last executing test programs:

2m54.474600028s ago: executing program 0 (id=56):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc08c5332, &(0x7f0000000400)={{}, 0x1, 0x0, 0x0, {0x1}, 0x0, 0x1a})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000540)={0x0, 0x3, {0x1, 0x2, 0x1, 0x2, 0x2}, 0x7})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x1}]})
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89101)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd})
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000180)="10000000000000000100000024000000", 0x10)
r2 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x4, 0x200)
ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000180)={0xfffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) (fail_nth: 5)
socket(0x80000000000000a, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_sock_diag(0x10, 0x3, 0x4)
syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x2, 0x10100}, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x7)
r3 = socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$inet6(r3, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x3f}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000029000000040000002b00000000000007120000000000000029"], 0x30}, 0x0)
close(r0)

2m54.143930868s ago: executing program 4 (id=59):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="0100000000000000000017000000"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0x0, 0x3, 0x0, 0x0, 0xc07}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2)
write$UHID_DESTROY(r3, &(0x7f0000000200), 0x4)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
listen(r4, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001500add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1)
syz_io_uring_setup(0x407c18, &(0x7f0000000040)={0x0, 0x7f9b, 0x800, 0x2, 0x8022f, 0x0, r0}, &(0x7f00000000c0), &(0x7f0000000140))
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TCSETS(r6, 0x5402, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000004f00)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a50000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f14000980100002800c"], 0x78}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
getsockname$inet6(r4, 0x0, 0x0)

2m53.527868062s ago: executing program 0 (id=60):
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x4, 0x1, 0xfbeeebe03a930890, 0x0, 0x0, {0x2, 0x0, 0x2}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x800, &(0x7f00000005c0)=ANY=[@ANYBLOB="726f6469722c6e6f6e756d7461696c3d302c73686d8b20c0172c756e695f786c6174653d312c636f6465706167653d3836342c636f6465706167653d3836352c726f6469722c696f636861727365743d6b6f69382d72752c73686f72746e616d653d6d697865642c757466383d302c726f6469722c756e695f786c6174653d312c000000000000000000"], 0x1, 0x26c, &(0x7f0000000340)="$eJzs3U9rU1kYB+A3bTpJC0OyGCgzDMwdZjOr0HaYfcrQgWECipKFriw2RWlqoYWCLtruit9Bv4Iu3QouxK1fQASpghvrqgshEm//JDWJjZpG7PNs+nLu++Ock17upYueXPl1eWlhZW1xd3cn8vlMZMtRjr1MFGMkRiO1FQDA92Sv0Yg3jdSw1wIAnA7vfwA4e3q9/zNbh2PnT39lAMCgfNHf/yMDWRIAMGAXL13+f7ZSmbuQJPmI5e316no1/Zlen12M61GPWkxFId5FNA6l9b//VeamkqaXxcgvb46k+c316mh7fjoKUeycn05SUW3mDvJjMbGffzYRtZiJQvzUOT/TMf9D/PlHy/ylKMTTq7ES9ViIZjbN5yJiYzpJ/jlXOZbPfegDAAAAAAAAAAAAAAAAAAAAAIBBKCWHiu3n36Tn95RK3a6n+dbzgcZ7nQ/U2Dx2vk42fskOd+8AAAAAAAAAAAAAAAAAAADwrVi7eWtpvl6vrfYqbjy592gnlwY+2dy7yOzP219qu2fP+Ml2caz48fcXdzpdykWu38/n84qxiGgdSfanfPjbACf9WsXjnWs//7U2+Xe3nsi2jtxubrWtp8uNlB3UB/66ENG1J9/3Ddla3D8oym8/6jm4lWqr48P+xU3eLc8/2Hj+6qSpHg+NxuggHkUAAAAAAAAAAAAAAAAAAHDmHf3T77BXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDc/T9//0WuWgbyXdt3hr2HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H0AAAD//7qXlSU=")
fchown(0xffffffffffffffff, 0xee01, 0xee01)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000007c0), 0x13f, 0x6}}, 0x20)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00')
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg(r2, &(0x7f0000001740), 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000240)={[{@errors_remount}, {@noinit_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2a}}, {@errors_remount}, {@nodelalloc}, {@grpjquota}]}, 0x3, 0x45b, &(0x7f00000010c0)="$eJzs281rHOUfAPDvTJL217dfYq0vfVGjVQy+JE1atQcvioIHBcFLPcYkLbXbRpoIthStIvUoBcGjeBT8CzzpRdST4FXvUijSi9XTyuzOdF+6u0nTTabNfj4w2eeZeWbn+c4zz+4z82QDGFjj2Z8kYmdE/B4Ro/Vsa4Hx+sv1axfm/rl2YS6JavWtv5Jaub+vXZgrihb77cgzE2lE+mkS+zscd+nc+VOzlcrC2Tw/tXz6vamlc+efPXl69sTCiYUzM0ePHjk8/cLzM8/1Jc57srru+3DxwN7X3r78xtyxy+/8/G1SxN8WR5+M99r4RLXa58OVa1dTOhlexQ5D61gZVi1rhqy5Rmr9fzSGotF4o/HqJ6VWDlhX1VyXzRerwCaWRNk1AMpRfNFn97/FsnGjj/Jdfal+A5TFfT1f6luGI83LjLTd3/bTeEQcu/jvV9kS6/McAgCgxffZ+OeZTuO/NO5vKvf/2FqbGxrL51J2R8S9EbEnIu6LqJV9ICIe7HSQHhMC7ZMkN49/0itrj25l2fjvxXxuq3X8V4z+Ymwoz+2qxT+SHD9ZWThUOycREzGyNctP9zjGD6/89nm3bc3jv2zJjl+MBfN6XBne2rrP/Ozy7O3E3OzqxxH7hjvFn9yYCUgiYm9E7FvjMU4+9c2BbttWjr+H1cwzraD6dcST9fa/GG3xF5Le85NT/4vKwqGp4qq42S+/Xnqz2/FvK/4+yNp/e8fr/0b8Y0nzfO3Srbx7vXdf+uOzrvc0k2u6/hsrtuSvH8wuL5+djtiSvF6vdPP6mca+Rb4on8U/cbBz/98djTOxPyKyi/ihiHg4Ih7Jo3s0Ih6LiIM9zsJPLz/+bq8zVHb7z7e1/1hrkbb2byS2RPuazomhUz9+1/qOjeTqPv+O1FIT+Zra59+XveNaTb1u9WoGAACAu1UaETsjSSdvpNN0crL+P/x7YntaWVxafvr44vtn5uu/ERiLkbR40jXa9Dx0Or+tL/IzbfnD+XPjL4a21fKTc4uV+bKDhwG3o0v/z/zpNxqw+fVhHg24S+n/MLj0fxhc+j8Mrg79f1sZ9QA2Xqfv/49KqAew8dr6v2k/GCDu/2Fw6f8wuJr7f1JiPYANtbQtVv6R/GZIVKvV6h1Qjc2TiPSOqEZ/Esk694KdZQd464myP5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6478AAAD//+Jk61o=")
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x48940, 0x0)
acct(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00')
r4 = syz_io_uring_setup(0x31cc, &(0x7f0000000680)={0x0, 0x20020020, 0x10100, 0x3, 0xfffffffd}, &(0x7f0000000100), &(0x7f0000000940))
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1b, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x9, 0xaa, &(0x7f00000002c0)=""/170, 0x41100, 0x40, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x2, 0x3, 0xfffffffc, 0xb}, 0x10, 0x0, r5, 0x0, &(0x7f0000000600)=[0xffffffffffffffff], 0x0, 0x10, 0x2ea85, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x9, 0xe, &(0x7f0000002000)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982", @ANYRES64=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
io_uring_enter(r4, 0x5b43, 0x8200, 0x0, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x2004)
acct(0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x2c, &(0x7f0000000780)=ANY=[], 0x0, 0x0, 0x0, 0x0})

2m51.809649502s ago: executing program 4 (id=63):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDDELIO(r0, 0x4b35, 0x6)
ioctl$TIOCCONS(r0, 0x541d)
ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000000)=""/3)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r0, 0x8010671f, &(0x7f0000000100)={&(0x7f0000000040)=""/163, 0xa3})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x20000, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x1403, 0x10, 0x70bd25, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)
ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r1, 0x40045730, &(0x7f0000000280)=0x3)
ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f00000006c0)={0x5b, 0x0, &(0x7f00000002c0)="32865d602d0395866137933fec6994f61f85eb340bc1559430ed722f4a04a4dc53fbe6ee21f668c5d7aee926b548f5dcfa3e3c5f06e3f228099d97b5a4098978bcca13939ea5413efb722581ddd3c6bf164c8b4767b88e14ad778a6e50170104eb6375c08a9fd4758702fd29ef520aabf23781c082fb730ffded1f2d66a20d18c2c016a3334a8206910d280af29bee97525a3adef9076850c4cd6abee1f9029abc6599b378efba9935018839aa3ce3a948c2356c8f7d866b2bf8b3f4cdedb214bc50d2f4de028293f56499d2d0751b12bfbbe8cc4b34099a4f2d4f2fcbd6682db79b7fd509a6a14414231c36ce0e9f045d018017cfb0d2c8902c5dbbcfc9c21b94010b351e275785b7b6a975d7fc011ae5d976907de95dc068f9d12d1109df6fca75d711d855e13d4971f8d31b0a3edbeab4c47d4fdd0c40218f6c8f593ce7eff3fe447f2b634c1a90786dd3f793957c5aa171406f80757b3c0faccd681a81cd749c4f7a054ce26884ecc1f87c0e75af7663f2a0c8543f59ed00698d87feadbc14dcfa28206f18dafa7479e7c9884bff2e151eab4ef363091ff15e2cf53a2e00a3c112a03b3c53e88af4c4acf545f9140cd81d318adba18fb0556c110a0c2f9c37c9e375f1996ce18602ddd3ff06bec1e86f68a446ca83c7dcd8a3bf5431792e5fa92ceeb752abace5514055651a5c904eecae0f10def20869adeaada86f33a2f702e0d0bfdf53ef83e707015130470afe59b3b92df39dcd0cdf91ef5612bd81afb8ba2dc7a6a469a318ce134287efc53f9b4a89525bd71529cd676eecafaa14004abad7d9d0372f3c0bb8ef3f5676809db66a55fefe4740600b75c768d3e8c702b8019f430407d6b3d04e9937fd11a0525fd05a3c5be01255f61b0bfd20ebc8aa5c521496311a1707d7271ed57cdaa7fb503c000c1397227791291ef0530108c941a8bd5190325e7b45723c00bcfa444c2f097a59ca510160146315c3f749e4778198a8d15e512992ae7e5c6415b821d4b889657065a869cea62f44760c1e8081ff139ceec8d015d404e3965b42c9cb88998725f520a36f795010214f67b518f5e79f27feca782809f2e794e98c197c652d6e6f4d454b7fe836dbd5ef0344035ad14e92bbb0869232a6b1626572247d3c98840662d141f397f3479aeaabb5a660bf705430f39fec394603367c8bb3081680618987ac98c75c99c788b902710b82a8ec887c5683fef60a814cc369eecea179497f88a1c56fd084fd60a2176cdb162971a9af1e9829834eca37163bfbd57d6fdaa2f1a3713ba67466815bbd6bcda640d06764592d289ae46420b285cf5ca93b81183dc60c6e6d2813db5781896ee09ca90fc63b33d5ed210cdf2438a6c0486a2161fc11b83e2afb3b065a11d1ccfecee1aad5893fa3dd488df9cdc10c4c969fab628f51d1f0063231d8d189436c"})
ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x541c, &(0x7f00000053c0))
ioctl$sock_qrtr_TIOCINQ(r1, 0x541b, &(0x7f0000005400))
fallocate(r1, 0x3, 0x1, 0x77b5)
ioctl$KDDISABIO(r0, 0x4b37)
syz_emit_vhci(&(0x7f0000005440)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_name={{0x7, 0xff}, {0x9, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, "f280f39ac09438cc1395c15b3a577c30993ac17dcee2c267e08c7a6eca6e91d5454724cfdf0fbb7e737c28a912e1eeec27173b61a14652da438b7f9e2b7d9acca6ad6f9558af4574c64e289af2d40841691b4af2146bd05022502df418c24d8d982bf02fa781696a77ca5480ec3158a63da508e60bb9264aab86de39fe7a415cd53ba4976079695ad8bfeaafe87acc70043647493794f867839cc7a6c95840960d7ef50a5f7ce4311c2ce3d94a0854a2f3f0752fe56c8e549d2ee74231174641be447c1e37844a1bc3d0af087319e58648135365ed570bc08def306f55e5a7ee9b88cd149bb91aebf308dbd47a764dfe68a6bcff3f12d4c6"}}}, 0x102)
ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000005640)={0x66, 0x9, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
writev(r0, &(0x7f0000006340)=[{&(0x7f0000006000)="69a9f986a555d85602b2bcf1a29aa094fa2dd2789d63b0b2e5ab3dc94f2b71bebcfefbb6db2f5ca4ddf77771792f1884fc877ec1b6bcf6dac22a31748e860fbc07a4aa223047ceaa6666024e7a69f88eb05bfc10e8cae2ebddea438e2c32364df1035cb2e2de194bb8429da9747c0b040537a72b4652eb71f3c4c37fab0d774f9dd93aa714a5f2636d3583ec943fec67373d8551ee12f406f6fd31473dd0973c615782f1e0175ba74f8c6c5f652ab4d382057b99b26dbd7e4e7905af277486d60a7f6e12ef971cf1cc37a475712f3646b12197", 0xd3}, {&(0x7f0000006100)="ded3a010832aa68a1dd0f7062fe246d8fc65a9c565d61ecf203e", 0x1a}, {&(0x7f0000006140)="e148604a08d33a304240f272bafa316534b1e8b86c6563c6f0747ed8110ecb4b3fd87f9963d6a0de3a8b6e404d038f8682bd122affdb809e11d190948d09af1366872b52add2d10f39bf07c744742b2f002a2033c02e431663cd34c3b4c5edb063487bf25589a0647c8fd63e343347bc767943a2a2d58cd2bd5a9c376d943a3bf1ab4961b6135e0bf6ea0a8a8afa0f96230f786f1855cc0eccd44d0068", 0x9d}, {&(0x7f0000006200)="a6356843214ab0669b32d6fd31e455740a9b09d5c4b6ff704b2cc418aa90c744d9fca1a54ad7bee1510654c63ca196a034b49d60c55923f47bfd25dc2d930abf80e7b6451094489da1a2a63250ca693e30724dd09b87c73784a5e49fcfc138bd110d5235d172e1285f44f9735a95cb9030c7874320354e5c63d441e39a5e16dc6a614a6fea1eaa912bcfdda961c41472636624f7d5809f538566dc73acbb529d926a8dfa942a5a223c98d54b255b08340bd003851e13a5802d6632dd2ac99a", 0xbf}, {&(0x7f00000062c0)="1a5dee743ec8a914c7072c5ebe7455b921d1f507459107162f6a396205bf5ada2af5884d135622e9cc5bf46b8ff1162007ee3ead8ad08525028e861179d14de00552324386", 0x45}], 0x5)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000006440)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000006400)={<r2=>0xffffffffffffffff}, 0x13f, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000006480)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x100, @ipv4={'\x00', '\xff\xff', @local}, 0x9}, r2}}, 0x30)
sendmsg$nl_route_sched(r1, &(0x7f00000065c0)={&(0x7f00000064c0)={0x10, 0x0, 0x0, 0x50000001}, 0xc, &(0x7f0000006580)={&(0x7f0000006540)=@getchain={0x2c, 0x66, 0x8, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x2}, {0x0, 0x1}, {0xfff3, 0xd}}, [{0x8, 0xb, 0x8a}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008000)
prlimit64(0x0, 0xc, &(0x7f0000006600)={0x0, 0x4}, 0x0)

2m48.851517251s ago: executing program 0 (id=67):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000000000000000181100", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])

2m47.371432398s ago: executing program 0 (id=70):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="1201000000000040ef17476000000000000109022400010000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, &(0x7f0000000540)={0x20, 0x0, 0x7, {0x7, 0x5, "855d569842"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

2m45.510592142s ago: executing program 4 (id=74):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7d2})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x80000, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xb}, {0x0, 0x7}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004021}, 0x0)

2m44.879429749s ago: executing program 4 (id=76):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000003801088054000f80080005000000000008000500000000000800060000000000080005feffffff000800050000000000080005000000000008000500107a000008000500000000000800060000000000080006005511000024000780080006"], 0x164}}, 0x0)

