last executing test programs:

13.381446628s ago: executing program 3 (id=156):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000740)='net_prio.prioidx\x00', 0x0, 0x0)
preadv(r1, &(0x7f00000000c0), 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00'})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

11.737149532s ago: executing program 3 (id=161):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)

10.55403406s ago: executing program 4 (id=162):
socket$kcm(0x2, 0xa, 0x2)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
gettid()
r0 = socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r0, 0x0, 0x4000010)

9.506751189s ago: executing program 3 (id=163):
socket$inet6(0xa, 0x3, 0xff)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000/0x3000)=nil})

9.30006418s ago: executing program 0 (id=164):
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, &(0x7f0000001e00)={0x0, [{0x2, 0x1c0, 0x4, &(0x7f0000000040)="25716e2b1ca2851ceef2d3ad3d02a69f21b16d20ed25bf39dd10e392a448291b8febbd84f4c80b4125afe85a5978bc1a908d079c66316282"}, {0x0, 0x0, 0x5, 0x0}, {0x2, 0x0, 0x3ff, 0x0}, {0x2, 0x0, 0x4b74, 0x0}, {0x2, 0x0, 0x7, 0x0}, {0x2, 0x0, 0x1, 0x0}, {0x2, 0x0, 0x7, 0x0}, {0x0, 0x0, 0x4, 0x0}, {0x0, 0x0, 0xa24, 0x0}, {0x2, 0x0, 0x7fff, 0x0}, {0x0, 0x0, 0x200, 0x0}, {0x1, 0x0, 0x40000, 0x0}, {0x0, 0x0, 0x4, 0x0}, {0x3, 0x0, 0x7, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x1, 0x0, 0x5, 0x0}]})
r0 = openat$kvm(0xffffff9c, 0x0, 0x80800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x80203, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000340)={[0xfffffffffffffffb, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x4, 0x7d, 0x0, 0x0, 0x0, 0x5, 0x1, 0xb9, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8.791059654s ago: executing program 0 (id=166):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x7542d000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x2, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000050010"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r1}, 0x0, 0x0}, 0x1c)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r1, &(0x7f0000000100), 0x0}, 0x20)

8.749043329s ago: executing program 2 (id=167):
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000040)=0x1)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, 0x0, &(0x7f0000000240))
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd71, 0xffffffffffffffff}, 0x78)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)

8.628030391s ago: executing program 3 (id=168):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x1, 0xfb, 0x2}]})
write(r0, &(0x7f0000000280)="73a3", 0x2)

8.531036268s ago: executing program 4 (id=169):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xfffffffffffffff7, 0x2001)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000ecd600000900010073797a30"], 0x48}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})

8.509546832s ago: executing program 1 (id=170):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x5, 0x1, 0x101}, 0x14}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$TCXONC(r4, 0x540a, 0x0)

8.452783538s ago: executing program 0 (id=171):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x163042)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
close(r3)

7.027517819s ago: executing program 2 (id=172):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
sendmsg$NL80211_CMD_START_NAN(0xffffffffffffffff, 0x0, 0x480c1)
readv(0xffffffffffffffff, &(0x7f0000000780), 0x0)
fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000100)=0x1, 0x12)
syz_usb_connect$uac2(0x5, 0xa0, &(0x7f0000001d40)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x582, 0x89, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8e, 0x3, 0x1, 0x3, 0x0, 0x7, {0x8, 0xb, 0x0, 0x2, 0x1, 0x1, 0x20, 0x6}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0xe, 0xa, 0x25, 0x3}, [@source_unit={0x8, 0x24, 0xa, 0x6, 0x4, 0x6, 0x8, 0x3}, @source_unit={0x8, 0x24, 0xa, 0x7, 0x4, 0x10, 0x5, 0x2}, @output_terminal={0xc, 0x24, 0x3, 0x6, 0x303, 0x24, 0x6, 0x8, 0x5, 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x4, 0xfffd, 0xb}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x8, 0x6, 0x7f, {0x8, 0x25, 0x1, 0x3, 0x33, 0x9, 0xa}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0xd, 0x0, 0x8c, {0x8, 0x25, 0x1, 0x2, 0x0, 0x3, 0x3}}}}}}}}]}}, &(0x7f0000002080)={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0xe8, 0x0, 0x0)

5.916548016s ago: executing program 0 (id=173):
r0 = memfd_create(&(0x7f00000005c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18', 0x0)
ftruncate(r0, 0x2)
lseek(r0, 0x0, 0x3)

5.825273194s ago: executing program 0 (id=174):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0xfffffffffffffff9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x3, {0x2, 0x1, 0x3}, 0xff}, 0x18)

5.78006157s ago: executing program 4 (id=175):
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
sendfile(r6, r5, 0x0, 0x100000500)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, 0x0)
sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)

5.426750289s ago: executing program 1 (id=176):
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, &(0x7f0000001e00)={0x0, [{0x2, 0x1c0, 0x4, &(0x7f0000000040)="25716e2b1ca2851ceef2d3ad3d02a69f21b16d20ed25bf39dd10e392a448291b8febbd84f4c80b4125afe85a5978bc1a908d079c66316282"}, {0x0, 0x0, 0x5, 0x0}, {0x2, 0x0, 0x3ff, 0x0}, {0x2, 0x0, 0x4b74, 0x0}, {0x2, 0x0, 0x7, 0x0}, {0x2, 0x0, 0x1, 0x0}, {0x2, 0x0, 0x7, 0x0}, {0x0, 0x0, 0x4, 0x0}, {0x0, 0x0, 0xa24, 0x0}, {0x2, 0x0, 0x7fff, 0x0}, {0x0, 0x0, 0x200, 0x0}, {0x1, 0x0, 0x40000, 0x0}, {0x0, 0x0, 0x4, 0x0}, {0x3, 0x0, 0x7, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x1, 0x0, 0x5, 0x0}]})
r0 = openat$kvm(0xffffff9c, &(0x7f0000000300), 0x80800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0x0, 0x0, 0x80203, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000340)={[0xfffffffffffffffb, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x4, 0x7d, 0x0, 0x0, 0x0, 0x5, 0x1, 0xb9, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.31859292s ago: executing program 4 (id=177):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xa)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680))
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0xb8)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0xa7a0}, 0x0)
r3 = fsopen(&(0x7f0000000180)='qnx6\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f0000000280)='%\xff:2\x82|\x9b\xfe\xbd\xd1c%\x8f7\x04v\xf0\xf1\xef\x0f\xc6\x8b\xba\x87\xfd\x18n\xc9(c\xbeib\xfe\xb1\xb3%|P\xdf\x91\xaei7\x9a\xe0\xadA\xde\x95\x03\x00\x00\x00\xb70\f\x00\x00\x0e\xec\xe5\xdc\xe5\x8dq\xf7\xd3\xc5*\x15\xdfE\xb2_T\x92|\x7f\xff9', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f0000000300)='\xb0\xfb\xd9\x9a\xbe\r\xcc:\x9b\xd0}\xe8\xff\xff\xff\xff\xff\xff\xff\x7f\xce\xf5\x1a\x01\xd6\a\xfe\xb8\x92~wS\x87\xd9\x9e0y\xc9\x8cw-zu(ht\xa1~\x9a\x8d^+\x9f\xee\x9a(&W\\\xbb\xd5W\xeb\x06\x9dva\x06\xe3\x97\xa1\x88\x83W{\x00\xff\xff\xff\xff\xff\xff\xff\xe9\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00)o\b~\xe3t`\xc9=;o\xe5\xb4T)\x04\xf9k\xfb%t\xa7\x80c\xbb\xeb\x10\xb8\x01', 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, 0x0, 0x4000084)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40000)
r6 = socket$netlink(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000e40)={{r6}, 0x0, 0x2, @inherit={0x70, &(0x7f0000000580)={0x1, 0x5, 0x3, 0xbe, {0x2c, 0x0, 0x0, 0x7, 0x10}, [0xc, 0x3, 0x7fffffffffffffff, 0x8, 0x7fff]}}, @devid})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
munmap(&(0x7f0000869000/0x7000)=nil, 0x7000)

3.08501898s ago: executing program 2 (id=178):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$kcm(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0c42, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x2, 0x202000)
r1 = socket(0x2, 0x2, 0x1)
bind$unix(r1, &(0x7f0000000000)=@abs, 0x6e)
r2 = socket(0x2, 0x2, 0x1)
bind$unix(r2, &(0x7f0000000000)=@abs, 0x58)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00')
socket(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x10, 0x2, 0x4)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xb972, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)

2.475822662s ago: executing program 1 (id=179):
socket$kcm(0x2, 0xa, 0x2)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
gettid()
r0 = socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r0, 0x0, 0x4000010)

1.976094341s ago: executing program 4 (id=180):
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="61636c2c757365725f78617474722c6e6f61636c2c63616368655f73747261746567793d64697361626c65642c6e6f757365725f78617474722c6e6f61636c2c00d4a87b439fa421753f060fe37a330d2dfca47c4e52e78d71fc65b972e2bb306bb4a29b1fe3019842462c5fee84a2e6eb90d57b8725e3a2eff0b0b471dac5c01bee53cd8d"], 0xfe, 0x17d, &(0x7f0000000340)="$eJzslM9K80AUxc9M+rX0Q1fuBHFhwbpomqQqbkSKL1DwH+6MNpZqaksbwdaVuPUB3Lr1FboRfBF1JUKXriPJTJuptFUELeL9LW7OZO7c3LmBA4Ig/ixPj68PVy/tcw3ABFJIyPfPWpTDlfzTQnJ/KrN+276+v1yrzVQH1fT9z38/BuAur8Hrne0/nZLPTfCe3gLHgtQ7YNCl3gPHttQOGHalPlJ0NcjX9cOy6+gHVbcYCCMIZhCsIOTe99e5YCgq/TFlv9FsHduu69S/UXw0v06eY1XpT/1f3dkYyvxMcJhS58CwIfUKEt3ZiJEo95+ORfW1H74/CRIkfpuI/Mm/YZhX/Cmm+EfWq9SyjWYrU67YJafknFhWbtlYNIwlKxsakYgj/C8Z+tN/pf6/IblxFseZ7Xl1U8Te2hJxkOPy0P840nNiHXh/fGg3Yp/JcyxUaW1EOkEQxNiYBYNv+wqT0kX7sArjbpQgCIIgCIIgCIIgiC/zFgAA///dqHHL")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x40)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$ITER_CREATE(0x21, &(0x7f00000006c0), 0x8)

