last executing test programs: 28.338420205s ago: executing program 2 (id=19): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000540)=""/67, 0x0, 0x4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/57, 0xd000}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, 0x0, 0x4000000) 28.302226251s ago: executing program 3 (id=21): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000) sched_setaffinity(r2, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x3) accept4$bt_l2cap(r3, &(0x7f0000000200), 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) 27.165461472s ago: executing program 3 (id=22): ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000040)={'\x00', 0x6, 0x9, 0x1, 0x7, 0x5, 0xffffffffffffffff}) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) socket$packet(0x11, 0x2, 0x300) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0xc8f, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x42, 0x1cb) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) 24.760079538s ago: executing program 2 (id=25): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xfffffffffffffffe) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x1ff) socket$inet(0x2, 0x4000000000000001, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r3}, 0x18) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r4, &(0x7f00000006c0)=[{0x0}], 0x1) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x0, 0x6}, {0x0, 0x0, 0x400000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x0, 0x32}, 0x0, @in=@private=0xa010101, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8) 23.196349611s ago: executing program 2 (id=27): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) 21.506934257s ago: executing program 3 (id=30): socket(0x10, 0x3, 0x0) userfaultfd(0x80800) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x4c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$tipc(0x1e, 0x5, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r2, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffe, 0x0, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080), 0x0, 0x800004, 0x10030, 0x1, 0x0}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x400c9206, 0x0) 21.267652493s ago: executing program 1 (id=32): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000180)={'bond0\x00', &(0x7f0000000040)=@ethtool_pauseparam={0x1, 0x0, 0x2}}) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) capset(&(0x7f0000000440)={0x20071026}, &(0x7f0000000480)={0xac4f, 0x6, 0x1e000000, 0x5, 0xf58f, 0x87923d91}) syz_io_uring_setup(0x5e2, &(0x7f0000000280)={0x0, 0x0, 0x800, 0x0, 0x271}, &(0x7f0000000040), &(0x7f0000000180)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000680)={0x54, r4, 0xfe12482fe0801d67, 0x0, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x9}, {0xc, 0x90, 0x800000000000007}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040010}, 0x4000810) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x18) socket$qrtr(0x2a, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x12, 0x5, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa9f6}, [@exit, @jmp={0x5, 0x0, 0x0, 0x3, 0x3, 0xfffffffffffffffe, 0xffffffffffffffff}]}, &(0x7f0000000340)='GPL\x00', 0x3, 0xbe, &(0x7f00000003c0)=""/190, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x1f, r1, 0x8, &(0x7f0000000540)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000580)={0x0, 0xe, 0x860, 0x7}, 0x10, 0x0, r1, 0x2, 0x0, &(0x7f00000005c0)=[{0x5, 0x5, 0x7, 0x7}, {0x4, 0x5, 0x4, 0xa}], 0x10, 0x5}, 0x94) 20.074662304s ago: executing program 1 (id=33): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_clone3(&(0x7f0000000600)={0xa1000000, 0x0, &(0x7f00000001c0), &(0x7f0000000480), {0x1c}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0x0], 0x1}, 0x58) 19.665317291s ago: executing program 0 (id=34): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setrlimit(0x3, &(0x7f0000000000)={0x3ff, 0x8001}) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) recvmsg(0xffffffffffffffff, 0x0, 0x40000100) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0xe64, 0xb, @loopback, 0x2}, 0x1c) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) execve(&(0x7f0000000140)='./file2\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000000200)={0x2020}, 0x2020) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x8ad01, 0x0) r3 = syz_io_uring_setup(0x49b, &(0x7f0000002180)={0x0, 0xa365, 0x100, 0x3, 0x1b0}, 0x0, &(0x7f0000000280)) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x17, @time={0xbf, 0x316575}, 0x0, {0x6}}) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000040)={0x0, 0x0, 0x1}, 0x1) 19.085238562s ago: executing program 2 (id=35): r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@ipv4_newroute={0x3c, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_SPORT={0x6, 0x1c, 0x4e20}, @RTA_UID={0x8}, @RTA_OIF={0x8}, @RTA_MARK={0x8}]}, 0x3c}}, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r4, 0x5423, 0x0) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2}) ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) request_key(&(0x7f0000000340)='id_legacy\x00', &(0x7f0000000380)={'syz', 0x0}, &(0x7f00000003c0)='/dev/vsock\x00', 0xfffffffffffffffe) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x100000000000f7) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x100) r6 = dup3(r5, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r7, &(0x7f0000000180)=[{&(0x7f0000000140)='2', 0x1}], 0x1) writev(r0, 0x0, 0x0) 17.751362204s ago: executing program 0 (id=36): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x358, 0x800000000000) 16.218892642s ago: executing program 0 (id=37): syz_usb_connect(0x3, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0x7d, 0xa8, 0xe3, 0x40, 0xdba, 0x5000, 