last executing test programs:

20m52.582612404s ago: executing program 2 (id=4138):
timer_create(0x2, 0x0, &(0x7f0000000280))
r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0x2}, 0x6)
getsockname(r1, 0x0, &(0x7f0000000180))
ioctl$CEC_S_MODE(r0, 0x40046109, &(0x7f00000002c0)=0xf2)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000580)={&(0x7f0000000540)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r5=>0x0], &(0x7f0000000200), 0x3, r4})
accept$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000200)=0x1c)
ioctl$BTRFS_IOC_QUOTA_CTL(r1, 0xc0109428, &(0x7f0000000180)={0x1, 0xbf})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000840)={0x0, 0x1, &(0x7f00000005c0)=[r3], &(0x7f0000000180), &(0x7f0000000280)=[r5], &(0x7f0000000040)})
syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7})
prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000ffc000/0x3000)=nil)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x0, 0xc}, @l2cap_cid_le_signaling={{0xffffffffffffffa9}, @l2cap_disconn_req={{0x6, 0xd, 0x4}, {0x5, 0x1}}}}, 0x11)

20m52.532546864s ago: executing program 2 (id=4139):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x614200, 0x0)
r0 = syz_open_dev$I2C(0x0, 0x0, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0x40186f40, &(0x7f0000000080)={0x0, 0x0, 0x1, 0x9, 'syz1\x00'})
ioctl$I2C_SMBUS(r0, 0x720, 0x0) (async)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000001, 0x810, 0xffffffffffffffff, 0x99f07000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) (async)
sync_file_range(r0, 0x6, 0x8, 0x2) (async)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) (async, rerun: 32)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 32)
bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) (async, rerun: 64)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) (rerun: 64)
sendto$inet6(r2, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) (async)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='highspeed\x00', 0xa) (async, rerun: 32)
shutdown(r2, 0x1) (async, rerun: 32)
r3 = socket$igmp(0x2, 0x3, 0x2)
r4 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001040)=""/4095, 0xffffff41}, {&(0x7f0000002180)=""/4132, 0x1024}, {&(0x7f0000000640)=""/287, 0x171}, {&(0x7f0000000340)=""/198, 0x48}, {&(0x7f0000000540)=""/228, 0xe4}], 0x5}, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000100)={0x4, <r7=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee2, 0x0) (async)
sendmsg$inet(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000fc0)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000000) (async)
recvmsg$kcm(r4, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x40000002) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00'}) (async, rerun: 64)
r8 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[], 0x0) (rerun: 64)
syz_usb_control_io$hid(r8, 0x0, 0x0) (async, rerun: 64)
syz_usb_control_io$cdc_ecm(r8, 0x0, 0x0) (async, rerun: 64)
syz_usb_control_io$uac1(r8, 0x0, 0x0)

20m52.030591012s ago: executing program 2 (id=4141):
r0 = socket(0x2b, 0x80801, 0x1)
setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000140)=0x2, 0x4)
getsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, &(0x7f0000000280))
r1 = syz_clone(0x1b4a100, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r2, &(0x7f0000000000)={0x24, @long}, 0x8)
r3 = syz_pidfd_open(r1, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000001600)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec010203010902"], 0x0)
pidfd_getfd(r3, 0xffffffffffffffff, 0x0)

20m51.254481749s ago: executing program 2 (id=4153):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x12b)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@private2, 0x800, 0x0, 0x2, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@remote, 0x800, 0x0, 0x2, 0x0, 0x6109, 0xc2}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), r3)
sendmsg$IEEE802154_ADD_IFACE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="eb7a29a6087000fcdbdf350500000009001f007068793100000000"], 0x20}, 0x1, 0x0, 0x0, 0x40411}, 0x40882)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x40800, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r6, 0x800c5012, &(0x7f0000000040))
r7 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$inet6_mtu(r7, 0x29, 0x17, 0x0, &(0x7f00000000c0))
r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f00000000c0)={0x4d, 0x1, 0x0, "6040a7190200002000000000000000ff1057e31e94000000000000000006ff00", 0x34325258})
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x8100)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0))
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x6)

20m50.756915975s ago: executing program 2 (id=4161):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000080)={0x4}, 0x8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$video(&(0x7f00000010c0), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000200)={0x2, 0x0, 0x3, {0x0, 0x900, 0x7fe, 0x5}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000780)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
socket$vsock_stream(0x28, 0x1, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
connect$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2711, @host}, 0x10)
ioctl$KVM_SET_SREGS(r8, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x100000, 0xd, 0x1, 0x0, 0x0, 0x0, 0x20}, {0x0, 0x2000, 0x3, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x9, 0x8}, {0x3000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x4, 0x3}, {0xdddd0000, 0xffff1000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x1, 0xffff1000, 0xf, 0x2, 0xfe, 0x10, 0x6, 0x0, 0x1, 0x8, 0x4}, {0x0, 0x8000000, 0x0, 0x0, 0x0, 0xfd, 0xfb, 0x0, 0x2, 0x6}, {0x2, 0x100000, 0xa, 0x0, 0x7, 0xf9, 0x0, 0xfe, 0x3a, 0x2, 0xff}, {0x3000, 0x3000, 0x0, 0x2, 0x0, 0x54, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x5}, {0x3000, 0x400}, {}, 0xddf8ffdb, 0x0, 0x1, 0x100, 0x8, 0x8000, 0x2000, [0xdd41, 0x0, 0x2, 0xd]})
ioctl$KVM_TRANSLATE(r8, 0xc018ae85, &(0x7f00000002c0)={0x1000, 0x4, 0x2, 0x5, 0x50})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'wlan1\x00', &(0x7f0000000f40)=@ethtool_stats})
r9 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x16, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x6, 0x80, 0x1, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x1, 0x0, 0x8, {0x9, 0x21, 0x4ed6, 0xe, 0x1, {0x22, 0xdeb}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4c, 0x3, 0x40}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0xf, 0xff, 0x7f}}]}}}]}}]}}, &(0x7f00000009c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x310, 0x9, 0x0, 0x3, 0xff, 0x6}, 0x52, &(0x7f0000000380)={0x5, 0xf, 0x52, 0x6, [@ssp_cap={0x10, 0x10, 0xa, 0x4, 0x1, 0x2, 0x0, 0x3, [0x3fcf]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xc, 0x5, 0x5, 0x5}, @wireless={0xb, 0x10, 0x1, 0xc, 0x8, 0x7, 0x8, 0x81, 0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "d67d8c3ddd11c7c5936f779cebe036cf"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xa, 0x9, 0xe3}, @ss_cap={0xa, 0x10, 0x3, 0x6abf76a030b4d293, 0xc, 0x49, 0x5, 0x1}]}, 0xa, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x412}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xf491}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x429}}, {0xd1, &(0x7f0000000540)=@string={0xd1, 0x3, "81ee79a34b7e73327d624c836abbf3762852575a362ee96b5b43249a28f50be931f747c2096279ecdbe6e3611f5e38b3b9a811bf9b87dfd19c26fb19d335a00b306bd34e0b5c2d82c231ee61343fc9a3a57b802d06b1ab5d779470476802b84df12472b6fc24c5bc31a8f308c4000fe2cf869161baa83e912e9b54e23ededce232a4337484eefd763a5f093ba0e83f9161b793a696cbebbba12b2e2d13a1b9f551af7cf12f44b6d63728589e1a5c8086d9ad4d6baf128aad530b956243b1a538e0779408c746caf2ad8afb48608530"}}, {0xa2, &(0x7f0000000640)=@string={0xa2, 0x3, "a56c816d6e3ae208ac57305caeb1d35e97bddba8a2a9d24cc8a2827462895cbf264f301fa78332a323a067cdae319cb6f087887bcf7e29309627242559bfe2a669722df924254409809d98c75a44a8f8e2b95bf4816576553f94da2bc68c518488f53d46b35c01af9bfc16517daad661afff8ed2334c6749ebda11a4534a26034a583da02668a9c32a395206a99cf95d1bd9142d208b5efe01aa1cd029b4f376"}}, {0x65, &(0x7f0000000700)=@string={0x65, 0x3, "49bcb36b28e75301ef5046b6b2ebbe96e26fd29eab8752ba8301c05a8ef344d39f6dc2a43b014eb7671a670796d7c4de6463be61a2237d8569f9a1ad3d833fce05a7ef2ce3ec91acf4fd85ed0781a0581b227cc70a3fb1b7dde2bd03a3b83133b45b83"}}, {0xd7, &(0x7f00000007c0)=@string={0xd7, 0x3, "96f7240cf688425762a33d4c94ec9f02232624451c25aee28d930d20fdf9a3a0655c0f6d13400168f2e75c1963b3d28ea4617b949bda311bddea531e62a4fb01f5d9a038f0b3183fc8b3885cd1019555b4b24517688012f416ca06b2f265672c96d4ede395831a58d71b15cc23724e9bc90edc26ee541f472efd5885c22b6463b62542c3c94fc9cb6f1d88b52c2de52cc82ffbf454934ac3808964b0f926f6b6050120fcb680c4e54b7d309f148b872006ba976205523aca9032086beb71e0285deaefd40e66ea21c795d05b24d87bcaf15de39b94"}}, {0x4, &(0x7f00000008c0)=@lang_id={0x4, 0x3, 0x2c47}}, {0x71, &(0x7f0000000900)=@string={0x71, 0x3, "f0e4fb747b7a8fe7a8b0c03186b6765e06e91c93e98215328891b6a86d1464bea770c5cff7aeb7b28d532d1303cf6b7aa88d58f875d6a1364c6a65b8c4bc65bf185624263f0a5cd8c3538b1645f2f17ba76477c785d8109d6321fc0e8a744f67c3292b606e60b0de5c3585ad039590"}}, {0x4, &(0x7f0000000980)=@lang_id={0x4}}]})
syz_usb_control_io(r9, &(0x7f0000000c00)={0x2c, &(0x7f0000000a80)={0x40, 0x5, 0x6c, {0x6c, 0x22, "2031ac09e5b339005a4db8efc3d91c4afaaa931776dd9b16ac26891ce9508abc7608e82d3c7cc2ef95629136c9c6ac860cd7f4d60dee3f44e5ffbaf08d01227d9252a585abbd0a99a87ee03a11a1d99db191f91105e00cfedc9a5256c583857ba710f21f67a38a482f3e"}}, &(0x7f0000000b00)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41a}}, &(0x7f0000000b40)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000b80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x80, 0x4, 0x80, "19c4df44", "c23142d2"}}, &(0x7f0000000bc0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x33, 0x3, 0x0, 0x4, 0x4, 0x4, 0x1}}}, &(0x7f0000001100)={0x84, &(0x7f0000000c40)={0x20, 0x3f, 0x66, "5a63aba638c1bafcbb581c55a942dbb3569554b0690e7cd8ed01bf22847a563820b49729eb502a7da72a551828aaa2c95e08e94ea4e09a4d1f354d389e8d44ec0b4ea6205c74b16cc2527e7dc58f466e4991ba866acb892d17eb45635caff89b457b447577f1"}, &(0x7f0000000cc0)={0x0, 0xa, 0x1, 0xfb}, &(0x7f0000000d00)={0x0, 0x8, 0x1, 0x3e}, &(0x7f0000000d40)={0x20, 0x0, 0x4, {0x0, 0x2}}, &(0x7f0000000d80)={0x20, 0x0, 0x8, {0x40, 0x20, [0x0]}}, &(0x7f0000000dc0)={0x40, 0x7, 0x2, 0xfff}, &(0x7f0000000e00)={0x40, 0x9, 0x1, 0xff}, &(0x7f0000000e40)={0x40, 0xb, 0x2, "7081"}, &(0x7f0000000e80)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000000ec0)={0x40, 0x13, 0x6}, &(0x7f0000000f00)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000f80)={0x40, 0x19, 0x2, "91a9"}, &(0x7f0000000fc0)={0x40, 0x1a, 0x2, 0x9}, &(0x7f0000001000)={0x40, 0x1c, 0x1, 0xa5}, &(0x7f0000001040)={0x40, 0x1e, 0x1, 0x7b}, &(0x7f0000001080)={0x40, 0x21, 0x1, 0x6}})
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="1400000010000100000000005e000000000000000a2c000000060a09040000000000000000020000000900010073797a30000000000900020073797a320000000020000000080a01010000000000000000020000000900010073797a300000000014000000000a010300000000000000000a000000140000001100010000000000000000000000000a"], 0x88}, 0x1, 0x0, 0x0, 0x40}, 0x4000010)

20m50.117511494s ago: executing program 2 (id=4164):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x10b280, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000000, 0x4})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0, 0x174}], 0x1, 0x22, 0x0, 0x0)

20m49.773973343s ago: executing program 32 (id=4164):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x10b280, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000000, 0x4})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0, 0x174}], 0x1, 0x22, 0x0, 0x0)

16m11.62480319s ago: executing program 3 (id=5890):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000080)=@get={0x1, 0x0, 0x7})

16m11.525311737s ago: executing program 3 (id=5892):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xca000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde9809c8814618e976832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada133b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631def9f126c25ba4f37caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d3130180613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd60200c1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})

16m10.767822893s ago: executing program 3 (id=5893):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000459000/0x7000)=nil)

16m10.206734966s ago: executing program 3 (id=5899):
syz_io_uring_setup(0xa86, &(0x7f0000000200)={0x0, 0x4661, 0x80, 0x5, 0x345}, &(0x7f0000000b40), &(0x7f0000000b80))
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)

16m10.195028536s ago: executing program 3 (id=5900):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
getrlimit(0xe, &(0x7f00000000c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r3)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x1)
ioctl$TCXONC(0xffffffffffffffff, 0x4b3a, 0x2)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
unshare(0x26020480)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x10c, 0x0, &(0x7f00000003c0), &(0x7f0000000140))

16m9.136139889s ago: executing program 3 (id=5901):
ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, 0x0)
keyctl$read(0x2, 0x0, 0x0, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
setresgid(0xee00, 0xee01, 0x0)
setuid(0xee00)
sendfile(r1, r0, 0x0, 0x23b)

16m8.787588071s ago: executing program 33 (id=5901):
ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, 0x0)
keyctl$read(0x2, 0x0, 0x0, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
setresgid(0xee00, 0xee01, 0x0)
setuid(0xee00)
sendfile(r1, r0, 0x0, 0x23b)

8m31.162342209s ago: executing program 0 (id=9049):
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x80003, 0xff)
close(0x3)
socket$inet6(0xa, 0x80003, 0xff)
close(0x3)
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x808000, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000093c0)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x66017, 0x3, 0x0, 0x0, 0x9835}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f00000021c0)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e110096704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6cc90e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec98df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f56c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c9173f2b1946be5396aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55da499c03ba66369a31157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111fe6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab42fa6104d5a99aa36b73ac3622ccae122524c28a6557cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd41322a8b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d33737115b44360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a7d9cc93067b6f2512fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc40821258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a166470a00", 0x2000, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x150, 0x0, 0x0, [{{0x3, 0x2, 0x37a, 0x6, 0x9b, 0xc4b0, {0x0, 0x4, 0x8fb, 0x2000000ec3, 0x7, 0x8, 0x7f, 0xfffff5e3, 0x1, 0xa000, 0x5, r2, r3, 0xfffff077, 0xa}}, {0x4, 0x4, 0x8, 0x800, 'rootmode'}}, {{0x100003, 0x2, 0x900000000000000, 0x1ff, 0x4, 0x2, {0x6, 0x10, 0xc6, 0xffffffffffffffff, 0x2, 0xffffffffffffff81, 0x80, 0x5, 0x4000402, 0xc000, 0xff, r2, 0x0, 0x4, 0x4a}}, {0x6, 0x10000, 0x8, 0x2, 'rootmode'}}]}, 0x0, 0x0, 0x0})
quotactl$Q_SETINFO(0xffffffff80000601, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, r2, &(0x7f0000000080)={0xa, 0x18, 0x1})

8m31.006541938s ago: executing program 0 (id=9051):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/sysvipc/sem\x00', 0x0, 0x0)
read$hiddev(r0, &(0x7f0000001100)=""/234, 0xea) (fail_nth: 1)

8m30.510711591s ago: executing program 0 (id=9053):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
read$ptp(r2, &(0x7f00000000c0)=""/8, 0x8)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89fc, &(0x7f0000000a40)={'ip6_vti0\x00', 0x0})
unshare(0x22020600)
r3 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00')
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000800, 0x0, &(0x7f0000000180)={0x0, 0x5b81, 0xfffffffffffffffc, 0x0, 0x6, 0x400000000000009, 0x2, 0x0, 0xe1})
setns(r3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

8m30.33056246s ago: executing program 0 (id=9056):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, &(0x7f0000002500))
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setlease(r1, 0x400, 0x300)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x80000, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$sock_int(r2, 0x1, 0x23, &(0x7f0000000040)=0xffffffff, 0x4)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x20000005)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x48)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00')
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r3, &(0x7f00000008c0)=""/54, 0x36)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000080)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f00000000c0)={@hyper})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r5, 0x7ab, &(0x7f0000000180)={&(0x7f0000000780)={{@host, 0xffffffff}, {@hyper}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f303000000a640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411da80e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e6579c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418, 0x1})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r6)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_MPATH(r7, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYRES32=r1, @ANYRES32=r9, @ANYBLOB="77f9b6d5cf169a96ade489fd55ef7db03c53d900553b3bef4ec6c29f"], 0x1c}, 0x1, 0x0, 0x0, 0x20002000}, 0x20000000)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000240)={@mcast1, @private2, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffff2, 0x5, 0x8000, 0x400, 0x6, 0x5a30012})
sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="180000005600010000000000000080000700"], 0x18}], 0x1, 0x0, 0x0, 0x4000001}, 0x0)

8m30.06107199s ago: executing program 0 (id=9060):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x4000, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) (fail_nth: 15)

8m29.678504486s ago: executing program 0 (id=9061):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) (async)
sendmsg$nl_generic(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000c40)=ANY=[@ANYRES16=r1], 0x1c}}, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
ioprio_set$pid(0x6, 0x0, 0x6000) (async)
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000161401"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000800) (async)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5}) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

8m29.371655957s ago: executing program 34 (id=9061):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) (async)
sendmsg$nl_generic(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000c40)=ANY=[@ANYRES16=r1], 0x1c}}, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
ioprio_set$pid(0x6, 0x0, 0x6000) (async)
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000161401"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000800) (async)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5}) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

6m17.612472636s ago: executing program 5 (id=10193):
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000400)='cramfs\x00', 0xc400, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x4, 0x6ba7)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000400)='cramfs\x00', 0xc400, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x4, 0x6ba7) (async)

6m17.454440395s ago: executing program 5 (id=10195):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4)
ioctl$HIDIOCGUSAGE(r0, 0xc018480b, &(0x7f0000000040)={0x1, 0x2, 0x7ad32357, 0x6, 0xe79e, 0xeb9e})
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x204, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000000000000000000000000000beda", "90be8b1c551265406c7f306003d8a0f4bd00"}})

6m17.205414112s ago: executing program 5 (id=10198):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0}, 0xfd}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000000d80)=""/255, 0xff}, {&(0x7f0000001e80)=""/4064, 0xfe0}, {&(0x7f0000000440)=""/117, 0x75}, {&(0x7f0000000080)=""/237, 0xed}], 0x5}, 0x80000003}], 0x3, 0x10100, 0x0)

6m17.122250765s ago: executing program 5 (id=10201):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x105097, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x14)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x80000, 0x0)
r1 = socket(0x9, 0xa, 0xd)
getsockname$packet(r1, 0x0, &(0x7f0000001480))
ioctl$sock_netrom_SIOCDELRT(r0, 0x890c, &(0x7f0000000140)={0x0, @default, @bpq0, 0x89, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2, 0x8, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]})

6m16.954732487s ago: executing program 5 (id=10202):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default]})

6m16.541148161s ago: executing program 5 (id=10204):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
read$ptp(0xffffffffffffffff, &(0x7f00000000c0)=""/8, 0x8)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89fc, &(0x7f0000000a40)={'ip6_vti0\x00', 0x0})
unshare(0x22020600)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00')
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
setns(r1, 0x40000)

6m16.190536066s ago: executing program 35 (id=10204):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
read$ptp(0xffffffffffffffff, &(0x7f00000000c0)=""/8, 0x8)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89fc, &(0x7f0000000a40)={'ip6_vti0\x00', 0x0})
unshare(0x22020600)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00')
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
setns(r1, 0x40000)

5m28.1266376s ago: executing program 1 (id=10455):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x8, @empty, 0x3}, 0x1c)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0xd, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socket$inet(0x2, 0x80000, 0x10)
lgetxattr(0x0, 0x0, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000010100000000000000aaff020000000000000000000000000001"], 0xffe)

