last executing test programs:

19.75162637s ago: executing program 3 (id=326):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
timer_create(0x2, 0x0, &(0x7f00000003c0))
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ppoll(&(0x7f0000000080)=[{}, {}], 0x20000000000000e8, &(0x7f0000000140), &(0x7f00000000c0), 0x8)
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f00000000c0)=0x1)
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240), 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x10, 0x10002)
ioctl$DRM_IOCTL_MODE_RMFB(r1, 0xc00464af, &(0x7f0000000080))
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = semget$private(0x0, 0x4000000009, 0x0)
semtimedop(r2, &(0x7f0000000080)=[{0x3, 0x3}, {0x3, 0xfff8, 0x1000}], 0x2, 0x0)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000040))
syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0xf)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040e04004120"], 0x7)
socket$inet6(0xa, 0x6, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

15.322739345s ago: executing program 3 (id=336):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c00028018000280"], 0x94}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001000370400"/20, @ANYRES32=0x0, @ANYRESDEC=r0], 0x54}}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000300)={'filter\x00', 0x6002, 0x4, 0x3d0, 0x200, 0x2e8, 0x200, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7}}}, {{@arp={@dev, @remote, 0x0, 0x0, 0x0, 0xfe, {@empty, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_vlan\x00', 'nicvf0\x00', {}, {}, 0x0, 0x80}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @private, 0x0, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xf0}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x420)
fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0)
epoll_create(0x207ffd)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="2c000000000000000000000000e5ffff9400000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r7, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r6, 0x4c00, r7)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x8, 0x18, "522530d6e597ca54b72437f1295d5713b017ddc8f03f7f943138fae1b43b3983d7433f8f9a2df4e1857ad78ca88090d709b29ee7c21514bb85393764aaa5f78a", "012a519a6f0231ce4623c52b637a4b34dcce6a392e161f8e3010abda97c64ba2", [0x7, 0xb]})
ioctl$LOOP_CLR_FD(r6, 0x4c01)

14.521448779s ago: executing program 3 (id=339):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ftruncate(r1, 0x8208200)
r2 = open(&(0x7f0000000780)='./bus\x00', 0x14117e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r2, 0x0)
sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r6, 0x0, 0x0, 0x5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x10000000, 0xfffffffffffffffe, 0x1, 0x0, 0x0, 0x5]})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3], 0x0, 0x41901})
truncate(&(0x7f0000000080)='./bus\x00', 0x4)

13.956768499s ago: executing program 2 (id=342):
r0 = io_uring_setup(0x2e34, &(0x7f0000000180))
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000580)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e080039503230"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r3, &(0x7f00000000c0)={0x18, 0x0, 0x0, {0x7ff}}, 0x18)
write$FUSE_INIT(r3, &(0x7f0000000180)={0x50}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
openat2(r4, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x8}, 0x18)
close_range(r0, 0xffffffffffffffff, 0x0)

13.744904042s ago: executing program 2 (id=343):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c00028018000280"], 0x94}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001000370400"/20, @ANYRES32=0x0, @ANYRESDEC=r0], 0x54}}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000300)={'filter\x00', 0x6002, 0x4, 0x3d0, 0x200, 0x2e8, 0x200, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7}}}, {{@arp={@dev, @remote, 0x0, 0x0, 0x0, 0xfe, {@empty, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_vlan\x00', 'nicvf0\x00', {}, {}, 0x0, 0x80}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @private, 0x0, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xf0}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x420)
fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
epoll_create(0x207ffd)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="2c000000000000000000000000e5ffff9400000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r7, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x8, 0x18, "522530d6e597ca54b72437f1295d5713b017ddc8f03f7f943138fae1b43b3983d7433f8f9a2df4e1857ad78ca88090d709b29ee7c21514bb85393764aaa5f78a", "012a519a6f0231ce4623c52b637a4b34dcce6a392e161f8e3010abda97c64ba2", [0x7, 0xb]})

12.25974787s ago: executing program 2 (id=347):
openat$nullb(0xffffffffffffff9c, 0x0, 0x149380, 0x0)
r0 = gettid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
ptrace(0x10, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$key(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="021208072100000025bd7000fdd9df259fa73c92c8be9783ff0000000000000019000800c805000095a7ad211039f818fd4f5224672e3c2fd4ea93ddbe7b33bfc147ccefe721a2b1da9dc7b2cbcab66fa62c42a8f2a2ebc9a9d9dd0654e2b7fa0ff7ebe389165cf129fa6f86600bd8e487a1766e1938590adf96bc092437f27cd5980df1369af215ae3b978cdba95c932e589b52451ff4d77cdd9477a913257ba28786e6e7e0649d4511162f2970a420c23201b5bc073319f1608111d68af2d380be17a2024fe12455b87d4b3760466855ac8596f4ea27d0d84c35d7539c71c7ca9fbff302f921700fa2cd1fe68f689c00000000000000040003000900000001000000000000000900000000000000ff070000000000009e385f2cc8a1004b62e15324bb6f93a9e0d8cc3d3f22ffe80bd9e1592b07cd2b44209352cc7d75ba2852"], 0x108}}, 0x80)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4)
ioctl$AUTOFS_IOC_READY(r3, 0x800442d2, 0x200000f3)
sendmsg$nl_generic(r2, 0x0, 0xc000)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x1c8, 0x12)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0xf00, 0x0)
fanotify_mark(r6, 0x1, 0x5000003a, r5, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)

11.358316604s ago: executing program 3 (id=351):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_emit_ethernet(0x846, &(0x7f00000005c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa2386dd"], 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000000)={0x7, {{0xa, 0x4e21, 0xd, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3a}}, 0xe}}}, 0x88)

11.210953874s ago: executing program 3 (id=352):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg2\x00', <r3=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x24, r2, 0x5, 0x70bd2a, 0x25dfdbfd, {0x1, 0x0, 0xffa7}, [@WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40)

10.151204214s ago: executing program 3 (id=354):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r1, 0x0, 0xb8)
r2 = openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup3(r2, r1, 0x0)

10.1363848s ago: executing program 2 (id=355):
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r0 = syz_usb_connect(0x2, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$uac1(0x0, 0xaf, &(0x7f0000000180)=ANY=[], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$USBDEVFS_CLEAR_HALT(0xffffffffffffffff, 0xc0105502, 0x0)

8.069583053s ago: executing program 1 (id=361):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r0}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b0f, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x600000, 0x48)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_emit_ethernet(0x1de, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a601a80000fc020000000000000000000000000000fe8000000000000000000000000000aa22340502"], 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
lseek(r2, 0xfffffffffffffffe, 0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='sched_switch\x00', r3, 0x0, 0xffffffffffffffff}, 0x18)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102386, 0x18ff2)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setitimer(0x2, &(0x7f0000000340)={{0x77359400}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e06bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b27663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3800000000000000009c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488a0200000000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e4a59414329a7c7f2fad6bc871f5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561fe589e0d12969bc982ff3f0000006c0c6c747d9a1cc500bb89283a16ff10feea20bdac0000000000000000ca06f256a55591019465f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f3e49db5a1517ee40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a3dc4e97f7fda840bcdd3afaa0d7c3c229de4f0f4ac4d04f1ace52e38325ca2e5f1f9caaa7234053eca09ec3c8c16940bc3edfb2e016f355391c0e7"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff0012fe00632f77fbac141416ac14141602089f034d2f87e5070c0cab845013f2325f1a39010702038da1880525181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendto$llc(r7, &(0x7f0000000d80)="5ca02049a8825024892f61601e3137d09d6e5d0e54d55be9d6d460eb78e3eb94c0b3866b091d34dc3ed67172ae1e7f390d505c084609e4491d372fe4888a3c3e660cc6fc3fd9b97c6c923389653eb074d9", 0x51, 0x0, &(0x7f0000000380), 0x10)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x8, 0x0)
mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0)='jfs\x00', 0x0, 0x0)

7.611767525s ago: executing program 0 (id=363):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000540)={0x1, 0xcc, 0xd, 0x9, 0x6, 0x7f, 0x8, 0x45, 0x7, 0x1, 0x1000, 0x1})
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], 0x0, 0x2, 0xd1, &(0x7f0000000600)=""/209, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7fffffff, @void, @value}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
io_setup(0x7, &(0x7f0000000280)=<r7=>0x0)
r8 = openat$sysfs(0xffffff9c, &(0x7f0000000580)='/sys/kernel/crash_elfcorehdr_size', 0x103700, 0x55)
io_submit(r7, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x4000, 0x0, 0x0, 0x0, r8, &(0x7f0000000000), 0xfffffc98}])

6.906739262s ago: executing program 1 (id=364):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x60, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="4db55f2f459b868a5b7f20e5b6bc97c5ffb03429b5d0c92594d0719acdd4"], 0x48)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
futex(0xfffffffffffffffd, 0x6, 0x0, 0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x2c, r3, 0x1, 0x0, 0x0, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x40030000000000}, 0x0)
mkdir(0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {0x4, 0x1, 0xb, 0x9, 0xa}}}, &(0x7f0000000200)='syzkaller\x00', 0x9, 0x1003, &(0x7f0000001e40)=""/4099, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x38, r8, 0x800, 0x70bd2a, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0xfac01}, @NL80211_ATTR_WPA_VERSIONS={0x8}]]}, 0x38}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)

6.710391824s ago: executing program 0 (id=365):
openat$nullb(0xffffffffffffff9c, 0x0, 0x149380, 0x0)
r0 = gettid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
ptrace(0x10, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$key(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="021208072100000025bd7000fdd9df259fa73c92c8be9783ff0000000000000019000800c805000095a7ad211039f818fd4f5224672e3c2fd4ea93ddbe7b33bfc147ccefe721a2b1da9dc7b2cbcab66fa62c42a8f2a2ebc9a9d9dd0654e2b7fa0ff7ebe389165cf129fa6f86600bd8e487a1766e1938590adf96bc092437f27cd5980df1369af215ae3b978cdba95c932e589b52451ff4d77cdd9477a913257ba28786e6e7e0649d4511162f2970a420c23201b5bc073319f1608111d68af2d380be17a2024fe12455b87d4b3760466855ac8596f4ea27d0d84c35d7539c71c7ca9fbff302f921700fa2cd1fe68f689c00000000000000040003000900000001000000000000000900000000000000ff070000000000009e385f2cc8a1004b62e15324bb6f93a9e0d8cc3d3f22ffe80bd9e1592b07cd2b44209352cc7d75ba2852"], 0x108}}, 0x80)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4)
ioctl$AUTOFS_IOC_READY(r3, 0x800442d2, 0x200000f3)
sendmsg$nl_generic(r2, 0x0, 0xc000)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x1c8, 0x12)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0xf00, 0x0)
fanotify_mark(r6, 0x1, 0x5000003a, r5, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)

6.244047047s ago: executing program 1 (id=367):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c00028018000280"], 0x94}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001000370400"/20, @ANYRES32=0x0, @ANYRESDEC=r0], 0x54}}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000300)={'filter\x00', 0x6002, 0x4, 0x3d0, 0x200, 0x2e8, 0x200, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7}}}, {{@arp={@dev, @remote, 0x0, 0x0, 0x0, 0xfe, {@empty, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_vlan\x00', 'nicvf0\x00', {}, {}, 0x0, 0x80}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @private, 0x0, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xf0}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x420)
fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0)
epoll_create(0x207ffd)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="2c000000000000000000000000e5ffff9400000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r7, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x8, 0x18, "522530d6e597ca54b72437f1295d5713b017ddc8f03f7f943138fae1b43b3983d7433f8f9a2df4e1857ad78ca88090d709b29ee7c21514bb85393764aaa5f78a", "012a519a6f0231ce4623c52b637a4b34dcce6a392e161f8e3010abda97c64ba2", [0x7, 0xb]})
socket$key(0xf, 0x3, 0x2)
ioctl$LOOP_CLR_FD(r6, 0x4c01)

6.073459652s ago: executing program 0 (id=368):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0x40046f41, 0x20000502)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='cdg\x00', 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1, <r3=>0xffffffffffffffff}, 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r3}, 0x4)

5.545612918s ago: executing program 1 (id=369):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r0, 0x100101)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair(0x21, 0x2, 0x2, &(0x7f0000000000))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f28000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0xe8}}, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = socket(0x2000000000000021, 0x2, 0x2)
shutdown(r5, 0x2)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='cgroup\x00')
pread64(r6, 0x0, 0x0, 0x200)
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xc0e1)

5.490322973s ago: executing program 2 (id=370):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c00028018000280"], 0x94}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001000370400"/20, @ANYRES32=0x0, @ANYRESDEC=r0], 0x54}}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000300)={'filter\x00', 0x6002, 0x4, 0x3d0, 0x200, 0x2e8, 0x200, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7}}}, {{@arp={@dev, @remote, 0x0, 0x0, 0x0, 0xfe, {@empty, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_vlan\x00', 'nicvf0\x00', {}, {}, 0x0, 0x80}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @private, 0x0, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xf0}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x420)
fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0)
epoll_create(0x207ffd)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="2c000000000000000000000000e5ffff9400000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r7, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x8, 0x18, "522530d6e597ca54b72437f1295d5713b017ddc8f03f7f943138fae1b43b3983d7433f8f9a2df4e1857ad78ca88090d709b29ee7c21514bb85393764aaa5f78a", "012a519a6f0231ce4623c52b637a4b34dcce6a392e161f8e3010abda97c64ba2", [0x7, 0xb]})

5.127131123s ago: executing program 4 (id=371):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000740)=@bpf_tracing={0x1a, 0x19, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xe7}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0xd, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x1, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x1e050, 0xffffffffffffffff, 0x4, &(0x7f0000000680)=[0x1, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f00000006c0)=[{0x2, 0x5, 0x2, 0x3bda96e79b0c1475}, {0x1, 0x5, 0xc, 0xb}, {0x3, 0x5, 0x5}, {0x0, 0x2, 0x7, 0xc}], 0x10, 0xc, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002480)=[{{&(0x7f0000000380)={0xa, 0x0, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1400000000000000290000000b000000000091d3000000001400000000000000290000003e000000010000000000000014000000000000002900000034000000000000000000000050"], 0x98}}, {{&(0x7f0000000000)={0xa, 0x4e22, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000029000000040000002f00002900000004000000330000000000"], 0x30}}], 0x2, 0x0)