0x3d88, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x0, 0x10, [{{0x9, 0x4, 0x8c, 0x0, 0x0, 0x77, 0xb3, 0x6a}}]}}]}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000001280)={r3, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r3) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000004a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x400c0) sendto$inet(r4, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0xffffffffffffffff, 0x0) 15.858809123s ago: executing program 4 (id=38): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x358, 0x800000000000) 15.741398931s ago: executing program 4 (id=39): ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000040)={'\x00', 0x6, 0x9, 0x1, 0x7, 0x5, 0xffffffffffffffff}) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r3, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x10) 14.532680307s ago: executing program 1 (id=40): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x14c) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[]) umount2(&(0x7f00000000c0)='./file1\x00', 0x9) 13.29052394s ago: executing program 4 (id=41): socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x6, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r3, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r3, 0x4e14, 0x913a, 0x41, 0x0, 0x0) 11.512401053s ago: executing program 2 (id=42): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r3, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x10) 11.501615923s ago: executing program 1 (id=43): ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000040)={'\x00', 0x6, 0x9, 0x1, 0x7, 0x5, 0xffffffffffffffff}) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r3, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x10) 11.354945755s ago: executing program 0 (id=44): bpf$MAP_CREATE(0x0, 0x0, 0xb285f305e6b16ca5) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800, 0x8, 0x2}, 0x1c) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f00000000c0)=0x100, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x0, r3}, 0x10) r4 = gettid() munmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000) rt_sigqueueinfo(r4, 0x21, &(0x7f00000002c0)={0x3d}) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x1, r3, 0x8000000, r1}, 0x10) socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'team0\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000005}, 0x0, 0x0) 11.353418936s ago: executing program 4 (id=45): socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}}) io_uring_enter(r3, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r3, 0x4e14, 0x913a, 0x41, 0x0, 0x0) 8.254764228s ago: executing program 4 (id=46): ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000040)={'\x00', 0x6, 0x9, 0x1, 0x7, 0x5, 0xffffffffffffffff}) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, 0x0, 0x800000, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) syz_emit_ethernet(0x2a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) io_uring_register$IORING_REGISTER_NAPI(0xffffffffffffffff, 0x1b, &(0x7f0000000280)={0x80, 0x44}, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) 6.87052968s ago: executing program 1 (id=47): syz_usb_connect(0x3, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0x7d, 0xa8, 0xe3, 0x40, 0xdba, 0x5000, 0x3d88, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x0, 0x10, [{{0x9, 0x4, 0x8c, 0x0, 0x0, 0x77, 0xb3, 0x6a}}]}}]}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, 0x0) r4 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88102) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001280)={r3, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r3) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r5, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}], 0x1, 0x400c0) sendto$inet(r5, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0xffffffffffffffff, 0x0) 6.768566909s ago: executing program 0 (id=48): ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, 0x0) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) socket$packet(0x11, 0x2, 0x300) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0xc8f, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x42, 0x1cb) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) 6.646916406s ago: executing program 3 (id=49): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xdfffffff, 0x5e490420, 0x2, 0x4ce, 0x0, 0x0, 0x0, 0x0, 0x2, 0x88}}, 0x50) syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) 4.703688113s ago: executing program 3 (id=50): ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000040)={'\x00', 0x6, 0x9, 0x1, 0x7, 0x5, 0xffffffffffffffff}) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) socket$packet(0x11, 0x2, 0x300) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) 3.376509109s ago: executing program 4 (id=51): ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000040)={'\x00', 0x6, 0x9, 0x1, 0x7, 0x5, 0xffffffffffffffff}) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) socket$packet(0x11, 0x2, 0x300) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) 3.375081865s ago: executing program 1 (id=52): r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_FILES_UPDATE={0x14, 0x2c, 0x0, 0x0, 0xa78, &(0x7f00000004c0)=[r0, r0, r0], 0x3, 0x0, 0x0, {0x0, r2}}) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f000000e400)={0x2020}, 0x2b0e413b) r5 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r5, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r5, 0xda90) setsockopt$inet_opts(r5, 0x0, 0x4, 0x0, 0x0) accept4(r5, 0x0, 0x0, 0x0) 703.167294ms ago: executing program 2 (id=53): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x358, 0x800000000000) sched_setaffinity(r1, 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r2, 