2m44.750636119s ago: executing program 4 (id=77):
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x4, 0x1, 0xfbeeebe03a930890, 0x0, 0x0, {0x2, 0x0, 0x2}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x800, &(0x7f00000005c0)=ANY=[@ANYBLOB="726f6469722c6e6f6e756d7461696c3d302c73686d8b20c0172c756e695f786c6174653d312c636f6465706167653d3836342c636f6465706167653d3836352c726f6469722c696f636861727365743d6b6f69382d72752c73686f72746e616d653d6d697865642c757466383d302c726f6469722c756e695f786c6174653d312c000000000000000000"], 0x1, 0x26c, &(0x7f0000000340)="$eJzs3U9rU1kYB+A3bTpJC0OyGCgzDMwdZjOr0HaYfcrQgWECipKFriw2RWlqoYWCLtruit9Bv4Iu3QouxK1fQASpghvrqgshEm//JDWJjZpG7PNs+nLu++Ock17upYueXPl1eWlhZW1xd3cn8vlMZMtRjr1MFGMkRiO1FQDA92Sv0Yg3jdSw1wIAnA7vfwA4e3q9/zNbh2PnT39lAMCgfNHf/yMDWRIAMGAXL13+f7ZSmbuQJPmI5e316no1/Zlen12M61GPWkxFId5FNA6l9b//VeamkqaXxcgvb46k+c316mh7fjoKUeycn05SUW3mDvJjMbGffzYRtZiJQvzUOT/TMf9D/PlHy/ylKMTTq7ES9ViIZjbN5yJiYzpJ/jlXOZbPfegDAAAAAAAAAAAAAAAAAAAAAIBBKCWHiu3n36Tn95RK3a6n+dbzgcZ7nQ/U2Dx2vk42fskOd+8AAAAAAAAAAAAAAAAAAADwrVi7eWtpvl6vrfYqbjy592gnlwY+2dy7yOzP219qu2fP+Ml2caz48fcXdzpdykWu38/n84qxiGgdSfanfPjbACf9WsXjnWs//7U2+Xe3nsi2jtxubrWtp8uNlB3UB/66ENG1J9/3Ddla3D8oym8/6jm4lWqr48P+xU3eLc8/2Hj+6qSpHg+NxuggHkUAAAAAAAAAAAAAAAAAAHDmHf3T77BXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDc/T9//0WuWgbyXdt3hr2HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H0AAAD//7qXlSU=")
fchown(0xffffffffffffffff, 0xee01, 0xee01)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(0xffffffffffffffff, &(0x7f0000000840)={0xb, 0x10, 0xfa00, {&(0x7f0000000700), 0xffffffffffffffff, 0x7}}, 0x18)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00')
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg(r2, &(0x7f0000001740), 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000240)={[{@errors_remount}, {@noinit_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2a}}, {@errors_remount}, {@nodelalloc}, {@grpjquota}]}, 0x3, 0x45b, &(0x7f00000010c0)="$eJzs281rHOUfAPDvTJL217dfYq0vfVGjVQy+JE1atQcvioIHBcFLPcYkLbXbRpoIthStIvUoBcGjeBT8CzzpRdST4FXvUijSi9XTyuzOdF+6u0nTTabNfj4w2eeZeWbn+c4zz+4z82QDGFjj2Z8kYmdE/B4Ro/Vsa4Hx+sv1axfm/rl2YS6JavWtv5Jaub+vXZgrihb77cgzE2lE+mkS+zscd+nc+VOzlcrC2Tw/tXz6vamlc+efPXl69sTCiYUzM0ePHjk8/cLzM8/1Jc57srru+3DxwN7X3r78xtyxy+/8/G1SxN8WR5+M99r4RLXa58OVa1dTOhlexQ5D61gZVi1rhqy5Rmr9fzSGotF4o/HqJ6VWDlhX1VyXzRerwCaWRNk1AMpRfNFn97/FsnGjj/Jdfal+A5TFfT1f6luGI83LjLTd3/bTeEQcu/jvV9kS6/McAgCgxffZ+OeZTuO/NO5vKvf/2FqbGxrL51J2R8S9EbEnIu6LqJV9ICIe7HSQHhMC7ZMkN49/0itrj25l2fjvxXxuq3X8V4z+Ymwoz+2qxT+SHD9ZWThUOycREzGyNctP9zjGD6/89nm3bc3jv2zJjl+MBfN6XBne2rrP/Ozy7O3E3OzqxxH7hjvFn9yYCUgiYm9E7FvjMU4+9c2BbttWjr+H1cwzraD6dcST9fa/GG3xF5Le85NT/4vKwqGp4qq42S+/Xnqz2/FvK/4+yNp/e8fr/0b8Y0nzfO3Srbx7vXdf+uOzrvc0k2u6/hsrtuSvH8wuL5+djtiSvF6vdPP6mca+Rb4on8U/cbBz/98djTOxPyKyi/ihiHg4Ih7Jo3s0Ih6LiIM9zsJPLz/+bq8zVHb7z7e1/1hrkbb2byS2RPuazomhUz9+1/qOjeTqPv+O1FIT+Zra59+XveNaTb1u9WoGAACAu1UaETsjSSdvpNN0crL+P/x7YntaWVxafvr44vtn5uu/ERiLkbR40jXa9Dx0Or+tL/IzbfnD+XPjL4a21fKTc4uV+bKDhwG3o0v/z/zpNxqw+fVhHg24S+n/MLj0fxhc+j8Mrg79f1sZ9QA2Xqfv/49KqAew8dr6v2k/GCDu/2Fw6f8wuJr7f1JiPYANtbQtVv6R/GZIVKvV6h1Qjc2TiPSOqEZ/Esk694KdZQd464myP5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6478AAAD//+Jk61o=")
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x48940, 0x0)
acct(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00')
r4 = syz_io_uring_setup(0x31cc, &(0x7f0000000680)={0x0, 0x20020020, 0x10100, 0x3, 0xfffffffd}, &(0x7f0000000100), &(0x7f0000000940))
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1b, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x9, 0xaa, &(0x7f00000002c0)=""/170, 0x41100, 0x40, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x2, 0x3, 0xfffffffc, 0xb}, 0x10, 0x0, r5, 0x0, &(0x7f0000000600)=[0xffffffffffffffff], 0x0, 0x10, 0x2ea85, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x9, 0xe, &(0x7f0000002000)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982", @ANYRES64=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
io_uring_enter(r4, 0x5b43, 0x8200, 0x0, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x2004)
acct(0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x2c, &(0x7f0000000780)=ANY=[], 0x0, 0x0, 0x0, 0x0})

2m43.790689364s ago: executing program 0 (id=79):
syz_emit_ethernet(0x52, &(0x7f0000000080)={@local, @empty, @val={@val={0x88a8, 0x1, 0x0, 0x1}, {0x8100, 0x5, 0x0, 0x4}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @private0, @ipv4={'\x00', '\xff\xff', @multicast2}, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) (async)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000200)=""/76, 0x4c)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x1, 0x5, 0x8080000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10)

2m42.742050111s ago: executing program 0 (id=81):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'hsr0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}, @IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x4c}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100007856bb40da0b53813de2010203010902120001000000000904000000"], 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4)
get_mempolicy(&(0x7f0000000140), &(0x7f0000000180), 0xff, &(0x7f0000ffc000/0x1000)=nil, 0x6)

2m40.508886845s ago: executing program 4 (id=84):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDDELIO(r0, 0x4b35, 0x6)
ioctl$TIOCCONS(r0, 0x541d)
ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000000)=""/3)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r0, 0x8010671f, &(0x7f0000000100)={&(0x7f0000000040)=""/163, 0xa3})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x20000, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x1403, 0x10, 0x70bd25, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)
ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r1, 0x40045730, &(0x7f0000000280)=0x3)
ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x541c, &(0x7f00000053c0))
ioctl$sock_qrtr_TIOCINQ(r1, 0x541b, &(0x7f0000005400))
fallocate(r1, 0x3, 0x1, 0x77b5)
ioctl$KDDISABIO(r0, 0x4b37)
syz_emit_vhci(&(0x7f0000005440)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_name={{0x7, 0xff}, {0x9, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, "f280f39ac09438cc1395c15b3a577c30993ac17dcee2c267e08c7a6eca6e91d5454724cfdf0fbb7e737c28a912e1eeec27173b61a14652da438b7f9e2b7d9acca6ad6f9558af4574c64e289af2d40841691b4af2146bd05022502df418c24d8d982bf02fa781696a77ca5480ec3158a63da508e60bb9264aab86de39fe7a415cd53ba4976079695ad8bfeaafe87acc70043647493794f867839cc7a6c95840960d7ef50a5f7ce4311c2ce3d94a0854a2f3f0752fe56c8e549d2ee74231174641be447c1e37844a1bc3d0af087319e58648135365ed570bc08def306f55e5a7ee9b88cd149bb91aebf308dbd47a764dfe68a6bcff3f12d4c6"}}}, 0x102)
ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000005640)={0x66, 0x9, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
writev(r0, &(0x7f0000006340)=[{&(0x7f0000006000)="69a9f986a555d85602b2bcf1a29aa094fa2dd2789d63b0b2e5ab3dc94f2b71bebcfefbb6db2f5ca4ddf77771792f1884fc877ec1b6bcf6dac22a31748e860fbc07a4aa223047ceaa6666024e7a69f88eb05bfc10e8cae2ebddea438e2c32364df1035cb2e2de194bb8429da9747c0b040537a72b4652eb71f3c4c37fab0d774f9dd93aa714a5f2636d3583ec943fec67373d8551ee12f406f6fd31473dd0973c615782f1e0175ba74f8c6c5f652ab4d382057b99b26dbd7e4e7905af277486d60a7f6e12ef971cf1cc37a475712f3646b12197", 0xd3}, {&(0x7f0000006100)="ded3a010832aa68a1dd0f7062fe246d8fc65a9c565d61ecf203e", 0x1a}, {&(0x7f0000006140)="e148604a08d33a304240f272bafa316534b1e8b86c6563c6f0747ed8110ecb4b3fd87f9963d6a0de3a8b6e404d038f8682bd122affdb809e11d190948d09af1366872b52add2d10f39bf07c744742b2f002a2033c02e431663cd34c3b4c5edb063487bf25589a0647c8fd63e343347bc767943a2a2d58cd2bd5a9c376d943a3bf1ab4961b6135e0bf6ea0a8a8afa0f96230f786f1855cc0eccd44d0068", 0x9d}, {&(0x7f0000006200)="a6356843214ab0669b32d6fd31e455740a9b09d5c4b6ff704b2cc418aa90c744d9fca1a54ad7bee1510654c63ca196a034b49d60c55923f47bfd25dc2d930abf80e7b6451094489da1a2a63250ca693e30724dd09b87c73784a5e49fcfc138bd110d5235d172e1285f44f9735a95cb9030c7874320354e5c63d441e39a5e16dc6a614a6fea1eaa912bcfdda961c41472636624f7d5809f538566dc73acbb529d926a8dfa942a5a223c98d54b255b08340bd003851e13a5802d6632dd2ac99a", 0xbf}, {&(0x7f00000062c0)="1a5dee743ec8a914c7072c5ebe7455b921d1f507459107162f6a396205bf5ada2af5884d135622e9cc5bf46b8ff1162007ee3ead8ad08525028e861179d14de00552324386", 0x45}], 0x5)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000006440)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000006400)={<r2=>0xffffffffffffffff}, 0x13f, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000006480)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x100, @ipv4={'\x00', '\xff\xff', @local}, 0x9}, r2}}, 0x30)
sendmsg$nl_route_sched(r1, &(0x7f00000065c0)={&(0x7f00000064c0)={0x10, 0x0, 0x0, 0x50000001}, 0xc, &(0x7f0000006580)={&(0x7f0000006540)=@getchain={0x2c, 0x66, 0x8, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x2}, {0x0, 0x1}, {0xfff3, 0xd}}, [{0x8, 0xb, 0x8a}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008000)
prlimit64(0x0, 0xc, &(0x7f0000006600)={0x0, 0x4}, 0x0)

2m26.959590919s ago: executing program 32 (id=81):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'hsr0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}, @IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x4c}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100007856bb40da0b53813de2010203010902120001000000000904000000"], 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4)
get_mempolicy(&(0x7f0000000140), &(0x7f0000000180), 0xff, &(0x7f0000ffc000/0x1000)=nil, 0x6)

2m24.850571525s ago: executing program 33 (id=84):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDDELIO(r0, 0x4b35, 0x6)
ioctl$TIOCCONS(r0, 0x541d)
ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000000)=""/3)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r0, 0x8010671f, &(0x7f0000000100)={&(0x7f0000000040)=""/163, 0xa3})
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x20000, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, 0x1403, 0x10, 0x70bd25, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)
ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r1, 0x40045730, &(0x7f0000000280)=0x3)
ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x541c, &(0x7f00000053c0))
ioctl$sock_qrtr_TIOCINQ(r1, 0x541b, &(0x7f0000005400))
fallocate(r1, 0x3, 0x1, 0x77b5)
ioctl$KDDISABIO(r0, 0x4b37)
syz_emit_vhci(&(0x7f0000005440)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_name={{0x7, 0xff}, {0x9, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, "f280f39ac09438cc1395c15b3a577c30993ac17dcee2c267e08c7a6eca6e91d5454724cfdf0fbb7e737c28a912e1eeec27173b61a14652da438b7f9e2b7d9acca6ad6f9558af4574c64e289af2d40841691b4af2146bd05022502df418c24d8d982bf02fa781696a77ca5480ec3158a63da508e60bb9264aab86de39fe7a415cd53ba4976079695ad8bfeaafe87acc70043647493794f867839cc7a6c95840960d7ef50a5f7ce4311c2ce3d94a0854a2f3f0752fe56c8e549d2ee74231174641be447c1e37844a1bc3d0af087319e58648135365ed570bc08def306f55e5a7ee9b88cd149bb91aebf308dbd47a764dfe68a6bcff3f12d4c6"}}}, 0x102)
ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000005640)={0x66, 0x9, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
writev(r0, &(0x7f0000006340)=[{&(0x7f0000006000)="69a9f986a555d85602b2bcf1a29aa094fa2dd2789d63b0b2e5ab3dc94f2b71bebcfefbb6db2f5ca4ddf77771792f1884fc877ec1b6bcf6dac22a31748e860fbc07a4aa223047ceaa6666024e7a69f88eb05bfc10e8cae2ebddea438e2c32364df1035cb2e2de194bb8429da9747c0b040537a72b4652eb71f3c4c37fab0d774f9dd93aa714a5f2636d3583ec943fec67373d8551ee12f406f6fd31473dd0973c615782f1e0175ba74f8c6c5f652ab4d382057b99b26dbd7e4e7905af277486d60a7f6e12ef971cf1cc37a475712f3646b12197", 0xd3}, {&(0x7f0000006100)="ded3a010832aa68a1dd0f7062fe246d8fc65a9c565d61ecf203e", 0x1a}, {&(0x7f0000006140)="e148604a08d33a304240f272bafa316534b1e8b86c6563c6f0747ed8110ecb4b3fd87f9963d6a0de3a8b6e404d038f8682bd122affdb809e11d190948d09af1366872b52add2d10f39bf07c744742b2f002a2033c02e431663cd34c3b4c5edb063487bf25589a0647c8fd63e343347bc767943a2a2d58cd2bd5a9c376d943a3bf1ab4961b6135e0bf6ea0a8a8afa0f96230f786f1855cc0eccd44d0068", 0x9d}, {&(0x7f0000006200)="a6356843214ab0669b32d6fd31e455740a9b09d5c4b6ff704b2cc418aa90c744d9fca1a54ad7bee1510654c63ca196a034b49d60c55923f47bfd25dc2d930abf80e7b6451094489da1a2a63250ca693e30724dd09b87c73784a5e49fcfc138bd110d5235d172e1285f44f9735a95cb9030c7874320354e5c63d441e39a5e16dc6a614a6fea1eaa912bcfdda961c41472636624f7d5809f538566dc73acbb529d926a8dfa942a5a223c98d54b255b08340bd003851e13a5802d6632dd2ac99a", 0xbf}, {&(0x7f00000062c0)="1a5dee743ec8a914c7072c5ebe7455b921d1f507459107162f6a396205bf5ada2af5884d135622e9cc5bf46b8ff1162007ee3ead8ad08525028e861179d14de00552324386", 0x45}], 0x5)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000006440)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000006400)={<r2=>0xffffffffffffffff}, 0x13f, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000006480)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x100, @ipv4={'\x00', '\xff\xff', @local}, 0x9}, r2}}, 0x30)
sendmsg$nl_route_sched(r1, &(0x7f00000065c0)={&(0x7f00000064c0)={0x10, 0x0, 0x0, 0x50000001}, 0xc, &(0x7f0000006580)={&(0x7f0000006540)=@getchain={0x2c, 0x66, 0x8, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x2}, {0x0, 0x1}, {0xfff3, 0xd}}, [{0x8, 0xb, 0x8a}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008000)
prlimit64(0x0, 0xc, &(0x7f0000006600)={0x0, 0x4}, 0x0)

26.868767801s ago: executing program 5 (id=333):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r0, 0x8943, &(0x7f0000000000))

25.987633539s ago: executing program 5 (id=338):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
r1 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$HIDIOCSFEATURE(0xffffffffffffffff, 0xc0404806, &(0x7f00000000c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup(0xffffffffffffffff)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000ac0)={0x4, r3})
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000000)=r3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setpriority(0x2, r1, 0x8)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c6a000002030300000000000000"], 0x1c}}, 0x1)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='task\x00')
lseek(r5, 0x3, 0x0)
getdents64(r5, 0xffffffffffffffff, 0x43)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2000000003030101"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x40000c0)
r6 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_QBUF(r6, 0xc058560f, &(0x7f0000000340)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x10, 0x0, {}, {}, 0xdab, 0x1, {0x0}, 0x3})

