.993871][ T5768] ntfs: (device loop3): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  800.070417][T11004] bridge_slave_1: left allmulticast mode
[  800.152911][T11004] bridge_slave_1: left promiscuous mode
[  800.185738][T11004] bridge0: port 2(bridge_slave_1) entered disabled state
[  800.330727][T11004] bridge_slave_0: left allmulticast mode
[  800.334815][T11010] loop3: detected capacity change from 0 to 512
[  800.356695][T11010] EXT4-fs: Ignoring removed oldalloc option
[  800.409574][T11010] ext4: Unknown parameter 'seclabel'
[  800.419703][T11004] bridge_slave_0: left promiscuous mode
[  800.433914][T11004] bridge0: port 1(bridge_slave_0) entered disabled state
[  802.142195][T11025] FAULT_INJECTION: forcing a failure.
[  802.142195][T11025] name failslab, interval 1, probability 0, space 0, times 0
[  802.219658][T11025] CPU: 0 PID: 11025 Comm: syz.2.1124 Not tainted syzkaller #0
[  802.227177][T11025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  802.237241][T11025] Call Trace:
[  802.240534][T11025]  <TASK>
[  802.243479][T11025]  dump_stack_lvl+0x18c/0x250
[  802.248192][T11025]  ? show_regs_print_info+0x20/0x20
[  802.253426][T11025]  ? load_image+0x400/0x400
[  802.257970][T11025]  ? __might_sleep+0xe0/0xe0
[  802.262587][T11025]  ? __lock_acquire+0x7d40/0x7d40
[  802.267622][T11025]  ? kasan_set_track+0x5f/0x70
[  802.272373][T11025]  ? __kasan_kmalloc+0x8f/0xa0
[  802.277134][T11025]  ? __kmalloc+0xb4/0x230
[  802.281489][T11025]  should_fail_ex+0x39d/0x4d0
[  802.286187][T11025]  should_failslab+0x9/0x20
[  802.290712][T11025]  slab_pre_alloc_hook+0x59/0x310
[  802.295756][T11025]  kmem_cache_alloc_lru+0x4d/0x2d0
[  802.300873][T11025]  ? shmem_alloc_inode+0x28/0x40
[  802.305811][T11025]  shmem_alloc_inode+0x28/0x40
[  802.310580][T11025]  ? shmem_match+0x160/0x160
[  802.315163][T11025]  new_inode_pseudo+0x63/0x1d0
[  802.319921][T11025]  new_inode+0x22/0x1b0
[  802.324068][T11025]  ? __rwlock_init+0x150/0x150
[  802.328835][T11025]  shmem_get_inode+0x34f/0xcc0
[  802.333603][T11025]  __shmem_file_setup+0x167/0x2c0
[  802.338625][T11025]  __se_sys_memfd_create+0x357/0x660
[  802.343908][T11025]  do_syscall_64+0x55/0xa0
[  802.348320][T11025]  ? clear_bhb_loop+0x40/0x90
[  802.352992][T11025]  ? clear_bhb_loop+0x40/0x90
[  802.357670][T11025]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  802.363555][T11025] RIP: 0033:0x7f6e2019c799
[  802.367965][T11025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  802.387567][T11025] RSP: 002b:00007f6e1e3f5e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  802.395980][T11025] RAX: ffffffffffffffda RBX: 0000000000009dc3 RCX: 00007f6e2019c799
[  802.403949][T11025] RDX: 00007f6e1e3f5ee0 RSI: 0000000000000000 RDI: 00007f6e20232db9
[  802.411931][T11025] RBP: 0000200000009ec0 R08: 00000000ffffffff R09: 0000000000000000
[  802.419918][T11025] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000009e40
[  802.427888][T11025] R13: 00007f6e1e3f5ee0 R14: 00007f6e1e3f5ea0 R15: 0000200000009e80
[  802.435864][T11025]  </TASK>
[  802.844504][T11039] FAULT_INJECTION: forcing a failure.
[  802.844504][T11039] name failslab, interval 1, probability 0, space 0, times 0
[  802.865051][T11039] CPU: 0 PID: 11039 Comm: syz.4.1127 Not tainted syzkaller #0
[  802.872537][T11039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  802.882584][T11039] Call Trace:
[  802.885853][T11039]  <TASK>
[  802.888769][T11039]  dump_stack_lvl+0x18c/0x250
[  802.893441][T11039]  ? show_regs_print_info+0x20/0x20
[  802.898633][T11039]  ? load_image+0x400/0x400
[  802.903125][T11039]  ? __might_sleep+0xe0/0xe0
[  802.907703][T11039]  ? __lock_acquire+0x7d40/0x7d40
[  802.912723][T11039]  ? kasan_set_track+0x5f/0x70
[  802.917489][T11039]  ? __kasan_kmalloc+0x8f/0xa0
[  802.922239][T11039]  ? __kmalloc+0xb4/0x230
[  802.926559][T11039]  should_fail_ex+0x39d/0x4d0
[  802.931232][T11039]  should_failslab+0x9/0x20
[  802.935724][T11039]  slab_pre_alloc_hook+0x59/0x310
[  802.940773][T11039]  kmem_cache_alloc_lru+0x4d/0x2d0
[  802.945878][T11039]  ? shmem_alloc_inode+0x28/0x40
[  802.950807][T11039]  shmem_alloc_inode+0x28/0x40
[  802.955555][T11039]  ? shmem_match+0x160/0x160
[  802.960127][T11039]  new_inode_pseudo+0x63/0x1d0
[  802.964884][T11039]  new_inode+0x22/0x1b0
[  802.969026][T11039]  ? __rwlock_init+0x150/0x150
[  802.973781][T11039]  shmem_get_inode+0x34f/0xcc0
[  802.978537][T11039]  __shmem_file_setup+0x167/0x2c0
[  802.983548][T11039]  __se_sys_memfd_create+0x357/0x660
[  802.988821][T11039]  do_syscall_64+0x55/0xa0
[  802.993225][T11039]  ? clear_bhb_loop+0x40/0x90
[  802.997887][T11039]  ? clear_bhb_loop+0x40/0x90
[  803.002553][T11039]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  803.008431][T11039] RIP: 0033:0x7f9edb39c799
[  803.012833][T11039] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  803.032436][T11039] RSP: 002b:00007f9edc1e2e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  803.040851][T11039] RAX: ffffffffffffffda RBX: 0000000000000290 RCX: 00007f9edb39c799
[  803.048811][T11039] RDX: 00007f9edc1e2ee0 RSI: 0000000000000000 RDI: 00007f9edb432db9
[  803.056767][T11039] RBP: 0000200000000380 R08: 00000000ffffffff R09: 0000000000000000
[  803.064725][T11039] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000300
[  803.072682][T11039] R13: 00007f9edc1e2ee0 R14: 00007f9edc1e2ea0 R15: 0000200000000340
[  803.080647][T11039]  </TASK>
[  803.372687][T11042] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  804.054485][T11049] loop3: detected capacity change from 0 to 16
[  804.173287][T11049] erofs: (device loop3): mounted with root inode @ nid 36.