5m27.382740365s ago: executing program 1 (id=10461):
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000100)={0x14, &(0x7f0000000580)={0x20, 0xe, 0x22, {0x22, 0x1, "7a105586a652a5e49dc372e36e874326b1fd1e5a4ddbdc993c056e2a3cb085ba"}}, &(0x7f00000000c0)={0x0, 0x3, 0x18, @string={0x18, 0x3, "8eb56f7a494beddba106d0a11ec10a1ab7bd23299b58"}}}, &(0x7f0000000380)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="201641000000edcbe683dd9c49265bb165eea339981fcbc1ccc05a72016d30d8892f6ea47f488853a770c590df4c49bfddd4d604713fa51c9363dafe55de73680576c39f8062b8"], &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000240)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000280)=ANY=[@ANYBLOB="20004200000000ae32d4c06e9579c17fc6000000004def231e88fc3ba95b9085210a9a0000001c30388ca787415cd235349b29063146eba3c72c67596118d210617b8a55c6fc23a7"], &(0x7f0000000300)={0x20, 0x1, 0x1, 0xf}, &(0x7f0000000340)={0x20, 0x0, 0x1, 0x7}})
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @private=0xa050102}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0)
poll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x4c81}], 0x1, 0xfff)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000000)={0x8000, 0xfff7, 0x202, 0x1, 0x5, 0xc, 0x5, 0x2}, 0x20)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r3, 0x0, 0x2e, &(0x7f0000000340)={0x8, {{0x2, 0x0, @rand_addr=0x64010101}}, {{0x2, 0x0, @multicast2}}}, 0x108)
getsockopt$inet_buf(r3, 0x0, 0x30, &(0x7f0000000340)=""/222, &(0x7f0000000180)=0xde)
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x400900, 0x19c)
r5 = fanotify_init(0xf00, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000540), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}})
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000000640)={'veth1_vlan\x00', 0x7fff})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r8 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000080)={0x6, 0x4, 0x4, 0x0, 0x1})
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r8, 0xc4c85513, &(0x7f0000000040)={0xb})
sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_RANGE_OP={0x8}, @NFTA_RANGE_FROM_DATA={0x4}, @NFTA_RANGE_SREG={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
sendmsg$L2TP_CMD_TUNNEL_GET(r4, &(0x7f0000000680)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x14, 0x0, 0x10, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x2000209c)
r9 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r9, 0x114, 0x7, &(0x7f00000006c0)={@l2={0x1f, 0xd, @any, 0xfff6, 0x1}, {&(0x7f0000000440)=""/18, 0x12}, &(0x7f0000000480), 0x10}, 0xa0)
close(r7)
r10 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
connect$llc(r10, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="48bd00"}, 0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

5m26.51542462s ago: executing program 1 (id=10466):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x2f00}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

5m26.33056458s ago: executing program 1 (id=10468):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000400)={0x10f0f001, 0x1})
ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7ffffffbffffffff, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r3, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x3008})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
socket$kcm(0x10, 0x2, 0x4)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000000), 0x0, 0x0})
syz_usb_control_io$printer(r4, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f00000009c0)={0x44, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
ioctl$SNDCTL_DSP_GETFMTS(r0, 0x8004500b, &(0x7f00000001c0)=0x93c)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
ioctl$KVM_DIRTY_TLB(r5, 0x4010aeaa, &(0x7f00000000c0)={0x7, 0x4})
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
write$dsp(r0, &(0x7f00000012c0)="a5", 0x1)

5m22.62343579s ago: executing program 1 (id=10490):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
read$ptp(r2, &(0x7f00000000c0)=""/8, 0x8)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89fc, &(0x7f0000000a40)={'ip6_vti0\x00', 0x0})
unshare(0x22020600)
r3 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00')
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
setns(r3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x30000)

5m22.329838711s ago: executing program 1 (id=10491):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000a00)={'wlan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="02030c65420002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) (fail_nth: 6)

5m21.942708319s ago: executing program 36 (id=10491):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000a00)={'wlan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="02030c65420002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) (fail_nth: 6)

2m25.662541701s ago: executing program 8 (id=11731):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4)
ioctl$HIDIOCGUSAGE(r0, 0xc018480b, &(0x7f0000000040)={0x1, 0x2, 0x7ad32357, 0x6, 0xe79e, 0xeb9e})
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x204, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac0000000000000000000000000000000055aa", "90be8b1c551265406c7f306003d8a0f4bd00"}})

2m25.536208488s ago: executing program 8 (id=11732):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x88ffffff, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)

2m25.488622903s ago: executing program 8 (id=11733):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRES16])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000000)=@ccm_128={{0x304}, "e476d0501796a924", "50ac495230f834b7f7768b40b65222de", '\beKx', "009dd280960531d3"}, 0x28)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x2}}], 0x18}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x22052, r0, 0x2000)

2m24.514697502s ago: executing program 8 (id=11737):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_TIOCOUTQ(r2, 0x890c, 0x0)
close(r1)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
accept(r1, 0x0, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x7, 0x0, &(0x7f0000000dc0))

2m24.514056834s ago: executing program 8 (id=11738):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r2, 0x891c, &(0x7f0000000100)={'ip6erspan0\x00', {0x2, 0x4e23, @empty}})
ioctl$SNDCTL_SEQ_GETINCOUNT(r1, 0x80045105, &(0x7f00000000c0))
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030"], 0x15)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)='.\x00\x00\x00>\x00', 0x6}], 0x1, 0x0, 0x0, 0x39c}, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000069"], 0xfe33)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f0000001280))
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = eventfd(0x2)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r7, 0x1})
ioctl$SNDCTL_SEQ_NRMIDIS(r1, 0x8004510b, &(0x7f00000001c0))
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000180)={r7, 0xdf8b, 0x3, r7})
ioctl$sock_netrom_SIOCDELRT(r0, 0x890c, &(0x7f0000000140)={0x0, @bcast, @bpq0, 0x89, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2, 0x8, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]})

2m24.410558342s ago: executing program 8 (id=11739):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
fsmount(r1, 0x0, 0x1)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000020ac050f02220001828301090224000101000000090400000203010200092100050001220000090581", @ANYBLOB="87e9"], 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x4b, 0x41, 0x46, 0x8, 0x1660, 0x932, 0x80ea, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x5, 0x10, 0xf}}]}}]}}, 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
syz_open_dev$evdev(&(0x7f00000000c0), 0x200000000000000, 0x820b01)
epoll_create(0x6)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="2ce32fcc07bb89a366224dc48c16dfe1969df2bef31d4461e3f594ce47b28206561a91070072eb70e8eb0d520a807a99fff340e00d08e0040700000000000000eb462115214139b2e403000000040000008bb4444766e722e86e5f8bff8cef611eef0f6113831b2d5c0655bb8d03bc"])
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f00000001c0)={0x1, 0x5, 0x6, &(0x7f00000000c0)={0xa, "4e0797f9f70d0ce6ec27929f3425a20f337af05842fd3f46b7491df531a002abd7"}})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r6, &(0x7f0000001980)={0x0, 0x0, 0x0}, 0x0)
setsockopt(r5, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB="02000000cdf02e923a292802619a04a1fd46f67dbfb81de07350647d3db06b790d8fa1f92d6badf99016c119f6cb1f1007b891af5452b6a39c"], 0x9)
r7 = syz_open_dev$video(&(0x7f0000000180), 0x800, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f0000000040)={0x0, 0x5, 0x0, {0xa, @pix_mp={0xd, 0x2, 0x47524247, 0xc, 0x4, [{0x4, 0x7fff}, {0x1}, {0x8, 0x53}, {0x81, 0x1fc}, {0x8afd, 0x9}, {0x80, 0x10001}, {0x9, 0x10001}, {0x4, 0x9b8b}], 0x7, 0xc, 0xa, 0x0, 0x2}}})
ioctl$VIDIOC_ENUMINPUT(r7, 0xc050561a, &(0x7f0000000040)={0x5, "08ead17f68e8fc0f86d0046f15d82b03931d21810a80105331413adc7c7665dd", 0x3, 0x9, 0x1, 0x10003, 0x40003, 0x2})
sendto$inet6(r5, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)

2m9.345425465s ago: executing program 37 (id=11739):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
fsmount(r1, 0x0, 0x1)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000020ac050f02220001828301090224000101000000090400000203010200092100050001220000090581", @ANYBLOB="87e9"], 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x4b, 0x41, 0x46, 0x8, 0x1660, 0x932, 0x80ea, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x5, 0x10, 0xf}}]}}]}}, 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
syz_open_dev$evdev(&(0x7f00000000c0), 0x200000000000000, 0x820b01)
epoll_create(0x6)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="2ce32fcc07bb89a366224dc48c16dfe1969df2bef31d4461e3f594ce47b28206561a91070072eb70e8eb0d520a807a99fff340e00d08e0040700000000000000eb462115214139b2e403000000040000008bb4444766e722e86e5f8bff8cef611eef0f6113831b2d5c0655bb8d03bc"])
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f00000001c0)={0x1, 0x5, 0x6, &(0x7f00000000c0)={0xa, "4e0797f9f70d0ce6ec27929f3425a20f337af05842fd3f46b7491df531a002abd7"}})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r6, &(0x7f0000001980)={0x0, 0x0, 0x0}, 0x0)
setsockopt(r5, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB="02000000cdf02e923a292802619a04a1fd46f67dbfb81de07350647d3db06b790d8fa1f92d6badf99016c119f6cb1f1007b891af5452b6a39c"], 0x9)
r7 = syz_open_dev$video(&(0x7f0000000180), 0x800, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f0000000040)={0x0, 0x5, 0x0, {0xa, @pix_mp={0xd, 0x2, 0x47524247, 0xc, 0x4, [{0x4, 0x7fff}, {0x1}, {0x8, 0x53}, {0x81, 0x1fc}, {0x8afd, 0x9}, {0x80, 0x10001}, {0x9, 0x10001}, {0x4, 0x9b8b}], 0x7, 0xc, 0xa, 0x0, 0x2}}})
ioctl$VIDIOC_ENUMINPUT(r7, 0xc050561a, &(0x7f0000000040)={0x5, "08ead17f68e8fc0f86d0046f15d82b03931d21810a80105331413adc7c7665dd", 0x3, 0x9, 0x1, 0x10003, 0x40003, 0x2})
sendto$inet6(r5, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)

4.009353106s ago: executing program 4 (id=12933):
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000000c0)='binder\x00', 0xc400, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0) (async)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f91b50090987f70906d038e7ff7fc6e5539b0d3d0e8b089b33356d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe59}}, 0xfa)
write$vhost_msg_v2(r1, &(0x7f00000002c0)={0x2, 0x0, {&(0x7f0000000100)=""/243, 0xf3, &(0x7f0000000200)=""/149, 0x1, 0x2}}, 0x48)

3.878630835s ago: executing program 4 (id=12937):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0xba, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000140)={0x0, 0x3, 0x4, {0x1, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe10437ed0d21b5580e000000003b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}})
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000400)={0x0, 0x5, 0x2, {0x1, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}}})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hpfs\x00', 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0xba, 0x2) (async)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000140)={0x0, 0x3, 0x4, {0x1, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe10437ed0d21b5580e000000003b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3314c94970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}}) (async)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000400)={0x0, 0x5, 0x2, {0x1, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}}}) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hpfs\x00', 0x0, 0x0) (async)

3.72662629s ago: executing program 4 (id=12941):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe800000000000000fc00000000000aaff02000000000000000000000000000184"], 0xffe)

3.488322632s ago: executing program 4 (id=12942):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}, 0x1, 0xff84}, 0x0)

3.407987501s ago: executing program 4 (id=12943):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x29202, 0x0)
r0 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb)
pipe2$watch_queue(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002202df00001e29"], 0x0}, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r2, 0x5760, 0x1f)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x100000000000f7)
read$watch_queue(r1, &(0x7f00000000c0)=""/16, 0xffffffb9)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440), 0x10)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
sendmmsg(r6, &(0x7f0000000440)=[{{&(0x7f0000000700)=@hci={0x1f, 0x4, 0x3}, 0x80, &(0x7f0000000200)}}], 0x1, 0x841)
r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bd160f40867d000000a0122400"/28], 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$inet(r9, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41)
recvmsg(r8, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x40010041)
read(r8, &(0x7f0000000040)=""/98, 0x3a)
syz_usb_control_io$printer(r7, 0x0, 0x0)
syz_usb_control_io(r7, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
listen(r5, 0x0)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r10, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
r11 = accept4$unix(r5, 0x0, 0x0, 0x0)
listen(r11, 0x70ba380e)
r12 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYRES64=r2, @ANYRESOCT=r12, @ANYRES64], 0x30}}, 0xc000)

3.31057312s ago: executing program 9 (id=12944):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206050000000000000000000700000014000780080008400000009808000640200000000500010006000000050005000a00000005000400000000000900020073797a310000000010000300"], 0x5c}}, 0x20000000)

3.267444863s ago: executing program 9 (id=12945):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4)
ioctl$HIDIOCGUSAGE(r0, 0xc018480b, &(0x7f0000000040)={0x1, 0x2, 0x7ad32357, 0x6, 0xe79e, 0xeb9e})
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x204, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

3.030535657s ago: executing program 9 (id=12947):
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000300)={<r0=>0x0, 0x8, 0x20, 0x0, 0xc}, &(0x7f0000000340)=0x18)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={<r1=>r0, 0x8}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000080)={<r2=>0x0, 0xfa, "7faf868dedfbd07fbc3f3702b66366646108c3bc14edd0050864124048b2baf62ef70e6ecd6ee2805f9c992dc711a6cac11a5d1d2fb7946586b5769555aafedc65b191972463011ffb212ed07c45c64ead3cb31cbd9ff3b40a4816b3e24afd8dba54ecce92fa499fe307d2f8ef5a7882b09f6f0ddb39b5108b36c4f3658577dc7faf6a91fa5a4c46c2d2b4a1c3baf4d8c859f0217d17d8f8be95f4111c185eee2988f7f35551104dff3a2289398914253913afb10833744b70fd5f7244b5af7c4bb0c34913f63f0f01a97a1c561a76000907370ba07f20a750a18601f5552090c77e79c611545e70eaf85aa6afca3bcb24c62d0da808b58c846e"}, &(0x7f00000001c0)=0x102)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000200)={r1, 0x4, 0x400, 0x6, 0xd1, 0x400, 0x401, 0x6, {r2, @in={{0x2, 0x4e23, @multicast1}}, 0x0, 0x2, 0x8, 0x0, 0x7ff}}, &(0x7f00000002c0)=0xb0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x382, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r3, 0x45809000)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000001180)={'erspan0\x00', {0x2, 0x4e22, @rand_addr=0x64010102}})

2.750599885s ago: executing program 9 (id=12950):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000a00)={'wlan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="02030c65d66402000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x0, 0x0, 0x6, @broadcast}, 0x14)

2.695445165s ago: executing program 9 (id=12952):
syz_usb_connect$uac1(0x0, 0xb0, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000206b1d010140000102030109029e0003010230000904000000010100000a24010600310201020b2407030100077cf5354e08240504032920ec082405024045cf7b0a2407010400008c8e58090401000001020000090c0101010102000009050109ff030803dd072501020cf7ff090402000001020000090402010101020000072401800f04000b2402010104"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000000000000000000003300000000000000000086009078000000ffffff8700000000000000ee3f000000002b"], 0xfdef)

1.366468787s ago: executing program 6 (id=12959):
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='gfs2\x00', 0x200000, 0x0)
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
statx(r0, &(0x7f0000000180)='./cgroup\x00', 0x1000, 0x10, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
lstat(&(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}) (async, rerun: 64)
r3 = socket$inet_udplite(0x2, 0x2, 0x88) (rerun: 64)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, <r4=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r4) (async)
r5 = syz_clone(0x8c8000, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_readv(r5, &(0x7f0000000280)=[{&(0x7f0000000000)=""/47, 0x2f}, {0x0}], 0x2, &(0x7f0000000b00)=[{&(0x7f0000000700)=""/238, 0xee}], 0x1, 0x0) (async)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000200)={0x6, 0x8, {}, {<r6=>0x0}, 0x128fb0f3, 0x10000000000000}) (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x400) (async)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000004c0)={0x0, 0x0, <r8=>0x0}, &(0x7f0000000500)=0xc) (async, rerun: 32)
newfstatat(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x1000) (rerun: 32)
lsetxattr$system_posix_acl(&(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000680)=ANY=[@ANYBLOB="0200000001000f000000000002000600", @ANYRES32=r1, @ANYBLOB="020055606731d4d3d452758a523c5120b48a87170806b3feb580c033280fd80fe76f5119a741480466da2bc456fab782e6e9557374f9db63903b062c6014696494dd7370cf", @ANYRES32=r2, @ANYBLOB="02000c00", @ANYRES32=r4, @ANYBLOB="02000000", @ANYRES32=r6, @ANYBLOB="040004000000000008000600", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="08000400", @ANYRES32=r9, @ANYBLOB="10000000000000002000020000000000"], 0x5c, 0x3)
mkdirat(r0, &(0x7f00000000c0)='./cgroup\x00', 0xd0)

1.097904645s ago: executing program 6 (id=12961):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x8, @empty, 0x3}, 0x1c)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0xd, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socket$inet(0x2, 0x80000, 0x10)
lgetxattr(0x0, 0x0, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff020000000000000000000000000801"], 0xffe)

828.131562ms ago: executing program 7 (id=12963):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4)
ioctl$HIDIOCGUSAGE(r0, 0xc018480b, &(0x7f0000000040)={0x1, 0x2, 0x7ad32357, 0x6, 0xe79e, 0xeb9e})
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x204, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

641.50814ms ago: executing program 7 (id=12964):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206050000000000000000000700000014000780080008400000009808000640200000000500010006000000050005000a00000005000400000000000900020073797a310000000010000300686173683a69"], 0x5c}}, 0x20000000)

532.932838ms ago: executing program 6 (id=12965):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000a00)={'wlan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="02030c65420002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x0, 0x0, 0x6, @broadcast}, 0x14)

454.123153ms ago: executing program 7 (id=12966):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
recvmmsg(r0, 0x0, 0x0, 0x40000000, 0x0)

314.016577ms ago: executing program 4 (id=12967):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc000900b80006990600001e42000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb500"/216, 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x4)
lsm_list_modules(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x29c, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000841b7420da040d39bb2d0102030109028a020100000000090408f80af179fa020f24020205000d000cf67df8e6988f0724014004000009050c0340000e0408090502"], 0x0)
mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ext2\x00', 0x200000, 0x0)

313.796842ms ago: executing program 7 (id=12968):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000a00)={'wlan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="02030c65d66402000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x12, 0x0, 0x6, @broadcast}, 0x14)

268.820112ms ago: executing program 6 (id=12969):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000130a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000568000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a300000000014000000110001"], 0xf0}}, 0x0)

244.673317ms ago: executing program 9 (id=12970):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x12, r0, 0x45809000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r1 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
migrate_pages(r1, 0x7, &(0x7f0000000000)=0x1c07, &(0x7f0000000040)=0x8)
mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {<r2=>r0}}, './file0\x00'})
sendto$ax25(r2, &(0x7f00000000c0)="32061a2895db6526c99421a40a486790922596afff9e7294bf0450d158825e9032665b6dd5e8f6db640afce67b2976a3b90874424a824babd27937aa96fd6bf8e1073185d70fddf8003776479c5265c9d27459575d69d3f8c1975ae4333bd8a52ad7c85ce881dfa1876de0aadb5e3de82b491efd7718de1e250ff03f48e5c698859f9eb8d893a5551fae0fea17d0fda571af7d80aca4adde74cc809583d943351688bded0899fa0e902895458082daa2e75f4da03e3fda53b45fa8804dc33ebb9bc7", 0xc2, 0x0, 0x0, 0x0)

162.688144ms ago: executing program 7 (id=12971):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c000000020605000000000000000000070000001400078008000840000000980800064020000000050001000600000005000500020000000500040000000a000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}}, 0x20000000)

162.415579ms ago: executing program 6 (id=12972):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000000002000000aaff02000000000000000000000000000184"], 0xffe)

98.388051ms ago: executing program 7 (id=12973):
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000300)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
mkdirat(r1, &(0x7f0000000000)='./cgroup\x00', 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_int(r2, 0x29, 0x18, 0x0, &(0x7f00000001c0)) (async)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x89901) (async)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @rand_addr=0x64010102}}, 0x0, 0x0, 0x4, 0x5, 0x7f0dbe3ac64a03d0, 0x3d22}, 0x9c) (async)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000080)=@assoc_value, &(0x7f00000000c0)=0x8) (async)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
move_mount(r3, &(0x7f0000000380)='./file0\x00', r3, 0x0, 0x40)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f00000009c0)={&(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000880)=[{}, {}], &(0x7f0000000940)=[<r6=>0x0], &(0x7f0000000980), 0x2, 0x1, 0x4}) (async)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000000ac0)={&(0x7f0000000a40)=[<r7=>0x0, 0x0], &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2}) (async)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000e00)={&(0x7f0000000b00)=[0x0, 0x0, 0x0], &(0x7f0000000b40)=[{}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000d80)=[0x0, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000dc0)=[0x0, 0x0], 0x8, 0x7, 0x3})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000001100)={&(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ec0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000001080)=[0x0, <r9=>0x0], &(0x7f00000010c0)=[0x0, 0x0], 0x6, 0x2, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f00000013c0)={&(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000011c0)=[{}, {}, {}, {}, {}], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, <r10=>0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0], 0x5, 0x2, 0x9})
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f00000014c0)={0x100, 0x1, &(0x7f0000000340)=[0x0], &(0x7f00000003c0)=[0x3, 0x3, 0x2], &(0x7f0000001440)=[0x0, 0x0, 0x0, 0x0, r6, r7, 0x0, r8, r9, r10], &(0x7f0000001480)=[0x7, 0x5], 0x0, 0x800}) (async)
r11 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x74, 0xa, 0x1, 0x2, 0x2, 0x1, 0x5, 0x4, 0x8, 0x1, 0x5, 0x7, 0x2, 0x3, 0x7, 0x81}}) (async)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x4, 0x0, 0x11, 0x10, 0x100, 0x0})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r12, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_REGS(r12, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
ioctl$KVM_RUN(r12, 0xae80, 0x0) (async)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000400)='cramfs\x00', 0xc400, 0x0)