4.656333975s ago: executing program 2 (id=372):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000400)={0x24, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x1, "b8248a1a"}, @main=@item_4={0x3, 0x0, 0xb, "00106a00"}, @global=@item_4={0x3, 0x1, 0xa, "9ae334b6"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCSFLAG(r1, 0x4004480f, &(0x7f00000000c0)=0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
r4 = socket(0xa, 0x2, 0x0)
getsockopt$bt_BT_SECURITY(r4, 0x29, 0x21, 0x0, 0x20000000)
sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x5c, 0x0, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @loopback}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @remote}}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}]}, 0x5c}}, 0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f8, 0xc8, 0x5802, 0x294, 0x0, 0x294, 0x228, 0x378, 0x378, 0x228, 0x378, 0x3, 0x0, {[{{@uncond, 0xf202, 0xa8, 0xc8, 0x52020000, {0x0, 0x600}}, @unspec=@TRACE={0x20}}, {{@ipv6={@empty, @private0, [], [], 'team_slave_1\x00', 'veth0_to_bridge\x00', {}, {}, 0x87}, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@mh={{0x28}, {"123a", 0x4}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358)

4.297501299s ago: executing program 0 (id=373):
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = io_uring_setup(0x6a7, &(0x7f00000006c0)={0x0, 0x2761, 0x80, 0x2, 0x391})
syz_io_uring_setup(0x713a, &(0x7f0000000580)={0x0, 0x47c0, 0x4000, 0x0, 0x69, 0x0, r1}, &(0x7f0000000340)=<r2=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706006e652043617074557265272030303030303034303030303030303030303030300a203030303030303030303030303030303030303030"], 0xb8)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r4, r3, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a00)='./file1\x00', &(0x7f0000000000)='omfs\x00', 0x840, &(0x7f00000003c0)=',\x00#\x18\x05}\xaf\x04\xf2\xda\xef\xc4\xed\x8cY\xd5.Q;\x98\x12\xfd\r/\x14 \x18\x84\xb4\xa3X\xf8\x94\xc6\x9eW\xdb\x83;\x96\xe3u\xd8\xa4\xf8\xae\x8e\x18\xaa\xaa\xf8X\x82\xf2\x93\xe8\x90$\x98\xda\xdc\vj\xdc\x9d\x98\x14\xe8\x17\xf6\x9e+\x92lc\xfa\xff\x99\xe7\x8dF|\x8bX\xec=\xed\x87\xebh\x92\xce+\x9c\xa4NY\x9d\'(\xcd\xc7*C=yJ\x04\x8d\x0fV\xcb\xed\x80g\x1f\x91\x8f1\x8d\x81{\xc8#\xb4\x13\xac\x1c\x86\xd7\x13\x10\xc8\xccV\x0f\xf6\xe9*\xa3\xb5\x98\xfa\xbf\x96\xf8p@\xbeG4\x15\xa0t@\x90\xf9\xae{\xe5\xb1c~\xc9\x80O\xc4\xdbA>\xef\xc0\xa3\x10\x9dg\x10w\xa5\xbb9?LD]\xaf\x9f\xc3\xf9D\'\xa1\xc4\xd6\x01\xa6d\xf5\x18\b6C\xb7\xfc')

4.134545414s ago: executing program 4 (id=374):
creat(&(0x7f0000000000)='./file0\x00', 0x80)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
socket$inet6_udp(0xa, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = add_key(&(0x7f0000000040)='rxrpc\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$read(0xb, r4, 0x0, 0x0)

4.060655499s ago: executing program 0 (id=375):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000540)={0x1, 0xcc, 0xd, 0x9, 0x6, 0x7f, 0x8, 0x45, 0x7, 0x1, 0x1000, 0x1})
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], 0x0, 0x2, 0xd1, &(0x7f0000000600)=""/209, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7fffffff, @void, @value}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r2}, 0x20)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
io_setup(0x7, &(0x7f0000000280)=<r7=>0x0)
r8 = openat$sysfs(0xffffff9c, &(0x7f0000000580)='/sys/kernel/crash_elfcorehdr_size', 0x103700, 0x55)
io_submit(r7, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x4000, 0x0, 0x0, 0x0, r8, &(0x7f0000000000), 0xfffffc98}])

2.851912957s ago: executing program 4 (id=376):
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_setup(0x6a7, &(0x7f00000006c0)={0x0, 0x2761, 0x80, 0x2, 0x391})
syz_io_uring_setup(0x713a, 0x0, &(0x7f0000000340)=<r2=>0x0, &(0x7f00000004c0)=<r3=>0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706006e652043617074557265272030303030303034303030303030303030303030300a2030303030303030303030303030303030303030300a4f4741494e1357c17f9431f59b0a4449474954414c33"], 0xb8)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10)
getpeername$packet(r0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10, 0x0}}, {{&(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x200}}], 0x18}}], 0x2, 0x840)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})

2.763333072s ago: executing program 0 (id=377):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb300, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x1000, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x0, 0x40}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="240000001e0001"], 0x24}}, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="002207000000ab"], 0x0}, 0x0)
r2 = syz_usb_connect$printer(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r3, &(0x7f0000000000)=0x12f, 0x12)
r4 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000540)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00012766d21eb6bd7000fcdbdf251000000008000800c5090000080008000000000008000800072c66be9add656bd04e9b5b7cb864f73b89c520bb96549a5e9a5ca132d089feac74569f772fb919ea236851392898b4e408b04148b3fe195c292196ea125b4400000000000002368093561bca83858005bd7c8f0a389fe6f66339d528fc4be833ad19c2073ecb6a2cd0959338dc75a36a926b0475d2bd41f3253f99e6118a5f53786ed8fb2f34c79c48c590f0dcedd1a05e71a40941a2d9071550ba1368271ae856c4"], 0x2c}, 0x1, 0x0, 0x0, 0x805}, 0x0)
read$snddsp(r3, &(0x7f0000000240)=""/4096, 0x1000)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUTCMAP(r6, 0x4605, &(0x7f0000000200)={0x4, 0x5, &(0x7f0000000100)=[0x6, 0x9, 0x6, 0x400, 0x1], &(0x7f0000000080), &(0x7f00000000c0), &(0x7f00000001c0)})
r7 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r7, 0x400442c8, &(0x7f00000000c0)=ANY=[@ANYRES32=r5])

2.099733905s ago: executing program 4 (id=378):
openat$nullb(0xffffffffffffff9c, 0x0, 0x149380, 0x0)
r0 = gettid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
ptrace(0x10, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$key(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="021208072100000025bd7000fdd9df259fa73c92c8be9783ff0000000000000019000800c805000095a7ad211039f818fd4f5224672e3c2fd4ea93ddbe7b33bfc147ccefe721a2b1da9dc7b2cbcab66fa62c42a8f2a2ebc9a9d9dd0654e2b7fa0ff7ebe389165cf129fa6f86600bd8e487a1766e1938590adf96bc092437f27cd5980df1369af215ae3b978cdba95c932e589b52451ff4d77cdd9477a913257ba28786e6e7e0649d4511162f2970a420c23201b5bc073319f1608111d68af2d380be17a2024fe12455b87d4b3760466855ac8596f4ea27d0d84c35d7539c71c7ca9fbff302f921700fa2cd1fe68f689c00000000000000040003000900000001000000000000000900000000000000ff070000000000009e385f2cc8a1004b62e15324bb6f93a9e0d8cc3d3f22ffe80bd9e1592b07cd2b44209352cc7d75ba2852"], 0x108}}, 0x80)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4)
ioctl$AUTOFS_IOC_READY(r3, 0x800442d2, 0x200000f3)
sendmsg$nl_generic(r2, 0x0, 0xc000)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x1c8, 0x12)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0xf00, 0x0)
fanotify_mark(r6, 0x1, 0x5000003a, r5, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)

1.393357697s ago: executing program 1 (id=379):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_vhci(&(0x7f00000004c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x1b}, @l2cap_cid_signaling={{0x17}, [@l2cap_move_chan_req={{0xe, 0x1, 0x3}, {0x6, 0x1f}}, @l2cap_conn_req={{0x2, 0x9, 0x4}, {0x9, 0x9}}, @l2cap_move_chan_cfm={{0x10, 0x1, 0x4}, {0x0, 0xc}}]}}, 0x20)
process_madvise(0xffffffffffffffff, &(0x7f0000000200), 0x1000000000000276, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team_slave_0\x00'})
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r4, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r4, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
r5 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r5, &(0x7f0000000100)=@in4={0x21, 0x0, 0x2, 0x5, {0x2, 0x0, @remote}}, 0x24)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20)
r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0xd8041, 0x0)
read$FUSE(r0, &(0x7f0000000580)={0x2020, 0x0, <r7=>0x0}, 0x2020)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a0b04000000004000000002000000180004"], 0x58}}, 0x0)
write$FUSE_IOCTL(r6, &(0x7f0000000200)={0x20, 0x0, r7, {0x7ff, 0x4, 0x8355}}, 0x20)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000b00000008000300000000000c0001"], 0x28}}, 0x0)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001f000504000000000000000004"], 0x114}], 0x1}, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="180200000900000000000000002b9f13bfe3ef44e800130085000000230000009500000000000000f38f007b6c6b689bfa7984a250e5108674cbb0985f2ca0348882b935badaaf13da1d4d4cf2316434f326b40453d207b556625a8872fcb7f36e65d0de5e9cba9482c0596dd91ad25f7c16872e86ef265b06961710c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$VIDIOC_S_TUNER(r6, 0x4054561e, &(0x7f0000000240)={0x1, "e7a3bd1bc10b69233024190bab2e04f3c15b48f7f85196dd0431756e683aa94b", 0x7, 0x8, 0xa, 0x8, 0x8, 0x3, 0x10001, 0x2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

1.3329746s ago: executing program 4 (id=380):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c00028018000280"], 0x94}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001000370400"/20, @ANYRES32=0x0, @ANYRESDEC=r0], 0x54}}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000300)={'filter\x00', 0x6002, 0x4, 0x3d0, 0x200, 0x2e8, 0x200, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7}}}, {{@arp={@dev, @remote, 0x0, 0x0, 0x0, 0xfe, {@empty, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_vlan\x00', 'nicvf0\x00', {}, {}, 0x0, 0x80}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @private, 0x0, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xf0}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x420)
fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0)
epoll_create(0x207ffd)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="2c000000000000000000000000e5ffff9400000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r7, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x8, 0x18, "522530d6e597ca54b72437f1295d5713b017ddc8f03f7f943138fae1b43b3983d7433f8f9a2df4e1857ad78ca88090d709b29ee7c21514bb85393764aaa5f78a", "012a519a6f0231ce4623c52b637a4b34dcce6a392e161f8e3010abda97c64ba2", [0x7, 0xb]})
socket$key(0xf, 0x3, 0x2)
ioctl$LOOP_CLR_FD(r6, 0x4c01)