[  804.244373][T11049] syz.3.1129: attempt to access beyond end of device
[  804.244373][T11049] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  804.328083][T11049] syz.3.1129: attempt to access beyond end of device
[  804.328083][T11049] loop3: rw=524288, sector=16, nr_sectors = 40 limit=16
[  804.454886][T11049] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  804.606647][   T27] audit: type=1800 audit(1772749665.852:289): pid=11049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1129" name="file2" dev="loop3" ino=89 res=0 errno=0
[  804.734087][T11059] loop6: detected capacity change from 0 to 128
[  806.333567][T11059] affs: No valid root block on device loop6
[  806.955940][T11070] loop4: detected capacity change from 0 to 16
[  806.999541][T11070] erofs: (device loop4): mounted with root inode @ nid 36.
[  807.019638][T11070] syz.4.1136: attempt to access beyond end of device
[  807.019638][T11070] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  807.706414][   T27] audit: type=1800 audit(1772749668.952:290): pid=11070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1136" name="file2" dev="loop4" ino=89 res=0 errno=0
[  808.966875][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  808.973284][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  809.661683][T11078] loop3: detected capacity change from 0 to 32768
[  810.450787][T11072] loop6: detected capacity change from 0 to 32768
[  812.042567][T11103] loop2: detected capacity change from 0 to 16
[  813.169846][T11103] erofs: (device loop2): mounted with root inode @ nid 36.
[  813.185041][T11102] syz.2.1146: attempt to access beyond end of device
[  813.185041][T11102] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  813.209304][T11102] syz.2.1146: attempt to access beyond end of device
[  813.209304][T11102] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  813.223141][T11102] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  813.241988][   T27] audit: type=1800 audit(1772749674.482:291): pid=11102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1146" name="file2" dev="loop2" ino=89 res=0 errno=0
[  813.302967][T11098] loop4: detected capacity change from 0 to 4096
[  813.366720][T11098] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512).
[  813.444402][T11098] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  813.530196][T11098] ntfs3: loop4: try to read out of volume at offset 0x1ff000
[  813.554937][T11098] ntfs3: loop4: Failed to load $MFT.
[  814.071228][T11110] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  816.151270][T11120] loop6: detected capacity change from 0 to 4096
[  816.243032][T11120] ntfs3: loop6: Different NTFS sector size (2048) and media sector size (512).
[  816.312041][T11120] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  816.392645][T11120] ntfs3: loop6: try to read out of volume at offset 0x1ff000
[  816.400168][T11120] ntfs3: loop6: Failed to load $MFT.
[  816.506243][T11115] loop3: detected capacity change from 0 to 32768
[  817.193188][  T789] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  817.393804][  T789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  817.404953][  T789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  817.414774][  T789] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  817.428160][  T789] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  817.437499][  T789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.448146][  T789] usb 3-1: config 0 descriptor??
[  817.866453][  T789] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x1
[  817.873990][  T789] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x7
[  817.881468][  T789] plantronics 0003:047F:FFFF.0006: unbalanced collection at end of report description
[  817.891978][  T789] plantronics 0003:047F:FFFF.0006: parse failed
[  817.898501][  T789] plantronics: probe of 0003:047F:FFFF.0006 failed with error -22
[  818.089296][T11128] loop2: detected capacity change from 0 to 128
[  818.104266][T11128] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  818.121828][T11128] hpfs: filesystem error: improperly stopped
[  818.128685][T11128] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  818.137148][T11128] hpfs: You really don't want any checks? You are crazy...
[  818.145935][T11128] hpfs: hpfs_map_sector(): read error
[  818.151347][T11128] hpfs: code page support is disabled
[  818.157860][T11128] hpfs: hpfs_map_4sectors(): unaligned read
[  818.164555][T11128] hpfs: hpfs_map_4sectors(): unaligned read
[  818.170476][T11128] hpfs: filesystem error: unable to find root dir
[  818.190947][T11128] hpfs: hpfs_map_4sectors(): unaligned read
[  818.204697][T11128] hpfs: hpfs_map_sector(): read error
[  818.212083][T11128] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  818.222815][T11128] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  818.234340][   T42] usb 3-1: USB disconnect, device number 9
[  827.804915][T11150] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  828.428443][   T27] audit: type=1326 audit(1772749689.672:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11140 comm="syz.2.1159" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x0
[  828.528343][T11152] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1159'.
[  828.557333][T11152] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1159'.
[  828.571337][T11152] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1159'.
[  828.687942][T11156] loop6: detected capacity change from 0 to 16
[  829.471156][T11156] erofs: (device loop6): mounted with root inode @ nid 36.
[  829.486695][T11155] syz.6.1162: attempt to access beyond end of device
[  829.486695][T11155] loop6: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  829.504010][T11155] syz.6.1162: attempt to access beyond end of device
[  829.504010][T11155] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16
[  829.518089][T11155] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  829.529701][   T27] audit: type=1800 audit(1772749690.772:293): pid=11155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1162" name="file2" dev="loop6" ino=89 res=0 errno=0
[  831.950403][T11171] loop6: detected capacity change from 0 to 4096
[  832.005716][T11171] ntfs3: loop6: Different NTFS sector size (2048) and media sector size (512).
[  832.099067][T11171] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  832.207495][T11171] ntfs3: loop6: try to read out of volume at offset 0x1ff000
[  832.222641][T11171] ntfs3: loop6: Failed to load $MFT.
[  832.281551][T11171] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1166'.
[  832.550171][T11177] loop3: detected capacity change from 0 to 512
[  832.571808][T11177] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  832.922626][T11177] EXT4-fs (loop3): 1 truncate cleaned up
[  832.929641][T11177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  834.675860][T11194] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  834.906411][T11201] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1175'.
[  835.078944][T11204] netlink: 'syz.2.1175': attribute type 3 has an invalid length.
[  835.288966][T11212] loop6: detected capacity change from 0 to 16
[  835.321694][T11212] erofs: (device loop6): mounted with root inode @ nid 36.
[  835.403439][T11212] syz.6.1177: attempt to access beyond end of device
[  835.403439][T11212] loop6: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  835.520165][T11212] syz.6.1177: attempt to access beyond end of device
[  835.520165][T11212] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16
[  835.534623][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  835.551071][T11212] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  835.616943][   T27] audit: type=1800 audit(1772749696.862:294): pid=11212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1177" name="file2" dev="loop6" ino=89 res=0 errno=0
[  836.089375][T11225] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  836.954492][T11228] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  837.348377][T11233] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  838.472706][ T5773] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  838.685336][ T5773] usb 3-1: Using ep0 maxpacket: 16
[  838.693268][ T5773] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  838.714689][ T5773] usb 3-1: config 0 interface 0 has no altsetting 0
[  838.721363][ T5773] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  838.745417][ T5773] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  838.769530][T11222] loop3: detected capacity change from 0 to 32768
[  838.769920][ T5773] usb 3-1: config 0 descriptor??
[  839.201679][T11241] x_tables: ip_tables: HMARK.0 target: invalid size 64 (kernel) != (user) 72
[  839.677669][ T5773] usbhid 3-1:0.0: can't add hid device: -71
[  839.696603][ T5773] usbhid: probe of 3-1:0.0 failed with error -71
[  839.727838][ T5773] usb 3-1: USB disconnect, device number 10
[  840.357114][T11282] netlink: 'syz.2.1201': attribute type 1 has an invalid length.