21.892724438s ago: executing program 5 (id=341):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000947eac20ca081101c86d00000001090212000100000000090400000089263c00"], 0x0)
r0 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x890b, &(0x7f0000000040)={'veth1_macvtap\x00', @random="0200ac7f7f00"})
syz_usb_connect(0x4, 0xe4c, &(0x7f0000001300)=ANY=[@ANYBLOB="12010102ff48158f3c41c281e8390102030109023a0e047307900609048f090a359a080a10240202ffff7760fdfa16768c8029fd0b240201010409050a358d09058003ff0366010271227f267c2acf6a7f0b796359bdb52eae739d41792d7dce5b0baca25aa02e805b25551f10140c54d4f9cd2cf1f77776c57fda84ac13e378bb367d2c2fd137ab434e539bb11fbeaa4d8532fa6ef7128510382117ad43e8ffe358c1a22c80a81b699fc8e276032fc9f165711b9405ebc986640a3b906671f57a236481aa572a8251e13683e00ba056297a6722739f43773800485b197ca75f9187296877daa702873b5a1bfd2cbed3a0cc7cf247e3dd2ad8697718405aa27851a313299c1eb6412a6fe7273833286f8df5bf72ca7e061988edc19bee09050004ff030704041204805856a5fce50b65be35b2163597fce6090504104000020904bd242d944fb66f7c7125f1404986a234f8bcd5e19574361d310f72d99bd4e29dc1161b780674c936987f523daad9b20bf0237921db6686faa8a942aa72f2e774f6f0da67ef5e3fbb7a641e20c19f4e1e3e51bd8138e15e841fe244cd712ba3144425765d6692d8b9f19d68a25e7c01b7ee06ccb867ef035f3e1221919a0a1cc8039d67c003b13362af01ad452af373f35a18243263aa4f4d18b2511dcd0677576d2e37ef30182bb7bf06f53666ab14b887540155ab18991862fe52e3990905090220000307040905080800000901fb4a224dfca706b92b8b707407826826b71ffcdedb5d9987b5e75f9efceb28c4a0d3028662b86216bca141d78232b5457a9141b491afcc0ab7abb549e5787af4efb3c34fbcbdb5531664ad0725010202050009050901ff03800b02090580014000020cfac62416d9b23176368f648f886004edb9d3b3db79748ba9f70897dec962a85a54b1c282e24258d66dea8c2058dd7e7bbccd8c385bd936522cf5eb56b1530e8dbcec3a5852fe024ebc483213d1eaef66f975930f6aec0d65cfd4d93b62407287cf2b5008780928283350dbeae968a8e681d185278bffc13abe43f5c35436220a4e1896a9a8ae0e8d30d5ac004b5b7647e40105e92434cf0032c5ead13dfa977c7f18c0aa38c7f3cac746c8f18548ae6a37fdec7e47f6a86f7c608c90c723671755607e109c19a50905080b0800040002842307f5b74f99b9c34f2b6d135c67c3aecfea35e1695ef57bf7d3f31685ada3e145e23cce1757d2bebe42fdd49b1ddb043fc00fec2d6bb41f4ae4b6536ea27b262496e66abf2dcb4a7d6bd05d49beeef31813123ff04fea5a00432c41303c8d2cf51c521048c2acc1bb09db6b472c466a9a30a29ffae20f0f6d408ed44808623feabe5489080c974ce84059c9a6cdccc39224bb103cc217e9c34ee5d8f9940f8dc71f208c8b991485b2f221b5993068da88a8f1141b6c7d07c20d76090d25e081d2b695f34f76358b17003c2be97f7b179e0d7bf5030df0a0fdf9a2f91796d6d264270a1f881d105490a70e674a15edf8662ea734bb2e9b23f1202f4406de8b5b9f41427a0bba3fb8534cf94909050e1010000146047c10fb8806847bcba57d6b61f1616162c4d2a1d6c47a5dd49a0269c96040755f867bda394d459fe0c32a07b371399b3eb5b907289d8b767abca6c0c4ee30e2d626c3243c214d6401e40325f5a812f58454617cc4526744ad7960696040bd667b218b5345c25b300f50f7edfe3b4fe68692082416902709cd85f52aba0725010081090009050e041000d0f903090413090c475ebd9ecb21f60a524e07e1918a3e8be662d698312e2271fc02f68da939ce997c03cb09a395e9b1f66b46d08077b3109e36c3ccb426345fc81c024ceb33863b3bdfdbb94be754a664609de938a2f00a21a8c879ee2c12e60c37eae852c07fc4f8cdb04f9494137f497689a1896967352caf1f359d8978b3b33d2aedb6825c6f7ca714af8320717e8d006a49a209d06db1ed7e96e2fb634a399c01de2a346821e1b1bf159c0f361e981b1bdb8f85d6a4d13b4e569ec32d2c8d580ee6e1164f612577e1f27f16d4534afec18356b0ca09050304000200030009050310080005aa0f09050710200099080907250101e509000905021020005be90190012fa89661ce14a75bdc08810586a383284f90d70f1e3a892fddee83b33e79e8c72dc489e9aaa06624604884ac0ab9116f3e336f8b392c110028224d83fa613de9079c66762fefb70862d08b96cae5b45396da166c0ab99a85e53ccffa352a4d1588a4e4620eefb760c1581bb28d17df7f09900a8d4e10f0bf85718793a0b71f3e6df62d18beecf4c98261cc77a75b090506106002000c040725010105000009050c00ff0304020607250101070b00090500002000000ef73822d71b828a6e8ccbe57a89068a8159af55a29452753db47b53f9e8b2c6a3b30f93cebfe8e994cabb258816ef9acafb38ca1258a4a329b609050f0040000200ff09050e0208007f000207250180200a0009050703000409080207250101090300090503bf0000050040cccfbffc5805bf00852bfafaa88e40d955e7f5a107e7d7dac4cf2359b3dbde0f0b4d046eb3b13281e02a6cf83f246dc39f8daa7031566b83a3f99ec06b91fa9bd3ab112c65da644ff98c7fd44c79b344585e6e947d612ac2b6a8dc29d7f311c0e594bf3b0cd13fb0202a9202e37f10ac77473cfac6387b6f7aed9befbe4340a56ac271b53bb52d4fa25caf123d5682773d5388df8a66096350a37f4d94d30dadb29aaee823bf3721d9675a54f73362b503e27d3492a45f7ef11133a76d012595479ff5815cd6c0e924b546c009050e042000020302072501030001001822d066978df99f01fbe8be5c7d3a1c74bc326556be46cb0904ef04012e1150ff0905010c4000040008740043ac82728591a5bb96b35c52c5e96f5a16b62876f14e6d5fc6cc80f8ab61629e8cca0f48419752996075cc275458bcc427cb4125ac8ddb2e7f0ebc5bd8a8d80b618f4b88a5d58029876d6e08b7e07f384f7003d561f141a9bd73f4d0dc2c681195de88459ea4027330280c5f7bdc7de56815692351fa4bb3f83b0623fa4f7ee1cd8fbdeeee55e1a7fb2910d1b80dd52fc82ef1e03da3a34a7ff82ed202fc0665d9ce3d095e71d17e55cf767b5743bb3794c3e062c909a77dc67410aa031cec4ebdd2eaa1a9ece4fc02a6fa028c9941b70b695d4bcee142ab757c77090422650b57d1810a0a24060000d0e633152405240002000d240f017fde000000004e00091524120100a317a88b045e4f01a607c0ffcb7e392a07240aa98c09f90424020906241a02001006241af8ff00090504041000055703360b4d39f231258502184897760927dc34cbfaf456fbc63591889b37a306c057f6c6513ef960f58ffc1e7e6aa88417eced2901170bfdf6029a6b739c8850830526c2d19b109ee3b0b9f099a04cedbfed3e5b39a9077b8e04ba51d36d8e9a1d20b37a4248403f48680b50b2d663bf9e31c4a7033509869bedb38bbea7e5b5a19b98b9f6ba49899f376f92fbab1b65f5654013caaec17ab83c5f261593b94e5c4be66c4bad062b0b3a3e85e16c82fcd94f894da21acd12e9719ce1423ecc70c0e33c83ec1670efaad5b4eeb5fa2d3f7ad834984aec9f875839e5404207c5ba2d125906a4f1c63b8ebe35f6cea4eb7bc4d291472d268c7918b59c5b2c6877b5976aea80489b50afbf6fcabd5329f5cd47ae8dfd2dda23a927c291ccb2b4f48261c4047e1511c1eaa8a6dc224838090507004000ff10fc072501010380000905090300040709800725010703e8000905020000040800060725010440460b7d092be701aa4359c9bd1d8a01145d84d431ac4bdb173b0c67b50847e6ee93bff7d61a65ea0665d29e94780a517896d0459b3b820576364264f7a281fbe246d564a81eea16d67ad07187db1ce273f3d6d62eaa89a37f85e93ae957a8ad2614aefd2fc2a84fb9f5bfaab3d76862c6df94e5123bf66b063ba6da9da3942b090500004000060a060725018006060009050512ff030404010905041000040605093a0dcf36f21cfb8de216bf34f2220b1d72ceb67e46bbcee1be96a0463d2f1391281574f21b44761293c143866ca40da87f9fb07deaa632bad49db65c1fbe88624db254a17735ea974002a322f71faf20676ff9df140123b5fb9c915cbde3a92476af767816dea4f5b89978f4943a97e61b4c24cc8c05bdf3480c9baaa5e0ec4ed7f78a5d125fe8f610a164b342dda8fca13956be894304131816183fb597e502cc8e061442683ffcc2afa1b4a9010865ac13dfaf30643d8e74c365489d61c4e7fef9f028ee2d6d2a612f3bf2e581561f3b090504041000017f010905070310000b070207250183090900cb049cff36f0203ee03fe008eb333f283d1f8f71df8185947c5da3a51dd00c625f2e8b24a16208e9258d83e0285fa88a2c48dd38d41fb68c2cb7bd5f057163ed8fb4ddde9a9f6984afc42e1d059b8e38e4481daf1c172eb3ce990b59f5a5bd5bb8bf4fc91858786e281473a0fc36daea47c1a2e2351dce3db6e6afc2697ceef9f2714a0363f7c81060ea4711f743d27486fe5bb4a39d6bc19c9d8553921319c1ccc38b9eb4486ccdd2c1a033c848f2565c7c6cb8189432b2b591d7c368d13b9aa73697d26050a5f1967d600905050000040400045721cb156faf32e68075998c167b92b44cec45430f9a6cc61f3c6554bd0a64413d9572ef3afe09f60627125adbcdc31eab68324b493d01409600cb504a3f613cbe16499173bfb4391555242d9be86e075350e6adbb410f07250143000200090508004000f70003dc21665f358871e706849a491214342c774ccfea8cdf0f31a43ca0f274624cfab0e53c8824ba267f056946b1eaa524904ae337db61096f9c32049e1b61c1b8cad340036494ea3b5be099dbc5fdb8d045aec54c2c40d5307e10a1e88674dd620a69c4fe7bd990033cd0e806dc012638edc4e6c5e6ed8aa4679b88987dc969e432ccc28fbdf2660bdec6a32eec4fbb2bdc5d5150d98483ad69441e6a66dd9015644c1796c988b5dca14bc682449b7c17cc4c1b70c7221248a3422b2d0d5812ed3b8851a3f63cc1c21ba82b223674362396c8e2670955bfac7d3f56bd36032efd5a65906cd4964d85b20625ded9391cbc4df7b3ec5fd0579568d84dda6e77bbe1562ed365977a2c28953350d40cb9ebf8ae111953c0cd30c24f2ec6838c5a55c9250c62b7bdcec9b21aa621296f490c5510dd24e8f55dca8f61bda09a2c2f4095c30249c1d29c39d6f307480d2bbf28522b93ea0fbdf5893a7f52548f4d9dac887678163a225e3f74f9800c35c4be67b0a0c6e1264bdab0c505b6b9f1eb23edab48bddafb248610ecaa61fc5a484e"], &(0x7f0000001280)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x4, 0xfe, 0x69, 0xbf, 0x1}, 0x5, &(0x7f0000000f00)={0x5, 0xf, 0x5}, 0x6, [{0x4, &(0x7f0000000f40)=@lang_id={0x4, 0x3, 0x411}}, {0xe7, &(0x7f0000000f80)=@string={0xe7, 0x3, "5853a58afae4dc7a76481dc2bf1f13ba9731471a12c6a8cb117f67226d5817a7678c3dbcf15e875c855e4390a3d65ea21857a5091ea1c7d48c4cb43f5348117ae75efbd8173da6548fda853173a9d4e8d9218c2fb83c4a071120b41cca307efabcf63593ca57999ca3b126f4d3dee5398ceafc1d62a5d2f7ed8de4954dd8bf0aadf59c90f892d1a04351088cae8e8cda19c1728a70933882f7d629aca2a6e42969ce3d9e8f3b7fd05c876f4a5e9cc8f32dfa091ffd7b44f9aa87355ce449dbdb16d8544670c134f7887ff3de5e89632c7d0d51ec289a81b9ae3f396d26a550815d59f0a424"}}, {0x51, &(0x7f0000001080)=@string={0x51, 0x3, "5c8cad0c06af31b65ad76f6f2e045c1cdbe3430c02ef8737993c588910b28f09193fb9b0adb30d99983270bae3b731e4c15682a8871be30df5f94c8a424c4a970cc0b6eb0c46a3f4f29df27acf6e62"}}, {0xd8, &(0x7f0000001100)=@string={0xd8, 0x3, "0a8a1965278f95fdb0f878c8eda7b4b6940b2acc9b84fcd2632559f821361b18ce6533bd586891c2abe63916bfcf7d8be848cefcf99a27b593f57c3d8cecf18cae2be75137285e37d56a088f756a092b3aca7471f4186a89950e702c57e58dd4c7799fff875978fb37a01e7f6ea6750c8b17f52b5dfa91f6475e9700b55c9919c8a5517f4ae3a48128ad3ec9f19c39755f40272e6e1dce269dd5424e023779dba02f79987d180f3ae225fbda6d46c638928c0aaffde6e1e51404c22c8a9200e32f9c77131d642c2f1bab43b2d9126543551824213f28"}}, {0x21, &(0x7f0000001200)=@string={0x21, 0x3, "d668d7529bef58c83caae821b6a86fb788b54279681d720334e16235ab4a9b"}}, {0x4, &(0x7f0000001240)=@lang_id={0x4, 0x3, 0x3801}}]})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = dup(0xffffffffffffffff)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f00000000c0)={0x0, 0x4})
sched_setaffinity(r2, 0xfffffffffffffd5b, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
fsopen(0x0, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6}, 0x18)
recvmmsg(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002540)=""/216, 0xd8}}], 0x1, 0x0, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r7, 0x0, 0x0, 0x24000844, &(0x7f00000001c0)={0xa, 0x4e21, 0x100, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x1c)
socket$kcm(0x10, 0x2, 0x4)

15.812895281s ago: executing program 5 (id=357):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, 0x0, 0x0)
write$cgroup_devices(r1, &(0x7f00000001c0)={'b', ' *:* ', 'r\x00'}, 0x8)

12.790807634s ago: executing program 5 (id=360):
syz_io_uring_setup(0x7d99, &(0x7f0000000000)={0x0, 0xcccd, 0x40, 0x2, 0xb2}, &(0x7f0000000080), &(0x7f00000000c0))
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r4, 0x3b89, &(0x7f00000002c0)={0x18, 0x0, r6, r7, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r7, 0x0, &(0x7f0000236000/0x800000)=nil, 0x800000, 0x400000000000000})
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = dup(r8)
ioctl$TIOCL_SETSEL(r9, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e, 0x100}})

11.613272899s ago: executing program 2 (id=361):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r0, 0x8943, &(0x7f0000000000))

11.321479267s ago: executing program 1 (id=364):
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x410000002)
socket$inet6(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
r4 = syz_open_dev$video4linux(&(0x7f0000000200), 0x4, 0xc0203)
ioctl$VIDIOC_TRY_ENCODER_CMD(r4, 0xc0305602, &(0x7f0000000040)={0x1, 0x5, [0x3, 0x0, 0x0, 0x0, 0x7fff]})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1042, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r5, &(0x7f00000002c0)=ANY=[@ANYBLOB="0700a3fcf070d1ff"], 0xffdd)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r7, 0x8923, &(0x7f0000000000)={'vlan0\x00', @random="0133014010ff"})

10.61584454s ago: executing program 2 (id=365):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x20, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x20}}, 0x0)

9.701941333s ago: executing program 6 (id=366):
r0 = syz_open_dev$ndb(0x0, 0x0, 0x4000)
ioctl$NBD_DISCONNECT(r0, 0xab08)
syz_open_dev$ndb(&(0x7f00000009c0), 0x0, 0x40040)

9.561047228s ago: executing program 2 (id=367):
prctl$PR_SET_SECUREBITS(0x1c, 0x4)
r0 = syz_open_dev$usbfs(&(0x7f0000000280), 0x77, 0x101a01)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x2c}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
ppoll(&(0x7f0000000180), 0x0, 0x0, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000100)={0x4004, <r7=>r5, 0x2})
mmap$dsp(&(0x7f0000fff000/0x1000)=nil, 0x1002, 0x0, 0x11, r7, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b800000019000001fcffffff00000000ac1e0001000000000000000000000000ac1414aa0000000000000000000000000000000000000000020080a087000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a800000040000000000000000000000000000f0000000000fdffffffffffffffffffffffffffffff010400000000000000000000000000000000000000000000030a0000000000000000000000000000000000000000000021000000000000000001000000000000"], 0xb8}}, 0x41044)
syz_emit_ethernet(0x1b9, &(0x7f0000002140)=ANY=[@ANYBLOB="12f8eb39790daaaaaaaaaa3208004d0001ab00000000002f9078e0000002ffffffff4420a0b0000000090000000800010000000000000000000500000009000005a22480810000e5001042ee54dd6e2d8ffe86d9ef7269afe98397efc10791d1b99d5dc0a2ff030000a49bbc3d287d74a605ae70b0b744a490f8862f94ad763be750a963957683d9cfeba6724c1ce39cefb189116113d706406866bde649e8af3a73a7d3ff72092df03dbde124b83929a9e700d017a33389c69b0e9fe06ffc405817602842f8db2a8e0ec1a5322c6a5598f6fdd9f899bb83c139d6acabe6944d1c31e05a2bc445be61e873cdfd0824a1fdf65c83dc97295e3dc3fb795e0a7658894369b19dabc12d289dbbcf718817223aead371086737518023fb58f813d027a964354b9b66b673cf9ca980f6f6ce10000800000086dd00000008000e2e53ed8f9e30c866937b1c5d3d3607f84039870ef1580ac9cf2fb994a8497ba04278cc8d99d8978556356d3622802cdf80b70782888dde6313a55a87238fb75de8cb34198cdd2743080088be0000000010fd00000100000000000000080022eb00000003202c00000200000000000000000000000800655800000000"], 0x0)
read$FUSE(r8, &(0x7f0000000040)={0x2020}, 0x2020)
ioctl$USBDEVFS_DISCSIGNAL(r0, 0x8010550e, &(0x7f0000000040)={0x1ec, 0x0})
setresuid(0x0, 0x0, 0x0)
syz_clone(0xb00200, 0x0, 0x0, 0x0, 0x0, 0x0)

9.441120196s ago: executing program 3 (id=368):
syz_emit_vhci(0x0, 0x7)

9.197362591s ago: executing program 3 (id=369):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f14241313560608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})

9.050542983s ago: executing program 3 (id=370):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), 0x0)
syz_io_uring_setup(0x3609, 0x0, &(0x7f0000000340), &(0x7f00000005c0))
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
r5 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=<r6=>0x0, &(0x7f0000000340)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x2, &(0x7f00000001c0)={0x0, 0x3938700}, 0x1, 0x40})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r5, 0x2, 0x10a5, 0x3, 0x0, 0x0)
openat$ttyS3(0xffffff9c, 0x0, 0x0, 0x0)

8.749030588s ago: executing program 6 (id=371):
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x100)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x0, 0x25dfdbff, {0x2, 0x8, 0x0, 0xfe, r2}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)

7.701311691s ago: executing program 2 (id=372):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
umount2(&(0x7f0000000500)='./bus\x00', 0x9)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'wg0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000006880)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xd, 0x8}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x51}, 0x8000)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
ioctl$NS_GET_USERNS(r4, 0xb701, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000000314010000000000000008000900020073797a310000000008004100736977001400330073797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@getqdisc={0x24, 0x26, 0x705, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xfff1}, {0x10, 0x8}, {0x4, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c88b}, 0x0)

7.701068851s ago: executing program 6 (id=373):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20082, 0x0)
write$sequencer(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="9206b0"], 0x8)

6.465551073s ago: executing program 1 (id=374):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x5, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {}, {0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_EMATCHES={0x20, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x6, 0x8, 0x5}, {0x0, 0x1, 0x6}}}]}]}]}}]}, 0x54}}, 0x0)

5.096121682s ago: executing program 6 (id=375):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r1, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}, 0x5a}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000003b40)=""/14, 0xe}, 0x2}], 0x2, 0x122, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a1281)
ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netdev_private(r3, 0x8943, &(0x7f0000000000))

4.053301385s ago: executing program 1 (id=376):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000001940)=[{0x0, 0x0, &(0x7f0000001880)=[{&(0x7f0000000340)='GS\a', 0x3}], 0x1}], 0x1, 0x40014)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

3.123012142s ago: executing program 3 (id=377):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_getnetconf={0x14, 0x52, 0x311}, 0x14}}, 0x0)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000500)="d71963")
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000180))

2.348475016s ago: executing program 1 (id=378):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sync_file_range(r0, 0x8000, 0x2596, 0x1)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
socket$packet(0x11, 0x2, 0x300)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r2, 0xc2604110, &(0x7f0000000280)={0x0, [[0x7ff], [0x0, 0xfffffffe], [0xfff]], '\x00', [{0x2, 0x1, 0x1}, {}, {}, {0x0, 0xfffffffd}]})

1.730278049s ago: executing program 6 (id=379):
syz_emit_vhci(0x0, 0x7)

1.242053324s ago: executing program 3 (id=380):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f14241313560608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})

1.148788471s ago: executing program 2 (id=381):
r0 = syz_open_dev$ndb(0x0, 0x0, 0x4000)
ioctl$NBD_DISCONNECT(r0, 0xab08)
syz_open_dev$ndb(&(0x7f00000009c0), 0x0, 0x40040)

663.867509ms ago: executing program 6 (id=382):
io_uring_setup(0x253d, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x1})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)

624.488449ms ago: executing program 1 (id=383):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f0000000140)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000340)="b02e1552", 0x4}], 0x1}, 0x0)
recvmmsg(r1, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)=""/120, 0x78}], 0x1, &(0x7f0000000640)=""/211, 0xd3}}], 0x1, 0x0, 0x0)

554.045457ms ago: executing program 2 (id=384):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000780)={'wlan1\x00'})
r1 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd", 0xa)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40088c0}, 0x4008010)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r6, 0x0, 0x1, &(0x7f0000000000)=0x2, 0x4)
setsockopt$WPAN_SECURITY(r6, 0x0, 0x1, &(0x7f0000000080), 0x4)
sendmsg$802154_dgram(r6, &(0x7f00000018c0)={&(0x7f0000000500), 0x14, &(0x7f0000001880)={0x0}, 0x1, 0x0, 0x0, 0x24000080}, 0x0)
r7 = dup(r5)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
mkdir(&(0x7f0000000140)='./control\x00', 0x0)
r9 = dup(r8)
sendfile(r9, r7, 0x0, 0x89ffc)
recvmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x10041)
socket$inet_udplite(0x2, 0x2, 0x88)

111.744711ms ago: executing program 3 (id=385):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000dfff007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)

87.714993ms ago: executing program 5 (id=386):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup3(r0, 0xffffffffffffffff, 0x80000)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x1c, 0x4, 0x6, 0x801, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8800}, 0xc054)