0s ago: executing program 6 (id=12974):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}, 0x1, 0x1000000}, 0x0)

kernel console output (not intermixed with test programs):

8]  ? __pfx___sys_sendto+0x10/0x10
[ 1806.517214][ T4768]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1806.517248][ T4768]  ? __fget_files+0x3a0/0x420
[ 1806.517281][ T4768]  ? ksys_write+0x22a/0x250
[ 1806.517303][ T4768]  ? __pfx_ksys_write+0x10/0x10
[ 1806.517319][ T4768]  ? rcu_is_watching+0x15/0xb0
[ 1806.517341][ T4768]  __x64_sys_sendto+0xde/0x100
[ 1806.517366][ T4768]  do_syscall_64+0xfa/0x3b0
[ 1806.517387][ T4768]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1806.517406][ T4768]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1806.517423][ T4768]  ? clear_bhb_loop+0x60/0xb0
[ 1806.517443][ T4768]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1806.517460][ T4768] RIP: 0033:0x7f17ccb8e929
[ 1806.517476][ T4768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1806.517490][ T4768] RSP: 002b:00007f17cd97d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1806.517509][ T4768] RAX: ffffffffffffffda RBX: 00007f17ccdb5fa0 RCX: 00007f17ccb8e929
[ 1806.517522][ T4768] RDX: 000000000000ff88 RSI: 0000200000000180 RDI: 0000000000000003
[ 1806.517534][ T4768] RBP: 00007f17cd97d090 R08: 0000200000000140 R09: 0000000000000014
[ 1806.517546][ T4768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1806.517557][ T4768] R13: 0000000000000000 R14: 00007f17ccdb5fa0 R15: 00007ffc53308038
[ 1806.517586][ T4768]  </TASK>
[ 1807.212389][ T4776] loop2: detected capacity change from 0 to 1
[ 1807.229603][ T4776] Dev loop2: unable to read RDB block 1
[ 1807.267209][ T4776]  loop2: unable to read partition table
[ 1807.289551][ T4776] loop2: partition table beyond EOD, truncated
[ 1807.317449][ T4776] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1808.716681][ T4824] hpfs: Bad magic ... probably not HPFS
[ 1808.726117][ T4824] hpfs: Bad magic ... probably not HPFS
[ 1809.023097][T20714] usb 7-1: new high-speed USB device number 86 using dummy_hcd
[ 1809.173014][T20714] usb 7-1: Using ep0 maxpacket: 8
[ 1809.180887][T20714] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1809.190667][T20714] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1809.198712][T20714] usb 7-1: Product: syz
[ 1809.202865][T20714] usb 7-1: Manufacturer: syz
[ 1809.207505][T20714] usb 7-1: SerialNumber: syz
[ 1809.219991][T20714] usb 7-1: config 0 descriptor??
[ 1809.227565][T20714] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1809.235701][T20714] usb 7-1: setting power ON
[ 1809.240204][T20714] dvb-usb: bulk message failed: -22 (2/0)
[ 1809.248908][T20714] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1809.260613][T20714] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1809.269634][T20714] usb 7-1: media controller created
[ 1809.289002][T20714] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1809.307002][T20714] usb 7-1: selecting invalid altsetting 6
[ 1809.313136][T20714] usb 7-1: digital interface selection failed (-22)
[ 1809.319726][T20714] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1809.328862][T20714] usb 7-1: setting power OFF
[ 1809.333641][T20714] dvb-usb: bulk message failed: -22 (2/0)
[ 1809.339357][T20714] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1809.348693][T20714] (NULL device *): no alternate interface
[ 1809.372237][T20714] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1809.430306][T20714] usb 7-1: USB disconnect, device number 86
[ 1809.995717][ T4855] netlink: 4 bytes leftover after parsing attributes in process `syz.6.11770'.
[ 1811.291251][ T4891] loop2: detected capacity change from 0 to 1
[ 1811.313390][ T4891] Dev loop2: unable to read RDB block 1
[ 1811.324705][ T4891]  loop2: unable to read partition table
[ 1811.339707][ T4891] loop2: partition table beyond EOD, truncated
[ 1811.354061][ T4891] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1811.943029][ T4911] netlink: 60 bytes leftover after parsing attributes in process `syz.6.11782'.
[ 1811.975613][ T4909] netlink: 60 bytes leftover after parsing attributes in process `syz.6.11782'.
[ 1812.002606][ T4910] netlink: 60 bytes leftover after parsing attributes in process `syz.6.11782'.
[ 1812.221333][   T30] audit: type=1326 audit(1751057734.075:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4912 comm="syz.4.11783" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f17ccb2ab19 code=0x0
[ 1815.448881][ T4983] vxfs: WRONG superblock magic 00000000 at 1
[ 1815.455872][ T4983] vxfs: WRONG superblock magic 00000000 at 8
[ 1815.461846][ T4983] vxfs: can't find superblock.
[ 1815.498345][ T4985] FAULT_INJECTION: forcing a failure.
[ 1815.498345][ T4985] name failslab, interval 1, probability 0, space 0, times 0
[ 1815.511802][ T4985] CPU: 0 UID: 0 PID: 4985 Comm: syz.6.11799 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
[ 1815.511816][ T4985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1815.511822][ T4985] Call Trace:
[ 1815.511828][ T4985]  <TASK>
[ 1815.511833][ T4985]  dump_stack_lvl+0x189/0x250
[ 1815.511848][ T4985]  ? __pfx____ratelimit+0x10/0x10
[ 1815.511862][ T4985]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1815.511873][ T4985]  ? __pfx__printk+0x10/0x10
[ 1815.511885][ T4985]  ? __lock_acquire+0xab9/0xd20
[ 1815.511905][ T4985]  should_fail_ex+0x414/0x560
[ 1815.511919][ T4985]  should_failslab+0xa8/0x100
[ 1815.511933][ T4985]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1815.511945][ T4985]  ? __alloc_skb+0x112/0x2d0
[ 1815.511961][ T4985]  __alloc_skb+0x112/0x2d0
[ 1815.511977][ T4985]  skb_copy+0x188/0x800
[ 1815.511993][ T4985]  mac80211_hwsim_tx_frame_no_nl+0xcd3/0x11c0
[ 1815.512018][ T4985]  ? __pfx_mac80211_hwsim_tx_frame_no_nl+0x10/0x10
[ 1815.512040][ T4985]  ? mac80211_hwsim_monitor_rx+0x1d7/0x880
[ 1815.512057][ T4985]  mac80211_hwsim_tx+0x1855/0x25d0
[ 1815.512081][ T4985]  ieee80211_handle_wake_tx_queue+0x18e/0x2a0
[ 1815.512100][ T4985]  ? __pfx_ieee80211_handle_wake_tx_queue+0x10/0x10
[ 1815.512113][ T4985]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1815.512122][ T4985]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1815.512132][ T4985]  ? do_raw_spin_unlock+0x122/0x240
[ 1815.512147][ T4985]  ieee80211_queue_skb+0x19e8/0x2180
[ 1815.512177][ T4985]  ieee80211_tx+0x297/0x420
[ 1815.512191][ T4985]  ? __pfx_ieee80211_tx+0x10/0x10
[ 1815.512216][ T4985]  ? ieee80211_xmit+0x315/0x400
[ 1815.512232][ T4985]  __ieee80211_subif_start_xmit+0xccf/0x1610
[ 1815.512248][ T4985]  ? __ieee80211_subif_start_xmit+0x2be/0x1610
[ 1815.512269][ T4985]  ? __pfx___ieee80211_subif_start_xmit+0x10/0x10
[ 1815.512287][ T4985]  ? ieee80211_multicast_to_unicast+0x19c/0x320
[ 1815.512304][ T4985]  ieee80211_subif_start_xmit+0xe0/0x510
[ 1815.512321][ T4985]  ? __pfx_ieee80211_subif_start_xmit+0x10/0x10
[ 1815.512337][ T4985]  ? dev_queue_xmit_nit+0xb68/0xcc0
[ 1815.512352][ T4985]  ? dev_queue_xmit_nit+0x2d/0xcc0
[ 1815.512372][ T4985]  dev_hard_start_xmit+0x2d4/0x830
[ 1815.512391][ T4985]  __dev_queue_xmit+0x1adf/0x3a70
[ 1815.512406][ T4985]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1815.512417][ T4985]  ? rep_movs_alternative+0x4a/0x90
[ 1815.512428][ T4985]  ? _copy_from_iter+0x24c/0x16f0
[ 1815.512439][ T4985]  ? rep_movs_alternative+0x4a/0x90
[ 1815.512449][ T4985]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1815.512461][ T4985]  ? __pfx__copy_from_iter+0x10/0x10
[ 1815.512468][ T4985]  ? sock_alloc_send_pskb+0x875/0x990
[ 1815.512482][ T4985]  ? virtio_net_hdr_to_skb+0x9e1/0x1490
[ 1815.512492][ T4985]  ? packet_parse_headers+0x7ff/0xb60
[ 1815.512504][ T4985]  ? page_copy_sane+0x16a/0x280
[ 1815.512516][ T4985]  ? __pfx_packet_parse_headers+0x10/0x10
[ 1815.512527][ T4985]  ? __pfx_virtio_net_hdr_to_skb+0x10/0x10
[ 1815.512540][ T4985]  ? packet_xmit+0x68/0x330
[ 1815.512552][ T4985]  packet_sendmsg+0x41d4/0x5410
[ 1815.512573][ T4985]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1815.512595][ T4985]  ? __pfx___might_resched+0x10/0x10
[ 1815.512604][ T4985]  ? __lock_acquire+0xab9/0xd20
[ 1815.512626][ T4985]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1815.512639][ T4985]  ? aa_sk_perm+0x81e/0x950
[ 1815.512654][ T4985]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1815.512697][ T4985]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1815.512716][ T4985]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1815.512730][ T4985]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1815.512745][ T4985]  __sock_sendmsg+0x219/0x270
[ 1815.512758][ T4985]  __sys_sendto+0x3bd/0x520
[ 1815.512774][ T4985]  ? __pfx___sys_sendto+0x10/0x10
[ 1815.512786][ T4985]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1815.512806][ T4985]  ? __fget_files+0x3a0/0x420
[ 1815.512826][ T4985]  ? ksys_write+0x22a/0x250
[ 1815.512839][ T4985]  ? __pfx_ksys_write+0x10/0x10
[ 1815.512849][ T4985]  ? rcu_is_watching+0x15/0xb0
[ 1815.512862][ T4985]  __x64_sys_sendto+0xde/0x100
[ 1815.512877][ T4985]  do_syscall_64+0xfa/0x3b0
[ 1815.512890][ T4985]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1815.512902][ T4985]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1815.512916][ T4985]  ? clear_bhb_loop+0x60/0xb0
[ 1815.512934][ T4985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1815.512948][ T4985] RIP: 0033:0x7f713f98e929
[ 1815.512964][ T4985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1815.512979][ T4985] RSP: 002b:00007f714076f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1815.512996][ T4985] RAX: ffffffffffffffda RBX: 00007f713fbb5fa0 RCX: 00007f713f98e929
[ 1815.513006][ T4985] RDX: 000000000000ff88 RSI: 0000200000000180 RDI: 0000000000000003
[ 1815.513015][ T4985] RBP: 00007f714076f090 R08: 0000200000000140 R09: 0000000000000014
[ 1815.513023][ T4985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1815.513031][ T4985] R13: 0000000000000000 R14: 00007f713fbb5fa0 R15: 00007ffd039b5618
[ 1815.513051][ T4985]  </TASK>
[ 1816.818029][ T5004] loop2: detected capacity change from 0 to 1
[ 1816.827524][T19322] Dev loop2: unable to read RDB block 1
[ 1816.834254][T19322]  loop2: unable to read partition table
[ 1816.840445][T19322] loop2: partition table beyond EOD, truncated
[ 1816.854132][ T5004] Dev loop2: unable to read RDB block 1
[ 1816.859725][ T5004]  loop2: unable to read partition table
[ 1816.867982][ T5004] loop2: partition table beyond EOD, truncated
[ 1816.874277][ T5004] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1817.449630][ T5041] /dev/rnullb0: Can't open blockdev
[ 1817.591154][   T30] audit: type=1326 audit(1751057739.445:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5042 comm="syz.6.11812" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713f98e929 code=0x0
[ 1819.303461][ T5102] loop2: detected capacity change from 0 to 1
[ 1819.318251][T19322] Dev loop2: unable to read RDB block 1
[ 1819.333179][T19322]  loop2: unable to read partition table
[ 1819.344003][T19322] loop2: partition table beyond EOD, truncated
[ 1819.365478][ T5102] Dev loop2: unable to read RDB block 1
[ 1819.381720][ T5102]  loop2: unable to read partition table
[ 1819.392004][ T5102] loop2: partition table beyond EOD, truncated
[ 1819.409534][ T5102] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1819.448366][T30136] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1819.461255][T30136] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1819.473290][T30136] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1819.484938][T30136] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1819.495097][T30136] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1819.818420][ T5235] /dev/rnullb0: Can't open blockdev
[ 1819.827004][ T5108] chnl_net:caif_netlink_parms(): no params data found
[ 1819.842455][ T5236] /dev/rnullb0: Can't open blockdev
[ 1819.853450][T20714] usb 7-1: new high-speed USB device number 87 using dummy_hcd
[ 1819.940599][ T5108] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1819.947921][ T5108] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1819.957205][ T5108] bridge_slave_0: entered allmulticast mode
[ 1819.965326][ T5108] bridge_slave_0: entered promiscuous mode
[ 1819.974000][ T5108] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1819.981185][ T5108] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1819.988590][ T5108] bridge_slave_1: entered allmulticast mode
[ 1819.996841][ T5108] bridge_slave_1: entered promiscuous mode
[ 1820.025365][T20714] usb 7-1: Using ep0 maxpacket: 8
[ 1820.046803][ T5108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1820.047386][T20714] usb 7-1: config 2 has an invalid interface number: 76 but max is 0
[ 1820.060655][ T5108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1820.070449][T20714] usb 7-1: config 2 has no interface number 0
[ 1820.082037][T20714] usb 7-1: config 2 interface 76 altsetting 9 endpoint 0xB has an invalid bInterval 252, changing to 11
[ 1820.095736][T20714] usb 7-1: config 2 interface 76 altsetting 9 has an invalid endpoint descriptor of length 4, skipping
[ 1820.107503][T20714] usb 7-1: config 2 interface 76 altsetting 9 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1820.125619][T20714] usb 7-1: config 2 interface 76 has no altsetting 0
[ 1820.136563][T20714] usb 7-1: New USB device found, idVendor=10cf, idProduct=8062, bcdDevice=50.79
[ 1820.149414][T20714] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1820.159640][T20714] usb 7-1: Product: syz
[ 1820.176092][T20714] usb 7-1: Manufacturer: syz
[ 1820.176526][ T5108] team0: Port device team_slave_0 added
[ 1820.180692][T20714] usb 7-1: SerialNumber: syz
[ 1820.197085][ T5120] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1820.213753][ T5108] team0: Port device team_slave_1 added
[ 1820.297114][ T5108] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1820.304828][ T5108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1820.333640][ T5108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1820.350117][ T5108] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1820.369666][ T5108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1820.420130][ T5120] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[ 1820.434298][ T5108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1820.459529][T20714] vmk80xx 7-1:2.76: driver 'vmk80xx' failed to auto-configure device.
[ 1820.520273][T20714] usb 7-1: USB disconnect, device number 87
[ 1820.609164][ T5108] hsr_slave_0: entered promiscuous mode
[ 1820.615813][ T5108] hsr_slave_1: entered promiscuous mode
[ 1820.633768][ T5108] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1820.641330][ T5108] Cannot create hsr debugfs directory
[ 1821.012166][ T5108] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1821.026881][ T5108] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1821.037677][ T5108] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1821.049456][ T5108] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1821.155746][ T5108] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1821.179868][   T30] audit: type=1326 audit(1751057743.035:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5503 comm="syz.6.11832" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f713f92ab19 code=0x0
[ 1821.206048][ T5108] 8021q: adding VLAN 0 to HW filter on device team0
[ 1821.220016][T30595] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1821.227188][T30595] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1821.275506][ T6288] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1821.282641][ T6288] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1821.560866][ T5108] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1821.617254][T30136] Bluetooth: hci1: command tx timeout
[ 1821.891629][ T5530] futex_wake_op: syz.4.11834 tries to shift op by -1; fix this program
[ 1822.001900][ T5529] FAT-fs (rnullb0): bogus number of reserved sectors
[ 1822.025524][ T5529] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[ 1822.171661][ T5108] veth0_vlan: entered promiscuous mode
[ 1822.201505][ T5108] veth1_vlan: entered promiscuous mode
[ 1822.244351][ T5108] veth0_macvtap: entered promiscuous mode
[ 1822.245901][ T5541] fuse: Bad value for 'user_id'
[ 1822.256167][ T5108] veth1_macvtap: entered promiscuous mode
[ 1822.262607][ T5541] fuse: Bad value for 'user_id'
[ 1822.278567][ T5108] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1822.302040][ T5108] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1822.323354][T30595] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1822.346828][T30595] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1822.362699][T30595] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1822.395216][T30595] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1822.470263][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1822.484913][ T5551] netlink: 32 bytes leftover after parsing attributes in process `syz.6.11837'.
[ 1822.498680][ T5551] FAT-fs (rnullb0): bogus number of reserved sectors
[ 1822.502441][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1822.507739][ T5551] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[ 1822.576805][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1822.597280][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1822.699408][ T5556] netlink: 8 bytes leftover after parsing attributes in process `syz.9.11818'.
[ 1823.120023][ T5543] syz.6.11837 (5543): drop_caches: 2
[ 1823.175528][ T5564] FAULT_INJECTION: forcing a failure.
[ 1823.175528][ T5564] name failslab, interval 1, probability 0, space 0, times 0
[ 1823.188163][ T5564] CPU: 1 UID: 0 PID: 5564 Comm: syz.6.11839 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
[ 1823.188185][ T5564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1823.188196][ T5564] Call Trace:
[ 1823.188204][ T5564]  <TASK>
[ 1823.188210][ T5564]  dump_stack_lvl+0x189/0x250
[ 1823.188232][ T5564]  ? __pfx____ratelimit+0x10/0x10
[ 1823.188245][ T5564]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1823.188255][ T5564]  ? __pfx__printk+0x10/0x10
[ 1823.188265][ T5564]  ? __ieee80211_subif_start_xmit+0x6ec/0x1610
[ 1823.188281][ T5564]  ? __ieee80211_subif_start_xmit+0x2be/0x1610
[ 1823.188302][ T5564]  should_fail_ex+0x414/0x560
[ 1823.188316][ T5564]  should_failslab+0xa8/0x100
[ 1823.188329][ T5564]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1823.188340][ T5564]  ? skb_clone+0x212/0x3a0
[ 1823.188352][ T5564]  skb_clone+0x212/0x3a0
[ 1823.188360][ T5564]  ? dev_queue_xmit_nit+0x25a/0xcc0
[ 1823.188376][ T5564]  dev_queue_xmit_nit+0x416/0xcc0
[ 1823.188390][ T5564]  ? dev_queue_xmit_nit+0x2d/0xcc0
[ 1823.188409][ T5564]  dev_hard_start_xmit+0x1be/0x830
[ 1823.188427][ T5564]  __dev_queue_xmit+0x1adf/0x3a70
[ 1823.188443][ T5564]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1823.188454][ T5564]  ? rep_movs_alternative+0x4a/0x90
[ 1823.188465][ T5564]  ? _copy_from_iter+0x24c/0x16f0
[ 1823.188475][ T5564]  ? rep_movs_alternative+0x4a/0x90
[ 1823.188485][ T5564]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1823.188496][ T5564]  ? __pfx__copy_from_iter+0x10/0x10
[ 1823.188504][ T5564]  ? sock_alloc_send_pskb+0x875/0x990
[ 1823.188518][ T5564]  ? virtio_net_hdr_to_skb+0x9e1/0x1490
[ 1823.188528][ T5564]  ? packet_parse_headers+0x7ff/0xb60
[ 1823.188545][ T5564]  ? page_copy_sane+0x16a/0x280
[ 1823.188566][ T5564]  ? __pfx_packet_parse_headers+0x10/0x10
[ 1823.188584][ T5564]  ? __pfx_virtio_net_hdr_to_skb+0x10/0x10
[ 1823.188605][ T5564]  ? packet_xmit+0x68/0x330
[ 1823.188627][ T5564]  packet_sendmsg+0x41d4/0x5410
[ 1823.188664][ T5564]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1823.188702][ T5564]  ? __pfx___might_resched+0x10/0x10
[ 1823.188718][ T5564]  ? __lock_acquire+0xab9/0xd20
[ 1823.188754][ T5564]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1823.188776][ T5564]  ? aa_sk_perm+0x81e/0x950
[ 1823.188801][ T5564]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1823.188830][ T5564]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1823.188852][ T5564]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1823.188874][ T5564]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1823.188897][ T5564]  __sock_sendmsg+0x219/0x270
[ 1823.188919][ T5564]  __sys_sendto+0x3bd/0x520
[ 1823.188944][ T5564]  ? __pfx___sys_sendto+0x10/0x10
[ 1823.188964][ T5564]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1823.188998][ T5564]  ? __fget_files+0x3a0/0x420
[ 1823.189031][ T5564]  ? ksys_write+0x22a/0x250
[ 1823.189053][ T5564]  ? __pfx_ksys_write+0x10/0x10
[ 1823.189077][ T5564]  __x64_sys_sendto+0xde/0x100
[ 1823.189101][ T5564]  do_syscall_64+0xfa/0x3b0
[ 1823.189115][ T5564]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1823.189127][ T5564]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1823.189136][ T5564]  ? clear_bhb_loop+0x60/0xb0
[ 1823.189148][ T5564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1823.189157][ T5564] RIP: 0033:0x7f713f98e929
[ 1823.189167][ T5564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1823.189175][ T5564] RSP: 002b:00007f714076f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1823.189186][ T5564] RAX: ffffffffffffffda RBX: 00007f713fbb5fa0 RCX: 00007f713f98e929
[ 1823.189193][ T5564] RDX: 000000000000ff88 RSI: 0000200000000180 RDI: 0000000000000003
[ 1823.189200][ T5564] RBP: 00007f714076f090 R08: 0000200000000140 R09: 0000000000000014
[ 1823.189206][ T5564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1823.189212][ T5564] R13: 0000000000000000 R14: 00007f713fbb5fa0 R15: 00007ffd039b5618
[ 1823.189233][ T5564]  </TASK>
[ 1823.693143][T30136] Bluetooth: hci1: command tx timeout
[ 1823.957622][ T5573] NILFS (rnullb0): couldn't find nilfs on the device
[ 1824.278011][ T5594] loop2: detected capacity change from 0 to 1
[ 1824.289091][T19322] Dev loop2: unable to read RDB block 1
[ 1824.296919][T19322]  loop2: unable to read partition table
[ 1824.302783][T19322] loop2: partition table beyond EOD, truncated
[ 1824.319783][ T5594] Dev loop2: unable to read RDB block 1
[ 1824.328695][ T5594]  loop2: unable to read partition table
[ 1824.351892][ T5594] loop2: partition table beyond EOD, truncated
[ 1824.377799][ T5594] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1824.704087][ T5614] netlink: 'syz.7.11850': attribute type 2 has an invalid length.
[ 1824.749610][ T5614] netlink: 'syz.7.11850': attribute type 10 has an invalid length.
[ 1824.774915][ T5614] macvlan0: entered allmulticast mode
[ 1824.800365][ T5614] veth1_vlan: entered allmulticast mode
[ 1824.837854][ T5614] team0: Port device macvlan0 added
[ 1825.010246][ T5634] block device autoloading is deprecated and will be removed.
[ 1825.057048][   T30] audit: type=1326 audit(1751057746.915:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5631 comm="syz.9.11854" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7fc6ced2ab19 code=0x0
[ 1825.098006][ T5634] Mount JFS Failure: -22
[ 1825.164133][ T5642] FAULT_INJECTION: forcing a failure.
[ 1825.164133][ T5642] name failslab, interval 1, probability 0, space 0, times 0
[ 1825.176805][ T5642] CPU: 0 UID: 0 PID: 5642 Comm: syz.6.11855 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
[ 1825.176827][ T5642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1825.176838][ T5642] Call Trace:
[ 1825.176846][ T5642]  <TASK>
[ 1825.176854][ T5642]  dump_stack_lvl+0x189/0x250
[ 1825.176878][ T5642]  ? __pfx____ratelimit+0x10/0x10
[ 1825.176899][ T5642]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1825.176918][ T5642]  ? __pfx__printk+0x10/0x10
[ 1825.176955][ T5642]  should_fail_ex+0x414/0x560
[ 1825.176980][ T5642]  should_failslab+0xa8/0x100
[ 1825.177002][ T5642]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1825.177020][ T5642]  ? skb_clone+0x212/0x3a0
[ 1825.177036][ T5642]  ? run_filter+0x23/0x270
[ 1825.177055][ T5642]  skb_clone+0x212/0x3a0
[ 1825.177070][ T5642]  ? packet_rcv+0x567/0x1590
[ 1825.177096][ T5642]  packet_rcv+0x6d6/0x1590
[ 1825.177127][ T5642]  ? __pfx_packet_rcv+0x10/0x10
[ 1825.177149][ T5642]  dev_queue_xmit_nit+0x3f4/0xcc0
[ 1825.177173][ T5642]  ? dev_queue_xmit_nit+0x2d/0xcc0
[ 1825.177207][ T5642]  dev_hard_start_xmit+0x1be/0x830
[ 1825.177241][ T5642]  __dev_queue_xmit+0x1adf/0x3a70
[ 1825.177270][ T5642]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1825.177290][ T5642]  ? rep_movs_alternative+0x4a/0x90
[ 1825.177310][ T5642]  ? _copy_from_iter+0x24c/0x16f0
[ 1825.177328][ T5642]  ? rep_movs_alternative+0x4a/0x90
[ 1825.177346][ T5642]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1825.177367][ T5642]  ? __pfx__copy_from_iter+0x10/0x10
[ 1825.177381][ T5642]  ? sock_alloc_send_pskb+0x875/0x990
[ 1825.177406][ T5642]  ? virtio_net_hdr_to_skb+0x9e1/0x1490
[ 1825.177423][ T5642]  ? packet_parse_headers+0x7ff/0xb60
[ 1825.177444][ T5642]  ? page_copy_sane+0x16a/0x280
[ 1825.177467][ T5642]  ? __pfx_packet_parse_headers+0x10/0x10
[ 1825.177486][ T5642]  ? __pfx_virtio_net_hdr_to_skb+0x10/0x10
[ 1825.177508][ T5642]  ? packet_xmit+0x68/0x330
[ 1825.177530][ T5642]  packet_sendmsg+0x41d4/0x5410
[ 1825.177567][ T5642]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1825.177607][ T5642]  ? __pfx___might_resched+0x10/0x10
[ 1825.177623][ T5642]  ? __lock_acquire+0xab9/0xd20
[ 1825.177660][ T5642]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1825.177682][ T5642]  ? aa_sk_perm+0x81e/0x950
[ 1825.177708][ T5642]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1825.177736][ T5642]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1825.177759][ T5642]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1825.177782][ T5642]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1825.177806][ T5642]  __sock_sendmsg+0x219/0x270
[ 1825.177830][ T5642]  __sys_sendto+0x3bd/0x520
[ 1825.177855][ T5642]  ? __pfx___sys_sendto+0x10/0x10
[ 1825.177875][ T5642]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1825.177910][ T5642]  ? __fget_files+0x3a0/0x420
[ 1825.177947][ T5642]  ? ksys_write+0x22a/0x250
[ 1825.177970][ T5642]  ? __pfx_ksys_write+0x10/0x10
[ 1825.177987][ T5642]  ? rcu_is_watching+0x15/0xb0
[ 1825.178009][ T5642]  __x64_sys_sendto+0xde/0x100
[ 1825.178035][ T5642]  do_syscall_64+0xfa/0x3b0
[ 1825.178055][ T5642]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1825.178075][ T5642]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1825.178092][ T5642]  ? clear_bhb_loop+0x60/0xb0
[ 1825.178113][ T5642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1825.178130][ T5642] RIP: 0033:0x7f713f98e929
[ 1825.178145][ T5642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1825.178160][ T5642] RSP: 002b:00007f714076f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1825.178179][ T5642] RAX: ffffffffffffffda RBX: 00007f713fbb5fa0 RCX: 00007f713f98e929
[ 1825.178192][ T5642] RDX: 000000000000ff88 RSI: 0000200000000180 RDI: 0000000000000003
[ 1825.178204][ T5642] RBP: 00007f714076f090 R08: 0000200000000140 R09: 0000000000000014
[ 1825.178215][ T5642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1825.178226][ T5642] R13: 0000000000000000 R14: 00007f713fbb5fa0 R15: 00007ffd039b5618
[ 1825.178254][ T5642]  </TASK>
[ 1825.775715][T30136] Bluetooth: hci1: command tx timeout
[ 1826.163721][ T5675] loop2: detected capacity change from 0 to 1
[ 1826.170786][ T5675] Dev loop2: unable to read RDB block 1
[ 1826.180193][ T5675]  loop2: unable to read partition table
[ 1826.187622][ T5675] loop2: partition table beyond EOD, truncated
[ 1826.193999][ T5675] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1826.222220][ T5672] sctp: [Deprecated]: syz.6.11863 (pid 5672) Use of int in max_burst socket option.
[ 1826.222220][ T5672] Use struct sctp_assoc_value instead
[ 1826.683383][ T5833] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1826.863148][ T5833] usb 10-1: Using ep0 maxpacket: 32
[ 1826.876208][ T5833] usb 10-1: config 0 has an invalid interface number: 12 but max is 0
[ 1826.888835][ T5833] usb 10-1: config 0 has no interface number 0
[ 1826.900973][ T5833] usb 10-1: config 0 interface 12 has no altsetting 0
[ 1826.922012][ T5833] usb 10-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1826.937122][ T5833] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1826.946646][ T5833] usb 10-1: Product: syz
[ 1826.950903][ T5833] usb 10-1: Manufacturer: syz
[ 1826.962731][ T5833] usb 10-1: SerialNumber: syz
[ 1826.977917][ T5833] usb 10-1: config 0 descriptor??
[ 1827.023495][T26420] usb 7-1: new high-speed USB device number 88 using dummy_hcd
[ 1827.185507][T26420] usb 7-1: Using ep0 maxpacket: 32
[ 1827.193894][T26420] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1827.205024][T26420] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1827.219454][T26420] usb 7-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1827.234550][T26420] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1827.246112][T26420] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1827.254187][T26420] usb 7-1: Product: syz
[ 1827.258493][T26420] usb 7-1: Manufacturer: syz
[ 1827.263179][T26420] usb 7-1: SerialNumber: syz
[ 1827.290126][   T30] audit: type=1326 audit(1751057749.145:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5730 comm="syz.7.11877" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd77678e929 code=0x0
[ 1827.404134][ T5833] f81534 10-1:0.12: f81534_get_register: reg: 1003 failed: -71
[ 1827.423656][ T5833] f81534 10-1:0.12: f81534_find_config_idx: read failed: -71
[ 1827.432510][ T5833] f81534 10-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1827.444498][ T5833] f81534 10-1:0.12: probe with driver f81534 failed with error -71
[ 1827.468168][ T5833] usb 10-1: USB disconnect, device number 2
[ 1827.630238][T26420] usb 7-1: USB disconnect, device number 88
[ 1827.853247][T30136] Bluetooth: hci1: command tx timeout
[ 1828.086274][ T5771] block nbd0: shutting down sockets
[ 1828.431437][ T5787] loop2: detected capacity change from 0 to 1
[ 1828.444940][T19322] Dev loop2: unable to read RDB block 1
[ 1828.450696][T19322]  loop2: unable to read partition table
[ 1828.457763][T19322] loop2: partition table beyond EOD, truncated
[ 1828.486561][ T5787] Dev loop2: unable to read RDB block 1
[ 1828.492157][ T5787]  loop2: unable to read partition table
[ 1828.499096][ T5787] loop2: partition table beyond EOD, truncated
[ 1828.505914][ T5787] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1828.527925][ T5792] netlink: 72 bytes leftover after parsing attributes in process `syz.6.11884'.
[ 1828.617997][ T5796] netlink: 24 bytes leftover after parsing attributes in process `syz.7.11885'.
[ 1828.869624][ T5818] FAULT_INJECTION: forcing a failure.
[ 1828.869624][ T5818] name failslab, interval 1, probability 0, space 0, times 0
[ 1828.882331][ T5818] CPU: 1 UID: 0 PID: 5818 Comm: syz.7.11890 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
[ 1828.882354][ T5818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1828.882366][ T5818] Call Trace:
[ 1828.882374][ T5818]  <TASK>
[ 1828.882384][ T5818]  dump_stack_lvl+0x189/0x250
[ 1828.882409][ T5818]  ? __pfx____ratelimit+0x10/0x10
[ 1828.882432][ T5818]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1828.882452][ T5818]  ? __pfx__printk+0x10/0x10
[ 1828.882476][ T5818]  ? __lock_acquire+0xab9/0xd20
[ 1828.882510][ T5818]  should_fail_ex+0x414/0x560
[ 1828.882536][ T5818]  should_failslab+0xa8/0x100
[ 1828.882560][ T5818]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1828.882582][ T5818]  ? __alloc_skb+0x112/0x2d0
[ 1828.882611][ T5818]  __alloc_skb+0x112/0x2d0
[ 1828.882640][ T5818]  skb_copy+0x188/0x800
[ 1828.882671][ T5818]  mac80211_hwsim_tx_frame_no_nl+0xcd3/0x11c0
[ 1828.882716][ T5818]  ? __pfx_mac80211_hwsim_tx_frame_no_nl+0x10/0x10
[ 1828.882755][ T5818]  ? mac80211_hwsim_monitor_rx+0x1d7/0x880
[ 1828.882786][ T5818]  mac80211_hwsim_tx+0x1855/0x25d0
[ 1828.882832][ T5818]  ieee80211_handle_wake_tx_queue+0x18e/0x2a0
[ 1828.882866][ T5818]  ? __pfx_ieee80211_handle_wake_tx_queue+0x10/0x10
[ 1828.882889][ T5818]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1828.882910][ T5818]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1828.882928][ T5818]  ? do_raw_spin_unlock+0x122/0x240
[ 1828.882952][ T5818]  ieee80211_queue_skb+0x19e8/0x2180
[ 1828.883002][ T5818]  ieee80211_tx+0x297/0x420
[ 1828.883027][ T5818]  ? __pfx_ieee80211_tx+0x10/0x10
[ 1828.883069][ T5818]  ? ieee80211_xmit+0x315/0x400
[ 1828.883094][ T5818]  __ieee80211_subif_start_xmit+0xccf/0x1610
[ 1828.883120][ T5818]  ? __ieee80211_subif_start_xmit+0x2be/0x1610
[ 1828.883158][ T5818]  ? __pfx___ieee80211_subif_start_xmit+0x10/0x10
[ 1828.883190][ T5818]  ? ieee80211_multicast_to_unicast+0x19c/0x320
[ 1828.883221][ T5818]  ieee80211_subif_start_xmit+0xe0/0x510
[ 1828.883251][ T5818]  ? __pfx_ieee80211_subif_start_xmit+0x10/0x10
[ 1828.883281][ T5818]  ? dev_queue_xmit_nit+0xb68/0xcc0
[ 1828.883304][ T5818]  ? dev_queue_xmit_nit+0x2d/0xcc0
[ 1828.883344][ T5818]  dev_hard_start_xmit+0x2d4/0x830
[ 1828.883379][ T5818]  __dev_queue_xmit+0x1adf/0x3a70
[ 1828.883410][ T5818]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1828.883431][ T5818]  ? rep_movs_alternative+0x4a/0x90
[ 1828.883452][ T5818]  ? _copy_from_iter+0x24c/0x16f0
[ 1828.883472][ T5818]  ? rep_movs_alternative+0x4a/0x90
[ 1828.883491][ T5818]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1828.883515][ T5818]  ? __pfx__copy_from_iter+0x10/0x10
[ 1828.883529][ T5818]  ? sock_alloc_send_pskb+0x875/0x990
[ 1828.883556][ T5818]  ? virtio_net_hdr_to_skb+0x9e1/0x1490
[ 1828.883575][ T5818]  ? packet_parse_headers+0x7ff/0xb60
[ 1828.883596][ T5818]  ? page_copy_sane+0x16a/0x280
[ 1828.883622][ T5818]  ? __pfx_packet_parse_headers+0x10/0x10
[ 1828.883642][ T5818]  ? __pfx_virtio_net_hdr_to_skb+0x10/0x10
[ 1828.883666][ T5818]  ? packet_xmit+0x68/0x330
[ 1828.883690][ T5818]  packet_sendmsg+0x41d4/0x5410
[ 1828.883729][ T5818]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1828.883772][ T5818]  ? __pfx___might_resched+0x10/0x10
[ 1828.883790][ T5818]  ? __lock_acquire+0xab9/0xd20
[ 1828.883829][ T5818]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1828.883852][ T5818]  ? aa_sk_perm+0x81e/0x950
[ 1828.883880][ T5818]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1828.883911][ T5818]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1828.883935][ T5818]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1828.883960][ T5818]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1828.883986][ T5818]  __sock_sendmsg+0x219/0x270
[ 1828.884011][ T5818]  __sys_sendto+0x3bd/0x520
[ 1828.884038][ T5818]  ? __pfx___sys_sendto+0x10/0x10
[ 1828.884059][ T5818]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1828.884096][ T5818]  ? __fget_files+0x3a0/0x420
[ 1828.884131][ T5818]  ? ksys_write+0x22a/0x250
[ 1828.884155][ T5818]  ? __pfx_ksys_write+0x10/0x10
[ 1828.884173][ T5818]  ? rcu_is_watching+0x15/0xb0
[ 1828.884195][ T5818]  __x64_sys_sendto+0xde/0x100
[ 1828.884224][ T5818]  do_syscall_64+0xfa/0x3b0
[ 1828.884245][ T5818]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1828.884266][ T5818]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1828.884285][ T5818]  ? clear_bhb_loop+0x60/0xb0
[ 1828.884326][ T5818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1828.884343][ T5818] RIP: 0033:0x7fd77678e929
[ 1828.884361][ T5818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1828.884375][ T5818] RSP: 002b:00007fd77756e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1828.884395][ T5818] RAX: ffffffffffffffda RBX: 00007fd7769b5fa0 RCX: 00007fd77678e929
[ 1828.884409][ T5818] RDX: 000000000000ff88 RSI: 0000200000000180 RDI: 0000000000000003
[ 1828.884420][ T5818] RBP: 00007fd77756e090 R08: 0000200000000140 R09: 0000000000000014
[ 1828.884432][ T5818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1828.884444][ T5818] R13: 0000000000000000 R14: 00007fd7769b5fa0 R15: 00007ffc249fa7e8
[ 1828.884474][ T5818]  </TASK>
[ 1829.733561][ T5843] netlink: 16 bytes leftover after parsing attributes in process `syz.7.11894'.
[ 1829.963019][ T5833] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[ 1830.128934][ T5833] usb 10-1: Using ep0 maxpacket: 32
[ 1830.134658][   T30] audit: type=1326 audit(1751057751.975:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5865 comm="syz.7.11898" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd77678e929 code=0x0
[ 1830.164066][ T5833] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1830.179545][ T5833] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1830.216393][ T5833] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1830.258464][ T5833] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1830.268213][ T5833] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1830.292163][ T5833] usb 10-1: Product: syz
[ 1830.312809][ T5833] usb 10-1: Manufacturer: syz
[ 1830.325734][ T5833] usb 10-1: SerialNumber: syz
[ 1830.727723][ T5833] usb 10-1: USB disconnect, device number 3
[ 1831.174408][ T5911] omfs: Invalid superblock (0)
[ 1831.319062][ T5917] netlink: 16 bytes leftover after parsing attributes in process `syz.9.11903'.
[ 1831.330649][ T5916] loop2: detected capacity change from 0 to 1
[ 1831.343118][ T5916] Dev loop2: unable to read RDB block 1
[ 1831.348713][ T5916]  loop2: unable to read partition table
[ 1831.373810][ T5916] loop2: partition table beyond EOD, truncated
[ 1831.380005][ T5916] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1831.682265][ T5929] netlink: 16 bytes leftover after parsing attributes in process `syz.9.11906'.
[ 1831.772562][ T5935] Mount JFS Failure: -22
[ 1832.368438][ T5964] exFAT-fs (rnullb0): invalid boot record signature
[ 1832.376234][ T5964] exFAT-fs (rnullb0): failed to read boot sector
[ 1832.382568][ T5964] exFAT-fs (rnullb0): failed to recognize exfat type
[ 1832.519487][ T5971] Invalid logical block size (2)
[ 1832.773110][T30132] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[ 1832.824460][ T5988] netlink: 16 bytes leftover after parsing attributes in process `syz.6.11918'.
[ 1832.923018][T30132] usb 10-1: Using ep0 maxpacket: 16
[ 1832.929797][T30132] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1832.943260][T30132] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1832.953894][T30132] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1832.967364][T30132] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1832.977903][T30132] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1832.994019][T30132] usb 10-1: config 0 descriptor??
[ 1833.069799][T30136] Bluetooth: hci0: unexpected cc 0x0c1a length: 5 > 1
[ 1833.717041][T30132] usbhid 10-1:0.0: can't add hid device: -71
[ 1833.726946][T30132] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1833.737647][T30132] usb 10-1: USB disconnect, device number 4
[ 1833.956392][   T30] audit: type=1326 audit(1751057755.815:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6008 comm="syz.6.11921" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713f98e929 code=0x0
[ 1834.673036][   T10] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[ 1834.843186][   T10] usb 10-1: Using ep0 maxpacket: 32
[ 1834.850244][   T10] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1834.866421][   T10] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1834.888361][   T10] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1834.906908][   T10] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1834.922236][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1834.932749][   T10] usb 10-1: Product: syz
[ 1834.944617][   T10] usb 10-1: Manufacturer: syz
[ 1834.949305][   T10] usb 10-1: SerialNumber: syz
[ 1835.134391][ T6034] loop2: detected capacity change from 0 to 1
[ 1835.145124][T19322] Dev loop2: unable to read RDB block 1
[ 1835.150724][T19322]  loop2: unable to read partition table
[ 1835.157189][T19322] loop2: partition table beyond EOD, truncated
[ 1835.187820][ T6034] Dev loop2: unable to read RDB block 1
[ 1835.194666][ T6034]  loop2: unable to read partition table
[ 1835.200568][ T6034] loop2: partition table beyond EOD, truncated
[ 1835.221598][ T6034] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1835.356847][   T10] usb 10-1: USB disconnect, device number 5
[ 1835.623803][T30136] Bluetooth: hci4: unexpected cc 0x0c1a length: 5 > 1
[ 1835.683102][ T6090] FAULT_INJECTION: forcing a failure.
[ 1835.683102][ T6090] name failslab, interval 1, probability 0, space 0, times 0
[ 1835.695790][ T6090] CPU: 0 UID: 0 PID: 6090 Comm: syz.7.11934 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
[ 1835.695813][ T6090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1835.695824][ T6090] Call Trace:
[ 1835.695832][ T6090]  <TASK>
[ 1835.695840][ T6090]  dump_stack_lvl+0x189/0x250
[ 1835.695864][ T6090]  ? __pfx____ratelimit+0x10/0x10
[ 1835.695885][ T6090]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1835.695904][ T6090]  ? __pfx__printk+0x10/0x10
[ 1835.695920][ T6090]  ? __ieee80211_subif_start_xmit+0x6ec/0x1610
[ 1835.695945][ T6090]  ? __ieee80211_subif_start_xmit+0x2be/0x1610
[ 1835.695981][ T6090]  should_fail_ex+0x414/0x560
[ 1835.696005][ T6090]  should_failslab+0xa8/0x100
[ 1835.696027][ T6090]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1835.696045][ T6090]  ? skb_clone+0x212/0x3a0
[ 1835.696066][ T6090]  skb_clone+0x212/0x3a0
[ 1835.696081][ T6090]  ? dev_queue_xmit_nit+0x26f/0xcc0
[ 1835.696107][ T6090]  dev_queue_xmit_nit+0x416/0xcc0
[ 1835.696130][ T6090]  ? dev_queue_xmit_nit+0x2d/0xcc0
[ 1835.696165][ T6090]  dev_hard_start_xmit+0x1be/0x830
[ 1835.696198][ T6090]  __dev_queue_xmit+0x1adf/0x3a70
[ 1835.696225][ T6090]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1835.696245][ T6090]  ? rep_movs_alternative+0x4a/0x90
[ 1835.696265][ T6090]  ? _copy_from_iter+0x24c/0x16f0
[ 1835.696281][ T6090]  ? rep_movs_alternative+0x4a/0x90
[ 1835.696297][ T6090]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1835.696318][ T6090]  ? __pfx__copy_from_iter+0x10/0x10
[ 1835.696330][ T6090]  ? sock_alloc_send_pskb+0x875/0x990
[ 1835.696356][ T6090]  ? virtio_net_hdr_to_skb+0x9e1/0x1490
[ 1835.696373][ T6090]  ? packet_parse_headers+0x7ff/0xb60
[ 1835.696393][ T6090]  ? page_copy_sane+0x16a/0x280
[ 1835.696416][ T6090]  ? __pfx_packet_parse_headers+0x10/0x10
[ 1835.696435][ T6090]  ? __pfx_virtio_net_hdr_to_skb+0x10/0x10
[ 1835.696458][ T6090]  ? packet_xmit+0x68/0x330
[ 1835.696477][ T6090]  packet_sendmsg+0x41d4/0x5410
[ 1835.696514][ T6090]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1835.696555][ T6090]  ? __pfx___might_resched+0x10/0x10
[ 1835.696571][ T6090]  ? __lock_acquire+0xab9/0xd20
[ 1835.696609][ T6090]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1835.696629][ T6090]  ? aa_sk_perm+0x81e/0x950
[ 1835.696655][ T6090]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1835.696683][ T6090]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1835.696715][ T6090]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1835.696737][ T6090]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1835.696760][ T6090]  __sock_sendmsg+0x219/0x270
[ 1835.696784][ T6090]  __sys_sendto+0x3bd/0x520
[ 1835.696808][ T6090]  ? __pfx___sys_sendto+0x10/0x10
[ 1835.696827][ T6090]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1835.696860][ T6090]  ? __fget_files+0x3a0/0x420
[ 1835.696893][ T6090]  ? ksys_write+0x22a/0x250
[ 1835.696913][ T6090]  ? __pfx_ksys_write+0x10/0x10
[ 1835.696929][ T6090]  ? rcu_is_watching+0x15/0xb0
[ 1835.696950][ T6090]  __x64_sys_sendto+0xde/0x100
[ 1835.696973][ T6090]  do_syscall_64+0xfa/0x3b0