[  840.399597][T11282] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address
[  840.411901][T11282] bond1: (slave vxcan1): Error -95 calling set_mac_address
[  840.454202][T11285] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1201'.
[  840.482237][T11285] bond1: (slave bridge2): Enslaving as an active interface with a down link
[  840.511373][T11282] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1201'.
[  840.521768][T11282] 8021q: adding VLAN 0 to HW filter on device bond1
[  840.548624][T11282] macvlan2: entered promiscuous mode
[  840.554302][T11282] macvlan2: entered allmulticast mode
[  841.596201][T11295] loop2: detected capacity change from 0 to 512
[  841.609852][T11295] EXT4-fs: Ignoring removed nomblk_io_submit option
[  841.647001][T11295] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  841.666155][T11295] ext4 filesystem being mounted at /320/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  841.739728][T11299] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0
[  841.750370][T11299] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  841.761701][T11299] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.1206: Failed to acquire dquot type 1
[  842.462246][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  842.802554][ T8194] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  842.991514][ T8194] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  843.007632][ T8194] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  843.028250][ T8194] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  843.068475][ T8194] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  843.088068][ T8194] usb 3-1: config 0 descriptor??
[  843.316628][T11311] loop6: detected capacity change from 0 to 32768
[  843.377040][T11311] ERROR: (device loop6): dbAlloc: the hint is outside the map
[  843.377040][T11311] 
[  843.392978][T11311] ERROR: (device loop6): remounting filesystem as read-only
[  843.401163][T11311] syz.6.1210: attempt to access beyond end of device
[  843.401163][T11311] loop6: rw=2049, sector=44032, nr_sectors = 8 limit=32768
[  843.466055][  T114] blkno = 1580, nblocks = 1
[  843.470738][  T114] ERROR: (device loop6): dbUpdatePMap: blocks are outside the map
[  843.470738][  T114] 
[  843.557247][ T8194] konepure 0003:1E7D:2DBE.0007: unknown main item tag 0x0
[  843.583705][ T8194] konepure 0003:1E7D:2DBE.0007: unknown main item tag 0x0
[  843.595353][ T8194] konepure 0003:1E7D:2DBE.0007: item fetching failed at offset 3/7
[  843.607478][ T8194] konepure 0003:1E7D:2DBE.0007: parse failed
[  843.615160][ T8194] konepure: probe of 0003:1E7D:2DBE.0007 failed with error -22
[  843.777481][T11309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  843.819671][T11309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  843.908417][ T8194] usb 3-1: USB disconnect, device number 11
[  844.240018][T11329] loop6: detected capacity change from 0 to 32768
[  844.717873][T11332] loop6: detected capacity change from 0 to 4096
[  844.728884][T11332] ntfs3: loop6: Different NTFS sector size (2048) and media sector size (512).
[  844.739267][T11332] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  844.747800][T11332] ntfs3: loop6: try to read out of volume at offset 0x1ff000
[  844.755883][T11332] ntfs3: loop6: Failed to load $MFT.
[  844.766292][T11332] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1218'.
[  845.187381][T11336] loop3: detected capacity change from 0 to 32768
[  845.228018][T11336] ERROR: (device loop3): dbAlloc: the hint is outside the map
[  845.228018][T11336] 
[  845.238392][T11336] ERROR: (device loop3): remounting filesystem as read-only
[  845.246621][T11336] syz.3.1220: attempt to access beyond end of device
[  845.246621][T11336] loop3: rw=2049, sector=44032, nr_sectors = 8 limit=32768
[  845.316658][  T113] blkno = 1580, nblocks = 1
[  845.321568][  T113] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[  845.321568][  T113] 
[  846.101673][T11351] loop3: detected capacity change from 0 to 1024
[  846.376303][T11345] loop4: detected capacity change from 0 to 131072
[  846.388822][T11345] F2FS-fs (loop4): Test dummy encryption mode enabled
[  846.407840][T11345] F2FS-fs (loop4): invalid crc value
[  846.420880][T11345] F2FS-fs (loop4): Found nat_bits in checkpoint
[  846.484964][T11345] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  846.634712][T11347] loop6: detected capacity change from 0 to 32768
[  846.881585][T11358] loop4: detected capacity change from 0 to 4096
[  846.900733][T11358] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512).
[  846.919954][T11358] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  846.931249][T11358] ntfs3: loop4: try to read out of volume at offset 0x1ff000
[  846.941434][T11358] ntfs3: loop4: Failed to load $MFT.
[  847.037383][T11358] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1228'.
[  847.261546][ T7362] hfsplus: b-tree write err: -5, ino 25
[  847.283282][ T7362] hfsplus: b-tree write err: -5, ino 4
[  847.304619][ T7362] hfsplus: b-tree write err: -5, ino 2
[  847.394068][T11370] FAULT_INJECTION: forcing a failure.
[  847.394068][T11370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  847.423724][T11370] CPU: 0 PID: 11370 Comm: syz.4.1233 Not tainted syzkaller #0
[  847.431244][T11370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  847.441325][T11370] Call Trace:
[  847.444622][T11370]  <TASK>
[  847.447575][T11370]  dump_stack_lvl+0x18c/0x250
[  847.452286][T11370]  ? show_regs_print_info+0x20/0x20
[  847.457534][T11370]  ? load_image+0x400/0x400
[  847.462075][T11370]  ? __lock_acquire+0x7d40/0x7d40
[  847.467128][T11370]  ? snprintf+0xe9/0x140
[  847.471402][T11370]  should_fail_ex+0x39d/0x4d0
[  847.476115][T11370]  _copy_to_user+0x2f/0xa0
[  847.480571][T11370]  simple_read_from_buffer+0xe7/0x150
[  847.485983][T11370]  proc_fail_nth_read+0x1e8/0x260
[  847.491037][T11370]  ? proc_fault_inject_write+0x360/0x360
[  847.496700][T11370]  ? fsnotify_perm+0x271/0x5e0
[  847.501483][T11370]  ? proc_fault_inject_write+0x360/0x360
[  847.507135][T11370]  vfs_read+0x28b/0x970
[  847.511302][T11370]  ? kernel_read+0x1e0/0x1e0
[  847.515892][T11370]  ? __fget_files+0x28/0x4b0
[  847.520478][T11370]  ? __fget_files+0x28/0x4b0
[  847.525062][T11370]  ? __fget_files+0x43d/0x4b0
[  847.529737][T11370]  ? __fdget_pos+0x2a3/0x330
[  847.534321][T11370]  ? ksys_read+0x75/0x260
[  847.538650][T11370]  ksys_read+0x150/0x260
[  847.542887][T11370]  ? vfs_write+0x990/0x990
[  847.547300][T11370]  ? lockdep_hardirqs_on+0x98/0x150
[  847.552508][T11370]  do_syscall_64+0x55/0xa0
[  847.556931][T11370]  ? clear_bhb_loop+0x40/0x90
[  847.561599][T11370]  ? clear_bhb_loop+0x40/0x90
[  847.566285][T11370]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  847.572192][T11370] RIP: 0033:0x7f9edb35cfce
[  847.576611][T11370] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  847.596215][T11370] RSP: 002b:00007f9edc1e2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  847.604622][T11370] RAX: ffffffffffffffda RBX: 00007f9edc1e36c0 RCX: 00007f9edb35cfce
[  847.612601][T11370] RDX: 000000000000000f RSI: 00007f9edc1e30a0 RDI: 0000000000000004
[  847.620573][T11370] RBP: 00007f9edc1e3090 R08: 0000000000000000 R09: 0000000000000000
[  847.628541][T11370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  847.636509][T11370] R13: 00007f9edb616038 R14: 00007f9edb615fa0 R15: 00007ffda0f4aee8
[  847.644484][T11370]  </TASK>
[  847.942636][T11383] FAULT_INJECTION: forcing a failure.