1.752939036s ago: executing program 1 (id=181):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x7542d000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x2, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000050010"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r1}, 0x0, 0x0}, 0x1c)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r1, &(0x7f0000000100), 0x0}, 0x20)

1.736008974s ago: executing program 2 (id=182):
openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xab402)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x183c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
close_range(r4, 0xffffffffffffffff, 0x0)

1.694792448s ago: executing program 3 (id=183):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2d, 0xfffffffffffffff9)
add_key$keyring(&(0x7f0000000280), 0x0, 0x0, 0x0, 0xffffffffffffffff)
syslog(0x3, &(0x7f0000000000)=""/185, 0x64075da62934d5d1)

1.456861511s ago: executing program 0 (id=184):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xf7)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x80)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, r2, 0x16, 0x0, @void}, 0x10)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)

962.104275ms ago: executing program 1 (id=185):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

704.775758ms ago: executing program 3 (id=186):
syz_mount_image$ext4(&(0x7f0000000180)='ext3\x00', &(0x7f0000000040)='./file1\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x500, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxuteoByQghVQvQIUhsSN4pix1HslCb0kJ65IlGJExz5Azj3xJ0LghuXckDiRwRqkDgYzXjSuqndRE1ih/jzkUYzb97U3/eaznv11xm/AIbW5YjYjYixiLgbEdPZ+Vy2xc32llz3bO/h0v7ew6VctFq3/5FL65Nz0fFnEpey1yxGxA++E/Hj3KtxG9s7a4vVamUzK882axuzje2da6u1xZXKSmW9XF6YX5j77Pqn5VPr6we1sezoy09/v/uNnybNmsrOdPbjNLW7XngeJzEaEd87i2ADMJL1Z2zQDeGN5CPi3Yj4ML3/p2Mk/WkCABdZqzUdrenOMgBw0eXTHFguX8pyAVORz5dK7RzeezGZr9Ybzav36lvry+1c2UwU8vdWq5W5LFc4E4VcUp5Pj1+Uy4fK1yPinYj4+fhEWi4t1avLg/yPDwAMsUuH5v9/j7fnfwDggisOugEAQN+Z/wFg+Jj/AWD4HDX/d3l+FwD4P9ee/ycG3QwAoI/k/wFg+Jj/AWCofP/WrWRr7Wfff718f3trrX7/2nKlsVaqbS2VluqbG6WVen0l/c6e2lGvV63XN+Y/ia0HM9/caDRnG9s7d2r1rfXmnfR7ve9UCulVu33oGQDQyzsfPPlTLpmRb0ykW3Ss5VAYaMuAs5YfdAOAgRkZdAOAgbHaFwyvE7zHlx6AC+KoR3yL3R4QarVarbNrEnDGrnxB/h+GVUf+328Bw5CR/4fhJf8Pw6vVyh13zf847oUAwPkmxw/0+Pz/3Wz/m+zDgR8tH77i8Vm2CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM63g/V/S9la4FORz5dKEW9FxEwUcvdWq5W5iHg7Iv44XhhPyvMDbjMAcDJjkf9rLlv/68r0x1MvVb5/qeO6iJ/88vYvHiw2m5t/iBjL/XP84HzzcXa+3P/2AwBHO5in033HG/lnew+XDrZ+tudv346IYjv+/t5Y7D+PPxqj6b4YhYiY/FcuK7flOnIXJ7H7KCI+363/uZhKcyDtlU8Px09iv9XX+PmX4ufTuvY++bv43Cm0BYbNk2T8udnt/svH5XTf/f4vpiPUyWXjX/JSS/vpGPgi/sH4N9Jj/Lt83Bif/O677aOJV+seRXxxNOIg9n7H+HMQP9cj/sfHjP/nL73/Ya+61q8irkT3+J2xZpu1jdnG9s611driSmWlsl4uL8wvzH12/dPybJqjnu09G/z9xtW3e9Ul/Z/sEb94RP+/esz+//q/d3/4ldfE//pH3eLn473XxE/mxK8dM/7i5G+LveqS+Ms9+n/Uz//qMeM//cvOK8uGAwCD09jeWVusViubDhyc/4Pkn2wlYtDN6HrwrX7FGovuVT/7qH1PH6pqtd4oVq8R4zSybsB58Pymj4j/DLoxAAAAAAAAAAAAAABAV/14YmnQfQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODi+l8AAAD//9WOzkU=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmget(0x1, 0x4000, 0xa20, &(0x7f0000ffb000/0x4000)=nil)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000000)={0x0, 0x834, 0x1, [0x3, 0x8, 0x2, 0x6, 0xf], [0x109, 0x81, 0x569, 0x0, 0x6, 0x10, 0x81, 0xe4, 0x5f1, 0xff, 0x3, 0x1, 0xffffffff, 0x7, 0x4, 0xffffffff, 0x9, 0x4, 0x7, 0x7, 0x6, 0x6, 0x8000000000000001, 0xe15, 0xad, 0xfffffffffffffffe, 0x6, 0xb8, 0x2, 0x7, 0x0, 0x3ff, 0x1, 0x9, 0x7, 0x80000000, 0x8, 0x7fffffffffffffff, 0x4d1f, 0x9, 0xfffffffffffffff0, 0x0, 0x1000000000000000, 0x5c, 0x6, 0x3ff, 0xa, 0x0, 0x4, 0xffffffffffffffff, 0x8, 0x2, 0x6, 0x1, 0x5, 0x80, 0x0, 0x9, 0x3ff, 0x8, 0x7fffffff, 0x8, 0x0, 0x9, 0x2, 0x1, 0x3147, 0x79c, 0x9, 0x4, 0xa18, 0x1, 0x7, 0x8, 0x1, 0x9, 0x4, 0x0, 0xfffffffffffffffa, 0xbf0b72b, 0x18, 0x4, 0x93f8, 0xffff, 0x800, 0xa06a, 0x2, 0x0, 0x461e, 0xb05, 0x3, 0x1, 0x4, 0x7, 0xfffffffffffffff8, 0x8, 0x2, 0xfffffffffffffff7, 0x6, 0x4, 0x0, 0x1, 0x22f, 0x6, 0x3, 0x0, 0x800, 0xfffffffffffffff6, 0x800000000, 0xf42b, 0x75, 0x3, 0x6, 0x4, 0xf0, 0x6, 0x8001, 0x7, 0x6, 0x8, 0xaf]})
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
accept(r4, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r3}, 0x8)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newtfilter={0x30, 0x2c, 0xd2b, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0xf}, {}, {0x4, 0xe}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}}, 0x24040084)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x8001, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4, 0xfffffffffffffffe}, 0x4)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000002c0), 0x20602, 0x0)

656.464006ms ago: executing program 4 (id=187):
r0 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
sendfile(r6, r5, 0x0, 0x100000500)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, 0x0)
sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)

508.851321ms ago: executing program 1 (id=188):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000440)={0x4, 0x200, {}, {}, 0xfffffffc, 0x80000001})
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x1)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
tkill(0x0, 0xb)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x21c91c, &(0x7f0000000440)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@grpjquota}, {@noinit_itable}, {@quota}, {@debug}, {@sysvgroups}, {@resgid, 0x32}]}, 0x1, 0x4f1, &(0x7f0000000b00)="$eJzs3V9rXGkZAPDnTDK1f1KTohe1YC22khTtTNLYNnhRFURBKKj1vsZkEkImmZCZtE0omuIHEERU8MorbwQ/gCD9CCIU9F5UlGW33b1Y2N3OMmdm0mw60ySb+bOb+f3gzLznnXPmed4zzJnznvNyJoCBdSkiLkfEi2q1ejUiRhv1mcYU2/WpttzzZ4/malMS1erdN5OIpF5XW2xi13ueaax2MiJ+9L2Inyavxi1vbi3PFouF9cZ8vrKyli9vbl1bWpldLCwWVqenp27O3Jq5MTPZkXaORMTt7/z3N7/843dv//VrD/517/8TP0sa9REv29Fp9aZn023RNBwR690I1ifDaQsBAPg0aB7nfzkirsZoDKVHcwAAAMBxUv3mSLyfRFQBAACAYyuTjoFNMrnGOICRyGRyufoY3s/H6UyxVK58daG0sTpfHys7FtnMwlKxMNkYKzwW2aQ2P5WWX85f3zM/HRHnIuLXo6fS+dxcqTjf75MfAAAAMCDO7On/vzNa7//v8l7fkgMAAAA6Z6zfCQAAAABdp/8PAAAAx5/+PwAAABxrP7hzpzZVm/9/PX9/c2O5dP/afKG8nFvZmMvNldbXcoul0mJ6z76V/d6vWCqtfT1WNx7mK4VyJV/e3Lq3UtpYrdxb+shfYAMAAAA9dO5LT/6ZRMT2N06lU82JficF9MTwYRb+T/fyAHpvqN8JAH1zqN9/4FjJ9jsBoO+SfV5vO3jnb53PBQAA6I7xL7S+/j+077mB7UyPUgS6xPk/GFyu/8Pgcv0fBlc2hkJHHgbbfrcAPfr1/2r1UAkBAAAdN5JOSSYXkZ4HGIlMJpeLOJv2CbLJwlKxMBkRn42If4xmP1Obn0rXTPYdMwwAAAAAAAAAAAAAAAAAAAAAAAAA1FWrSVQBAACAYy0i878kvZt/xPjolZG95wdOJO+Ops8R8eD3d3/7cLZSWZ+q1b+1U1/5XaP+ej/OYAAAAAB7NfvpzX48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTS82eP5ppTL+O+8e2IGGsVfzhOps8nIxsRp99OYnjXeklEDHUg/vbjiDjfKn5SSyvGGlm0in+qz/HPdCA+DLIntf3Pt1p9/zJxKX1u/f27me6hjq79/i+zs/8bahG/Vnf2gDEuPP1zvm38xxEXhlvvf5rxk1fif/9QbfzJj7e22r1W/UPEeMvfn2RnmVopX1lZy5c3t64trcwuFhYLq9PTUzdnbs3cmJnMLywVC43HljF+9cW/vHhd+0+3iT/Wtv31nK4csP0fPH347HP1YnZn9eRl/InLrT//823iZxqf/1ca5drr483ydr2828U//f3i69o/36b97T//esyJA7b/6g9/8e8DLgoA9EB5c2t5tlgsrA904Uhbo3ZY1LF8hqL/W6ODheYhY9djXf5Ya/28C/nUjsw/AVv+yIX+7ZMAAIDueLUPvEe2xwkBAAAAAAAAAAAAAAAAAADAAOrF7cT23kJgO33sxN3zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA658MAAAD//8UQz6k=")
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000000)='.\x00', 0xe1, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))