0s ago: executing program 1 (id=387):
socket$inet(0x2, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r0, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r1 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}}, 0x0)

kernel console output (not intermixed with test programs):

stem zones: 0-2, 18-18, 34-34
[  272.602335][ T6217] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  272.738485][ T6217] EXT4-fs (loop2): 1 truncate cleaned up
[  272.746142][ T6217] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  273.066622][ T6225] netlink: 8 bytes leftover after parsing attributes in process `syz.4.59'.
[  273.190179][ T6217] EXT4-fs error (device loop2): ext4_xattr_block_find:1877: inode #15: comm syz.2.58: corrupted xattr block 19: invalid header
[  273.236750][ T6217] EXT4-fs (loop2): Remounting filesystem read-only
[  273.520177][ T5847] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  273.731629][ T5847] usb 1-1: Using ep0 maxpacket: 32
[  273.745660][ T5847] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  273.757477][ T5847] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  273.784552][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.836569][ T5847] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  273.846585][ T5847] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  273.855768][ T5847] usb 1-1: Product: syz
[  273.860175][ T5847] usb 1-1: Manufacturer: syz
[  273.957804][ T5847] hub 1-1:4.0: USB hub found
[  274.279589][ T6227] loop0: detected capacity change from 0 to 256
[  274.325498][ T6227] vfat: Unknown parameter 'shm‹ À'
[  274.410592][ T5847] hub 1-1:4.0: 2 ports detected
[  274.647999][ T6227] loop0: detected capacity change from 0 to 512
[  274.768320][ T6227] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  275.455641][ T5847] hub 1-1:4.0: hub_hub_status failed (err = -32)
[  275.455771][ T5847] hub 1-1:4.0: config failed, can't get hub status (err -32)
[  275.595425][ T6227] EXT4-fs (loop0): 1 orphan inode deleted
[  275.595537][ T6227] EXT4-fs (loop0): 1 truncate cleaned up
[  275.597176][ T6227] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  275.701802][ T6227] Process accounting resumed
[  275.707789][   T29] audit: type=1804 audit(1736242075.081:6): pid=6227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.60" name=2F6E6577726F6F742F31322F6275732FE91F7189591E9233614B dev="loop0" ino=18 res=1 errno=0
[  276.133470][ T6237] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  276.152887][ T6237] EXT4-fs (loop0): Remounting filesystem read-only
[  276.260808][ T6244] Zero length message leads to an empty skb
[  276.791533][ T5838] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  276.969234][ T5838] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  276.969371][ T5838] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  276.976087][ T5838] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  276.976249][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  276.976383][ T5838] usb 4-1: SerialNumber: syz
[  277.172656][ T5845] usb 1-1: USB disconnect, device number 9
[  277.385026][ T5788] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.954145][ T6250] loop2: detected capacity change from 0 to 1024
[  278.051778][ T5847] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  278.161836][   T52] Bluetooth: hci4: command 0x0405 tx timeout
[  278.232083][ T5847] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  278.232251][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.232383][ T5847] usb 2-1: Product: syz
[  278.232491][ T5847] usb 2-1: Manufacturer: syz
[  278.232598][ T5847] usb 2-1: SerialNumber: syz
[  278.261488][ T5847] r8152-cfgselector 2-1: Unknown version 0x0000
[  278.261614][ T5847] r8152-cfgselector 2-1: config 0 descriptor??
[  278.311739][ T5845] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  278.484470][ T5847] r8152-cfgselector 2-1: USB disconnect, device number 2
[  278.510362][ T5845] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  278.510606][ T5845] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  278.510872][ T5845] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  278.511346][ T5845] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.545595][ T6249] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  278.558671][ T5845] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  278.806464][ T6249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  278.808120][ T6249] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  278.863492][ T6249] 9pnet: Found fid 0 not clunked
[  278.928076][ T5845] usb 3-1: USB disconnect, device number 5
[  279.091497][ T5847] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  279.282764][ T5847] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  279.282901][ T5847] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  279.283093][ T5847] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  279.283249][ T5847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.321505][ T5847] usb 1-1: config 0 descriptor??
[  279.811727][ T5838] usb 4-1: 0:2 : does not exist
[  279.811888][ T5838] usb 4-1: unit 5: unexpected type 0x0a
[  279.979194][ T6263] loop1: detected capacity change from 0 to 512
[  279.981980][ T6263] EXT4-fs: Ignoring removed nomblk_io_submit option
[  280.002182][ T6263] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  280.008979][ T6263] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a85ec028, mo2=0002]
[  280.009395][ T6263] System zones: 0-2, 18-18, 34-34
[  280.021666][ T6263] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  280.033758][ T6263] EXT4-fs (loop1): 1 truncate cleaned up
[  280.035385][ T6263] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.043884][ T6261] EXT4-fs error (device loop1): ext4_xattr_block_find:1877: inode #15: comm syz.1.71: corrupted xattr block 19: invalid header
[  280.049493][ T6261] EXT4-fs (loop1): Remounting filesystem read-only
[  280.245866][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.545838][ T5845] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  280.602821][ T5838] usb 4-1: USB disconnect, device number 5
[  280.643591][ T2959] hfsplus: b-tree write err: -5, ino 4
[  280.699797][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  280.706858][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  280.879768][ T6271] loop1: detected capacity change from 0 to 128
[  281.419613][ T6271] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  281.445353][ T6275] loop2: detected capacity change from 0 to 256
[  281.453175][ T6271] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  281.497266][ T6275] exfat: Deprecated parameter 'namecase'
[  281.503403][ T6275] exfat: Deprecated parameter 'namecase'
[  281.609228][ T6275] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1fdf94bc, utbl_chksum : 0xe619d30d)
[  281.655466][ T6000] udevd[6000]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  281.673970][ T5838] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  281.975894][ T6279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  281.987789][ T6279] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.051571][ T5838] usb 5-1: Using ep0 maxpacket: 32
[  282.068094][ T5838] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  282.081332][ T5838] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  282.103187][ T5783] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  282.108844][   T45] usb 1-1: USB disconnect, device number 10
[  282.146021][ T5838] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  282.156395][ T5838] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  282.166007][ T5838] usb 5-1: Product: syz
[  282.170412][ T5838] usb 5-1: Manufacturer: syz
[  282.215659][ T6001] udevd[6001]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  282.223908][ T5838] hub 5-1:4.0: USB hub found
[  282.321585][ T5845] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  282.509339][ T6264] loop3: detected capacity change from 0 to 32768
[  282.540245][ T6277] loop4: detected capacity change from 0 to 256
[  282.563479][ T6277] vfat: Unknown parameter 'shm‹ À'
[  282.672957][ T5838] hub 5-1:4.0: 2 ports detected
[  282.674945][ T6264] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.72 (6264)
[  282.715833][ T6283] loop1: detected capacity change from 0 to 1764
[  282.752815][ T6264] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  282.763622][ T6264] BTRFS info (device loop3): using sha256 (sha256-generic) checksum algorithm
[  282.774930][ T6264] BTRFS info (device loop3): using free-space-tree
[  282.832842][ T6283] iso9660: Corrupted directory entry in block 2 of inode 1920
[  282.841881][ T6264] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  282.842842][ T6264] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  282.853304][ T6264] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  282.863064][ T6264] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  282.873456][ T6264] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  282.884884][ T6264] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  282.902808][ T6264] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  283.055785][ T6277] loop4: detected capacity change from 0 to 512
[  283.152691][ T6277] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  283.171939][ T6264] BTRFS error (device loop3): open_ctree failed
[  284.047523][ T5838] hub 5-1:4.0: hub_hub_status failed (err = -32)
[  284.054494][ T5838] hub 5-1:4.0: config failed, can't get hub status (err -32)
[  284.304083][ T6277] EXT4-fs (loop4): 1 orphan inode deleted
[  284.310095][ T6277] EXT4-fs (loop4): 1 truncate cleaned up
[  284.317673][ T6277] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  284.708877][ T6310] netlink: 8 bytes leftover after parsing attributes in process `syz.3.83'.
[  285.522216][ T5838] usb 5-1: USB disconnect, device number 8
[  285.660107][ T5798] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.338677][ T6317] loop2: detected capacity change from 0 to 1024
[  287.073723][ T5838] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  287.311854][ T5838] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  287.312050][ T5838] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  287.312260][ T5838] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  287.312419][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.363756][ T6317] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  287.385042][ T5838] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  287.644950][ T6317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  287.646040][ T6317] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  287.743102][ T6317] 9pnet: Found fid 0 not clunked
[  288.015926][ T5838] usb 3-1: USB disconnect, device number 8
[  288.771526][ T5838] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  288.929148][ T5838] usb 3-1: device descriptor read/64, error -71
[  289.175075][ T5838] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  289.331668][ T5838] usb 3-1: device descriptor read/64, error -71
[  289.411433][ T5845] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  289.446893][ T5838] usb usb3-port1: attempt power cycle
[  289.588963][ T5845] usb 4-1: Using ep0 maxpacket: 32
[  289.619873][ T5845] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  289.620043][ T5845] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.635713][ T5845] usb 4-1: config 0 descriptor??
[  289.812133][ T5838] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  289.963807][ T5845] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  289.995728][ T5845] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  290.023128][ T5838] usb 3-1: device not accepting address 11, error -71
[  290.029434][ T5845] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  290.029571][ T5845] usb 4-1: media controller created
[  290.111709][ T5845] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  290.172840][ T2959] hfsplus: b-tree write err: -5, ino 4
[  290.679696][ T6328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  290.680775][ T6328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  290.734080][ T6328] netlink: 8 bytes leftover after parsing attributes in process `syz.3.88'.
[  291.055163][ T5953] udevd[5953]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  291.433123][ T5845] az6027: usb out operation failed. (-71)
[  291.433198][ T5845] stb0899_attach: Driver disabled by Kconfig
[  291.433257][ T5845] az6027: no front-end attached
[  291.433257][ T5845] 
[  291.437225][ T5838] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  291.444635][ T5845] az6027: usb out operation failed. (-71)
[  291.444717][ T5845] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  291.447922][ T5845] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[  291.548982][ T5845] dvb-usb: schedule remote query interval to 400 msecs.
[  291.549078][ T5845] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  291.653411][ T5845] usb 4-1: USB disconnect, device number 6
[  291.694157][ T5838] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  291.694295][ T5838] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  291.694495][ T5838] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  291.694653][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.773474][ T5838] usb 3-1: config 0 descriptor??
[  292.820276][ T5845] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  292.897790][ T6333] FAULT_INJECTION: forcing a failure.
[  292.897790][ T6333] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  292.897933][ T6333] CPU: 0 UID: 0 PID: 6333 Comm: syz.1.90 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  292.898090][ T6333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  292.898171][ T6333] Call Trace:
[  292.898222][ T6333]  <TASK>
[  292.898280][ T6333]  dump_stack_lvl+0x216/0x2d0
[  292.898473][ T6333]  dump_stack+0x1e/0x24
[  292.898633][ T6333]  should_fail_ex+0x748/0x7f0
[  292.898820][ T6333]  should_fail_alloc_page+0x235/0x2b0
[  292.898981][ T6333]  __alloc_pages_noprof+0x343/0xe00
[  292.899165][ T6333]  alloc_pages_mpol_noprof+0x299/0x990
[  292.899330][ T6333]  ? kmsan_get_metadata+0x13e/0x1c0
[  292.899485][ T6333]  vma_alloc_folio_noprof+0x454/0x7f0
[  292.899655][ T6333]  do_wp_page+0x1860/0x7160
[  292.899820][ T6333]  ? filter_irq_stacks+0x164/0x1a0
[  292.900021][ T6333]  handle_mm_fault+0x5fe9/0xdcc0
[  292.900201][ T6333]  ? kmsan_get_metadata+0x13e/0x1c0
[  292.900401][ T6333]  exc_page_fault+0x41b/0x700
[  292.900591][ T6333]  asm_exc_page_fault+0x2b/0x30
[  292.900766][ T6333] RIP: 0033:0x7f0c94648ba3
[  292.900875][ T6333] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  292.901000][ T6333] RSP: 002b:00007f0c956444a0 EFLAGS: 00010206
[  292.901122][ T6333] RAX: 0000000000012c00 RBX: 00007f0c95644540 RCX: 00007f0c8a000000
[  292.901225][ T6333] RDX: 00007f0c956446e0 RSI: 0000000000000001 RDI: 00007f0c956445e0
[  292.901332][ T6333] RBP: 00000000000000b9 R08: 0000000000000007 R09: 000000000000004c
[  292.901424][ T6333] R10: 0000000000000056 R11: 00007f0c95644540 R12: 0000000000000001
[  292.901519][ T6333] R13: 00007f0c94819040 R14: 0000000000000005 R15: 00007f0c956445e0
[  292.901638][ T6333]  </TASK>
[  292.902308][ T6333] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  293.057791][ T6333] loop1: detected capacity change from 0 to 256
[  293.126784][ T6333] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  293.206182][ T6333] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  293.206320][ T6333] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  293.206404][ T6333] UDF-fs: Scanning with blocksize 512 failed
[  293.250262][ T6333] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  293.283789][ T6333] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  294.670372][ T5845] usb 3-1: USB disconnect, device number 13
[  295.661330][ T5845] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  295.829697][ T5845] usb 3-1: Using ep0 maxpacket: 32
[  295.861525][ T5845] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  295.861712][ T5845] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  295.888647][ T5845] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  295.888815][ T5845] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  295.888965][ T5845] usb 3-1: Product: syz
[  295.889071][ T5845] usb 3-1: Manufacturer: syz
[  295.948819][ T5845] hub 3-1:4.0: USB hub found
[  296.280389][ T6342] loop2: detected capacity change from 0 to 256
[  296.372298][ T6342] vfat: Unknown parameter 'shm‹ À'
[  296.373866][ T6344] loop1: detected capacity change from 0 to 128
[  296.463039][ T6344] qnx4: no qnx4 filesystem (no root dir).
[  296.558861][ T5845] hub 3-1:4.0: 2 ports detected
[  296.938233][ T6342] loop2: detected capacity change from 0 to 512
[  297.051806][ T6342] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  297.380692][ T6342] EXT4-fs (loop2): 1 orphan inode deleted
[  297.380869][ T6342] EXT4-fs (loop2): 1 truncate cleaned up
[  297.383731][ T6342] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  297.482706][   T29] audit: type=1804 audit(1736242096.881:7): pid=6342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.94" name=2F6E6577726F6F742F31392F6275732FE91F7189591E9233614B dev="loop2" ino=17 res=1 errno=0
[  297.664456][ T5845] hub 3-1:4.0: hub_hub_status failed (err = -32)
[  297.664584][ T5845] hub 3-1:4.0: config failed, can't get hub status (err -32)
[  297.768054][ T6342] Process accounting resumed
[  298.324118][ T6350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.96'.
[  299.647574][   T29] audit: type=1326 audit(1736242099.051:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  299.739563][   T29] audit: type=1326 audit(1736242099.141:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  299.745642][   T29] audit: type=1326 audit(1736242099.141:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  299.745859][   T29] audit: type=1326 audit(1736242099.151:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  299.816758][ T5838] usb 3-1: USB disconnect, device number 14
[  299.823606][   T29] audit: type=1326 audit(1736242099.221:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  299.823815][   T29] audit: type=1326 audit(1736242099.231:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  299.845245][   T29] audit: type=1326 audit(1736242099.241:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  299.854990][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.907170][   T29] audit: type=1326 audit(1736242099.271:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  299.970802][   T29] audit: type=1326 audit(1736242099.351:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0c94784690 code=0x7ffc0000
[  300.275533][ T5838] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  300.334410][ T5845] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  300.377657][   T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  300.379536][   T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  300.382613][   T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  300.389893][   T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  300.394885][   T52] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  300.396781][   T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  300.429988][ T5838] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  300.430123][ T5838] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  300.453640][ T5838] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  300.460649][ T4167] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.476945][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.770471][ T5838] usb 4-1: Product: syz
[  300.770587][ T5838] usb 4-1: Manufacturer: syz
[  300.770695][ T5838] usb 4-1: SerialNumber: syz
[  300.878489][ T5845] usb 2-1: Using ep0 maxpacket: 16
[  300.901811][ T5845] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  300.902008][ T5845] usb 2-1: config 0 has no interface number 0
[  300.955347][ T5845] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  300.955517][ T5845] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.955647][ T5845] usb 2-1: Product: syz
[  300.955751][ T5845] usb 2-1: Manufacturer: syz
[  300.955858][ T5845] usb 2-1: SerialNumber: syz
[  300.965055][ T5845] usb 2-1: config 0 descriptor??
[  301.102271][ T4167] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.114684][ T5845] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  301.241301][    C0] raw-gadget.0 gadget.3: ignoring, device is not running
[  301.241808][ T4167] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.301256][ T6363] program syz.2.101 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  301.661267][ T5838] usb 4-1: 0:2 : does not exist
[  301.679163][ T5838] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  301.705195][   T52] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  301.709229][ T4167] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.758875][   T52] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  301.792653][ T5838] usb 4-1: USB disconnect, device number 7
[  301.823352][   T52] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  301.957092][   T52] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  301.996469][   T52] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  301.999616][   T52] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  302.066323][ T6353] 9pnet_fd: Insufficient options for proto=fd
[  302.180770][ T5986] udevd[5986]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  302.594373][ T5845] gspca_spca1528: reg_w err -110
[  302.610868][   T29] kauditd_printk_skb: 64 callbacks suppressed
[  302.610950][   T29] audit: type=1326 audit(1736242102.001:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  302.611401][   T29] audit: type=1326 audit(1736242102.001:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  302.611916][ T5845] spca1528 2-1:0.1: probe with driver spca1528 failed with error -110
[  302.811351][   T29] audit: type=1326 audit(1736242102.201:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  302.811570][   T29] audit: type=1326 audit(1736242102.201:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  302.811775][   T29] audit: type=1326 audit(1736242102.201:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  302.811987][   T29] audit: type=1326 audit(1736242102.211:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  302.821399][   T52] Bluetooth: hci2: command tx timeout
[  302.830714][   T29] audit: type=1326 audit(1736242102.221:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  302.830934][   T29] audit: type=1326 audit(1736242102.221:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  302.978214][   T29] audit: type=1326 audit(1736242102.301:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  302.978436][   T29] audit: type=1326 audit(1736242102.301:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6352 comm="syz.1.98" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c94785d29 code=0x7ffc0000