[  847.942636][T11383] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  847.969103][T11382] loop2: detected capacity change from 0 to 512
[  847.986773][T11383] CPU: 1 PID: 11383 Comm: syz.6.1236 Not tainted syzkaller #0
[  847.994292][T11383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  848.004371][T11383] Call Trace:
[  848.007664][T11383]  <TASK>
[  848.010601][T11383]  dump_stack_lvl+0x18c/0x250
[  848.014575][T11382] EXT4-fs: Ignoring removed nomblk_io_submit option
[  848.015299][T11383]  ? show_regs_print_info+0x20/0x20
[  848.027105][T11383]  ? load_image+0x400/0x400
[  848.031637][T11383]  ? __lock_acquire+0x7d40/0x7d40
[  848.036690][T11383]  ? snprintf+0xe9/0x140
[  848.041390][T11383]  should_fail_ex+0x39d/0x4d0
[  848.046096][T11383]  _copy_to_user+0x2f/0xa0
[  848.050541][T11383]  simple_read_from_buffer+0xe7/0x150
[  848.055954][T11383]  proc_fail_nth_read+0x1e8/0x260
[  848.061014][T11383]  ? proc_fault_inject_write+0x360/0x360
[  848.066682][T11383]  ? fsnotify_perm+0x271/0x5e0
[  848.071486][T11383]  ? proc_fault_inject_write+0x360/0x360
[  848.077149][T11383]  vfs_read+0x28b/0x970
[  848.081325][T11383]  ? kernel_read+0x1e0/0x1e0
[  848.085927][T11383]  ? __fget_files+0x28/0x4b0
[  848.090519][T11383]  ? __fget_files+0x28/0x4b0
[  848.095108][T11383]  ? __fget_files+0x43d/0x4b0
[  848.099783][T11383]  ? __fdget_pos+0x2a3/0x330
[  848.104414][T11383]  ? ksys_read+0x75/0x260
[  848.108739][T11383]  ksys_read+0x150/0x260
[  848.112978][T11383]  ? vfs_write+0x990/0x990
[  848.117389][T11383]  ? lockdep_hardirqs_on+0x98/0x150
[  848.122581][T11383]  do_syscall_64+0x55/0xa0
[  848.126989][T11383]  ? clear_bhb_loop+0x40/0x90
[  848.131660][T11383]  ? clear_bhb_loop+0x40/0x90
[  848.136330][T11383]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  848.142213][T11383] RIP: 0033:0x7f217cf5cfce
[  848.146621][T11383] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  848.166223][T11383] RSP: 002b:00007f217def1fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  848.174671][T11383] RAX: ffffffffffffffda RBX: 00007f217def26c0 RCX: 00007f217cf5cfce
[  848.182637][T11383] RDX: 000000000000000f RSI: 00007f217def20a0 RDI: 0000000000000006
[  848.190598][T11383] RBP: 00007f217def2090 R08: 0000000000000000 R09: 0000000000000000
[  848.198559][T11383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  848.206522][T11383] R13: 00007f217d216128 R14: 00007f217d216090 R15: 00007ffcc701abe8
[  848.214760][T11383]  </TASK>
[  848.231638][T11381] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1239'.
[  848.326052][T11384] loop3: detected capacity change from 0 to 4096
[  848.337515][T11384] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  848.476559][T11382] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  848.524436][T11382] ext4 filesystem being mounted at /326/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  848.696077][T11397] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0
[  848.750906][T11397] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  848.774756][T11397] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.1238: Failed to acquire dquot type 1
[  848.843886][T11379] loop4: detected capacity change from 0 to 32768
[  848.929486][ T5767] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  849.046925][T11403] comedi comedi2: pcl816: I/O port conflict (0x10,16)
[  849.225327][T11412] FAULT_INJECTION: forcing a failure.
[  849.225327][T11412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  849.238748][T11412] CPU: 0 PID: 11412 Comm: syz.4.1248 Not tainted syzkaller #0
[  849.246228][T11412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  849.256293][T11412] Call Trace:
[  849.259569][T11412]  <TASK>
[  849.262490][T11412]  dump_stack_lvl+0x18c/0x250
[  849.267167][T11412]  ? show_regs_print_info+0x20/0x20
[  849.272357][T11412]  ? load_image+0x400/0x400
[  849.276851][T11412]  ? __might_fault+0xaa/0x120
[  849.281518][T11412]  ? __lock_acquire+0x7d40/0x7d40
[  849.286537][T11412]  should_fail_ex+0x39d/0x4d0
[  849.291223][T11412]  _copy_from_user+0x2f/0xe0
[  849.295814][T11412]  strndup_user+0xb7/0x150
[  849.300229][T11412]  __se_sys_request_key+0x188/0x350
[  849.305424][T11412]  ? __x64_sys_request_key+0xb0/0xb0
[  849.310733][T11412]  ? lockdep_hardirqs_on+0x98/0x150
[  849.315925][T11412]  do_syscall_64+0x55/0xa0
[  849.320336][T11412]  ? clear_bhb_loop+0x40/0x90
[  849.325006][T11412]  ? clear_bhb_loop+0x40/0x90
[  849.329675][T11412]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  849.335558][T11412] RIP: 0033:0x7f9edb39c799
[  849.339964][T11412] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  849.359561][T11412] RSP: 002b:00007f9edc1e3028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9
[  849.367965][T11412] RAX: ffffffffffffffda RBX: 00007f9edb615fa0 RCX: 00007f9edb39c799
[  849.375927][T11412] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 0000200000000240
[  849.383887][T11412] RBP: 00007f9edc1e3090 R08: 0000000000000000 R09: 0000000000000000
[  849.391846][T11412] R10: fffffffffffffffc R11: 0000000000000246 R12: 0000000000000001
[  849.399808][T11412] R13: 00007f9edb616038 R14: 00007f9edb615fa0 R15: 00007ffda0f4aee8
[  849.407800][T11412]  </TASK>
[  849.596352][T11419] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1251'.
[  849.972884][T11432] loop4: detected capacity change from 0 to 512
[  849.990171][T11432] EXT4-fs: Ignoring removed nomblk_io_submit option
[  850.040646][T11432] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  850.066733][T11432] ext4 filesystem being mounted at /261/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  850.313533][T11441] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0
[  850.327777][T11441] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  850.344366][T11441] EXT4-fs error (device loop4): ext4_acquire_dquot:6949: comm syz.4.1256: Failed to acquire dquot type 1
[  850.681846][T11448] loop2: detected capacity change from 0 to 16
[  850.695765][T11448] erofs: (device loop2): mounted with root inode @ nid 36.