117.920821ms ago: executing program 1 (id=381):
r0 = io_uring_setup(0x2e34, &(0x7f0000000180))
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000580)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e08003950323030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r3, &(0x7f00000000c0)={0x18, 0x0, 0x0, {0x7ff}}, 0x18)
write$FUSE_INIT(r3, &(0x7f0000000180)={0x50}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
openat2(r4, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x8}, 0x18)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 4 (id=382):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c00028018000280"], 0x94}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001000370400"/20, @ANYRES32=0x0, @ANYRESDEC=r0], 0x54}}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000300)={'filter\x00', 0x6002, 0x4, 0x3d0, 0x200, 0x2e8, 0x200, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7}}}, {{@arp={@dev, @remote, 0x0, 0x0, 0x0, 0xfe, {@empty, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_vlan\x00', 'nicvf0\x00', {}, {}, 0x0, 0x80}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @private, 0x0, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xf0}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x420)
fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0)
epoll_create(0x207ffd)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="2c000000000000000000000000e5ffff9400000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r7, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x8, 0x18, "522530d6e597ca54b72437f1295d5713b017ddc8f03f7f943138fae1b43b3983d7433f8f9a2df4e1857ad78ca88090d709b29ee7c21514bb85393764aaa5f78a", "012a519a6f0231ce4623c52b637a4b34dcce6a392e161f8e3010abda97c64ba2", [0x7, 0xb]})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.15' (ED25519) to the list of known hosts.
[   63.230572][ T5804] cgroup: Unknown subsys name 'net'
[   63.356979][ T5804] cgroup: Unknown subsys name 'cpuset'
[   63.364841][ T5804] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   64.664253][ T5804] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   66.925229][ T5825] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   66.925229][ T5824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   66.955937][ T5824] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   66.957053][ T5830] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   66.966938][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   66.973629][ T5830] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   66.986585][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   66.987315][ T5830] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   67.001383][ T5826] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   67.002553][ T5830] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   67.009714][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   67.017469][ T5830] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   67.022642][ T5824] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   67.031380][ T5830] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   67.042503][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   67.044644][ T5830] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   67.052796][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   67.061702][ T5131] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   67.073678][ T5830] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   67.082350][ T5830] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   67.088300][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   67.089923][ T5131] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   67.098371][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   67.104364][ T5830] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   67.111183][ T5826] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   67.124926][ T5830] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   67.134349][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   67.142401][ T5825] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   67.154914][ T5825] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   67.162238][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   67.477289][ T5816] chnl_net:caif_netlink_parms(): no params data found
[   67.551606][ T5814] chnl_net:caif_netlink_parms(): no params data found
[   67.625401][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   67.697669][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   67.766438][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.775137][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.782425][ T5816] bridge_slave_0: entered allmulticast mode
[   67.789456][ T5816] bridge_slave_0: entered promiscuous mode
[   67.798776][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.805999][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.813163][ T5816] bridge_slave_1: entered allmulticast mode
[   67.819824][ T5816] bridge_slave_1: entered promiscuous mode
[   67.877705][ T5815] chnl_net:caif_netlink_parms(): no params data found
[   67.889545][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.900311][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.910058][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.918216][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.926486][ T5814] bridge_slave_0: entered allmulticast mode
[   67.933181][ T5814] bridge_slave_0: entered promiscuous mode
[   67.997413][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.004783][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.011904][ T5814] bridge_slave_1: entered allmulticast mode
[   68.019324][ T5814] bridge_slave_1: entered promiscuous mode
[   68.031793][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.039367][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.046877][ T5831] bridge_slave_0: entered allmulticast mode
[   68.053865][ T5831] bridge_slave_0: entered promiscuous mode
[   68.061037][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.068506][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.075790][ T5831] bridge_slave_1: entered allmulticast mode
[   68.082293][ T5831] bridge_slave_1: entered promiscuous mode
[   68.106390][ T5816] team0: Port device team_slave_0 added
[   68.130052][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.159700][ T5816] team0: Port device team_slave_1 added
[   68.187322][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.198250][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.229445][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.236777][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.244326][ T5815] bridge_slave_0: entered allmulticast mode
[   68.250833][ T5815] bridge_slave_0: entered promiscuous mode
[   68.258878][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.266617][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.274079][ T5815] bridge_slave_1: entered allmulticast mode
[   68.281050][ T5815] bridge_slave_1: entered promiscuous mode
[   68.304708][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.316922][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.324296][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.331456][ T5827] bridge_slave_0: entered allmulticast mode
[   68.338425][ T5827] bridge_slave_0: entered promiscuous mode
[   68.346477][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.354322][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.380340][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.402813][ T5814] team0: Port device team_slave_0 added
[   68.423117][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.430335][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.437894][ T5827] bridge_slave_1: entered allmulticast mode
[   68.445026][ T5827] bridge_slave_1: entered promiscuous mode
[   68.461130][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.469568][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.495831][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.517427][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.529094][ T5814] team0: Port device team_slave_1 added
[   68.537829][ T5831] team0: Port device team_slave_0 added
[   68.560080][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.584743][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.602755][ T5831] team0: Port device team_slave_1 added
[   68.618560][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.676984][ T5816] hsr_slave_0: entered promiscuous mode
[   68.683262][ T5816] hsr_slave_1: entered promiscuous mode
[   68.699237][ T5815] team0: Port device team_slave_0 added
[   68.708814][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.716048][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.742760][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.756671][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.763738][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.789713][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.801210][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.808494][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.834655][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.848880][ T5827] team0: Port device team_slave_0 added
[   68.856804][ T5827] team0: Port device team_slave_1 added
[   68.873698][ T5815] team0: Port device team_slave_1 added
[   68.884076][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.891036][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.916982][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.962969][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.970259][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.997740][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.010880][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.017924][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.043994][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.062399][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.069582][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.098074][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.098106][ T5825] Bluetooth: hci1: command tx timeout
[   69.110784][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.122104][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.148340][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.164131][ T5825] Bluetooth: hci2: command tx timeout
[   69.169525][ T5824] Bluetooth: hci3: command tx timeout
[   69.222226][ T5831] hsr_slave_0: entered promiscuous mode
[   69.228602][ T5831] hsr_slave_1: entered promiscuous mode
[   69.235194][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.242919][ T5831] Cannot create hsr debugfs directory
[   69.253589][ T5824] Bluetooth: hci4: command tx timeout
[   69.253869][ T5825] Bluetooth: hci0: command tx timeout
[   69.276327][ T5815] hsr_slave_0: entered promiscuous mode
[   69.282459][ T5815] hsr_slave_1: entered promiscuous mode
[   69.288936][ T5815] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.296983][ T5815] Cannot create hsr debugfs directory
[   69.316900][ T5814] hsr_slave_0: entered promiscuous mode
[   69.323063][ T5814] hsr_slave_1: entered promiscuous mode
[   69.331022][ T5814] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.338813][ T5814] Cannot create hsr debugfs directory
[   69.370435][ T5827] hsr_slave_0: entered promiscuous mode
[   69.378077][ T5827] hsr_slave_1: entered promiscuous mode
[   69.384163][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.391708][ T5827] Cannot create hsr debugfs directory
[   69.710621][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   69.722107][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   69.731804][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   69.745597][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   69.798229][ T5816] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   69.813062][ T5816] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   69.858612][ T5816] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   69.868122][ T5816] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   69.898217][ T5814] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.910312][ T5814] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.940048][ T5814] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.968254][ T5814] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   69.993255][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.012360][ T5815] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   70.035397][ T5815] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   70.044640][ T5815] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   70.077629][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   70.089668][ T5815] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   70.132979][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.140280][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.152820][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.159943][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.184904][ T5827] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   70.205155][ T5827] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   70.219894][ T5827] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   70.260753][ T5827] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   70.374899][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.412538][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.436344][ T5816] 8021q: adding VLAN 0 to HW filter on device team0
[   70.468506][ T3525] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.475686][ T3525] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.496436][ T5814] 8021q: adding VLAN 0 to HW filter on device team0
[   70.526834][ T3525] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.533982][ T3525] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.549845][ T3525] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.556990][ T3525] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.575603][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.596607][ T3525] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.603728][ T3525] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.624801][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.642414][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   70.693013][ T3525] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.700153][ T3525] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.717032][ T5815] 8021q: adding VLAN 0 to HW filter on device team0
[   70.738088][ T1075] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.745263][ T1075] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.756575][ T1075] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.763714][ T1075] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.785813][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.840503][ T1075] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.847681][ T1075] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.883020][ T5827] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   70.899725][ T5827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   70.956702][ T5831] veth0_vlan: entered promiscuous mode
[   71.018466][ T5831] veth1_vlan: entered promiscuous mode
[   71.163352][ T5831] veth0_macvtap: entered promiscuous mode
[   71.165929][ T5825] Bluetooth: hci1: command tx timeout
[   71.206046][ T5831] veth1_macvtap: entered promiscuous mode
[   71.236516][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.243651][ T5825] Bluetooth: hci3: command tx timeout
[   71.254886][ T5825] Bluetooth: hci2: command tx timeout
[   71.297617][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.325182][ T5825] Bluetooth: hci4: command tx timeout
[   71.329275][ T5824] Bluetooth: hci0: command tx timeout
[   71.339564][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.359833][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.369716][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.390594][ T5831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.401310][ T5831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.410902][ T5831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.420098][ T5831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.481924][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.535545][ T5816] veth0_vlan: entered promiscuous mode
[   71.568827][ T5816] veth1_vlan: entered promiscuous mode
[   71.652289][ T5814] veth0_vlan: entered promiscuous mode
[   71.695664][ T3525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   71.705806][ T3525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   71.711416][ T5815] veth0_vlan: entered promiscuous mode
[   71.748754][ T5814] veth1_vlan: entered promiscuous mode
[   71.759316][ T5815] veth1_vlan: entered promiscuous mode
[   71.774200][ T5827] veth0_vlan: entered promiscuous mode
[   71.801497][ T5816] veth0_macvtap: entered promiscuous mode