0x3) accept4$bt_l2cap(r2, &(0x7f0000000200), 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) 581.207822ms ago: executing program 3 (id=54): ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000040)={'\x00', 0x6, 0x9, 0x1, 0x7, 0x5, 0xffffffffffffffff}) socket$packet(0x11, 0x2, 0x300) openat$kvm(0xffffffffffffff9c, 0x0, 0x800000, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) syz_emit_ethernet(0x2a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) io_uring_register$IORING_REGISTER_NAPI(0xffffffffffffffff, 0x1b, &(0x7f0000000280)={0x80, 0x44}, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) 0s ago: executing program 0 (id=55): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x26, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0xff, 0x4, 0x81, 0xffffffff, 0x0, 0x17, 0x4, 0x0, [0x0, 0x100000]}}) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x3) r1 = socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac141400080008"], 0x2c}}, 0x0) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0xc0580, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syz_tun\x00'}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@acquire={0x130, 0x17, 0x1, 0xfffffffe, 0x0, {{@in=@private=0xa0100ff}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80, 0x84, 0x0, 0xee00}, {{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20, 0x2b}, {0x0, 0x0, 0x0, 0x4, 0x8000000, 0x9}, {0x10}, 0x9, 0x8000, 0x2, 0x0, 0x1}, 0x6}, [@sec_ctx={0xc, 0x8, {0x8}}]}, 0x130}, 0x1, 0x0, 0x0, 0x1}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts. [ 82.771644][ T5787] cgroup: Unknown subsys name 'net' [ 83.013184][ T5787] cgroup: Unknown subsys name 'cpuset' [ 83.068964][ T5787] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.965245][ T5787] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.846000][ T9] cfg80211: failed to load regulatory.db [ 87.243587][ T5805] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.245941][ T5805] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.268442][ T5805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.273081][ T5807] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.275003][ T5807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.276528][ T5807] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.277455][ T5807] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.278548][ T5805] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.280478][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.284851][ T5807] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.454851][ T5118] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.470753][ T5805] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.473507][ T5805] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.474759][ T5805] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.498331][ T5805] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.502073][ T5805] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.504557][ T5805] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.505350][ T5805] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.533007][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.535182][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.536244][ T5805] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.568363][ T5805] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.569282][ T5805] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.571000][ T5805] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.571527][ T5805] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.342066][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 88.384678][ T5799] chnl_net:caif_netlink_parms(): no params data found [ 88.693595][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 88.716957][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 88.736676][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 89.376495][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.377456][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.377782][ T5800] bridge_slave_0: entered allmulticast mode [ 89.381617][ T5800] bridge_slave_0: entered promiscuous mode [ 89.399273][ T5807] Bluetooth: hci0: command tx timeout [ 89.399461][ T5805] Bluetooth: hci1: command tx timeout [ 89.422370][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.422470][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.422586][ T5799] bridge_slave_0: entered allmulticast mode [ 89.424125][ T5799] bridge_slave_0: entered promiscuous mode [ 89.440374][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.440595][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.441103][ T5800] bridge_slave_1: entered allmulticast mode [ 89.443926][ T5800] bridge_slave_1: entered promiscuous mode [ 89.558221][ T5805] Bluetooth: hci4: command tx timeout [ 89.619015][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.619122][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.619232][ T5799] bridge_slave_1: entered allmulticast mode [ 89.620642][ T5799] bridge_slave_1: entered promiscuous mode [ 89.639195][ T5807] Bluetooth: hci2: command tx timeout [ 89.639397][ T5805] Bluetooth: hci3: command tx timeout [ 90.092712][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.092931][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.093159][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.093325][ T5810] bridge_slave_0: entered allmulticast mode [ 90.095024][ T5810] bridge_slave_0: entered promiscuous mode [ 90.241485][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.241559][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.241672][ T5809] bridge_slave_0: entered allmulticast mode [ 90.243029][ T5809] bridge_slave_0: entered promiscuous mode [ 90.258849][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.259155][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.259293][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.259456][ T5810] bridge_slave_1: entered allmulticast mode [ 90.262260][ T5810] bridge_slave_1: entered promiscuous mode [ 90.272137][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.272355][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.272474][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.272632][ T5811] bridge_slave_0: entered allmulticast mode [ 90.276582][ T5811] bridge_slave_0: entered promiscuous mode [ 90.283992][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.284166][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.284346][ T5809] bridge_slave_1: entered allmulticast mode [ 90.290812][ T5809] bridge_slave_1: entered promiscuous mode [ 90.482290][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.482667][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.482778][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.482886][ T5811] bridge_slave_1: entered allmulticast mode [ 90.484114][ T5811] bridge_slave_1: entered promiscuous mode [ 91.111605][ T5800] team0: Port device team_slave_0 added [ 91.115108][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.252330][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.254405][ T5800] team0: Port device team_slave_1 added [ 91.256688][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.268734][ T5799] team0: Port device team_slave_0 added [ 91.273710][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.279148][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.420744][ T5799] team0: Port device team_slave_1 added [ 91.423136][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.478190][ T5807] Bluetooth: hci0: command tx timeout [ 91.478297][ T5805] Bluetooth: hci1: command tx timeout [ 91.638176][ T5805] Bluetooth: hci4: command tx timeout [ 91.718181][ T5807] Bluetooth: hci2: command tx timeout [ 91.718267][ T5805] Bluetooth: hci3: command tx timeout [ 91.860065][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.860079][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.860093][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.863796][ T5810] team0: Port device team_slave_0 added [ 92.201352][ T5809] team0: Port device team_slave_0 added [ 92.202177][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.202192][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.202215][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.204680][ T5810] team0: Port device team_slave_1 added [ 92.205229][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.205237][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.205247][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.207651][ T5811] team0: Port device team_slave_0 added [ 92.210588][ T5809] team0: Port device team_slave_1 added [ 92.349552][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.349567][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.349579][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.410835][ T5811] team0: Port device team_slave_1 added [ 92.610495][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.610506][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.610517][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.613456][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.613472][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.613487][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.809841][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.809854][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.809869][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.811417][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.811427][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.811441][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.812413][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.812423][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.812436][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.025034][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.025049][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.025064][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.034363][ T5800] hsr_slave_0: entered promiscuous mode [ 93.035871][ T5800] hsr_slave_1: entered promiscuous mode [ 93.205886][ T5799] hsr_slave_0: entered promiscuous mode [ 93.206698][ T5799] hsr_slave_1: entered promiscuous mode [ 93.207304][ T5799] debugfs: 'hsr0' already exists in 'hsr' [ 93.207376][ T5799] Cannot create hsr debugfs directory [ 93.558454][ T5807] Bluetooth: hci0: command tx timeout [ 93.558468][ T5805] Bluetooth: hci1: command tx timeout [ 93.624927][ T5810] hsr_slave_0: entered promiscuous mode [ 93.625863][ T5810] hsr_slave_1: entered promiscuous mode [ 93.626451][ T5810] debugfs: 'hsr0' already exists in 'hsr' [ 93.626475][ T5810] Cannot create hsr debugfs directory [ 93.718196][ T5807] Bluetooth: hci4: command tx timeout [ 93.794417][ T5809] hsr_slave_0: entered promiscuous mode [ 93.795259][ T5809] hsr_slave_1: entered promiscuous mode [ 93.795750][ T5809] debugfs: 'hsr0' already exists in 'hsr' [ 93.795768][ T5809] Cannot create hsr debugfs directory [ 93.798109][ T5807] Bluetooth: hci3: command tx timeout [ 93.798137][ T5807] Bluetooth: hci2: command tx timeout [ 93.987208][ T5811] hsr_slave_0: entered promiscuous mode [ 93.991465][ T5811] hsr_slave_1: entered promiscuous mode [ 93.992573][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 93.992595][ T5811] Cannot create hsr debugfs directory [ 95.334251][ T5800] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.366178][ T5800] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.403648][ T5800] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.459756][ T5800] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.593671][ T5811] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.627770][ T5811] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.638198][ T5805] Bluetooth: hci1: command tx timeout [ 95.638226][ T5805] Bluetooth: hci0: command tx timeout [ 95.674533][ T5811] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.726596][ T5811] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.799460][ T5807] Bluetooth: hci4: command tx timeout [ 95.852816][ T5810] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.878442][ T5807] Bluetooth: hci2: command tx timeout [ 95.878451][ T5805] Bluetooth: hci3: command tx timeout [ 95.903620][ T5810] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.934667][ T5810] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.004020][ T5810] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.151996][ T5809] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.189256][ T5809] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.231310][ T5809] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.282782][ T5809] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.429671][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.433478][ T5799] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.488556][ T5799] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.537043][ T5799] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.580660][ T5799] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.674279][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.700054][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.727516][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.735836][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.771625][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.771926][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.821783][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.863178][ T88] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.863298][ T88] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.886454][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.902556][ T88] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.902644][ T88] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.996226][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.024125][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.064149][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.064299][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.122027][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.123945][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.192343][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.237185][ T3083] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.237412][ T3083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.261910][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.308894][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.309055][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.375026][ T5799] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.461095][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.461246][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.512805][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.512990][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.685667][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.742459][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.100571][ T5811] veth0_vlan: entered promiscuous mode [ 98.146376][ T5811] veth1_vlan: entered promiscuous mode [ 98.205531][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.251550][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.410843][ T5811] veth0_macvtap: entered promiscuous mode [ 98.444143][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.446775][ T5811] veth1_macvtap: entered promiscuous mode [ 98.506248][ T5809] veth0_vlan: entered promiscuous mode [ 98.521826][ T5810] veth0_vlan: entered promiscuous mode [ 98.555589][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.582459][ T5809] veth1_vlan: entered promiscuous mode [ 98.583909][ T5810] veth1_vlan: entered promiscuous mode [ 98.599921][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.652210][ T88] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.654572][ T5800] veth0_vlan: entered promiscuous mode [ 98.656806][ T88] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.677687][ T88] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.691808][ T88] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.744872][ T5800] veth1_vlan: entered promiscuous mode [ 98.806953][ T5799] veth0_vlan: entered promiscuous mode [ 98.935334][ T5809] veth0_macvtap: entered promiscuous mode [ 98.947666][ T5810] veth0_macvtap: entered promiscuous mode [ 98.959491][ T5799] veth1_vlan: entered promiscuous mode [ 98.977707][ T5809] veth1_macvtap: entered promiscuous mode [ 98.991984][ T5810] veth1_macvtap: entered promiscuous mode [ 99.062429][ T1449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.062450][ T1449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.142619][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.144117][ T5800] veth0_macvtap: entered promiscuous mode [ 99.175426][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.195354][ T88] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.195369][ T88] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.197378][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.222507][ T5800] veth1_macvtap: entered promiscuous mode [ 99.225437][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.281787][ T88] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.284000][ T5799] veth0_macvtap: entered promiscuous mode [ 99.305547][ T88] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.321298][ T88] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.333177][ T88] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.351363][ T88] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.354146][ T5799] veth1_macvtap: entered promiscuous mode [ 99.357566][ T88] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.388736][ T88] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.457074][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.505819][ T88] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.613346][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.728280][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.728319][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.168028][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.268032][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.368047][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.368080][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.762072][ T3493] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.817653][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.825490][ T3493] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.841721][ T3493] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.846796][ T3493] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.864021][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.903487][ T5910] IPVS: starting estimator thread 0... [ 100.988561][ T5922] IPVS: using max 7 ests per chain, 16800 per kthread [ 101.105444][ T3493] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.122965][ T3493] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.126950][ T3493] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.092703][ T3493] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.201319][ T1012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.201341][ T1012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.238034][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.248089][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.258062][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.263798][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.939904][ T3519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.939931][ T3519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.143229][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.143252][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.216021][ T3083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.216042][ T3083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.422624][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.422646][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.493326][ T88] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.493343][ T88] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.696509][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.696531][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.855213][ T88] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.855235][ T88] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.259748][ T5915] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 108.447686][ T5915] usb 4-1: config 1 has an invalid interface number: 140 but max is 0 [ 108.447718][ T5915] usb 4-1: config 1 has no interface number 0 [ 108.447794][ T5915] usb 4-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice=3d.88 [ 108.447817][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.762454][ T5915] usb 4-1: MBOX3: Invalid descriptor size=18. [ 110.653548][ T5968] capability: warning: `syz.4.5' uses 32-bit capabilities (legacy support in use) [ 111.472958][ T10] usb 4-1: USB disconnect, device number 2 [ 117.948775][ T5972] nvme_fabrics: missing parameter 'transport=%s' [ 117.948794][ T5972] nvme_fabrics: missing parameter 'nqn=%s' [ 120.542134][ T6001] process 'syz.0.14' launched './file2' with NULL argv: empty string added [ 121.102275][ T5965] syz.4.5 (5965): drop_caches: 2 [ 122.868161][ T5980] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 123.061257][ T5980] usb 5-1: config 1 has an invalid interface number: 140 but max is 0 [ 123.061298][ T5980] usb 5-1: config 1 has no interface number 0 [ 123.061435][ T5980] usb 5-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice=3d.88 [ 123.061461][ T5980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.048710][ T5805] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 124.048736][ T5805] CPU: 1 UID: 0 PID: 5805 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 124.048760][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 124.048774][ T5805] Workqueue: hci3 hci_rx_work [ 124.048800][ T5805] Call Trace: [ 124.048808][ T5805] [ 124.048818][ T5805] dump_stack_lvl+0xe8/0x150 [ 124.048851][ T5805] sysfs_create_dir_ns+0x259/0x280 [ 124.048896][ T5805] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 124.048926][ T5805] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 124.048961][ T5805] ? rt_spin_unlock+0x161/0x200 [ 124.048992][ T5805] kobject_add_internal+0x6b1/0xcd0 [ 124.049028][ T5805] kobject_add+0x155/0x220 [ 124.049058][ T5805] ? __pfx_kobject_add+0x10/0x10 [ 124.049091][ T5805] ? get_device_parent+0x370/0x3a0 [ 124.049119][ T5805] device_add+0x408/0xb80 [ 124.049157][ T5805] hci_conn_add_sysfs+0xd5/0x210 [ 124.049192][ T5805] le_conn_complete_evt+0xf1d/0x1420 [ 124.049229][ T5805] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 124.049257][ T5805] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 124.049279][ T5805] ? lockdep_hardirqs_on+0x7b/0x110 [ 124.049302][ T5805] ? skb_pull_data+0xfb/0x200 [ 