last executing test programs: 16.466542472s ago: executing program 4 (id=92): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0xc, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x2e8}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x18100}) 14.964398096s ago: executing program 4 (id=95): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000940)=ANY=[@ANYBLOB="1201000034709d405f0530c6acb60102030109021200fd000000000904911d046b53bddec57e972c11cf99648653fbc2b82956f369d9af1ce3ce7974ae704256223eb946d3c2f17d108b842439c4fa0f4a804fdb5679fa8a142b44ab77d8ede5098e82d06d14f57b346e2025d4ad2ed7456870bd883e87f88b79b49808ca6d1961caaa86d3a410697d79144948dedf9b18fe1c9f60d3a85e0efd117946d3649a344bb969d8bc38b742599ecbb801077f1793f9fed1ba9e44d3ed441ffca1dba316ca7fdbc1751d281e4f1e626f3b2bbf590710ead9fe133e8e1fa7cfc5bf78b360b398740403eb0574ec5fb2bfe608e7ddecc5b8"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000400)=ANY=[@ANYBLOB="030101000000af"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000280)={0x10, &(0x7f0000000e00)=ANY=[@ANYRESOCT=r0, @ANYRESHEX=r0, @ANYRES16=r0, @ANYRESDEC=r0, @ANYBLOB="89ee89da5cf7d801b4f4aa95d0a67e8e1d3b2243cc904301fc166ff3a4768ffdc0816c", @ANYRES8=r0, @ANYBLOB="68d2a6889ac16d9b41e91cff5df95478723ee65e17a5de23d2750d404a02339488a00482c655bb0b67eb65948e3a950890a0a4ac7e099c3a3012f842302b7307691b09d27f075ba311be4f39a7b6780ee24b3be85fb8368f3f576eec5d90e8e1c0bc03f0fd80351b3a171cadc1734ac1dc8112e6e6e081fa35e0dc709b2e8c7ad7b5acfc5394b75eb427a46808d70c063d56669bd036e3d4186bec8514c177f8642d4c0079fb747409d726206f79cd2459246d79c6166321fa", @ANYRES32=r0], 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000900)={0x1c, &(0x7f0000000780)=ANY=[@ANYBLOB="200effff0000"], 0x0, 0x0}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) connect$unix(0xffffffffffffffff, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11.716138337s ago: executing program 4 (id=105): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2}}, 0x50) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x2c) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f00000063c0)="99529ca7d265e2dba44891e35e7d5dab7921b730436ecd4e999a25bcf86a25f8f029c0dd50373e90b7cf7779b12ecd4423c5b13cfac186975cd723976f3c747612913029d42517c189364bc59d8ebad53ed1b86f8f66c99b1f9b5b40d78cef1f14f81815d53bdca7fef40607358db69eb8c0b1f6b0942ab4b1ee7ca8deb4eddef06381a3d1c52d6147fc5109c7c607591497a6b2477f60cc881d3219c96bffb34aadec3fa97250713cce17cd536721bf9c40a019531ed0bbad139e26a3d4d39b68ab1bf37cb1a4bd197a8789cb1940cd86d9e56713bc36c7cffd07a311f5bc2e91f16d152eb480645e85ec9b3bf09c7fa140dced0afd55d7b99e90a96e7748e2d0dc09672ac199ce529e631efe1783769819c182ca106f6184bcbb387ed246c43562d74c36ac3a7ec2f0e11f70bad0007c03bb9c0d2dacc2148cce4a4aea327c7319016ad146b52bfae0357f9e892e9bec61a13c93551cfa3d4f4bfa7585c93bb0bef01a9114f3dc54179cf9a57fe88f5cff3403e33c9d09e3e9c2e10f1f16894e1b59e3cad47c1f202cf7b756f2851fc96d09459c9a8d34c19e6a3525cd5001aac5181f57286d0e1e88ce5092c7c76b6abdaebf2c499aa47587b48eb12a2b72548c190b0324ebedb81a63333b6edb25550f859c5ccc404a944ff7f61af8800888192fbd4c8e0e417d1d181b4b335a6f52e0a7dae18397e81e3f747cab7be902ed903bdd6a622f178f9b4244718ee1206237257374d2fd1466ab6135ef7ef4a114ae170eafe9cd78cf9ffc36974cbc4b8003072bed78765a0b9f1240f24dec6a9e46db9bb498d40f727c0cbf8f4a6a49539bd0805caf65d80130d7fb60a69dc7ed890874a17530c042cf33a977d331435d68ef33885f638c777ad49564ca77d8b81ddd853a21cd55d95b627310dd633a4f005853a5506cd8f744c367f3cb6998b0fa97de6bb35b166b0c6408c4e0a38ed26235a88520c38ca97ac8a6dc81e6dc6483d383fa09f198997b8eea1c68c9e3320683c9a02dd89ddc34c241e7294ccc88d6b35762892e8746e558bfbc2251949f2ecb763dad5b975eaf36e2864be6a41d3e20514d32f5d4b6350dc7e3cc3a85428ea98efb3b1edc2a2ec1e618452949cc7e2ba1251990168fee342d4f304b7a7af9162bcbe6b09c75d7420d2c547b4e3cee1836df6eddd5dff73a4e308fcd8eaa7a33e6980a6f8ead03257a37d72d3b265d02fa42f57db877654ed513e31c35e1af0bd28511d6b57cfe07b27cbe9767a534b426dfc3dd257d5899444f34cbf4dc74b9eab2e7e3e1e1a8a6ac5e4359d653506b299a5b7c67b92dc462f1216655f952362a3387ad9966b606d98e8d1b544dc27dc6bc78fd18a446736e25c51143db9886b6c09812d5825b5d9e0932f218ff8bea4d9e1c4df9c9d4eb19336d48163a921c4ff1f0beef26b01b7e8c0d23fb59b84e229eaabb791f2cffc9aa4db75162cbfe4c9ae8d76a5b6bc4bff20e3f8f125b9aadb3e728d7f78d61fd55f46b7f59511b876e6563256686e44f25cf38d393a9b762bada272eba8df28e4086c4cd2fe3c9fab97756fb145373e6ca1991bb1ee6589e49c821ff29f047970819f88f724bd077cd3f0ae463d99b3e53078431e3f9bebabc5289a65479359efe3909186aac60a29f561de8c590988c913c9e693ab8106e8287f6565eee6735f7c88cad7124d1c8d9ff347e97912824088ee954de01c6d8a06447f06899607eadbfd078bc3df506252005749378dbd7399c9eca60b81dc0d88dedec31e5cf6e7b6d6d411958df8f9e0bf4443e8d3bdfe49d05f811d17088024d0629fc8ab8e05e309bf55e8e60d342623765f4e8d2dc4a90291cd4354ff9568c8170e6ea56e028bcf2719595253adb8c84050bb9ce4927a1c1f4560da87d109ceda90bbe45a1717763d8025f1ff40f157185ddf17079da272ae10c4f34162caf4b0d31221a57b3059fd449c87554d968a54b2eebd760dc3263c40d9eedf5905d5699d29706ea6e9e81ff2bf92489a06deffe7e978661f37a88450783e23f107c2bfce000dfc91c5fca49e46d9ea978f215a45984699f0d2503b30a741e13be56b7abe3e5663c0825c3cb04ead44ce97719c4ee6f4cdd3c452775ad7163d5c9034583cc2dbc2b0c04917a3e1aa3d0a8bb6fcf94d7922eb1d543c09185827aeb1b72ae7103ef2c014af2ff4b47fca40fb0e66ddf0264476d7a84e9b8dc551d4c407bdbac6757f7a25bd404b45bec1091696203cc438860131ad5f2fd80e3c45629864dd9f7d302b66fb8fb86735c9a6dcf8b135a273dd2ae9473bc905081be9fcb8f91b1ddba1ac692798dac0b9ccffe0319a779f5e10c65f294b22fe475283b023f9cd890e92c5447b1bc1528255c5af383bc1fb6e72cb9a67215a9e25cde63c89baa8c7125c7e8b748b728d07d9cb66778404f54e6a9e3ae1ae82f3d0ce77199f23f94a01b71b805b476fedbebeb52c83a1b857f23ba438c56a6c4c2a5909f721e6e3d240e4a16455e92220d13022ce7ec0b1365ba4e67aa6ecb324f8826579e12cebdfc0d8af63e83b5e5624d5b791f99093f9a27f7baea9fd10111209c0857a04f07408111063ef34026aee27a3d51b40e53883f9094402534bdd21cc49d7f5593e99cb204cd805bee4add0f82cf4b6dc5da14d6b79fbc68c9ccf7fb5fe774f8879e13079b024a8ad24bf123c420d630837a84ba05abf0ae4dc3fc04f25c7f74ff91d0d609c958642a48551e51b5c0074a56a7da10ce153b08cabea636f8489d8e7b655758a41d7f7474c9d76bf4d54d789bfceaffef139854065de6a94b0275a9626aab99ae838364b1a491e55017e4212b6b01f7a41bc9c215ecd17c49a8610db28c699259c58b81a0e84c45fd8e719c05c48501c49e8a6515044d247f58e4cd0bf22fd6ae31f45339d1f801196d426c52269b1aaffaf18e2a03760bb231cb7cefa6d72f1d7eb6a3bbd65d0914221b8fbf531dbd562eb4a1b28983ac7d83d4813b10b34c9525ba644f61a2c4800d4fe96a7bca63da1041ed73cc57fb9d42f9dfc8ca41d80292bbb311c89b0a0fcee1d88a025a7416863342aea00e6f049cb2ddebd17c5c617ff562a8af0c965cbe8341431a30ea239e4a62aa2b19757a3b0de04229a9907f8610c27b26591405845bf8b5b83706ed18d910c4f68777378366ff565617b19168a04560a32ce5ad64aaef9f4377118c4335b24826cdcde78fb4bdb11498553f56d8dfeb3a482c70cc6580c399b92339cbdb3464fcc7b00e9839fd0d2b8b6db90c56b33593a0048bf7983421f29b1285c81a239045b96a9b0cacd70d6d9853206471f06915efc8d3ec4c50fb13601abc73247a656066fd7b329159b3ce9e3302b4c0d6aec58cb0946a8ee8e7f55f1af604f1edb4d887fa6292dc0ce57705c1a25dc62650c127d11a364b397aefc2fcc3a164bdc53165a461b01de9180c1461b309c75af0911b4cc1b8aa05652b62119c87b4b235c573aa15b1516cddf61efd6a7f8c953fbaaee9c0e800e8f519e1494de850ddb976864088fe0cf90bbc54395078ea2501e8baa84d6807e184105bc2a140b663416496886422643bbf764d406af06e7d086678828defda0b648b25666b7b5ea29e927141740d5be0e61bf25d40b8404ffd3c67bb855b11d4faf82b7b8051615c101c3deb0601a0fa9ecd8b4a95082ccbc8222b0982802dd8430e653d6eea2786dc3a91397135faffdc65a5bae048f5c463b1a6648becce961d39d063d28d1ad6dafcea0b0878379adb16cc0d4cea572abeacd9a168a4fe2e338092b5bc93ecf02ac6ccda03e5b23adf511fdf7a79442093233b79c67d3fdd3c36c96a8f67aa79e4743d99cf963ae6161877f73656eb0314d889f4b8649bbce8a759f90eac6c006197b54b2bbac7c9b237f1e3dc099c62a65481960e6ad697fc66316ac084ba99c60f58bf44ff45f3b2006cbc4196a25f124dfaf247e863a855ef6070deb45219a922dcf2be9bd01c340e1ca5ed7c3ddac9f7a677c5d00610991d21e0751ac8044585b39f3fec5b672a11a9bce32196c2003d01ea50b0f0403e16df188ecbbb74f295f01398363ddfecdb63a49347c912c125670205d7b6be999688df85bb7d5ac12b62b4fdc4eadcc2a9a7897028404f697b007603a0ad588c772952d6670ee870771774ad157c0b9cccd4b2192d835606198ea0c65036ae4e406cdc539ff3aa81fa20b7ab58d6f3abdb69cc1f503d593f7025d2035e7f21db76336efc2843a0dc9bd2eb8794718134ee68fc57d4d2bcc18969d08177f442b87433b48540c661940cf9e2462c53efa310c7e47487deab2ae15b1978ef05aa1e14110943f649d82486f710a39854409e74edcaf06b4a92d3580b9cdabf83c6351657698d3d5af7514f382e75d1c912cded577258603fc9ed002e010747cddf7885d34afc9a84d82696c6660cb5ecafb68b564908fc49c4db6a187d037241a26b1141cf20f2e968a53366db0f60b79cd98cf3c897c50b7b9728e6e7100f99e4d5ed2428dbd285516ca6660777a39b4b2617c1be5b0232d60b9c8099f5daedbf190109439c40b46090985200d6c0501313f3fa4d244864575c275faca47aeff32c7b3e3c59392618562a7c2d4b3af85a37a8847f595352024cb63d3a9085c2a502c6a3248f43c5fc828e636cb634b2d393d853ae2dc9605985cf85c060860a90256c7b574c1e01c320687a2bb0b2d51cc2950c485f2ffa5db0ad7aaf753f543de7f86efb775c6bac2989a33757a28836fd27f9347229a0004bd2e546994c69c678fe5717f613f905d945c072004c3a80e0e54215e19ff9972521890d4e705e429f16fc35fe5a15f2e6b75cd719d38f76b087b62e4b5dcdb35f4baa2bab167150bafb6c69e260ca51004bc826d46b77c3f67eaa08497294868e6d91b7b867e4da62052f4f891677256cfbaf19cf32bad99a7da69d8a66537686f89a58d78c7eeaa99cd38009a1a32582bedc5c718e57b19cd405ae659a89909356a07fcef89384d160fa5ae6683cc379642aea4f0c915f72d679bd521399cb16112f2abdede3001400b4a64d2173e153a68631183679b56b8f389ba889784133453a7e892fd3b092f5040870a3cfd6f982990143e7c0882b4ff4c5d049192d36925a25ae4be441aa30dc7e74398b340c45b52c73ed3b0cd640e3cc9fd4be24e7355f386106f65895f1ee850b2a781d1d1d322ca5a3b0fdb78ce1eda048ece94af25437969c99c58c08f1446ca5541e03987a20fd75283e3e116dc4c9222ab7