[  303.054990][ T4167] bridge_slave_1: left allmulticast mode
[  303.055101][ T4167] bridge_slave_1: left promiscuous mode
[  303.055944][ T4167] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.148246][ T4167] bridge_slave_0: left allmulticast mode
[  303.148351][ T4167] bridge_slave_0: left promiscuous mode
[  303.149247][ T4167] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.251472][ T5845] usb 2-1: USB disconnect, device number 3
[  304.274445][ T6377] loop3: detected capacity change from 0 to 32768
[  304.327086][ T5789] Bluetooth: hci5: command tx timeout
[  304.344011][ T4167] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  304.376916][ T6377] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.104 (6377)
[  304.609093][ T4167] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  304.615476][ T4167] bond0 (unregistering): Released all slaves
[  304.866667][ T6377] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  304.878604][ T6377] BTRFS info (device loop3): using sha256 (sha256-generic) checksum algorithm
[  304.890589][ T6377] BTRFS info (device loop3): using free-space-tree
[  304.891414][   T52] Bluetooth: hci2: command tx timeout
[  304.972541][ T6359] chnl_net:caif_netlink_parms(): no params data found
[  305.131003][ T6379] loop2: detected capacity change from 0 to 4096
[  305.275985][ T6379] NILFS (loop2): invalid segment: Checksum error in segment payload
[  305.284506][ T6379] NILFS (loop2): trying rollback from an earlier position
[  305.369141][ T6364] chnl_net:caif_netlink_parms(): no params data found
[  305.375690][ T6379] NILFS (loop2): recovery complete
[  305.576914][ T6393] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  305.855914][ T6407] FAULT_INJECTION: forcing a failure.
[  305.855914][ T6407] name failslab, interval 1, probability 0, space 0, times 0
[  305.869256][ T6407] CPU: 0 UID: 0 PID: 6407 Comm: syz.2.106 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  305.880158][ T6407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  305.890456][ T6407] Call Trace:
[  305.893937][ T6407]  <TASK>
[  305.897057][ T6407]  dump_stack_lvl+0x216/0x2d0
[  305.902070][ T6407]  dump_stack+0x1e/0x24
[  305.906546][ T6407]  should_fail_ex+0x748/0x7f0
[  305.911533][ T6407]  should_failslab+0x17f/0x210
[  305.916589][ T6407]  __kmalloc_noprof+0x176/0x1230
[  305.921934][ T6407]  ? kfree+0x20/0xdb0
[  305.926196][ T6407]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  305.932290][ T6407]  ? tomoyo_realpath_from_path+0x104/0xaa0
[  305.938428][ T6407]  ? kmsan_get_metadata+0x13e/0x1c0
[  305.943916][ T6407]  tomoyo_realpath_from_path+0x104/0xaa0
[  305.949895][ T6407]  ? __srcu_read_lock+0x76/0xd0
[  305.955037][ T6407]  tomoyo_path_number_perm+0x1d9/0x8f0
[  305.960811][ T6407]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  305.967481][ T6407]  ? kmsan_get_metadata+0x13e/0x1c0
[  305.972975][ T6407]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  305.979103][ T6407]  tomoyo_file_ioctl+0x3f/0x50
[  305.984146][ T6407]  security_file_ioctl+0x145/0x590
[  305.989567][ T6407]  __se_sys_ioctl+0xd0/0x440
[  305.994481][ T6407]  __x64_sys_ioctl+0x96/0xe0
[  305.999383][ T6407]  x64_sys_call+0x19f0/0x3c30
[  306.004379][ T6407]  do_syscall_64+0xcd/0x1e0
[  306.009158][ T6407]  ? clear_bhb_loop+0x25/0x80
[  306.014146][ T6407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.020358][ T6407] RIP: 0033:0x7fd4aa785d29
[  306.025010][ T6407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.044932][ T6407] RSP: 002b:00007fd4ab5b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  306.053668][ T6407] RAX: ffffffffffffffda RBX: 00007fd4aa976080 RCX: 00007fd4aa785d29
[  306.061915][ T6407] RDX: 0000000020000080 RSI: 0000000040086e8b RDI: 0000000000000004
[  306.070138][ T6407] RBP: 00007fd4ab5b6090 R08: 0000000000000000 R09: 0000000000000000
[  306.078359][ T6407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  306.086572][ T6407] R13: 0000000000000001 R14: 00007fd4aa976080 R15: 00007ffc249c4518
[  306.094811][ T6407]  </TASK>
[  306.100221][ T6407] ERROR: Out of memory at tomoyo_realpath_from_path.
[  306.109675][ T5845] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  306.329907][ T5845] usb 2-1: config 0 has an invalid interface number: 84 but max is 0
[  306.338754][ T5845] usb 2-1: config 0 has no interface number 0
[  306.381600][ T5845] usb 2-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  306.390988][ T5845] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.399803][ T5845] usb 2-1: Product: syz
[  306.404464][ T5845] usb 2-1: Manufacturer: syz
[  306.409313][ T5845] usb 2-1: SerialNumber: syz
[  306.418335][   T52] Bluetooth: hci5: command tx timeout
[  306.419320][ T5845] usb 2-1: config 0 descriptor??
[  306.567831][ T5845] ljca 2-1:0.84: bulk endpoints not found
[  306.877735][ T6377] BTRFS error (device loop3): open_ctree failed
[  307.042897][   T52] Bluetooth: hci2: command tx timeout
[  307.302861][ T5847] usb 2-1: USB disconnect, device number 4
[  307.747863][ T6359] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.757616][ T6359] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.765648][ T6359] bridge_slave_0: entered allmulticast mode
[  307.783353][ T6359] bridge_slave_0: entered promiscuous mode
[  308.012175][ T4167] hsr_slave_0: left promiscuous mode
[  308.141468][ T4167] hsr_slave_1: left promiscuous mode
[  308.153877][ T5847] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  308.337352][ T4167] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  308.345537][ T4167] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.364440][ T5847] usb 4-1: Using ep0 maxpacket: 32
[  308.446032][ T4167] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  308.454092][ T4167] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.517457][ T5847] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  308.529482][ T5847] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  308.552100][   T52] Bluetooth: hci5: command tx timeout
[  308.632121][ T6425] loop1: detected capacity change from 0 to 1764
[  308.713469][ T5847] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  308.722542][ T4167] veth1_macvtap: left promiscuous mode
[  308.722929][ T5847] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  308.728442][ T4167] veth0_macvtap: left promiscuous mode
[  308.737113][ T5847] usb 4-1: Product: syz
[  308.743000][ T4167] veth1_vlan: left promiscuous mode
[  308.746678][ T5847] usb 4-1: Manufacturer: syz
[  308.752219][ T4167] veth0_vlan: left promiscuous mode
[  309.055848][ T5847] hub 4-1:4.0: USB hub found
[  309.185306][ T6416] loop2: detected capacity change from 0 to 32768
[  309.240488][   T52] Bluetooth: hci2: command tx timeout
[  309.263007][ T6421] loop3: detected capacity change from 0 to 256
[  309.271705][ T6421] vfat: Unknown parameter 'shm‹ À'
[  309.298154][ T6416] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.108 (6416)
[  309.303628][ T5847] hub 4-1:4.0: 2 ports detected
[  309.331785][ T6425] iso9660: Corrupted directory entry in block 2 of inode 1920
[  309.417845][ T6416] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  309.430167][ T6416] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm
[  309.442409][ T6416] BTRFS info (device loop2): using free-space-tree
[  309.518076][ T6421] loop3: detected capacity change from 0 to 512
[  309.605151][ T6421] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  310.112245][ T6416] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  310.113366][ T6416] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  310.124260][ T6416] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  310.175750][ T6421] EXT4-fs (loop3): 1 orphan inode deleted
[  310.193276][ T6421] EXT4-fs (loop3): 1 truncate cleaned up
[  310.241913][ T6421] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.257028][ T4167] team0 (unregistering): Port device team_slave_1 removed
[  310.345480][ T4167] team0 (unregistering): Port device team_slave_0 removed
[  310.447142][   T29] kauditd_printk_skb: 9 callbacks suppressed
[  310.447222][   T29] audit: type=1804 audit(1736242109.851:100): pid=6421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.109" name=2F6E6577726F6F742F32312F6275732FE91F7189591E9233614B dev="loop3" ino=17 res=1 errno=0
[  310.572560][   T52] Bluetooth: hci5: command tx timeout
[  310.617046][ T5847] hub 4-1:4.0: hub_hub_status failed (err = -32)
[  310.628436][ T5847] hub 4-1:4.0: config failed, can't get hub status (err -32)
[  310.692773][ T6359] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.700566][ T6359] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.706732][ T6421] Process accounting resumed
[  310.708434][ T6359] bridge_slave_1: entered allmulticast mode
[  310.722073][ T6359] bridge_slave_1: entered promiscuous mode
[  310.964477][ T6416] BTRFS error (device loop2): open_ctree failed
[  311.206308][ T6364] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.214137][ T6364] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.223080][ T6364] bridge_slave_0: entered allmulticast mode
[  311.232136][ T6364] bridge_slave_0: entered promiscuous mode
[  311.354152][ T6359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  311.414161][ T6364] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.422042][ T6364] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.429831][ T6364] bridge_slave_1: entered allmulticast mode
[  311.477978][ T6364] bridge_slave_1: entered promiscuous mode
[  311.500225][ T6359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  311.914132][ T6364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  311.947256][ T6359] team0: Port device team_slave_0 added
[  312.023861][ T6364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  312.052856][ T6359] team0: Port device team_slave_1 added
[  312.402934][ T6452] nfs: Unknown parameter '&'
[  312.431712][ T5847] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  312.566562][ T4167] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.632643][ T5847] usb 3-1: too many configurations: 163, using maximum allowed: 8
[  312.676214][ T5847] usb 3-1: unable to read config index 0 descriptor/start: -61
[  312.684373][ T5847] usb 3-1: can't read configurations, error -61
[  312.708518][ T1678] usb 4-1: USB disconnect, device number 8
[  312.861464][ T5847] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  312.969929][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.007476][ T6364] team0: Port device team_slave_0 added
[  313.024541][ T6364] team0: Port device team_slave_1 added
[  313.034180][ T5847] usb 3-1: too many configurations: 163, using maximum allowed: 8
[  313.087257][ T5847] usb 3-1: unable to read config index 0 descriptor/start: -61
[  313.095590][ T5847] usb 3-1: can't read configurations, error -61
[  313.150508][ T5847] usb usb3-port1: attempt power cycle
[  313.173547][ T4167] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.210220][ T6455] IPv6: addrconf: prefix option has invalid lifetime
[  313.252848][ T6359] batman_adv: batadv0: Adding interface: batadv_slave_0
[  313.260124][ T6359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  313.286702][ T6359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  313.385938][ T6457] loop3: detected capacity change from 0 to 512
[  313.390425][ T4167] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.404834][ T6457] EXT4-fs: Ignoring removed bh option
[  313.440347][ T6457] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  313.479623][ T6359] batman_adv: batadv0: Adding interface: batadv_slave_1
[  313.487059][ T6359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  313.519379][ T6359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  313.541656][ T1678] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  313.546510][ T4167] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.564212][ T6457] EXT4-fs (loop3): 1 truncate cleaned up
[  313.572087][ T6457] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  313.587670][ T6364] batman_adv: batadv0: Adding interface: batadv_slave_0
[  313.594978][ T6364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  313.627434][ T6364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  313.642474][ T5847] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  313.706924][ T5847] usb 3-1: too many configurations: 163, using maximum allowed: 8
[  313.739161][ T5847] usb 3-1: unable to read config index 0 descriptor/start: -61
[  313.747274][ T5847] usb 3-1: can't read configurations, error -61
[  313.766542][ T6457] FAULT_INJECTION: forcing a failure.
[  313.766542][ T6457] name failslab, interval 1, probability 0, space 0, times 0
[  313.780334][ T6457] CPU: 0 UID: 0 PID: 6457 Comm: syz.3.112 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  313.791223][ T6457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  313.801508][ T6457] Call Trace:
[  313.804975][ T6457]  <TASK>
[  313.808109][ T6457]  dump_stack_lvl+0x216/0x2d0
[  313.813106][ T6457]  dump_stack+0x1e/0x24
[  313.817556][ T6457]  should_fail_ex+0x748/0x7f0
[  313.822545][ T6457]  should_failslab+0x17f/0x210
[  313.827617][ T6457]  __kmalloc_noprof+0x176/0x1230
[  313.832872][ T6457]  ? kmsan_get_metadata+0x13e/0x1c0
[  313.838338][ T6457]  ? tomoyo_encode+0x5f8/0xa40
[  313.843416][ T6457]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  313.849512][ T6457]  ? kmsan_get_metadata+0x13e/0x1c0
[  313.854983][ T6457]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  313.861083][ T6457]  tomoyo_encode+0x5f8/0xa40
[  313.866018][ T6457]  tomoyo_realpath_from_path+0x9dd/0xaa0
[  313.872015][ T6457]  tomoyo_path_number_perm+0x1d9/0x8f0
[  313.877796][ T6457]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  313.884449][ T6457]  ? kmsan_get_metadata+0x13e/0x1c0
[  313.889930][ T6457]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  313.896041][ T6457]  tomoyo_file_ioctl+0x3f/0x50
[  313.898447][ T1678] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  313.900993][ T6457]  security_file_ioctl+0x145/0x590
[  313.911324][ T1678] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  313.916336][ T6457]  __se_sys_ioctl+0xd0/0x440
[  313.930236][ T6457]  __x64_sys_ioctl+0x96/0xe0
[  313.935132][ T6457]  x64_sys_call+0x19f0/0x3c30
[  313.940127][ T6457]  do_syscall_64+0xcd/0x1e0
[  313.944895][ T6457]  ? clear_bhb_loop+0x25/0x80
[  313.949883][ T6457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.956096][ T6457] RIP: 0033:0x7f3dcf985d29
[  313.960742][ T6457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.978534][ T1678] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  313.980529][ T6457] RSP: 002b:00007f3dd07b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  313.990226][ T1678] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.998296][ T6457] RAX: ffffffffffffffda RBX: 00007f3dcfb75fa0 RCX: 00007f3dcf985d29
[  313.998405][ T6457] RDX: 0000000020003100 RSI: 0000000040286608 RDI: 0000000000000005
[  314.006545][ T1678] usb 2-1: Product: syz
[  314.014458][ T6457] RBP: 00007f3dd07b7090 R08: 0000000000000000 R09: 0000000000000000
[  314.014560][ T6457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  314.027793][ T1678] usb 2-1: Manufacturer: syz
[  314.034819][ T6457] R13: 0000000000000000 R14: 00007f3dcfb75fa0 R15: 00007ffda4d50cc8
[  314.034937][ T6457]  </TASK>
[  314.037418][ T6457] ERROR: Out of memory at tomoyo_realpath_from_path.
[  314.045137][ T1678] usb 2-1: SerialNumber: syz
[  314.047916][ T5847] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  314.050692][ T6457] EXT4-fs warning (device loop3): verify_group_input:156: Last group not full
[  314.139729][ T5847] usb 3-1: too many configurations: 163, using maximum allowed: 8
[  314.184756][ T6364] batman_adv: batadv0: Adding interface: batadv_slave_1
[  314.192202][ T6364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  314.218830][ T6364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  314.239278][ T5847] usb 3-1: unable to read config index 0 descriptor/start: -61
[  314.247621][ T5847] usb 3-1: can't read configurations, error -61
[  314.258233][ T5847] usb usb3-port1: unable to enumerate USB device
[  314.286541][ T6359] hsr_slave_0: entered promiscuous mode
[  314.336826][ T6359] hsr_slave_1: entered promiscuous mode
[  314.348978][ T6359] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  314.357154][ T6359] Cannot create hsr debugfs directory
[  314.405047][ T1678] usb 2-1: 0:2 : does not exist
[  314.547269][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.562572][ T1678] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  314.749717][ T1678] usb 2-1: USB disconnect, device number 5
[  314.766963][ T4167] bridge_slave_1: left allmulticast mode
[  314.773060][ T4167] bridge_slave_1: left promiscuous mode
[  314.779611][ T4167] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.856651][ T4167] bridge_slave_0: left allmulticast mode
[  314.863248][ T4167] bridge_slave_0: left promiscuous mode
[  314.869817][ T4167] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.130789][ T6465] loop3: detected capacity change from 0 to 64
[  315.231582][ T5986] udevd[5986]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  315.631668][   T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  315.808071][   T10] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  315.818102][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  315.828677][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  315.838067][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  315.849381][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  315.910408][ T4167] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  315.964306][ T4167] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  315.989421][ T4167] bond0 (unregistering): Released all slaves
[  316.056041][   T10] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  316.065715][   T10] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  316.075112][   T10] usb 2-1: Product: syz
[  316.079526][   T10] usb 2-1: Manufacturer: syz
[  316.100729][ T5847] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  316.210729][ T6364] hsr_slave_0: entered promiscuous mode
[  316.229290][ T6364] hsr_slave_1: entered promiscuous mode
[  316.242527][   T10] cdc_wdm 2-1:1.0: skipping garbage
[  316.248135][   T10] cdc_wdm 2-1:1.0: skipping garbage
[  316.291721][ T6364] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  316.299526][ T6364] Cannot create hsr debugfs directory
[  316.317543][ T5847] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  316.328397][ T5847] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  316.333605][   T10] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  316.337552][ T5847] usb 4-1: config 1 has no interface number 0
[  316.343662][   T10] cdc_wdm 2-1:1.0: Unknown control protocol
[  316.349584][ T5847] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.367091][ T5847] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  316.382492][ T5847] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  316.392619][ T5847] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  316.402776][ T5847] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  316.548038][ T1678] usb 2-1: USB disconnect, device number 6
[  316.617295][ T5847] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  316.627094][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.635602][ T5847] usb 4-1: Product: syz
[  316.640018][ T5847] usb 4-1: Manufacturer: syz
[  316.644999][ T5847] usb 4-1: SerialNumber: syz
[  317.097934][ T1678] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  317.187727][ T4167] hsr_slave_0: left promiscuous mode
[  317.210471][ T4167] hsr_slave_1: left promiscuous mode
[  317.227949][ T4167] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  317.236243][ T4167] batman_adv: batadv0: Removing interface: batadv_slave_0
[  317.251496][ T4167] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  317.259503][ T4167] batman_adv: batadv0: Removing interface: batadv_slave_1
[  317.280205][ T1678] usb 3-1: config 0 has an invalid interface number: 84 but max is 0
[  317.289246][ T1678] usb 3-1: config 0 has no interface number 0
[  317.320722][ T4167] veth1_macvtap: left promiscuous mode
[  317.326691][ T4167] veth0_macvtap: left promiscuous mode
[  317.332850][ T4167] veth1_vlan: left promiscuous mode
[  317.338529][ T4167] veth0_vlan: left promiscuous mode
[  317.510124][ T1678] usb 3-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  317.523005][ T1678] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.533150][ T1678] usb 3-1: Product: syz
[  317.537549][ T1678] usb 3-1: Manufacturer: syz
[  317.544194][ T1678] usb 3-1: SerialNumber: syz
[  317.573255][ T1678] usb 3-1: config 0 descriptor??
[  317.605573][ T1678] ljca 3-1:0.84: bulk endpoints not found
[  317.713018][ T5847] cdc_ncm 4-1:1.1: SET_CRC_MODE failed
[  317.747688][ T5847] cdc_ncm 4-1:1.1: bind() failure
[  317.790314][ T5847] usb 4-1: USB disconnect, device number 9
[  318.223075][ T4167] team0 (unregistering): Port device team_slave_1 removed
[  318.294501][ T4167] team0 (unregistering): Port device team_slave_0 removed
[  318.846234][ T5847] usb 3-1: USB disconnect, device number 19
[  319.291873][ T1678] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  319.352102][ T6359] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  319.426539][ T6359] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  319.496821][ T1678] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  319.506446][ T1678] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.556852][ T1678] usb 4-1: config 0 descriptor??
[  319.583155][ T6364] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  319.585337][ T1678] cp210x 4-1:0.0: cp210x converter detected
[  319.644769][ T6364] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  319.684664][ T6359] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  319.748085][ T6364] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  319.828403][ T6359] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  319.917358][ T6364] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  320.038678][ T6488] loop3: detected capacity change from 0 to 128
[  320.163401][ T1678] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  320.253482][ T1678] usb 4-1: cp210x converter now attached to ttyUSB0
[  320.407382][ T6494] loop2: detected capacity change from 0 to 1764
[  320.568357][ T6494] iso9660: Corrupted directory entry in block 2 of inode 1920
[  321.316952][ T6359] 8021q: adding VLAN 0 to HW filter on device bond0