[   71.817770][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[   71.818621][ T5816] veth1_macvtap: entered promiscuous mode
[   71.824328][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[   71.842587][ T5827] veth1_vlan: entered promiscuous mode
[   71.849279][ T3525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   71.858993][ T3525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   71.871067][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   71.882926][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.895646][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.916403][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   71.931591][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.944469][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.979769][ T5815] veth0_macvtap: entered promiscuous mode
[   71.989320][ T5815] veth1_macvtap: entered promiscuous mode
[   72.006744][ T5816] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.016570][ T5816] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.026281][ T5816] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.035797][ T5816] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.052803][ T5814] veth0_macvtap: entered promiscuous mode
[   72.059605][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   72.065433][ T5827] veth0_macvtap: entered promiscuous mode
[   72.091692][ T5814] veth1_macvtap: entered promiscuous mode
[   72.110171][ T5827] veth1_macvtap: entered promiscuous mode
[   72.120158][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.134353][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.148257][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.165067][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.194496][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.212461][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.243883][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.260961][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.282222][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.301406][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.352791][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.376504][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.393587][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.408917][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.419194][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.430019][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.441000][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.457540][ T5815] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.467246][ T5815] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.476744][ T5815] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.485614][ T5815] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.531905][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.548366][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.558983][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.569872][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.579803][ T5827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.590531][ T5827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.601707][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.632377][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.643323][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.655928][ T5870] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   72.663515][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.663553][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.663565][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.663787][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.705440][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.715974][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.727013][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.741919][ T5827] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.757905][ T5827] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.769719][ T5827] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.780442][ T5827] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.806285][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.816953][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.826933][ T5870] usb 4-1: Using ep0 maxpacket: 16
[   72.835843][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.846818][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.849754][ T5870] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86
[   72.863080][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.869058][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[   72.883430][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.889397][ T5870] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 0
[   72.903360][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.908808][ T5870] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 225
[   72.924047][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.933733][ T5870] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[   72.947509][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.956485][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.966663][ T5870] usb 4-1: Product: syz
[   72.970872][ T5870] usb 4-1: Manufacturer: syz
[   72.970921][ T1075] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.976224][ T5870] usb 4-1: SerialNumber: syz
[   72.994400][ T1075] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.016504][ T5870] usb 4-1: config 0 descriptor??
[   73.023798][ T5901] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   73.037564][ T5814] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.046736][ T5814] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.048877][    C0] port100 4-1:0.0: NFC: Urb failure (status -71)
[   73.061051][ T5814] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.063379][ T5870] port100 4-1:0.0: NFC: Could not get supported command types
[   73.078497][ T5814] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.148015][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.159467][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.196819][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.222908][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.244477][ T5824] Bluetooth: hci1: command tx timeout
[   73.253328][ T3525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.280601][ T3525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.307792][ T5901] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not ''
[   73.326414][ T5824] Bluetooth: hci2: command tx timeout
[   73.326935][ T5825] Bluetooth: hci3: command tx timeout
[   73.389850][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.408735][ T5825] Bluetooth: hci4: command tx timeout
[   73.409042][ T5824] Bluetooth: hci0: command tx timeout
[   73.420497][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.435295][ T5905] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   73.469654][ T3525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.480630][ T3525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.485907][ T1075] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.497680][ T1075] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.533269][ T5905] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[   73.559411][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.574034][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.864257][   T25] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   73.873568][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   73.975891][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   74.278539][ T5912] block device autoloading is deprecated and will be removed.
[   74.385065][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   74.445790][   T25] usb 3-1: Using ep0 maxpacket: 32
[   74.460923][   T25] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[   74.504674][   T25] usb 3-1: config 0 has no interface number 0
[   74.559365][   T25] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[   74.654522][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.662568][   T25] usb 3-1: Product: syz
[   74.667129][   T25] usb 3-1: Manufacturer: syz
[   74.672168][   T25] usb 3-1: SerialNumber: syz
[   74.677086][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   74.715622][   T25] usb 3-1: config 0 descriptor??
[   74.742830][   T25] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[   74.958815][   T25] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[   74.973617][   T25] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[   74.993789][ T5867] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   75.133897][ T5867] usb 2-1: device descriptor read/64, error -71
[   75.179666][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 10
[   75.270453][   T25] usb 4-1: USB disconnect, device number 2
[   75.328687][ T5824] Bluetooth: hci1: command tx timeout
[   75.344042][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   75.389406][ T5924] capability: warning: `syz.3.9' uses deprecated v2 capabilities in a way that may be insecure
[   75.404552][ T5824] Bluetooth: hci2: command tx timeout
[   75.410417][ T5905] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   75.419199][ T5825] Bluetooth: hci3: command tx timeout
[   75.443605][ T5867] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   75.485454][ T5825] Bluetooth: hci0: command tx timeout
[   75.486995][ T5824] Bluetooth: hci4: command tx timeout
[   75.504585][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.573534][ T5867] usb 2-1: device descriptor read/64, error -71
[   75.629936][ T5924] bridge_slave_1 (unregistering): left allmulticast mode
[   75.670100][ T5924] bridge_slave_1 (unregistering): left promiscuous mode
[   75.679889][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[   75.688450][   T25] usb 3-1: USB disconnect, device number 2
[   75.698161][ T5867] usb usb2-port1: attempt power cycle
[   75.717144][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.717231][   T25] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[   75.778228][   T25] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[   75.814237][   T25] quatech2 3-1:0.51: device disconnected
[   75.990027][   T29] audit: type=1107 audit(1736847671.866:2): pid=5927 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='P'
[   76.113608][ T5867] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   76.135782][ T5867] usb 2-1: device descriptor read/8, error -71
[   76.373520][ T5867] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   76.393895][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   76.406504][ T5867] usb 2-1: device descriptor read/8, error -71
[   76.424549][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   76.693248][ T5941] warning: `syz.4.13' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   76.706809][ T5867] usb usb2-port1: unable to enumerate USB device
[   76.893816][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   78.733542][    T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   78.895586][    T8] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[   78.916220][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.930109][ T5964] netlink: 52 bytes leftover after parsing attributes in process `syz.1.18'.
[   78.945587][    T8] usb 3-1: config 0 descriptor??
[   78.964842][    T8] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[   79.075942][ T5965] loop7: detected capacity change from 0 to 16384
[   79.123595][ T5965] loop7: detected capacity change from 16384 to 16383
[   79.386131][    T8] gp8psk: usb in 128 operation failed.
[   79.399982][    T8] gp8psk: usb in 137 operation failed.
[   79.531619][    T8] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   79.621925][    T8] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[   79.631028][    T8] usb 3-1: media controller created
[   79.650708][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   79.692096][    T8] gp8psk_fe: Frontend attached
[   79.698886][    T8] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[   79.715650][    T8] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[   79.800630][ T5966] tmpfs: Bad value for 'huge'
[   80.058141][    T8] gp8psk: usb in 138 operation failed.
[   80.064887][    T8] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[   80.074882][    T8] gp8psk: found Genpix USB device pID = 203 (hex)
[   80.089617][    T8] usb 3-1: USB disconnect, device number 3
[   80.286901][    T8] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[   80.443720][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   81.175612][ T5980] netlink: 8 bytes leftover after parsing attributes in process `syz.1.24'.
[   82.202408][  T973] cfg80211: failed to load regulatory.db
[   82.906010][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[   83.026520][ T6004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.30'.
[   84.051460][ T6018] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16)
[   84.066057][ T6018] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   84.179759][ T6024] capability: warning: `syz.4.36' uses 32-bit capabilities (legacy support in use)
[   84.193547][   T46] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   84.235918][ T6025] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   84.269181][ T6024] FAULT_INJECTION: forcing a failure.
[   84.269181][ T6024] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   84.319405][ T6024] CPU: 1 UID: 0 PID: 6024 Comm: syz.4.36 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
[   84.329967][ T6024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   84.340059][ T6024] Call Trace:
[   84.343358][ T6024]  <TASK>
[   84.346306][ T6024]  dump_stack_lvl+0x241/0x360
[   84.351026][ T6024]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.356257][ T6024]  ? __pfx__printk+0x10/0x10
[   84.360885][ T6024]  should_fail_ex+0x3b0/0x4e0
[   84.365595][ T6024]  prepare_alloc_pages+0x1da/0x5b0
[   84.370755][ T6024]  __alloc_pages_noprof+0x16f/0x710
[   84.375987][ T6024]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   84.381755][ T6024]  ? __pfx___bfs+0x10/0x10
[   84.386202][ T6024]  alloc_pages_mpol_noprof+0x3e1/0x780
[   84.391701][ T6024]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[   84.397713][ T6024]  ? check_noncircular+0x259/0x4a0
[   84.402860][ T6024]  ? check_path+0x21/0x40
[   84.407222][ T6024]  ? alloc_pages_noprof+0xef/0x170
[   84.412365][ T6024]  pte_alloc_one+0x8f/0x510
[   84.416892][ T6024]  ? __pfx_pte_alloc_one+0x10/0x10
[   84.422031][ T6024]  ? lockdep_unlock+0x16a/0x300
[   84.426909][ T6024]  ? __pfx_lockdep_unlock+0x10/0x10
[   84.432146][ T6024]  __pte_alloc+0x79/0x3c0
[   84.436496][ T6024]  ? __pfx___pte_alloc+0x10/0x10
[   84.441451][ T6024]  handle_pte_fault+0x4d3e/0x5ed0
[   84.446490][ T6024]  ? rcu_is_watching+0x15/0xb0
[   84.451255][ T6024]  ? lock_release+0xbf/0xa30
[   84.455845][ T6024]  ? __pfx_handle_pte_fault+0x10/0x10
[   84.461218][ T6024]  ? mark_lock+0x9a/0x360
[   84.465550][ T6024]  ? __lock_acquire+0x1397/0x2100
[   84.470595][ T6024]  ? mt_find+0x2a9/0x920
[   84.474842][ T6024]  ? __pfx_lock_release+0x10/0x10
[   84.479873][ T6024]  handle_mm_fault+0x1053/0x1ad0
[   84.484828][ T6024]  ? __pfx_handle_mm_fault+0x10/0x10
[   84.490121][ T6024]  ? __pfx_find_vma+0x10/0x10
[   84.494822][ T6024]  ? vma_is_secretmem+0xd/0x50
[   84.499602][ T6024]  ? check_vma_flags+0x4fa/0x5a0
[   84.504562][ T6024]  __get_user_pages+0x1c82/0x49e0
[   84.509624][ T6024]  ? __pfx___get_user_pages+0x10/0x10
[   84.515020][ T6024]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   84.521381][ T6024]  ? __pfx_down_read_killable+0x10/0x10
[   84.526940][ T6024]  ? irqentry_exit+0x63/0x90
[   84.531549][ T6024]  __gup_longterm_locked+0x49a/0x17f0
[   84.536945][ T6024]  ? __pfx___gup_longterm_locked+0x10/0x10
[   84.542753][ T6024]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   84.549092][ T6024]  ? sanity_check_pinned_pages+0x11b9/0x12a0
[   84.555078][ T6024]  ? gup_fast_fallback+0x207e/0x29c0
[   84.560373][ T6024]  gup_fast_fallback+0x2266/0x29c0
[   84.565509][ T6024]  ? pfn_reader_user_pin+0x41a/0x1400
[   84.570891][ T6024]  ? __pfx_gup_fast_fallback+0x10/0x10
[   84.576348][ T6024]  ? iopt_map_pages+0xe24/0x1130
[   84.581289][ T6024]  ? iopt_map_common+0x33a/0x5c0
[   84.586229][ T6024]  ? iopt_map_user_pages+0xcb/0xe0
[   84.591345][ T6024]  ? iommufd_ioas_map+0x3eb/0x5f0
[   84.596369][ T6024]  ? iommufd_fops_ioctl+0x4d6/0x5a0
[   84.601558][ T6024]  ? __se_sys_ioctl+0xf5/0x170
[   84.606321][ T6024]  ? do_syscall_64+0xf3/0x230
[   84.611007][ T6024]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.617107][ T6024]  ? is_valid_gup_args+0x124/0x200
[   84.622223][ T6024]  pin_user_pages_fast+0xcc/0x160
[   84.627260][ T6024]  ? __pfx_pin_user_pages_fast+0x10/0x10
[   84.632927][ T6024]  ? rcu_is_watching+0x15/0xb0