437.440153ms ago: executing program 2 (id=189):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000400)={r0, r0, 0x6, 0x0, 0x0, 0x9, 0x0, 0xc48, 0x7f, 0xc6, 0x1, 0x0, 'syz0\x00'})
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000000)={@none})

0s ago: executing program 2 (id=190):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xa)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680))
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0xb8)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0xa7a0}, 0x0)
r3 = fsopen(&(0x7f0000000180)='qnx6\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f0000000280)='%\xff:2\x82|\x9b\xfe\xbd\xd1c%\x8f7\x04v\xf0\xf1\xef\x0f\xc6\x8b\xba\x87\xfd\x18n\xc9(c\xbeib\xfe\xb1\xb3%|P\xdf\x91\xaei7\x9a\xe0\xadA\xde\x95\x03\x00\x00\x00\xb70\f\x00\x00\x0e\xec\xe5\xdc\xe5\x8dq\xf7\xd3\xc5*\x15\xdfE\xb2_T\x92|\x7f\xff9', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f0000000300)='\xb0\xfb\xd9\x9a\xbe\r\xcc:\x9b\xd0}\xe8\xff\xff\xff\xff\xff\xff\xff\x7f\xce\xf5\x1a\x01\xd6\a\xfe\xb8\x92~wS\x87\xd9\x9e0y\xc9\x8cw-zu(ht\xa1~\x9a\x8d^+\x9f\xee\x9a(&W\\\xbb\xd5W\xeb\x06\x9dva\x06\xe3\x97\xa1\x88\x83W{\x00\xff\xff\xff\xff\xff\xff\xff\xe9\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00)o\b~\xe3t`\xc9=;o\xe5\xb4T)\x04\xf9k\xfb%t\xa7\x80c\xbb\xeb\x10\xb8\x01', 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, 0x0, 0x4000084)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40000)
r6 = socket$netlink(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000e40)={{r6}, 0x0, 0x2, @inherit={0x70, &(0x7f0000000580)={0x1, 0x5, 0x3, 0xbe, {0x2c, 0x0, 0x0, 0x7, 0x10}, [0xc, 0x3, 0x7fffffffffffffff, 0x8, 0x7fff]}}, @devid})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
munmap(&(0x7f0000869000/0x7000)=nil, 0x7000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.103' (ED25519) to the list of known hosts.
[   72.573537][ T5596] cgroup: Unknown subsys name 'net'
[   72.811629][ T5596] cgroup: Unknown subsys name 'cpuset'
[   72.867709][ T5596] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   74.568128][ T5596] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   78.575826][ T5617] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   78.582724][ T5619] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.596465][ T5619] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.601649][ T5619] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.613858][ T5617] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   78.621078][ T5619] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   78.627107][ T5619] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.628188][ T5617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   78.628339][ T5619] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   78.628846][ T5619] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.632962][ T5619] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   78.637332][ T5612] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   78.643756][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   78.643877][ T5612] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   78.662060][ T5612] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   78.821575][   T60] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   78.828145][   T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   78.852905][   T60] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   78.861222][ T4928] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   78.867042][ T4928] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   78.891145][ T4928] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   78.891960][ T4928] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   78.893743][ T4928] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   78.976650][ T4928] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   78.978625][ T4928] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   80.778186][ T5614] Bluetooth: hci2: command tx timeout
[   80.848627][ T5614] Bluetooth: hci1: command tx timeout
[   80.851868][ T4928] Bluetooth: hci0: command tx timeout
[   81.008337][ T5614] Bluetooth: hci3: command tx timeout
[   81.008343][ T4928] Bluetooth: hci4: command tx timeout
[   81.459729][ T5610] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.461189][ T5610] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.461380][ T5610] bridge_slave_0: entered allmulticast mode
[   81.463367][ T5610] bridge_slave_0: entered promiscuous mode
[   81.473235][ T5608] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.473642][ T5608] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.473905][ T5608] bridge_slave_0: entered allmulticast mode
[   81.480442][ T5608] bridge_slave_0: entered promiscuous mode
[   81.574593][  T956] cfg80211: failed to load regulatory.db
[   81.656144][ T5610] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.656385][ T5610] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.656637][ T5610] bridge_slave_1: entered allmulticast mode
[   81.683333][ T5610] bridge_slave_1: entered promiscuous mode
[   81.695479][ T5608] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.695732][ T5608] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.696117][ T5608] bridge_slave_1: entered allmulticast mode
[   81.710705][ T5608] bridge_slave_1: entered promiscuous mode
[   81.730951][ T5622] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.731255][ T5622] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.731546][ T5622] bridge_slave_0: entered allmulticast mode
[   81.735211][ T5622] bridge_slave_0: entered promiscuous mode
[   81.845034][ T5622] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.845288][ T5622] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.845470][ T5622] bridge_slave_1: entered allmulticast mode
[   81.848320][ T5622] bridge_slave_1: entered promiscuous mode
[   81.851949][ T5623] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.852222][ T5623] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.852449][ T5623] bridge_slave_0: entered allmulticast mode
[   81.855646][ T5623] bridge_slave_0: entered promiscuous mode
[   81.935164][ T5623] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.935325][ T5623] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.935480][ T5623] bridge_slave_1: entered allmulticast mode
[   81.938499][ T5623] bridge_slave_1: entered promiscuous mode
[   81.940105][ T5609] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.940381][ T5609] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.940950][ T5609] bridge_slave_0: entered allmulticast mode
[   81.945976][ T5609] bridge_slave_0: entered promiscuous mode
[   81.960799][ T5610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.968430][ T5608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.035793][ T5609] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.035987][ T5609] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.036169][ T5609] bridge_slave_1: entered allmulticast mode
[   82.059231][ T5609] bridge_slave_1: entered promiscuous mode
[   82.063556][ T5610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.068760][ T5608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.075305][ T5622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.144207][ T5622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.149631][ T5623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.224893][ T5623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.236653][ T5609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.244776][ T5610] team0: Port device team_slave_0 added
[   82.251632][ T5608] team0: Port device team_slave_0 added
[   82.286355][ T5609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.290556][ T5610] team0: Port device team_slave_1 added
[   82.295016][ T5608] team0: Port device team_slave_1 added
[   82.300593][ T5622] team0: Port device team_slave_0 added
[   82.363676][ T5622] team0: Port device team_slave_1 added
[   82.366282][ T5623] team0: Port device team_slave_0 added
[   82.424490][ T5623] team0: Port device team_slave_1 added
[   82.427143][ T5609] team0: Port device team_slave_0 added
[   82.430150][ T5610] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.430164][ T5610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.430188][ T5610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.436203][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.436217][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.436240][ T5608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.492308][ T5610] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.492324][ T5610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.492347][ T5610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.494919][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.494932][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.494954][ T5608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.499021][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.499034][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.499056][ T5622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.511832][ T5609] team0: Port device team_slave_1 added
[   82.568477][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.568493][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.568530][ T5622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.596248][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.596265][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.596288][ T5623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.657405][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.657420][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.657443][ T5623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.668607][ T5609] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.668622][ T5609] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.668643][ T5609] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.741371][ T5609] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.741388][ T5609] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.741411][ T5609] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.848117][ T5614] Bluetooth: hci2: command tx timeout
[   82.851780][ T5610] hsr_slave_0: entered promiscuous mode
[   82.854020][ T5610] hsr_slave_1: entered promiscuous mode
[   82.868379][ T5608] hsr_slave_0: entered promiscuous mode
[   82.870741][ T5608] hsr_slave_1: entered promiscuous mode
[   82.872606][ T5608] debugfs: 'hsr0' already exists in 'hsr'
[   82.872718][ T5608] Cannot create hsr debugfs directory
[   82.927380][ T5614] Bluetooth: hci1: command tx timeout
[   82.927407][ T4928] Bluetooth: hci0: command tx timeout
[   83.087500][ T4928] Bluetooth: hci4: command tx timeout
[   83.087532][ T4928] Bluetooth: hci3: command tx timeout
[   83.316736][ T5622] hsr_slave_0: entered promiscuous mode
[   83.318660][ T5622] hsr_slave_1: entered promiscuous mode
[   83.320851][ T5622] debugfs: 'hsr0' already exists in 'hsr'
[   83.320876][ T5622] Cannot create hsr debugfs directory
[   83.379422][ T5623] hsr_slave_0: entered promiscuous mode
[   83.380670][ T5623] hsr_slave_1: entered promiscuous mode
[   83.381662][ T5623] debugfs: 'hsr0' already exists in 'hsr'
[   83.381684][ T5623] Cannot create hsr debugfs directory
[   83.475994][ T5609] hsr_slave_0: entered promiscuous mode
[   83.477662][ T5609] hsr_slave_1: entered promiscuous mode
[   83.480945][ T5609] debugfs: 'hsr0' already exists in 'hsr'
[   83.480970][ T5609] Cannot create hsr debugfs directory
[   84.318544][ T5610] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   84.370665][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   84.385277][ T5610] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   84.426832][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   84.435587][ T5610] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   84.465413][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   84.488498][ T5610] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   84.513253][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   84.651817][ T5623] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   84.695995][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   84.705004][ T5623] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   84.740834][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   84.742988][ T5623] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   84.788216][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   84.813588][ T5623] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   84.844161][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   84.929009][ T5614] Bluetooth: hci2: command tx timeout
[   84.983281][ T5608] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   85.007640][ T5614] Bluetooth: hci1: command tx timeout
[   85.007670][ T5614] Bluetooth: hci0: command tx timeout