[  850.708375][T11448] syz.2.1258: attempt to access beyond end of device
[  850.708375][T11448] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  850.725864][T11448] syz.2.1258: attempt to access beyond end of device
[  850.725864][T11448] loop2: rw=524288, sector=16, nr_sectors = 40 limit=16
[  850.740357][T11448] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  850.754874][   T27] audit: type=1800 audit(1772749711.992:295): pid=11448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1258" name="file2" dev="loop2" ino=89 res=0 errno=0
[  850.850515][ T6408] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  851.582549][ T5783] Bluetooth: hci1: command 0x0406 tx timeout
[  851.922696][ T8194] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  852.153690][ T8194] usb 4-1: Using ep0 maxpacket: 8
[  852.206011][ T8194] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  852.350318][ T8194] usb 4-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[  852.428963][ T8194] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  852.448959][ T8194] usb 4-1: Product: syz
[  852.457564][ T8194] usb 4-1: Manufacturer: syz
[  852.469267][ T8194] usb 4-1: SerialNumber: syz
[  852.560225][ T8194] usb 4-1: config 0 descriptor??
[  852.577492][T11465] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1264'.
[  852.604903][ T8194] cdc_phonet: probe of 4-1:0.0 failed with error -22
[  852.831274][ T5773] usb 4-1: USB disconnect, device number 11
[  853.113749][T11470] loop4: detected capacity change from 0 to 32768
[  853.123882][T11470] (syz.4.1266,11470,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  853.145376][T11470] (syz.4.1266,11470,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  853.187348][T11470] JBD2: Ignoring recovery information on journal
[  853.387968][T11470] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  854.227091][ T6408] ocfs2: Unmounting device (7,4) on (node local)
[  856.520439][T11573] fuse: Bad value for 'fd'
[  857.203484][T11603] loop4: detected capacity change from 0 to 256
[  857.236132][T11604] fuse: Unknown parameter '00000000000000000000'
[  857.243848][T11603] FAT-fs (loop4): Directory bread(block 64) failed
[  857.260753][T11603] FAT-fs (loop4): Directory bread(block 65) failed
[  857.278717][T11603] FAT-fs (loop4): Directory bread(block 66) failed
[  857.286500][T11603] FAT-fs (loop4): Directory bread(block 67) failed
[  857.295889][T11603] FAT-fs (loop4): Directory bread(block 68) failed
[  857.315740][T11603] FAT-fs (loop4): Directory bread(block 69) failed
[  857.323508][T11603] FAT-fs (loop4): Directory bread(block 70) failed
[  857.330172][T11603] FAT-fs (loop4): Directory bread(block 71) failed
[  857.343425][T11603] FAT-fs (loop4): Directory bread(block 72) failed
[  857.355839][T11603] FAT-fs (loop4): Directory bread(block 73) failed
[  857.939916][T11629] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1329'.
[  857.971546][T11629] bridge_slave_1: left allmulticast mode
[  857.982709][T11629] bridge_slave_1: left promiscuous mode
[  857.999082][T11629] bridge0: port 2(bridge_slave_1) entered disabled state
[  858.021917][T11629] bridge_slave_0: left allmulticast mode
[  858.032555][T11629] bridge_slave_0: left promiscuous mode
[  858.043720][T11629] bridge0: port 1(bridge_slave_0) entered disabled state
[  860.731692][T11716] trusted_key: encrypted_key: key user:syz not found
[  862.642564][   T27] audit: type=1326 audit(1772749723.872:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  862.724416][   T27] audit: type=1326 audit(1772749723.872:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  862.802514][   T27] audit: type=1326 audit(1772749723.872:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  862.880803][   T27] audit: type=1326 audit(1772749723.882:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  862.962346][   T27] audit: type=1326 audit(1772749723.882:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  863.023122][   T27] audit: type=1326 audit(1772749723.882:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  863.079905][T11766] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1380'.
[  863.097671][   T27] audit: type=1326 audit(1772749723.892:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  863.166976][   T27] audit: type=1326 audit(1772749723.892:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  863.222492][   T27] audit: type=1326 audit(1772749723.892:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  863.302517][   T27] audit: type=1326 audit(1772749723.892:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11757 comm="syz.2.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e2019c799 code=0x7ffc0000
[  863.419173][T11773] loop4: detected capacity change from 0 to 512
[  863.442042][T11773] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  863.554150][T11774] KVM: debugfs: duplicate directory 11774-4
[  864.521759][T11798] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1394'.
[  864.942913][T11809] overlayfs: missing 'lowerdir'
[  869.009236][T11906] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1442'.
[  870.397298][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  870.403753][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  870.876214][T11953] team0: entered promiscuous mode
[  870.902562][T11953] team_slave_0: entered promiscuous mode
[  870.908501][T11953] team_slave_1: entered promiscuous mode
[  870.971045][T11955] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1464'.
[  871.392851][T11966] capability: warning: `syz.3.1470' uses deprecated v2 capabilities in a way that may be insecure
[  871.584765][T11972] "syz.3.1472" (11972) uses obsolete ecb(arc4) skcipher
[  871.829445][T11980] syzkaller0: entered promiscuous mode
[  871.861586][T11980] syzkaller0: entered allmulticast mode
[  873.657842][T12050] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1504'.
[  874.604925][T12086] loop3: detected capacity change from 0 to 16
[  874.625199][T12086] erofs: (device loop3): mounted with root inode @ nid 36.
[  875.403488][T12119] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1538'.
[  877.057162][T12152] team0: left promiscuous mode
[  877.067160][T12152] team_slave_0: left promiscuous mode
[  877.086277][T12152] team_slave_1: left promiscuous mode
[  877.870960][T12152] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  877.911245][T12152] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  878.463394][T12152] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  878.483637][T12152] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  878.502370][T12152] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  878.511785][T12152] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  878.698014][T12152] bond1: left promiscuous mode
[  878.705169][T12152] vcan1: left promiscuous mode
[  878.770826][T12198] netlink: 160 bytes leftover after parsing attributes in process `syz.3.1571'.