[ 1835.696991][ T6090]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1835.697009][ T6090]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1835.697025][ T6090]  ? clear_bhb_loop+0x60/0xb0
[ 1835.697045][ T6090]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1835.697062][ T6090] RIP: 0033:0x7fd77678e929
[ 1835.697078][ T6090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1835.697093][ T6090] RSP: 002b:00007fd77756e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1835.697111][ T6090] RAX: ffffffffffffffda RBX: 00007fd7769b5fa0 RCX: 00007fd77678e929
[ 1835.697124][ T6090] RDX: 000000000000ff88 RSI: 0000200000000180 RDI: 0000000000000003
[ 1835.697135][ T6090] RBP: 00007fd77756e090 R08: 0000200000000140 R09: 0000000000000014
[ 1835.697146][ T6090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1835.697156][ T6090] R13: 0000000000000000 R14: 00007fd7769b5fa0 R15: 00007ffc249fa7e8
[ 1835.697183][ T6090]  </TASK>
[ 1836.663341][T30132] usb 10-1: new low-speed USB device number 6 using dummy_hcd
[ 1836.829160][T30132] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1836.847177][T30132] usb 10-1: config 9 has an invalid interface number: 4 but max is 2
[ 1836.858404][T30132] usb 10-1: config 9 contains an unexpected descriptor of type 0x2, skipping
[ 1836.869975][T30132] usb 10-1: config 9 has an invalid interface number: 249 but max is 2
[ 1836.879235][T30132] usb 10-1: config 9 has an invalid interface number: 123 but max is 2
[ 1836.888111][T30132] usb 10-1: config 9 has no interface number 0
[ 1836.898766][T30132] usb 10-1: config 9 has no interface number 1
[ 1836.905700][T30132] usb 10-1: config 9 has no interface number 2
[ 1836.912269][T30132] usb 10-1: config 9 interface 4 altsetting 112 endpoint 0x8 has invalid maxpacket 1024, setting to 8
[ 1836.926384][T30132] usb 10-1: config 9 interface 4 altsetting 112 has a duplicate endpoint with address 0x8, skipping
[ 1836.938235][T30132] usb 10-1: config 9 interface 4 altsetting 112 endpoint 0xB has invalid maxpacket 48, setting to 0
[ 1836.949234][T30132] usb 10-1: config 9 interface 4 altsetting 112 endpoint 0x1 has invalid maxpacket 512, setting to 8
[ 1836.960901][T30132] usb 10-1: config 9 interface 4 altsetting 112 has an invalid descriptor for endpoint zero, skipping
[ 1836.972296][T30132] usb 10-1: config 9 interface 4 altsetting 112 has a duplicate endpoint with address 0x8, skipping
[ 1836.983987][T30132] usb 10-1: config 9 interface 4 altsetting 112 endpoint 0x7 is Bulk; changing to Interrupt
[ 1836.996847][T30132] usb 10-1: config 9 interface 4 altsetting 112 has an endpoint descriptor with address 0x37, changing to 0x7
[ 1837.009614][T30132] usb 10-1: config 9 interface 4 altsetting 112 has a duplicate endpoint with address 0x7, skipping
[ 1837.020904][T30132] usb 10-1: config 9 interface 4 altsetting 112 has a duplicate endpoint with address 0x8, skipping
[ 1837.032057][T30132] usb 10-1: config 9 interface 4 altsetting 112 endpoint 0xD is Bulk; changing to Interrupt
[ 1837.047044][T30132] usb 10-1: config 9 interface 4 altsetting 112 has an invalid descriptor for endpoint zero, skipping
[ 1837.059030][T30132] usb 10-1: config 9 interface 4 altsetting 112 endpoint 0xA has invalid maxpacket 16, setting to 8
[ 1837.072148][T30132] usb 10-1: config 9 interface 4 altsetting 112 has an invalid descriptor for endpoint zero, skipping
[ 1837.085071][T30132] usb 10-1: config 9 interface 4 altsetting 112 has 15 endpoint descriptors, different from the interface descriptor's value: 14
[ 1837.098693][T30132] usb 10-1: config 9 interface 249 altsetting 252 has a duplicate endpoint with address 0x3, skipping
[ 1837.110032][T30132] usb 10-1: config 9 interface 249 altsetting 252 endpoint 0x9 has invalid maxpacket 1023, setting to 8
[ 1837.121587][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0x1, skipping
[ 1837.132524][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0x8, skipping
[ 1837.145516][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0x1, skipping
[ 1837.156366][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0x9, skipping
[ 1837.167547][T30132] usb 10-1: config 9 interface 123 altsetting 8 endpoint 0xC has invalid maxpacket 64, setting to 8
[ 1837.178969][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0x1, skipping
[ 1837.189991][T30132] usb 10-1: config 9 interface 123 altsetting 8 endpoint 0x5 has invalid maxpacket 8, setting to 0
[ 1837.201042][T30132] usb 10-1: config 9 interface 123 altsetting 8 endpoint 0x2 has invalid maxpacket 1023, setting to 8
[ 1837.212598][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0x2, skipping
[ 1837.225076][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0x1, skipping
[ 1837.236209][T30132] usb 10-1: config 9 interface 123 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[ 1837.248301][ T6141] netlink: 4 bytes leftover after parsing attributes in process `syz.6.11942'.
[ 1837.257344][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0xD, skipping
[ 1837.268695][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0x8, skipping
[ 1837.279592][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0x7, skipping
[ 1837.290475][T30132] usb 10-1: config 9 interface 123 altsetting 8 has a duplicate endpoint with address 0xC, skipping
[ 1837.306710][T30132] usb 10-1: config 9 interface 4 has no altsetting 0
[ 1837.314267][T30132] usb 10-1: config 9 interface 249 has no altsetting 0
[ 1837.321633][T30132] usb 10-1: config 9 interface 123 has no altsetting 0
[ 1837.565447][ T6149] Invalid ELF header magic: != ELF
[ 1838.394407][   T30] audit: type=1326 audit(1751057760.255:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6151 comm="syz.6.11946" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713f98e929 code=0x0
[ 1839.486061][T30132] usb 10-1: New USB device found, idVendor=045e, idProduct=0440, bcdDevice=45.a1
[ 1839.509313][T30136] Bluetooth: hci2: unexpected cc 0x0c1a length: 5 > 1
[ 1839.514839][T30132] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1839.549624][T30132] usb 10-1: can't set config #9, error -71
[ 1839.566409][T30132] usb 10-1: USB disconnect, device number 6
[ 1839.619319][ T6181] loop2: detected capacity change from 0 to 1
[ 1839.630590][T19322] Dev loop2: unable to read RDB block 1
[ 1839.636844][T19322]  loop2: unable to read partition table
[ 1839.642657][T19322] loop2: partition table beyond EOD, truncated
[ 1839.664299][ T6181] Dev loop2: unable to read RDB block 1
[ 1839.688179][ T6181]  loop2: unable to read partition table
[ 1839.704448][ T6181] loop2: partition table beyond EOD, truncated
[ 1839.710660][ T6181] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1839.727690][T26018] usb 7-1: new high-speed USB device number 89 using dummy_hcd
[ 1839.845509][ T6192] netlink: 4 bytes leftover after parsing attributes in process `syz.9.11952'.
[ 1839.893213][T26018] usb 7-1: Using ep0 maxpacket: 32
[ 1839.906087][T26018] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1839.933384][T26018] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1839.972453][T26018] usb 7-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1840.011288][T26018] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1840.038543][T26018] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1840.052667][T26018] usb 7-1: Product: syz
[ 1840.057818][T26018] usb 7-1: Manufacturer: syz
[ 1840.063913][T26018] usb 7-1: SerialNumber: syz
[ 1840.551035][T26018] usb 7-1: USB disconnect, device number 89
[ 1840.749020][ T6252] netlink: 4 bytes leftover after parsing attributes in process `syz.7.11962'.
[ 1841.197645][ T6277] loop2: detected capacity change from 0 to 1
[ 1841.221268][T19322] Dev loop2: unable to read RDB block 1
[ 1841.239474][T19322]  loop2: unable to read partition table
[ 1841.257045][T19322] loop2: partition table beyond EOD, truncated
[ 1841.281863][ T6277] Dev loop2: unable to read RDB block 1
[ 1841.313039][T30136] Bluetooth: hci1: unexpected cc 0x0c1a length: 5 > 1
[ 1841.323028][ T6277]  loop2: unable to read partition table
[ 1841.328895][ T6277] loop2: partition table beyond EOD, truncated
[ 1841.353053][ T6277] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1841.658284][   T30] audit: type=1326 audit(1751057763.515:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.7.11972" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7fd77672ab19 code=0x0
[ 1842.732394][ T6334] netlink: 32 bytes leftover after parsing attributes in process `syz.4.11986'.
[ 1842.805459][ T5887] usb 7-1: new high-speed USB device number 90 using dummy_hcd
[ 1842.963135][ T5887] usb 7-1: Using ep0 maxpacket: 32
[ 1842.981988][ T5887] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1843.004126][ T5887] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1843.035678][ T5887] usb 7-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1843.065673][ T5887] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1843.079228][ T5887] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1843.096524][ T5887] usb 7-1: Product: syz
[ 1843.105662][ T5887] usb 7-1: Manufacturer: syz
[ 1843.119384][ T5887] usb 7-1: SerialNumber: syz
[ 1843.341506][ T6333] infiniband syz0: set active
[ 1843.362997][ T6333] infiniband syz0: added bond_slave_1
[ 1843.507527][ T6333] RDS/IB: syz0: added
[ 1843.511626][ T6333] smc: adding ib device syz0 with port count 1
[ 1843.522593][ T6333] smc:    ib device syz0 port 1 has pnetid 
[ 1843.635458][ T5887] usb 7-1: USB disconnect, device number 90
[ 1844.293996][T30136] Bluetooth: hci1: unexpected cc 0x0c1a length: 5 > 1
[ 1844.620962][ T6385] loop2: detected capacity change from 0 to 1
[ 1844.640275][ T6385] Dev loop2: unable to read RDB block 1
[ 1844.656664][ T6385]  loop2: unable to read partition table
[ 1844.674178][ T6385] loop2: partition table beyond EOD, truncated
[ 1844.689898][ T6385] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1845.942837][ T6431] program syz.9.12001 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1846.261717][ T6452] exFAT-fs (rnullb0): invalid boot record signature
[ 1846.275857][ T6452] exFAT-fs (rnullb0): failed to read boot sector
[ 1846.284124][ T6452] exFAT-fs (rnullb0): failed to recognize exfat type
[ 1846.403695][ T6458] loop2: detected capacity change from 0 to 1
[ 1846.434624][T19322] Dev loop2: unable to read RDB block 1
[ 1846.440220][T19322]  loop2: unable to read partition table
[ 1846.454899][T19322] loop2: partition table beyond EOD, truncated
[ 1846.470556][ T6458] Dev loop2: unable to read RDB block 1
[ 1846.480665][ T6458]  loop2: unable to read partition table
[ 1846.490784][ T6458] loop2: partition table beyond EOD, truncated
[ 1846.509000][ T6458] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1846.752468][   T30] audit: type=1326 audit(1751057768.605:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6453 comm="syz.6.12010" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713f98e929 code=0x0
[ 1847.344291][ T6480] vxfs: WRONG superblock magic 00000000 at 1
[ 1847.360947][ T6480] vxfs: WRONG superblock magic 00000000 at 8
[ 1847.368981][ T6480] vxfs: can't find superblock.
[ 1848.165975][ T6508] /dev/rnullb0: Can't open blockdev
[ 1848.303552][ T6512] loop2: detected capacity change from 0 to 1
[ 1848.329081][ T6512] Dev loop2: unable to read RDB block 1
[ 1848.337541][ T6512]  loop2: unable to read partition table
[ 1848.346500][ T6512] loop2: partition table beyond EOD, truncated
[ 1848.373057][ T6512] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1849.079371][   T30] audit: type=1326 audit(1751057770.935:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6544 comm="syz.4.12038" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17ccb8e929 code=0x0
[ 1849.182978][ T5887] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1849.353175][ T5887] usb 10-1: Using ep0 maxpacket: 32
[ 1849.383975][ T5887] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1849.406525][ T5887] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1849.421338][ T5887] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1849.461643][ T5887] usb 10-1: Product: syz
[ 1849.475545][ T5887] usb 10-1: Manufacturer: syz
[ 1849.490434][ T5887] usb 10-1: SerialNumber: syz
[ 1849.523924][ T5887] usb 10-1: config 0 descriptor??
[ 1849.549083][ T6539] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[ 1849.566467][ T5887] hub 10-1:0.0: bad descriptor, ignoring hub
[ 1849.572670][ T5887] hub 10-1:0.0: probe with driver hub failed with error -5
[ 1849.804102][T30132] usb 7-1: new high-speed USB device number 91 using dummy_hcd
[ 1849.893469][T26420] usb 10-1: USB disconnect, device number 7
[ 1849.963370][T30132] usb 7-1: Using ep0 maxpacket: 16
[ 1849.980504][T30132] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1850.001839][T30132] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1850.025333][T30132] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1850.037252][T30132] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1850.051810][T30132] usb 7-1: Product: syz
[ 1850.057226][T30132] usb 7-1: Manufacturer: syz
[ 1850.061919][T30132] usb 7-1: SerialNumber: syz
[ 1850.071653][T30132] usb 7-1: config 0 descriptor??
[ 1850.080545][T30132] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1850.090465][T30132] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[ 1850.213469][   T10] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 1850.393168][   T10] usb 10-1: Using ep0 maxpacket: 32
[ 1850.481121][T30132] em28xx 7-1:0.0: chip ID is em2870
[ 1850.701753][T26420] usb 7-1: USB disconnect, device number 91
[ 1850.713908][T26420] em28xx 7-1:0.0: Disconnecting em28xx
[ 1850.737040][T26420] em28xx 7-1:0.0: Freeing device
[ 1850.842026][   T10] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1850.863803][   T10] usb 10-1: unable to read config index 0 descriptor/start: -71
[ 1850.871472][   T10] usb 10-1: can't read configurations, error -71
[ 1851.650325][   T30] audit: type=1326 audit(1751057773.505:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6666 comm="syz.6.12064" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713f98e929 code=0x0
[ 1851.663062][ T6678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12068'.
[ 1851.835154][ T6684] loop2: detected capacity change from 0 to 1
[ 1851.877442][ T6684] Dev loop2: unable to read RDB block 1
[ 1851.890484][ T6684]  loop2: unable to read partition table
[ 1851.907442][ T6684] loop2: partition table beyond EOD, truncated
[ 1851.921842][ T6684] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1853.740726][ T6757] loop2: detected capacity change from 0 to 1
[ 1853.753502][T19322] Dev loop2: unable to read RDB block 1
[ 1853.759093][T19322]  loop2: unable to read partition table
[ 1853.765654][T19322] loop2: partition table beyond EOD, truncated
[ 1853.773665][ T6757] Dev loop2: unable to read RDB block 1
[ 1853.789639][ T6757]  loop2: unable to read partition table
[ 1853.796293][ T6757] loop2: partition table beyond EOD, truncated
[ 1853.802845][ T6757] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1853.817099][ T6760] netlink: 666 bytes leftover after parsing attributes in process `syz.6.12091'.
[ 1854.908420][ T6812] netlink: 12 bytes leftover after parsing attributes in process `syz.9.12099'.
[ 1855.076561][   T30] audit: type=1326 audit(1751057776.935:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6815 comm="syz.6.12101" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713f98e929 code=0x0
[ 1856.227809][ T6836] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[ 1856.235455][ T6836] UDF-fs: Scanning with blocksize 4096 failed
[ 1856.388380][ T6849] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12111'.
[ 1857.147223][   T30] audit: type=1326 audit(1751057779.005:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6878 comm="syz.7.12120" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7fd77672ab19 code=0x0
[ 1857.853270][   T10] usb 7-1: new high-speed USB device number 92 using dummy_hcd
[ 1858.013231][   T10] usb 7-1: Using ep0 maxpacket: 32
[ 1858.020449][   T10] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1858.041878][   T10] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1858.078498][ T6917] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12131'.
[ 1858.086014][   T10] usb 7-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1858.163392][   T10] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1858.182665][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1858.205523][   T10] usb 7-1: Product: syz
[ 1858.210016][   T10] usb 7-1: Manufacturer: syz
[ 1858.233152][   T10] usb 7-1: SerialNumber: syz
[ 1858.656911][   T10] usb 7-1: USB disconnect, device number 92
[ 1859.256359][ T6972] netlink: 'syz.9.12141': attribute type 1 has an invalid length.
[ 1859.293073][ T6972] netlink: 20 bytes leftover after parsing attributes in process `syz.9.12141'.
[ 1859.465628][   T10] usb 7-1: new high-speed USB device number 93 using dummy_hcd
[ 1859.600542][ T6986] loop2: detected capacity change from 0 to 1
[ 1859.610982][T15614] Dev loop2: unable to read RDB block 1
[ 1859.623012][T15614]  loop2: unable to read partition table
[ 1859.628887][T15614] loop2: partition table beyond EOD, truncated
[ 1859.645710][   T10] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1859.663512][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1859.669203][ T6986] Dev loop2: unable to read RDB block 1
[ 1859.685799][ T6986]  loop2: unable to read partition table
[ 1859.692619][ T6986] loop2: partition table beyond EOD, truncated
[ 1859.703346][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1859.710960][ T6986] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1859.722679][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1859.738383][   T10] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1859.754220][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1859.768544][   T10] usb 7-1: config 0 descriptor??
[ 1860.153881][ T7024] netlink: 16186 bytes leftover after parsing attributes in process `syz.9.12154'.
[ 1860.220556][   T10] plantronics 0003:047F:FFFF.006E: ignoring exceeding usage max
[ 1860.265966][   T10] plantronics 0003:047F:FFFF.006E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1860.610419][   T10] usb 7-1: USB disconnect, device number 93
[ 1860.759260][   T30] audit: type=1326 audit(1751057782.615:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.6.12160" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f713f92ab19 code=0x0
[ 1861.883878][ T7094] vxfs: WRONG superblock magic 00000000 at 1
[ 1861.890078][ T7094] vxfs: WRONG superblock magic 00000000 at 8
[ 1861.914134][ T7094] vxfs: can't find superblock.
[ 1861.921604][ T7095] vxfs: WRONG superblock magic 00000000 at 1
[ 1861.938611][ T7095] vxfs: WRONG superblock magic 00000000 at 8
[ 1861.963611][ T7095] vxfs: can't find superblock.
[ 1862.304973][ T7117] ntfs3(rnullb0): Primary boot signature is not NTFS.
[ 1862.312490][ T7117] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[ 1863.528578][ T7160] loop2: detected capacity change from 0 to 1
[ 1863.550123][ T7160] Dev loop2: unable to read RDB block 1
[ 1863.564168][ T7160]  loop2: unable to read partition table
[ 1863.575748][ T7160] loop2: partition table beyond EOD, truncated
[ 1863.589867][ T7160] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1864.056404][ T7177] TCP: TCP_TX_DELAY enabled
[ 1864.733305][T30132] usb 7-1: new high-speed USB device number 94 using dummy_hcd
[ 1864.893470][T30132] usb 7-1: Using ep0 maxpacket: 8
[ 1864.901847][T30132] usb 7-1: too many configurations: 240, using maximum allowed: 8
[ 1864.918162][   T30] audit: type=1326 audit(1751057786.775:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7214 comm="syz.7.12199" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7fd77672ab19 code=0x0
[ 1864.962137][T30132] usb 7-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1864.971208][T30132] usb 7-1: invalid descriptor for config index 0: type = 0x2, length = 8
[ 1864.993096][T30132] usb 7-1: can't read configurations, error -22
[ 1865.123030][T30132] usb 7-1: new high-speed USB device number 95 using dummy_hcd
[ 1865.283125][T30132] usb 7-1: Using ep0 maxpacket: 8
[ 1865.298622][T30132] usb 7-1: too many configurations: 240, using maximum allowed: 8
[ 1865.311118][T30132] usb 7-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1865.324915][T30132] usb 7-1: invalid descriptor for config index 0: type = 0x2, length = 8
[ 1865.336791][T30132] usb 7-1: can't read configurations, error -22
[ 1865.345187][T30132] usb usb7-port1: attempt power cycle
[ 1865.693235][T30132] usb 7-1: new high-speed USB device number 96 using dummy_hcd
[ 1865.756099][T30132] usb 7-1: Using ep0 maxpacket: 8
[ 1865.761894][T30132] usb 7-1: too many configurations: 240, using maximum allowed: 8
[ 1865.780157][T30132] usb 7-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1865.803081][T30132] usb 7-1: invalid descriptor for config index 0: type = 0x2, length = 8
[ 1865.815939][T30132] usb 7-1: can't read configurations, error -22
[ 1865.931640][ T7253] MTD: Couldn't look up './cgroup': -15
[ 1865.937906][ T7253] ./cgroup: Can't lookup blockdev
[ 1865.953070][T30132] usb 7-1: new high-speed USB device number 97 using dummy_hcd
[ 1865.986559][T30132] usb 7-1: Using ep0 maxpacket: 8
[ 1865.995078][T30132] usb 7-1: too many configurations: 240, using maximum allowed: 8
[ 1866.010975][T30132] usb 7-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1866.022204][T30132] usb 7-1: invalid descriptor for config index 0: type = 0x2, length = 8
[ 1866.023005][   T10] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[ 1866.037810][T30132] usb 7-1: can't read configurations, error -22
[ 1866.061117][T30132] usb usb7-port1: unable to enumerate USB device
[ 1866.203223][   T10] usb 10-1: Using ep0 maxpacket: 32