[   85.020027][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   85.043252][ T5608] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   85.073533][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   85.094009][ T5608] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   85.132749][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   85.156595][ T5608] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   85.167616][ T5614] Bluetooth: hci4: command tx timeout
[   85.167765][ T4928] Bluetooth: hci3: command tx timeout
[   85.196210][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   85.342038][ T5622] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   85.373237][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   85.386121][ T5622] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   85.413085][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   85.424933][ T5622] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   85.450618][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   85.479214][ T5622] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   85.512238][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   85.603493][ T5610] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.697962][ T5609] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   85.743661][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   85.760237][ T5609] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   85.802731][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   85.816840][ T5609] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   85.850386][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   85.865321][ T5609] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   85.894935][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   85.910863][ T5610] 8021q: adding VLAN 0 to HW filter on device team0
[   85.975382][ T1023] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.975550][ T1023] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.019313][ T5623] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.064794][ T3821] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.076160][ T3821] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.204715][ T5623] 8021q: adding VLAN 0 to HW filter on device team0
[   86.260352][ T2184] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.260508][ T2184] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.286027][ T5608] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.331070][ T2184] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.331268][ T2184] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.436809][ T5608] 8021q: adding VLAN 0 to HW filter on device team0
[   86.525762][ T5622] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.551256][ T2184] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.551510][ T2184] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.637064][ T2184] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.639231][ T2184] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.740124][ T5622] 8021q: adding VLAN 0 to HW filter on device team0
[   86.790421][ T5609] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.796248][ T3855] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.796382][ T3855] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.876265][ T3821] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.882238][ T3821] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.990942][ T5609] 8021q: adding VLAN 0 to HW filter on device team0
[   87.008803][ T4928] Bluetooth: hci2: command tx timeout
[   87.066793][ T3821] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.067024][ T3821] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.090445][ T5614] Bluetooth: hci1: command tx timeout
[   87.090497][ T4928] Bluetooth: hci0: command tx timeout
[   87.229740][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.229841][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.247696][ T5614] Bluetooth: hci4: command tx timeout
[   87.247742][ T4928] Bluetooth: hci3: command tx timeout
[   87.500211][ T5610] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.034919][ T5610] veth0_vlan: entered promiscuous mode
[   88.099267][ T5623] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.290703][ T5610] veth1_vlan: entered promiscuous mode
[   88.424025][ T5608] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.622754][ T5622] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.681166][ T5623] veth0_vlan: entered promiscuous mode
[   88.709815][ T5610] veth0_macvtap: entered promiscuous mode
[   88.793832][ T5610] veth1_macvtap: entered promiscuous mode
[   88.806802][ T5623] veth1_vlan: entered promiscuous mode
[   88.945084][ T5608] veth0_vlan: entered promiscuous mode
[   88.976313][ T5610] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.032388][ T5609] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.035448][ T5610] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.089148][ T5608] veth1_vlan: entered promiscuous mode
[   89.145324][  T103] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.169817][  T103] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.193596][  T103] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.196277][ T5623] veth0_macvtap: entered promiscuous mode
[   89.215770][  T103] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.317905][ T5623] veth1_macvtap: entered promiscuous mode
[   89.573158][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.642823][ T5608] veth0_macvtap: entered promiscuous mode
[   89.656207][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.802637][ T5608] veth1_macvtap: entered promiscuous mode
[   89.830346][ T5609] veth0_vlan: entered promiscuous mode
[   89.845505][ T3855] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.863437][ T3855] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.882894][ T3855] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.930435][ T3855] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.932496][ T5622] veth0_vlan: entered promiscuous mode
[   89.941067][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.941093][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.094572][ T5609] veth1_vlan: entered promiscuous mode
[   90.163575][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.168016][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.168037][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.171957][ T5622] veth1_vlan: entered promiscuous mode
[   90.353804][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.520972][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.526715][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.571083][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.593964][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.597154][ T1023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.597353][ T1023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.829251][ T5609] veth0_macvtap: entered promiscuous mode
[   90.863063][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.863082][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.940743][ T5609] veth1_macvtap: entered promiscuous mode
[   91.024413][ T5622] veth0_macvtap: entered promiscuous mode
[   91.435315][ T5622] veth1_macvtap: entered promiscuous mode
[   91.533567][ T3855] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.533587][ T3855] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.662141][ T5609] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.849192][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.849211][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.882510][ T5609] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.906688][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.035158][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.036874][ T3855] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.079203][ T3855] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.092054][ T3855] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.095406][ T3855] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.297080][ T3792] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.323852][ T3792] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.396575][ T3792] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.444528][ T3792] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.557905][ T5818] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8'.
[   93.987385][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.987405][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.044709][ T5824] syz_tun: entered allmulticast mode
[   94.092025][ T5825] warning: `syz.3.10' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   94.253801][ T3821] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.253820][ T3821] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.299441][ T5820] syz_tun: left allmulticast mode
[   94.501461][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.501479][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.806467][ T3821] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.806485][ T3821] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.102101][ T5809] syz.1.6 (5809) used greatest stack depth: 19000 bytes left
[   98.553078][ T5611] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[   98.864170][ T5611] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   98.864204][ T5611] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 8
[   98.864229][ T5611] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[   98.864269][ T5611] usb 3-1: New USB device found, idVendor=056a, idProduct=0301, bcdDevice= 0.00
[   98.864292][ T5611] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.981528][ T5611] usb 3-1: config 0 descriptor??
[   98.987843][ T5847] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   99.330558][ T5611] usbhid 3-1:0.0: can't add hid device: -71
[   99.330664][ T5611] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  100.676735][ T5611] usb 3-1: USB disconnect, device number 2
[  102.740890][ T5891] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  103.052225][ T5742] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  103.057951][    T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  103.215320][    T9] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  103.215351][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  103.224872][    T9] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  103.224906][    T9] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  103.224926][    T9] usb 4-1: Product: syz
[  103.224940][    T9] usb 4-1: Manufacturer: syz
[  103.224954][    T9] usb 4-1: SerialNumber: syz
[  103.271604][ T5742] usb 3-1: Using ep0 maxpacket: 16
[  103.298937][ T5742] usb 3-1: too many configurations: 123, using maximum allowed: 8
[  103.307047][ T5742] usb 3-1: config 0 has no interfaces?
[  103.323178][ T5742] usb 3-1: config 0 has no interfaces?
[  103.341801][ T5742] usb 3-1: config 0 has no interfaces?
[  103.349815][ T5742] usb 3-1: config 0 has no interfaces?
[  103.359047][ T5742] usb 3-1: config 0 has no interfaces?
[  103.363993][ T5742] usb 3-1: config 0 has no interfaces?
[  103.373994][ T5742] usb 3-1: config 0 has no interfaces?
[  103.412414][ T5742] usb 3-1: config 0 has no interfaces?
[  103.421539][ T5742] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  103.421568][ T5742] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  103.421588][ T5742] usb 3-1: SerialNumber: syz
[  103.519444][ T5742] usb 3-1: config 0 descriptor??
[  103.526130][    T9] usb 4-1: config 0 descriptor??
[  103.693187][    T9] usb 4-1: selecting invalid altsetting 0
[  103.759030][ T5893] netlink: 20 bytes leftover after parsing attributes in process `syz.2.33'.
[  103.766961][ T5893] netlink: 20 bytes leftover after parsing attributes in process `syz.2.33'.
[  103.767128][ T5893] Zero length message leads to an empty skb
[  103.868374][ T5801] usb 3-1: USB disconnect, device number 3
[  104.406182][    T9] usb 4-1: USB disconnect, device number 2
[  104.957336][ T5742] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  105.290413][ T5742] usb 5-1: Using ep0 maxpacket: 32
[  105.297721][ T5742] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  105.297757][ T5742] usb 5-1: config 0 has no interfaces?
[  105.297786][ T5742] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  105.297808][ T5742] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.767136][ T5742] usb 5-1: config 0 descriptor??
[  108.159121][ T5943] syz.1.45 uses obsolete (PF_INET,SOCK_PACKET)
[  108.537339][ T5723] usb 5-1: USB disconnect, device number 2
[  110.952743][ T5954] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  111.998980][ T5801] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  112.160529][ T5801] usb 5-1: Using ep0 maxpacket: 16
[  112.161377][ T5801] usb 5-1: too many configurations: 123, using maximum allowed: 8
[  112.163676][ T5801] usb 5-1: config 0 has no interfaces?
[  112.186657][ T5801] usb 5-1: config 0 has no interfaces?
[  112.196239][ T5801] usb 5-1: config 0 has no interfaces?
[  112.211116][ T5801] usb 5-1: config 0 has no interfaces?
[  112.212503][ T5801] usb 5-1: config 0 has no interfaces?