[  879.993326][T12256] overlayfs: failed to resolve './file1/file0': -2
[  882.870705][T12345] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.878042][T12345] bridge0: port 1(bridge_slave_0) entered disabled state
[  883.365585][T12369] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  883.379717][T12369] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  883.391799][T12369] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  883.400440][T12369] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  883.413704][T12369] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  883.434875][T12369] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  883.746378][T12345] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  883.834890][T12345] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  884.419152][T12345] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  884.420224][   T27] kauditd_printk_skb: 13 callbacks suppressed
[  884.420236][   T27] audit: type=1326 audit(1772749745.662:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.4.1666" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9edb39c799 code=0x0
[  884.430750][T12345] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  884.472620][T12345] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  884.493436][T12345] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  884.627448][T12345] syzkaller0: left promiscuous mode
[  884.634231][T12345] syzkaller0: left allmulticast mode
[  884.793236][T12345] macvlan2: left promiscuous mode
[  884.798353][T12345] macvlan2: left allmulticast mode
[  885.117969][T12368] chnl_net:caif_netlink_parms(): no params data found
[  885.402115][T12368] bridge0: port 1(bridge_slave_0) entered blocking state
[  885.459091][T12368] bridge0: port 1(bridge_slave_0) entered disabled state
[  885.502567][T12368] bridge_slave_0: entered allmulticast mode
[  885.502809][ T5783] Bluetooth: hci0: command tx timeout
[  885.518248][T12368] bridge_slave_0: entered promiscuous mode
[  885.537471][T12368] bridge0: port 2(bridge_slave_1) entered blocking state
[  885.567536][T12368] bridge0: port 2(bridge_slave_1) entered disabled state
[  885.600666][T12368] bridge_slave_1: entered allmulticast mode
[  885.632759][T12368] bridge_slave_1: entered promiscuous mode
[  885.721595][T12368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  885.769992][T12368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  885.813852][T12368] team0: Port device team_slave_0 added
[  885.823575][T12368] team0: Port device team_slave_1 added
[  885.961892][T12368] batman_adv: batadv0: Adding interface: batadv_slave_0
[  885.979232][T12368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  886.045125][T12368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  886.075578][T12368] batman_adv: batadv0: Adding interface: batadv_slave_1
[  886.092698][T12368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  886.172593][T12368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  886.304783][T12368] hsr_slave_0: entered promiscuous mode
[  886.321767][T12368] hsr_slave_1: entered promiscuous mode
[  886.330668][T12368] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  886.342519][T12368] Cannot create hsr debugfs directory
[  886.963139][T12368] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  887.023561][T12368] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  887.064125][T12368] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  887.088906][T12368] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  887.351221][T12368] 8021q: adding VLAN 0 to HW filter on device bond0
[  887.408641][T12368] 8021q: adding VLAN 0 to HW filter on device team0
[  887.444608][ T3472] bridge0: port 1(bridge_slave_0) entered blocking state
[  887.451851][ T3472] bridge0: port 1(bridge_slave_0) entered forwarding state
[  887.501588][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  887.508854][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  887.572123][T12467] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  887.583081][ T5783] Bluetooth: hci0: command tx timeout
[  887.605802][T12467] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  887.639058][T12467] overlayfs: inode number too big (/, ino=4611686018427387905, xinobits=3)
[  888.021801][T12368] 8021q: adding VLAN 0 to HW filter on device batadv0
[  888.354826][ T5833] usb 5-1: new low-speed USB device number 17 using dummy_hcd
[  888.585550][ T5833] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  888.614902][ T5833] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  888.640434][ T5833] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  888.650929][T12368] veth0_vlan: entered promiscuous mode
[  888.691648][ T5833] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  888.711827][ T5833] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  888.723039][T12368] veth1_vlan: entered promiscuous mode
[  888.735372][ T5833] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  888.764121][ T5833] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  888.771702][ T5833] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  888.802537][ T5833] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  888.830503][T12368] veth0_macvtap: entered promiscuous mode
[  888.849642][T12368] veth1_macvtap: entered promiscuous mode
[  888.857843][ T5833] usb 5-1: string descriptor 0 read error: -22
[  888.868125][ T5833] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  888.880324][T12368] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  888.884182][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  888.907648][T12368] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  888.912082][ T5833] adutux 5-1:168.0: interrupt endpoints not found
[  888.930616][T12368] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  888.937869][T12503] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input7
[  888.949586][T12368] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  888.969446][T12368] batman_adv: batadv0: Interface activated: batadv_slave_0
[  888.989928][T12368] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  889.004706][T12368] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.014867][T12368] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  889.027128][T12368] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.042142][T12368] batman_adv: batadv0: Interface activated: batadv_slave_1
[  889.092206][T12368] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  889.107711][T12368] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  889.117000][T12368] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  889.126592][T12368] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  889.144699][ T5833] usb 5-1: USB disconnect, device number 17
[  889.271463][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  889.284263][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  889.310665][ T2933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  889.319721][ T2933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  889.675510][ T5783] Bluetooth: hci0: command tx timeout
[  890.228238][T12539] 9pnet_virtio: no channels available for device syz
[  891.551252][T12568] use of bytesused == 0 is deprecated and will be removed in the future,
[  891.585069][T12568] use the actual size instead.
[  891.754086][ T5783] Bluetooth: hci0: command tx timeout
[  892.870942][T12600] 8021q: adding VLAN 0 to HW filter on device bond0
[  892.889965][T12600] 8021q: adding VLAN 0 to HW filter on device team0
[  892.916160][T12600] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  893.334093][T12611] syz_tun: entered allmulticast mode
[  893.424198][T12611] pimreg: entered allmulticast mode
[  893.567310][T12610] syz_tun: left allmulticast mode
[  894.287812][T12647] syzkaller0: entered promiscuous mode
[  894.306318][T12647] syzkaller0: entered allmulticast mode
[  896.730502][T12730] overlayfs: failed to clone upperpath
[  896.888054][T12739] netlink: 'syz.7.1787': attribute type 3 has an invalid length.
[  897.259116][T12754] syzkaller0: entered promiscuous mode
[  897.265015][T12754] syzkaller0: entered allmulticast mode
[  897.305147][T12754] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1793'.
[  897.340671][T12754] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1793'.
[  897.700706][ T5783] Bluetooth: hci4: unexpected event for opcode 0x080c
[  898.032524][    T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  898.233278][    T9] usb 5-1: Using ep0 maxpacket: 8
[  898.245410][    T9] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  898.271576][    T9] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  898.282139][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  898.306248][    T9] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  898.316395][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.332055][    T9] usb 5-1: config 0 descriptor??
[  898.601424][T12795] bridge0: port 1(bridge_slave_0) entered disabled state
[  898.771008][    T9] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  898.802143][    T9] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  898.816260][    T9] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  898.823826][    T9] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  898.831727][    T9] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0
[  898.841264][    T9] mcp2221 0003:04D8:00DD.0008: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  898.993172][    T9] usb 5-1: USB disconnect, device number 18
[  899.100477][T12806] xt_hashlimit: size too large, truncated to 1048576
[  899.622659][T12815] binder: 12813:12815 ioctl 400c620e 2000000001c0 returned -22
[  900.301275][T12818] bridge0: port 2(bridge_slave_1) entered disabled state
[  900.820614][T12818] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  900.859996][T12818] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  901.271313][T12818] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  901.286885][T12818] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  901.296359][T12818] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  901.306301][T12818] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  901.699022][T12847] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  901.752793][T12847] tipc: Started in network mode
[  901.753228][T12849] fuse: Bad value for 'fd'
[  901.757903][T12847] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  901.757966][T12847] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  904.693693][T12934] overlayfs: failed to clone upperpath
[  904.852371][T12943] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1870'.
[  904.982727][ T5811] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  905.192652][ T5811] usb 5-1: Using ep0 maxpacket: 8
[  905.209922][ T5811] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  905.230686][ T5811] usb 5-1: config 0 has no interface number 0
[  905.237496][ T5811] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  905.254242][ T5811] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  905.273678][ T5811] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.295144][ T5811] usb 5-1: config 0 descriptor??
[  905.312367][ T5811] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  905.446834][ T5783] Bluetooth: hci0: unexpected event 0x07 length: 13 < 255
[  905.528970][ T5811] usb 5-1: USB disconnect, device number 19
[  905.542895][ T5783] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[  906.531387][T12998] sch_tbf: burst 1 is lower than device syzkaller0 mtu (1500) !