[  321.341441][ T6364] 8021q: adding VLAN 0 to HW filter on device bond0
[  321.551924][ T6359] 8021q: adding VLAN 0 to HW filter on device team0
[  321.579571][ T6364] 8021q: adding VLAN 0 to HW filter on device team0
[  321.628822][ T3710] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.636557][ T3710] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.720147][ T3710] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.727967][ T3710] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.744621][ T3710] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.752325][ T3710] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.919415][ T3710] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.927228][ T3710] bridge0: port 2(bridge_slave_1) entered forwarding state
[  322.257264][ T6364] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  322.335409][ T6359] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  322.347076][ T6359] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  322.571585][ T1678] usb 4-1: USB disconnect, device number 10
[  322.644053][ T1678] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  322.785622][ T1678] cp210x 4-1:0.0: device disconnected
[  323.256397][ T6516] IPv6: addrconf: prefix option has invalid lifetime
[  323.604345][   T10] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  323.883730][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  323.894609][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  323.938253][ T6512] loop3: detected capacity change from 0 to 32768
[  323.984935][ T6512] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.122 (6512)
[  324.009752][ T6512] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  324.020486][ T6512] BTRFS info (device loop3): using sha256 (sha256-generic) checksum algorithm
[  324.032324][ T6512] BTRFS info (device loop3): using free-space-tree
[  324.112178][   T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  324.121943][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.130215][   T10] usb 3-1: Product: syz
[  324.134882][   T10] usb 3-1: Manufacturer: syz
[  324.139722][   T10] usb 3-1: SerialNumber: syz
[  324.493625][   T10] usb 3-1: 0:2 : does not exist
[  324.524744][   T10] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  324.764559][   T10] usb 3-1: USB disconnect, device number 20
[  324.847183][ T5787] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  325.112999][ T6359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  325.233715][ T5986] udevd[5986]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  325.407547][ T6364] 8021q: adding VLAN 0 to HW filter on device batadv0
[  327.168675][ T6570] loop3: detected capacity change from 0 to 64
[  327.851441][   T45] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  328.063225][   T45] usb 3-1: config 0 has an invalid interface number: 84 but max is 0
[  328.072965][   T45] usb 3-1: config 0 has no interface number 0
[  328.127567][   T45] usb 3-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  328.137054][   T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.145545][   T45] usb 3-1: Product: syz
[  328.149963][   T45] usb 3-1: Manufacturer: syz
[  328.159477][   T45] usb 3-1: SerialNumber: syz
[  328.198377][   T45] usb 3-1: config 0 descriptor??
[  328.222887][   T45] ljca 3-1:0.84: bulk endpoints not found
[  328.291459][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  328.537308][   T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  328.548615][   T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  328.558492][   T10] usb 4-1: config 1 has no interface number 0
[  328.566273][   T10] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  328.577987][   T10] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  328.587556][   T10] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  328.597737][   T10] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  328.607912][   T10] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  328.641191][ T6359] veth0_vlan: entered promiscuous mode
[  328.699870][ T6364] veth0_vlan: entered promiscuous mode
[  328.756258][ T6359] veth1_vlan: entered promiscuous mode
[  328.795470][ T6364] veth1_vlan: entered promiscuous mode
[  328.936090][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  328.946058][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.954504][   T10] usb 4-1: Product: syz
[  328.958919][   T10] usb 4-1: Manufacturer: syz
[  328.964005][   T10] usb 4-1: SerialNumber: syz
[  328.994002][ T6578] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  329.007913][ T6582] loop1: detected capacity change from 0 to 8
[  329.055082][ T5838] IPVS: starting estimator thread 0...
[  329.059286][ T6364] veth0_macvtap: entered promiscuous mode
[  329.094779][ T6359] veth0_macvtap: entered promiscuous mode
[  329.139882][ T6364] veth1_macvtap: entered promiscuous mode
[  329.200404][ T6359] veth1_macvtap: entered promiscuous mode
[  329.230773][ T6364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.241969][ T6364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.252163][ T6364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.262889][ T6364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.273070][ T6364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.289263][ T6364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.305074][ T6364] batman_adv: batadv0: Interface activated: batadv_slave_0
[  329.322685][ T6364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.333562][ T6364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.343651][ T6364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.354440][ T6364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.364527][ T6364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.375262][ T6364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.395564][ T6364] batman_adv: batadv0: Interface activated: batadv_slave_1
[  329.522274][ T5846] usb 3-1: USB disconnect, device number 21
[  329.533837][ T6364] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  329.543122][ T6364] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  329.552313][ T6364] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  329.561467][ T6364] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  329.663729][ T6590] IPVS: using max 288 ests per chain, 14400 per kthread
[  329.684761][ T6359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.701684][ T6359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.714154][ T6359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.726048][ T6359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.737358][ T6359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.748106][ T6359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.758341][ T6359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  329.769135][ T6359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.784189][ T6359] batman_adv: batadv0: Interface activated: batadv_slave_0
[  330.143717][   T10] cdc_ncm 4-1:1.1: SET_CRC_MODE failed
[  330.208900][   T10] cdc_ncm 4-1:1.1: bind() failure
[  330.234339][ T6359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.245816][ T6359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.255983][ T6359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.266723][ T6359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.276890][ T6359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.288177][ T6359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.298372][ T6359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.313766][ T6359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.330985][ T6359] batman_adv: batadv0: Interface activated: batadv_slave_1
[  330.334596][   T10] usb 4-1: USB disconnect, device number 11
[  330.450155][ T6359] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  330.460510][ T6359] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  330.469663][ T6359] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.478982][ T6359] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  331.305781][ T6601] loop2: detected capacity change from 0 to 1764
[  331.511242][ T6601] iso9660: Corrupted directory entry in block 2 of inode 1920
[  333.307361][ T6628] IPv6: addrconf: prefix option has invalid lifetime
[  333.683378][ T6607] loop1: detected capacity change from 0 to 32768
[  333.861610][   T45] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  333.864309][ T6607] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.132 (6607)
[  334.138227][   T45] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  334.149712][   T45] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  334.239286][   T45] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  334.249322][   T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.257728][   T45] usb 4-1: Product: syz
[  334.262192][   T45] usb 4-1: Manufacturer: syz
[  334.268886][   T45] usb 4-1: SerialNumber: syz
[  334.288408][ T6607] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  334.300661][ T6607] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  334.312487][ T6607] BTRFS info (device loop1): using free-space-tree
[  334.357022][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  334.358076][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  334.368502][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  334.379081][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  334.389780][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  334.400987][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  334.497223][ T6640] loop2: detected capacity change from 0 to 2048
[  334.507280][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  334.517590][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  334.528613][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  334.538986][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  334.549870][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  334.561945][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  334.573070][ T6607] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  334.738317][   T45] usb 4-1: 0:2 : does not exist
[  334.777901][   T45] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  334.790902][ T6658] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  334.968838][   T45] usb 4-1: USB disconnect, device number 12
[  335.031630][ T6607] BTRFS error (device loop1): open_ctree failed
[  335.283126][ T5986] udevd[5986]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  335.737402][ T6672] process 'syz.2.138' launched './file0' with NULL argv: empty string added
[  335.975107][ T6001] udevd[6001]: '/usr/bin/udevadm trigger -s block -p ID_BTRFS_READY=0' [6664] terminated by signal 33 (Unknown signal 33)
[  336.086480][ T6684] netlink: 4 bytes leftover after parsing attributes in process `syz.3.139'.
[  336.146152][ T6686] loop1: detected capacity change from 0 to 128
[  336.282848][ T6684] team0 (unregistering): Port device team_slave_0 removed
[  336.350899][ T6686] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  336.395326][ T6686] ext4 filesystem being mounted at /35/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  336.432316][ T6684] team0 (unregistering): Port device team_slave_1 removed
[  336.987992][ T4167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  336.996169][ T4167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  337.253115][   T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.255039][ T5783] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  337.262485][   T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  337.316744][ T2959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.324925][ T2959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  337.483191][ T2959] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.491499][ T2959] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.068710][ T6705] loop1: detected capacity change from 0 to 64
[  338.932861][   T10] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  339.037891][ T6715] tipc: Started in network mode
[  339.043298][ T6715] tipc: Node identity , cluster identity 4711
[  339.049762][ T6715] tipc: Failed to set node id, please configure manually
[  339.057295][ T6715] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  339.694549][ T6717] loop5: detected capacity change from 0 to 32768
[  339.706106][ T5838] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  339.732667][ T6717] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.145 (6717)
[  339.890342][ T6717] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  339.902218][ T6717] BTRFS info (device loop5): using sha256 (sha256-generic) checksum algorithm
[  339.913837][ T6717] BTRFS info (device loop5): using free-space-tree
[  340.044995][   T10] usb 7-1: Using ep0 maxpacket: 32
[  340.105566][ T5838] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  340.116436][ T5838] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  340.126349][ T5838] usb 2-1: config 1 has no interface number 0
[  340.135741][ T5838] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  340.147753][ T5838] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  340.157238][ T5838] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  340.167527][ T5838] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  340.177725][ T5838] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  340.193011][   T10] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  340.202641][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.225401][   T10] usb 7-1: config 0 descriptor??
[  340.258685][ T5838] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  340.269167][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.277617][ T5838] usb 2-1: Product: syz
[  340.282393][ T5838] usb 2-1: Manufacturer: syz
[  340.287261][ T5838] usb 2-1: SerialNumber: syz
[  341.001970][   T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  341.254206][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  341.383642][   T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  341.391178][   T10] usb 7-1: media controller created
[  341.460233][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  341.615158][ T6745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.625304][ T6745] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  342.094026][ T6745] netlink: 8 bytes leftover after parsing attributes in process `syz.6.102'.
[  342.135675][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  342.142449][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  342.440396][ T5838] cdc_ncm 2-1:1.1: SET_CRC_MODE failed
[  342.498660][ T6359] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  342.562188][ T5838] cdc_ncm 2-1:1.1: bind() failure
[  342.580274][   T10] az6027: usb out operation failed. (-71)
[  342.586379][   T10] stb0899_attach: Driver disabled by Kconfig
[  342.596165][   T10] az6027: no front-end attached
[  342.596165][   T10] 
[  342.641740][   T10] az6027: usb out operation failed. (-71)
[  342.647695][   T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  342.658701][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input6
[  342.686344][ T5838] usb 2-1: USB disconnect, device number 7
[  342.702809][ T5846] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  342.828280][   T10] dvb-usb: schedule remote query interval to 400 msecs.
[  342.836483][   T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  342.911742][   T10] usb 7-1: USB disconnect, device number 2
[  342.917034][ T5846] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  342.928343][ T5846] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  343.076792][ T5846] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  343.086435][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.094862][ T5846] usb 3-1: Product: syz
[  343.099274][ T5846] usb 3-1: Manufacturer: syz
[  343.109494][ T5846] usb 3-1: SerialNumber: syz
[  343.539767][   T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  343.792425][ T6761] loop3: detected capacity change from 0 to 1024
[  344.163514][ T5846] usb 3-1: 0:2 : does not exist
[  344.243948][ T5789] Bluetooth: hci0: command 0x0406 tx timeout
[  344.250248][ T5789] Bluetooth: hci1: command 0x0406 tx timeout
[  344.258125][ T5789] Bluetooth: hci3: command 0x0406 tx timeout
[  344.291780][ T6761] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  344.450536][ T5846] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  344.693979][ T5846] usb 3-1: USB disconnect, device number 22
[  344.751438][   T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  345.023367][   T10] usb 6-1: config 0 has an invalid interface number: 84 but max is 0
[  345.032011][   T10] usb 6-1: config 0 has no interface number 0
[  345.140246][   T10] usb 6-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  345.152495][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.160777][   T10] usb 6-1: Product: syz
[  345.166261][   T10] usb 6-1: Manufacturer: syz
[  345.171324][   T10] usb 6-1: SerialNumber: syz
[  345.269819][   T10] usb 6-1: config 0 descriptor??
[  345.344135][   T10] ljca 6-1:0.84: bulk endpoints not found
[  345.376776][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.453768][ T5986] udevd[5986]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  345.796016][ T6791] loop3: detected capacity change from 0 to 256
[  346.117860][ T6795] netlink: 28 bytes leftover after parsing attributes in process `syz.1.157'.
[  346.366024][ T6804] FAULT_INJECTION: forcing a failure.
[  346.366024][ T6804] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  346.385584][ T6804] CPU: 1 UID: 0 PID: 6804 Comm: syz.6.159 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  346.396483][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  346.406773][ T6804] Call Trace:
[  346.410235][ T6804]  <TASK>
[  346.413355][ T6804]  dump_stack_lvl+0x216/0x2d0
[  346.418361][ T6804]  dump_stack+0x1e/0x24
[  346.422806][ T6804]  should_fail_ex+0x748/0x7f0
[  346.427805][ T6804]  should_fail+0x2a/0x40
[  346.432361][ T6804]  should_fail_usercopy+0x2e/0x40
[  346.437712][ T6804]  _copy_to_user+0x34/0x120
[  346.442540][ T6804]  simple_read_from_buffer+0x199/0x340
[  346.448341][ T6804]  proc_fail_nth_read+0x1e5/0x2c0
[  346.453672][ T6804]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  346.459524][ T6804]  vfs_read+0x29d/0xf50
[  346.464007][ T6804]  ? stack_depot_save_flags+0x2c/0x750
[  346.469779][ T6804]  ? kmsan_get_metadata+0x13e/0x1c0
[  346.475257][ T6804]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  346.481951][ T6804]  ksys_read+0x240/0x4b0
[  346.486503][ T6804]  ? kmsan_get_metadata+0x13e/0x1c0
[  346.491995][ T6804]  __x64_sys_read+0x93/0xe0
[  346.496812][ T6804]  x64_sys_call+0x314c/0x3c30
[  346.501810][ T6804]  do_syscall_64+0xcd/0x1e0
[  346.506587][ T6804]  ? clear_bhb_loop+0x25/0x80
[  346.511585][ T6804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.517798][ T6804] RIP: 0033:0x7f782398473c
[  346.522447][ T6804] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  346.542393][ T6804] RSP: 002b:00007f7824705030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  346.551120][ T6804] RAX: ffffffffffffffda RBX: 00007f7823b75fa0 RCX: 00007f782398473c
[  346.559358][ T6804] RDX: 000000000000000f RSI: 00007f78247050a0 RDI: 0000000000000004
[  346.567575][ T6804] RBP: 00007f7824705090 R08: 0000000000000000 R09: 0000000000000000
[  346.575795][ T6804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  346.584100][ T6804] R13: 0000000000000000 R14: 00007f7823b75fa0 R15: 00007ffeba294758
[  346.592353][ T6804]  </TASK>
[  346.930412][ T6791] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001023f, chksum : 0x0e440cfe, utbl_chksum : 0xe619d30d)
[  347.122430][   T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  347.315672][   T29] audit: type=1800 audit(1736242146.661:101): pid=6791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.156" name="bus" dev="loop3" ino=1048609 res=0 errno=0
[  347.501611][ T5846] usb 6-1: USB disconnect, device number 2
[  347.528618][   T10] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  347.537572][   T10] usb 2-1: config 0 has no interface number 0
[  347.544119][   T10] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  347.555573][   T10] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  347.565780][   T10] usb 2-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00
[  347.575256][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.638308][ T6801] loop2: detected capacity change from 0 to 32768
[  347.748279][ T6801] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.158 (6801)
[  347.917481][   T10] usb 2-1: config 0 descriptor??
[  348.092112][ T6801] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  348.103750][ T6801] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm
[  348.115956][ T6801] BTRFS info (device loop2): using free-space-tree
[  348.483784][ T6823] loop5: detected capacity change from 0 to 64
[  348.691652][ T5846] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  348.742595][   T10] usbhid 2-1:0.2: can't add hid device: -71
[  348.749220][   T10] usbhid 2-1:0.2: probe with driver usbhid failed with error -71
[  348.771763][   T10] usb 2-1: USB disconnect, device number 8
[  348.853321][ T5838] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  348.958315][ T5791] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  348.973559][ T5846] usb 7-1: Using ep0 maxpacket: 32
[  349.002152][ T5846] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  349.011690][ T5846] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.030389][ T5846] usb 7-1: config 0 descriptor??
[  349.089553][ T5838] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  349.100762][ T5838] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  349.110088][ T5838] usb 6-1: config 1 has no interface number 0
[  349.116694][ T5838] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.129487][ T5838] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  349.139428][ T5838] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  349.151879][ T5838] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  349.163453][ T5838] usb 6-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  349.207311][ T5838] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  349.217204][ T5838] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.225633][ T5838] usb 6-1: Product: syz
[  349.230028][ T5838] usb 6-1: Manufacturer: syz
[  349.235033][ T5838] usb 6-1: SerialNumber: syz
[  349.300122][ T5846] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  349.327604][ T5846] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  349.391897][   T45] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  349.405024][ T5846] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  349.412770][ T5846] usb 7-1: media controller created