[  112.226096][ T5801] usb 5-1: config 0 has no interfaces?
[  112.233626][ T5801] usb 5-1: config 0 has no interfaces?
[  112.235632][ T5801] usb 5-1: config 0 has no interfaces?
[  112.255863][ T5801] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  112.255892][ T5801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  112.255913][ T5801] usb 5-1: SerialNumber: syz
[  112.368253][ T5801] usb 5-1: config 0 descriptor??
[  115.136263][ T5976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.51'.
[  115.139141][  T956] usb 5-1: USB disconnect, device number 3
[  116.942070][ T5723] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  117.097318][ T5723] usb 2-1: Using ep0 maxpacket: 8
[  117.105512][ T5723] usb 2-1: unable to get BOS descriptor or descriptor too short
[  117.126762][ T5723] usb 2-1: New USB device found, idVendor=0582, idProduct=0089, bcdDevice= 0.40
[  117.126790][ T5723] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.126810][ T5723] usb 2-1: Product: syz
[  117.126823][ T5723] usb 2-1: Manufacturer: syz
[  117.126838][ T5723] usb 2-1: SerialNumber: syz
[  117.447371][ T5933] usb 4-1: new low-speed USB device number 3 using dummy_hcd
[  117.487611][ T5723] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  117.493039][ T5723] usb 2-1: unit 8 not found!
[  117.508719][  T956] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  117.539184][ T6025] netlink: 4 bytes leftover after parsing attributes in process `syz.4.69'.
[  117.573306][ T5723] usb 2-1: USB disconnect, device number 2
[  117.629926][ T5933] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  117.629977][ T5933] usb 4-1: config 0 interface 0 altsetting 41 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  117.630113][ T5933] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.630145][ T5933] usb 4-1: New USB device found, idVendor=056a, idProduct=00b4, bcdDevice= 0.00
[  117.630169][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.669460][  T956] usb 1-1: Using ep0 maxpacket: 16
[  117.674793][  T956] usb 1-1: too many configurations: 123, using maximum allowed: 8
[  117.714547][  T956] usb 1-1: config 0 has no interfaces?
[  117.716750][  T956] usb 1-1: config 0 has no interfaces?
[  117.731909][  T956] usb 1-1: config 0 has no interfaces?
[  117.732061][ T5933] usb 4-1: config 0 descriptor??
[  117.754846][  T956] usb 1-1: config 0 has no interfaces?
[  117.763431][ T5964] udevd[5964]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  117.790148][  T956] usb 1-1: config 0 has no interfaces?
[  117.800505][  T956] usb 1-1: config 0 has no interfaces?
[  117.804781][  T956] usb 1-1: config 0 has no interfaces?
[  117.824516][  T956] usb 1-1: config 0 has no interfaces?
[  117.826500][  T956] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  117.826565][  T956] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  117.826583][  T956] usb 1-1: SerialNumber: syz
[  117.871879][ T5933] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  117.885015][  T956] usb 1-1: config 0 descriptor??
[  118.018791][ T5723] usb 4-1: USB disconnect, device number 3
[  118.100770][ T6023] netlink: 20 bytes leftover after parsing attributes in process `syz.0.68'.
[  118.102112][ T6023] netlink: 20 bytes leftover after parsing attributes in process `syz.0.68'.
[  118.194110][    T9] usb 1-1: USB disconnect, device number 2
[  122.127241][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  122.394844][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.1.83'.
[  122.420951][    T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  122.579213][    T9] usb 4-1: Using ep0 maxpacket: 32
[  122.580783][    T9] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  122.580800][    T9] usb 4-1: config 0 has no interface number 0
[  122.585412][    T9] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  122.585432][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.585443][    T9] usb 4-1: Product: syz
[  122.585469][    T9] usb 4-1: Manufacturer: syz
[  122.585482][    T9] usb 4-1: SerialNumber: syz
[  122.621769][    T9] usb 4-1: config 0 descriptor??
[  122.868036][ T5709] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  123.028653][ T5709] usb 5-1: Using ep0 maxpacket: 16
[  123.035015][ T5709] usb 5-1: too many configurations: 123, using maximum allowed: 8
[  123.039992][ T5709] usb 5-1: config 0 has no interfaces?
[  123.069216][ T5709] usb 5-1: config 0 has no interfaces?
[  123.086261][ T5709] usb 5-1: config 0 has no interfaces?
[  123.089089][ T5709] usb 5-1: config 0 has no interfaces?
[  123.102965][ T5709] usb 5-1: config 0 has no interfaces?
[  123.112543][ T5709] usb 5-1: config 0 has no interfaces?
[  123.483503][ T5709] usb 5-1: config 0 has no interfaces?
[  123.519951][ T5709] usb 5-1: config 0 has no interfaces?
[  123.521373][ T5709] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  123.521400][ T5709] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  123.521456][ T5709] usb 5-1: SerialNumber: syz
[  123.614706][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  123.626590][ T5709] usb 5-1: config 0 descriptor??
[  123.825687][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  123.826344][    T9] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  124.051378][    T9] usb 4-1: USB disconnect, device number 4
[  124.128060][ T5742] usb 5-1: USB disconnect, device number 4
[  127.232984][ T6126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.100'.
[  129.079366][ T6137] loop3: detected capacity change from 0 to 4096
[  129.233501][  T167] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  129.381322][  T167] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  129.626841][ T6137] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  129.626905][ T6137] EXT4-fs (loop3): Test dummy encryption mode enabled
[  129.709289][  T167] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  129.765072][ T3793] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  129.765390][ T3793] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  129.858921][ T3793] lo_rw_aio(loop3) starting write with raw_refcnt=0x0, refcnt=1
[  130.254016][ T6137] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a84ec018, mo2=0003]
[  130.254135][ T6137] System zones: 0-5
[  130.290688][ T1323] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  130.353828][ T1323] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  130.625416][ T6137] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.060410][  T103] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.085783][  T103] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.100655][  T103] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.119106][  T103] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.147599][  T103] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.208942][  T103] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.214116][ T6147] loop4: detected capacity change from 0 to 128
[  131.277059][   T42] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.324569][ T2184] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.358828][ T6147] vfat: Unknown parameter '18446744073709551615ÿÿÿ'
[  131.398252][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  131.449134][ T5964] __loop_clr_fd(loop4) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  131.718997][ T6154] nbd: must specify a device to reconfigure
[  131.723842][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.790752][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.806401][ T1323] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.885093][ T1323] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.889106][ T1323] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.896084][ T1323] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.916887][ T1323] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.935343][ T1323] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.952195][ T1323] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.970781][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  131.998599][ T5623] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.104091][ T1323] lo_rw_aio(loop3) starting write with raw_refcnt=0x0, refcnt=1
[  132.126328][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  132.142974][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  132.145731][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  132.166292][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  132.167061][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  132.186741][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  132.405725][ T5613] __loop_clr_fd(loop3) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  134.716894][ T6158] loop0: detected capacity change from 0 to 40427
[  135.188706][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  135.188837][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  135.214168][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.268936][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.280644][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.288824][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.290717][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.375391][ T3793] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.403111][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.439985][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.442240][ T3793] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.453646][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.456108][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.457767][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.469788][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.473077][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.478953][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.504993][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.514755][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.523370][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.527348][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.544258][ T3793] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.545034][ T3793] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.547472][ T3793] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.553461][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.562993][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.564569][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.574587][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.575395][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.611972][ T3793] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.618875][ T3793] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.619647][ T3793] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.623792][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.623834][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.669459][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.669539][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  135.669625][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  138.219863][ T5964] __loop_clr_fd(loop0) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  138.658070][ T6195] nbd: must specify a device to reconfigure
[  140.026247][ T6212] loop0: detected capacity change from 0 to 512
[  140.125949][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.188488][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.193967][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.258380][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.260103][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.260529][ T1023] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  140.270662][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.321533][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.322352][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.327047][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.351683][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.352439][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.353964][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.354655][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.464703][  T167] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  140.673472][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  140.723011][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  141.043849][ T1023] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  141.280520][  T167] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  141.354412][ T6212] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.354598][ T6212] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.433717][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  141.466001][  T167] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  141.533729][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  141.655916][   T12] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  141.727750][ T5709] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  141.789432][ T6235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.131'.