[  906.899719][ T5783] Bluetooth: hci0: Unknown advertising packet type: 0x30
[  906.899818][ T5783] Bluetooth: hci0: Malformed LE Event: 0x0d
[  907.188764][T13014] netlink: 'syz.2.1898': attribute type 3 has an invalid length.
[  907.212506][T13014] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1898'.
[  907.232531][T13014] ------------[ cut here ]------------
[  907.238043][T13014] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16)
[  907.273640][T13014] WARNING: CPU: 1 PID: 13014 at net/sched/cls_u32.c:855 u32_change+0x1c5a/0x24f0
[  907.282927][T13014] Modules linked in:
[  907.286852][T13014] CPU: 1 PID: 13014 Comm: syz.2.1898 Not tainted syzkaller #0
[  907.294805][T13014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  907.304967][T13014] RIP: 0010:u32_change+0x1c5a/0x24f0
[  907.310494][T13014] Code: f8 eb 59 e8 78 4f d9 f8 c6 05 51 c9 c7 05 01 b9 10 00 00 00 48 c7 c7 40 4f c7 8b 4c 89 f6 48 c7 c2 c0 4f c7 8b e8 96 09 a3 f8 <0f> 0b e9 86 f0 ff ff e8 4a 4f d9 f8 eb 24 e8 43 4f d9 f8 c6 05 f4
[  907.330250][T13014] RSP: 0018:ffffc90003406d40 EFLAGS: 00010246
[  907.336388][T13014] RAX: 7b2d25c1ee9f1d00 RBX: ffff8880269d1400 RCX: 0000000000080000
[  907.344556][T13014] RDX: ffffc9000d569000 RSI: 000000000000b9a1 RDI: 000000000000b9a2
[  907.353009][T13014] RBP: ffffc90003406ef8 R08: ffffc90003406947 R09: 1ffff92000680d28
[  907.361023][T13014] R10: dffffc0000000000 R11: fffff52000680d29 R12: ffff88802ec6ec00
[  907.369335][T13014] R13: ffff88802ec6ece8 R14: 0000000000000020 R15: ffff888030cabb80
[  907.377392][T13014] FS:  00007f6e1e3f66c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  907.386455][T13014] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  907.393117][T13014] CR2: 000000110c423a33 CR3: 0000000066e44000 CR4: 00000000003506e0
[  907.401122][T13014] Call Trace:
[  907.404506][T13014]  <TASK>
[  907.407460][T13014]  ? tc_new_tfilter+0x8c6/0x1640
[  907.412502][T13014]  ? u32_get+0x370/0x370
[  907.416797][T13014]  tc_new_tfilter+0xe4f/0x1640
[  907.421633][T13014]  ? tcf_proto_signal_destroying+0x240/0x240
[  907.427798][T13014]  ? rcu_read_unlock+0x8c/0xa0
[  907.432669][T13014]  ? tcf_proto_signal_destroying+0x240/0x240
[  907.438685][T13014]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  907.443867][T13014]  ? tcf_proto_signal_destroying+0x240/0x240
[  907.449883][T13014]  rtnetlink_rcv_msg+0x8b8/0xfa0
[  907.454941][T13014]  ? lockdep_hardirqs_on+0x98/0x150
[  907.460176][T13014]  ? rtnetlink_bind+0x80/0x80
[  907.464937][T13014]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  907.470946][T13014]  ? lock_chain_count+0x20/0x20
[  907.475913][T13014]  ? __local_bh_enable_ip+0x13a/0x1c0
[  907.481311][T13014]  ? lockdep_hardirqs_on+0x98/0x150
[  907.486623][T13014]  ? __local_bh_enable_ip+0x13a/0x1c0
[  907.492022][T13014]  ? _local_bh_enable+0xa0/0xa0
[  907.496956][T13014]  ? __dev_queue_xmit+0x265/0x3660
[  907.502096][T13014]  ? __dev_queue_xmit+0x265/0x3660
[  907.507545][T13014]  ? __dev_queue_xmit+0x1b2c/0x3660
[  907.512927][T13014]  ? __dev_queue_xmit+0x265/0x3660
[  907.518086][T13014]  ? ref_tracker_free+0x690/0x840
[  907.523200][T13014]  netlink_rcv_skb+0x241/0x4d0
[  907.528014][T13014]  ? rtnetlink_bind+0x80/0x80
[  907.532805][T13014]  ? netlink_ack+0x1180/0x1180
[  907.537623][T13014]  ? __lock_acquire+0x7d40/0x7d40
[  907.542730][T13014]  ? netlink_deliver_tap+0x2e/0x1b0
[  907.547972][T13014]  netlink_unicast+0x751/0x8d0
[  907.552823][T13014]  netlink_sendmsg+0x8d0/0xbf0
[  907.557630][T13014]  ? netlink_getsockopt+0x590/0x590
[  907.562909][T13014]  ? aa_sock_msg_perm+0x94/0x150
[  907.567890][T13014]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  907.573286][T13014]  ? security_socket_sendmsg+0x80/0xa0
[  907.578772][T13014]  ? netlink_getsockopt+0x590/0x590
[  907.584075][T13014]  ____sys_sendmsg+0x5ba/0x960
[  907.588877][T13014]  ? __asan_memset+0x22/0x40
[  907.593566][T13014]  ? __sys_sendmsg_sock+0x30/0x30
[  907.598624][T13014]  ? __import_iovec+0x5f2/0x850
[  907.603615][T13014]  ? import_iovec+0x73/0xa0
[  907.608154][T13014]  ___sys_sendmsg+0x2a6/0x360
[  907.612939][T13014]  ? __sys_sendmsg+0x2a0/0x2a0
[  907.617789][T13014]  __sys_sendmmsg+0x2ca/0x510
[  907.622995][T13014]  ? __ia32_sys_sendmsg+0x90/0x90
[  907.628056][T13014]  ? __ia32_sys_get_robust_list+0x110/0x110
[  907.634052][T13014]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  907.640066][T13014]  ? lock_chain_count+0x20/0x20
[  907.645111][T13014]  __x64_sys_sendmmsg+0xa0/0xb0
[  907.650001][T13014]  do_syscall_64+0x55/0xa0
[  907.654531][T13014]  ? clear_bhb_loop+0x40/0x90
[  907.659240][T13014]  ? clear_bhb_loop+0x40/0x90
[  907.664015][T13014]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  907.669935][T13014] RIP: 0033:0x7f6e2019c799
[  907.674420][T13014] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  907.694139][T13014] RSP: 002b:00007f6e1e3f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  907.702626][T13014] RAX: ffffffffffffffda RBX: 00007f6e20415fa0 RCX: 00007f6e2019c799
[  907.710627][T13014] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006
[  907.718747][T13014] RBP: 00007f6e20232bd9 R08: 0000000000000000 R09: 0000000000000000
[  907.726811][T13014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  907.734876][T13014] R13: 00007f6e20416038 R14: 00007f6e20415fa0 R15: 00007ffc7adf32b8
[  907.742946][T13014]  </TASK>
