last executing test programs: 18.947257327s ago: executing program 0 (id=1): socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) fchown(0xffffffffffffffff, 0x0, 0xee01) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) io_uring_enter(0xffffffffffffffff, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40) openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x103881, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) socket$kcm(0x10, 0x2, 0x4) 17.410804505s ago: executing program 0 (id=9): syz_io_uring_setup(0x3ec3, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$vim2m(0x0, 0x0, 0x2) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) socket$netlink(0x10, 0x3, 0x0) r2 = socket$key(0xf, 0x3, 0x2) r3 = gettid() ptrace$getregset(0x4204, r3, 0x6, &(0x7f0000000500)={&(0x7f00000003c0)=""/148, 0x94}) sendmsg$key(r2, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) r4 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x88003, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c) 12.567806844s ago: executing program 0 (id=11): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) dup2(r0, r0) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$DRM_IOCTL_MODE_MAP_DUMB(0xffffffffffffffff, 0xc01064b3, &(0x7f0000003100)) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) 12.302138795s ago: executing program 1 (id=12): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x108}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) syz_io_uring_setup(0x867, &(0x7f0000000140)={0x0, 0x9164, 0x1000, 0x1, 0x359}, &(0x7f00000002c0), &(0x7f0000ff4000), &(0x7f0000000000)) close_range(r0, r0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) 12.185433215s ago: executing program 2 (id=13): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r2 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffbffff, {0x0, 0x0, 0x0, r1, {0x0, 0x8}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0xc, 0x3, 0x108}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40001}, 0x10) 11.867312547s ago: executing program 4 (id=14): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'wrr\x00', 0x17, 0x81, 0x5}, {@multicast1, 0x4e23, 0x3, 0x1cb, 0x12d5c, 0x12d5c}}, 0x44) r3 = syz_io_uring_setup(0xf00, &(0x7f0000000380)={0x0, 0x1e58, 0x13000, 0x0, 0x2ff}, &(0x7f0000000100), &(0x7f00000001c0), &(0x7f0000000000)) r4 = eventfd2(0x10001, 0x80000) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f0000000040)=r4, 0x1) io_uring_enter(r3, 0x1, 0x71a3, 0x1, 0x0, 0x0) 11.406409281s ago: executing program 3 (id=4): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x2000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) dup(0xffffffffffffffff) r2 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000700)={r2}, 0x4) getpriority(0x0, 0xffffffffffffffff) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'bridge0\x00'}) sendmsg$nl_route(r4, 0x0, 0x4008800) sendmmsg$inet6(r3, 0x0, 0x0, 0x4400c800) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fcntl$dupfd(r5, 0x0, r5) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, 0x0) 10.097614419s ago: executing program 4 (id=15): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0) landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0) r3 = fsopen(&(0x7f00000002c0)='pvfs2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) 9.910202301s ago: executing program 2 (id=16): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000010bd287100000000000001090224000100000000090401000103000000092102000001220500090581"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000100)={0x20, 0x2, 0x6, {0x6, 0xd, "375074c4"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 9.651046883s ago: executing program 1 (id=17): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x4, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x4e24, @private=0xa010102}, 0x10, 0x0, 0x0, &(0x7f0000001dc0)=[@rdma_args={0x48, 0x114, 0x1, {{0x5, 0xf}, {0x0}, &(0x7f0000001a00)=[{0x0}], 0x1, 0x24, 0x5}}], 0x48, 0x40000}, 0x0) 9.639405386s ago: executing program 3 (id=18): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeeb, 0x8031, 0xffffffffffffffff, 0x6ae4b000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40800) ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f0000000700)={{0xffffffffffffffff, 0x2, 0x8, 0x1, 0x1}, 0x4, 0xfffffffe, 'id1\x00', 'timer1\x00', 0x0, 0x0, 0x7, 0x2, 0x3}) fsopen(&(0x7f0000000180)='proc\x00', 0x1) 9.047606577s ago: executing program 4 (id=19): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) listen(0xffffffffffffffff, 0xff) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, 0x0, 0x4008015) shmat(0x0, &(0x7f0000001000/0x3000)=nil, 0xc000) r2 = syz_open_procfs(0x0, &(0x7f0000002440)='net/ipv6_route\x00') preadv(r2, &(0x7f0000000180)=[{&(0x7f00000001c0)=""/183, 0xb7}], 0x1, 0x5fae, 0x4) 7.430508721s ago: executing program 3 (id=20): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x470, 0x1d8, 0xffffffff, 0xffffffff, 0x1d8, 0xffffffff, 0x460, 0xffffffff, 0xffffffff, 0x460, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'amanda\x00'}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0xe, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4d0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x200, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xd1ba1095880c105e, 0xfff2}, {0x1, 0x5}, {0x44e9f4f6f6d4d2eb, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000080}, 0x44042) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2}) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x3, 0xc, @loopback, 0x9}, 0x1c) sendmmsg$unix(r2, &(0x7f0000007b80), 0x0, 0x2000c080) bind$alg(r0, 0x0, 0x0) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) socket$nl_generic(0x10, 0x3, 0x10) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000440)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r4, 0x0, &(0x7f0000605000/0x3000)=nil, 0x3000, 0x1}) ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, &(0x7f0000000040)={0xc, r4}) ioctl$IOMMU_VFIO_SET_IOMMU(r3, 0x3b66, 0x1) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r3, 0x3b72, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000020"]) 7.371970396s ago: executing program 1 (id=21): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) close(r0) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2, 0x2, {0x1, 0x1, 0x4}, 0xfd}, 0x18) sendto$inet6(r0, &(0x7f0000000300)="1300cc29", 0x4, 0x4040885, 0x0, 0x0) 6.136683005s ago: executing program 4 (id=22): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, 0x0, 