522e4ccf6da14aef49cac9a6a2cd4aba1c54d49e6da4179a66b84e384cd3da53908579b28c11d525ebdc4dc69074cef8a9ecd3aab98f2858769d656b46141c3a4e69a5ed6c0a732c9ec1fce080eaebf537fa5e17236a44ba9c931f555d193e475ffafd20c53ccbab607c1a15fd06742a64691205eb0d00f7f40e4dd8efb279cf09b2522aac0729a631aacb92d5cfa2ce6bb07385b981890b5916755d5cc3a51c8c36bd2987068cc24fcf73840895469bbb9aff1059601f771afedf0a48d5921103920515b27d7e607951982feba197df8c61600feb3622b9eea13a4db4068728cb98cca76cfae197f6258758490bf41673ee29acd91fd296ec863c646e0ca6a0f0e9de146c663ba13d962964d7c32804fd12a14c1ca7212ad48bdfab469c6570dca562220ecbe7b6b163ed4c9361c5c10bed5c92861b8786ada20a99245d282e4454187ec02adfe354e30647cb10661c85168f7958e3ce69ab48c9455214707a63c9b1167f0845a6bfcce2a96cd53eab430f13cd527f1666290719a47c517cfa22fec2e9916af8aa93c78e567993d7fb8ee60fc4b903b8c67a3658302c5e5f35250c30427e4c055b6c54705bc599861f80b7200d361965ff98c88cc698a2615cadeac4bdfd3d613377cea52d2bbcb7e6b78ac31d4b2c33eaf0b2ed40b963e3cb25c7dfea3ebfe7b4aff2aaaaf184dc80ab649a108e2c830ce7eaea58a263392aa9cd13d7f7bd607dc7c804b19dfa41b3e5a5155201a87311e22062c93896e70f3a5c4b03521300b61cc311ebd5beb9838d0ed207c6bfc99e4392508e95804b10b36024f32e1fe1138e9ee7773f797b2bc6be7416f4e9691ef4c2a8d06af6c8b84bd1e6fd1ba3d3183475ef6c139ccf8dcf37671fbb96a2ab5e0e042f7c4728cf30bcc1a0de28a5024276ceaa194b4926e7f6a97b78bac36e47f832d56a96cd266434d37bcf2c2f57877717d91b1854972f832354acc207a2ee8caace7504e0e6197dd7e64a01c4c67bb2de8acc0cccc6c6bff0b0cbfe345542c5a795dfa48cc0990ab5702574d36494bc44c20f5b324f7c984d986cc8cb40cb2550076d96a069b6688d22171beed2dc5b6ff3ede8fff4c4a9de6d3817357a7ca7d24d87300b4545ebbac8cf7f09ec637a4f4d6bd07673709b6c363a75ccef585610c5f15de7851b5ab53e02a757bfc3caeb9a9a8996beffdc0cfd1201b6cd99cb035584e51a6c15a5d2e17d2f8aa6b41e26809392fac6caed1e02a53dcea8a413203608780dab33315a76eba24d540e4c5b9790420834bc8d4e47bc65ae52a54c0ff308427a8d7aff746aa6589d17514e40fee5d0b3533cf4ad2c5f9d96db9f50bd69ed8c92b860e199a35cf268c66ed13516a3b4b024f62d4b2a656067eece95575bdb4907efc488a9821bc3a9c81dd11b2128b7a01aa7a9ce6e73de3b4e9beced70206f91575baddbcbe5722337953c8016a0f4b62120d776c43b7d1a879b692107954f45acdf8967dcaa994aad4922d4fe093e16c2d0090906f5036af99e50bb09b04e9c9b3b5085abf621297ce203010249cede92e9b66b446b86b43eaaae228dfdd3b4408c12b404bb727f7e969e7da04fc59900112bf8d38af0416dc616e75f167aa1352215f07115a6f4eb6bb5fff6f5c2fc9ab906392036b44090e65fdaf017dc53bc94e0807d679d793df18cc44e6c846d414cef1569530f7692daf91eaaf4ae89fe2522f2c9cf33b6ca508ebcd006bc1a61f0c800553aff9dc7d57200b25ecb83e1e0b8cd29520b63aa649d3f71a62570eee56e03223ddf31f0c04fa686b7f6dd054e7a259d9ba335c2c5b2c508897506c0db7f01878dec1411c33f0af61b81dbcf9ff8bdc0c50044963a79f3ee1462150c6bd03a32dbdfef8d72f0b8b3a395ffb0cc85792e7bc867feb5e312cb64e29e193388e9f173c162f4a1320a6f99ea3795fb77d982605959909a1aa11076fcc779ea6b80ec1bf0edfc2569ec04d15a0bdeebccf3c75393dca5e81663532f8ced12d08e4c2ae6e2954d427c7bf053dc4718f56f453bc88d74045bd2f9747aae9b5298a0de927f1d6b1308f4e1483487f083e71ed09298deb52bb10079b13def7453eb432498069edb5ade70c5c54913684d934a3febf78753ac13300a91f467ff3f6e2f00898f015d08f7739047b321b3eaee5ad8aa7adbf7833f014d8c576a491af9fca6843b327ed513821cb3951b2e67a275225d7af6b382e2f955adaacba5d1fdea2223202dee132b91d5cf381b51da94145255f584a70c5e8d11e06a44afa6599bf3ed0cb61703eba254333af53afac60e54cf6397f9f7302249ab644f0b576c713b15007be1f4f9bb213660bca8a70251472b86669d361ef968f542e81ddbe8f4d2e9cabe8d7bf6a31f14a2cc272963553a424c105e7750437ec5bf316e30ce60b4b0c27ccc1eb27e60f6472fef27654da49905ff9c01b28695310ecd8701aedff25a83da4b7c41995f902bdf249769dcb53a3efa894710dd66ba8745ae2253cc6b75a038183a0bee21226d48239320efad6727093e4f94bbc2fdcc216200d903c32bb9f16dd17d5dac423ae0696f3decc576b8f1fdce63d0532370af7d1e2fa2ca5c5d17bd88f5e3abb4792dac8689ca13752f83d753b06b037bf5a80a3748983790352775685b0414c9d74849fd217e388f904278ddb6b0abdda941b61579c796e2bb77a9bc363b18642c401faa502a31011544111b6eedaa369976c814773d83220a75f31026d6ad0b8b4298ea6062234db232bc435e096e84f740e55bb14d46ae04af0500aa5bb218aff6c76aa8a8e3140a1b0d6638538fd7f30fa8d992e53abf8af2fbc16b9e8a668c1aac72cea1a746ee5f7f3392a4ec8f1d19f2f426b6069b1cd347cbc38bceba96ce5da49198083403143c740c04639cd1089abb34fe812d85921c47437604f684bca44a1eaa965c0a6e1c1fd1f70ee932af3455b36184cc15934cdb3f28959d37d8fc10696f8ec1e4b0c3d1b9ff74a01b796d1bb68954a3768c8bcec741b3b69da892f8922142b16b2cabb469a9906b34216243fac80374c10e178c5fd36440f8d7a8588a9c2510d86ffa8cb68ce8c330d2111c94724e522f04573dad43bce252eb505d29ca9379a6b281519d38b7174f3ae8f185544f3003c936a7e6b23ca97a313aac6a061caa45fda73522f3061767bb4e33dbe4bde390eb0f07225a8aef939cb6ab2ada10c02527281abad394cd4ea9f59467a08b72047cdb75d7b2b98e5b4542554a60f953ac7a4b980f42518eec05ff2c044549cab0cf33eef36dfbabcbc0300009d898862d2194cfcdd9a713c30bbe52291105193656ea5eb830873ac956469d31689cc3c69edb5cb9a6e31ce3e6fb50ddd4e52ef9fdeacfc0db21e1e83e0d8d0a64f17cacb4dc208a893e7fd8ffa86cfc554dfba3d9fd281115eccb4b9d909f2fbf3fbb66bedd7b5db3f6d4f076f5d8fb54f8832896f8ef6f624162f1dd589be7a8e87dd5065708a8b0bfb18a5c2299f5605ac8a11c1add55b2018e6099380a70bee3e0727ca6ec58928fe6eb3147b47401e8d822eebade713b58335787669e5e0de5d328a1067df4cd9124665bb02ee8adfd1b3618374ef167df1f0fe79456f78aee3da4c1bf397e4637b0cf41a0f4a2910efd02b17bf5f3c15b0084b36fa7d4e85a53e5be366b428244eeba7499c3e54397227928e2ff6e583f332d6f7e8cf4d058f379b58a7d03a4bfa454bb4b6d543804b8970e6a9fe8886179eb418a8ce9e509e8433571f7d32378f2e983fa418c8c91760ec9fb20968e7fc23b7c4ac71693b2576ac0f8ce2020ff1e7a7ff24301b48b544fb29a1ca4f2502daded865e488a16dd33ec67b2eee3025cdc5ef90f253c4b5e0a61d51e495b675c5a1d55b4ba3812c5f44cd08487e61d36b0c2dc32d27333a5ee8a0906bfbcd388bd9389d1509912c0471c7b706a5aff880569a3fb11ac5f14d780deb4c1b1afe30fb6b8daf87b27a4ceb869d587a97f2f5af8d819aa47bbf207db68a6ecbbefb1e109ed0bfbbf3b54fba9e79de8fad9c3bcd3e74b8b92ccea3ff5c558c6cd72d78a711fc39df603bd4aa1439dd302258edd2204e52d7f435c6f552b612fbc321bea971195cd4d8bb033e2a779e239164d7eea6d8fd233b0b9b776246564cfcf44b31a83031a2413bf98a398c9f93da243cef9ce73d81bade8ad551fb0ffa75bc874c11d23ac9d7752f22a0f54c3870f3314a83e64332db810da1ebb288e10c4eb9be9ec037317b8f813e68160a887da3f5c0389510a0734b69ef275e19973b169d340610cf2112e9964cc0566b9b690c3feb36c8526491d3a563f0bead2abbcf0665e048aa3f929351b2f89876580633a403250ae3b5244c8c0e996bf888938dfc8920348d88e272e6eadc7c0387ca1dae228bd620ce3975d43b58758d9412d304a227245587065f58c4573ba2557f1d8333ba007709b1239d682f03405b22135757178fb701bbde81d2f8faaa7666c025d8a8bb426dc4b8e61aed79b3b3d3a9b01ee9142772d869677ede166e7a8be8ab84cdd6946b1478ce77ba307213971cfb24c86c344310f279e38d22254bf4caf83c02e715cb0550e615dc9f8dd2400fa749e3527493c15fb454c158e4c0603ae6e962b7890058ec7c10f0618ee274a15bca6ca9fe5bc5f9e7797c0950299912be9c58463c07d667d4bffe8aa590ae43db08512b40f3d265026bef2facdd508984e5f6d2ac7ef573397f14ed2e2ccdcbe5796e60ae64d173814906d1da5a5bfe8a2a4c5d6bb0b3315b878b4877d0c045f6e6cfa0dfc1ea4de7abe26f2b2d8c93299ed1d83f1b7853c756bfa346cd53b008fec169883983fe0f2405777dd85e17b2e4e8b23432c0dc4c386d67b6597184d0b4b95877362304638484cc0951400f66ee8391dd44417c58b3d46a8345a8049fcd70f7b5f4a6f912e2b18760947c74ef2b732b342878d7e7cc99902de87db36469555fbbfe76189f108d6ab31f4727fe4e22d075afaf6cc726ab17a5e1b4ab6c8f29a459da3c4266b5ad8ff55906a190f8b19a3bb92a50df49647c03d5d6106ec07e9300038d059a75b54ac31683ef8e5eee946e1c84d016ee1e7800a92c0a3823b62e0417fe86b191951f65abc0c38c1e0e8f1121a04b62a8a720790560f922804b1b7e7eaa497e1bede6e3d0dcf0312dbf221561958fa1e85a8f99e6fc82f919e78c17d1beda16cfef25fb5d00f7c32df9a51eac76000c988ffdf011564aa0e319764b16a5a7c728a470ff70772fb76c9ada26a0ac073fcbfa12501c2454b19e02d928e3939a40bfff76c002533b3849cdf8016728445131e5f1e292b7d3dc06bb3a3cfff6fabae0b7341694a8938c1d2497cd70b76c337c9a312e96c8f736d7625a535e1906eba53d199221ca60202a65be0f7e530aca10e61fa39c7601d65954e5ed4cab94345c6b89c7f8a0de5c61a7945e1564731b6715331d13263b2961a163382f7c4934d847033860e402f3aadb4f3e6cf47a97a2031401da4d2c8de8c80cdad71b97b4deb2075a02282f958ac6772354e67f097ca693778224b80892490015e7d697fb9107f75cea708178ffec93fb1d44e8493bad1d42c918e661219ea819e0200759037a5a585c0fe074fd407536fe58013f42612c41bfc66e16870d7a9c00ee93a3122b253fecbf5de3837641f4a1376af0f053463413c26c29f9a346318565276856b963da30ba6ab8c4c8ef6cfddc432328586d9d9829895835759bcde0851ae0c838a3927ea63fe5ba793fae94da61cab00fc05f3a265a2da1221bb2b66775ed7ba856b41011652d4984991e56249360ddfc997245ac1547a1c16382d42df383a8d1c852643b24895c422712e79c436fdfffece4ed1c50922d4f25296aaf6b204522086d188bee254f8303b60537ead1195ac5dd301286f0042dd68aa05a70e4beb779aa0b61a316f736b72c9ab7ed860a0908a078f4b8a53f2df0abf993f689de4b02b9138ca5047fb0bfc9ba3b92bff033e36fc9553260b008cef3d147c62d1d3944fd1eaff79bc5a922ec2190907bfda1b51c2c7fb867db1f8e13a37b5e3ae0165e93350b958a239ec1f2b78561cff854b975307b5b5dd23b040602a5a36bd79947ee04c7d0e5e30f9c4c79f7b4e6eada98bfc6c357cdf8939213423f1b21ba26cfc2b2756ea3eb992372db0ab8a7c37d8ae96bf3ed6be873c1891550ef741812032e1ae938326c399ee43a3061602dda006f1b6b620bebb6a5752bee77e8acf9921ebf4d4c8af7eb5e937c65697c0664c594e31a62377a25605051996c474ca322ce8e0e6ef8a7988be", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="7801000000"], 0x0, 0x0, 0x0}) getdents64(r2, 0x0, 0x0) 11.203411425s ago: executing program 2 (id=111): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x9100, &(0x7f0000000140)={0x6, 0x8a, 0x40000}, 0x37) 9.387313478s ago: executing program 2 (id=113): setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f00000002c0)=[@timestamp, @sack_perm, @timestamp], 0x3) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0x713, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000011, 0x6, 0xa, 0x4, 0xd99d}}]}]}}}]}, 0x70}}, 0x0) sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c288a8", 