[  907.745980][T13014] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  907.753264][T13014] CPU: 1 PID: 13014 Comm: syz.2.1898 Not tainted syzkaller #0
[  907.760716][T13014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  907.770800][T13014] Call Trace:
[  907.774073][T13014]  <TASK>
[  907.776996][T13014]  dump_stack_lvl+0x18c/0x250
[  907.781673][T13014]  ? show_regs_print_info+0x20/0x20
[  907.786866][T13014]  ? load_image+0x400/0x400
[  907.791368][T13014]  panic+0x2dc/0x730
[  907.795258][T13014]  ? bpf_jit_dump+0xd0/0xd0
[  907.799764][T13014]  __warn+0x2e0/0x470
[  907.803738][T13014]  ? u32_change+0x1c5a/0x24f0
[  907.808414][T13014]  ? u32_change+0x1c5a/0x24f0
[  907.813083][T13014]  report_bug+0x2be/0x4f0
[  907.817405][T13014]  ? u32_change+0x1c5a/0x24f0
[  907.822073][T13014]  ? u32_change+0x1c5a/0x24f0
[  907.826741][T13014]  ? u32_change+0x1c5c/0x24f0
[  907.831407][T13014]  handle_bug+0xcf/0x120
[  907.835644][T13014]  exc_invalid_op+0x1a/0x50
[  907.840140][T13014]  asm_exc_invalid_op+0x1a/0x20
[  907.844979][T13014] RIP: 0010:u32_change+0x1c5a/0x24f0
[  907.850256][T13014] Code: f8 eb 59 e8 78 4f d9 f8 c6 05 51 c9 c7 05 01 b9 10 00 00 00 48 c7 c7 40 4f c7 8b 4c 89 f6 48 c7 c2 c0 4f c7 8b e8 96 09 a3 f8 <0f> 0b e9 86 f0 ff ff e8 4a 4f d9 f8 eb 24 e8 43 4f d9 f8 c6 05 f4
[  907.869862][T13014] RSP: 0018:ffffc90003406d40 EFLAGS: 00010246
[  907.875926][T13014] RAX: 7b2d25c1ee9f1d00 RBX: ffff8880269d1400 RCX: 0000000000080000
[  907.883889][T13014] RDX: ffffc9000d569000 RSI: 000000000000b9a1 RDI: 000000000000b9a2
[  907.891847][T13014] RBP: ffffc90003406ef8 R08: ffffc90003406947 R09: 1ffff92000680d28
[  907.899806][T13014] R10: dffffc0000000000 R11: fffff52000680d29 R12: ffff88802ec6ec00
[  907.907789][T13014] R13: ffff88802ec6ece8 R14: 0000000000000020 R15: ffff888030cabb80
[  907.915764][T13014]  ? tc_new_tfilter+0x8c6/0x1640
[  907.920707][T13014]  ? u32_get+0x370/0x370
[  907.924979][T13014]  tc_new_tfilter+0xe4f/0x1640
[  907.929753][T13014]  ? tcf_proto_signal_destroying+0x240/0x240
[  907.935739][T13014]  ? rcu_read_unlock+0x8c/0xa0
[  907.940498][T13014]  ? tcf_proto_signal_destroying+0x240/0x240
[  907.946471][T13014]  ? rtnetlink_rcv_msg+0x221/0xfa0
[  907.951570][T13014]  ? tcf_proto_signal_destroying+0x240/0x240
[  907.957542][T13014]  rtnetlink_rcv_msg+0x8b8/0xfa0
[  907.962478][T13014]  ? lockdep_hardirqs_on+0x98/0x150
[  907.967670][T13014]  ? rtnetlink_bind+0x80/0x80
[  907.972347][T13014]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  907.978323][T13014]  ? lock_chain_count+0x20/0x20
[  907.983164][T13014]  ? __local_bh_enable_ip+0x13a/0x1c0
[  907.988530][T13014]  ? lockdep_hardirqs_on+0x98/0x150
[  907.993719][T13014]  ? __local_bh_enable_ip+0x13a/0x1c0
[  907.999077][T13014]  ? _local_bh_enable+0xa0/0xa0
[  908.003921][T13014]  ? __dev_queue_xmit+0x265/0x3660
[  908.009026][T13014]  ? __dev_queue_xmit+0x265/0x3660
[  908.014133][T13014]  ? __dev_queue_xmit+0x1b2c/0x3660
[  908.019336][T13014]  ? __dev_queue_xmit+0x265/0x3660
[  908.024446][T13014]  ? ref_tracker_free+0x690/0x840
[  908.029467][T13014]  netlink_rcv_skb+0x241/0x4d0
[  908.034227][T13014]  ? rtnetlink_bind+0x80/0x80
[  908.038894][T13014]  ? netlink_ack+0x1180/0x1180
[  908.043659][T13014]  ? __lock_acquire+0x7d40/0x7d40
[  908.048680][T13014]  ? netlink_deliver_tap+0x2e/0x1b0
[  908.053873][T13014]  netlink_unicast+0x751/0x8d0
[  908.058641][T13014]  netlink_sendmsg+0x8d0/0xbf0
[  908.063427][T13014]  ? netlink_getsockopt+0x590/0x590
[  908.068625][T13014]  ? aa_sock_msg_perm+0x94/0x150
[  908.073557][T13014]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  908.078835][T13014]  ? security_socket_sendmsg+0x80/0xa0
[  908.084283][T13014]  ? netlink_getsockopt+0x590/0x590
[  908.089474][T13014]  ____sys_sendmsg+0x5ba/0x960
[  908.094233][T13014]  ? __asan_memset+0x22/0x40
[  908.098813][T13014]  ? __sys_sendmsg_sock+0x30/0x30
[  908.103828][T13014]  ? __import_iovec+0x5f2/0x850
[  908.108685][T13014]  ? import_iovec+0x73/0xa0
[  908.113188][T13014]  ___sys_sendmsg+0x2a6/0x360
[  908.117859][T13014]  ? __sys_sendmsg+0x2a0/0x2a0
[  908.122643][T13014]  __sys_sendmmsg+0x2ca/0x510
[  908.127311][T13014]  ? __ia32_sys_sendmsg+0x90/0x90
[  908.132330][T13014]  ? __ia32_sys_get_robust_list+0x110/0x110
[  908.138308][T13014]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  908.144286][T13014]  ? lock_chain_count+0x20/0x20
[  908.149130][T13014]  __x64_sys_sendmmsg+0xa0/0xb0
[  908.153974][T13014]  do_syscall_64+0x55/0xa0
[  908.158384][T13014]  ? clear_bhb_loop+0x40/0x90
[  908.163050][T13014]  ? clear_bhb_loop+0x40/0x90
[  908.167720][T13014]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  908.173607][T13014] RIP: 0033:0x7f6e2019c799
[  908.178013][T13014] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  908.197611][T13014] RSP: 002b:00007f6e1e3f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  908.206015][T13014] RAX: ffffffffffffffda RBX: 00007f6e20415fa0 RCX: 00007f6e2019c799
[  908.213974][T13014] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000006
[  908.221932][T13014] RBP: 00007f6e20232bd9 R08: 0000000000000000 R09: 0000000000000000
[  908.229892][T13014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  908.237866][T13014] R13: 00007f6e20416038 R14: 00007f6e20415fa0 R15: 00007ffc7adf32b8
[  908.245847][T13014]  </TASK>
[  908.249184][T13014] Kernel Offset: disabled
[  908.253496][T13014] Rebooting in 86400 seconds..