0x4048000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x482, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}) syz_fuse_handle_req(r4, &(0x7f00000021c0)="f7a1cad85cc10eea68fdee41cb0874a0bc6d6cb8b6057ce44708f94f251ad561c33ae4b4a5f3548734ab9d7a8f0f1e7dab1c009bda16940720a287d6fbae8389d584199d01a5f037880765144e99727c2bd7f71b6c5591ea76b7f830fa095a5650607e2f1f1fda77712e885173a67397b349c144c88c0519aaa4c1189526eaa1cac9e42596dd989eddb0fd744b1cc24fd210f1fef0f26866313c0bb644112a0593d3196eeab83427bd2bc48d942f16d1452c8482e0d21fd4ce2978986a9345690947d8daf5f11a727b861f0ff115b01f75c7039b1ab28c4b0b4a50f4a5d3cb50b37cc3772a5d70ace52960d2efb673478ec7667dec75e7cf65a205e66dff9ce66569871bcb9295787c664e78f2a4ad2f2293ae10d59ed51c5d689e049aaba21bbe594364ea773bd8bdd3c1f3a80436cb1e3ad4ae4f7d9f8da4c29e2b8dcc6127ecaf2c0ff40d1311a9cff6b0c0c505e0529426082d612bd255541d87def043ec0d5f1d18d43f5814ec8b0ec0bb87e6280cc989fef119af77cb5b881f993e5142c3fef6f11a331848b112365907118ee817098c189c42caa11ede0843a9391e94b0b2a0f5002a1a6cf95bfcc558a82290494af5a80fe8d69f061f5635d9d7ebc74c2347c4bd125850a1bf2593c56702131b52d813f9d8767808c3740f6736a6d2dd95a2140bf383c38bf6aa167048ea562a2da7797b0e5e7265f87c8809ed3b37a312f3e6609bb4cfc70d05e628f152e4e0f5d26e281fe22c97b3d48d24f1068d8160383d9003011896989b21533021afd08f74b3d4e9c8b200ee3dda9dc48c66229dff67b37afefcfd9e68686bf3c7ea83aa531756fc28c5b191685c89dbf3fc811d6c83c93b4b94d04395e88f5291ff597a18d41e5024a01ce5da33da91e9a963f07e2ff146a0e42268d6182eb7bcfd5fc49ad007ae3a39ea39e931078a9b646c30a68dbe8d7952a983f257dc1bb6496ba8ce0c4a91149124f18cf6ceb3ff72f0c87915c7e95f47cd8f70cadc4d6e9f100d681051c32c02f563d8bbbaaf09ccdcff776ff1917653290637c02b2a8678e2cf9492077359b4ff97adee279a4e7d2a449b9232b0361c9d2a8611b81fbe80642894d3b9807082f83fa66f7a6d5a5b2bb8cfc76042915eb3b7c2c6a3d4107c5484fc53ef1d4f0c62e68d41f41e81d52b93069f104595aedc61c02d90100c1b2e891aebdc9a4a639f0384d66807d92c540ac61ea9eb75a52bff095a01370b15902f2d42229f57a9fc6e483094316d4f599cde024c5929e274ded88338115c07e4389fcead91d445a6c19463e58fdea8ad8cd38ede1bbfe409e1eaa9f70c6aedf99338d4efe95fcfa6c70bd0471f08c3a989c1a24ca3a5011c32b2487eb5dc0b3c7ac76b2e76612ba355ae09092e90329e07fe82436a0bde152bbddfcc499720d5691813b2bc3395313149e0f94abe372b82c494bc22e05210fb5c06974a2a98c71fecab7a094f3c3bf45f5fe8a3e70ba4abed52e611d111421ed36bd77c8076ad04ccc89fd6ba9a2227c62afd49a6ee12f799074772e0db030dfdfd89de75ab03d30d81ad6fb7faa758e9c91acc48b02e21707b87906a1171a4eaacc7baecba212679ee3d8c180c58ff8c2d4b07c58c76c96cbe4623b8ee41988f9b60b6e03ddece50b3ec150c29d0b2b87548c5777fa4e39f5349ab8dd2e30e29ff56ac7a615300a3298b07e07175713e7385ea09ec0b651702103b7d2f123cb09a23d91f623ec15ddff27044c2e6f7668cd9675f3ffbbaa9b9b2cf5a8494796eddc1c52beff638d806307ea3f617fe5dc46a68ad04517cf7d6a02b0edd19248825fcaf932adff98f0f25d1b374449df22bba96bc1b604134b495da501cccacbe3cad5743f8180cbb3e151313c6751ad98e1ae0495d762473be591629e3a059e7f25483c289bda68aa07ba027e072b1fc2497d85ba0f09e654032e48c54242d69a1e9d94dacd8c3f529fcf71363511714641a22151773f0edd930cfebcbc41ac530015c841910721c5cdc95301bd5ced984bae18c0cd1e56e61f881c3e98b91df488654e1a608bfce7bed930f2cd668e5920730d8ce6c191f4c1500ac0c707fcc3faa90ff991b39a839a168e47a9e5b6d45cc902879ff1dc4a9391b53b8a0bf7a9e9d356e43779b89564a8614014528dc536d9f6ed97bcac7b722f062acd802a854d1d555a7978951e6c000fab5a524f4d04505733db3a19bdcb3cbd2cf37f6e571e096a1f99527ac632bf605f3727ab6c76a3d89e1ff178ffea921f129f233faa6d7b1011fc78f38257a8dac5b15e93ae13c12baed0c823b47c35bf337dccfb7936ec27023bfdc4ae0498121c849848d5245d0e4f158c515dc3acd0956812482ebe19b99c31b3fb98db0eb690df38b45c279a84b9611aa7a64cfbc713428d2cc6362308d8fdfdf671cd0b07c6b41745afa14cf040fc7783a560c58a580d1c014ad4cf3eafaf5e6075dd82e0d040cfdac17476f1c766288f7ee5d595626122ef7cdfbacce07484fd0b0bf4645236a5835c26415b4132617eed202d759f8106f2733ffe700c2d91ff452be0261d81d16752d3fdac1610dae8c61213e300df255be17a96467b1ff11818e4df78eb9c69d83bed93fd69db43ee05e32857a996de057778d962d7f19d81dbf7c4c1809274ff7650e85b5529cbe66d951896ac57f9e0f3790d03d9ae79c926118766038d4cffb72292bddd064f491dfba999eed7407c03aa988c9fcfe13042bef4e947f715bb29ccb2af80fe88ffe12a4d9cf0966db7e99463c32083d9b4bf504f69de3e524f7633bbed07d2e452099005d05a198ab1544d3617bddd2bda2374d1fbbf698e5252ecf610b5deae2bf382cc4fad21fd22dae74cc892de97fe5d3848d742cf5ecb2b1af88b8a0edb6b0c932822fd0b54aa1bc1745bbbcd2f592dc6611042f60f5012f64d8b66ddbf96b09536b0fd257e9561fbe3f74dd9ab5e72ec906b8ce685f9a8aa8d2de66cec3babaaaa0b02f79413c21f348824e383d952ae54787bfc24a34c416fb6fa849e08f3fb0dff9f00bcfa4c93b642c4ddceda526d94b3f0fe9746e543d040ef03b8378452deb46972fb940db08ca2472f81158bcd5bf8d11672bcf2b773269c9138d12ae4ce17786b26b028a4ecc4ac09e20b579a05035e4f3a1bcbbac012a3e8b78e20e51f82e79b39db76625abe2905a7825691b21254e2526fd5b15b752d3a3e799dd0457753d1b1bd106c96825269da36f702396d1ee5d6495a757bf629bd763e3b490f5c19dffc14f14e23c18988054d28179aeed71450f44b58b1c5483350d4b9f340b91d5ef224ed2ab53e3564438616f1cd004019e8fdbb5d66591a44487202ccbfc5f2d963777d926b69f747901f0c41a88ae04a136a85ba965270f97023e40972eea7e33ac17bd49c83d334e4212b7160781fde3a4fcc539fb684ec76409593165a88b18b9a5b60d01bd12c53dbba50d35b2771a1bdf67d8b1d86f8b424f59fbf1bfa25cc2a5b283a1314d8ffa64eb9fd5aad1110f041fe67f04f906020b15b48302d94c8ce99c11db1dd9fb85b1300249ae0fe091027c4684eb57df03b90e9955e660a7e3deb450e7a812892b99d6e798ceb89d31c2780db69bb61449f29f38c9dcfedce389c8a0362258e8aa2ed9a7c1f6248ad3b2ba46dda0eed2de7e4f861c5b54171706f92740d74499beef012abb14a472af2eacbd8e131c820833338feefdb2766a19089e564b6529d2fc4d21b7ae11dc1ef017c6dc6669a6fc31c17964296a1be6f2652d9ef80376a8066da18c3019e20c63859942334787b952e40e005da1bb2318da5fefe31618cd1dd8c190003234ea970b84d1bc77bc66edeb1e4f72d46b629e2da016460354d3c90f1b452683b958314dfc643170fd6ff355f76f79730c763b51fbd3242bd352411bff28f25716519adad795536306e7cc4960bc8a8a18abb6757457dda72c9f91ca76c52512d8d94ca7c8defa565f6ba31f89529b5806697b83172d6b1457647fd793d98597aadd0dc853181931aae0d8a88c45785d4a36b54214be020909f403cd75ac1ab669cf69da9c0edab449f0342d1d458c1b6edbd4544a61fe833f18da2191f484a50936cdb4e00239fff61e94994ce206c3f4193788971baee8e255eaa20689a8dff5383b769a3ae99738813adc5d172f7e3c31df0ed87d997880e8296eb41302fb3096d8ef40f193281e38f9e8d421be966aabc4bec224453679ac2b0873cc53130a13bd4893c825de059313603e06c35930d1157b163a977fb30f260a5c786c5d18093b754d6422ec8fdcab7280a7b40a11bb07a8dc94a719a0c28cd97f1334a4a6f8128f274dc768ea7cf88cbc356781d47d8cd049f92b8a50c45743f53324ac680a8962021b277117627a345a95b3d22394791fa371f215b65b11dbf13a5559ee4db2fcc7ff16e20dc2029d225c0dc19a4783bac2442164e0e2c71cc6ebfd294c3153e10ae51812cd32b812eb6df3608893fe6dea035b22aa24f83b5b43079196a6d37d65370981c661a571bf62ddc0f6fc3162b6727f83562883649871bca22d6add9c9deb991c81b41bb95db2c57966499f77458b57bcfa1b851a9f82339ab55ac38b9a298dec33aa6da46d9d376ffafd78ebe68bcc9c860c00b5ed6e1fa5669356afbe49821f3905f4350bba19278030e39b6430fb3ab9adb46c0381dae9f5a8c78c79990c63808eadaa29f1e7a0064425b3a56d511c3bb38b14d1e2b921da06cb89347a6a28f944194eb26fa73022a45c84352747fac3587e795c4cedc923be6e51b4f7d4f8fc82a572987bc46e04a5c22754a4a743819e8c7962486ee69be7ee4c99bc9b80cf8402506e61440393c7b46a0f76fa6f774c094beb70049d3d965b52860434050282cc8481d3a051c84be9e73c68411275ca2e1b1ed918468f60d7ce719127c8748b55a0a9258c2a7d02bf27fe9b6fd9355bd6acaee158cfaf33fd807a7f8a4ddb8fb5d2fda64527b4ece25aa7491170421d4d742e157c2ca735731325d023041dc0e95dcc1dec5cd745a22f2d57c203076273a9480eb54abe591f238df7591973b395898ec1174494ba6689b1bfcf8610ab9621777c05f2b3c38db87ccb4c57af4f14c91a953ceaf2ef81e1c3ccfa1d381f4f75c61ecdbf395e19a9e85813d7d76fcbff211157fe852b664be65b1175bb895c2485cc1f6b661734ea751b0d92bf7a2a49afcaca436328b73745c446eb4426c7f784920eac0e1d2ab68636e712d2f18063e19e422832b7b5ffc3781aeb61145ebdbfd62c8f9e7b47b1e7534a4ed5786851772b9bb28e131b991392f508aa3ba71b8ca74fd95cd0e4ca0d16ad3c0bed6dc119a142e062aea1e883d5a13472d3cb10150438dcce876a4892b0cad8d2e88f0cd60cd67329d9972a86a453792ca02581cf88bf1ac6b4e23f1ac67343b7231bd15c0e871c935dd165afe5b45435f9ce340cc15ccd9f574601b33eac02317e5003bfaeecffef2caf73444867d263b00402373a3ba27d499f402b45eb33222d555a2fe0464def1dfa7edae492cd848cdbcf80fbfa4ca74db7dfe4f3bf9104693385166c6c26af8bcada58c63748464b8efc2b69eba4492fb1ebb2afed3f305e757a662cc331506ba15fddcd31ab6b506bddb0ce6866e6a10869f79871166d0686f6398444313461a39b568f96cbec62f1ca99e61137997c5fb456ae13c58dac8c167dd0abe2a1103af34008862588153959311e3f7f77be0027ecb8dba4b73e534ce4b5550027b86fa6b1d4c33fa20004ade6ef5265d301a808bbad6cc8058241cfa75cb33c1c86dce0da89a0a89f8dcfcab2b4dd375091dd4ce4393290e3eacbcbda52e811ba82b2ed4ac4afef207ef27e193cdb94356340d444674c84934d0ed11f249612e71f78cc97ee49f29696d79e68e52a04a70f400e000000058019156a91983f8f070ed6699fb479d03d9b8aaa021c5f20ea3c4447a5a41de7975a14a8926753dd94cb1175b7accc265f7fd33c9933ebfc906a148ab8f1a5091a374f8cef07cded914ceceec5090e2ca0c92b0cc259efab48694b18b76322564617aba1956329756051b4a4789c9a58ec55a311a98b7cb9ffcbc7c12a271a581609781bf8744671372cbec49f07a33cb815fc18221045f47b6f6957f9fb2298b70a527bd982a2e079ef9abb9bb1b61703ac9dcd76f635100d0050eaf788c6ab960c4fe96bf49540e5f1796121856ea563aefbe0cf122eb69924ca459e149d81d7b08ac98af0af046ecd8dc67998e17925b8cfdd5adf3e5dc7ca5e92930b310015b26733acf001be627975f06d2a8833fe4e4e222bee65dfe64d0f8aa74cb7aa4e8d9f4959ef1b4f4c99b0898f0d7681979c5c4ce2cd09d026330b3cbba2e0ef53b5da031cdf81db1a8ae8ef6e4abe2995f606d088e953743a492cd1e2859b1295d44f41792f809f361344a3deefac68a1d414d60a800772a4113c665466dccab661cf0a3d6cbdcd24a12ba58f5cd386a982e628e960db2c133f96b65d101d11423f0c369c67427a561f0bc0e790c70ffaa9d5ec62eab93c5dd8a3f169ae7643c390c31b9e21d9d62148f490f27dad4ec0cf668107aa740cffe5186619fc2925e3bcfbdf962513566e08cb7b1962543f82db5d71b8dd56830616d54974e660e6fb678776390e1c5ae3a3aa381c33b3d18ee57c19e78a27514f40c55929a0ba6c1dca19287414ff2061993b594e573bd829410cb985348351b28c6ef4f0db9209cea66d7c7079dff1f09e00a32a049576852a5343e947e429eb5b125e236c503e42ab609868c8795a8211b2cc855b55d8ad207f515dd84f6adc7b5aea47fbd643c2b57da63d5d5e9b3eb586f413218c3c4a8a9d683e28694d37392ce3963465eebdf90fd630b74e6d79ff2e5cbf6b3dbeda6d4bcf8f8c128ae4a237c22409e60d26a64a6a4f8b60198d127d1c8e0407639867a26ca71bdbd8a1e8091fb80dd6c45839ea5ef54e1cab38beaab86dbd39e23be0d41df0db198fc5d860c5773bfa0b4ad45736f35abecf72a0d171fb2afe64939935fd6c6f1e295b338ea2c0e2df4adeddcee70e7dcb0d43c9a1e7df98451e1a18aae93ba2ca98452bded96eebd81388b30a97a93539f11e4053e88dd155b8c29e83c75baed6a7bc4e3193ae5c04aa28ec5e0033ea0546a2604b7f89ab9f4f8d91cd8c86cea75fa8929b5a183c06a4664c6ad84079279c038c04e9f7be7d6ee01f016073472e85cf49f24197f310dff2248dba48c00483d720289b2d545dfae4c3c997bf832b89b7a6d010e15a7ed2922aafc5fe0f2b499d284615b1d07187e23b7c55eb57fe052bc978d2826bcfbdc46872dfd964e8007acc8d987b8c947f463f62d4bfd17b2febcf7407c98bce7c2148167185325570aed09948553e4bf5b520c0ba21ac961ba816923b20726dc1f456b5d31f45453f714fc4811f6e31a019445ed6928389caf25c2fbbe408bd29db15f7410e4ff939a111a7f73bc22b5aefe624c374ffb93f08f48ac7ceedb8511f4914bdd67709b94a67874ec7622d928fa406458b5b3c558668b9741f4417bd19a6b942a085ee08f9e3eceab254142fe67206f00cc4cada297281f5c589c84c144d9c71d953391e24cfec1d452c6a960a466776012ce9efdeea7e4c087e93a0a6455c326038deae9b6a72566c37322cf3117b0c9d4e7a07c5f8128d118714343d5fe1bab349f33cbbb1be8cf30ea7194762d1b00843b12039a7af24cce07a51795615928b0e3ef42f192b33730649a9e96d17a5fd98bc3912e593bd513c4c729bff8b104581c6232d2632204027d5062997c35ceefa1ee6277a6f7d8ef5328ada9d149d781debf909b033e81d28debe1202d61e3336ce762f471d181d33cf2be0da6586f1cc514beb5447812cf4a164edd9094831a7ac0c705e8c14c35668801e284f990c656232d6c490f5e56a1e3434d7bc5bd68a679ce3f009af2545b6e81b7c5a0ec61b418aea9815f820b0faf56d56639a794ad6938268479b6107738c4f296907f8a7cd203173d1e2000798874137c48a9272dc99795de9bc86c5eb7e945402e1cfc385adf3558004ee9a3dd51c19710cc689406242dd792adb5e1542edd516b798f59b002a0d8df1d9dcd3993216b529e25a6258fb448dc3c32ead185476684486f2eda6f8b58b0fe49a6e9b769cc0d7fa99b3b513ea09227578c93dd96225a0de1a91fca4de2846990d411f21b91a72998c8fab4a2c5d7e2c8396f0013ec5b44e7742721585f85f8e46a1a02866c7723312b4b25a28b66248c650ce351e984c205bdc4ee333a2ca8e3e48ce059f44dea4bf45dbcff81d02e5568208b37eafde84bedca64329fc7f6c61d4ff56eb702969455cf5a42bfca7dd663888aed2f69e5cfaf4099e894b0f65e7c7ebb67168ef10926a2d2276dea6a2c20b7f4df68151a015f016bfa79314db0b42efb099a73b00f39272ca3981eb9af9e0a54c1e465bfca573bfae4a5b0ccb81a471744e0ef566345f0d569644c01dcced4fa5d0652f31a75274e60dcca1f7008d8ed207c05c8041a3ac33ecc333282cfc3f4c7fdf71f7334063dae0ca8374eecedfcf657163950d34bd3017e572ef837a59c51f52d6acab7222699c69a9f0c883210147c08bd77c9d749255acce65b7dd64fc1661e6595b8d232fe91ee8ec22caf4235acdc70fa9f8f0eb5b518dc497ee7cb622c7239db7c21cfa822eec78159e9f20d1b17e0a6598422c35f54dca57b61c8182e0118e571e663dd5d2a9b34dc5c49d71285f1e7b2244a2abefae423cac57e19bdc862344692789f901464385b3152e723c3739bb914a2586c2d59fc5a357e8d149a2316e49f60d4483587e1d622740ad25bae74ccfddc7a6f2292cfcf575537555a77ca76b2498e8092059972ad70c2c9550adc672347e339cc2954b3f4de3d5e9901f06ef9701b3f0b2cd66021959be8ca6fb38968340530ba5e28931bcb4e61d0959300d5ecabe09bf4ec31cad6f7b4834310e046d67f65f2dd79de0d898698b477dc52395291d659168d4535401bcee5b7f0c11a00d380b9461b65fa45648faabe1a1a69cce14a2ea9a06b70f35d09561b02d630c4857805b6f0f059fdee58500f54cd7aec7249484946cf8df8348f413234309788ff4381a6f041cfae335be49bafac9067845767ded8b0ab2f726798146691f381fa6fbe79dc58e6794dd51c1f61661d57321052e3774c4f94358fab3e78e63ee2109ec61bfb6a611f9364c82b4dc566d6713b65811f4e8abe7bc646539e7d58e9b778fabe2651677ce8d7d36659edc31db124777ced73bf0e78b11ea83b279bad0839f8babae0b4e37a019884b6ef845cd9c60d62786faa60ac2dc833db93e64f50e7e268b3c12c27ed4aa79dc8383ea7b3397572e652bb3e059c50c8921715682ed508dbe6414a0d3e02ee58fc06fec81d8bb808330952f09c8ac8fb8155ed6b4b386926e155f7c2f88a7420c2250cca8b2017023f23106e79f715d7d93c1690474f2fa3c72d1f4f6e42f4d6fb1673861aedd253d3af83f54b0fdcdf2b2ebb461c9d23a15db07c0d5be49173808851a3a4e9273fc3b65ae38455c5b268f588d0a696fd086ed91467c2369890a05f4a1c3f3b2a0ae847b448222956afdd720f91956c2f994bd4cc946c44388a9a20e5e879dbed231967b44ea0ac4b7f1f7e901b79de7e73d712f23c1312d4259cda886ff54db1da90dd64bfb5d5a00d41b4bbfebc0c68dd31cfc4e1b6069582ba9ddd64cfe2fd8beb6141eee1325583f4eb8011d17f62da36db30f88c9e9e51379b9730a73a01ef3c07d6e5e5f86291e2543b03f8c7e9d09b5ed4a1626d206c0c6742995bd73d5558ac3cff877bdd8511090b7c208dfd90e03cbc97072e6ef23a129eb8769055bcf8fc7d2b1e43fae5a815174706d423edb9dde4f884f5bde6f994fbac904b46d40cceb3d916a1ff9449c15ce71bbaa028201db4493be4652a8fd3d20b29fee043c7ecc148e71378dcc147e8395fc0e22a5cb7f5e7a416b5065c7dd983e8fd4af849e6f43efc0458af1c9db2e0582845b97bffd0f223bccbbcd53cd5c23bdcc1e5c016b737bbce414d1bcbbc990ecb59ad44f1ed08147df0edd2a88b2d3a218d781bbc7e40b80c6a33f0137794edbaa123dd42de3ac6c4a8af71c809313658ec405df5d9b9a99b46d978c338af6a9fe4bcdfe0eb50e77e8d298166a114c9f62a523045bf80df2aa0fbffe2a693813e4fe12684c41a3a3f19a5cd4fb0beb5a600d3e3ab7ab23367f701094f7abd9d8f7c3bfe32f9ab3e0c9ce6fca6dd34d2bedc66f71cce81835df14f4cd70046e50962283a0491ac539ad2c1c9468bd80732ccdf5b408c2e3041bc3e569674294a5992a760d73c2f9bebfa73e334cdf3272214c5c9e0bd30f770f5e02507b3f6210c9e98a8b5f440239d77e9376e4167d98f68097fd6e36557e97f24a26e1d7c6928d520ced48e897e545ef1ac65e7fbd438c641f5094a1f217b2dde5fe24a209969bad94cd850ea84e086f454e5fbf160caddca8b91917ee71233b82e01e3731fb4dcb3635021fccc7dc0d3a401333ded1c7a859a34909126878bcede3d656d2122c35c120537758774bd5b99dd5776867eca2b527873b55c8fb30e914d61923e188037af2493f750c1b92e9ca08021e79f7ea833d518efa390ae8f4b27aad5fcbc9f77b5cbce30eea3b9fdb69f705c1e126ecac466f41918212fe3dac4b2ac65f4c3ad1c07e7835caf33f650f54efab990068b93de025a7396d192990a8bd4c74b1fde93aed93226b567ef7520a4543167e0ab676c9f1af22331b1aa84455d1279b7982724101f49bd03ff087469377b497c9d1d902d759cf721204984af37ccb65322f9eaf0ee35e6717a4c3976231dd45204c041075cfeed8fa39217d65419a67459ba5c83b52ba2cf18f4f3d41f5fd1aa9cda2a97edbb1dcadcaf609a31f946c9bf77873cb51f27755e77696a9f8ebeaaef089045ef71e1a8bd6f116235212792a76e20b33a79f53f34d69a8e97eb2a68de2d88de3d8297ab31f1d54feac1dc5c4e992f35f05e20ca2fe5ec4c74dc170edfbd755c9d5b9fafb9d05d32f19a6e03855f98713e4821c6ed238b83685266c8b75886ba1afb43a04d45dba2dc7a25dc04ce9d893057107dce39663f6e93a3b206fb62306c801804b4c68567895da3801abff908e2a5c4e4fb08366c5c9fdf5902d8a352406105fb6a857cadb3910de0dd7449cfb951877b04650777c669e17c1d03b72be85f2bc6a682002f973fbc6d0acab4813aea66d6b701d37fafe381bff420adb1dbaeaac7618702703d482502697168a406421a1f6732876c7e6acf98ceb8b1a66e204cf5d530b189f3f94987e7c7698acac008e60d936b02d2f00ee22e390f9f9a4cbdbd6d36ba1d9e5cc7eddc3e5f85aaab437b4f3335133d074c51f67339c05c87d9ff986d5b596da7af7320d4e4ead41208eb398737d3b9605489560dd34dddbe0b30583a852dc180d29e77dbec7e1aeca4724cedc5fd9a7bf8de1fd9d77d2cd1059fc8f5e43c2c2b331b67d2b9932f004a15bb4436d1859bbc600", 