[  141.836782][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  141.837141][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  141.838295][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  141.838453][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  141.881711][ T5709] usb 3-1: Using ep0 maxpacket: 16
[  141.883960][ T5709] usb 3-1: too many configurations: 123, using maximum allowed: 8
[  141.893129][ T5709] usb 3-1: config 0 has no interfaces?
[  141.896843][ T5709] usb 3-1: config 0 has no interfaces?
[  141.903661][ T5709] usb 3-1: config 0 has no interfaces?
[  141.904945][ T5709] usb 3-1: config 0 has no interfaces?
[  141.935077][ T5709] usb 3-1: config 0 has no interfaces?
[  141.942607][ T5709] usb 3-1: config 0 has no interfaces?
[  141.956398][ T5709] usb 3-1: config 0 has no interfaces?
[  141.971348][ T5709] usb 3-1: config 0 has no interfaces?
[  141.974802][ T5709] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  141.974825][ T5709] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[  141.974836][ T5709] usb 3-1: SerialNumber: syz
[  141.999158][ T5709] usb 3-1: config 0 descriptor??
[  142.065506][ T5609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.242755][ T3793] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  142.248266][ T3793] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  142.280186][ T5609] __loop_clr_fd(loop0) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  142.356688][  T821] usb 3-1: USB disconnect, device number 4
[  143.650941][ T6242] loop4: detected capacity change from 0 to 4096
[  143.675706][ T6242] EXT4-fs: Ignoring removed mblk_io_submit option
[  143.698881][ T1023] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  143.726184][ T1023] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  143.853982][  T167] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  143.865363][ T1136] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  143.865409][ T1136] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  143.865442][ T1136] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  143.996138][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.010851][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.011787][  T167] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.012608][ T6242] EXT4-fs (loop4): Test dummy encryption mode enabled
[  144.027147][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.039913][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.039967][ T2184] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  144.045848][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.055871][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.063435][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.068797][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.077312][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.079537][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.080688][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.093431][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.096500][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.101261][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.108152][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.111587][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.119513][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.163717][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.166777][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.188155][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.193365][ T1136] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.202633][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.216057][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.224386][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.232601][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.242792][  T167] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.275182][  T167] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.333681][ T6242] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.377937][  T167] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.379957][  T167] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.450338][ T6242] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  144.458999][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.492935][ T1023] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.729638][  T167] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  144.865008][ T6266] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  147.271604][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  147.564185][  T821] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  147.778018][  T821] usb 3-1: Using ep0 maxpacket: 8
[  147.987810][  T821] usb 3-1: unable to get BOS descriptor or descriptor too short
[  148.170354][  T821] usb 3-1: unable to read config index 0 descriptor/start: -71
[  148.170392][  T821] usb 3-1: can't read configurations, error -71
[  148.454502][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082583][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082645][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082672][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082695][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082718][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082742][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082766][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082789][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082815][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082841][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.082866][ T3793] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  149.572622][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  150.336859][ T6302] loop0: detected capacity change from 0 to 512
[  150.347284][ T1136] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.351484][ T2184] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.351666][ T6302] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  150.351685][ T6302] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  150.352168][ T1136] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.352655][ T1136] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.352992][ T1136] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  150.363200][ T1136] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.417351][ T1323] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  150.417412][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.484823][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.486069][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.519302][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.522677][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.523368][ T1323] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.555123][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.555169][ T1023] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  150.652161][    T9] libceph: connect (1)[c::]:6789 error -101
[  150.652882][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  150.662647][ T6299] ceph: No mds server is up or the cluster is laggy
[  150.665306][    T9] libceph: connect (1)[c::]:6789 error -101
[  150.665524][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  150.933165][  T821] libceph: connect (1)[c::]:6789 error -101
[  150.934265][  T821] libceph: mon0 (1)[c::]:6789 connect error
[  151.439436][  T821] libceph: connect (1)[c::]:6789 error -101
[  151.439625][  T821] libceph: mon0 (1)[c::]:6789 connect error
[  151.439715][ T1136] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.501904][ T6302] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=84ec018, mo2=0002]
[  151.508462][ T1136] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  151.560078][   T12] lo_rw_aio(loop0) starting read with raw_refcnt=0x0, refcnt=1
[  151.565948][ T6302] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4222: comm syz.0.149: Allocating blocks 41-42 which overlap fs metadata
[  151.566164][ T6302] loop0: lost filesystem error report for type 5 error -117
[  151.569932][    C1] EXT4-fs (loop0): error count since last fsck: 1
[  151.569953][    C1] EXT4-fs (loop0): initial error at time 1778731627: ext4_mb_mark_diskspace_used:4222
[  151.569974][    C1] EXT4-fs (loop0): last error at time 1778731627: ext4_mb_mark_diskspace_used:4222
[  151.576385][ T1136] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  151.576478][ T1136] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  151.576509][ T1136] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  151.576540][ T1136] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  151.594204][ T1023] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.648040][ T6302] Quota error (device loop0): write_blk: dquota write failed
[  151.648063][ T6302] Quota error (device loop0): find_free_dqentry: Can't write quota data block 5
[  151.648267][ T6302] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4222: comm syz.0.149: Allocating blocks 41-42 which overlap fs metadata
[  151.648292][ T6302] loop0: lost filesystem error report for type 5 error -117
[  151.653101][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.653550][ T6302] Quota error (device loop0): write_blk: dquota write failed
[  151.653754][ T6302] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  151.653817][ T6302] EXT4-fs error (device loop0): ext4_acquire_dquot:7034: comm syz.0.149: Failed to acquire dquot type 1
[  151.653839][ T6302] loop0: lost filesystem error report for type 5 error -117
[  151.656871][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.657763][ T6302] EXT4-fs error (device loop0): mb_free_blocks:2049: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt.
[  151.660313][ T6302] EXT4-fs error (device loop0): ext4_do_update_inode:5690: inode #12: comm syz.0.149: corrupted inode contents
[  151.660525][ T6302] loop0: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  151.665105][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.668229][ T6302] EXT4-fs error (device loop0): ext4_dirty_inode:6587: inode #12: comm syz.0.149: mark_inode_dirty error
[  151.668258][ T6302] loop0: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  151.668643][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.672236][ T6302] EXT4-fs error (device loop0): ext4_do_update_inode:5690: inode #12: comm syz.0.149: corrupted inode contents
[  151.672264][ T6302] loop0: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  151.672647][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.673039][ T6302] EXT4-fs error (device loop0): __ext4_ext_dirty:207: inode #12: comm syz.0.149: mark_inode_dirty error
[  151.673063][ T6302] loop0: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  151.674158][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.675765][ T6302] EXT4-fs error (device loop0): ext4_do_update_inode:5690: inode #12: comm syz.0.149: corrupted inode contents
[  151.675800][ T6302] loop0: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  151.681108][ T2184] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.684958][ T6302] EXT4-fs error (device loop0) in ext4_orphan_del:303: Corrupt filesystem
[  151.684979][ T6302] loop0: lost filesystem error report for type 5 error -117
[  151.685329][ T3793] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.690759][ T6302] EXT4-fs error (device loop0): ext4_do_update_inode:5690: inode #12: comm syz.0.149: corrupted inode contents
[  151.690794][ T6302] loop0: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  151.694801][ T3793] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.696480][ T6302] EXT4-fs error (device loop0): ext4_truncate:4690: inode #12: comm syz.0.149: mark_inode_dirty error
[  151.696506][ T6302] loop0: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117
[  151.696756][ T3793] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.697349][ T6302] EXT4-fs error (device loop0) in ext4_process_orphan:345: Corrupt filesystem
[  151.697368][ T6302] loop0: lost filesystem error report for type 5 error -117
[  151.697612][ T3793] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.703572][ T3793] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.704658][ T6302] EXT4-fs (loop0): 1 truncate cleaned up
[  151.717412][ T6302] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.726150][ T6299] =======================================================
[  151.726150][ T6299] WARNING: The mand mount option has been deprecated and
[  151.726150][ T6299]          and is ignored by this kernel. Remove the mand
[  151.726150][ T6299]          option from the mount to silence this warning.
[  151.726150][ T6299] =======================================================
[  151.755819][ T6308] loop3: detected capacity change from 0 to 256