[  349.496183][ T5846] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  349.619550][   T45] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  349.630179][   T45] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  349.709264][   T45] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  349.719086][   T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.727627][   T45] usb 4-1: Product: syz
[  349.732285][   T45] usb 4-1: Manufacturer: syz
[  349.737285][   T45] usb 4-1: SerialNumber: syz
[  349.888467][ T6836] netlink: 8 bytes leftover after parsing attributes in process `syz.1.165'.
[  349.897830][ T6836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.165'.
[  349.907095][ T6836] netlink: 'syz.1.165': attribute type 12 has an invalid length.
[  350.105919][ T5838] cdc_ncm 6-1:1.1: SET_CRC_MODE failed
[  350.170414][ T5838] cdc_ncm 6-1:1.1: bind() failure
[  350.221852][ T5838] usb 6-1: USB disconnect, device number 3
[  350.294796][ T6816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  350.304536][ T6816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  350.314096][   T45] usb 4-1: 0:2 : does not exist
[  350.341529][ T6816] netlink: 8 bytes leftover after parsing attributes in process `syz.6.162'.
[  350.369960][   T45] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  350.542479][   T45] usb 4-1: USB disconnect, device number 13
[  350.554417][ T5846] az6027: usb out operation failed. (-71)
[  350.560378][ T5846] stb0899_attach: Driver disabled by Kconfig
[  350.566903][ T5846] az6027: no front-end attached
[  350.566903][ T5846] 
[  350.590526][ T5846] az6027: usb out operation failed. (-71)
[  350.598017][ T5846] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  350.609035][ T5846] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input8
[  350.638893][ T5846] dvb-usb: schedule remote query interval to 400 msecs.
[  350.646344][ T5846] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  350.665104][ T5846] usb 7-1: USB disconnect, device number 3
[  350.682780][   T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  350.805625][ T5846] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  350.865545][   T10] usb 2-1: Using ep0 maxpacket: 8
[  350.921922][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  350.930345][   T10] usb 2-1: no configurations
[  350.935392][   T10] usb 2-1: can't read configurations, error -22
[  351.202471][   T10] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  351.413487][   T10] usb 2-1: Using ep0 maxpacket: 8
[  351.437580][ T6845] netlink: 36 bytes leftover after parsing attributes in process `syz.3.167'.
[  351.512748][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  351.520940][   T10] usb 2-1: no configurations
[  351.523351][ T6845] netlink: 44 bytes leftover after parsing attributes in process `syz.3.167'.
[  351.526378][   T10] usb 2-1: can't read configurations, error -22
[  351.588639][   T10] usb usb2-port1: attempt power cycle
[  351.827522][ T6848] FAULT_INJECTION: forcing a failure.
[  351.827522][ T6848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.841724][ T6848] CPU: 1 UID: 0 PID: 6848 Comm: syz.5.168 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  351.852622][ T6848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  351.862914][ T6848] Call Trace:
[  351.866386][ T6848]  <TASK>
[  351.869499][ T6848]  dump_stack_lvl+0x216/0x2d0
[  351.874492][ T6848]  dump_stack+0x1e/0x24
[  351.878936][ T6848]  should_fail_ex+0x748/0x7f0
[  351.883931][ T6848]  should_fail+0x2a/0x40
[  351.888470][ T6848]  should_fail_usercopy+0x2e/0x40
[  351.893802][ T6848]  _copy_from_user+0x35/0x110
[  351.898780][ T6848]  do_arpt_set_ctl+0x3ac/0x20d0
[  351.903900][ T6848]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  351.910038][ T6848]  ? kmsan_get_metadata+0x13e/0x1c0
[  351.915512][ T6848]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  351.921606][ T6848]  ? kmsan_get_metadata+0x13e/0x1c0
[  351.927085][ T6848]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  351.933752][ T6848]  ? __pfx_do_arpt_set_ctl+0x10/0x10
[  351.939315][ T6848]  ? __pfx_do_arpt_set_ctl+0x10/0x10
[  351.944875][ T6848]  nf_setsockopt+0x497/0x4f0
[  351.949772][ T6848]  ip_setsockopt+0x1f1/0x210
[  351.954679][ T6848]  ? __pfx_ip_setsockopt+0x10/0x10
[  351.960105][ T6848]  tcp_setsockopt+0x153/0x190
[  351.965055][ T6848]  ? __pfx_tcp_setsockopt+0x10/0x10
[  351.970531][ T6848]  sock_common_setsockopt+0xf9/0x140
[  351.976145][ T6848]  do_sock_setsockopt+0x4bb/0x7d0
[  351.981464][ T6848]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  351.987685][ T6848]  __x64_sys_setsockopt+0x33d/0x4f0
[  351.993183][ T6848]  x64_sys_call+0x30b9/0x3c30
[  351.998188][ T6848]  do_syscall_64+0xcd/0x1e0
[  352.002967][ T6848]  ? clear_bhb_loop+0x25/0x80
[  352.007951][ T6848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.014137][ T6848] RIP: 0033:0x7f5c5cb85d29
[  352.018773][ T6848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.038660][ T6848] RSP: 002b:00007f5c5d93b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  352.047374][ T6848] RAX: ffffffffffffffda RBX: 00007f5c5cd75fa0 RCX: 00007f5c5cb85d29
[  352.055584][ T6848] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000003
[  352.063801][ T6848] RBP: 00007f5c5d93b090 R08: 0000000000000448 R09: 0000000000000000
[  352.072002][ T6848] R10: 0000000020000d40 R11: 0000000000000246 R12: 0000000000000001
[  352.080195][ T6848] R13: 0000000000000000 R14: 00007f5c5cd75fa0 R15: 00007ffe5fff2f78
[  352.088440][ T6848]  </TASK>
[  352.541707][   T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  352.547951][ T6858] loop5: detected capacity change from 0 to 512
[  352.558467][ T6858] EXT4-fs: Ignoring removed nomblk_io_submit option
[  352.578077][   T10] usb 2-1: Using ep0 maxpacket: 8
[  352.580858][ T6858] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  352.613220][ T6858] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a85ec028, mo2=0002]
[  352.622204][ T6858] System zones: 0-2, 18-18, 34-34
[  352.651639][ T5846] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  352.652554][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  352.667541][ T6858] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  352.667834][   T10] usb 2-1: no configurations
[  352.687121][   T10] usb 2-1: can't read configurations, error -22
[  352.739130][ T6858] EXT4-fs (loop5): 1 truncate cleaned up
[  352.747014][ T6858] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  352.774851][ T6858] EXT4-fs error (device loop5): ext4_xattr_block_find:1877: inode #15: comm syz.5.172: corrupted xattr block 19: invalid header
[  352.790402][ T6858] EXT4-fs (loop5): Remounting filesystem read-only
[  352.807508][ T5846] usb 3-1: config 0 has an invalid interface number: 84 but max is 0
[  352.815945][ T5846] usb 3-1: config 0 has no interface number 0
[  352.839249][ T5846] usb 3-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  352.848851][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.857204][ T5846] usb 3-1: Product: syz
[  352.861379][   T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  352.869356][ T5846] usb 3-1: Manufacturer: syz
[  352.874386][ T5846] usb 3-1: SerialNumber: syz
[  352.885384][   T10] usb 2-1: Using ep0 maxpacket: 8
[  352.902468][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  352.910672][   T10] usb 2-1: no configurations
[  352.913347][ T5846] usb 3-1: config 0 descriptor??
[  352.915608][   T10] usb 2-1: can't read configurations, error -22
[  352.953881][ T5846] ljca 3-1:0.84: bulk endpoints not found
[  353.010737][   T10] usb usb2-port1: unable to enumerate USB device
[  353.088711][ T6359] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.091797][ T6864] FAULT_INJECTION: forcing a failure.
[  353.091797][ T6864] name failslab, interval 1, probability 0, space 0, times 0
[  353.112456][ T6864] CPU: 0 UID: 0 PID: 6864 Comm: syz.3.174 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  353.123418][ T6864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  353.133709][ T6864] Call Trace:
[  353.137174][ T6864]  <TASK>
[  353.140293][ T6864]  dump_stack_lvl+0x216/0x2d0
[  353.145313][ T6864]  dump_stack+0x1e/0x24
[  353.149781][ T6864]  should_fail_ex+0x748/0x7f0
[  353.154792][ T6864]  should_failslab+0x17f/0x210
[  353.159893][ T6864]  __kmalloc_noprof+0x176/0x1230
[  353.165152][ T6864]  ? kfree+0x20/0xdb0
[  353.169431][ T6864]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  353.175522][ T6864]  ? tomoyo_realpath_from_path+0x104/0xaa0
[  353.181703][ T6864]  ? kmsan_get_metadata+0x13e/0x1c0
[  353.187192][ T6864]  tomoyo_realpath_from_path+0x104/0xaa0
[  353.193179][ T6864]  ? __srcu_read_lock+0x76/0xd0
[  353.198308][ T6864]  tomoyo_path_number_perm+0x1d9/0x8f0
[  353.204076][ T6864]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  353.210746][ T6864]  ? kmsan_get_metadata+0x13e/0x1c0
[  353.216233][ T6864]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  353.222358][ T6864]  tomoyo_file_ioctl+0x3f/0x50
[  353.227409][ T6864]  security_file_ioctl+0x145/0x590
[  353.232826][ T6864]  __se_sys_ioctl+0xd0/0x440
[  353.237744][ T6864]  __x64_sys_ioctl+0x96/0xe0
[  353.242653][ T6864]  x64_sys_call+0x19f0/0x3c30
[  353.247650][ T6864]  do_syscall_64+0xcd/0x1e0
[  353.252430][ T6864]  ? clear_bhb_loop+0x25/0x80
[  353.257423][ T6864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.263643][ T6864] RIP: 0033:0x7f3dcf985d29
[  353.268296][ T6864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.288201][ T6864] RSP: 002b:00007f3dd07b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  353.296931][ T6864] RAX: ffffffffffffffda RBX: 00007f3dcfb75fa0 RCX: 00007f3dcf985d29
[  353.305163][ T6864] RDX: 0000000020000100 RSI: 00000000800452d2 RDI: 0000000000000004
[  353.313413][ T6864] RBP: 00007f3dd07b7090 R08: 0000000000000000 R09: 0000000000000000
[  353.321620][ T6864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  353.329836][ T6864] R13: 0000000000000000 R14: 00007f3dcfb75fa0 R15: 00007ffda4d50cc8
[  353.338090][ T6864]  </TASK>
[  353.341543][    C0] vkms_vblank_simulate: vblank timer overrun
[  353.351424][ T6864] ERROR: Out of memory at tomoyo_realpath_from_path.
[  353.626404][ T6866] loop5: detected capacity change from 0 to 8
[  353.922536][ T6868] netlink: 68 bytes leftover after parsing attributes in process `syz.1.176'.
[  353.952784][ T6862] loop6: detected capacity change from 0 to 32768
[  353.971582][ T6862] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.173 (6862)
[  354.039755][ T6862] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  354.050696][ T6862] BTRFS info (device loop6): using sha256 (sha256-generic) checksum algorithm
[  354.068204][ T6862] BTRFS info (device loop6): using free-space-tree
[  354.254111][   T45] usb 3-1: USB disconnect, device number 23
[  354.271722][ T5846] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  354.508020][ T6891] loop5: detected capacity change from 0 to 256
[  354.513131][ T5846] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  354.525183][ T5846] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  354.548216][ T5846] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  354.558024][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.566461][ T5846] usb 4-1: Product: syz
[  354.566825][ T6891] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  354.576488][ T5846] usb 4-1: Manufacturer: syz
[  354.588470][   T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  354.592546][ T5846] usb 4-1: SerialNumber: syz
[  354.826589][ T6364] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  354.851955][   T10] usb 2-1: Using ep0 maxpacket: 32
[  354.856759][ T5846] usb 4-1: 0:2 : does not exist
[  354.906927][ T5846] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  354.973507][   T10] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  354.985334][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.998648][   T10] usb 2-1: config 0 descriptor??
[  355.130112][ T6893] loop5: detected capacity change from 0 to 16
[  355.153600][ T5846] usb 4-1: USB disconnect, device number 14
[  355.204206][ T6893] erofs (device loop5): mounted with root inode @ nid 36.
[  355.223871][   T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  355.241343][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  355.264089][   T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  355.271764][   T10] usb 2-1: media controller created
[  355.284598][   T29] audit: type=1326 audit(1736242154.671:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6892 comm="syz.5.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  355.312529][   T29] audit: type=1326 audit(1736242154.671:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6892 comm="syz.5.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  355.402523][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  355.423326][   T29] audit: type=1326 audit(1736242154.741:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6892 comm="syz.5.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  355.446587][   T29] audit: type=1326 audit(1736242154.741:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6892 comm="syz.5.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  355.469301][   T29] audit: type=1326 audit(1736242154.741:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6892 comm="syz.5.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  355.910663][ T6879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  355.920367][ T6879] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  355.929519][ T6898] loop3: detected capacity change from 0 to 512
[  355.944764][ T6898] EXT4-fs: Ignoring removed nomblk_io_submit option
[  355.964187][ T6898] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  356.031955][ T6900] netlink: 52 bytes leftover after parsing attributes in process `syz.5.184'.
[  356.034500][ T6898] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a85ec028, mo2=0002]
[  356.041433][ T6900] netlink: 8 bytes leftover after parsing attributes in process `syz.5.184'.
[  356.049532][ T6898] System zones: 0-2, 18-18, 34-34
[  356.074406][ T6898] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  356.104728][ T6898] EXT4-fs (loop3): 1 truncate cleaned up
[  356.111427][ T6879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.179'.
[  356.129375][ T6898] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  356.153270][ T6903] loop5: detected capacity change from 0 to 16
[  356.273476][ T6903] erofs (device loop5): mounted with root inode @ nid 36.
[  356.399975][   T10] az6027: usb out operation failed. (-71)
[  356.406185][   T10] stb0899_attach: Driver disabled by Kconfig
[  356.412500][   T10] az6027: no front-end attached
[  356.412500][   T10] 
[  356.444192][   T29] audit: type=1326 audit(1736242155.801:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.5.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  356.458406][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.467967][   T29] audit: type=1326 audit(1736242155.801:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.5.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  356.499079][   T10] az6027: usb out operation failed. (-71)
[  356.499148][   T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  356.505066][   T29] audit: type=1326 audit(1736242155.801:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.5.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  356.505280][   T29] audit: type=1326 audit(1736242155.801:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.5.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  356.514609][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9
[  356.541185][   T29] audit: type=1326 audit(1736242155.801:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.5.184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c5cb85d29 code=0x7ffc0000
[  356.627843][   T10] dvb-usb: schedule remote query interval to 400 msecs.
[  356.635280][   T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  356.725047][   T10] usb 2-1: USB disconnect, device number 13
[  356.848836][ T6909] loop5: detected capacity change from 0 to 8
[  357.044724][   T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  357.200825][ T6905] loop6: detected capacity change from 0 to 4096
[  358.399604][ T6929] IPv6: addrconf: prefix option has invalid lifetime
[  358.475203][ T6932] loop5: detected capacity change from 0 to 512
[  358.513753][ T6932] EXT4-fs: Ignoring removed nomblk_io_submit option
[  358.540385][ T6932] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  358.584657][ T6932] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a85ec028, mo2=0002]
[  358.593156][ T5838] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  358.598330][ T6932] System zones: 0-2, 18-18, 34-34
[  358.610676][ T6932] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  358.651745][ T6932] EXT4-fs (loop5): 1 truncate cleaned up
[  358.659419][ T6932] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  358.731326][   T10] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  358.758032][ T5838] usb 4-1: config 0 has an invalid interface number: 84 but max is 0
[  358.766771][ T5838] usb 4-1: config 0 has no interface number 0
[  358.777060][ T5884] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  358.799400][ T5838] usb 4-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  358.809356][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.817798][ T5838] usb 4-1: Product: syz
[  358.822275][ T5838] usb 4-1: Manufacturer: syz
[  358.827116][ T5838] usb 4-1: SerialNumber: syz
[  358.837479][ T5838] usb 4-1: config 0 descriptor??
[  358.853839][ T5838] ljca 4-1:0.84: bulk endpoints not found
[  358.930596][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  358.941778][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  358.957353][ T6359] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.980485][ T5884] usb 7-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  358.989761][ T5884] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  359.000235][ T5884] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  359.021922][   T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  359.031401][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.039659][   T10] usb 3-1: Product: syz
[  359.044187][   T10] usb 3-1: Manufacturer: syz
[  359.049052][   T10] usb 3-1: SerialNumber: syz
[  359.063580][ T5884] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  359.073362][ T5884] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.084045][ T5884] usb 7-1: Product: syz
[  359.088469][ T5884] usb 7-1: Manufacturer: syz
[  359.094246][ T5884] usb 7-1: SerialNumber: syz
[  359.257883][ T6940] loop1: detected capacity change from 0 to 8
[  359.312017][   T10] usb 3-1: 0:2 : does not exist
[  359.333654][   T10] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  359.432490][   T10] usb 3-1: USB disconnect, device number 24
[  359.960436][ T5884] usb 7-1: 0:2 : does not exist
[  360.035875][ T5884] usb 7-1: USB disconnect, device number 4
[  360.082463][ T5838] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  360.261464][ T5838] usb 6-1: Using ep0 maxpacket: 32
[  360.282389][ T5838] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  360.291970][ T5838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.346387][ T5846] usb 4-1: USB disconnect, device number 15
[  360.357919][ T5838] usb 6-1: config 0 descriptor??
[  360.572280][ T5838] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  360.607271][ T5838] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  360.655062][ T5838] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  360.664912][ T5838] usb 6-1: media controller created
[  360.761918][ T5838] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  360.792290][ T6955] 9pnet: Could not find request transport: fd0x0000000000000004
[  361.075664][ T6960] loop1: detected capacity change from 0 to 512
[  361.097459][ T6960] journal_path: Lookup failure for './file1'
[  361.104082][ T6960] EXT4-fs: error: could not find journal device path
[  361.164469][ T6948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  361.173775][ T6948] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  361.338056][ T6948] netlink: 8 bytes leftover after parsing attributes in process `syz.5.201'.
[  361.350207][ T6963] FAULT_INJECTION: forcing a failure.
[  361.350207][ T6963] name failslab, interval 1, probability 0, space 0, times 0
[  361.364553][ T6963] CPU: 0 UID: 0 PID: 6963 Comm: syz.2.207 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  361.375492][ T6963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  361.385785][ T6963] Call Trace:
[  361.389240][ T6963]  <TASK>
[  361.392361][ T6963]  dump_stack_lvl+0x216/0x2d0
[  361.397355][ T6963]  dump_stack+0x1e/0x24
[  361.401798][ T6963]  should_fail_ex+0x748/0x7f0
[  361.406791][ T6963]  should_failslab+0x17f/0x210
[  361.411846][ T6963]  __kmalloc_noprof+0x176/0x1230
[  361.417096][ T6963]  ? kfree+0x20/0xdb0
[  361.421357][ T6963]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  361.427438][ T6963]  ? tomoyo_realpath_from_path+0x104/0xaa0
[  361.433575][ T6963]  ? kmsan_get_metadata+0x13e/0x1c0
[  361.439062][ T6963]  tomoyo_realpath_from_path+0x104/0xaa0
[  361.445039][ T6963]  ? __srcu_read_lock+0x76/0xd0
[  361.450171][ T6963]  tomoyo_path_number_perm+0x1d9/0x8f0
[  361.455927][ T6963]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  361.462601][ T6963]  ? kmsan_get_metadata+0x13e/0x1c0
[  361.468120][ T6963]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  361.474270][ T6963]  tomoyo_file_ioctl+0x3f/0x50
[  361.479337][ T6963]  security_file_ioctl+0x145/0x590
[  361.484763][ T6963]  __se_sys_ioctl+0xd0/0x440
[  361.489662][ T6963]  __x64_sys_ioctl+0x96/0xe0
[  361.494565][ T6963]  x64_sys_call+0x19f0/0x3c30
[  361.499567][ T6963]  do_syscall_64+0xcd/0x1e0
[  361.504349][ T6963]  ? clear_bhb_loop+0x25/0x80
[  361.509344][ T6963]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.515541][ T6963] RIP: 0033:0x7fd4aa785d29
[  361.520177][ T6963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  361.540072][ T6963] RSP: 002b:00007fd4ab5d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  361.548781][ T6963] RAX: ffffffffffffffda RBX: 00007fd4aa975fa0 RCX: 00007fd4aa785d29
[  361.556996][ T6963] RDX: 0000000020000100 RSI: 00000000400452c9 RDI: 0000000000000004
[  361.565209][ T6963] RBP: 00007fd4ab5d7090 R08: 0000000000000000 R09: 0000000000000000
[  361.573424][ T6963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  361.581622][ T6963] R13: 0000000000000000 R14: 00007fd4aa975fa0 R15: 00007ffc249c4518