0x2000, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x2, {0x7, 0x29, 0x1, 0x6a546493, 0x681d, 0x0, 0x3, 0x1, 0x0, 0x0, 0x100, 0x82}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1, 0x2000000, 0x5}}, 0x30) 5.792897526s ago: executing program 3 (id=23): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x20, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_SEC_DEVKEY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x200048c3}, 0x20000094) 5.792642082s ago: executing program 2 (id=24): close(0x3) 5.690774088s ago: executing program 1 (id=25): r0 = socket(0x2b, 0x1, 0x1) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x29, 0x61, 0x0, 0x0) 5.279573519s ago: executing program 2 (id=26): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r2 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfffbffff, {0x0, 0x0, 0x0, r1, {0x0, 0x8}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0xc, 0x3, 0x108}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40001}, 0x10) 5.278175962s ago: executing program 3 (id=27): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x108}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) syz_io_uring_setup(0x867, &(0x7f0000000140)={0x0, 0x9164, 0x1000, 0x1, 0x359}, &(0x7f00000002c0), &(0x7f0000ff4000), &(0x7f0000000000)) close_range(r0, r0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) 3.749715649s ago: executing program 4 (id=28): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, 0x0, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r3, 0x1) connect$bt_rfcomm(r3, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa) 2.771999587s ago: executing program 1 (id=29): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0) landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0) r3 = fsopen(&(0x7f00000002c0)='pvfs2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) 2.269325697s ago: executing program 2 (id=30): socket(0x2, 0x2, 0xb0e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) setfsgid(0x0) set_mempolicy_home_node(&(0x7f0000fff000/0x1000)=nil, 0x2900, 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x101000) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, 0x0, 0x0) 1.908572099s ago: executing program 3 (id=31): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x5, @any, 0x0, 0x1}, 0xe) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r0, 0x3) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) 1.902376192s ago: executing program 1 (id=32): socket$inet_tcp(0x2, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$kcm(0x2, 0xa, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 16.641537ms ago: executing program 2 (id=33): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}], 0x1}, 0x5}], 0x1, 0x2000, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40) 0s ago: executing program 4 (id=34): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) semtimedop(0x0, &(0x7f00000003c0)=[{0x3, 0x4, 0x1800}], 0x1, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts. [ 81.256045][ T5592] cgroup: Unknown subsys name 'net' [ 81.499071][ T5592] cgroup: Unknown subsys name 'cpuset' [ 81.551435][ T5592] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.584467][ T5592] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.843047][ T1245] cfg80211: failed to load regulatory.db [ 87.188570][ T5606] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.190417][ T5606] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.194160][ T5606] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.213952][ T5606] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.216076][ T5606] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.364426][ T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.402394][ T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.404243][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.427986][ T5619] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.438259][ T5619] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.440175][ T5619] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.442818][ T5619] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.443358][ T5619] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.445405][ T5619] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.445674][ T5619] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.447934][ T5619] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.454814][ T5619] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.456387][ T5619] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.456818][ T5619] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.461100][ T5619] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.538704][ T5619] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.554467][ T5619] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.555468][ T5619] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.557417][ T5619] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.558581][ T5619] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.312325][ T5615] Bluetooth: hci0: command tx timeout [ 89.540824][ T5619] Bluetooth: hci1: command tx timeout [ 89.540997][ T5619] Bluetooth: hci3: command tx timeout [ 89.541206][ T5615] Bluetooth: hci2: command tx timeout [ 89.620737][ T5615] Bluetooth: hci4: command tx timeout [ 90.093366][ T5605] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.093451][ T5605] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.093560][ T5605] bridge_slave_0: entered allmulticast mode [ 90.095954][ T5605] bridge_slave_0: entered promiscuous mode [ 90.181042][ T5605] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.181164][ T5605] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.181711][ T5605] bridge_slave_1: entered allmulticast mode [ 90.185871][ T5605] bridge_slave_1: entered promiscuous mode [ 90.238721][ T5611] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.238841][ T5611] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.238950][ T5611] bridge_slave_0: entered allmulticast mode [ 90.240559][ T5611] bridge_slave_0: entered promiscuous mode [ 90.304831][ T5611] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.305002][ T5611] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.305105][ T5611] bridge_slave_1: entered allmulticast mode [ 90.306761][ T5611] bridge_slave_1: entered promiscuous mode [ 90.376609][ T5605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.428431][ T5617] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.428564][ T5617] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.428727][ T5617] bridge_slave_0: entered allmulticast mode [ 90.430551][ T5617] bridge_slave_0: entered promiscuous mode [ 90.464032][ T5605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.496649][ T5617] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.496758][ T5617] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.496864][ T5617] bridge_slave_1: entered allmulticast mode [ 90.498713][ T5617] bridge_slave_1: entered promiscuous mode [ 90.504552][ T5611] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.529621][ T5609] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.529757][ T5609] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.530244][ T5609] bridge_slave_0: entered allmulticast mode [ 90.534303][ T5609] bridge_slave_0: entered promiscuous mode [ 90.578603][ T5611] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.595923][ T5609] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.596086][ T5609] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.596716][ T5609] bridge_slave_1: entered allmulticast mode [ 90.598471][ T5609] bridge_slave_1: entered promiscuous mode [ 90.599645][ T5608] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.599766][ T5608] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.599862][ T5608] bridge_slave_0: entered allmulticast mode [ 90.604057][ T5608] bridge_slave_0: entered promiscuous mode [ 90.657196][ T5605] team0: Port device team_slave_0 added [ 90.677007][ T5608] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.677102][ T5608] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.677203][ T5608] bridge_slave_1: entered allmulticast mode [ 90.679431][ T5608] bridge_slave_1: entered promiscuous mode [ 90.686795][ T5617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.717951][ T5605] team0: Port device team_slave_1 added [ 90.748799][ T5617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.752110][ T5611] team0: Port device team_slave_0 added [ 90.776765][ T5609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.808444][ T5611] team0: Port device team_slave_1 added [ 90.825701][ T5609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.829208][ T5608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.864032][ T5605] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.864045][ T5605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.864060][ T5605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.889578][ T5608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.892881][ T5617] team0: Port device team_slave_0 added [ 90.915108][ T5605] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.915125][ T5605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.915147][ T5605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.967317][ T5617] team0: Port device team_slave_1 added [ 90.968152][ T5611] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.968163][ T5611] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.968185][ T5611] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.991105][ T5609] team0: Port device team_slave_0 added [ 91.038815][ T5611] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.038832][ T5611] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.038858][ T5611] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.050079][ T5609] team0: Port device team_slave_1 added [ 91.055937][ T5608] team0: Port device team_slave_0 added [ 91.123644][ T5608] team0: Port device team_slave_1 added [ 91.124554][ T5617] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.124569][ T5617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.124595][ T5617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.205556][ T5617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.205570][ T5617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.205585][ T5617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.227419][ T5609] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.227435][ T5609] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.227459][ T5609] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.303685][ T5605] hsr_slave_0: entered promiscuous mode [ 91.304681][ T5605] hsr_slave_1: entered promiscuous mode [ 91.306417][ T5609] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.306427][ T5609] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.306442][ T5609] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.307390][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.307398][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.307412][ T5608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.379092][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.379109][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.379131][ T5608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.380739][ T5615] Bluetooth: hci0: command tx timeout [ 91.394793][ T5611] hsr_slave_0: entered promiscuous mode [ 91.396908][ T5611] hsr_slave_1: entered promiscuous mode [ 91.400156][ T5611] debugfs: 'hsr0' already exists in 'hsr' [ 91.400266][ T5611] Cannot create hsr debugfs directory [ 91.621526][ T5615] Bluetooth: hci2: command tx timeout [ 91.621590][ T5615] Bluetooth: hci3: command tx timeout [ 91.621613][ T5615] Bluetooth: hci1: command tx timeout [ 91.700857][ T5615] Bluetooth: hci4: command tx timeout [ 91.964924][ T5617] hsr_slave_0: entered promiscuous mode [ 91.965841][ T5617] hsr_slave_1: entered promiscuous mode [ 91.966452][ T5617] debugfs: 'hsr0' already exists in 'hsr' [ 91.966469][ T5617] Cannot create hsr debugfs directory [ 92.052755][ T5609] hsr_slave_0: entered promiscuous mode [ 92.054128][ T5609] hsr_slave_1: entered promiscuous mode [ 92.054701][ T5609] debugfs: 'hsr0' already exists in 'hsr' [ 92.054719][ T5609] Cannot create hsr debugfs directory [ 92.134567][ T5608] hsr_slave_0: entered promiscuous mode [ 92.135470][ T5608] hsr_slave_1: entered promiscuous mode [ 92.136102][ T5608] debugfs: 'hsr0' already exists in 'hsr' [ 92.136121][ T5608] Cannot create hsr debugfs directory [ 93.001207][ T5605] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.056176][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.071952][ T5605] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.107470][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.112178][ T5605] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.135128][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 93.155490][ T5605] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.194662][ T5605] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 93.339870][ T5617] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.371598][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.385834][ T5617] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.418269][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.428545][ T5617] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.456749][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 93.462815][ T5615] Bluetooth: hci0: command tx timeout [ 93.484432][ T5617] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.517691][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 93.647526][ T5609] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.684049][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.697318][ T5609] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.700791][ T5615] Bluetooth: hci3: command tx timeout [ 93.700825][ T5615] Bluetooth: hci2: command tx timeout [ 93.700847][ T5615] Bluetooth: hci1: command tx timeout [ 93.755676][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.759312][ T5609] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.780876][ T5615] Bluetooth: hci4: command tx timeout [ 93.800373][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 93.827436][ T5609] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.855583][ T5609] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 93.986756][ T5608] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.022842][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.030132][ T5608] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.055277][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.062319][ T5608] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.084596][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.127361][ T5608] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.164025][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.215593][ T5605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.352876][ T5611] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.384525][ T5611] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.395137][ T5611] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.433717][ T5611] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.439441][ T5611] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.484389][ T5611] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.486549][ T5605] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.497445][ T5611] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.545164][ T5611] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.610243][ T3479] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.612072][ T3479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.641353][ T5617] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.684343][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.684469][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.794613][ T5617] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.854843][ T1301] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.854994][ T1301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.893761][ T1301] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.893881][ T1301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.918175][ T5609] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.025291][ T5609] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.111098][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.111303][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.125194][ T5608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.220255][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.220403][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.327222][ T5608] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.397573][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.397658][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.435368][ T5611] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.469956][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.470141][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.540907][ T5615] Bluetooth: hci0: command tx timeout [ 95.642912][ T5611] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.702033][ T3375] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.702163][ T3375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.781230][ T5619] Bluetooth: hci3: command tx timeout [ 95.781262][ T5619] Bluetooth: hci2: command tx timeout [ 95.781312][ T5615] Bluetooth: hci1: command tx timeout [ 95.818494][ T3479] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.818638][ T3479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.862325][ T5615] Bluetooth: hci4: command tx timeout [ 96.566805][ T5605] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.678092][ T5617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.254946][ T5617] veth0_vlan: entered promiscuous mode [ 97.319545][ T5617] veth1_vlan: entered promiscuous mode [ 97.406752][ T5609] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.574962][ T5617] veth0_macvtap: entered promiscuous mode [ 97.623120][ T5617] veth1_macvtap: entered promiscuous mode [ 97.760484][ T5609] veth0_vlan: entered promiscuous mode [ 97.776796][ T5608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.799504][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.858324][ T5605] veth0_vlan: entered promiscuous mode [ 97.866030][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.880140][ T5609] veth1_vlan: entered promiscuous mode [ 97.923496][ T1186] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.931077][ T1186] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.947138][ T5605] veth1_vlan: entered promiscuous mode [ 97.950457][ T1186] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.977043][ T5611] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.977228][ T1186] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.332824][ T5609] veth0_macvtap: entered promiscuous mode [ 98.355164][ T5608] veth0_vlan: entered promiscuous mode [ 98.383173][ T3375] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.383197][ T3375] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.387010][ T5609] veth1_macvtap: entered promiscuous mode [ 98.456847][ T5605] veth0_macvtap: entered promiscuous mode [ 98.497466][ T5608] veth1_vlan: entered promiscuous mode [ 98.499791][ T5605] veth1_macvtap: entered promiscuous mode [ 98.554398][ T5611] veth0_vlan: entered promiscuous mode [ 98.566940][ T5609] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.583304][ T3375] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.583324][ T3375] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.610086][ T5609] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.640700][ T5611] veth1_vlan: entered promiscuous mode [ 98.647088][ T5605] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.673157][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.692637][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.705894][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.718983][ T5605] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.741084][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.850678][ T67] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.878946][ T67] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.879690][ T5608] veth0_macvtap: entered promiscuous mode [ 98.898928][ T67] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.925237][ T67] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.995782][ T5608] veth1_macvtap: entered promiscuous mode [ 100.460482][ T5611] veth0_macvtap: entered promiscuous mode [ 100.480224][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.489633][ T3331] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.489653][ T3331] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.535920][ T5611] veth1_macvtap: entered promiscuous mode [ 100.549335][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.599077][ T3331] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.599099][ T3331] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.634766][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.697207][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.710724][ T5804] Illegal XDP return value 1695888480 on prog (id 2) dev N/A, expect packet loss! [ 100.740342][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.760972][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.764486][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.764506][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.831845][ T5611] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.934924][ T5611] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.990762][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.990784][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.064444][ T3375] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.138419][ T3375] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.145585][ T3375] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.202691][ T3375] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.406835][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.406857][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.070681][ T5813] hub 8-0:1.0: USB hub found [ 102.122413][ T5813] hub 8-0:1.0: 1 port detected [ 103.200140][ T2286] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.200203][ T2286] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.240647][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.260644][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.270646][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.280645][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.290644][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.918170][ T3375] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.918193][ T3375] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.922156][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.922179][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.222050][ T5742] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 114.360646][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 114.514192][ T5742] usb 3-1: Using ep0 maxpacket: 16 [ 114.515918][ T5742] usb 3-1: device descriptor read/all, error -71 [ 120.220035][ T5615] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 120.220063][ T5615] CPU: 1 UID: 0 PID: 5615 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 120.220088][ T5615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 120.220101][ T5615] Workqueue: hci3 hci_rx_work [ 120.220136][ T5615] Call Trace: [ 120.220144][ T5615] [ 120.220153][ T5615] dump_stack_lvl+0xe8/0x150 [ 120.220182][ T5615] sysfs_create_dir_ns+0x271/0x2a0 [ 120.220214][ T5615] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 120.220239][ T5615] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 120.220273][ T5615] ? rt_spin_unlock+0x160/0x200 [ 120.220299][ T5615] kobject_add_internal+0x631/0xd10 [ 120.220340][ T5615] kobject_add+0x163/0x240 [ 120.220388][ T5615] ? __pfx_kobject_add+0x10/0x10 [ 120.220429][ T5615] ? get_device_parent+0x370/0x3a0 [ 120.220460][ T5615] device_add+0x408/0xbb0 [ 120.220489][ T5615] hci_conn_add_sysfs+0xd5/0x210 [ 120.220520][ T5615] le_conn_complete_evt+0x10e6/0x16b0 [ 120.220552][ T5615] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 120.220574][ T5615] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 120.220604][ T5615] ? lockdep_hardirqs_on+0x7a/0x110 [ 120.220632][ T5615] ? skb_pull_data+0xfb/0x200 [ 120.220667][ T5615] hci_le_conn_complete_evt+0x187/0x470 [ 120.220707][ T5615] hci_event_packet+0x659/0xef0 [ 120.220741][ T5615] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 120.220762][ T5615] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 120.220792][ T5615] ? __pfx_hci_event_packet+0x10/0x10 [ 120.220816][ T5615] ? rt_spi[ 120.220816][ T5615] ? rt_spin_unlock+0x14f/0x200 [ 120.220848][ T5615] ? hci_send_to_monitor+0xe2/0x590 [ 120.220873][ T5615] hci_rx_work+0x3ee/0x1040 [ 120.220909][ T5615] ? process_scheduled_works+0xa70/0x1860 [ 120.220936][ T5615] process_scheduled_works+0xb5d/0x1860 [ 120.220994][ T5615] ? __pfx_process_scheduled_works+0x10/0x10 [ 120.221024][ T5615] ? assign_work+0x3d5/0x5e0 [ 120.221053][ T5615] worker_thread+0xa53/0xfc0 [ 120.221118][ T5615] kthread+0x388/0x470 [ 120.221148][ T5615] ? __pfx_worker_thread+0x10/0x10 [ 120.221169][ T5615] ? __pfx_kthread+0x10/0x10 [ 120.221196][ T5615] ret_from_fork+0x514/0xb70 [ 120.221223][ T5615] ? __pfx_ret_from_fork+0x10/0x10 [ 120.221246][ T5615] ? __switch_to+0xc79/0x1410 [ 120.221280][ T5615] ? __pfx_kthread+0x10/0x10 [ 120.221304][ T5615] ret_from_fork_asm+0x1a/0x30 [ 120.221347][ T5615] [ 120.230027][ T5615] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 120.230074][ T5615] Bluetooth: hci3: failed to register connection device [ 120.283863][ T5938] syz.1.32 uses obsolete (PF_INET,SOCK_PACKET) [ 120.408584][ T5615] ================================================================== [ 120.408605][ T5615] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0xe3/0x180 [ 120.408642][ T5615] Read of size 8 at addr ffff888028722200 by task kworker/u9:3/5615 [ 120.408660][ T5615] [ 120.408674][ T5615] CPU: 1 UID: 0 PID: 5615 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 120.408698][ T5615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 120.408713][ T5615] Workqueue: hci3 hci_rx_work [ 120.408742][ T5615] Call Trace: [ 120.408750][ T5615] [ 120.408760][ T5615] dump_stack_lvl+0xe8/0x150 [ 120.408787][ T5615] print_address_description+0x55/0x1e0 [ 120.408811][ T5615] ? l2cap_sock_ready_cb+0xe3/0x180 [ 120.408834][ T5615] print_report+0x58/0x70 [ 120.408855][ T5615] kasan_report+0x117/0x150 [ 120.408881][ T5615] ? l2cap_sock_ready_cb+0xe3/0x180 [ 120.408910][ T5615] l2cap_sock_ready_cb+0xe3/0x180 [ 120.408936][ T5615] l2cap_le_start+0x25b/0x1960 [ 120.408961][ T5615] ? __pfx_l2cap_le_start+0x10/0x10 [ 120.408983][ T5615] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 120.409012][ T5615] ? lockdep_hardirqs_on+0x7a/0x110 [ 120.409041][ T5615] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 120.409069][ T5615] ? mutex_lock_nested+0x152/0x1d0 [ 120.409090][ T5615] ? l2cap_connect_cfm+0x894/0x1560 [ 120.409114][ T5615] l2cap_connect_cfm+0x8d5/0x1560 [ 120.409141][ T5615] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 120.409162][ T5615] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 120.409191][ T5615] ? lockdep_hardirqs_on+0x7a/0x110 [ 120.409217][ T5615] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 120.409246][ T5615] ? mutex_lock_nested+0x152/0x1d0 [ 120.409266][ T5615] ? hci_connect_cfm+0x2c/0x140 [ 120.409296][ T5615] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 120.409319][ T5615] hci_connect_cfm+0x95/0x140 [ 120.409351][ T5615] le_conn_complete_evt+0x1134/0x16b0 [ 120.409377][ T5615] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 120.409397][ T5615] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 120.409425][ T5615] ? lockdep_hardirqs_on+0x7a/0x110 [ 120.409463][ T5615] ? skb_pull_data+0xfb/0x200 [ 120.409494][ T5615] hci_le_conn_complete_evt+0x187/0x470 [ 120.409525][ T5615] hci_event_packet+0x659/0xef0 [ 120.409552][ T5615] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 120.409571][ T5615] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 120.409595][ T5615] ? __pfx_hci_event_packet+0x10/0x10 [ 120.409620][ T5615] ? rt_spin_unlock+0x14f/0x200 [ 120.409646][ T5615] ? hci_send_to_monitor+0xe2/0x590 [ 120.409668][ T5615] hci_rx_work+0x3ee/0x1040 [ 120.409699][ T5615] ? process_scheduled_works+0xa70/0x1860 [ 120.409723][ T5615] process_scheduled_works+0xb5d/0x1860 [ 120.409759][ T5615] ? __pfx_process_scheduled_works+0x10/0x10 [ 120.409785][ T5615] ? assign_work+0x3d5/0x5e0 [ 120.409809][ T5615] worker_thread+0xa53/0xfc0 [ 120.409845][ T5615] kthread+0x388/0x470 [ 120.409873][ T5615] ? __pfx_worker_thread+0x10/0x10 [ 120.409895][ T5615] ? __pfx_kthread+0x10/0x10 [ 120.409924][ T5615] ret_from_fork+0x514/0xb70 [ 120.409949][ T5615] ? __pfx_ret_from_fork+0x10/0x10 [ 120.409972][ T5615] ? __switch_to+0xc79/0x1410 [ 120.410004][ T5615] ? __pfx_kthread+0x10/0x10 [ 120.410033][ T5615] ret_from_fork_asm+0x1a/0x30 [ 120.410068][ T5615] [ 120.410076][ T5615] [ 120.410081][ T5615] Allocated by task 5933: [ 120.410091][ T5615] kasan_save_track+0x3e/0x80 [ 120.410116][ T5615] __kasan_kmalloc+0x93/0xb0 [ 120.410135][ T5615] __kmalloc_noprof+0x3e7/0x7b0 [ 120.410156][ T5615] sk_prot_alloc+0xe7/0x210 [ 120.410180][ T5615] sk_alloc+0x3a/0x390 [ 120.410202][ T5615] bt_sock_alloc+0x3b/0x340 [ 120.410228][ T5615] l2cap_sock_create+0x147/0x330 [ 120.410250][ T5615] bt_sock_create+0x163/0x240 [ 120.410278][ T5615] __sock_create+0x4b2/0x9d0 [ 120.410297][ T5615] __sys_socket+0xd6/0x1b0 [ 120.410316][ T5615] __x64_sys_socket+0x7a/0x90 [ 120.410336][ T5615] do_syscall_64+0x15f/0xf80 [ 120.410362][ T5615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.410382][ T5615] [ 120.410387][ T5615] Freed by task 5929: [ 120.410396][ T5615] kasan_save_track+0x3e/0x80 [ 