[ 1866.211360][   T10] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1866.225454][   T10] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1866.238626][   T10] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1866.262800][   T10] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1866.272383][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1866.280776][   T10] usb 10-1: Product: syz
[ 1866.285364][   T10] usb 10-1: Manufacturer: syz
[ 1866.290049][   T10] usb 10-1: SerialNumber: syz
[ 1866.668495][   T10] usb 10-1: USB disconnect, device number 10
[ 1867.009661][ T7322] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12223'.
[ 1867.019745][ T7322] netlink: 68 bytes leftover after parsing attributes in process `syz.4.12223'.
[ 1867.244185][   T30] audit: type=1326 audit(1751057789.095:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7326 comm="syz.7.12225" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd77678e929 code=0x0
[ 1867.422022][ T7334] netlink: 24 bytes leftover after parsing attributes in process `syz.9.12227'.
[ 1867.809936][ T7347] loop2: detected capacity change from 0 to 1
[ 1867.845066][ T7347] Dev loop2: unable to read RDB block 1
[ 1867.850670][ T7347]  loop2: unable to read partition table
[ 1867.870868][ T7347] loop2: partition table beyond EOD, truncated
[ 1867.892629][ T7347] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1868.796463][ T7371] netlink: 'syz.4.12237': attribute type 1 has an invalid length.
[ 1868.833079][ T7371] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12237'.
[ 1869.550884][T30136] Bluetooth: hci4: connection err: -111
[ 1869.846486][ T7412] loop2: detected capacity change from 0 to 1
[ 1869.859905][T19322] Dev loop2: unable to read RDB block 1
[ 1869.866242][T19322]  loop2: unable to read partition table
[ 1869.872246][T19322] loop2: partition table beyond EOD, truncated
[ 1869.886355][ T7412] Dev loop2: unable to read RDB block 1
[ 1869.894687][ T7412]  loop2: unable to read partition table
[ 1869.902394][ T7412] loop2: partition table beyond EOD, truncated
[ 1869.910787][ T7412] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1870.002993][T26420] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[ 1870.166492][T26420] usb 10-1: Using ep0 maxpacket: 32
[ 1870.177532][T26420] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1870.200036][T26420] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1870.223085][T26420] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1870.246577][T26420] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1870.264080][T26420] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1870.272164][T26420] usb 10-1: Product: syz
[ 1870.284436][T26420] usb 10-1: Manufacturer: syz
[ 1870.289127][T26420] usb 10-1: SerialNumber: syz
[ 1870.645909][T26420] usb 10-1: USB disconnect, device number 11
[ 1870.833214][ T7475] netlink: 'syz.4.12258': attribute type 1 has an invalid length.
[ 1870.841057][ T7475] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12258'.
[ 1871.243656][   T30] audit: type=1326 audit(1751057793.105:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7485 comm="syz.9.12262" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6ced8e929 code=0x0
[ 1871.373283][    T9] usb 7-1: new high-speed USB device number 98 using dummy_hcd
[ 1871.543590][    T9] usb 7-1: Using ep0 maxpacket: 16
[ 1871.555642][    T9] usb 7-1: too many configurations: 60, using maximum allowed: 8
[ 1871.588736][    T9] usb 7-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[ 1871.608025][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[ 1871.632968][    T9] usb 7-1: Product: syz
[ 1871.637273][    T9] usb 7-1: Manufacturer: syz
[ 1871.641870][    T9] usb 7-1: SerialNumber: syz
[ 1871.664229][    T9] usb 7-1: config 0 descriptor??
[ 1871.685598][    T9] pwc: Philips SPC 880NC USB webcam detected.
[ 1871.779931][ T7500] IPv6: syztnl0: Disabled Multicast RS
[ 1871.890025][   T30] audit: type=1326 audit(1751057793.745:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7480 comm="syz.6.12261" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713f98e929 code=0x0
[ 1872.187994][ T7507] loop2: detected capacity change from 0 to 1
[ 1872.197039][T19322] Dev loop2: unable to read RDB block 1
[ 1872.202622][T19322]  loop2: unable to read partition table
[ 1872.208721][T19322] loop2: partition table beyond EOD, truncated
[ 1872.217095][ T7507] Dev loop2: unable to read RDB block 1
[ 1872.223790][ T7507]  loop2: unable to read partition table
[ 1872.229639][ T7507] loop2: partition table beyond EOD, truncated
[ 1872.243020][ T7507] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1872.884263][ T7544] qnx4: no qnx4 filesystem (no root dir).
[ 1872.936852][ T7546] netlink: 52 bytes leftover after parsing attributes in process `syz.4.12277'.
[ 1873.028201][ T7553] ntfs3(rnullb0): Primary boot signature is not NTFS.
[ 1873.053261][ T7553] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[ 1873.663313][   T30] audit: type=1326 audit(1751057795.515:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7576 comm="syz.9.12285" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6ced8e929 code=0x0
[ 1874.088663][    T9] pwc: Warning: more than 1 configuration available.
[ 1874.118500][    T9] pwc: Failed to set LED on/off time (-71)
[ 1874.143349][    T9] pwc: send_video_command error -71
[ 1874.153036][    T9] pwc: Failed to set video mode VGA@30 fps; return code = -71
[ 1874.182663][    T9] Philips webcam 7-1:0.0: probe with driver Philips webcam failed with error -71
[ 1874.210706][    T9] usb 7-1: USB disconnect, device number 98
[ 1874.863055][T26420] usb 7-1: new full-speed USB device number 99 using dummy_hcd
[ 1875.045808][T26420] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1875.063413][T26420] usb 7-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 1875.073318][T26420] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1875.086165][T26420] usb 7-1: config 0 descriptor??
[ 1875.606559][T26420] magicmouse 0003:05AC:0265.006F: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.6-1/input0
[ 1875.619534][T31502] Bluetooth: hci4: command 0x0406 tx timeout
[ 1875.873876][T26018] usb 7-1: USB disconnect, device number 99
[ 1876.003006][T26420] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[ 1876.167947][T26420] usb 10-1: Using ep0 maxpacket: 32
[ 1876.174892][T26420] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1876.189746][T26420] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1876.202702][T26420] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1876.218432][T26420] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1876.232402][T26420] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1876.241428][T26420] usb 10-1: Product: syz
[ 1876.250848][T26420] usb 10-1: Manufacturer: syz
[ 1876.258996][T26420] usb 10-1: SerialNumber: syz
[ 1876.291857][ T7700] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1876.664528][T26420] usb 10-1: USB disconnect, device number 12
[ 1876.715531][ T7737] netlink: 164 bytes leftover after parsing attributes in process `syz.6.12318'.
[ 1876.774558][   T30] audit: type=1326 audit(1751057798.635:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7725 comm="syz.4.12319" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17ccb8e929 code=0x0
[ 1877.133193][T11424] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1877.481560][ T7750] loop2: detected capacity change from 0 to 1
[ 1877.509691][ T7750] Dev loop2: unable to read RDB block 1
[ 1877.519236][ T7750]  loop2: unable to read partition table
[ 1877.529747][ T7750] loop2: partition table beyond EOD, truncated
[ 1877.539488][ T7750] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1879.088727][ T7834] loop2: detected capacity change from 0 to 1
[ 1879.099953][ T7834] Dev loop2: unable to read RDB block 1
[ 1879.111687][ T7834]  loop2: unable to read partition table
[ 1879.119624][ T7834] loop2: partition table beyond EOD, truncated
[ 1879.129516][ T7834] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1879.183020][T26420] usb 7-1: new high-speed USB device number 100 using dummy_hcd
[ 1879.354354][T26420] usb 7-1: Using ep0 maxpacket: 16
[ 1879.364525][T26420] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1879.372522][T26420] usb 7-1: config 0 has no interface number 0
[ 1879.393165][   T30] audit: type=1326 audit(1751057801.245:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7841 comm="syz.4.12345" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17ccb8e929 code=0x100000
[ 1879.395805][T26420] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1879.457208][T26420] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1879.472009][T26420] usb 7-1: Product: syz
[ 1879.476237][T26420] usb 7-1: Manufacturer: syz
[ 1879.480829][T26420] usb 7-1: SerialNumber: syz
[ 1879.489183][T26420] usb 7-1: config 0 descriptor??
[ 1879.501772][T26420] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 1881.244214][T26420] gspca_spca1528: reg_w err -110
[ 1881.250982][T26420] spca1528 7-1:0.1: probe with driver spca1528 failed with error -110
[ 1881.890443][ T7919] loop2: detected capacity change from 0 to 1
[ 1881.904132][T19322] Dev loop2: unable to read RDB block 1
[ 1881.910960][T19322]  loop2: unable to read partition table
[ 1881.923930][T19322] loop2: partition table beyond EOD, truncated
[ 1881.931169][ T7919] Dev loop2: unable to read RDB block 1
[ 1881.944280][ T7919]  loop2: unable to read partition table
[ 1881.950680][ T7919] loop2: partition table beyond EOD, truncated
[ 1881.958784][ T7919] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1882.219938][   T30] audit: type=1326 audit(1751057804.075:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7928 comm="syz.4.12368" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17ccb8e929 code=0x1000000
[ 1882.456583][ T7943] netlink: 'syz.6.12373': attribute type 5 has an invalid length.
[ 1882.472978][ T7943] netlink: 12 bytes leftover after parsing attributes in process `syz.6.12373'.
[ 1883.618824][ T7985] netlink: 200 bytes leftover after parsing attributes in process `syz.9.12383'.
[ 1883.652457][ T7985] tc_dump_action: action bad kind
[ 1883.672173][ T7988] qnx4: no qnx4 filesystem (no root dir).
[ 1883.701523][ T7993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1883.717060][ T7993] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1884.035476][ T8008] loop2: detected capacity change from 0 to 1
[ 1884.048908][ T8008] Dev loop2: unable to read RDB block 1
[ 1884.055677][ T8008]  loop2: unable to read partition table
[ 1884.061634][ T8008] loop2: partition table beyond EOD, truncated
[ 1884.074045][ T8008] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1884.726925][ T8031] netlink: 20 bytes leftover after parsing attributes in process `syz.4.12389'.
[ 1884.833265][T26420] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[ 1884.983088][T26420] usb 10-1: Using ep0 maxpacket: 16
[ 1884.990579][T26420] usb 10-1: config 0 has an invalid interface number: 105 but max is 0
[ 1885.002728][T26420] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1885.031301][T26420] usb 10-1: config 0 has no interface number 0
[ 1885.083723][T26420] usb 10-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1885.093269][T26420] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1885.101345][T26420] usb 10-1: Product: syz
[ 1885.105723][T26420] usb 10-1: Manufacturer: syz
[ 1885.115681][T26420] usb 10-1: SerialNumber: syz
[ 1885.123482][T26420] usb 10-1: config 0 descriptor??
[ 1885.134153][T26420] usb 10-1: Found UVC 0.00 device syz (046d:08f3)
[ 1885.141062][T26420] usb 10-1: No valid video chain found.
[ 1885.336131][T30132] usb 10-1: USB disconnect, device number 13
[ 1885.632193][ T8096] loop2: detected capacity change from 0 to 1
[ 1885.640948][ T8096] Dev loop2: unable to read RDB block 1
[ 1885.646766][ T8096]  loop2: unable to read partition table
[ 1885.653855][ T8096] loop2: partition table beyond EOD, truncated
[ 1885.661703][ T8096] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1885.747092][ T8103] NILFS (rnullb0): couldn't find nilfs on the device
[ 1885.833635][   T30] audit: type=1326 audit(1751057807.695:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8098 comm="syz.4.12412" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17ccb8e929 code=0x2000000
[ 1886.453218][T26420] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[ 1886.603858][T26420] usb 10-1: Using ep0 maxpacket: 32
[ 1886.625732][T26420] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1886.636154][T26420] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1886.663018][T26420] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1886.717005][T26420] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1886.747305][T26420] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1886.756966][T26420] usb 10-1: Product: syz
[ 1886.761285][T26420] usb 10-1: Manufacturer: syz
[ 1886.771399][T26420] usb 10-1: SerialNumber: syz
[ 1887.258418][T26420] usb 10-1: USB disconnect, device number 14
[ 1887.526438][ T8198] exFAT-fs (rnullb0): invalid boot record signature
[ 1887.533151][T30136] Bluetooth: hci4: command 0x0406 tx timeout
[ 1887.535828][ T8198] exFAT-fs (rnullb0): failed to read boot sector
[ 1887.545769][ T8198] exFAT-fs (rnullb0): failed to recognize exfat type
[ 1887.689694][ T8206] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1887.796602][ T8211] loop2: detected capacity change from 0 to 1
[ 1887.855537][T19322] Dev loop2: unable to read RDB block 1
[ 1887.861152][T19322]  loop2: unable to read partition table
[ 1887.873201][T19322] loop2: partition table beyond EOD, truncated
[ 1887.994877][ T8211] Dev loop2: unable to read RDB block 1
[ 1888.000502][ T8211]  loop2: unable to read partition table
[ 1888.024045][ T8211] loop2: partition table beyond EOD, truncated
[ 1888.030254][ T8211] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1888.545224][ T8254] NILFS (rnullb0): couldn't find nilfs on the device
[ 1888.943800][ T8270] netlink: 60 bytes leftover after parsing attributes in process `syz.4.12447'.
[ 1888.954319][ T8263] netlink: 60 bytes leftover after parsing attributes in process `syz.4.12447'.
[ 1888.963858][ T8270] netlink: 60 bytes leftover after parsing attributes in process `syz.4.12447'.
[ 1889.761297][   T30] audit: type=1326 audit(1751057811.615:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8297 comm="syz.9.12452" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6ced8e929 code=0x5000000
[ 1889.840256][ T8309] gfs2: not a GFS2 filesystem
[ 1890.011318][ T8314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1890.030524][ T8317] erofs (device rnullb0): cannot find valid erofs superblock
[ 1890.051864][ T8314] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1891.570365][ T8371] 9pnet: p9_errstr2errno: server reported unknown error 
[ 1891.961122][ T8389] Invalid logical block size (2)
[ 1892.389795][ T8413] netlink: 'syz.4.12485': attribute type 5 has an invalid length.
[ 1892.402043][ T8413] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12485'.
[ 1892.438835][ T8415] /dev/rnullb0: Can't open blockdev
[ 1892.677525][   T30] audit: type=1326 audit(1751057814.535:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8419 comm="syz.6.12488" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f713f92ab19 code=0x6000000
[ 1893.047066][ T8425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1893.068269][ T8425] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1893.283220][T26420] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[ 1893.453959][T26420] usb 10-1: Using ep0 maxpacket: 32
[ 1893.468962][T26420] usb 10-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1893.493015][T26420] usb 10-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1893.512926][T26420] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1893.521966][T26420] usb 10-1: config 1 has no interface number 0
[ 1893.528699][T26420] usb 10-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1893.552964][T26420] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1893.582948][T26420] usb 10-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1893.592271][T26420] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1893.618181][T26420] snd_usb_pod 10-1:1.1: Line 6 Pocket POD found
[ 1893.820431][T26420] snd_usb_pod 10-1:1.1: Line 6 Pocket POD now attached
[ 1893.868013][T30136] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[ 1893.879136][T30136] Bluetooth: hci2: Injecting HCI hardware error event
[ 1893.888917][T30136] Bluetooth: hci2: hardware error 0x00
[ 1894.246257][ T8448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1894.269264][ T8448] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1894.280989][T11424] Bluetooth: hci4: ACL packet for unknown connection handle 200
[ 1894.289355][ T8448] syzkaller1: entered promiscuous mode
[ 1894.309104][ T8448] syzkaller1: entered allmulticast mode
[ 1894.369886][ T8426] /dev/rnullb0: Can't open blockdev
[ 1894.385661][ T8425] /dev/rnullb0: Can't open blockdev
[ 1894.575377][T26018] usb 10-1: USB disconnect, device number 15
[ 1894.619852][T26018] snd_usb_pod 10-1:1.1: Line 6 Pocket POD now disconnected
[ 1894.866559][ T8501] loop2: detected capacity change from 0 to 1
[ 1894.880306][T19322] Dev loop2: unable to read RDB block 1
[ 1894.886993][T19322]  loop2: unable to read partition table
[ 1894.903561][T19322] loop2: partition table beyond EOD, truncated
[ 1894.917097][ T8501] Dev loop2: unable to read RDB block 1
[ 1894.926910][ T8501]  loop2: unable to read partition table
[ 1894.932809][ T8501] loop2: partition table beyond EOD, truncated
[ 1894.947410][ T8501] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1895.325918][ T8527] netlink: 'syz.9.12509': attribute type 5 has an invalid length.
[ 1895.346744][ T8530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1895.357427][ T8530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1895.360656][ T8527] netlink: 12 bytes leftover after parsing attributes in process `syz.9.12509'.
[ 1895.934393][T30136] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 1896.202370][   T30] audit: type=1326 audit(1751057818.055:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8548 comm="syz.7.12515" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd77678e929 code=0x7000000
[ 1897.370815][ T8565] netlink: 'syz.4.12520': attribute type 29 has an invalid length.
[ 1897.398468][ T8565] netlink: 'syz.4.12520': attribute type 29 has an invalid length.
[ 1897.429348][ T8565] netlink: 'syz.4.12520': attribute type 29 has an invalid length.
[ 1897.458991][ T8565] netlink: 'syz.4.12520': attribute type 29 has an invalid length.
[ 1897.973718][ T8577] "syz.4.12523" (8577) uses obsolete ecb(arc4) skcipher
[ 1898.358403][ T5203] udevd[5203]: worker [11137] /devices/platform/dummy_hcd.4/usb5/5-1 is taking a long time
[ 1898.869458][ T8597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1898.883761][ T8597] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1898.917085][ T8597] qnx4: no qnx4 filesystem (no root dir).
[ 1899.141104][ T8613] netlink: 44 bytes leftover after parsing attributes in process `syz.7.12531'.
[ 1899.475426][ T8643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1899.488209][ T8643] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1899.663193][T26018] usb 10-1: new low-speed USB device number 16 using dummy_hcd
[ 1899.793022][T26018] usb 10-1: device descriptor read/64, error -71
[ 1900.035512][T26018] usb 10-1: new low-speed USB device number 17 using dummy_hcd
[ 1900.253018][T26018] usb 10-1: device descriptor read/64, error -71
[ 1900.363178][T26018] usb usb10-port1: attempt power cycle
[ 1900.438632][ T8658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1900.456587][ T8658] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1900.703020][T26018] usb 10-1: new low-speed USB device number 18 using dummy_hcd
[ 1900.734975][T26018] usb 10-1: device descriptor read/8, error -71
[ 1900.847715][   T30] audit: type=1326 audit(1751057822.705:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8661 comm="syz.6.12542" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f713f98e929 code=0x8000000
[ 1900.993160][T26018] usb 10-1: new low-speed USB device number 19 using dummy_hcd
[ 1901.025671][T26018] usb 10-1: device descriptor read/8, error -71
[ 1901.136077][T26018] usb usb10-port1: unable to enumerate USB device
[ 1901.461895][ T8673] wg0 speed is unknown, defaulting to 1000
[ 1901.483068][ T8673] wg0 speed is unknown, defaulting to 1000
[ 1901.489785][ T8673] wg0 speed is unknown, defaulting to 1000
[ 1901.565930][ T8673] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1901.604214][ T8673] wg0 speed is unknown, defaulting to 1000
[ 1901.617167][ T8673] wg0 speed is unknown, defaulting to 1000
[ 1901.625375][ T8673] wg0 speed is unknown, defaulting to 1000
[ 1901.634524][ T8673] wg0 speed is unknown, defaulting to 1000
[ 1901.642320][ T8673] wg0 speed is unknown, defaulting to 1000
[ 1901.650697][ T8673] wg0 speed is unknown, defaulting to 1000
[ 1902.538506][ T8724] C: renamed from team_slave_0 (while UP)
[ 1902.666273][ T8724] netlink: 'syz.7.12557': attribute type 4 has an invalid length.
[ 1902.683126][ T8724] netlink: 116 bytes leftover after parsing attributes in process `syz.7.12557'.
[ 1902.692836][ T8724] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[ 1902.755817][ T8725] netlink: 65051 bytes leftover after parsing attributes in process `syz.7.12557'.
[ 1903.358073][   T30] audit: type=1326 audit(1751057825.215:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8754 comm="syz.6.12564" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f713f92ab19 code=0x9000000
[ 1903.953025][T30132] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[ 1904.112996][T30132] usb 10-1: Using ep0 maxpacket: 32