0x36, 0x830, &(0x7f0000000440)={0x11, 0x8100, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14) 9.274846827s ago: executing program 4 (id=115): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xe}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 9.199970582s ago: executing program 0 (id=117): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f", 0x9}], 0x1}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x94, 0x0, 0x0, 0x0, 0x12, 0x0, 0x63, 0x0, &(0x7f00000000c0)='\x00', 0x0}, 0x48) 9.065814787s ago: executing program 1 (id=118): ioctl$USBDEVFS_RELEASE_PORT(0xffffffffffffffff, 0x8008550e, &(0x7f0000001680)=0x7) 9.016213135s ago: executing program 0 (id=119): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x7fffefff) 8.956632802s ago: executing program 4 (id=120): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf5c5d000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0xa, 0x1ff, 0x8, 0x41}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r4}, 0x38) 8.840300106s ago: executing program 1 (id=122): r0 = syz_open_dev$usbfs(0x0, 0x76, 0x101301) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000240), 0x8080, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 8.651552659s ago: executing program 3 (id=123): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x9100, &(0x7f0000000140)={0x6, 0x8a, 0x40000}, 0x37) 8.572817751s ago: executing program 1 (id=124): futex(0xffffffffffffffff, 0x80, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x21, 0x2, 0x10000000000002) r1 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="480000001000370429bd7000fcdbdf2500000000", @ANYBLOB="890c020008010500280012800a000100767863616e000000180002801400010000", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x20008000}, 0x20000000) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000380)=@req={0x34ae, 0x2, 0x6, 0x7d}, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', 0x0}) bind$packet(r2, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x6, 0x6, @remote}, 0x14) socket$nl_rdma(0x10, 0x3, 0x14) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="d12800000514210625ffffe200080003"], 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x4040084) sendmmsg$sock(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0x1000000}], 0x1, 0x40500f0) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f00000001c0)={@multicast2, @multicast1, 0x2, "4f6fb4d1af0f724e6118ecd4ac1100843af297baebb0efcdf5a284da144a011a", 0xcbc}, 0x3c) setsockopt$MRT_DEL_MFC_PROXY(r5, 0x0, 0xd3, &(0x7f0000000100)={@multicast2, @multicast1, 0x1002, "c6c0e6ec8755b5dc4e305886d95f086707764f8d0e5a0358ea21274f844a69e9", 0x9, 0x203, 0x489c, 0x1}, 0x3c) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000002940), 0xf000, 0x10002, 0x0) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x303}, "b0ea666cf7cdaf2f", "56f764dae51720b3f6bd432010cdbf7df2e509f22f44d8f01ea2beaf8abafe04", "165e7a15", "3bc8f9f76697f315"}, 0x38) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x33, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYRES64=r5, @ANYRESOCT=r5, @ANYRES64=r0, @ANYRESOCT=r5, @ANYRES8=r5, @ANYRESHEX=0x0, @ANYRES32=r5, @ANYRES8=r0, @ANYRES8=r0, @ANYRES64=0x0], 0x94}, 0x1, 0x0, 0x0, 0x20008004}, 0x2004c0d4) socket$netlink(0x10, 0x3, 0xc) r6 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x4e23, 0x100002, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e5b, 0x80000000, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x5}, 0x1c) setsockopt$inet6_opts(r6, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="3704010800000000ff010000000000000000000000000001fc0000feffffff00000000e1ff000001"], 0x28) 7.211305079s ago: executing program 0 (id=125): unshare(0x2c020400) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x0}, 0x20) 5.876301309s ago: executing program 3 (id=126): r0 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='io\x00') pread64(r1, &(0x7f0000000140)=""/15, 0xf, 0x2) 5.760775976s ago: executing program 0 (id=127): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) open$dir(&(0x7f0000002180)='./file0\x00', 0x440, 0x70) r1 = open(&(0x7f0000000040)='./bus\x00', 0x42142, 0x80) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r3, &(0x7f0000004200)='t', 0x1) sendfile(r3, r2, 0x0, 0x7fffffff) sendfile(r1, r1, 0x0, 0x1000000201005) 5.499034507s ago: executing program 4 (id=128): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmget(0x1, 0x4000, 0xa20, &(0x7f0000ffb000/0x4000)=nil) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000000)={0x0, 0x834, 0x1, [0x2, 0x8, 0x0, 0x6, 0xf], [0x109, 0x81, 0x0, 0x0, 0x6, 0x3, 0x81, 0xe4, 0x5f1, 0xff, 0x3, 0x1, 0xffffffff, 0x6, 0x4, 0xffffffff, 0x9, 0x4, 0x7, 0x7, 0x6, 0x6, 0x2, 0xe15, 0xad, 0xfffffffffffffffe, 0x6, 0xcdd7, 0x2, 0x7, 0x0, 0x3ff, 0x1, 0x9, 0x7, 0x80000000, 0x8, 0x6, 0x4d1f, 0x9, 0xfffffffffffffff0, 0x0, 0x1000000000000000, 0x5c, 0x6, 0x3ff, 0xa, 0x0, 0x4, 0xffffffffffffffff, 0x8, 0x2, 0x6, 0x1, 0x5, 0x80, 0x0, 0x9, 0x3ff, 0x8, 0x7fffffff, 0x8, 0x0, 0x9, 0x2, 0x1, 0x3147, 0x79c, 0x9, 0x4, 0xa18, 0x1, 0x6, 0x8, 0x1, 0x9, 0x4, 0x0, 0xfffffffffffffffa, 0xbf0b72b, 0x18, 0x4, 0x93f8, 0xffff, 0x800, 0xa06a, 0x2, 0x0, 0x461e, 0xb05, 0x3, 0x1, 0x4, 0x7, 0xfffffffffffffff8, 0x8, 0x2, 0xfffffffffffffff7, 0x6, 0x4, 0x0, 0x1, 0x22f, 0x6, 0x3, 0x0, 0x800, 0xfffffffffffffff6, 0x800000000, 0xf42b, 0x75, 0x3, 0x9, 0x1, 0xf0, 0x6, 0x8001, 0x7, 0x6, 0x8, 0xaf]}) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r4, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) accept(r4, &(0x7f0000000280)=@can, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r3}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xe, 0x16, &(0x7f0000000e00)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000087000003d0301000000000095000000000000006926000000000000bf67000000000000150a00000fff07003506000043fe0000160600000ee60000bf050000000000001f620000000000006507000000000000460700004c0000000f72000000000000bf5400000000000007040000f0fff8ffad420100000000009500000000"], &(0x7f0000000040)='syzkaller\x00', 0xb, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sk_skb=0x26}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) socket(0x10, 0x803, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x8001, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4, 0xfffffffffffffffe}, 0x4) 5.125633892s ago: executing program 1 (id=129): semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0) 4.877464036s ago: executing program 1 (id=130): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xe}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 4.858361976s ago: executing program 2 (id=131): r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1}, 0x6e) symlink(0x0, &(0x7f0000000000)='./file0\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$xdp(0x2c, 0x3, 0x0) inotify_init() ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r0, 0x0) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000140)={0x3a, 'syz1', 0x3a, 'E', 0x3a, 0xf6000000, 0x3a, 'usr:7jquota=', 0x3a, '', 0x3a, './file2'}, 0x33) socket$unix(0x1, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x60242, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000b40)=0xc) r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, 0x0, 0x0) 4.462052168s ago: executing program 0 (id=132): r0 = socket(0x1e, 0x5, 0x0) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e27, @multicast2}, 0xd) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x200}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) 3.638329581s ago: executing program 1 (id=133): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r2, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CAP_HYPERV_SYNIC(r3, 0x4068aea3, &(0x7f00000000c0)) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x28, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x9, 0x0, 0x58, 0x7, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0xfff, 0x2, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x3, 0x7, 0x44, 0x8, 0x5, 0x49, 0x4, 0xbdb], 0x4000, 0x1c4213}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x404080, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 3.55621609s ago: executing program 2 (id=134): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) write$sndseq(r1, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x20, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {0xfd}, {}, @connect}], 0x8c) 2.842738808s ago: executing program 3 (id=135): syz_emit_ethernet(0x66, &(0x7f0000000080)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00', 0x30, 0x3a, 0xff, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x504, {0x6, 0x6, ':yE', 0x2, 0x3a, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @remote}}}}}}}, 0x0) 2.699308871s ago: executing program 2 (id=136): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x9100, &(0x7f0000000140)={0x6, 0x8a, 0x40000}, 0x37) 2.614699298s ago: executing program 3 (id=137): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') lseek(r4, 0x4000000000004, 0x2) bind$inet(r3, 0x0, 0x0) r5 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r5, r5, r5}, &(0x7f0000000100)=""/72, 0x48, &(0x7f0000000340)={&(0x7f0000000080)={'sha512\x00'}}) r6 = openat$adsp1(0xffffffffffffff9c, 0x0, 0xa8201, 0x0) write$dsp(r6, 0x0, 0x0) close(0x3) 1.562124917s ago: executing program 2 (id=138): bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r0 = socket$vsock_stream(0x28, 0x1, 0x0) listen(r0, 0x5) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) readv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000000)=""/183, 