[  151.770559][ T5622] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.813626][   T42] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  151.895418][   T42] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.900503][   T42] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.900550][   T42] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.900572][   T42] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.900592][   T42] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.900613][   T42] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.900634][   T42] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.900654][   T42] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.905356][  T167] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.907742][  T167] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.911919][  T167] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.912626][  T167] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.916046][  T167] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.923230][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.923955][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.924944][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.949372][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.962140][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.962982][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.976812][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  151.980466][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  152.003185][   T12] lo_rw_aio(loop3) starting write with raw_refcnt=0x0, refcnt=1
[  152.011265][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  152.012318][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  152.013496][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  152.015314][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  152.015984][   T12] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  152.113673][ T1023] lo_rw_aio(loop3) starting write with raw_refcnt=0x0, refcnt=1
[  152.430369][ T1023] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  152.430451][ T1023] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  152.435749][ T1136] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  152.447138][  T167] lo_rw_aio(loop0) starting write with raw_refcnt=0x0, refcnt=1
[  152.456783][ T6299] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  152.462061][  T167] lo_rw_aio(loop4) starting write with raw_refcnt=0x0, refcnt=1
[  152.502420][ T5622] __loop_clr_fd(loop4) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  152.539021][   T12] lo_rw_aio(loop3) starting write with raw_refcnt=0x0, refcnt=1
[  152.546387][ T5623] __loop_clr_fd(loop3) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  152.791639][ T5609] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.864357][ T5609] __loop_clr_fd(loop0) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  153.457336][  T821] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  153.471812][ T6343] loop2: detected capacity change from 0 to 256
[  153.534093][ T2184] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.549758][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.564113][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.564258][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.564430][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.564517][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.564600][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.564687][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.590412][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.591322][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.591648][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.591813][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.592223][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.594253][ T5709] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  153.613097][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.613469][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.613650][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.613908][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.614269][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.614611][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.614991][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.618163][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.618944][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.619276][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.619779][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.620715][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.621499][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.623591][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.623826][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.624114][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.624420][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.624682][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.624839][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.625112][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.636361][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.636745][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.637559][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.637883][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.638296][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.642921][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.643143][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.643610][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.643865][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.644179][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.644670][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.648852][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.650340][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.650753][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.652934][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.665511][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.665770][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.666262][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.668799][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.670354][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.670594][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.670895][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.671207][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.671602][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.672276][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.676958][  T821] usb 1-1: Using ep0 maxpacket: 8
[  153.690188][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.690989][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.693187][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.693894][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.694717][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.696569][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.697856][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.699797][ T2184] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.700828][ T2184] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.701220][ T2184] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  153.702686][ T6343] FAT-fs (loop2): Directory bread(block 64) failed
[  153.702731][ T6343] FAT-fs (loop2): Directory bread(block 65) failed
[  153.702831][ T6343] FAT-fs (loop2): Directory bread(block 66) failed
[  153.702849][ T6343] FAT-fs (loop2): Directory bread(block 67) failed
[  153.702943][ T6343] FAT-fs (loop2): Directory bread(block 68) failed
[  153.702964][ T6343] FAT-fs (loop2): Directory bread(block 69) failed
[  153.703051][ T6343] FAT-fs (loop2): Directory bread(block 70) failed
[  153.703071][ T6343] FAT-fs (loop2): Directory bread(block 71) failed
[  153.703159][ T6343] FAT-fs (loop2): Directory bread(block 72) failed
[  153.703179][ T6343] FAT-fs (loop2): Directory bread(block 73) failed
[  153.786574][  T821] usb 1-1: unable to get BOS descriptor or descriptor too short
[  153.870546][   T42] lo_rw_aio(loop2) starting write with raw_refcnt=0x0, refcnt=1
[  153.913500][  T821] usb 1-1: New USB device found, idVendor=0582, idProduct=0089, bcdDevice= 0.40
[  153.913527][  T821] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.913544][  T821] usb 1-1: Product: syz
[  153.913557][  T821] usb 1-1: Manufacturer: syz
[  153.913570][  T821] usb 1-1: SerialNumber: syz
[  154.176625][ T5709] usb 5-1: Using ep0 maxpacket: 8
[  154.281784][ T5709] usb 5-1: unable to get BOS descriptor or descriptor too short
[  154.291089][ T5709] usb 5-1: New USB device found, idVendor=0582, idProduct=0089, bcdDevice= 0.40
[  154.291119][ T5709] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.291138][ T5709] usb 5-1: Product: syz
[  154.291151][ T5709] usb 5-1: Manufacturer: syz
[  154.291163][ T5709] usb 5-1: SerialNumber: syz
[  154.322496][ T5273] veth1_macvtap: left promiscuous mode
[  154.332702][ T2184] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  154.457497][   T67] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  154.491036][   T42] lo_rw_aio(loop2) starting read with raw_refcnt=0x0, refcnt=1
[  155.682328][ T1323] lo_rw_aio(loop2) starting write with raw_refcnt=0x0, refcnt=1
[  155.748833][ T5709] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  155.800579][ T5613] __loop_clr_fd(loop2) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  156.763509][ T5709] usb 5-1: unit 8 not found!
[  158.005956][  T821] usb 1-1: 1:1 : bogus bTerminalLink 6
[  158.107664][ T6396] loop7: detected capacity change from 0 to 7
[  158.113821][ T5709] usb 5-1: USB disconnect, device number 5
[  158.170303][   T42] lo_rw_aio(loop7) starting read with raw_refcnt=0x1, refcnt=2
[  158.172871][ T6396] Dev loop7: unable to read RDB block 7
[  158.172903][ T6396]  loop7: AHDI p1 p2 p3 p4
[  158.172931][ T6396] loop7: partition table partially beyond EOD, truncated
[  158.173173][ T6396] loop7: p1 start 1601398130 is beyond EOD, truncated
[  158.173193][ T6396] loop7: p2 start 1702059890 is beyond EOD, truncated
[  158.173208][ T6396] loop7: p3 start 14024704 is beyond EOD, truncated
[  158.314856][ T6394] __loop_clr_fd(loop7) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  163.120947][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  163.423838][  T821] usb 1-1: USB disconnect, device number 3
[  164.412949][ T5613] udevd[5613]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  164.591323][ T6441] loop4: detected capacity change from 0 to 16
[  164.622475][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  164.682991][ T5613] udevd[5613]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  164.715039][ T6441] erofs (device loop4): mounted with root inode @ nid 36.
[  165.669521][   T38] audit: type=1800 audit(1778731641.180:2): pid=6441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.180" name="file2" dev="loop4" ino=89 res=0 errno=0
[  165.704678][ T2184] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  165.723282][   T42] lo_rw_aio(loop4) starting read with raw_refcnt=0x0, refcnt=1
[  165.749098][ T4928] erofs (device loop4): failed to decompress (lz4) corrupted compressed data @ pa 4096 size 4096 => 9000
[  165.938169][ T6461] loop3: detected capacity change from 0 to 512
[  165.965365][ T6457] __loop_clr_fd(loop4) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  165.993807][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.016949][   T13] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.026072][   T13] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.027720][   T13] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.042301][   T13] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.044408][   T13] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.052280][   T13] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.220201][ T6467] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  166.375982][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.376327][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.376361][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.376384][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.390847][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.391667][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.398785][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.472534][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  166.493070][ T6461] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  166.644019][ T6461] __loop_clr_fd(loop3) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  167.241914][ T4928] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  167.242821][ T4928] CPU: 1 UID: 0 PID: 4928 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  167.242856][ T4928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  167.242871][ T4928] Workqueue: hci4 hci_rx_work
[  167.242910][ T4928] Call Trace:
[  167.242921][ T4928]  <TASK>
[  167.242931][ T4928]  dump_stack_lvl+0xe8/0x150
[  167.242963][ T4928]  sysfs_create_dir_ns+0x271/0x2a0