[   84.637871][ T6024]  ? trace_kmalloc+0x1f/0xd0
[   84.642475][ T6024]  pfn_reader_user_pin+0xff3/0x1400
[   84.647701][ T6024]  ? __pfx_pfn_reader_user_pin+0x10/0x10
[   84.653328][ T6024]  ? kasan_save_track+0x51/0x80
[   84.658185][ T6024]  ? kasan_save_track+0x3f/0x80
[   84.663027][ T6024]  ? __kasan_kmalloc+0x98/0xb0
[   84.667787][ T6024]  ? __kmalloc_noprof+0x285/0x4c0
[   84.672805][ T6024]  ? pfn_reader_first+0x301/0xa80
[   84.677823][ T6024]  ? iopt_map_pages+0xe24/0x1130
[   84.682755][ T6024]  ? iopt_map_common+0x33a/0x5c0
[   84.687701][ T6024]  ? iopt_map_user_pages+0xcb/0xe0
[   84.692809][ T6024]  ? iommufd_ioas_map+0x3eb/0x5f0
[   84.697835][ T6024]  pfn_reader_next+0x682/0x1b40
[   84.702710][ T6024]  ? __pfx_pfn_reader_next+0x10/0x10
[   84.707992][ T6024]  ? rcu_is_watching+0x15/0xb0
[   84.712842][ T6024]  ? trace_kmalloc+0x1f/0xd0
[   84.717428][ T6024]  ? interval_tree_span_iter_first+0xe7/0x580
[   84.723508][ T6024]  pfn_reader_first+0x777/0xa80
[   84.728369][ T6024]  iopt_area_fill_domains+0x26a/0xa60
[   84.733759][ T6024]  ? __pfx_lock_acquire+0x10/0x10
[   84.738796][ T6024]  ? __pfx_iopt_area_fill_domains+0x10/0x10
[   84.744715][ T6024]  ? iopt_insert_area+0x2d8/0x390
[   84.749744][ T6024]  iopt_map_pages+0xe24/0x1130
[   84.754519][ T6024]  ? __pfx_iopt_map_pages+0x10/0x10
[   84.759722][ T6024]  ? iopt_map_user_pages+0x4d/0xe0
[   84.764941][ T6024]  ? __asan_memset+0x23/0x50
[   84.769538][ T6024]  iopt_map_common+0x33a/0x5c0
[   84.774305][ T6024]  ? __pfx_iopt_map_common+0x10/0x10
[   84.779607][ T6024]  iopt_map_user_pages+0xcb/0xe0
[   84.784553][ T6024]  iommufd_ioas_map+0x3eb/0x5f0
[   84.789416][ T6024]  ? __pfx_iommufd_ioas_map+0x10/0x10
[   84.794791][ T6024]  ? __might_fault+0xc6/0x120
[   84.799475][ T6024]  iommufd_fops_ioctl+0x4d6/0x5a0
[   84.804496][ T6024]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[   84.810045][ T6024]  ? __fget_files+0x2a/0x410
[   84.814631][ T6024]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[   84.820175][ T6024]  __se_sys_ioctl+0xf5/0x170
[   84.824764][ T6024]  do_syscall_64+0xf3/0x230
[   84.829271][ T6024]  ? clear_bhb_loop+0x35/0x90
[   84.833956][ T6024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.839880][ T6024] RIP: 0033:0x7f24e9f85d29
[   84.844296][ T6024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.863897][ T6024] RSP: 002b:00007f24eacee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.872313][ T6024] RAX: ffffffffffffffda RBX: 00007f24ea175fa0 RCX: 00007f24e9f85d29
[   84.880278][ T6024] RDX: 0000000020000180 RSI: 0000000000003b85 RDI: 0000000000000003
[   84.888241][ T6024] RBP: 00007f24eacee090 R08: 0000000000000000 R09: 0000000000000000
[   84.896205][ T6024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   84.904168][ T6024] R13: 0000000000000000 R14: 00007f24ea175fa0 R15: 00007ffcfa0532e8
[   84.912147][ T6024]  </TASK>
[   85.006094][   T46] usb 2-1: Using ep0 maxpacket: 8
[   85.310137][   T46] usb 2-1: config index 0 descriptor too short (expected 6427, got 27)
[   85.318702][   T46] usb 2-1: config 0 has an invalid interface number: 21 but max is 0
[   85.326981][   T46] usb 2-1: config 0 has no interface number 0
[   85.333561][   T46] usb 2-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   85.346407][   T46] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[   85.357867][   T46] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[   85.465917][   T46] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[   85.475387][   T46] usb 2-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[   85.483578][   T46] usb 2-1: Product: syz
[   85.522196][   T46] usb 2-1: config 0 descriptor??
[   85.528792][ T6014] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   87.456527][   T46] usb 2-1: USB disconnect, device number 6
[   88.462966][ T6066] FAULT_INJECTION: forcing a failure.
[   88.462966][ T6066] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   88.476633][ T6066] CPU: 1 UID: 0 PID: 6066 Comm: syz.3.49 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
[   88.484324][ T6061] netlink: 'syz.0.47': attribute type 10 has an invalid length.
[   88.487144][ T6066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   88.504847][ T6066] Call Trace:
[   88.508145][ T6066]  <TASK>
[   88.511090][ T6066]  dump_stack_lvl+0x241/0x360
[   88.515797][ T6066]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.521024][ T6066]  ? __pfx__printk+0x10/0x10
[   88.525639][ T6066]  ? snprintf+0xda/0x120
[   88.529887][ T6066]  should_fail_ex+0x3b0/0x4e0
[   88.534565][ T6066]  _copy_to_user+0x31/0xb0
[   88.538983][ T6066]  simple_read_from_buffer+0xca/0x150
[   88.544361][ T6066]  proc_fail_nth_read+0x1e9/0x250
[   88.549384][ T6066]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   88.554927][ T6066]  ? rw_verify_area+0x55e/0x6f0
[   88.559780][ T6066]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   88.565322][ T6066]  vfs_read+0x1fc/0xb70
[   88.569474][ T6066]  ? __pfx___mutex_lock+0x10/0x10
[   88.574508][ T6066]  ? __pfx_vfs_read+0x10/0x10
[   88.579192][ T6066]  ? __fget_files+0x2a/0x410
[   88.583772][ T6066]  ? __fget_files+0x395/0x410
[   88.588438][ T6066]  ? __fget_files+0x2a/0x410
[   88.593026][ T6066]  ksys_read+0x18f/0x2b0
[   88.597266][ T6066]  ? __pfx_ksys_read+0x10/0x10
[   88.602025][ T6066]  ? do_syscall_64+0x100/0x230
[   88.606790][ T6066]  ? do_syscall_64+0xb6/0x230
[   88.611468][ T6066]  do_syscall_64+0xf3/0x230
[   88.615969][ T6066]  ? clear_bhb_loop+0x35/0x90
[   88.620656][ T6066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.626554][ T6066] RIP: 0033:0x7f0078d8473c
[   88.630966][ T6066] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   88.650570][ T6066] RSP: 002b:00007f0079af9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   88.658983][ T6066] RAX: ffffffffffffffda RBX: 00007f0078f75fa0 RCX: 00007f0078d8473c
[   88.666950][ T6066] RDX: 000000000000000f RSI: 00007f0079af90a0 RDI: 0000000000000004
[   88.674912][ T6066] RBP: 00007f0079af9090 R08: 0000000000000000 R09: 0000000000000000
[   88.682875][ T6066] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[   88.690842][ T6066] R13: 0000000000000000 R14: 00007f0078f75fa0 R15: 00007ffed451f3b8
[   88.698821][ T6066]  </TASK>
[   88.783800][ T6061] lo: entered promiscuous mode
[   88.936314][ T6061] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[   89.288856][ T6076] mkiss: ax0: crc mode is auto.
[   89.502556][ T6073] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.084709][ T6098] netlink: 52 bytes leftover after parsing attributes in process `syz.4.61'.
[   92.137108][ T6089] ALSA: mixer_oss: invalid OSS volume '00000000000000000000'
[   92.163695][ T6089] ALSA: mixer_oss: invalid OSS volume 'OGAINW��1��'
[   92.351762][ T6118] FAULT_INJECTION: forcing a failure.
[   92.351762][ T6118] name failslab, interval 1, probability 0, space 0, times 1
[   92.405893][ T6123] netlink: 52 bytes leftover after parsing attributes in process `syz.0.70'.
[   92.423584][ T6118] CPU: 1 UID: 0 PID: 6118 Comm: syz.1.68 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
[   92.434140][ T6118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   92.444223][ T6118] Call Trace:
[   92.447526][ T6118]  <TASK>
[   92.450480][ T6118]  dump_stack_lvl+0x241/0x360
[   92.455190][ T6118]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.460424][ T6118]  ? __pfx__printk+0x10/0x10
[   92.465045][ T6118]  ? __kmalloc_noprof+0xb5/0x4c0
[   92.470024][ T6118]  ? __pfx___might_resched+0x10/0x10
[   92.475355][ T6118]  should_fail_ex+0x3b0/0x4e0
[   92.480078][ T6118]  should_failslab+0xac/0x100
[   92.484765][ T6118]  __kmalloc_noprof+0xdd/0x4c0
[   92.489533][ T6118]  ? sock_kmalloc+0xd7/0x160
[   92.494126][ T6118]  sock_kmalloc+0xd7/0x160
[   92.498543][ T6118]  skcipher_recvmsg+0x5ff/0x1230
[   92.503490][ T6118]  ? __pfx_skcipher_recvmsg+0x10/0x10
[   92.508858][ T6118]  ? __might_fault+0xaa/0x120
[   92.513535][ T6118]  ? __pfx_lock_release+0x10/0x10
[   92.518562][ T6118]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[   92.523844][ T6118]  ? __pfx_skcipher_recvmsg+0x10/0x10
[   92.529210][ T6118]  sock_recvmsg+0x22f/0x280
[   92.533716][ T6118]  ____sys_recvmsg+0x1c6/0x480
[   92.538484][ T6118]  ? __pfx_____sys_recvmsg+0x10/0x10
[   92.543780][ T6118]  do_recvmmsg+0x426/0xab0
[   92.548201][ T6118]  ? __pfx_do_recvmmsg+0x10/0x10
[   92.553154][ T6118]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   92.559049][ T6118]  ? ksys_write+0x22a/0x2b0
[   92.563555][ T6118]  ? __pfx_lock_release+0x10/0x10
[   92.568582][ T6118]  ? vfs_write+0x730/0xd30
[   92.573005][ T6118]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   92.578982][ T6118]  ? __fget_files+0x2a/0x410
[   92.583580][ T6118]  __x64_sys_recvmmsg+0x199/0x250
[   92.588606][ T6118]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   92.594151][ T6118]  ? do_syscall_64+0x100/0x230
[   92.598917][ T6118]  ? do_syscall_64+0xb6/0x230
[   92.603600][ T6118]  do_syscall_64+0xf3/0x230
[   92.608106][ T6118]  ? clear_bhb_loop+0x35/0x90
[   92.612784][ T6118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.618683][ T6118] RIP: 0033:0x7f9f81785d29
[   92.623098][ T6118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.642701][ T6118] RSP: 002b:00007f9f825ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   92.651116][ T6118] RAX: ffffffffffffffda RBX: 00007f9f81975fa0 RCX: 00007f9f81785d29
[   92.659084][ T6118] RDX: 0000000000000001 RSI: 0000000020001900 RDI: 0000000000000004
[   92.667058][ T6118] RBP: 00007f9f825ca090 R08: 0000000000000000 R09: 0000000000000000
[   92.675024][ T6118] R10: 0000000060002000 R11: 0000000000000246 R12: 0000000000000001
[   92.683000][ T6118] R13: 0000000000000000 R14: 00007f9f81975fa0 R15: 00007ffc4abdf7d8
[   92.690980][ T6118]  </TASK>
[   92.729401][ T6127] netlink: 52 bytes leftover after parsing attributes in process `syz.4.72'.
[   93.924568][ T6143] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   94.149461][ T6148] syz.0.76 uses obsolete (PF_INET,SOCK_PACKET)
[   94.292111][ T6150] xt_bpf: check failed: parse error
[   94.402457][ T6151] netlink: 8 bytes leftover after parsing attributes in process `syz.4.77'.
[   94.725183][ T6154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.78'.
[   95.903530][ T6165] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   95.911507][ T6165] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[   95.920426][ T6165] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   95.928279][ T6165] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock
[   96.751634][ T6172] netlink: 52 bytes leftover after parsing attributes in process `syz.3.85'.
[   97.437874][ T5903] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   97.926305][ T6181] fuse: Bad value for 'fd'
[   98.832616][ T6185] netlink: 'syz.4.88': attribute type 2 has an invalid length.
[   98.840495][ T6185] netlink: 'syz.4.88': attribute type 1 has an invalid length.
[   98.848328][ T6185] netlink: 132 bytes leftover after parsing attributes in process `syz.4.88'.
[   99.368979][   T29] audit: type=1800 audit(1736847694.756:3): pid=6185 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.88" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[   99.393510][ T5903] usb 1-1: Using ep0 maxpacket: 8
[   99.554301][ T5903] usb 1-1: device descriptor read/all, error -71
[  100.363892][ T5825] Bluetooth: hci4: command 0x0405 tx timeout
[  100.476108][ T6201] ALSA: mixer_oss: invalid OSS volume ''
[  100.482662][ T6201] =======================================================
[  100.482662][ T6201] WARNING: The mand mount option has been deprecated and
[  100.482662][ T6201]          and is ignored by this kernel. Remove the mand
[  100.482662][ T6201]          option from the mount to silence this warning.
[  100.482662][ T6201] =======================================================
[  100.520596][ T6201] syz.4.92: attempt to access beyond end of device
[  100.520596][ T6201] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  100.592030][ T5825] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[  100.745087][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.3.93'.
[  101.494761][ T6005] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  102.959800][ T6232] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  103.032207][ T6238] netlink: 52 bytes leftover after parsing attributes in process `syz.2.102'.
[  103.150042][ T6240] loop7: detected capacity change from 0 to 16384
[  103.214360][ T6240] loop7: detected capacity change from 16384 to 16383
[  103.385243][   T46] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  103.573720][   T46] usb 4-1: Using ep0 maxpacket: 16
[  103.637918][   T46] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  103.650894][   T46] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  103.698345][   T46] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  103.711096][   T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.722607][   T46] usb 4-1: Product: syz
[  103.828241][   T46] usb 4-1: Manufacturer: syz
[  103.861734][ T6249] netlink: 52 bytes leftover after parsing attributes in process `syz.4.105'.
[  103.871977][   T46] usb 4-1: SerialNumber: syz
[  104.903774][ T5825] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  104.903846][ T5825] Bluetooth: hci2: Injecting HCI hardware error event
[  104.905549][ T5825] Bluetooth: hci2: hardware error 0x00
[  105.059401][ T6250] tty tty24: ldisc open failed (-12), clearing slot 23
[  105.492499][ T6262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.107'.
[  105.514078][ T6257] tty tty24: ldisc open failed (-12), clearing slot 23
[  105.676179][   T46] usb 4-1: 0:2 : does not exist
[  105.688110][   T46] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  105.737059][   T46] usb 4-1: USB disconnect, device number 3
[  106.044338][ T6275] 9pnet_fd: Insufficient options for proto=fd
[  106.106505][ T6192] udevd[6192]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  107.402056][ T6295] netlink: 52 bytes leftover after parsing attributes in process `syz.3.117'.
[  107.733751][ T5825] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  107.833613][ T5869] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  108.035184][ T5869] usb 5-1: Using ep0 maxpacket: 16
[  108.072746][ T5869] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  108.138641][ T5869] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  108.281238][ T5869] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  108.304116][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.312335][ T5869] usb 5-1: Product: syz
[  108.316888][ T5869] usb 5-1: Manufacturer: syz
[  108.321555][ T5869] usb 5-1: SerialNumber: syz
[  108.882101][ T5869] usb 5-1: 0:2 : does not exist
[  110.656111][ T5869] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  110.680727][ T5869] usb 5-1: USB disconnect, device number 2
[  110.814874][ T6322] 9pnet_fd: Insufficient options for proto=fd
[  110.947341][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.123'.
[  111.075715][ T6192] udevd[6192]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  112.185192][ T6343] netlink: 52 bytes leftover after parsing attributes in process `syz.2.130'.
[  112.384132][ T6351] Zero length message leads to an empty skb
[  114.335189][ T6349] misc userio: No port type given on /dev/userio
[  115.460263][ T6378] netlink: 52 bytes leftover after parsing attributes in process `syz.0.136'.
[  115.510226][ T6377] 9pnet_fd: Insufficient options for proto=fd
[  116.446526][ T6383] netlink: 52 bytes leftover after parsing attributes in process `syz.1.138'.
[  121.608944][ T6413] ALSA: mixer_oss: invalid OSS volume ''
[  121.788535][ T6420] trusted_key: encrypted_key: insufficient parameters specified
[  122.479233][ T6426] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  122.937175][ T6419] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  123.063004][ T6433] netlink: 52 bytes leftover after parsing attributes in process `syz.0.153'.
[  124.262900][ T6439] loop7: detected capacity change from 0 to 16384
[  124.353892][ T6439] loop7: detected capacity change from 16384 to 16383
[  124.389865][ T6439] I/O error, dev loop7, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  124.399611][ T6439] Buffer I/O error on dev loop7, logical block 1, async page read
[  124.407692][ T6439] Dev loop7: unable to read RDB block 8
[  124.416320][ T6439] I/O error, dev loop7, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  124.425599][ T6439] Buffer I/O error on dev loop7, logical block 3, async page read
[  124.433569][ T6439]  loop7: unable to read partition table
[  124.439411][ T6439] loop_reread_partitions: partition scan of loop7 (R%0���T�$7�)]W����?�18��;9��C?��-��z׌����	������97d���) failed (rc=-5)
[  124.630834][ T6445] netlink: 52 bytes leftover after parsing attributes in process `syz.4.156'.
[  124.789353][ T6450] loop7: detected capacity change from 0 to 16384
[  124.806966][ T6451] Bluetooth: MGMT ver 1.23