120.410413][ T5615] kasan_save_free_info+0x46/0x50 [ 120.410448][ T5615] __kasan_slab_free+0x5c/0x80 [ 120.410467][ T5615] kfree+0x1c5/0x6c0 [ 120.410484][ T5615] __sk_destruct+0x74b/0x9d0 [ 120.410508][ T5615] l2cap_sock_release+0x1c1/0x270 [ 120.410528][ T5615] sock_close+0xc3/0x240 [ 120.410544][ T5615] __fput+0x461/0xa70 [ 120.410572][ T5615] task_work_run+0x1d9/0x270 [ 120.410596][ T5615] exit_to_user_mode_loop+0xf3/0x4d0 [ 120.410617][ T5615] do_syscall_64+0x33e/0xf80 [ 120.410639][ T5615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.410657][ T5615] [ 120.410662][ T5615] The buggy address belongs to the object at ffff888028722000 [ 120.410662][ T5615] which belongs to the cache kmalloc-4k of size 4096 [ 120.410677][ T5615] The buggy address is located 512 bytes inside of [ 120.410677][ T5615] freed 4096-byte region [ffff888028722000, ffff888028723000) [ 120.410698][ T5615] [ 120.410702][ T5615] The buggy address belongs to the physical page: [ 120.410711][ T5615] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28720 [ 120.410730][ T5615] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 120.410747][ T5615] flags: 0x80000000000040(head|node=0|zone=1) [ 120.410764][ T5615] page_type: f5(slab) [ 120.410784][ T5615] raw: 0080000000000040 ffff88801a011140 dead000000000100 dead000000000122 [ 120.410802][ T5615] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 120.410821][ T5615] head: 0080000000000040 ffff88801a011140 dead000000000100 dead000000000122 [ 120.410838][ T5615] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000 [ 120.410857][ T5615] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 120.410875][ T5615] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 120.410885][ T5615] page dumped because: kasan: bad access detected [ 120.410895][ T5615] page_owner tracks the page as allocated [ 120.410902][ T5615] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4971, tgid 4971 (udevd), ts 29683564186, free_ts 29645844104 [ 120.410937][ T5615] post_alloc_hook+0x22d/0x280 [ 120.410957][ T5615] get_page_from_freelist+0x27c8/0x2840 [ 120.410980][ T5615] __alloc_frozen_pages_noprof+0x18d/0x380 [ 120.411004][ T5615] allocate_slab+0x77/0x660 [ 120.411028][ T5615] refill_objects+0x33c/0x3d0 [ 120.411054][ T5615] __pcs_replace_empty_main+0x373/0x720 [ 120.411082][ T5615] __kmalloc_noprof+0x530/0x7b0 [ 120.411102][ T5615] tomoyo_realpath_from_path+0xe3/0x5d0 [ 120.411122][ T5615] tomoyo_check_open_permission+0x229/0x470 [ 120.411149][ T5615] security_file_open+0xa9/0x240 [ 120.411177][ T5615] do_dentry_open+0x4c0/0x13e0 [ 120.411204][ T5615] vfs_open+0x3b/0x350 [ 120.411229][ T5615] path_openat+0x2e43/0x38a0 [ 120.411250][ T5615] do_file_open+0x23e/0x4a0 [ 120.411270][ T5615] do_sys_openat2+0x113/0x200 [ 120.411298][ T5615] __x64_sys_openat+0x138/0x170 [ 120.411326][ T5615] page last free pid 4971 tgid 4971 stack trace: [ 120.411337][ T5615] __free_frozen_pages+0xfa6/0x10f0 [ 120.411358][ T5615] __slab_free+0x252/0x2a0 [ 120.411379][ T5615] qlist_free_all+0x99/0x100 [ 120.411395][ T5615] kasan_quarantine_reduce+0x148/0x160 [ 120.411413][ T5615] __kasan_slab_alloc+0x22/0x80 [ 120.411432][ T5615] kmem_cache_alloc_noprof+0x33b/0x680 [ 120.411462][ T5615] do_getname+0x2e/0x250 [ 120.411487][ T5615] do_sys_openat2+0xca/0x200 [ 120.411514][ T5615] __x64_sys_openat+0x138/0x170 [ 120.411543][ T5615] do_syscall_64+0x15f/0xf80 [ 120.411568][ T5615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.411587][ T5615] [ 120.411592][ T5615] Memory state around the buggy address: [ 120.411603][ T5615] ffff888028722100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.411617][ T5615] ffff888028722180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.411631][ T5615] >ffff888028722200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.411641][ T5615] ^ [ 120.411652][ T5615] ffff888028722280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.411665][ T5615] ffff888028722300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.411675][ T5615] ================================================================== [ 120.415116][ T5615] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 120.415138][ T5615] CPU: 1 UID: 0 PID: 5615 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 120.415162][ T5615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 120.415175][ T5615] Workqueue: hci3 hci_rx_work [ 120.415207][ T5615] Call Trace: [ 120.415216][ T5615] [ 120.415223][ T5615] vpanic+0x56c/0xa60 [ 120.415261][ T5615] ? __pfx_vpanic+0x10/0x10 [ 120.415293][ T5615] panic+0xc5/0xd0 [ 120.415317][ T5615] ? __pfx_panic+0x10/0x10 [ 120.415343][ T5615] ? preempt_schedule_thunk+0x16/0x30 [ 120.415377][ T5615] ? preempt_schedule_thunk+0x16/0x30 [ 120.415410][ T5615] ? l2cap_sock_ready_cb+0xe3/0x180 [ 120.415442][ T5615] check_panic_on_warn+0x89/0xb0 [ 120.415472][ T5615] ? l2cap_sock_ready_cb+0xe3/0x180 [ 120.415495][ T5615] end_report+0x73/0x170 [ 120.415518][ T5615] ? l2cap_sock_ready_cb+0xe3/0x180 [ 120.415541][ T5615] kasan_report+0x128/0x150 [ 120.415562][ T5615] ? l2cap_sock_ready_cb+0xe3/0x180 [ 120.415589][ T5615] l2cap_sock_ready_cb+0xe3/0x180 [ 120.415611][ T5615] l2cap_le_start+0x25b/0x1960 [ 120.415634][ T5615] ? __pfx_l2cap_le_start+0x10/0x10 [ 120.415656][ T5615] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 120.415683][ T5615] ? lockdep_hardirqs_on+0x7a/0x110 [ 120.415710][ T5615] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 120.415736][ T5615] ? mutex_lock_nested+0x152/0x1d0 [ 120.415756][ T5615] ? l2cap_connect_cfm+0x894/0x1560 [ 120.415779][ T5615] l2cap_connect_cfm+0x8d5/0x1560 [ 120.415805][ T5615] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 120.415826][ T5615] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 120.415850][ T5615] ? lockdep_hardirqs_on+0x7a/0x110 [ 120.415872][ T5615] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 120.415896][ T5615] ? mutex_lock_nested+0x152/0x1d0 [ 120.415915][ T5615] ? hci_connect_cfm+0x2c/0x140 [ 120.415942][ T5615] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 120.415963][ T5615] hci_connect_cfm+0x95/0x140 [ 120.415992][ T5615] le_conn_complete_evt+0x1134/0x16b0 [ 120.416017][ T5615] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 120.416037][ T5615] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 120.416064][ T5615] ? lockdep_hardirqs_on+0x7a/0x110 [ 120.416091][ T5615] ? skb_pull_data+0xfb/0x200 [ 120.416123][ T5615] hci_le_conn_complete_evt+0x187/0x470 [ 120.416157][ T5615] hci_event_packet+0x659/0xef0 [ 120.416185][ T5615] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 120.416206][ T5615] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 120.416235][ T5615] ? __pfx_hci_event_packet+0x10/0x10 [ 120.416260][ T5615] ? rt_spin_unlock+0x14f/0x200 [ 120.416284][ T5615] ? hci_send_to_monitor+0xe2/0x590 [ 120.416306][ T5615] hci_rx_work+0x3ee/0x1040 [ 120.416337][ T5615] ? process_scheduled_works+0xa70/0x1860 [ 120.416359][ T5615] process_scheduled_works+0xb5d/0x1860 [ 120.416395][ T5615] ? __pfx_process_scheduled_works+0x10/0x10 [ 120.416420][ T5615] ? assign_work+0x3d5/0x5e0 [ 120.416452][ T5615] worker_thread+0xa53/0xfc0 [ 120.416487][ T5615] kthread+0x388/0x470 [ 120.416514][ T5615] ? __pfx_worker_thread+0x10/0x10 [ 120.416535][ T5615] ? __pfx_kthread+0x10/0x10 [ 120.416563][ T5615] ret_from_fork+0x514/0xb70 [ 120.416588][ T5615] ? __pfx_ret_from_fork+0x10/0x10 [ 120.416608][ T5615] ? __switch_to+0xc79/0x1410 [ 120.416640][ T5615] ? __pfx_kthread+0x10/0x10 [ 120.416671][ T5615] ret_from_fork_asm+0x1a/0x30 [ 120.416704][ T5615] [ 120.417291][ T5615] Kernel Offset: disabled