[  167.242993][ T4928]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  167.243028][ T4928]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  167.243060][ T4928]  ? rt_spin_unlock+0x160/0x200
[  167.243098][ T4928]  kobject_add_internal+0x631/0xd10
[  167.243139][ T4928]  kobject_add+0x163/0x240
[  167.243173][ T4928]  ? __pfx_kobject_add+0x10/0x10
[  167.243211][ T4928]  ? get_device_parent+0x370/0x3a0
[  167.243243][ T4928]  device_add+0x408/0xb90
[  167.243274][ T4928]  hci_conn_add_sysfs+0xd5/0x210
[  167.243302][ T4928]  le_conn_complete_evt+0x10e6/0x16b0
[  167.243344][ T4928]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  167.243382][ T4928]  ? skb_pull_data+0xfb/0x200
[  167.243414][ T4928]  hci_le_conn_complete_evt+0x187/0x470
[  167.243452][ T4928]  hci_event_packet+0x659/0xef0
[  167.243484][ T4928]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  167.243515][ T4928]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  167.243542][ T4928]  ? __pfx_hci_event_packet+0x10/0x10
[  167.243566][ T4928]  ? rt_spin_unlock+0x14f/0x200
[  167.243606][ T4928]  ? hci_send_to_monitor+0xe2/0x590
[  167.243641][ T4928]  hci_rx_work+0x3ee/0x1040
[  167.243675][ T4928]  ? preempt_schedule_thunk+0x16/0x40
[  167.243704][ T4928]  ? process_one_work+0x8be/0x1630
[  167.243733][ T4928]  process_one_work+0x98b/0x1630
[  167.243785][ T4928]  ? __pfx_process_one_work+0x10/0x10
[  167.243812][ T4928]  ? do_raw_spin_lock+0x12b/0x2f0
[  167.243862][ T4928]  worker_thread+0xb49/0x1140
[  167.243902][ T4928]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  167.243942][ T4928]  kthread+0x388/0x470
[  167.243965][ T4928]  ? __pfx_worker_thread+0x10/0x10
[  167.243993][ T4928]  ? __pfx_kthread+0x10/0x10
[  167.244017][ T4928]  ret_from_fork+0x514/0xb70
[  167.244047][ T4928]  ? __pfx_ret_from_fork+0x10/0x10
[  167.244073][ T4928]  ? __switch_to+0xc79/0x1410
[  167.244098][ T4928]  ? __pfx_kthread+0x10/0x10
[  167.244122][ T4928]  ret_from_fork_asm+0x1a/0x30
[  167.244167][ T4928]  </TASK>
[  167.244574][ T4928] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  167.244858][ T4928] Bluetooth: hci4: failed to register connection device
[  167.361838][ T4928] ==================================================================
[  167.361855][ T4928] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.361895][ T4928] Read of size 8 at addr ffff88802b1917b0 by task kworker/u9:1/4928
[  167.361913][ T4928] 
[  167.361926][ T4928] CPU: 1 UID: 0 PID: 4928 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  167.361951][ T4928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  167.361966][ T4928] Workqueue: hci4 hci_rx_work
[  167.361992][ T4928] Call Trace:
[  167.362000][ T4928]  <TASK>
[  167.362009][ T4928]  dump_stack_lvl+0xe8/0x150
[  167.362038][ T4928]  print_address_description+0x55/0x1e0
[  167.362064][ T4928]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.362086][ T4928]  print_report+0x58/0x70
[  167.362109][ T4928]  kasan_report+0x117/0x150
[  167.362149][ T4928]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.362177][ T4928]  l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.362202][ T4928]  l2cap_connect_cfm+0x368/0x1560
[  167.362239][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  167.362270][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  167.362301][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  167.362333][ T4928]  ? hci_connect_cfm+0x86/0x140
[  167.362361][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  167.362394][ T4928]  hci_connect_cfm+0x95/0x140
[  167.362422][ T4928]  le_conn_complete_evt+0x1134/0x16b0
[  167.362457][ T4928]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  167.362489][ T4928]  ? skb_pull_data+0xfb/0x200
[  167.362517][ T4928]  hci_le_conn_complete_evt+0x187/0x470
[  167.362548][ T4928]  hci_event_packet+0x659/0xef0
[  167.362575][ T4928]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  167.362606][ T4928]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  167.362633][ T4928]  ? __pfx_hci_event_packet+0x10/0x10
[  167.362654][ T4928]  ? rt_spin_unlock+0x14f/0x200
[  167.362688][ T4928]  ? hci_send_to_monitor+0xe2/0x590
[  167.362720][ T4928]  hci_rx_work+0x3ee/0x1040
[  167.362744][ T4928]  ? preempt_schedule_thunk+0x16/0x40
[  167.362767][ T4928]  ? process_one_work+0x8be/0x1630
[  167.362794][ T4928]  process_one_work+0x98b/0x1630
[  167.362831][ T4928]  ? __pfx_process_one_work+0x10/0x10
[  167.362858][ T4928]  ? do_raw_spin_lock+0x12b/0x2f0
[  167.362895][ T4928]  worker_thread+0xb49/0x1140
[  167.362928][ T4928]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  167.362958][ T4928]  kthread+0x388/0x470
[  167.362980][ T4928]  ? __pfx_worker_thread+0x10/0x10
[  167.363008][ T4928]  ? __pfx_kthread+0x10/0x10
[  167.363029][ T4928]  ret_from_fork+0x514/0xb70
[  167.363055][ T4928]  ? __pfx_ret_from_fork+0x10/0x10
[  167.363080][ T4928]  ? __switch_to+0xc79/0x1410
[  167.363101][ T4928]  ? __pfx_kthread+0x10/0x10
[  167.363123][ T4928]  ret_from_fork_asm+0x1a/0x30
[  167.363164][ T4928]  </TASK>
[  167.363172][ T4928] 
[  167.363177][ T4928] Allocated by task 4928:
[  167.363187][ T4928]  kasan_save_track+0x3e/0x80
[  167.363212][ T4928]  __kasan_kmalloc+0x93/0xb0
[  167.363238][ T4928]  __kmalloc_noprof+0x3e7/0x7b0
[  167.363266][ T4928]  sk_prot_alloc+0xe7/0x210
[  167.363285][ T4928]  sk_alloc+0x3a/0x390
[  167.363302][ T4928]  bt_sock_alloc+0x3b/0x310
[  167.363325][ T4928]  l2cap_sock_new_connection_cb+0xf1/0x2f0
[  167.363346][ T4928]  l2cap_connect_cfm+0x368/0x1560
[  167.363375][ T4928]  hci_connect_cfm+0x95/0x140
[  167.363399][ T4928]  le_conn_complete_evt+0x1134/0x16b0
[  167.363426][ T4928]  hci_le_conn_complete_evt+0x187/0x470
[  167.363451][ T4928]  hci_event_packet+0x659/0xef0
[  167.363471][ T4928]  hci_rx_work+0x3ee/0x1040
[  167.363491][ T4928]  process_one_work+0x98b/0x1630
[  167.363516][ T4928]  worker_thread+0xb49/0x1140
[  167.363542][ T4928]  kthread+0x388/0x470
[  167.363560][ T4928]  ret_from_fork+0x514/0xb70
[  167.363582][ T4928]  ret_from_fork_asm+0x1a/0x30
[  167.363607][ T4928] 
[  167.363612][ T4928] Freed by task 6482:
[  167.363621][ T4928]  kasan_save_track+0x3e/0x80
[  167.363645][ T4928]  kasan_save_free_info+0x46/0x50
[  167.363665][ T4928]  __kasan_slab_free+0x5c/0x80
[  167.363691][ T4928]  kfree+0x1c5/0x6c0
[  167.363714][ T4928]  __sk_destruct+0x74b/0x9d0
[  167.363732][ T4928]  l2cap_sock_cleanup_listen+0xe0/0x440
[  167.363751][ T4928]  l2cap_sock_release+0x6e/0x270
[  167.363768][ T4928]  __sock_release+0xb9/0x250
[  167.363792][ T4928]  sock_close+0x1c/0x30
[  167.363814][ T4928]  __fput+0x461/0xa70
[  167.363836][ T4928]  task_work_run+0x1d9/0x270
[  167.363857][ T4928]  get_signal+0x11eb/0x1330
[  167.363882][ T4928]  arch_do_signal_or_restart+0xbc/0x840
[  167.363902][ T4928]  exit_to_user_mode_loop+0x8c/0x4d0
[  167.363920][ T4928]  do_syscall_64+0x33e/0xf80
[  167.363942][ T4928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.363961][ T4928] 
[  167.363965][ T4928] The buggy address belongs to the object at ffff88802b191000
[  167.363965][ T4928]  which belongs to the cache kmalloc-2k of size 2048
[  167.363982][ T4928] The buggy address is located 1968 bytes inside of
[  167.363982][ T4928]  freed 2048-byte region [ffff88802b191000, ffff88802b191800)
[  167.364003][ T4928] 
[  167.364008][ T4928] The buggy address belongs to the physical page:
[  167.364024][ T4928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b190
[  167.364048][ T4928] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  167.364065][ T4928] flags: 0x80000000000040(head|node=0|zone=1)
[  167.364086][ T4928] page_type: f5(slab)
[  167.364105][ T4928] raw: 0080000000000040 ffff88813fe17000 dead000000000100 dead000000000122
[  167.364123][ T4928] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  167.364148][ T4928] head: 0080000000000040 ffff88813fe17000 dead000000000100 dead000000000122
[  167.364165][ T4928] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  167.364184][ T4928] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[  167.364201][ T4928] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  167.364212][ T4928] page dumped because: kasan: bad access detected
[  167.364221][ T4928] page_owner tracks the page as allocated
[  167.364229][ T4928] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1023, tgid 1023 (kworker/u8:7), ts 11067539541, free_ts 0
[  167.364264][ T4928]  post_alloc_hook+0x1f9/0x250
[  167.364290][ T4928]  get_page_from_freelist+0x27d6/0x2850
[  167.364309][ T4928]  __alloc_frozen_pages_noprof+0x18d/0x380
[  167.364327][ T4928]  allocate_slab+0x74/0x5e0
[  167.364348][ T4928]  refill_objects+0x33c/0x3d0
[  167.364368][ T4928]  __pcs_replace_empty_main+0x373/0x720
[  167.364390][ T4928]  __kmalloc_noprof+0x530/0x7b0
[  167.364417][ T4928]  scsi_alloc_target+0x138/0xbd0
[  167.364436][ T4928]  __scsi_scan_target+0x164/0xe10
[  167.364456][ T4928]  scsi_scan_host_selected+0x3d3/0x780
[  167.364476][ T4928]  do_scan_async+0x124/0x6f0
[  167.364495][ T4928]  async_run_entry_fn+0xa8/0x440
[  167.364522][ T4928]  process_one_work+0x98b/0x1630
[  167.364547][ T4928]  worker_thread+0xb49/0x1140
[  167.364573][ T4928]  kthread+0x388/0x470
[  167.364591][ T4928]  ret_from_fork+0x514/0xb70
[  167.364612][ T4928] page_owner free stack trace missing
[  167.364624][ T4928] 
[  167.364628][ T4928] Memory state around the buggy address:
[  167.364639][ T4928]  ffff88802b191680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  167.364652][ T4928]  ffff88802b191700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  167.364665][ T4928] >ffff88802b191780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  167.364675][ T4928]                                      ^
[  167.364687][ T4928]  ffff88802b191800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  167.364700][ T4928]  ffff88802b191880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  167.364711][ T4928] ==================================================================
[  167.364728][ T4928] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  167.364747][ T4928] CPU: 1 UID: 0 PID: 4928 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  167.364771][ T4928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  167.364785][ T4928] Workqueue: hci4 hci_rx_work
[  167.364808][ T4928] Call Trace:
[  167.364816][ T4928]  <TASK>
[  167.364824][ T4928]  vpanic+0x56c/0xa60
[  167.364854][ T4928]  ? __pfx_vpanic+0x10/0x10
[  167.364886][ T4928]  panic+0xc5/0xd0
[  167.364912][ T4928]  ? __pfx_panic+0x10/0x10
[  167.364939][ T4928]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.364963][ T4928]  ? rcu_is_watching+0x15/0xb0
[  167.364991][ T4928]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.365014][ T4928]  check_panic_on_warn+0x89/0xb0
[  167.365037][ T4928]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.365060][ T4928]  end_report+0x73/0x170
[  167.365090][ T4928]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.365112][ T4928]  kasan_report+0x128/0x150
[  167.365149][ T4928]  ? l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.365176][ T4928]  l2cap_sock_new_connection_cb+0x208/0x2f0
[  167.365201][ T4928]  l2cap_connect_cfm+0x368/0x1560
[  167.365237][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  167.365269][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  167.365300][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  167.365332][ T4928]  ? hci_connect_cfm+0x86/0x140
[  167.365361][ T4928]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  167.365393][ T4928]  hci_connect_cfm+0x95/0x140
[  167.365422][ T4928]  le_conn_complete_evt+0x1134/0x16b0
[  167.365456][ T4928]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  167.365489][ T4928]  ? skb_pull_data+0xfb/0x200
[  167.365516][ T4928]  hci_le_conn_complete_evt+0x187/0x470
[  167.365547][ T4928]  hci_event_packet+0x659/0xef0
[  167.365574][ T4928]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  167.365605][ T4928]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  167.365632][ T4928]  ? __pfx_hci_event_packet+0x10/0x10
[  167.365654][ T4928]  ? rt_spin_unlock+0x14f/0x200
[  167.365690][ T4928]  ? hci_send_to_monitor+0xe2/0x590
[  167.365723][ T4928]  hci_rx_work+0x3ee/0x1040
[  167.365747][ T4928]  ? preempt_schedule_thunk+0x16/0x40
[  167.365771][ T4928]  ? process_one_work+0x8be/0x1630
[  167.365798][ T4928]  process_one_work+0x98b/0x1630
[  167.365837][ T4928]  ? __pfx_process_one_work+0x10/0x10
[  167.365863][ T4928]  ? do_raw_spin_lock+0x12b/0x2f0
[  167.365900][ T4928]  worker_thread+0xb49/0x1140
[  167.365933][ T4928]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  167.365964][ T4928]  kthread+0x388/0x470
[  167.365985][ T4928]  ? __pfx_worker_thread+0x10/0x10
[  167.366013][ T4928]  ? __pfx_kthread+0x10/0x10
[  167.366035][ T4928]  ret_from_fork+0x514/0xb70
[  167.366061][ T4928]  ? __pfx_ret_from_fork+0x10/0x10
[  167.366085][ T4928]  ? __switch_to+0xc79/0x1410
[  167.366107][ T4928]  ? __pfx_kthread+0x10/0x10
[  167.366128][ T4928]  ret_from_fork_asm+0x1a/0x30
[  167.366171][ T4928]  </TASK>
[  167.366716][ T4928] Kernel Offset: disabled