0xb7}], 0x1) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, &(0x7f0000000100)=[{&(0x7f0000000440)="5800000014001923060000000000000010ff000000000069d6e580dfee0000004e32f61bcdf1e422676b001000000100800000000000001000aadc28dad12c0d03cf77ce8196c2b228742e6faa000000c60000000000", 0x56}], 0x1) 1.236070305s ago: executing program 0 (id=139): futex(0xffffffffffffffff, 0x80, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x21, 0x2, 0x10000000000002) r1 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="480000001000370429bd7000fcdbdf2500000000", @ANYBLOB, @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x20008000}, 0x20000000) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000380)=@req={0x34ae, 0x2, 0x6, 0x7d}, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', 0x0}) bind$packet(r2, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x6, 0x6, @remote}, 0x14) socket$nl_rdma(0x10, 0x3, 0x14) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="d12800000514210625ffffe200080003"], 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x4040084) sendmmsg$sock(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0x1000000}], 0x1, 0x40500f0) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f00000001c0)={@multicast2, @multicast1, 0x2, "4f6fb4d1af0f724e6118ecd4ac1100843af297baebb0efcdf5a284da144a011a", 0xcbc}, 0x3c) setsockopt$MRT_DEL_MFC_PROXY(r5, 0x0, 0xd3, &(0x7f0000000100)={@multicast2, @multicast1, 0x1002, "c6c0e6ec8755b5dc4e305886d95f086707764f8d0e5a0358ea21274f844a69e9", 0x9, 0x203, 0x489c, 0x1}, 0x3c) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000002940), 0xf000, 0x10002, 0x0) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x303}, "b0ea666cf7cdaf2f", "56f764dae51720b3f6bd432010cdbf7df2e509f22f44d8f01ea2beaf8abafe04", "165e7a15", "3bc8f9f76697f315"}, 0x38) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x33, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYRES64=r5, @ANYRESOCT=r5, @ANYRES64=r0, @ANYRESOCT=r5, @ANYRES8=r5, @ANYRESHEX=0x0, @ANYRES32=r5, @ANYRES8=r0, @ANYRES8=r0, @ANYRES64=0x0], 0x94}, 0x1, 0x0, 0x0, 0x20008004}, 0x2004c0d4) socket$netlink(0x10, 0x3, 0xc) r6 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x4e23, 0x100002, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e5b, 0x80000000, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x5}, 0x1c) setsockopt$inet6_opts(r6, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="3704010800000000ff010000000000000000000000000001fc0000feffffff00000000e1ff000001"], 0x28) 271.547949ms ago: executing program 3 (id=140): semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0) 0s ago: executing program 3 (id=141): setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f00000002c0)=[@timestamp, @sack_perm, @timestamp], 0x3) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="0100000001000000"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0x713, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000011, 0x6, 0xa, 0x4, 0xd99d}}]}]}}}]}, 0x70}}, 0x0) sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c288a8", 0x36, 0x830, &(0x7f0000000440)={0x11, 0x8100, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.18' (ED25519) to the list of known hosts. [ 70.726625][ T5586] cgroup: Unknown subsys name 'net' [ 70.986661][ T5586] cgroup: Unknown subsys name 'cpuset' [ 71.042305][ T5586] cgroup: Unknown subsys name 'rlimit' [ 71.293778][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.293862][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 Setting up swapspace version 1, size = 127995904 bytes [ 72.748373][ T5586] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.109729][ T5604] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.111111][ T5604] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.156703][ T5616] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.164996][ T5616] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.192730][ T5616] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.207875][ T5616] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.209659][ T5616] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.210373][ T5616] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.211515][ T5616] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.213780][ T5616] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.222187][ T5618] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.237508][ T5616] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.240162][ T5616] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.244693][ T5619] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.247145][ T5619] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.247272][ T5621] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.248235][ T5621] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.248443][ T5621] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.249664][ T5621] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.253199][ T5616] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.262452][ T5616] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.267698][ T5616] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.320253][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 75.324808][ T5613] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.327209][ T5613] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.284127][ T59] Bluetooth: hci3: command tx timeout [ 77.362283][ T59] Bluetooth: hci2: command tx timeout [ 77.442304][ T59] Bluetooth: hci4: command tx timeout [ 77.442329][ T5604] Bluetooth: hci0: command tx timeout [ 77.442525][ T5613] Bluetooth: hci1: command tx timeout [ 77.638430][ T5600] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.638520][ T5600] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.638616][ T5600] bridge_slave_0: entered allmulticast mode [ 77.640677][ T5600] bridge_slave_0: entered promiscuous mode [ 77.669071][ T5601] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.669183][ T5601] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.669320][ T5601] bridge_slave_0: entered allmulticast mode [ 77.671141][ T5601] bridge_slave_0: entered promiscuous mode [ 77.711045][ T5600] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.711146][ T5600] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.711517][ T5600] bridge_slave_1: entered allmulticast mode [ 77.714229][ T5600] bridge_slave_1: entered promiscuous mode [ 77.715740][ T5598] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.715855][ T5598] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.716279][ T5598] bridge_slave_0: entered allmulticast mode [ 77.718536][ T5598] bridge_slave_0: entered promiscuous mode [ 77.724734][ T5601] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.724840][ T5601] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.724972][ T5601] bridge_slave_1: entered allmulticast mode [ 77.728806][ T5601] bridge_slave_1: entered promiscuous mode [ 77.748376][ T5599] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.748489][ T5599] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.748618][ T5599] bridge_slave_0: entered allmulticast mode [ 77.752657][ T5599] bridge_slave_0: entered promiscuous mode [ 77.779728][ T5598] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.779835][ T5598] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.780262][ T5598] bridge_slave_1: entered allmulticast mode [ 77.785208][ T5598] bridge_slave_1: entered promiscuous mode [ 77.806840][ T5602] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.806958][ T5602] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.807106][ T5602] bridge_slave_0: entered allmulticast mode [ 77.809706][ T5602] bridge_slave_0: entered promiscuous mode [ 77.813561][ T5599] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.813680][ T5599] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.813817][ T5599] bridge_slave_1: entered allmulticast mode [ 77.816534][ T5599] bridge_slave_1: entered promiscuous mode [ 77.879415][ T5602] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.879530][ T5602] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.879959][ T5602] bridge_slave_1: entered allmulticast mode [ 77.884261][ T5602] bridge_slave_1: entered promiscuous mode [ 77.916529][ T5600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.938215][ T5601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.965735][ T5600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.968031][ T5598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.970190][ T5601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.995766][ T5599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.015200][ T5598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.031352][ T5602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.037679][ T5599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.266569][ T5602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.284345][ T5600] team0: Port device team_slave_0 added [ 78.302574][ T5601] team0: Port device team_slave_0 added [ 78.333005][ T5600] team0: Port device team_slave_1 added [ 78.334632][ T5598] team0: Port device team_slave_0 added [ 78.336581][ T5601] team0: Port device team_slave_1 added [ 78.354057][ T5599] team0: Port device team_slave_0 added [ 78.372613][ T5598] team0: Port device team_slave_1 added [ 78.387022][ T5602] team0: Port device team_slave_0 added [ 78.390505][ T5599] team0: Port device team_slave_1 added [ 78.428036][ T5602] team0: Port device team_slave_1 added [ 78.441587][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.441596][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.441612][ T5600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.466103][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.466116][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.466138][ T5601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.503890][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.503903][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.503926][ T5600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.506944][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.506956][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.506978][ T5598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.509646][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.509658][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.509680][ T5601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.532152][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.532163][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.532183][ T5599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.549961][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.549973][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.549995][ T5598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.564104][ T5602] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.564116][ T5602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.564138][ T5602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.565257][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.565268][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.565290][ T5599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.589526][ T5602] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.589539][ T5602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.589561][ T5602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.752416][ T5600] hsr_slave_0: entered promiscuous mode [ 78.753755][ T5600] hsr_slave_1: entered promiscuous mode [ 78.800326][ T5601] hsr_slave_0: entered promiscuous mode [ 78.801489][ T5601] hsr_slave_1: entered promiscuous mode [ 78.803112][ T5601] debugfs: 'hsr0' already exists in 'hsr' [ 78.803206][ T5601] Cannot create hsr debugfs directory [ 78.834593][ T5598] hsr_slave_0: entered promiscuous mode [ 78.835727][ T5598] hsr_slave_1: entered promiscuous mode [ 78.836530][ T5598] debugfs: 'hsr0' already exists in 'hsr' [ 78.836550][ T5598] Cannot create hsr debugfs directory [ 78.870740][ T5599] hsr_slave_0: entered promiscuous mode [ 78.873457][ T5599] hsr_slave_1: entered promiscuous mode [ 78.874224][ T5599] debugfs: 'hsr0' already exists in 'hsr' [ 78.874243][ T5599] Cannot create hsr debugfs directory [ 78.908358][ T5602] hsr_slave_0: entered promiscuous mode [ 78.909863][ T5602] hsr_slave_1: entered promiscuous mode [ 78.913388][ T5602] debugfs: 'hsr0' already exists in 'hsr' [ 78.913408][ T5602] Cannot create hsr debugfs directory [ 79.362924][ T5613] Bluetooth: hci3: command tx timeout [ 79.442703][ T5613] Bluetooth: hci2: command tx timeout [ 79.522008][ T5613] Bluetooth: hci1: command tx timeout [ 79.522038][ T5613] Bluetooth: hci0: command tx timeout [ 79.523397][ T5604] Bluetooth: hci4: command tx timeout [ 79.998366][ T5600] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.031190][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.045665][ T5600] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.097877][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.100572][ T5600] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.125032][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.140582][ T5600] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.165448][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.271526][ T5599] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 80.319440][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.331035][ T5599] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 80.357329][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.359049][ T5599] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 80.385587][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.411691][ T5599] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 80.445871][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.573964][ T5601] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.619228][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.629883][ T5601] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.664353][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.681777][ T5601] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.721218][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.731955][ T5601] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.755426][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.870261][ T5602] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.900219][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.907699][ T5602] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.945739][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.954792][ T5602] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.975958][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.000468][ T5602] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.036791][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.090098][ T5600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.178543][ T5598] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.218110][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.230309][ T5598] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.255224][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.270345][ T5598] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.297811][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.303273][ T5598] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.337968][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.348619][ T5600] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.381227][ T5599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.410613][ T3657] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.411817][ T3657] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.444012][ T5604] Bluetooth: hci3: command tx timeout [ 81.451711][ T3657] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.470145][ T3657] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.523917][ T5604] Bluetooth: hci2: command tx timeout [ 81.549947][ T5599] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.568301][ T1244] cfg80211: failed to load regulatory.db [ 81.602132][ T5613] Bluetooth: hci0: command tx timeout [ 81.602158][ T5613] Bluetooth: hci1: command tx timeout [ 81.602271][ T5604] Bluetooth: hci4: command tx timeout [ 81.680700][ T83] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.680893][ T83] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.727719][ T5601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.758900][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.759056][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.925836][ T5601] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.970594][ T1028] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.970787][ T1028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.992797][ T5602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.042486][ T3657] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.042849][ T3657] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.131140][ T5602] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.173185][ T3409] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.173347][ T3409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.179963][ T5598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.234631][ T3409] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.234701][ T3409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.353317][ T5598] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.421177][ T1028] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.432343][ T1028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.526801][ T1125] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.528479][ T1125] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.000661][ T5600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.275951][ T5600] veth0_vlan: entered promiscuous mode [ 83.343888][ T5600] veth1_vlan: entered promiscuous mode [ 83.435435][ T5599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.524406][ T59] Bluetooth: hci3: command tx timeout [ 83.556996][ T5601] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.557888][ T5600] veth0_macvtap: entered promiscuous mode [ 83.580140][ T5600] veth1_macvtap: entered promiscuous mode [ 83.602553][ T59] Bluetooth: hci2: command tx timeout [ 83.682011][ T59] Bluetooth: hci4: command tx timeout [ 83.682037][ T59] Bluetooth: hci1: command tx timeout [ 83.682056][ T59] Bluetooth: hci0: command tx timeout [ 83.814541][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.855778][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.910503][ T319] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.966602][ T3409] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.968625][ T3409] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.997239][ T3409] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.116391][ T5601] veth0_vlan: entered promiscuous mode [ 84.195201][ T5602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.336693][ T5601] veth1_vlan: entered promiscuous mode [ 84.388676][ T5598] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.525653][ T3657] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.525675][ T3657] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.566903][ T5599] veth0_vlan: entered promiscuous mode [ 84.620997][ T5601] veth0_macvtap: entered promiscuous mode [ 84.637278][ T5599] veth1_vlan: entered promiscuous mode [ 84.638302][ T5602] veth0_vlan: entered promiscuous mode [ 84.658740][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.658756][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.670578][ T5601] veth1_macvtap: entered promiscuous mode [ 84.735250][ T5602] veth1_vlan: entered promiscuous mode [ 84.739740][ T5598] veth0_vlan: entered promiscuous mode [ 84.772984][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.793688][ T5598] veth1_vlan: entered promiscuous mode [ 84.843224][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.915835][ T4337] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.917375][ T5599] veth0_macvtap: entered promiscuous mode [ 84.920383][ T4337] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.945368][ T4337] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.951043][ T4337] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.954203][ T5599] veth1_macvtap: entered promiscuous mode [ 84.993588][ T5602] veth0_macvtap: entered promiscuous mode [ 85.049813][ T5602] veth1_macvtap: entered promiscuous mode [ 85.223558][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.319234][ T5598] veth0_macvtap: entered promiscuous mode [ 85.343573][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.516594][ T5598] veth1_macvtap: entered promiscuous mode [ 85.540129][ T5602] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.569834][ T319] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.583593][ T3657] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.583608][ T3657] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.586967][ T319] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.611083][ T5602] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.619834][ T319] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.635454][ T319] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.749633][ T319] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.801665][ T319] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.825189][ T319] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.831097][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.847222][ T319] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.938935][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.938954][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.953529][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.386336][ T319] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.410656][ T319] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.416947][ T319] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.570249][ T319] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.900705][ T1028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.900724][ T1028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.331873][ T5812] Zero length message leads to an empty skb [ 87.889673][ T319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.889693][ T319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.427386][ T3657] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.427404][ T3657] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.586331][ T1028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.586349][ T1028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.830823][ T3409] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.830843][ T3409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.831138][ T3409] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.831151][ T3409] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.300655][ T5604] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 95.300829][ T5604] CPU: 0 UID: 0 PID: 5604 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 95.300856][ T5604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 95.300869][ T5604] Workqueue: hci1 hci_rx_work [ 95.300919][ T5604] Call Trace: [ 95.300927][ T5604] [ 95.300936][ T5604] dump_stack_lvl+0xe8/0x150 [ 95.300965][ T5604] sysfs_create_dir_ns+0x271/0x2a0 [ 95.300997][ T5604] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 95.301020][ T5604] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 95.301055][ T5604] ? rt_spin_unlock+0x160/0x200 [ 95.301078][ T5604] kobject_add_internal+0x631/0xd10 [ 95.301118][ T5604] kobject_add+0x163/0x240 [ 95.301153][ T5604] ? __pfx_kobject_add+0x10/0x10 [ 95.301191][ T5604] ? get_device_parent+0x370/0x3a0 [ 95.301219][ T5604] device_add+0x408/0xbb0 [ 95.301251][ T5604] hci_conn_add_sysfs+0xd5/0x210 [ 95.301280][ T5604] le_conn_complete_evt+0x10e6/0x16b0 [ 95.301322][ T5604] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 95.301355][ T5604] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 95.301382][ T5604] ? lockdep_hardirqs_on+0x7a/0x110 [ 95.301410][ T5604] ? skb_pull_data+0xfb/0x200 [ 95.301445][ T5604] hci_le_conn_complete_evt+0x187/0x470 [ 95.301484][ T5604] hci_event_packet+0x659/0xef0 [ 95.301517][ T5604] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 95.301538][ T5604] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 95.301565][ T5604] ? __pfx_hci_event_packet+0x10/0x10 [ 95.301590][ T5604] ? rt_spin_unlock+0x14f/0x200 [ 95.301622][ T5604] ? hci_send_to_monitor+0xe2/0x590 [ 95.301645][ T5604] hci_rx_work+0x3ee/0x1040 [ 95.301678][ T5604] ? process_scheduled_works+0xa70/0x1860 [ 95.301702][ T5604] process_scheduled_works+0xb5d/0x1860 [ 95.301757][ T5604] ? __pfx_process_scheduled_works+0x10/0x10 [ 95.301787][ T5604] ? assign_work+0x3d5/0x5e0 [ 95.301815][ T5604] worker_thread+0xa53/0xfc0 [ 95.301862][ T5604] kthread+0x388/0x470 [ 95.301890][ T5604] ? __pfx_worker_thread+0x10/0x10 [ 95.301919][ T5604] ? __pfx_kthread+0x10/0x10 [ 95.301947][ T5604] ret_from_fork+0x514/0xb70 [ 95.301974][ T5604] ? __pfx_ret_from_fork+0x10/0x10 [ 95.301996][ T5604] ? __switch_to+0xc79/0x1410 [ 95.302031][ T5604] ? __pfx_kthread+0x10/0x10 [ 95.302060][ T5604] ret_from_fork_asm+0x1a/0x30 [ 95.302102][ T5604] [ 95.305281][ T5604] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 95.305322][ T5604] Bluetooth: hci1: failed to register connection device [ 95.538296][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 95.924041][ T5886] syz.3.31 (5886) used greatest stack depth: 19144 bytes left [ 95.958114][ T5892] binder: 5891:5892 ioctl c0306201 0 returned -14 [ 96.283694][ T5899] ======================================================= [ 96.283694][ T5899] WARNING: The mand mount option has been deprecated and [ 96.283694][ T5899] and is ignored by this kernel. Remove the mand [ 96.283694][ T5899] option from the mount to silence this warning. [ 96.283694][ T5899] ======================================================= [ 98.220363][ T36] audit: type=1326 audit(1778948260.521:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5908 comm="syz.3.38" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4084f3ce59 code=0x7ffc0000 [ 98.240528][ T36] audit: type=1326 audit(1778948260.531:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5908 comm="syz.3.38" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4084f3ce59 code=0x7ffc0000 [ 98.251041][ T36] audit: type=1326 audit(1778948260.531:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5908 comm="syz.3.38" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f4084f3ce59 code=0x7ffc0000 [ 98.251361][ T36] audit: type=1326 audit(1778948260.531:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5908 comm="syz.3.38" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4084f3ce59 code=0x7ffc0000 [ 98.251592][ T36] audit: type=1326 audit(1778948260.541:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5908 comm="syz.3.38" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4084f3ce59 code=0x7ffc0000 [ 98.751860][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.404719][ T5927] netlink: 24 bytes leftover after parsing attributes in process `syz.4.43'. [ 99.563655][ T36] audit: type=1804 audit(1778948261.881:7): pid=5931 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.44" name="bus" dev="ramfs" ino=9244 res=1 errno=0 [ 99.587703][ T36] audit: type=1804 audit(1778948261.951:8): pid=5928 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.44" name="bus" dev="ramfs" ino=9244 res=1 errno=0 [ 99.617704][ T5933] binder: 5932:5933 ioctl c0306201 0 returned -14 [ 101.763435][ T59] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 101.764065][ T59] Bluetooth: hci1: Injecting HCI hardware error event [ 101.840175][ T5961] netlink: 24 bytes leftover after parsing attributes in process `syz.0.56'. [ 101.843250][ T59] Bluetooth: hci1: command 0x0406 tx timeout [ 101.843702][ T5604] Bluetooth: hci1: hardware error 0x00 [ 101.918170][ T5962] binder: 5959:5962 ioctl c0306201 0 returned -14 [ 102.722175][ T5614] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 103.560899][ T5614] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.560944][ T5614] usb 1-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 103.560966][ T5614] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.630305][ T31] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 103.738148][ T5992] netlink: 