[  124.883688][ T6450] loop7: detected capacity change from 16384 to 16383
[  125.231697][ T6447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.158'.
[  125.621432][ T6448] ALSA: mixer_oss: invalid OSS volume ''
[  126.343124][ T6469] FAULT_INJECTION: forcing a failure.
[  126.343124][ T6469] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  126.913628][ T6469] CPU: 0 UID: 0 PID: 6469 Comm: syz.4.164 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
[  126.924388][ T6469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  126.934468][ T6469] Call Trace:
[  126.937763][ T6469]  <TASK>
[  126.940718][ T6469]  dump_stack_lvl+0x241/0x360
[  126.945431][ T6469]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.950662][ T6469]  ? __pfx__printk+0x10/0x10
[  126.955287][ T6469]  ? __pfx_lock_release+0x10/0x10
[  126.960343][ T6469]  should_fail_ex+0x3b0/0x4e0
[  126.965036][ T6469]  _copy_from_iter+0x1e9/0x1c20
[  126.969901][ T6469]  ? __virt_addr_valid+0x183/0x530
[  126.975039][ T6469]  ? __alloc_skb+0x28f/0x440
[  126.979656][ T6469]  ? __pfx__copy_from_iter+0x10/0x10
[  126.984967][ T6469]  ? __virt_addr_valid+0x183/0x530
[  126.990100][ T6469]  ? __virt_addr_valid+0x183/0x530
[  126.995231][ T6469]  ? __virt_addr_valid+0x45f/0x530
[  127.000362][ T6469]  ? __phys_addr_symbol+0x2f/0x70
[  127.005414][ T6469]  ? __check_object_size+0x47a/0x730
[  127.010724][ T6469]  netlink_sendmsg+0x73d/0xcb0
[  127.015521][ T6469]  ? __pfx_netlink_sendmsg+0x10/0x10
[  127.020837][ T6469]  ? __pfx_netlink_sendmsg+0x10/0x10
[  127.026138][ T6469]  __sock_sendmsg+0x221/0x270
[  127.030838][ T6469]  ____sys_sendmsg+0x52a/0x7e0
[  127.035623][ T6469]  ? __pfx_____sys_sendmsg+0x10/0x10
[  127.040924][ T6469]  ? __fget_files+0x2a/0x410
[  127.045528][ T6469]  ? __fget_files+0x2a/0x410
[  127.050139][ T6469]  __sys_sendmsg+0x269/0x350
[  127.054744][ T6469]  ? __pfx_lock_release+0x10/0x10
[  127.059782][ T6469]  ? __pfx___sys_sendmsg+0x10/0x10
[  127.064916][ T6469]  ? __pfx_vfs_write+0x10/0x10
[  127.069721][ T6469]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  127.076060][ T6469]  ? do_syscall_64+0x100/0x230
[  127.080840][ T6469]  ? do_syscall_64+0xb6/0x230
[  127.085537][ T6469]  do_syscall_64+0xf3/0x230
[  127.090055][ T6469]  ? clear_bhb_loop+0x35/0x90
[  127.094748][ T6469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.100667][ T6469] RIP: 0033:0x7f24e9f85d29
[  127.105108][ T6469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.124742][ T6469] RSP: 002b:00007f24eacee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  127.133185][ T6469] RAX: ffffffffffffffda RBX: 00007f24ea175fa0 RCX: 00007f24e9f85d29
[  127.141168][ T6469] RDX: 0000000024000004 RSI: 00000000200000c0 RDI: 0000000000000003
[  127.149149][ T6469] RBP: 00007f24eacee090 R08: 0000000000000000 R09: 0000000000000000
[  127.157132][ T6469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  127.165123][ T6469] R13: 0000000000000000 R14: 00007f24ea175fa0 R15: 00007ffcfa0532e8
[  127.173126][ T6469]  </TASK>
[  127.406975][ T6474] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  128.185615][ T6486] netlink: 44 bytes leftover after parsing attributes in process `syz.0.168'.
[  128.596789][ T6486] netlink: 'syz.0.168': attribute type 2 has an invalid length.
[  128.668469][ T6486] netlink: 36 bytes leftover after parsing attributes in process `syz.0.168'.
[  128.730395][ T6486] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.831237][ T6499] netlink: 8 bytes leftover after parsing attributes in process `syz.4.170'.
[  129.382475][ T6500] ALSA: mixer_oss: invalid OSS volume ''
[  129.453556][    T8] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  129.603668][    T8] usb 5-1: Using ep0 maxpacket: 8
[  129.612022][    T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  129.639471][    T8] usb 5-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  129.663486][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.136514][    T8] usb 5-1: Product: syz
[  130.143861][    T8] usb 5-1: Manufacturer: syz
[  130.148573][    T8] usb 5-1: SerialNumber: syz
[  130.156458][    T8] usb 5-1: config 0 descriptor??
[  130.167224][    T8] gspca_main: stk014-2.14.0 probing 05e1:0893
[  130.173573][    T8] usb 5-1: selecting invalid altsetting 1
[  130.372978][    T8] gspca_stk014: init reg: 0x00
[  130.378677][    T8] stk014 5-1:0.0: probe with driver stk014 failed with error -5
[  131.317594][ T6533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.183'.
[  131.707439][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.183'.
[  132.048634][ T6543] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  132.395079][ T5869] usb 5-1: USB disconnect, device number 3
[  132.406113][ T6545] x_tables: duplicate underflow at hook 2
[  132.412382][ T6546] x_tables: duplicate underflow at hook 1
[  133.096556][ T6553] ALSA: mixer_oss: invalid OSS volume ''
[  133.250323][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  133.343515][   T25] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  133.376400][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  134.104339][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.115655][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.182750][   T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  134.433631][   T25] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  134.456761][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.504864][   T25] usb 4-1: config 0 descriptor??
[  134.620004][ T6572] netlink: 52 bytes leftover after parsing attributes in process `syz.0.195'.
[  135.247417][ T6576] I/O error, dev loop7, sector 2304 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0
[  135.294081][ T6576] I/O error, dev loop7, sector 2560 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0
[  135.309289][ T6576] I/O error, dev loop7, sector 2304 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  135.327556][ T6576] Buffer I/O error on dev loop7, logical block 2304, async page read
[  135.338212][ T6576] I/O error, dev loop7, sector 2305 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  135.348701][ T6576] Buffer I/O error on dev loop7, logical block 2305, async page read
[  135.358820][ T6576] I/O error, dev loop7, sector 2306 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  135.369116][ T6576] Buffer I/O error on dev loop7, logical block 2306, async page read
[  135.380093][ T6576] I/O error, dev loop7, sector 2307 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  135.390881][ T6576] Buffer I/O error on dev loop7, logical block 2307, async page read
[  135.400060][ T6576] I/O error, dev loop7, sector 2308 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  135.410335][ T6576] Buffer I/O error on dev loop7, logical block 2308, async page read
[  135.425269][ T6576] I/O error, dev loop7, sector 2309 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  135.436158][ T6576] Buffer I/O error on dev loop7, logical block 2309, async page read
[  135.446221][ T6576] I/O error, dev loop7, sector 2310 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  135.456671][ T6576] Buffer I/O error on dev loop7, logical block 2310, async page read
[  135.466668][ T6576] I/O error, dev loop7, sector 2311 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  135.476661][ T6576] Buffer I/O error on dev loop7, logical block 2311, async page read
[  135.576796][   T58] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  135.585575][   T58] Buffer I/O error on dev loop7, logical block 1, lost async page write
[  136.243260][ T6586] netlink: 8 bytes leftover after parsing attributes in process `syz.1.198'.
[  136.937042][   T25] usbhid 4-1:0.0: can't add hid device: -71
[  136.943111][   T25] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  136.955143][   T25] usb 4-1: USB disconnect, device number 4
[  136.966991][ T6596] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  137.306034][ T6601] ALSA: mixer_oss: invalid OSS volume ''
[  137.323640][ T5903] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  137.483801][ T5903] usb 2-1: Using ep0 maxpacket: 16
[  137.491011][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.524270][ T5903] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  137.558650][ T6604] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  137.591865][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.614680][ T5903] usb 2-1: config 0 descriptor??
[  137.630762][ T6604] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  137.882123][ T6609] netlink: 8 bytes leftover after parsing attributes in process `syz.4.206'.
[  138.456969][ T5903] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  138.479330][    C1] usb 2-1: input irq status -75 received
[  138.690777][ T5903] usb 2-1: USB disconnect, device number 7
[  140.603797][ T6633] netlink: 8 bytes leftover after parsing attributes in process `syz.0.212'.
[  140.733692][   T25] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  140.783867][ T5903] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  141.076943][ T6630] ALSA: mixer_oss: invalid OSS volume ''
[  141.084219][ T5903] usb 3-1: Using ep0 maxpacket: 8
[  141.090018][ T6634] netlink: 8 bytes leftover after parsing attributes in process `syz.0.212'.
[  141.111379][ T5903] usb 3-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.08
[  141.148107][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.161186][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=16, SerialNumber=0
[  141.186365][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.217037][ T5903] usb 3-1: Product: syz
[  141.222355][   T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  141.243591][ T5903] usb 3-1: config 0 descriptor??
[  141.250429][ T6640] netlink: 12 bytes leftover after parsing attributes in process `syz.3.216'.
[  141.261509][ T5903] go7007 3-1:0.0: probe with driver go7007 failed with error -12
[  141.273599][   T25] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  141.291463][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.301156][ T6642] netlink: 12 bytes leftover after parsing attributes in process `syz.0.217'.
[  141.312836][   T25] usb 2-1: config 0 descriptor??
[  141.336698][ T6642] FAULT_INJECTION: forcing a failure.
[  141.336698][ T6642] name failslab, interval 1, probability 0, space 0, times 0
[  141.350324][ T6642] CPU: 1 UID: 0 PID: 6642 Comm: syz.0.217 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
[  141.360958][ T6642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  141.371049][ T6642] Call Trace:
[  141.374342][ T6642]  <TASK>
[  141.377290][ T6642]  dump_stack_lvl+0x241/0x360
[  141.382005][ T6642]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.387238][ T6642]  ? __pfx__printk+0x10/0x10
[  141.391868][ T6642]  ? fs_reclaim_acquire+0x93/0x130
[  141.397051][ T6642]  ? __pfx___might_resched+0x10/0x10
[  141.402368][ T6642]  should_fail_ex+0x3b0/0x4e0
[  141.404090][ T5867] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  141.407053][ T6642]  should_failslab+0xac/0x100
[  141.419185][ T6642]  __kmalloc_noprof+0xdd/0x4c0
[  141.423952][ T6642]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  141.429678][ T6642]  tomoyo_realpath_from_path+0xcf/0x5e0
[  141.435242][ T6642]  tomoyo_path_perm+0x2b7/0x740
[  141.440092][ T6642]  ? tomoyo_path_perm+0x287/0x740
[  141.445119][ T6642]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  141.450518][ T6642]  ? rcu_read_lock_any_held+0xb7/0x160
[  141.456001][ T6642]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  141.461905][ T6642]  security_file_truncate+0xac/0x250
[  141.467196][ T6642]  do_ftruncate+0x293/0x580
[  141.471714][ T6642]  ? __pfx_do_ftruncate+0x10/0x10
[  141.476742][ T6642]  ? __fget_files+0x2a/0x410
[  141.481331][ T6642]  ? __fget_files+0x395/0x410
[  141.486001][ T6642]  ? __fget_files+0x2a/0x410
[  141.490593][ T6642]  __x64_sys_ftruncate+0x94/0xf0
[  141.495532][ T6642]  do_syscall_64+0xf3/0x230
[  141.500036][ T6642]  ? clear_bhb_loop+0x35/0x90
[  141.504709][ T6642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.510649][ T6642] RIP: 0033:0x7f2025785d29
[  141.515167][ T6642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.534770][ T6642] RSP: 002b:00007f20265d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[  141.543181][ T6642] RAX: ffffffffffffffda RBX: 00007f2025975fa0 RCX: 00007f2025785d29
[  141.551173][ T6642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  141.559243][ T6642] RBP: 00007f20265d2090 R08: 0000000000000000 R09: 0000000000000000
[  141.567252][ T6642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.575231][ T6642] R13: 0000000000000000 R14: 00007f2025975fa0 R15: 00007ffe7dccb268
[  141.583218][ T6642]  </TASK>
[  141.590811][ T6642] ERROR: Out of memory at tomoyo_realpath_from_path.
[  141.753867][ T5867] usb 5-1: Using ep0 maxpacket: 32
[  141.851450][ T5867] usb 5-1: config 0 has an invalid interface number: 156 but max is 0
[  141.870002][ T5867] usb 5-1: config 0 has no interface number 0
[  142.274390][ T5867] usb 5-1: New USB device found, idVendor=2304, idProduct=0228, bcdDevice=ed.1a
[  142.373568][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.405964][ T5867] usb 5-1: config 0 descriptor??
[  142.638063][ T5867] dvb-usb: found a 'Pinnacle PCTV DVB-T Flash Stick' in cold state, will try to load a firmware
[  142.797952][ T5867] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  142.833506][ T5867] dib0700: firmware download failed at 7 with -22
[  143.015221][ T5868] usb 3-1: USB disconnect, device number 4
[  143.028137][   T25] usbhid 2-1:0.0: can't add hid device: -71
[  143.035873][   T25] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  143.046393][   T25] usb 2-1: USB disconnect, device number 8
[  143.051234][ T5867] usb 5-1: USB disconnect, device number 4
[  143.100779][ T6661] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  144.123663][ T6667] ALSA: mixer_oss: invalid OSS volume ''
[  144.202672][ T6671] ALSA: mixer_oss: invalid OSS volume '00000000000000000000'
[  144.230715][ T6671] ALSA: mixer_oss: invalid OSS volume 'OGAINW��1��'
[  145.784141][    T8] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  146.063663][    T8] usb 3-1: Using ep0 maxpacket: 32
[  146.074265][    T8] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  146.083356][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.103780][    T8] usb 3-1: Product: syz
[  146.107995][    T8] usb 3-1: Manufacturer: syz
[  146.112615][    T8] usb 3-1: SerialNumber: syz
[  146.185125][    T8] usb 3-1: config 0 descriptor??
[  146.212683][    T8] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  146.287050][ T6697] netlink: 52 bytes leftover after parsing attributes in process `syz.1.235'.
[  146.437374][ T6699] loop7: detected capacity change from 0 to 16384
[  146.483711][ T6699] loop7: detected capacity change from 16384 to 16383
[  146.766595][    T8] gspca_ov534_9: reg_w failed -110
[  147.013255][ T6709] netlink: 40 bytes leftover after parsing attributes in process `syz.1.236'.
[  147.025044][ T6704] bond0: entered promiscuous mode
[  147.037254][ T6704] bond_slave_0: entered promiscuous mode
[  147.043129][ T6704] bond_slave_1: entered promiscuous mode
[  147.263863][    T8] gspca_ov534_9: Unknown sensor 0000
[  147.263942][    T8] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  147.460204][ T6719] ALSA: mixer_oss: invalid OSS volume '00000000000000000000'
[  147.484198][ T6719] ALSA: mixer_oss: invalid OSS volume 'OGAINW��1��'
[  148.752466][ T6714] ALSA: mixer_oss: invalid OSS volume ''
[  148.864985][   T25] usb 3-1: USB disconnect, device number 5
[  148.974364][ T6746] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  149.614764][ T6762] netlink: 52 bytes leftover after parsing attributes in process `syz.1.248'.
[  150.977824][ T6773] ALSA: mixer_oss: invalid OSS volume '00000000000000000000'
[  151.105097][ T6782] netlink: 8 bytes leftover after parsing attributes in process `syz.1.251'.
[  151.114328][ T6782] netlink: 72 bytes leftover after parsing attributes in process `syz.1.251'.
[  151.773561][ T6773] ALSA: mixer_oss: invalid OSS volume 'OGAINW��1��'
[  152.105374][ T6794] Bluetooth: MGMT ver 1.23
[  153.809288][ T6813] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  154.457116][ T6792] kexec: Could not allocate control_code_buffer
[  155.634826][ T6821] netlink: 'syz.2.259': attribute type 4 has an invalid length.
[  156.017030][ T6829] ALSA: mixer_oss: invalid OSS volume '00000000000000000000'
[  156.024842][ T6829] ALSA: mixer_oss: invalid OSS volume 'OGAINW��1��'
[  156.124529][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.261'.
[  157.725532][ T5902] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  157.948785][ T5902] usb 2-1: Using ep0 maxpacket: 32
[  158.085505][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  158.462894][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  158.494034][ T5902] usb 2-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  158.543930][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.583301][ T5902] usb 2-1: config 0 descriptor??