[ 1904.121257][T30132] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1904.136121][T30132] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1904.150693][T30132] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1904.172020][T30132] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1904.181422][T30132] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1904.196717][T30132] usb 10-1: Product: syz
[ 1904.201045][T30132] usb 10-1: Manufacturer: syz
[ 1904.205960][T30132] usb 10-1: SerialNumber: syz
[ 1904.257342][T30136] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1904.660610][T30132] usb 10-1: USB disconnect, device number 20
[ 1904.827157][ T8827] netlink: 'syz.4.12576': attribute type 1 has an invalid length.
[ 1905.707475][ T8868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1905.736650][ T8868] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1906.109479][   T30] audit: type=1326 audit(1751057827.965:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8884 comm="syz.4.12591" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17ccb8e929 code=0xa000000
[ 1906.655793][ T8904] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[ 1906.932981][   T10] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[ 1907.113201][   T10] usb 10-1: Using ep0 maxpacket: 32
[ 1907.124082][   T10] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1907.148962][   T10] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1907.162685][   T10] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1907.178267][   T10] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1907.192189][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1907.200452][   T10] usb 10-1: Product: syz
[ 1907.209012][   T10] usb 10-1: Manufacturer: syz
[ 1907.214819][   T10] usb 10-1: SerialNumber: syz
[ 1907.586353][   T10] usb 10-1: USB disconnect, device number 21
[ 1907.701479][ T8957] loop2: detected capacity change from 0 to 1
[ 1907.711956][T19322] Dev loop2: unable to read RDB block 1
[ 1907.718355][T19322]  loop2: unable to read partition table
[ 1907.724449][T19322] loop2: partition table beyond EOD, truncated
[ 1907.743119][ T8957] Dev loop2: unable to read RDB block 1
[ 1907.748709][ T8957]  loop2: unable to read partition table
[ 1907.762695][ T8957] loop2: partition table beyond EOD, truncated
[ 1907.768980][ T8957] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1908.040737][ T8972] mkiss: ax0: crc mode is auto.
[ 1908.468804][ T8996] kAFS: unparsable volume name
[ 1908.874984][   T30] audit: type=1326 audit(1751057830.735:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9018 comm="syz.4.12616" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f17ccb2ab19 code=0xf000000
[ 1908.969366][ T9023] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[ 1908.973088][ T5833] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[ 1909.141986][ T5833] usb 10-1: Using ep0 maxpacket: 16
[ 1909.159449][ T5833] usb 10-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1909.175568][ T5833] usb 10-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1909.202947][ T5833] usb 10-1: config 0 interface 0 has no altsetting 0
[ 1909.220218][ T5833] usb 10-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[ 1909.241042][ T5833] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1909.265110][ T5833] usb 10-1: config 0 descriptor??
[ 1909.702038][ T5833] usbhid 10-1:0.0: can't add hid device: -71
[ 1909.718470][ T5833] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1909.732655][ T5833] usb 10-1: USB disconnect, device number 22
[ 1909.905074][ T9055] loop2: detected capacity change from 0 to 1
[ 1909.929807][ T9055] Dev loop2: unable to read RDB block 1
[ 1909.955208][ T9055]  loop2: unable to read partition table
[ 1909.961054][ T9055] loop2: partition table beyond EOD, truncated
[ 1909.973521][ T9055] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1910.634098][ T9090] netdevsim netdevsim4: Firmware load for '/../file0' refused, path contains '..' component
[ 1911.156626][ T9114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1911.167419][ T9114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1911.212856][ T9121] mmap: syz.9.12641 (9121): VmData 37457920 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[ 1911.574963][   T30] audit: type=1326 audit(1751057833.435:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9135 comm="syz.4.12647" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17ccb8e929 code=0x14000000
[ 1911.780554][ T9139] loop2: detected capacity change from 0 to 1
[ 1911.803885][ T9139] Dev loop2: unable to read RDB block 1
[ 1911.809500][ T9139]  loop2: unable to read partition table
[ 1911.833140][ T9139] loop2: partition table beyond EOD, truncated
[ 1911.852353][ T9139] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1912.349381][T30136] Bluetooth: hci1: adv larger than maximum supported
[ 1912.349446][T30136] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[ 1913.478586][ T9197] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[ 1913.659303][ T9210] loop2: detected capacity change from 0 to 1
[ 1913.672109][ T9210] Dev loop2: unable to read RDB block 1
[ 1913.687913][ T9210]  loop2: unable to read partition table
[ 1913.695065][ T9210] loop2: partition table beyond EOD, truncated
[ 1913.710742][ T9210] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1914.139028][   T30] audit: type=1326 audit(1751057835.995:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9240 comm="syz.4.12676" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17ccb8e929 code=0x1f000000
[ 1914.374865][ T9253] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1914.473140][T26018] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[ 1914.643152][T26018] usb 10-1: Using ep0 maxpacket: 32
[ 1914.658886][T26018] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1914.672830][T26018] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1914.701231][T26018] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1914.722248][T26018] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1914.732068][T26018] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1914.747185][T26018] usb 10-1: Product: syz
[ 1914.751548][T26018] usb 10-1: Manufacturer: syz
[ 1914.760164][T26018] usb 10-1: SerialNumber: syz
[ 1915.142181][T26018] usb 10-1: USB disconnect, device number 23
[ 1915.659562][ T9304] misc userio: No port type given on /dev/userio
[ 1915.731350][ T9304] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1915.977879][ T9322] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(3)
[ 1915.984404][ T9322] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1915.996844][ T9322] vhci_hcd vhci_hcd.0: Device attached
[ 1916.008803][ T9322] vhci_hcd vhci_hcd.0: port 0 already used
[ 1916.017445][ T9323] vhci_hcd: connection closed
[ 1916.019682][   T37] vhci_hcd: stop threads
[ 1916.028969][   T37] vhci_hcd: release socket
[ 1916.036486][   T37] vhci_hcd: disconnect device
[ 1916.464683][ T9333] loop2: detected capacity change from 0 to 1
[ 1916.471911][ T9333] Dev loop2: unable to read RDB block 1
[ 1916.478532][ T9333]  loop2: unable to read partition table
[ 1916.484502][ T9333] loop2: partition table beyond EOD, truncated
[ 1916.490657][ T9333] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1916.582854][ T9339] netlink: 'syz.6.12694': attribute type 4 has an invalid length.
[ 1916.605981][ T9339] netlink: 4 bytes leftover after parsing attributes in process `syz.6.12694'.
[ 1917.060829][   T30] audit: type=1326 audit(1751057838.915:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9364 comm="syz.9.12700" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6ced8e929 code=0x20000000
[ 1917.211290][ T9369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1917.253467][ T9369] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1917.872562][ T9397] netlink: 'syz.7.12706': attribute type 1 has an invalid length.
[ 1917.884375][ T9397] netlink: 168864 bytes leftover after parsing attributes in process `syz.7.12706'.
[ 1918.407242][ T9416] loop2: detected capacity change from 0 to 1
[ 1918.430045][ T9416] Dev loop2: unable to read RDB block 1
[ 1918.436287][ T9416]  loop2: unable to read partition table
[ 1918.442208][ T9416] loop2: partition table beyond EOD, truncated
[ 1918.455528][ T9416] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1918.551529][ T9422] /dev/rnullb0: Can't open blockdev
[ 1919.210110][ T9456] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[ 1919.419828][T20714] usb 7-1: USB disconnect, device number 100
[ 1919.808303][T11424] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1919.819847][T11424] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1919.828191][T11424] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1919.846584][T11424] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1919.869044][T11424] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1920.151381][ T6288] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1920.238720][ T9478] wg0 speed is unknown, defaulting to 1000
[ 1920.269768][ T6288] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1920.436491][ T6288] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1920.482236][ T9529] loop2: detected capacity change from 0 to 1
[ 1920.556186][ T9529] Dev loop2: unable to read RDB block 1
[ 1920.561801][ T9529]  loop2: unable to read partition table
[ 1920.579447][   T30] audit: type=1326 audit(1751057842.435:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9521 comm="syz.4.12734" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f17ccb8e929 code=0x27000000
[ 1920.633213][ T9529] loop2: partition table beyond EOD, truncated
[ 1920.640182][ T9529] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1920.725936][ T6288] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1920.853937][ T9478] chnl_net:caif_netlink_parms(): no params data found
[ 1921.166424][ T6288] bridge_slave_1: left allmulticast mode
[ 1921.182356][ T6288] bridge_slave_1: left promiscuous mode
[ 1921.192663][ T6288] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1921.254228][ T6288] bridge_slave_0: left allmulticast mode
[ 1921.259892][ T6288] bridge_slave_0: left promiscuous mode
[ 1921.279016][ T6288] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1921.933390][T30136] Bluetooth: hci5: command tx timeout
[ 1922.374654][ T6288] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1922.387105][ T6288] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1922.398412][ T6288] bond0 (unregistering): Released all slaves
[ 1922.769823][ T9478] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1922.790953][ T9478] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1922.799910][ T9478] bridge_slave_0: entered allmulticast mode
[ 1922.818009][ T9478] bridge_slave_0: entered promiscuous mode
[ 1922.844371][ T9478] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1922.853119][ T9478] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1922.860285][ T9478] bridge_slave_1: entered allmulticast mode
[ 1922.896227][ T9478] bridge_slave_1: entered promiscuous mode
[ 1923.020352][ T9478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1923.116882][ T9478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1923.306789][ T9478] team0: Port device team_slave_0 added
[ 1923.329163][ T9478] team0: Port device team_slave_1 added
[ 1923.518868][ T9478] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1923.530542][ T9478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1923.556476][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1923.640081][ T9478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1923.704139][ T6288] hsr_slave_0: left promiscuous mode
[ 1923.710884][ T6288] hsr_slave_1: left promiscuous mode
[ 1923.720393][ T6288] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1923.730236][ T6288] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1923.746423][ T6288] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1923.757582][ T6288] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1923.845379][ T6288] veth1_macvtap: left promiscuous mode
[ 1923.868424][ T6288] veth0_macvtap: left promiscuous mode
[ 1923.891718][ T6288] veth1_vlan: left promiscuous mode
[ 1923.913749][ T6288] veth0_vlan: left promiscuous mode
[ 1924.013642][T30136] Bluetooth: hci5: command tx timeout
[ 1924.737153][ T9870] netlink: 16 bytes leftover after parsing attributes in process `syz.9.12751'.
[ 1924.787049][ T6288] team0 (unregistering): Port device team_slave_1 removed
[ 1924.847813][ T6288] team0 (unregistering): Port device team_slave_0 removed
[ 1925.490385][ T9478] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1925.498000][ T9478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1925.523904][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1925.531535][ T9478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1925.619290][ T9869] netlink: 12 bytes leftover after parsing attributes in process `syz.9.12751'.
[ 1925.732666][   T30] audit: type=1326 audit(1751057847.585:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9882 comm="syz.4.12752" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f17ccb8e929 code=0x0
[ 1925.755079][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1925.809304][ T9478] hsr_slave_0: entered promiscuous mode
[ 1925.820707][ T9478] hsr_slave_1: entered promiscuous mode
[ 1925.832747][ T9478] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1925.847035][ T9478] Cannot create hsr debugfs directory
[ 1925.872196][ T9913] loop2: detected capacity change from 0 to 1
[ 1925.887072][ T9913] Dev loop2: unable to read RDB block 1
[ 1925.904928][ T9913]  loop2: unable to read partition table
[ 1925.923250][ T9913] loop2: partition table beyond EOD, truncated
[ 1925.939102][ T9913] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1926.059107][ T6288] IPVS: stop unused estimator thread 0...
[ 1926.104085][T30136] Bluetooth: hci5: command tx timeout
[ 1926.902168][ T9478] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1926.924750][ T9478] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1926.938727][ T9478] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1926.949102][ T9478] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1927.087898][ T9478] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1927.111440][ T9478] 8021q: adding VLAN 0 to HW filter on device team0
[ 1927.129111][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1927.136272][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1927.152444][T30595] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1927.159551][T30595] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1927.233062][ T5833] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[ 1927.395647][ T5833] usb 10-1: Using ep0 maxpacket: 8
[ 1927.437325][ T5833] usb 10-1: config 5 has an invalid interface number: 143 but max is 2
[ 1927.453319][ T5833] usb 10-1: config 5 has an invalid interface number: 6 but max is 2
[ 1927.476985][ T5833] usb 10-1: config 5 contains an unexpected descriptor of type 0x2, skipping
[ 1927.495408][ T5833] usb 10-1: config 5 has an invalid descriptor of length 108, skipping remainder of the config
[ 1927.512345][ T5833] usb 10-1: config 5 has no interface number 1
[ 1927.518853][ T5833] usb 10-1: config 5 has no interface number 2
[ 1927.525692][ T5833] usb 10-1: config 5 interface 143 altsetting 30 has 0 endpoint descriptors, different from the interface descriptor's value: 11
[ 1927.551182][ T5833] usb 10-1: too many endpoints for config 5 interface 6 altsetting 7: 122, using maximum allowed: 30
[ 1927.569168][ T5833] usb 10-1: config 5 interface 6 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 122
[ 1927.591574][ T5833] usb 10-1: too many endpoints for config 5 interface 0 altsetting 5: 36, using maximum allowed: 30
[ 1927.607990][ T5833] usb 10-1: config 5 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 36
[ 1927.621737][ T9478] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1927.628800][ T5833] usb 10-1: config 5 interface 143 has no altsetting 0
[ 1927.636422][ T5833] usb 10-1: config 5 interface 6 has no altsetting 0
[ 1927.643810][ T5833] usb 10-1: config 5 interface 0 has no altsetting 0
[ 1927.692825][ T5833] usb 10-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=fc.f3
[ 1927.728660][ T5833] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1927.753037][ T5833] usb 10-1: Product: syz
[ 1927.757298][ T5833] usb 10-1: Manufacturer: syz
[ 1927.772251][ T5833] usb 10-1: SerialNumber: syz
[ 1927.959101][T10087] MTD: Couldn't look up '/dev/rnullb0': -15
[ 1928.013819][T10089] qnx4: no qnx4 filesystem (no root dir).
[ 1928.051545][ T5833] uvcvideo 10-1:5.143: probe with driver uvcvideo failed with error -22
[ 1928.110772][ T5833] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[ 1928.128308][ T5833] usb 10-1: MIDIStreaming interface descriptor not found
[ 1928.160792][ T9478] veth0_vlan: entered promiscuous mode
[ 1928.183039][T30136] Bluetooth: hci5: command tx timeout
[ 1928.205478][ T9478] veth1_vlan: entered promiscuous mode
[ 1928.233310][   T30] audit: type=1326 audit(1751057850.085:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10096 comm="syz.4.12763" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f17ccb2ab19 code=0x40000000
[ 1928.240979][ T5833] usb 10-1: USB disconnect, device number 24
[ 1928.279592][ T9478] veth0_macvtap: entered promiscuous mode
[ 1928.301932][ T9478] veth1_macvtap: entered promiscuous mode
[ 1928.365313][ T9478] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1928.411133][ T9478] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1928.445318][T30595] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1928.464746][T30595] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1928.505080][T30595] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1928.526305][   T76] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1928.750985][T30595] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1928.781727][T30595] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1928.846301][ T2002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1928.864438][ T2002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1929.266978][T10161] NILFS (rnullb0): couldn't find nilfs on the device
[ 1929.789671][T10187] loop2: detected capacity change from 0 to 1
[ 1929.845570][T10187] Dev loop2: unable to read RDB block 1
[ 1929.851193][T10187]  loop2: unable to read partition table
[ 1929.877791][T10187] loop2: partition table beyond EOD, truncated
[ 1929.931533][T10187] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1930.127477][T10202] vxfs: WRONG superblock magic 00000000 at 1
[ 1930.161324][T10202] vxfs: WRONG superblock magic 00000000 at 8
[ 1930.171225][T10202] vxfs: can't find superblock.
[ 1930.202267][T10211] vxfs: WRONG superblock magic 00000000 at 1
[ 1930.211801][T10211] vxfs: WRONG superblock magic 00000000 at 8
[ 1930.229060][T10211] vxfs: can't find superblock.
[ 1930.853105][T20714] usb 7-1: new high-speed USB device number 101 using dummy_hcd
[ 1931.014705][T20714] usb 7-1: Using ep0 maxpacket: 16
[ 1931.027514][T20714] usb 7-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[ 1931.060719][T20714] usb 7-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3
[ 1931.078306][T20714] usb 7-1: Product: syz
[ 1931.085155][T20714] usb 7-1: Manufacturer: syz
[ 1931.102775][T20714] usb 7-1: SerialNumber: syz
[ 1931.132342][T20714] usb 7-1: config 0 descriptor??
[ 1931.140279][T20714] ums-onetouch 7-1:0.0: USB Mass Storage device detected
[ 1931.325387][T10265] XFS (rnullb0): Invalid superblock magic number
[ 1931.377056][T20714] usb 7-1: USB disconnect, device number 101
[ 1931.847807][T10297] netlink: 4 bytes leftover after parsing attributes in process `syz.9.12794'.
[ 1931.992744][T10308] NILFS (rnullb0): couldn't find nilfs on the device
[ 1932.003541][T10306] loop2: detected capacity change from 0 to 1
[ 1932.011179][T10306] Dev loop2: unable to read RDB block 1
[ 1932.019406][T10306]  loop2: unable to read partition table
[ 1932.029720][T10306] loop2: partition table beyond EOD, truncated
[ 1932.052762][T10306] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1932.168661][T10318] netlink: 'syz.6.12800': attribute type 4 has an invalid length.
[ 1932.179359][T10318] netlink: 4 bytes leftover after parsing attributes in process `syz.6.12800'.
[ 1932.242792][T10322] hpfs: Bad magic ... probably not HPFS
[ 1932.421573][   T30] audit: type=1326 audit(1751057854.275:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10329 comm="syz.6.12804" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f237978e929 code=0x60000000
[ 1932.548780][T10341] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12806'.
[ 1932.773061][T26420] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[ 1932.945676][T26420] usb 10-1: Using ep0 maxpacket: 32
[ 1932.952797][T26420] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[ 1932.961197][T26420] usb 10-1: config 0 has no interface number 0
[ 1932.968480][T26420] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1932.997795][T26420] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1933.030512][T26420] usb 10-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1933.041536][T26420] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1933.066161][T26420] usb 10-1: config 0 descriptor??
[ 1933.296902][T10368] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12815'.
[ 1933.483499][T10372] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12817'.
[ 1933.689104][T26420] input: HID 28bd:0094 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.1/0003:28BD:0094.0070/input/input141