[  361.589837][ T6963]  </TASK>
[  361.595524][ T6963] ERROR: Out of memory at tomoyo_realpath_from_path.
[  361.675157][ T5838] az6027: usb out operation failed. (-71)
[  361.681295][ T5838] stb0899_attach: Driver disabled by Kconfig
[  361.687485][ T5838] az6027: no front-end attached
[  361.687485][ T5838] 
[  361.721320][ T5838] az6027: usb out operation failed. (-71)
[  361.727282][ T5838] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  361.736864][ T5838] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input10
[  361.810970][ T5838] dvb-usb: schedule remote query interval to 400 msecs.
[  361.818510][ T5838] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  361.820980][ T6968] loop6: detected capacity change from 0 to 8
[  361.836579][ T5838] usb 6-1: USB disconnect, device number 4
[  361.993117][ T5838] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  362.371548][   T10] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  362.451393][ T6974] loop2: detected capacity change from 0 to 1764
[  362.540794][ T6977] IPv6: addrconf: prefix option has invalid lifetime
[  362.545517][ T6974] iso9660: Corrupted directory entry in block 2 of inode 1920
[  362.646211][   T10] usb 4-1: Using ep0 maxpacket: 16
[  362.666452][ T6981] loop6: detected capacity change from 0 to 64
[  362.687391][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  362.698149][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  362.709984][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  362.720092][   T10] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  362.730195][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  362.898977][ T6981] minix_free_block (loop6:2): bit already cleared
[  362.906180][ T6981] minix_free_block (loop6:3): bit already cleared
[  362.911328][ T5846] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  362.912880][ T6981] minix_free_block (loop6:4): bit already cleared
[  362.941263][   T10] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  362.950771][   T10] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  362.959300][   T10] usb 4-1: Manufacturer: syz
[  362.976108][ T6986] netlink: 8 bytes leftover after parsing attributes in process `syz.5.216'.
[  362.978884][   T10] usb 4-1: config 0 descriptor??
[  363.132967][ T5846] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  363.143671][ T5846] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  363.200334][ T5846] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  363.210166][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.218501][ T5846] usb 2-1: Product: syz
[  363.223104][ T5846] usb 2-1: Manufacturer: syz
[  363.227938][ T5846] usb 2-1: SerialNumber: syz
[  363.528544][ T5846] usb 2-1: 0:2 : does not exist
[  363.662458][ T6989] 9pnet: Could not find request transport: fd0x0000000000000004
[  363.671420][   T10] rc_core: IR keymap rc-hauppauge not found
[  363.677716][   T10] Registered IR keymap rc-empty
[  363.684886][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  363.717974][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  363.743447][   T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  363.755743][ T5846] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  363.766005][   T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input11
[  363.905246][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  363.939015][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  364.011191][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  364.032689][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  364.053920][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  364.112032][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  364.176949][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  364.183700][ T5846] usb 2-1: USB disconnect, device number 14
[  364.225056][ T5838] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  364.252156][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  364.372605][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  364.391765][   T10] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  364.413970][   T10] mceusb 4-1:0.0: Registered Е with mce emulator interface version 1
[  364.423070][   T10] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  364.424513][ T6999] netlink: 'syz.1.220': attribute type 29 has an invalid length.
[  364.438508][   T10] usb 4-1: USB disconnect, device number 16
[  364.451555][   T45] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  364.517059][ T5838] usb 7-1: config 0 has an invalid interface number: 84 but max is 0
[  364.518391][ T6999] warning: `syz.1.220' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  364.526589][ T5838] usb 7-1: config 0 has no interface number 0
[  364.574629][ T5838] usb 7-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  364.585132][ T5838] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.594296][ T5838] usb 7-1: Product: syz
[  364.598706][ T5838] usb 7-1: Manufacturer: syz
[  364.604984][ T5838] usb 7-1: SerialNumber: syz
[  364.619355][ T5838] usb 7-1: config 0 descriptor??
[  364.631550][   T45] usb 6-1: Using ep0 maxpacket: 16
[  364.634311][ T5838] ljca 7-1:0.84: bulk endpoints not found
[  364.665574][   T45] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  364.677808][   T45] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  364.783200][   T45] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  364.792898][   T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.803554][   T45] usb 6-1: Product: syz
[  364.807965][   T45] usb 6-1: Manufacturer: syz
[  364.818207][   T45] usb 6-1: SerialNumber: syz
[  364.831598][   T45] usb 6-1: config 0 descriptor??
[  364.848098][   T45] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  364.857747][   T45] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  365.021810][   T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  365.175113][ T7003] loop3: detected capacity change from 0 to 8
[  365.223426][   T10] usb 2-1: Using ep0 maxpacket: 16
[  365.244326][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  365.256385][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  365.308632][   T10] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  365.318254][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.329239][   T10] usb 2-1: Product: syz
[  365.334486][   T10] usb 2-1: Manufacturer: syz
[  365.339339][   T10] usb 2-1: SerialNumber: syz
[  365.360585][   T10] usb 2-1: config 0 descriptor??
[  365.386896][   T10] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  365.396752][   T10] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  365.548843][   T45] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  365.558557][   T45] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  365.927647][ T5846] usb 7-1: USB disconnect, device number 5
[  366.037065][   T10] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  366.060941][   T10] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  366.222350][ T6997] netlink: 24 bytes leftover after parsing attributes in process `syz.5.219'.
[  366.276462][   T45] em28xx 6-1:0.0: Unknown AC97 audio processor detected!
[  366.290271][   T45] em28xx 6-1:0.0: couldn't setup AC97 register 2
[  366.299669][   T45] em28xx 6-1:0.0: couldn't setup AC97 register 4
[  366.311708][   T45] em28xx 6-1:0.0: couldn't setup AC97 register 6
[  366.321609][   T45] em28xx 6-1:0.0: couldn't setup AC97 register 54
[  366.478197][ T5838] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  366.502747][ T5884] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  366.671564][ T5884] usb 3-1: Using ep0 maxpacket: 32
[  366.699659][ T5838] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.710224][ T5838] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  366.724216][ T5884] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  366.733744][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.748211][ T5884] usb 3-1: config 0 descriptor??
[  366.761781][   T10] em28xx 2-1:0.0: AC97 command still being executed: not handled properly!
[  366.771195][   T10] em28xx 2-1:0.0: Unknown AC97 audio processor detected!
[  366.795173][ T5838] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  366.796812][   T45] em28xx 6-1:0.0: couldn't setup AC97 register 56
[  366.804980][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.819714][ T5838] usb 4-1: Product: syz
[  366.824427][ T5838] usb 4-1: Manufacturer: syz
[  366.829359][ T5838] usb 4-1: SerialNumber: syz
[  366.839563][   T45] usb 6-1: USB disconnect, device number 5
[  366.999108][ T5884] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  367.025856][ T5884] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  367.071757][ T5884] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  367.079401][ T5884] usb 3-1: media controller created
[  367.154777][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  367.192851][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 2
[  367.434530][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 4
[  367.444904][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 6
[  367.456540][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 54
[  367.471976][ T5838] usb 4-1: 0:2 : does not exist
[  367.532925][ T5838] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  367.644143][ T7017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  367.653718][ T7017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  367.719997][ T7009] netlink: 8 bytes leftover after parsing attributes in process `syz.2.224'.
[  367.738238][ T5838] usb 4-1: USB disconnect, device number 17
[  367.748071][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 56
[  367.836599][ T5884] az6027: usb out operation failed. (-71)
[  367.842900][ T5884] stb0899_attach: Driver disabled by Kconfig
[  367.849194][ T5884] az6027: no front-end attached
[  367.849194][ T5884] 
[  367.858996][ T5884] az6027: usb out operation failed. (-71)
[  367.865253][ T5884] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  367.875984][ T5884] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input12
[  367.896164][ T5884] dvb-usb: schedule remote query interval to 400 msecs.
[  367.905255][ T5884] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  367.918436][ T5884] usb 3-1: USB disconnect, device number 25
[  368.074728][ T5884] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  368.107884][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 2
[  368.116577][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 4
[  368.124801][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 6
[  368.132870][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 54
[  368.139544][   T10] em28xx 2-1:0.0: couldn't setup AC97 register 56
[  368.168123][   T10] usb 2-1: USB disconnect, device number 15
[  368.699769][   T45] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  368.932472][   T45] usb 6-1: Using ep0 maxpacket: 8
[  368.954468][ T7026] binder: 7025:7026 ioctl c0306201 0 returned -14
[  369.040564][ T7028] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  371.094164][   T45] usb 6-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  371.103713][   T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.112990][   T45] usb 6-1: Product: syz
[  371.117434][   T45] usb 6-1: Manufacturer: syz
[  371.122359][   T45] usb 6-1: SerialNumber: syz
[  371.412079][   T45] usb 6-1: config 0 descriptor??
[  371.967146][ T7041] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  372.392660][   T45] usb 6-1: can't set config #0, error -71
[  372.402461][   T45] usb 6-1: USB disconnect, device number 6
[  375.083111][ T7063] netlink: 132 bytes leftover after parsing attributes in process `syz.2.243'.
[  378.800741][ T7109] block nbd2: NBD_DISCONNECT
[  379.422050][   T45] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  379.595100][ T7113] netlink: 72 bytes leftover after parsing attributes in process `syz.2.257'.
[  379.605534][ T5794] Bluetooth: hci2: command tx timeout
[  379.923500][ T7115] random: crng reseeded on system resumption
[  380.191267][   T45] usb 4-1: Using ep0 maxpacket: 16
[  380.477033][   T45] usb 4-1: unable to read config index 0 descriptor/all
[  380.490887][   T45] usb 4-1: can't read configurations, error -71
[  381.819539][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  381.915926][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  382.120471][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  382.222677][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  382.324822][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  382.631999][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  382.734713][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  382.941706][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  383.038785][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  383.057036][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  384.291779][   T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  385.092459][   T10] usb 7-1: Using ep0 maxpacket: 16
[  386.593235][   T10] usb 7-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  386.602779][   T10] usb 7-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  386.611340][   T10] usb 7-1: Product: syz
[  386.615731][   T10] usb 7-1: Manufacturer: syz
[  386.620551][   T10] usb 7-1: SerialNumber: syz
[  386.649394][   T10] usb 7-1: config 0 descriptor??
[  388.819860][   T45] usb 7-1: USB disconnect, device number 6
[  394.674412][ T7162] 8021q: adding VLAN 0 to HW filter on device bond0
[  394.694130][ T7162] bond0: (slave rose0): Enslaving as an active interface with an up link
[  396.392411][ T7172] Bluetooth: MGMT ver 1.23
[  396.560723][ T7181] netlink: 40 bytes leftover after parsing attributes in process `syz.6.280'.
[  399.420489][ T7199] xt_NFQUEUE: number of queues (3) out of range (got 65536)
[  399.548241][ T7197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.286'.
[  400.298584][ T7204] vxcan1 speed is unknown, defaulting to 1000
[  400.307519][ T7204] vxcan1 speed is unknown, defaulting to 1000
[  400.314979][ T7204] vxcan1 speed is unknown, defaulting to 1000
[  400.725861][ T7204] infiniband syz1: set active
[  400.730831][ T7204] infiniband syz1: added vxcan1
[  400.743126][ T5847] vxcan1 speed is unknown, defaulting to 1000
[  400.946578][ T7204] RDS/IB: syz1: added
[  400.950842][ T7204] smc: adding ib device syz1 with port count 1
[  400.964964][ T7204] smc:    ib device syz1 port 1 has pnetid 
[  400.978138][ T7204] vxcan1 speed is unknown, defaulting to 1000
[  401.410005][ T7204] vxcan1 speed is unknown, defaulting to 1000
[  401.832559][ T7204] vxcan1 speed is unknown, defaulting to 1000
[  402.257512][ T7204] vxcan1 speed is unknown, defaulting to 1000
[  402.687090][ T7204] vxcan1 speed is unknown, defaulting to 1000
[  402.813416][ T5847] vxcan1 speed is unknown, defaulting to 1000
[  403.552289][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  403.558968][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  403.645192][ T5847] kernel write not supported for file /bluetooth/6lowpan_control (pid: 5847 comm: kworker/1:5)
[  407.429150][ T7253] program syz.2.302 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  411.101956][ T7263] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  411.109203][ T7263] overlayfs: failed to set xattr on upper
[  411.115467][ T7263] overlayfs: ...falling back to index=off.
[  411.121580][ T7263] overlayfs: ...falling back to uuid=null.
[  411.130232][ T7277] syz.5.314 uses obsolete (PF_INET,SOCK_PACKET)
[  412.035666][ T7284] vcan0: tx drop: invalid da for name 0x0000000000000001
[  412.162749][ T7288] netlink: 'syz.1.315': attribute type 2 has an invalid length.
[  412.170640][ T7288] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.315'.
[  416.602237][   T52] Bluetooth: hci5: command 0x0405 tx timeout
[  425.461300][ T7362] random: crng reseeded on system resumption
[  426.014946][ T7365] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  426.100201][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  426.184312][ T5794] Bluetooth: hci2: command 0x0406 tx timeout
[  426.190728][ T5794] Bluetooth: hci5: command 0x0405 tx timeout
[  426.337478][ T7368] netlink: 36 bytes leftover after parsing attributes in process `syz.1.346'.
[  426.347056][ T7368] netlink: 16 bytes leftover after parsing attributes in process `syz.1.346'.
[  426.362119][ T7368] netlink: 36 bytes leftover after parsing attributes in process `syz.1.346'.
[  426.373134][ T7368] netlink: 36 bytes leftover after parsing attributes in process `syz.1.346'.
[  427.648272][ T7384] netlink: 20 bytes leftover after parsing attributes in process `syz.1.350'.
[  430.034553][ T5884] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  432.856835][ T7402] syz.1.359 (7402) used obsolete PPPIOCDETACH ioctl
[  435.099762][ T7409] netlink: 4 bytes leftover after parsing attributes in process `syz.6.362'.
[  435.123594][ T7409] ipvlan2: entered promiscuous mode
[  435.488698][ T7415] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  435.502940][ T7415] 
@ÿ: renamed from vlan0 (while UP)
[  442.794878][ T7451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.376'.
[  446.022063][ T7475] =====================================================
[  446.029502][ T7475] BUG: KMSAN: uninit-value in ieee802154_hdr_push+0x971/0xb90
[  446.037335][ T7475]  ieee802154_hdr_push+0x971/0xb90
[  446.042783][ T7475]  ieee802154_header_create+0x9bc/0xc70
[  446.048537][ T7475]  dgram_sendmsg+0xd5a/0x15a0
[  446.053556][ T7475]  ieee802154_sock_sendmsg+0x96/0xd0
[  446.059065][ T7475]  __sock_sendmsg+0x30f/0x380
[  446.064177][ T7475]  ____sys_sendmsg+0x877/0xb60
[  446.069145][ T7475]  ___sys_sendmsg+0x28d/0x3c0
[  446.074317][ T7475]  __x64_sys_sendmsg+0x212/0x3c0
[  446.079467][ T7475]  x64_sys_call+0x2ed6/0x3c30
[  446.084929][ T7475]  do_syscall_64+0xcd/0x1e0
[  446.089620][ T7475]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.095893][ T7475] 
[  446.098316][ T7475] Local variable hdr created at:
[  446.103470][ T7475]  ieee802154_header_create+0x4e/0xc70
[  446.109133][ T7475]  dgram_sendmsg+0xd5a/0x15a0
[  446.114145][ T7475] 
[  446.122272][ T7475] CPU: 1 UID: 0 PID: 7475 Comm: syz.2.384 Not tainted 6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  446.136028][ T7475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  446.147071][ T7475] =====================================================
[  446.154271][ T7475] Disabling lock debugging due to kernel taint
[  446.160546][ T7475] Kernel panic - not syncing: kmsan.panic set ...
[  446.167100][ T7475] CPU: 1 UID: 0 PID: 7475 Comm: syz.2.384 Tainted: G    B              6.13.0-rc6-syzkaller-00036-gfbfd64d25c7a #0
[  446.179385][ T7475] Tainted: [B]=BAD_PAGE
[  446.183641][ T7475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  446.193834][ T7475] Call Trace:
[  446.197214][ T7475]  <TASK>
[  446.200246][ T7475]  dump_stack_lvl+0x216/0x2d0
[  446.205136][ T7475]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  446.211134][ T7475]  dump_stack+0x1e/0x24
[  446.215479][ T7475]  panic+0x4e2/0xcf0
[  446.219570][ T7475]  ? kmsan_get_metadata+0x81/0x1c0
[  446.224872][ T7475]  kmsan_report+0x2c7/0x2d0
[  446.229540][ T7475]  ? kmsan_internal_chain_origin+0xb0/0xd0
[  446.235561][ T7475]  ? __msan_warning+0x95/0x120
[  446.240521][ T7475]  ? ieee802154_hdr_push+0x971/0xb90
[  446.246011][ T7475]  ? ieee802154_header_create+0x9bc/0xc70
[  446.251930][ T7475]  ? dgram_sendmsg+0xd5a/0x15a0
[  446.256963][ T7475]  ? ieee802154_sock_sendmsg+0x96/0xd0
[  446.262616][ T7475]  ? __sock_sendmsg+0x30f/0x380
[  446.267716][ T7475]  ? ____sys_sendmsg+0x877/0xb60
[  446.272859][ T7475]  ? ___sys_sendmsg+0x28d/0x3c0
[  446.277895][ T7475]  ? __x64_sys_sendmsg+0x212/0x3c0
[  446.283187][ T7475]  ? x64_sys_call+0x2ed6/0x3c30
[  446.288239][ T7475]  ? do_syscall_64+0xcd/0x1e0
[  446.293074][ T7475]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.299349][ T7475]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.305621][ T7475]  ? ieee802154_header_create+0x99f/0xc70
[  446.311520][ T7475]  ? kmsan_get_metadata+0x13e/0x1c0
[  446.316902][ T7475]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  446.323451][ T7475]  ? kmsan_get_metadata+0x13e/0x1c0
[  446.328810][ T7475]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  446.334834][ T7475]  ? _raw_spin_unlock_irqrestore+0x3f/0x60
[  446.340853][ T7475]  ? stack_depot_save_flags+0x6db/0x750
[  446.346595][ T7475]  ? kmsan_get_metadata+0x13e/0x1c0
[  446.351957][ T7475]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  446.358514][ T7475]  ? kmsan_get_metadata+0x13e/0x1c0
[  446.363879][ T7475]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  446.369857][ T7475]  __msan_warning+0x95/0x120
[  446.374647][ T7475]  ieee802154_hdr_push+0x971/0xb90
[  446.379986][ T7475]  ? __msan_memcpy+0x108/0x1c0
[  446.384952][ T7475]  ieee802154_header_create+0x9bc/0xc70
[  446.390709][ T7475]  ? __pfx_ieee802154_header_create+0x10/0x10
[  446.396964][ T7475]  dgram_sendmsg+0xd5a/0x15a0
[  446.401834][ T7475]  ? __pfx_dgram_sendmsg+0x10/0x10
[  446.407124][ T7475]  ieee802154_sock_sendmsg+0x96/0xd0
[  446.412611][ T7475]  ? __pfx_ieee802154_sock_sendmsg+0x10/0x10
[  446.418782][ T7475]  ? __pfx_ieee802154_sock_sendmsg+0x10/0x10
[  446.424958][ T7475]  __sock_sendmsg+0x30f/0x380
[  446.429851][ T7475]  ____sys_sendmsg+0x877/0xb60
[  446.434818][ T7475]  ___sys_sendmsg+0x28d/0x3c0
[  446.439687][ T7475]  ? __rcu_read_unlock+0x7b/0xe0
[  446.444829][ T7475]  ? __fget_files+0x42b/0x500
[  446.449681][ T7475]  ? kmsan_get_metadata+0x13e/0x1c0
[  446.455050][ T7475]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  446.461032][ T7475]  __x64_sys_sendmsg+0x212/0x3c0
[  446.466172][ T7475]  ? kmsan_get_metadata+0x13e/0x1c0
[  446.471584][ T7475]  x64_sys_call+0x2ed6/0x3c30
[  446.476472][ T7475]  do_syscall_64+0xcd/0x1e0
[  446.481134][ T7475]  ? clear_bhb_loop+0x25/0x80
[  446.486014][ T7475]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.492117][ T7475] RIP: 0033:0x7fd4aa785d29
[  446.496685][ T7475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  446.516513][ T7475] RSP: 002b:00007fd4ab5b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  446.525123][ T7475] RAX: ffffffffffffffda RBX: 00007fd4aa976080 RCX: 00007fd4aa785d29
[  446.533255][ T7475] RDX: 0000000000000000 RSI: 00000000200018c0 RDI: 0000000000000009
[  446.541375][ T7475] RBP: 00007fd4aa801b08 R08: 0000000000000000 R09: 0000000000000000
[  446.549488][ T7475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  446.557596][ T7475] R13: 0000000000000000 R14: 00007fd4aa976080 R15: 00007ffc249c4518
[  446.565730][ T7475]  </TASK>
[  446.569139][ T7475] Kernel Offset: disabled
[  446.573542][ T7475] Rebooting in 86400 seconds..