[  159.065082][ T5902] greenasia 0003:0E8F:0012.0002: unknown main item tag 0x0
[  159.126699][ T5902] greenasia 0003:0E8F:0012.0002: unknown main item tag 0x0
[  159.140247][ T5902] greenasia 0003:0E8F:0012.0002: unknown main item tag 0x0
[  159.180551][ T6866] ALSA: mixer_oss: invalid OSS volume '00000000000000000000'
[  159.185143][ T5902] greenasia 0003:0E8F:0012.0002: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.1-1/input0
[  159.205627][ T5902] greenasia 0003:0E8F:0012.0002: no inputs found
[  159.235345][ T6866] ALSA: mixer_oss: invalid OSS volume 'OGAINW��1��'
[  160.424150][ T5869] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  160.583589][ T5869] usb 3-1: Using ep0 maxpacket: 16
[  160.596474][ T5869] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  160.622105][ T5869] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  160.636660][ T6895] netlink: 8 bytes leftover after parsing attributes in process `syz.3.283'.
[  160.665287][ T5869] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  160.678045][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.697086][ T5869] usb 3-1: Product: syz
[  160.701531][ T5869] usb 3-1: Manufacturer: syz
[  160.720371][ T5869] usb 3-1: SerialNumber: syz
[  160.883199][ T6897] netlink: 52 bytes leftover after parsing attributes in process `syz.4.284'.
[  161.443901][ T5869] usb 3-1: 0:2 : does not exist
[  161.521065][   T46] usb 2-1: USB disconnect, device number 9
[  161.549434][ T6889] ALSA: mixer_oss: invalid OSS volume ''
[  161.628323][ T5869] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  161.673511][ T6901] overlayfs: conflicting options: metacopy=off,verity=require
[  161.686847][ T5869] usb 3-1: USB disconnect, device number 6
[  161.896256][ T5952] udevd[5952]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  162.515742][ T6918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.290'.
[  162.568935][ T6918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.290'.
[  163.171284][ T6930] netlink: 52 bytes leftover after parsing attributes in process `syz.1.295'.
[  163.296041][ T6932] loop7: detected capacity change from 0 to 16384
[  163.503627][ T6932] loop7: detected capacity change from 16384 to 16383
[  163.527497][ T6932] blk_print_req_error: 257 callbacks suppressed
[  163.533974][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.543562][ T6932] buffer_io_error: 2302 callbacks suppressed
[  163.549606][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.561260][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.570844][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.581678][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.590994][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.602120][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.611508][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.622122][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.631543][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.641156][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.650481][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.660886][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.670172][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.680363][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.689835][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.698940][ T6932] ldm_validate_partition_table(): Disk read failed.
[  163.706602][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.715888][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.726400][ T6932] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.735697][ T6932] Buffer I/O error on dev loop7, logical block 0, async page read
[  163.747885][ T6932] Dev loop7: unable to read RDB block 0
[  163.762942][ T6932]  loop7: unable to read partition table
[  163.771424][ T6932] loop_reread_partitions: partition scan of loop7 (R%0���T�$7�)]W����?�18��;9��C?��-��z׌����	������97d���) failed (rc=-5)
[  164.855223][ T5867] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  164.891379][ T6955] loop2: detected capacity change from 0 to 7
[  165.462921][ T6955] Dev loop2: unable to read RDB block 7
[  165.504350][ T6955]  loop2: unable to read partition table
[  165.514082][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  165.543903][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.554338][ T6955] loop2: partition table beyond EOD, truncated
[  165.560847][ T6955] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  165.600896][ T5867] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  165.660809][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.681904][ T5867] usb 3-1: config 0 descriptor??
[  166.053725][ T5868] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  166.233991][ T5868] usb 2-1: Using ep0 maxpacket: 16
[  166.279257][ T5867] lenovo 0003:17EF:6047.0003: unknown main item tag 0x0
[  166.287881][ T5868] usb 2-1: config 0 has an invalid interface number: 181 but max is 0
[  166.341677][ T5868] usb 2-1: config 0 has no interface number 0
[  166.348509][ T5868] usb 2-1: config 0 interface 181 altsetting 206 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  166.362620][ T5868] usb 2-1: config 0 interface 181 altsetting 206 endpoint 0x6 has invalid wMaxPacketSize 0
[  166.376539][ T5867] lenovo 0003:17EF:6047.0003: unknown main item tag 0x0
[  166.379832][ T5868] usb 2-1: config 0 interface 181 altsetting 206 has an invalid descriptor for endpoint zero, skipping
[  166.394862][ T5868] usb 2-1: config 0 interface 181 altsetting 206 has a duplicate endpoint with address 0x6, skipping
[  166.405791][ T5868] usb 2-1: config 0 interface 181 altsetting 206 has a duplicate endpoint with address 0x1, skipping
[  166.417158][ T5868] usb 2-1: config 0 interface 181 altsetting 206 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  166.433508][ T5868] usb 2-1: config 0 interface 181 altsetting 206 has a duplicate endpoint with address 0x6, skipping
[  166.441635][ T5867] lenovo 0003:17EF:6047.0003: unknown main item tag 0x0
[  166.451379][ T5868] usb 2-1: config 0 interface 181 altsetting 206 bulk endpoint 0xA has invalid maxpacket 1023
[  166.483797][ T5867] lenovo 0003:17EF:6047.0003: unknown main item tag 0x0
[  166.494522][ T5868] usb 2-1: config 0 interface 181 altsetting 206 endpoint 0x8 has an invalid bInterval 29, changing to 7
[  166.511960][ T6969] netlink: 52 bytes leftover after parsing attributes in process `syz.0.306'.
[  166.522100][ T5868] usb 2-1: config 0 interface 181 has no altsetting 0
[  166.527166][ T5867] lenovo 0003:17EF:6047.0003: unknown main item tag 0x0
[  166.540138][ T5867] lenovo 0003:17EF:6047.0003: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[  166.546384][ T5868] usb 2-1: New USB device found, idVendor=0424, idProduct=4915, bcdDevice=ac.8e
[  166.568243][ T6969] loop7: detected capacity change from 0 to 16384
[  166.609963][ T6971] netlink: 52 bytes leftover after parsing attributes in process `syz.4.307'.
[  166.624131][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.637178][ T5868] usb 2-1: Product: syz
[  166.641395][ T5868] usb 2-1: Manufacturer: syz
[  166.648609][ T5868] usb 2-1: SerialNumber: syz
[  166.754222][ T5868] usb 2-1: config 0 descriptor??
[  166.984299][ T6958] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  167.289586][ T5868] hub 2-1:0.181: bad descriptor, ignoring hub
[  167.295558][ T6972] loop7: detected capacity change from 16384 to 16383
[  167.296328][ T5868] hub 2-1:0.181: probe with driver hub failed with error -5
[  167.379770][ T6972] ldm_validate_partition_table(): Disk read failed.
[  167.386926][ T6972] Dev loop7: unable to read RDB block 0
[  167.393088][ T6972]  loop7: unable to read partition table
[  167.399021][ T6972] loop_reread_partitions: partition scan of loop7 (R%0���T�$7�)]W����?�18��;9��C?��-��z׌����	������97d���) failed (rc=-5)
[  167.653645][ T5902] usb 2-1: USB disconnect, device number 10
[  168.304443][ T5867] lenovo 0003:17EF:6047.0003: Sensitivity setting failed: -71
[  168.320706][ T6979] ALSA: mixer_oss: invalid OSS volume ''
[  168.369139][ T5867] usb 3-1: USB disconnect, device number 7
[  168.407526][ T6990] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  168.447675][ T6990] vivid-003: disconnect
[  168.666087][ T6992] vivid-003: reconnect
[  169.103619][   T25] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  169.263508][   T25] usb 2-1: Using ep0 maxpacket: 8
[  169.305510][   T25] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  169.314822][   T25] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  169.334769][   T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  169.349904][   T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  169.361652][   T25] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  169.381219][   T25] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  169.391908][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.626549][   T25] usb 2-1: GET_CAPABILITIES returned 0
[  169.632190][   T25] usbtmc 2-1:16.0: can't read capabilities
[  169.868084][ T7000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.921694][ T7000] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.258684][ T7021] netlink: 52 bytes leftover after parsing attributes in process `syz.0.319'.
[  170.919505][ T7000] usbtmc 2-1:16.0: usb_control_msg returned -71
[  170.920300][ T5867] usb 2-1: USB disconnect, device number 11
[  170.927725][ T7019] usbtmc 2-1:16.0: usb_control_msg returned -19
[  170.977677][ T7026] netlink: 52 bytes leftover after parsing attributes in process `syz.2.320'.
[  171.044348][ T7026] loop7: detected capacity change from 0 to 16384
[  171.397085][ T7029] loop7: detected capacity change from 16384 to 16383
[  171.413223][ T7029] blk_print_req_error: 30 callbacks suppressed
[  171.413245][ T7029] I/O error, dev loop7, sector 5376 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0
[  171.422653][ T7026] I/O error, dev loop7, sector 9728 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0
[  171.429467][ T7029] buffer_io_error: 249 callbacks suppressed
[  171.429482][ T7029] Buffer I/O error on dev loop7, logical block 672, lost async page write
[  171.429601][ T7029] Buffer I/O error on dev loop7, logical block 673, lost async page write
[  171.441336][ T7026] I/O error, dev loop7, sector 9984 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0
[  171.445502][ T7029] Buffer I/O error on dev loop7, logical block 674, lost async page write
[  171.454096][ T7026] I/O error, dev loop7, sector 9728 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  171.463685][ T7029] Buffer I/O error on dev loop7, logical block 675, lost async page write
[  171.473527][ T7026] Buffer I/O error on dev loop7, logical block 1216, async page read
[  171.482002][ T7029] Buffer I/O error on dev loop7, logical block 676, lost async page write
[  171.517002][ T7029] Buffer I/O error on dev loop7, logical block 677, lost async page write
[  171.526736][ T7029] Buffer I/O error on dev loop7, logical block 678, lost async page write
[  171.535404][ T7029] Buffer I/O error on dev loop7, logical block 679, lost async page write
[  171.544062][ T7029] Buffer I/O error on dev loop7, logical block 680, lost async page write
[  171.562095][ T7029] I/O error, dev loop7, sector 6400 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0
[  171.582210][ T7029] I/O error, dev loop7, sector 7424 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0
[  171.599970][ T7029] I/O error, dev loop7, sector 8448 op 0x1:(WRITE) flags 0x800 phys_seg 96 prio class 0
[  171.731580][ T7037] netlink: 16 bytes leftover after parsing attributes in process `syz.3.323'.
[  172.381023][ T7029] I/O error, dev loop7, sector 9216 op 0x1:(WRITE) flags 0x800 phys_seg 64 prio class 0
[  173.056674][ T5825] Bluetooth: hci4: unexpected event for opcode 0x2041
[  173.862651][ T7070] netlink: 52 bytes leftover after parsing attributes in process `syz.2.331'.
[  176.706114][ T7084] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  176.720501][ T7084] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  176.819629][ T7073] ALSA: mixer_oss: invalid OSS volume ''
[  177.016775][ T7086] netlink: 52 bytes leftover after parsing attributes in process `syz.2.335'.
[  177.066761][ T7086] loop7: detected capacity change from 0 to 16384
[  177.093753][ T5825] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  177.102232][ T5825] Bluetooth: hci4: Injecting HCI hardware error event
[  177.111173][ T5825] Bluetooth: hci4: hardware error 0x00
[  177.182325][ T7090] netlink: 52 bytes leftover after parsing attributes in process `syz.3.336'.
[  177.770684][ T7087] loop7: detected capacity change from 16384 to 16383
[  177.777802][ T7099] FAULT_INJECTION: forcing a failure.
[  177.777802][ T7099] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.777834][ T7099] CPU: 1 UID: 0 PID: 7099 Comm: syz.1.338 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
[  177.777857][ T7099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  177.777869][ T7099] Call Trace:
[  177.777877][ T7099]  <TASK>
[  177.777886][ T7099]  dump_stack_lvl+0x241/0x360
[  177.777916][ T7099]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.777939][ T7099]  ? __pfx__printk+0x10/0x10
[  177.832289][ T7099]  ? snprintf+0xda/0x120
[  177.836540][ T7099]  should_fail_ex+0x3b0/0x4e0
[  177.841226][ T7099]  _copy_to_user+0x31/0xb0
[  177.845650][ T7099]  simple_read_from_buffer+0xca/0x150
[  177.851029][ T7099]  proc_fail_nth_read+0x1e9/0x250
[  177.856058][ T7099]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  177.861607][ T7099]  ? rw_verify_area+0x55e/0x6f0
[  177.866457][ T7099]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  177.872002][ T7099]  vfs_read+0x1fc/0xb70
[  177.876169][ T7099]  ? __pfx___mutex_lock+0x10/0x10
[  177.881211][ T7099]  ? __pfx_vfs_read+0x10/0x10
[  177.885903][ T7099]  ? __fget_files+0x2a/0x410
[  177.890497][ T7099]  ? __fget_files+0x395/0x410
[  177.895180][ T7099]  ? __fget_files+0x2a/0x410
[  177.899782][ T7099]  ksys_read+0x18f/0x2b0
[  177.904029][ T7099]  ? __pfx_ksys_read+0x10/0x10
[  177.908797][ T7099]  ? do_syscall_64+0x100/0x230
[  177.913576][ T7099]  ? do_syscall_64+0xb6/0x230
[  177.918266][ T7099]  do_syscall_64+0xf3/0x230
[  177.922772][ T7099]  ? clear_bhb_loop+0x35/0x90
[  177.927463][ T7099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.933363][ T7099] RIP: 0033:0x7f9f8178473c
[  177.937777][ T7099] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  177.957402][ T7099] RSP: 002b:00007f9f825a9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  177.965830][ T7099] RAX: ffffffffffffffda RBX: 00007f9f81976080 RCX: 00007f9f8178473c
[  177.973803][ T7099] RDX: 000000000000000f RSI: 00007f9f825a90a0 RDI: 0000000000000003
[  177.981816][ T7099] RBP: 00007f9f825a9090 R08: 0000000000000000 R09: 0000000000000000
[  177.989794][ T7099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  177.997770][ T7099] R13: 0000000000000001 R14: 00007f9f81976080 R15: 00007ffc4abdf7d8
[  178.005754][ T7099]  </TASK>
[  178.597114][ T7116] process 'syz.1.341' launched '/dev/fd/6' with NULL argv: empty string added
[  179.311730][ T7120] netlink: 52 bytes leftover after parsing attributes in process `syz.2.343'.
[  180.044826][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  180.127018][ T7130] netlink: 40 bytes leftover after parsing attributes in process `syz.1.346'.
[  180.972283][ T7142] netlink: 52 bytes leftover after parsing attributes in process `syz.1.349'.
[  181.152897][ T7145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.350'.
[  181.458554][ T7145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.350'.
[  182.087628][ T7146] wireguard: wg2: Could not create IPv4 socket
[  182.814613][ T7161] netlink: 52 bytes leftover after parsing attributes in process `syz.1.357'.
[  183.493903][ T7167] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  183.603629][  T973] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  183.844532][  T973] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  183.966976][  T973] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.991154][  T973] usb 3-1: Product: syz
[  184.222063][  T973] usb 3-1: Manufacturer: syz
[  184.245840][  T973] usb 3-1: SerialNumber: syz
[  184.286373][  T973] usb 3-1: config 0 descriptor??
[  184.300482][ T7176] Mount JFS Failure: -22
[  184.305016][ T7176] jfs_mount failed w/return code = -22
[  184.467312][ T7179] netlink: 'syz.4.362': attribute type 27 has an invalid length.
[  184.509904][  T973] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71
[  184.528126][ T7179] bond0: (slave bond_slave_0): Releasing backup interface
[  184.540705][ T7179] bond_slave_0 (unregistering): left promiscuous mode
[  184.563599][  T973] usb 3-1: USB disconnect, device number 8