28 bytes leftover after parsing attributes in process `syz.3.69'. [ 103.786018][ T31] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 103.786043][ T31] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 103.786065][ T31] usb 5-1: config 0 has no interface number 0 [ 103.786109][ T31] usb 5-1: config 0 interface 145 altsetting 29 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 103.786135][ T31] usb 5-1: config 0 interface 145 has no altsetting 0 [ 103.848146][ T31] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 103.848173][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.848192][ T31] usb 5-1: Product: syz [ 103.848206][ T31] usb 5-1: Manufacturer: syz [ 103.848220][ T31] usb 5-1: SerialNumber: syz [ 103.952595][ T31] usb 5-1: config 0 descriptor?? [ 103.954235][ T5614] usb 1-1: config 0 descriptor?? [ 104.060026][ T5999] fuse: Bad value for 'fd' [ 104.243487][ T5604] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 104.244384][ T5969] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.376291][ T5614] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 106.043900][ T5834] usb 1-1: USB disconnect, device number 2 [ 106.152026][ T6035] netlink: 28 bytes leftover after parsing attributes in process `syz.1.83'. [ 106.186758][ T31] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 106.190602][ T31] gspca_sunplus: reg_r err -71 [ 106.190706][ T31] sunplus 5-1:0.145: probe with driver sunplus failed with error -71 [ 106.320356][ T31] usb 5-1: USB disconnect, device number 2 [ 107.576178][ T6057] bridge0: port 3(gretap0) entered blocking state [ 107.578233][ T6057] bridge0: port 3(gretap0) entered disabled state [ 107.593896][ T6057] gretap0: entered allmulticast mode [ 107.650947][ T6057] gretap0: entered promiscuous mode [ 107.660327][ T6057] bridge0: port 3(gretap0) entered blocking state [ 107.660470][ T6057] bridge0: port 3(gretap0) entered forwarding state [ 108.929744][ T6060] gretap0: left allmulticast mode [ 108.929776][ T6060] gretap0: left promiscuous mode [ 108.949107][ T6060] bridge0: port 3(gretap0) entered disabled state [ 110.371982][ T31] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 110.392067][ T5606] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 110.445208][ T6086] netlink: 28 bytes leftover after parsing attributes in process `syz.1.101'. [ 111.553497][ T5606] usb 5-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 111.553523][ T5606] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 111.553543][ T5606] usb 5-1: config 0 has no interface number 0 [ 111.553593][ T5606] usb 5-1: config 0 interface 145 altsetting 29 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 111.553619][ T5606] usb 5-1: config 0 interface 145 has no altsetting 0 [ 112.008437][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.008466][ T31] usb 3-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 112.008478][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.067928][ T5606] usb 5-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 112.067963][ T5606] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.067982][ T5606] usb 5-1: Product: syz [ 112.067995][ T5606] usb 5-1: Manufacturer: syz [ 112.068009][ T5606] usb 5-1: SerialNumber: syz [ 112.289552][ T31] usb 3-1: config 0 descriptor?? [ 112.290061][ T5606] usb 5-1: config 0 descriptor?? [ 112.290622][ T31] usb 3-1: can't set config #0, error -71 [ 112.315832][ T5606] usb 5-1: can't set config #0, error -71 [ 112.348142][ T31] usb 3-1: USB disconnect, device number 2 [ 112.349797][ T5606] usb 5-1: USB disconnect, device number 3 [ 112.772384][ T6118] 9p: Bad value for 'rfdno' [ 113.201865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.221869][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.231857][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.241870][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.251880][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.861854][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.881862][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.891854][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.901853][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.307667][ T6148] 9p: Bad value for 'rfdno' [ 118.255943][ T6161] netlink: 4 bytes leftover after parsing attributes in process `syz.1.124'. [ 123.679225][ T6201] netlink: 40 bytes leftover after parsing attributes in process `syz.0.139'. [ 124.320775][ T5604] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 124.320840][ T5604] CPU: 0 UID: 0 PID: 5604 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 124.320867][ T5604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 124.320882][ T5604] Workqueue: hci2 hci_rx_work [ 124.320928][ T5604] Call Trace: [ 124.320936][ T5604] [ 124.320945][ T5604] dump_stack_lvl+0xe8/0x150 [ 124.320973][ T5604] sysfs_create_dir_ns+0x271/0x2a0 [ 124.321006][ T5604] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 124.321032][ T5604] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 124.321071][ T5604] ? rt_spin_unlock+0x160/0x200 [ 124.321095][ T5604] kobject_add_internal+0x631/0xd10 [ 124.321136][ T5604] kobject_add+0x163/0x240 [ 124.321172][ T5604] ? __pfx_kobject_add+0x10/0x10 [ 124.321209][ T5604] ? get_device_parent+0x370/0x3a0 [ 124.321238][ T5604] device_add+0x408/0xbb0 [ 124.321265][ T5604] hci_conn_add_sysfs+0xd5/0x210 [ 124.321295][ T5604] le_conn_complete_evt+0x10e6/0x16b0 [ 124.321337][ T5604] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 124.321368][ T5604] ? irqentry_exit+0x218/0x760 [ 124.321393][ T5604] ? rcu_is_watching+0x15/0xb0 [ 124.321429][ T5604] ? skb_pull_data+0xfb/0x200 [ 124.321464][ [ 124.321464][ T5604] hci_le_conn_complete_evt+0x187/0x470 [ 124.321503][ T5604] hci_event_packet+0x659/0xef0 [ 124.321536][ T5604] ? __pfx____migrate_enable+0x10/0x10 [ 124.321561][ T5604] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 124.321589][ T5604] ? __pfx_hci_event_packet+0x10/0x10 [ 124.321615][ T5604] ? preempt_schedule_common+0x82/0xd0 [ 124.321641][ T5604] ? preempt_schedule_thunk+0x16/0x30 [ 124.321677][ T5604] ? hci_send_to_monitor+0xe2/0x590 [ 124.321701][ T5604] hci_rx_work+0x3ee/0x1040 [ 124.321735][ T5604] ? preempt_schedule_thunk+0x16/0x30 [ 124.321768][ T5604] ? process_scheduled_works+0xa70/0x1860 [ 124.321794][ T5604] process_scheduled_works+0xb5d/0x1860 [ 124.321846][ T5604] ? __pfx_process_scheduled_works+0x10/0x10 [ 124.321875][ T5604] ? assign_work+0x3d5/0x5e0 [ 124.321903][ T5604] worker_thread+0xa53/0xfc0 [ 124.321955][ T5604] kthread+0x388/0x470 [ 124.321983][ T5604] ? __pfx_worker_thread+0x10/0x10 [ 124.322004][ T5604] ? __pfx_kthread+0x10/0x10 [ 124.322033][ T5604] ret_from_fork+0x514/0xb70 [ 124.322060][ T5604] ? __pfx_ret_from_fork+0x10/0x10 [ 124.322083][ T5604] ? __switch_to+0xc79/0x1410 [ 124.322118][ T5604] ? __pfx_kthread+0x10/0x10 [ 124.322146][ T5604] ret_from_fork_asm+0x1a/0x30 [ 124.322190][ T5604] [ 124.322716][ T5604] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 124.322995][ T5604] Bluetooth: hci2: failed to register connection device [ 124.601239][ T5604] ================================================================== [ 124.601255][ T5604] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x208/0x2f0 [ 124.601290][ T5604] Read of size 8 at addr ffff8880404607b0 by task kworker/u9:2/5604 [ 124.601308][ T5604] [ 124.601320][ T5604] CPU: 0 UID: 0 PID: 5604 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 124.601344][ T5604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 124.601358][ T5604] Workqueue: hci2 hci_rx_work [ 124.601385][ T5604] Call Trace: [ 124.601394][ T5604] [ 124.601403][ T5604] dump_stack_lvl+0xe8/0x150 [ 124.601430][ T5604] print_address_description+0x55/0x1e0 [ 124.601455][ T5604] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 124.601480][ T5604] print_report+0x58/0x70 [ 124.601501][ T5604] kasan_report+0x117/0x150 [ 124.601526][ T5604] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 124.601556][ T5604] l2cap_sock_new_connection_cb+0x208/0x2f0 [ 124.601583][ T5604] l2cap_connect_cfm+0x368/0x1560 [ 124.601609][ T5604] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 124.601630][ T5604] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 124.601658][ T5604] ? lockdep_hardirqs_on+0x7a/0x110 [ 124.601683][ T5604] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 124.601709][ T5604] ? mutex_lock_nested+0x152/0x1d0 [ 124.601729][ T5604] ? hci_connect_cfm+0x2c/0x140 [ 124.601757][ T5604] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 124.601779][ T5604] hci_connect_cfm+0x95/0x140 [ 124.601813][ T5604] le_conn_complete_evt+0x1134/0x16b0 [ 124.601850][ T5604] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 124.601881][ T5604] ? irqentry_exit+0x218/0x760 [ 124.601906][ T5604] ? rcu_is_watching+0x15/0xb0 [ 124.601947][ T5604] ? skb_pull_data+0xfb/0x200 [ 124.601980][ T5604] hci_le_conn_complete_evt+0x187/0x470 [ 124.602014][ T5604] hci_event_packet+0x659/0xef0 [ 124.602043][ T5604] ? __pfx____migrate_enable+0x10/0x10 [ 124.602068][ T5604] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 124.602096][ T5604] ? __pfx_hci_event_packet+0x10/0x10 [ 124.602121][ T5604] ? preempt_schedule_common+0x82/0xd0 [ 124.602146][ T5604] ? preempt_schedule_thunk+0x16/0x30 [ 124.602178][ T5604] ? hci_send_to_monitor+0xe2/0x590 [ 124.602200][ T5604] hci_rx_work+0x3ee/0x1040 [ 124.602226][ T5604] ? preempt_schedule_thunk+0x16/0x30 [ 124.602257][ T5604] ? process_scheduled_works+0xa70/0x1860 [ 124.602281][ T5604] process_scheduled_works+0xb5d/0x1860 [ 124.602321][ T5604] ? __pfx_process_scheduled_works+0x10/0x10 [ 124.602347][ T5604] ? assign_work+0x3d5/0x5e0 [ 124.602370][ T5604] worker_thread+0xa53/0xfc0 [ 124.602409][ T5604] kthread+0x388/0x470 [ 124.602435][ T5604] ? __pfx_worker_thread+0x10/0x10 [ 124.602456][ T5604] ? __pfx_kthread+0x10/0x10 [ 124.602483][ T5604] ret_from_fork+0x514/0xb70 [ 124.602508][ T5604] ? __pfx_ret_from_fork+0x10/0x10 [ 124.602530][ T5604] ? __switch_to+0xc79/0x1410 [ 124.602562][ T5604] ? __pfx_kthread+0x10/0x10 [ 124.602589][ T5604] ret_from_fork_asm+0x1a/0x30 [ 124.602625][ T5604] [ 124.602632][ T5604] [ 124.602642][ T5604] Allocated by task 5604: [ 124.602651][ T5604] kasan_save_track+0x3e/0x80 [ 124.602669][ T5604] __kasan_kmalloc+0x93/0xb0 [ 124.602688][ T5604] __kmalloc_noprof+0x3e7/0x7b0 [ 124.602709][ T5604] sk_prot_alloc+0xe7/0x210 [ 124.602731][ T5604] sk_alloc+0x3a/0x390 [ 124.602753][ T5604] bt_sock_alloc+0x3b/0x310 [ 124.602777][ T5604] l2cap_sock_new_connection_cb+0xf1/0x2f0 [ 124.602799][ T5604] l2cap_connect_cfm+0x368/0x1560 [ 124.602817][ T5604] hci_connect_cfm+0x95/0x140 [ 124.602843][ T5604] le_conn_complete_evt+0x1134/0x16b0 [ 124.602872][ T5604] hci_le_conn_complete_evt+0x187/0x470 [ 124.602898][ T5604] hci_event_packet+0x659/0xef0 [ 124.602925][ T5604] hci_rx_work+0x3ee/0x1040 [ 124.602946][ T5604] process_scheduled_works+0xb5d/0x1860 [ 124.602965][ T5604] worker_thread+0xa53/0xfc0 [ 124.602984][ T5604] kthread+0x388/0x470 [ 124.603008][ T5604] ret_from_fork+0x514/0xb70 [ 124.603027][ T5604] ret_from_fork_asm+0x1a/0x30 [ 124.603049][ T5604] [ 124.603053][ T5604] Freed by task 6209: [ 124.603062][ T5604] kasan_save_track+0x3e/0x80 [ 124.603079][ T5604] kasan_save_free_info+0x46/0x50 [ 124.603104][ T5604] __kasan_slab_free+0x5c/0x80 [ 124.603122][ T5604] kfree+0x1c5/0x6c0 [ 124.603138][ T5604] __sk_destruct+0x74b/0x9d0 [ 124.603161][ T5604] l2cap_sock_cleanup_listen+0xe0/0x440 [ 124.603181][ T5604] l2cap_sock_release+0x6e/0x270 [ 124.603200][ T5604] sock_close+0xc3/0x240 [ 124.603227][ T5604] __fput+0x461/0xa70 [ 124.603254][ T5604] task_work_run+0x1d9/0x270 [ 124.603280][ T5604] get_signal+0x11eb/0x1330 [ 124.603297][ T5604] arch_do_signal_or_restart+0xbc/0x840 [ 124.603326][ T5604] exit_to_user_mode_loop+0x8c/0x4d0 [ 124.603349][ T5604] do_syscall_64+0x33e/0xf80 [ 124.603373][ T5604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.603393][ T5604] [ 124.603397][ T5604] The buggy address belongs to the object at ffff888040460000 [ 124.603397][ T5604] which belongs to the cache kmalloc-2k of size 2048 [ 124.603415][ T5604] The buggy address is located 1968 bytes inside of [ 124.603415][ T5604] freed 2048-byte region [ffff888040460000, ffff888040460800) [ 124.603435][ T5604] [ 124.603441][ T5604] The buggy address belongs to the physical page: [ 124.603459][ T5604] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888040463000 pfn:0x40460 [ 124.603480][ T5604] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 124.603497][ T5604] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 124.603522][ T5604] page_type: f5(slab) [ 124.603541][ T5604] raw: 0080000000000240 ffff88801a011000 ffff88801a00bc88 ffffea0000aa4410 [ 124.603559][ T5604] raw: ffff888040463000 0000000800080005 00000000f5000000 0000000000000000 [ 124.603579][ T5604] head: 0080000000000240 ffff88801a011000 ffff88801a00bc88 ffffea0000aa4410 [ 124.603597][ T5604] head: ffff888040463000 0000000800080005 00000000f5000000 0000000000000000 [ 124.603615][ T5604] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 124.603633][ T5604] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 124.603643][ T5604] page dumped because: kasan: bad access detected [ 124.603658][ T5604] page_owner tracks the page as allocated [ 124.603665][ T5604] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5714, tgid 5714 (kworker/0:5), ts 81192638611, free_ts 51275070278 [ 124.603701][ T5604] post_alloc_hook+0x231/0x280 [ 124.603721][ T5604] get_page_from_freelist+0x27c8/0x2840 [ 124.603746][ T5604] __alloc_frozen_pages_noprof+0x18d/0x380 [ 124.603770][ T5604] allocate_slab+0x77/0x660 [ 124.603795][ T5604] refill_objects+0x33c/0x3d0 [ 124.603820][ T5604] __pcs_replace_empty_main+0x373/0x720 [ 124.603847][ T5604] __kmalloc_noprof+0x530/0x7b0 [ 124.603867][ T5604] ___neigh_create+0x722/0x2350 [ 124.603884][ T5604] ip6_finish_output2+0x729/0x1430 [ 124.603919][ T5604] ip6_output+0x340/0x550 [ 124.603942][ T5604] NF_HOOK+0x177/0x4f0 [ 124.603966][ T5604] mld_sendpack+0x8b4/0xe40 [ 124.603990][ T5604] mld_ifc_work+0x835/0xe70 [ 124.604012][ T5604] process_scheduled_works+0xb5d/0x1860 [ 124.604031][ T5604] worker_thread+0xa53/0xfc0 [ 124.604051][ T5604] kthread+0x388/0x470 [ 124.604075][ T5604] page last free pid 5260 tgid 5260 stack trace: [ 124.604086][ T5604] __free_frozen_pages+0xfa6/0x10f0 [ 124.604106][ T5604] __slab_free+0x252/0x2a0 [ 124.604126][ T5604] qlist_free_all+0x99/0x100 [ 124.604142][ T5604] kasan_quarantine_reduce+0x148/0x160 [ 124.604159][ T5604] __kasan_slab_alloc+0x22/0x80 [ 124.604178][ T5604] kmem_cache_alloc_node_noprof+0x22a/0x6e0 [ 124.604198][ T5604] __alloc_skb+0x1d0/0x7d0 [ 124.604218][ T5604] alloc_skb_with_frags+0xc8/0x760 [ 124.604241][ T5604] sock_alloc_send_pskb+0x884/0x9a0 [ 124.604266][ T5604] unix_stream_sendmsg+0x4c4/0xe80 [ 124.604288][ T5604] sock_write_iter+0x4a1/0x4f0 [ 124.604314][ T5604] do_iter_readv_writev+0x62b/0x8d0 [ 124.604336][ T5604] vfs_writev+0x345/0x9a0 [ 124.604361][ T5604] do_writev+0x15a/0x2e0 [ 124.604386][ T5604] do_syscall_64+0x15f/0xf80 [ 124.604409][ T5604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.604429][ T5604] [ 124.604433][ T5604] Memory state around the buggy address: [ 124.604444][ T5604] ffff888040460680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.604458][ T5604] ffff888040460700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.604471][ T5604] >ffff888040460780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.604481][ T5604] ^ [ 124.604493][ T5604] ffff888040460800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 124.604506][ T5604] ffff888040460880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 124.604516][ T5604] ================================================================== [ 124.604571][ T5604] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 124.604587][ T5604] CPU: 0 UID: 0 PID: 5604 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 124.604611][ T5604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 124.604624][ T5604] Workqueue: hci2 hci_rx_work [ 124.604648][ T5604] Call Trace: [ 124.604656][ T5604] [ 124.604663][ T5604] vpanic+0x56c/0xa60 [ 124.604691][ T5604] ? __pfx_vpanic+0x10/0x10 [ 124.604715][ T5604] ? __pfx___schedule+0x10/0x10 [ 124.604742][ T5604] panic+0xc5/0xd0 [ 124.604766][ T5604] ? __pfx_panic+0x10/0x10 [ 124.604792][ T5604] ? preempt_schedule_common+0x82/0xd0 [ 124.604820][ T5604] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 124.604844][ T5604] check_panic_on_warn+0x89/0xb0 [ 124.604873][ T5604] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 124.604897][ T5604] end_report+0x73/0x170 [ 124.604925][ T5604] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 124.604948][ T5604] kasan_report+0x128/0x150 [ 124.604972][ T5604] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 124.605000][ T5604] l2cap_sock_new_connection_cb+0x208/0x2f0 [ 124.605026][ T5604] l2cap_connect_cfm+0x368/0x1560 [ 124.605051][ T5604] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 124.605071][ T5604] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 124.605098][ T5604] ? lockdep_hardirqs_on+0x7a/0x110 [ 124.605123][ T5604] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 124.605149][ T5604] ? mutex_lock_nested+0x152/0x1d0 [ 124.605169][ T5604] ? hci_connect_cfm+0x2c/0x140 [ 124.605197][ T5604] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 124.605217][ T5604] hci_connect_cfm+0x95/0x140 [ 124.605246][ T5604] le_conn_complete_evt+0x1134/0x16b0 [ 124.605282][ T5604] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 124.605311][ T5604] ? irqentry_exit+0x218/0x760 [ 124.605336][ T5604] ? rcu_is_watching+0x15/0xb0 [ 124.605367][ T5604] ? skb_pull_data+0xfb/0x200 [ 124.605399][ T5604] hci_le_conn_complete_evt+0x187/0x470 [ 124.605431][ T5604] hci_event_packet+0x659/0xef0 [ 124.605458][ T5604] ? __pfx____migrate_enable+0x10/0x10 [ 124.605483][ T5604] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 124.605510][ T5604] ? __pfx_hci_event_packet+0x10/0x10 [ 124.605535][ T5604] ? preempt_schedule_common+0x82/0xd0 [ 124.605559][ T5604] ? preempt_schedule_thunk+0x16/0x30 [ 124.605590][ T5604] ? hci_send_to_monitor+0xe2/0x590 [ 124.605612][ T5604] hci_rx_work+0x3ee/0x1040 [ 124.605637][ T5604] ? preempt_schedule_thunk+0x16/0x30 [ 124.605666][ T5604] ? process_scheduled_works+0xa70/0x1860 [ 124.605689][ T5604] process_scheduled_works+0xb5d/0x1860 [ 124.605723][ T5604] ? __pfx_process_scheduled_works+0x10/0x10 [ 124.605748][ T5604] ? assign_work+0x3d5/0x5e0 [ 124.605770][ T5604] worker_thread+0xa53/0xfc0 [ 124.605805][ T5604] kthread+0x388/0x470 [ 124.605831][ T5604] ? __pfx_worker_thread+0x10/0x10 [ 124.605852][ T5604] ? __pfx_kthread+0x10/0x10 [ 124.605878][ T5604] ret_from_fork+0x514/0xb70 [ 124.605902][ T5604] ? __pfx_ret_from_fork+0x10/0x10 [ 124.605929][ T5604] ? __switch_to+0xc79/0x1410 [ 124.605960][ T5604] ? __pfx_kthread+0x10/0x10 [ 124.605987][ T5604] ret_from_fork_asm+0x1a/0x30 [ 124.606019][ T5604] [ 124.606616][ T5604] Kernel Offset: disabled