[ 1933.718077][T10384] netlink: 'syz.7.12820': attribute type 4 has an invalid length.
[ 1933.740401][T10384] netlink: 4 bytes leftover after parsing attributes in process `syz.7.12820'.
[ 1933.803568][T26420] uclogic 0003:28BD:0094.0070: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.9-1/input1
[ 1933.897069][T10336] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1933.923299][T10336] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1934.107332][T10336] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1934.774693][T10431] XFS (rnullb0): Invalid superblock magic number
[ 1935.216383][T10458] netlink: 32 bytes leftover after parsing attributes in process `syz.4.12835'.
[ 1935.299363][T10464] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12837'.
[ 1935.309530][T10464] netlink: 'syz.4.12837': attribute type 6 has an invalid length.
[ 1935.339775][T10466] loop2: detected capacity change from 0 to 1
[ 1935.352733][T10466] Dev loop2: unable to read RDB block 1
[ 1935.363118][T26018] usb 7-1: new high-speed USB device number 102 using dummy_hcd
[ 1935.383272][T10466]  loop2: unable to read partition table
[ 1935.389037][T10466] loop2: partition table beyond EOD, truncated
[ 1935.403452][T10466] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1935.553281][T26018] usb 7-1: Using ep0 maxpacket: 32
[ 1935.571160][T26018] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1935.591647][T26018] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1935.610234][T26018] usb 7-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1935.627308][T26018] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1935.638748][T26018] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1935.647173][T26018] usb 7-1: Product: syz
[ 1935.652012][T26018] usb 7-1: Manufacturer: syz
[ 1935.657248][T26018] usb 7-1: SerialNumber: syz
[ 1935.727082][T10473] XFS (rnullb0): Invalid superblock magic number
[ 1935.755475][T26420] usb 10-1: USB disconnect, device number 25
[ 1935.869246][T10495] netlink: 36 bytes leftover after parsing attributes in process `syz.9.12841'.
[ 1936.049652][   T30] audit: type=1326 audit(1751057857.905:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10498 comm="syz.7.12842" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd77678e929 code=0x70000000
[ 1936.079922][T10512] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.12843'.
[ 1936.132470][T26018] usb 7-1: USB disconnect, device number 102
[ 1937.179725][T10571] loop2: detected capacity change from 0 to 1
[ 1937.216768][T19322] Dev loop2: unable to read RDB block 1
[ 1937.222375][T19322]  loop2: unable to read partition table
[ 1937.243197][T19322] loop2: partition table beyond EOD, truncated
[ 1937.270411][T10571] Dev loop2: unable to read RDB block 1
[ 1937.283118][T10571]  loop2: unable to read partition table
[ 1937.289549][T10571] loop2: partition table beyond EOD, truncated
[ 1937.328196][T10571] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1937.695559][T10584] batadv_slave_1: entered promiscuous mode
[ 1937.727113][T10583] batadv_slave_1: left promiscuous mode
[ 1937.787377][T10578] syz.6.12859 (10578): drop_caches: 2
[ 1938.182981][T26420] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[ 1938.351302][T26420] usb 10-1: Using ep0 maxpacket: 32
[ 1938.361883][T26420] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1938.393078][T26420] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1938.426735][T26420] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1938.456638][T10613] netlink: 44 bytes leftover after parsing attributes in process `syz.6.12867'.
[ 1938.472767][T26420] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1938.492198][T26420] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1938.510518][T26420] usb 10-1: Product: syz
[ 1938.523830][T26420] usb 10-1: Manufacturer: syz
[ 1938.533130][T26420] usb 10-1: SerialNumber: syz
[ 1939.005201][T26420] usb 10-1: USB disconnect, device number 26
[ 1939.403268][T20714] usb 7-1: new full-speed USB device number 103 using dummy_hcd
[ 1939.444446][T10687] netlink: 44 bytes leftover after parsing attributes in process `syz.4.12877'.
[ 1939.521766][T10691] loop2: detected capacity change from 0 to 1
[ 1939.542128][T10691] Dev loop2: unable to read RDB block 1
[ 1939.548795][T10691]  loop2: unable to read partition table
[ 1939.554917][T10691] loop2: partition table beyond EOD, truncated
[ 1939.566417][T20714] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1939.587330][T10691] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1939.597225][T20714] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1939.611236][T20714] usb 7-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1939.621425][T20714] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1939.635955][T20714] usb 7-1: config 0 descriptor??
[ 1940.060204][T20714] lenovo 0003:17EF:6067.0071: unknown main item tag 0x2
[ 1940.079693][T20714] lenovo 0003:17EF:6067.0071: unknown main item tag 0x4
[ 1940.108110][T20714] lenovo 0003:17EF:6067.0071: item fetching failed at offset 10/11
[ 1940.119037][T20714] lenovo 0003:17EF:6067.0071: hid_parse failed
[ 1940.131141][T20714] lenovo 0003:17EF:6067.0071: probe with driver lenovo failed with error -22
[ 1940.298832][T10669] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1940.355944][T20714] usb 7-1: USB disconnect, device number 103
[ 1940.731125][T10735] netlink: 44 bytes leftover after parsing attributes in process `syz.9.12887'.
[ 1940.795379][T10738] netlink: 'syz.4.12889': attribute type 2 has an invalid length.
[ 1940.810506][T10738] netlink: 12 bytes leftover after parsing attributes in process `syz.4.12889'.
[ 1941.300476][T10767] /dev/rnullb0: Can't lookup blockdev
[ 1941.383980][T10774] loop2: detected capacity change from 0 to 1
[ 1941.391837][T10774] Dev loop2: unable to read RDB block 1
[ 1941.410725][T10774]  loop2: unable to read partition table
[ 1941.412447][T10777] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12899'.
[ 1941.423121][T10774] loop2: partition table beyond EOD, truncated
[ 1941.458467][T10774] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1941.833015][   T30] audit: type=1326 audit(1751057863.675:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10787 comm="syz.4.12904" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f17ccb2ab19 code=0x90ff0000
[ 1942.173234][T11424] Bluetooth: hci1: command 0x0406 tx timeout
[ 1942.255769][   T30] audit: type=1326 audit(1751057864.115:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10786 comm="syz.9.12903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ced8e929 code=0x7fc00000
[ 1942.279442][T10789] ntfs3(rnullb0): Primary boot signature is not NTFS.
[ 1942.305333][T10789] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[ 1942.600140][   T30] audit: type=1326 audit(1751057864.455:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10786 comm="syz.9.12903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ced8e929 code=0x7fc00000
[ 1942.914873][T10812] netlink: 16 bytes leftover after parsing attributes in process `syz.6.12908'.
[ 1943.222342][T10826] Can't find a SQUASHFS superblock on rnullb0
[ 1943.561875][T10844] netlink: 16 bytes leftover after parsing attributes in process `syz.9.12919'.
[ 1944.183276][T10875] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1944.499208][   T30] audit: type=1326 audit(1751057866.355:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10896 comm="syz.6.12936" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f237978e929 code=0xffff0000
[ 1945.147458][T10936] loop2: detected capacity change from 0 to 1
[ 1945.172532][T10936] Dev loop2: unable to read RDB block 1
[ 1945.182963][T10936]  loop2: unable to read partition table
[ 1945.188750][T10936] loop2: partition table beyond EOD, truncated
[ 1945.233214][T10936] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1945.983356][T30132] usb 10-1: new high-speed USB device number 27 using dummy_hcd
[ 1947.045050][T30132] usb 10-1: Using ep0 maxpacket: 32
[ 1947.055224][T30132] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1947.065627][T30132] usb 10-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1947.083333][T30132] usb 10-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1947.178898][T30132] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1947.188289][T30132] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1947.188363][T10980] gfs2: not a GFS2 filesystem
[ 1947.196758][T30132] usb 10-1: Product: syz
[ 1947.196775][T30132] usb 10-1: Manufacturer: syz
[ 1947.196789][T30132] usb 10-1: SerialNumber: syz
[ 1947.602479][T30132] usb 10-1: USB disconnect, device number 27
[ 1947.631635][T11020] loop2: detected capacity change from 0 to 1
[ 1947.652449][T11020] Dev loop2: unable to read RDB block 1
[ 1947.668065][T11020]  loop2: unable to read partition table
[ 1947.677298][T11020] loop2: partition table beyond EOD, truncated
[ 1947.689027][T11020] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1948.353708][T11064] sctp: [Deprecated]: syz.7.12973 (pid 11064) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1948.353708][T11064] Use struct sctp_sack_info instead
[ 1948.432945][   T31] INFO: task kworker/0:2:980 blocked for more than 143 seconds.
[ 1948.469206][   T31]       Not tainted 6.16.0-rc3-next-20250627-syzkaller #0
[ 1948.507015][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1948.549808][   T31] task:kworker/0:2     state:D stack:20056 pid:980   tgid:980   ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1948.604538][T11073] loop2: detected capacity change from 0 to 1
[ 1948.612951][   T31] Workqueue: usb_hub_wq hub_event
[ 1948.624773][   T31] Call Trace:
[ 1948.628073][   T31]  <TASK>
[ 1948.637650][T11073] Dev loop2: unable to read RDB block 1
[ 1948.646931][   T31]  __schedule+0x16f5/0x4d00
[ 1948.651460][   T31]  ? __device_attach+0x2b8/0x400
[ 1948.662409][T11073]  loop2: unable to read partition table
[ 1948.682887][   T31]  ? bus_probe_device+0x185/0x260
[ 1948.698158][   T31]  ? hub_event+0x2941/0x4a00
[ 1948.702778][   T31]  ? process_scheduled_works+0xade/0x17b0
[ 1948.722924][   T31]  ? ret_from_fork_asm+0x1a/0x30
[ 1948.727904][   T31]  ? schedule+0x165/0x360
[ 1948.733745][T11073] loop2: partition table beyond EOD, truncated
[ 1948.747401][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1948.752278][   T31]  ? __pfx___schedule+0x10/0x10
[ 1948.757869][T11073] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1948.799862][   T31]  ? schedule+0x91/0x360
[ 1948.833014][   T31]  schedule+0x165/0x360
[ 1948.839790][   T31]  schedule_timeout+0x9a/0x270
[ 1948.862141][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1948.870317][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1948.881186][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1948.915961][   T31]  ? wait_for_completion+0x267/0x5d0
[ 1948.962036][   T31]  wait_for_completion+0x2bf/0x5d0
[ 1948.972597][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[ 1948.985854][   T31]  i2c_del_adapter+0x581/0x6e0
[ 1948.994400][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[ 1948.999777][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1949.005829][   T31]  ? dvb_usb_adapter_exit+0xd7/0x240
[ 1949.011223][   T31]  dvb_usb_i2c_exit+0x64/0xb0
[ 1949.018899][   T31]  dvb_usb_device_exit+0x1be/0x350
[ 1949.025925][   T31]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[ 1949.031648][   T31]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1949.041404][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1949.048340][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1949.057017][   T31]  cxusb_probe+0x603/0x700
[ 1949.064209][   T31]  ? __pfx_cxusb_probe+0x10/0x10
[ 1949.069235][   T31]  ? __pm_runtime_set_status+0x785/0xa50
[ 1949.075512][   T31]  usb_probe_interface+0x634/0xbf0
[ 1949.080716][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[ 1949.089562][   T31]  really_probe+0x26d/0x9a0
[ 1949.097153][   T31]  __driver_probe_device+0x18c/0x2f0
[ 1949.102519][   T31]  driver_probe_device+0x4f/0x430
[ 1949.109460][   T31]  __device_attach_driver+0x2ce/0x530
[ 1949.118021][   T31]  bus_for_each_drv+0x24e/0x2e0
[ 1949.124610][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[ 1949.130578][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[ 1949.140246][   T31]  __device_attach+0x2b8/0x400
[ 1949.146114][   T31]  ? __pfx___device_attach+0x10/0x10
[ 1949.151493][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1949.157209][   T31]  bus_probe_device+0x185/0x260
[ 1949.162144][   T31]  device_add+0x7b6/0xb50
[ 1949.167408][   T31]  usb_set_configuration+0x1a87/0x20e0
[ 1949.173179][   T31]  usb_generic_driver_probe+0x8d/0x150
[ 1949.178722][   T31]  usb_probe_device+0x1c4/0x390
[ 1949.184008][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[ 1949.192711][   T31]  really_probe+0x26d/0x9a0
[ 1949.200273][   T31]  __driver_probe_device+0x18c/0x2f0
[ 1949.208664][   T31]  driver_probe_device+0x4f/0x430
[ 1949.215853][   T31]  __device_attach_driver+0x2ce/0x530
[ 1949.221444][   T31]  bus_for_each_drv+0x24e/0x2e0
[ 1949.226775][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[ 1949.232747][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[ 1949.238573][   T31]  __device_attach+0x2b8/0x400
[ 1949.243901][   T31]  ? __pfx___device_attach+0x10/0x10
[ 1949.249271][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1949.254968][   T31]  bus_probe_device+0x185/0x260
[ 1949.259911][   T31]  device_add+0x7b6/0xb50
[ 1949.264728][   T31]  usb_new_device+0xa39/0x16f0
[ 1949.270090][   T31]  ? __pfx_usb_new_device+0x10/0x10
[ 1949.275729][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1949.281005][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1949.286611][   T31]  hub_event+0x2941/0x4a00
[ 1949.292134][   T31]  ? __pfx_hub_event+0x10/0x10
[ 1949.297797][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1949.304039][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1949.309332][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1949.315482][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1949.321240][   T31]  process_scheduled_works+0xade/0x17b0
[ 1949.326975][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1949.333172][   T31]  worker_thread+0x8a0/0xda0
[ 1949.337906][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1949.344339][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1949.349597][   T31]  kthread+0x711/0x8a0
[ 1949.353742][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1949.358962][   T31]  ? __pfx_kthread+0x10/0x10
[ 1949.363730][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1949.369095][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1949.374980][   T31]  ? __pfx_kthread+0x10/0x10
[ 1949.379585][   T31]  ret_from_fork+0x3fc/0x770
[ 1949.384284][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1949.389548][   T31]  ? __switch_to_asm+0x39/0x70
[ 1949.395566][   T31]  ? __switch_to_asm+0x33/0x70
[ 1949.400343][   T31]  ? __pfx_kthread+0x10/0x10
[ 1949.404978][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1949.409906][   T31]  </TASK>
[ 1949.424777][   T31] 
[ 1949.424777][   T31] Showing all locks held in the system:
[ 1949.432498][   T31] 1 lock held by ksoftirqd/1/23:
[ 1949.442031][   T31] 1 lock held by khungtaskd/31:
[ 1949.448280][   T31]  #0: ffffffff8e33bf20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1949.462699][   T31] 5 locks held by kworker/0:2/980:
[ 1949.467914][   T31]  #0: ffff888144291948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1949.482539][   T31]  #1: ffffc90003adfbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1949.498390][   T31]  #2: ffff888144ff3198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[ 1949.507357][   T31]  #3: ffff888020ee7198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[ 1949.516844][   T31]  #4: ffff88803e480160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[ 1949.526195][   T31] 2 locks held by getty/5597:
[ 1949.530857][   T31]  #0: ffff88803547e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1949.540630][   T31]  #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1949.551108][   T31] 4 locks held by kworker/u8:2/2002:
[ 1949.556496][   T31] 4 locks held by udevd/11137:
[ 1949.561337][   T31]  #0: ffff8880340e0e80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[ 1949.570159][   T31]  #1: ffff888051c7a488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0
[ 1949.580089][   T31]  #2: ffff88804be85878 (kn->active#30){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0
[ 1949.589810][   T31]  #3: ffff888020ee7198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[ 1949.600526][   T31] 
[ 1949.602897][   T31] =============================================
[ 1949.602897][   T31] 
[ 1949.611459][   T31] NMI backtrace for cpu 0
[ 1949.611472][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
[ 1949.611488][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1949.611497][   T31] Call Trace:
[ 1949.611503][   T31]  <TASK>
[ 1949.611510][   T31]  dump_stack_lvl+0x189/0x250
[ 1949.611526][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1949.611544][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1949.611559][   T31]  ? __pfx__printk+0x10/0x10
[ 1949.611582][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1949.611599][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1949.611610][   T31]  ? _printk+0xcf/0x120
[ 1949.611628][   T31]  ? __pfx__printk+0x10/0x10
[ 1949.611643][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1949.611664][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1949.611679][   T31]  watchdog+0xfee/0x1030
[ 1949.611698][   T31]  ? watchdog+0x1de/0x1030
[ 1949.611725][   T31]  kthread+0x711/0x8a0
[ 1949.611743][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1949.611758][   T31]  ? __pfx_kthread+0x10/0x10
[ 1949.611774][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1949.611789][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1949.611803][   T31]  ? __pfx_kthread+0x10/0x10
[ 1949.611819][   T31]  ret_from_fork+0x3fc/0x770
[ 1949.611840][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1949.611863][   T31]  ? __switch_to_asm+0x39/0x70
[ 1949.611878][   T31]  ? __switch_to_asm+0x33/0x70
[ 1949.611892][   T31]  ? __pfx_kthread+0x10/0x10
[ 1949.611909][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1949.611935][   T31]  </TASK>
[ 1949.611943][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1949.777117][    C1] NMI backtrace for cpu 1
[ 1949.777133][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
[ 1949.777153][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1949.777165][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1949.777190][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 dd 11 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1949.777205][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2
[ 1949.777220][    C1] RAX: 1c31767b09058800 RBX: ffffffff81971578 RCX: 1c31767b09058800
[ 1949.777234][    C1] RDX: 0000000000000001 RSI: ffffffff8da603b1 RDI: ffffffff8be4ab80
[ 1949.777246][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f1b R09: 1ffff110170e65e3
[ 1949.777259][    C1] R10: dffffc0000000000 R11: ffffed10170e65e4 R12: ffffffff8fc2ac30
[ 1949.777272][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a55b40
[ 1949.777289][    C1] FS:  0000000000000000(0000) GS:ffff888125ae6000(0000) knlGS:0000000000000000
[ 1949.777304][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1949.777315][    C1] CR2: 00007fc6cef81178 CR3: 000000007efd4000 CR4: 00000000003526f0
[ 1949.777330][    C1] Call Trace:
[ 1949.777337][    C1]  <TASK>
[ 1949.777344][    C1]  default_idle+0x13/0x20
[ 1949.777366][    C1]  default_idle_call+0x74/0xb0
[ 1949.777389][    C1]  do_idle+0x1e8/0x510
[ 1949.777408][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1949.777423][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1949.777449][    C1]  cpu_startup_entry+0x44/0x60
[ 1949.777465][    C1]  start_secondary+0x101/0x110
[ 1949.777487][    C1]  common_startup_64+0x13e/0x147
[ 1949.777513][    C1]  </TASK>
[ 1949.978362][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1949.985213][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
[ 1949.996470][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1950.006506][   T31] Call Trace:
[ 1950.009769][   T31]  <TASK>
[ 1950.012683][   T31]  dump_stack_lvl+0x99/0x250
[ 1950.017258][   T31]  ? __asan_memcpy+0x40/0x70
[ 1950.021833][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1950.027016][   T31]  ? __pfx__printk+0x10/0x10
[ 1950.031594][   T31]  panic+0x2db/0x790
[ 1950.035481][   T31]  ? __pfx_panic+0x10/0x10
[ 1950.039878][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1950.045673][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1950.051048][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1950.057188][   T31]  watchdog+0x102d/0x1030
[ 1950.061507][   T31]  ? watchdog+0x1de/0x1030
[ 1950.065923][   T31]  kthread+0x711/0x8a0
[ 1950.070005][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1950.074687][   T31]  ? __pfx_kthread+0x10/0x10
[ 1950.079277][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1950.084466][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1950.089653][   T31]  ? __pfx_kthread+0x10/0x10
[ 1950.094239][   T31]  ret_from_fork+0x3fc/0x770
[ 1950.098837][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1950.103949][   T31]  ? __switch_to_asm+0x39/0x70
[ 1950.108701][   T31]  ? __switch_to_asm+0x33/0x70
[ 1950.113452][   T31]  ? __pfx_kthread+0x10/0x10
[ 1950.118035][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1950.122793][   T31]  </TASK>
[ 1950.126057][   T31] Kernel Offset: disabled
[ 1950.130363][   T31] Rebooting in 86400 seconds..