[  185.366377][ T7184] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  185.655457][ T5902] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  186.053984][ T5902] usb 3-1: Using ep0 maxpacket: 16
[  186.111692][ T5902] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  186.126237][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.153038][ T5902] usb 3-1: Product: syz
[  186.161447][ T5902] usb 3-1: Manufacturer: syz
[  186.166882][ T5902] usb 3-1: SerialNumber: syz
[  186.181373][ T7197] netlink: 52 bytes leftover after parsing attributes in process `syz.1.367'.
[  186.200736][ T5902] usb 3-1: config 0 descriptor??
[  186.746843][ T5902] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71
[  186.790998][ T5902] usb 3-1: USB disconnect, device number 9
[  186.809335][ T7204] netlink: 52 bytes leftover after parsing attributes in process `syz.2.370'.
[  187.482172][ T7206] netlink: 8 bytes leftover after parsing attributes in process `syz.1.369'.
[  188.016332][ T7208] netlink: 8 bytes leftover after parsing attributes in process `syz.1.369'.
[  188.150720][ T7216] ALSA: mixer_oss: invalid OSS volume '00000000000000000000'
[  188.162296][ T7216] syz.0.373: attempt to access beyond end of device
[  188.162296][ T7216] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  188.254514][ T5902] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  188.344897][ T7222] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  188.427611][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.442348][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.737014][ T5902] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  189.316843][ T5902] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  189.326681][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.385211][ T5902] usb 3-1: config 0 descriptor??
[  190.101075][ T7228] ALSA: mixer_oss: invalid OSS volume '00000000000000000000'
[  190.122878][ T7228] ALSA: mixer_oss: invalid OSS volume 'OGAINW��1��'
[  190.203616][ T5867] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  190.277407][ T5902] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  190.289474][ T5902] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  190.880796][ T5867] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.891231][ T5867] usb 1-1: New USB device found, idVendor=044f, idProduct=b300, bcdDevice= 0.00
[  190.921065][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.047524][ T5867] usb 1-1: config 0 descriptor??
[  191.122900][ T5902] usb 3-1: USB disconnect, device number 10
[  191.224525][ T7242] netlink: 'syz.1.379': attribute type 1 has an invalid length.
[  191.232652][ T7242] netlink: 'syz.1.379': attribute type 4 has an invalid length.
[  191.240622][ T7242] netlink: 212 bytes leftover after parsing attributes in process `syz.1.379'.
[  191.718138][ T7243] netlink: 52 bytes leftover after parsing attributes in process `syz.4.380'.
[  191.729284][ T7231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.377'.
[  191.752632][   T53] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  191.762161][   T53] Bluetooth: Wrong link type (-22)
[  191.769806][   T53] Bluetooth: Unknown BR/EDR signaling command 0x10
[  191.778137][ T5830] Bluetooth: hci0: command 0x0406 tx timeout
[  192.266807][ T5826] Bluetooth: hci3: command 0x0406 tx timeout
[  192.276420][   T53] Bluetooth: Wrong link type (-22)
[  192.281734][   T53] ==================================================================
[  192.290258][   T53] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x67b/0x8d0
[  192.297923][   T53] Read of size 4 at addr ffff888034992810 by task kworker/u9:0/53
[  192.305747][   T53] 
[  192.308099][   T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u9:0 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
[  192.318797][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  192.328873][   T53] Workqueue: hci1 hci_rx_work
[  192.333595][   T53] Call Trace:
[  192.336974][   T53]  <TASK>
[  192.339920][   T53]  dump_stack_lvl+0x241/0x360
[  192.344626][   T53]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.346971][ T5867] thrustmaster 0003:044F:B300.0005: bogus close delimiter
[  192.349833][   T53]  ? __pfx__printk+0x10/0x10
[  192.349861][   T53]  ? _printk+0xd5/0x120
[  192.349881][   T53]  ? __virt_addr_valid+0x183/0x530
[  192.349901][   T53]  ? __virt_addr_valid+0x183/0x530
[  192.349920][   T53]  print_report+0x169/0x550
[  192.349944][   T53]  ? __virt_addr_valid+0x183/0x530
[  192.349961][   T53]  ? __virt_addr_valid+0x183/0x530
[  192.349979][   T53]  ? __virt_addr_valid+0x45f/0x530
[  192.349998][   T53]  ? __phys_addr+0xba/0x170
[  192.350017][   T53]  ? l2cap_send_cmd+0x67b/0x8d0
[  192.350041][   T53]  kasan_report+0x143/0x180
[  192.350065][   T53]  ? l2cap_send_cmd+0x67b/0x8d0
[  192.350093][   T53]  l2cap_send_cmd+0x67b/0x8d0
[  192.350119][   T53]  ? skb_pull+0xc1/0x1e0
[  192.350142][   T53]  l2cap_recv_frame+0x221f/0x10db0
[  192.350167][   T53]  ? __pfx_validate_chain+0x10/0x10
[  192.350202][   T53]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  192.350222][   T53]  ? validate_chain+0x11e/0x5920
[  192.350243][   T53]  ? __pfx_validate_chain+0x10/0x10
[  192.350265][   T53]  ? __pfx_validate_chain+0x10/0x10
[  192.350288][   T53]  ? mark_lock+0x9a/0x360
[  192.350309][   T53]  ? __lock_acquire+0x1397/0x2100
[  192.350338][   T53]  ? mark_lock+0x9a/0x360
[  192.350365][   T53]  ? hci_rx_work+0x4e0/0xdb0
[  192.350389][   T53]  ? __pfx_lock_release+0x10/0x10
[  192.350415][   T53]  ? __mutex_unlock_slowpath+0x21e/0x790
[  192.350440][   T53]  ? hci_conn_hash_lookup_handle+0x21/0x240
[  192.350462][   T53]  ? __pfx_lock_release+0x10/0x10
[  192.350480][   T53]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  192.350505][   T53]  ? hci_conn_enter_active_mode+0x260/0x370
[  192.350526][   T53]  ? l2cap_recv_acldata+0x490/0x1560
[  192.511937][   T53]  ? hci_conn_hash_lookup_handle+0x21/0x240
[  192.518015][   T53]  ? hci_conn_hash_lookup_handle+0x226/0x240
[  192.524008][   T53]  hci_rx_work+0x508/0xdb0
[  192.528435][   T53]  ? process_scheduled_works+0x976/0x1840
[  192.534155][   T53]  process_scheduled_works+0xa66/0x1840
[  192.539710][   T53]  ? __pfx_process_scheduled_works+0x10/0x10
[  192.545698][   T53]  ? assign_work+0x364/0x3d0
[  192.550290][   T53]  worker_thread+0x870/0xd30
[  192.554878][   T53]  ? __kthread_parkme+0x169/0x1d0
[  192.559895][   T53]  ? __pfx_worker_thread+0x10/0x10
[  192.565004][   T53]  kthread+0x2f0/0x390
[  192.569069][   T53]  ? __pfx_worker_thread+0x10/0x10
[  192.574170][   T53]  ? __pfx_kthread+0x10/0x10
[  192.578757][   T53]  ret_from_fork+0x4b/0x80
[  192.583162][   T53]  ? __pfx_kthread+0x10/0x10
[  192.587749][   T53]  ret_from_fork_asm+0x1a/0x30
[  192.592518][   T53]  </TASK>
[  192.595528][   T53] 
[  192.597838][   T53] Allocated by task 5826:
[  192.602148][   T53]  kasan_save_track+0x3f/0x80
[  192.606834][   T53]  __kasan_kmalloc+0x98/0xb0
[  192.611421][   T53]  __kmalloc_cache_noprof+0x243/0x390
[  192.616872][   T53]  l2cap_conn_add+0xa9/0x8e0
[  192.621454][   T53]  l2cap_connect_cfm+0x115/0x1090
[  192.626469][   T53]  hci_remote_features_evt+0x68e/0xac0
[  192.631945][   T53]  hci_event_packet+0xac2/0x1540
[  192.636925][   T53]  hci_rx_work+0x3f3/0xdb0
[  192.641351][   T53]  process_scheduled_works+0xa66/0x1840
[  192.646896][   T53]  worker_thread+0x870/0xd30
[  192.651484][   T53]  kthread+0x2f0/0x390
[  192.655548][   T53]  ret_from_fork+0x4b/0x80
[  192.659959][   T53]  ret_from_fork_asm+0x1a/0x30
[  192.664734][   T53] 
[  192.667047][   T53] Freed by task 5825:
[  192.671011][   T53]  kasan_save_track+0x3f/0x80
[  192.675687][   T53]  kasan_save_free_info+0x40/0x50
[  192.680710][   T53]  __kasan_slab_free+0x59/0x70
[  192.685467][   T53]  kfree+0x196/0x430
[  192.689355][   T53]  l2cap_connect_cfm+0xcc/0x1090
[  192.694287][   T53]  hci_conn_failed+0x287/0x400
[  192.699041][   T53]  hci_abort_conn_sync+0x56c/0x11f0
[  192.704226][   T53]  hci_cmd_sync_work+0x22b/0x400
[  192.709504][   T53]  process_scheduled_works+0xa66/0x1840
[  192.715044][   T53]  worker_thread+0x870/0xd30
[  192.719619][   T53]  kthread+0x2f0/0x390
[  192.723680][   T53]  ret_from_fork+0x4b/0x80
[  192.728121][   T53]  ret_from_fork_asm+0x1a/0x30
[  192.732880][   T53] 
[  192.735195][   T53] Last potentially related work creation:
[  192.740894][   T53]  kasan_save_stack+0x3f/0x60
[  192.745566][   T53]  __kasan_record_aux_stack+0xac/0xc0
[  192.750930][   T53]  insert_work+0x3e/0x330
[  192.755254][   T53]  __queue_work+0xc8b/0xf50
[  192.759747][   T53]  call_timer_fn+0x187/0x650
[  192.764330][   T53]  __run_timer_base+0x695/0x8e0
[  192.769170][   T53]  run_timer_softirq+0xb7/0x170
[  192.774008][   T53]  handle_softirqs+0x2d4/0x9b0
[  192.778765][   T53]  __irq_exit_rcu+0xf7/0x220
[  192.783439][   T53]  irq_exit_rcu+0x9/0x30
[  192.787681][   T53]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  192.793314][   T53]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  192.799283][   T53] 
[  192.801596][   T53] Second to last potentially related work creation:
[  192.808164][   T53]  kasan_save_stack+0x3f/0x60
[  192.812837][   T53]  __kasan_record_aux_stack+0xac/0xc0
[  192.818200][   T53]  insert_work+0x3e/0x330
[  192.822535][   T53]  __queue_work+0xb66/0xf50
[  192.827027][   T53]  queue_work_on+0x1c2/0x380
[  192.831607][   T53]  l2cap_connect_cfm+0xdd5/0x1090
[  192.836624][   T53]  hci_remote_features_evt+0x68e/0xac0
[  192.842081][   T53]  hci_event_packet+0xac2/0x1540
[  192.847012][   T53]  hci_rx_work+0x3f3/0xdb0
[  192.851424][   T53]  process_scheduled_works+0xa66/0x1840
[  192.856965][   T53]  worker_thread+0x870/0xd30
[  192.861554][   T53]  kthread+0x2f0/0x390
[  192.865625][   T53]  ret_from_fork+0x4b/0x80
[  192.870130][   T53]  ret_from_fork_asm+0x1a/0x30
[  192.874911][   T53] 
[  192.877223][   T53] The buggy address belongs to the object at ffff888034992800
[  192.877223][   T53]  which belongs to the cache kmalloc-1k of size 1024
[  192.891270][   T53] The buggy address is located 16 bytes inside of
[  192.891270][   T53]  freed 1024-byte region [ffff888034992800, ffff888034992c00)
[  192.905061][   T53] 
[  192.907378][   T53] The buggy address belongs to the physical page:
[  192.913776][   T53] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34990
[  192.922621][   T53] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  192.931112][   T53] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  192.938666][   T53] page_type: f5(slab)
[  192.942644][   T53] raw: 00fff00000000040 ffff88801ac41dc0 ffffea00009b0c00 dead000000000002
[  192.951229][   T53] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  192.959833][   T53] head: 00fff00000000040 ffff88801ac41dc0 ffffea00009b0c00 dead000000000002
[  192.968509][   T53] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[  192.977180][   T53] head: 00fff00000000003 ffffea0000d26401 ffffffffffffffff 0000000000000000
[  192.985845][   T53] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  192.994501][   T53] page dumped because: kasan: bad access detected
[  193.000907][   T53] page_owner tracks the page as allocated
[  193.006615][   T53] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5195, tgid 5195 (udevd), ts 29568286091, free_ts 29513309447
[  193.027381][   T53]  post_alloc_hook+0x1f3/0x230
[  193.032169][   T53]  get_page_from_freelist+0x3651/0x37a0
[  193.037712][   T53]  __alloc_pages_noprof+0x292/0x710
[  193.042910][   T53]  alloc_pages_mpol_noprof+0x3e1/0x780
[  193.048717][   T53]  alloc_slab_page+0x6a/0x110
[  193.053388][   T53]  allocate_slab+0x5a/0x2b0
[  193.057889][   T53]  ___slab_alloc+0xc27/0x14a0
[  193.062561][   T53]  __slab_alloc+0x58/0xa0
[  193.066885][   T53]  __kmalloc_node_track_caller_noprof+0x2e9/0x4c0
[  193.073298][   T53]  kmalloc_reserve+0x111/0x2a0
[  193.078058][   T53]  __alloc_skb+0x1f3/0x440
[  193.082488][   T53]  netlink_sendmsg+0x638/0xcb0
[  193.087269][   T53]  __sock_sendmsg+0x221/0x270
[  193.091953][   T53]  ____sys_sendmsg+0x52a/0x7e0
[  193.096804][   T53]  __sys_sendmsg+0x269/0x350
[  193.101388][   T53]  do_syscall_64+0xf3/0x230
[  193.105891][   T53] page last free pid 5315 tgid 5315 stack trace:
[  193.112210][   T53]  free_unref_page+0xd2c/0x1000
[  193.117061][   T53]  __put_partials+0x160/0x1c0
[  193.121730][   T53]  put_cpu_partial+0x17c/0x250
[  193.126490][   T53]  __slab_free+0x290/0x380
[  193.130929][   T53]  qlist_free_all+0x9a/0x140
[  193.135515][   T53]  kasan_quarantine_reduce+0x14f/0x170
[  193.140966][   T53]  __kasan_slab_alloc+0x23/0x80
[  193.145833][   T53]  kmem_cache_alloc_noprof+0x1d9/0x380
[  193.151316][   T53]  vm_area_dup+0x27/0x290
[  193.155738][   T53]  __split_vma+0x1cb/0xc50
[  193.160152][   T53]  vms_gather_munmap_vmas+0x4c1/0x1600
[  193.165607][   T53]  __mmap_region+0x7c4/0x2d30
[  193.170278][   T53]  mmap_region+0x1d0/0x2c0
[  193.174691][   T53]  do_mmap+0x97a/0x10d0
[  193.178841][   T53]  vm_mmap_pgoff+0x1dd/0x3d0
[  193.183434][   T53]  ksys_mmap_pgoff+0x4eb/0x720
[  193.188195][   T53] 
[  193.190509][   T53] Memory state around the buggy address:
[  193.196128][   T53]  ffff888034992700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  193.204182][   T53]  ffff888034992780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  193.212324][   T53] >ffff888034992800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  193.220373][   T53]                          ^
[  193.224949][   T53]  ffff888034992880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  193.232999][   T53]  ffff888034992900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  193.241048][   T53] ==================================================================
[  193.259909][ T5867] thrustmaster 0003:044F:B300.0005: item 0 4 2 10 parsing failed
[  193.274061][   T53] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  193.281275][   T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u9:0 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
[  193.291934][   T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  193.301995][   T53] Workqueue: hci1 hci_rx_work
[  193.306669][   T53] Call Trace:
[  193.309931][   T53]  <TASK>
[  193.312891][   T53]  dump_stack_lvl+0x241/0x360
[  193.317556][   T53]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.322739][   T53]  ? __pfx__printk+0x10/0x10
[  193.327315][   T53]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  193.333282][   T53]  ? vscnprintf+0x5d/0x90
[  193.337776][   T53]  panic+0x349/0x880
[  193.341665][   T53]  ? check_panic_on_warn+0x21/0xb0
[  193.346765][   T53]  ? __pfx_panic+0x10/0x10
[  193.351167][   T53]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  193.357132][   T53]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.363451][   T53]  check_panic_on_warn+0x86/0xb0
[  193.368376][   T53]  ? l2cap_send_cmd+0x67b/0x8d0
[  193.373240][   T53]  end_report+0x77/0x160
[  193.377526][   T53]  kasan_report+0x154/0x180
[  193.382055][   T53]  ? l2cap_send_cmd+0x67b/0x8d0
[  193.386944][   T53]  l2cap_send_cmd+0x67b/0x8d0
[  193.391662][   T53]  ? skb_pull+0xc1/0x1e0
[  193.395947][   T53]  l2cap_recv_frame+0x221f/0x10db0
[  193.401088][   T53]  ? __pfx_validate_chain+0x10/0x10
[  193.406324][   T53]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  193.411721][   T53]  ? validate_chain+0x11e/0x5920
[  193.416683][   T53]  ? __pfx_validate_chain+0x10/0x10
[  193.421905][   T53]  ? __pfx_validate_chain+0x10/0x10
[  193.427134][   T53]  ? mark_lock+0x9a/0x360
[  193.431494][   T53]  ? __lock_acquire+0x1397/0x2100
[  193.436551][   T53]  ? mark_lock+0x9a/0x360
[  193.440908][   T53]  ? hci_rx_work+0x4e0/0xdb0
[  193.445529][   T53]  ? __pfx_lock_release+0x10/0x10
[  193.450585][   T53]  ? __mutex_unlock_slowpath+0x21e/0x790
[  193.456252][   T53]  ? hci_conn_hash_lookup_handle+0x21/0x240
[  193.462169][   T53]  ? __pfx_lock_release+0x10/0x10
[  193.467214][   T53]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  193.473192][   T53]  ? hci_conn_enter_active_mode+0x260/0x370
[  193.479086][   T53]  ? l2cap_recv_acldata+0x490/0x1560
[  193.484372][   T53]  ? hci_conn_hash_lookup_handle+0x21/0x240
[  193.490260][   T53]  ? hci_conn_hash_lookup_handle+0x226/0x240
[  193.496232][   T53]  hci_rx_work+0x508/0xdb0
[  193.500652][   T53]  ? process_scheduled_works+0x976/0x1840
[  193.506369][   T53]  process_scheduled_works+0xa66/0x1840
[  193.511927][   T53]  ? __pfx_process_scheduled_works+0x10/0x10
[  193.517906][   T53]  ? assign_work+0x364/0x3d0
[  193.522543][   T53]  worker_thread+0x870/0xd30
[  193.527132][   T53]  ? __kthread_parkme+0x169/0x1d0
[  193.532163][   T53]  ? __pfx_worker_thread+0x10/0x10
[  193.537267][   T53]  kthread+0x2f0/0x390
[  193.541326][   T53]  ? __pfx_worker_thread+0x10/0x10
[  193.546432][   T53]  ? __pfx_kthread+0x10/0x10
[  193.551017][   T53]  ret_from_fork+0x4b/0x80
[  193.555421][   T53]  ? __pfx_kthread+0x10/0x10
[  193.560003][   T53]  ret_from_fork_asm+0x1a/0x30
[  193.564767][   T53]  </TASK>
[  193.568038][   T53] Kernel Offset: disabled
[  193.572439][   T53] Rebooting in 86400 seconds..