124.049339][ T5805] hci_le_conn_complete_evt+0x187/0x480 [ 124.049371][ T5805] hci_event_packet+0x78f/0x1260 [ 124.049395][ T5805] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 124.049422][ T5805] ? __pfx_hci_event_packet+0x10/0x10 [ 124.049442][ T5805] ? preempt_schedule_common+0x83/0xd0 [ 124.049463][ T5805] ? preempt_schedule_thunk+0x16/0x30 [ 124.049492][ T5805] ? hci_send_to_monitor+0xe2/0x590 [ 124.049523][ T5805] hci_rx_work+0x3ee/0x1060 [ 124.049545][ T5805] ? preempt_schedule_thunk+0x16/0x30 [ 124.049570][ T5805] ? process_scheduled_works+0x9ef/0x1770 [ 124.049602][ T5805] process_scheduled_works+0xad1/0x1770 [ 124.049661][ T5805] ? __pfx_process_scheduled_works+0x10/0x10 [ 124.049681][ T5805] ? do_raw_spin_lock+0x121/0x290 [ 124.049724][ T5805] worker_thread+0x8a0/0xda0 [ 124.049764][ T5805] ? __kthread_parkme+0x7b/0x200 [ 124.049801][ T5805] kthread+0x711/0x8a0 [ 124.049833][ T5805] ? __pfx_worker_thread+0x10/0x10 [ 124.049857][ T5805] ? __pfx_kthread+0x10/0x10 [ 124.049882][ T5805] ? rt_spin_unlock+0x150/0x200 [ 124.049913][ T5805] ? rt_spin_unlock+0x161/0x200 [ 124.049937][ T5805] ? __pfx_kthread+0x10/0x10 [ 124.049966][ T5805] ret_from_fork+0x510/0xa50 [ 124.049992][ T5805] ? __pfx_ret_from_fork+0x10/0x10 [ 124.050010][ T5805] ? __switch_to+0xc9e/0x1480 [ 124.050039][ T5805] ? __pfx_kthread+0x10/0x10 [ 124.050066][ T5805] ret_from_fork_asm+0x1a/0x30 [ 124.050117][ T5805] [ 124.050258][ T5805] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 124.050303][ T5805] Bluetooth: hci3: failed to register connection device [ 124.105405][ T830] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 124.155589][ T5980] usb 5-1: MBOX3: Invalid descriptor size=18. [ 124.260698][ T830] usb 1-1: config 1 has an invalid interface number: 140 but max is 0 [ 124.260725][ T830] usb 1-1: config 1 has no interface number 0 [ 124.260773][ T830] usb 1-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice=3d.88 [ 124.260795][ T830] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.407303][ T830] usb 1-1: MBOX3: Invalid descriptor size=18. [ 125.777261][ T830] usb 1-1: USB disconnect, device number 2 [ 126.393134][ T5951] usb 5-1: USB disconnect, device number 2 [ 129.528623][ T6065] nvme_fabrics: missing parameter 'transport=%s' [ 129.528642][ T6065] nvme_fabrics: missing parameter 'nqn=%s' [ 130.123489][ T6076] capability: warning: `syz.1.32' uses deprecated v2 capabilities in a way that may be insecure [ 133.004358][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.005771][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.489754][ T5806] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 136.179205][ T5806] usb 1-1: config 1 has an invalid interface number: 140 but max is 0 [ 136.179237][ T5806] usb 1-1: config 1 has no interface number 0 [ 136.179288][ T5806] usb 1-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice=3d.88 [ 136.179311][ T5806] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.372080][ T5806] usb 1-1: MBOX3: Invalid descriptor size=18. [ 138.001685][ T6089] syz.2.35 (6089): drop_caches: 2 [ 138.092475][ T6112] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 139.748983][ T5950] usb 1-1: USB disconnect, device number 3 [ 144.628116][ T5980] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 144.634962][ T6138] fuse: Unknown parameter 'group_i00000000000000000000' [ 144.850339][ T5980] usb 2-1: config 1 has an invalid interface number: 140 but max is 0 [ 144.850370][ T5980] usb 2-1: config 1 has no interface number 0 [ 144.850421][ T5980] usb 2-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice=3d.88 [ 144.850446][ T5980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.918838][ T5980] usb 2-1: MBOX3: Invalid descriptor size=18. [ 147.508876][ T6010] usb 2-1: USB disconnect, device number 2 [ 152.028995][ T5807] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 152.028995][ T5807] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 152.029022][ T5807] CPU: 1 UID: 0 PID: 5807 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 152.029048][ T5807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 152.029062][ T5807] Workqueue: hci2 hci_rx_work [ 152.029093][ T5807] Call Trace: [ 152.029102][ T5807] [ 152.029112][ T5807] dump_stack_lvl+0xe8/0x150 [ 152.029146][ T5807] sysfs_create_dir_ns+0x259/0x280 [ 152.029173][ T5807] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 152.029202][ T5807] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 152.029236][ T5807] ? rt_spin_unlock+0x161/0x200 [ 152.029265][ T5807] kobject_add_internal+0x6b1/0xcd0 [ 152.029299][ T5807] kobject_add+0x155/0x220 [ 152.029330][ T5807] ? __pfx_kobject_add+0x10/0x10 [ 152.029362][ T5807] ? get_device_parent+0x370/0x3a0 [ 152.029391][ T5807] device_add+0x408/0xb80 [ 152.029420][ T5807] hci_conn_add_sysfs+0xd5/0x210 [ 152.029456][ T5807] le_conn_complete_evt+0xf1d/0x1420 [ 152.029496][ T5807] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 152.029523][ T5807] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 152.029546][ T5807] ? lockdep_hardirqs_on+0x7b/0x110 [ 152.029569][ T5807] ? skb_pull_data+0xfb/0x200 [ 152.029606][ T5807] hci_le_conn_complete_evt+0x187/0x480 [ 152.029641][ T5807] hci_event_packet+0x78f/0x1260 [ 152.029665][ T5807] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 152.029692][ T5807] ? __pfx_hci_event_packet+0x10/0x10 [ 152.029711][ T5807] ? rt_spin_unlock+0x150/0x200 [ 152.029751][ T5807] ? hci_send_to_monitor+0xe2/0x590 [ 152.029792][ T5807] hci_rx_work+0x3ee/0x1060 [ 152.029822][ T5807] ? process_scheduled_works+0x9ef/0x1770 [ 152.029849][ T5807] process_scheduled_works+0xad1/0x1770 [ 152.029906][ T5807] ? __pfx_process_scheduled_works+0x10/0x10 [ 152.029925][ T5807] ? do_raw_spin_lock+0x121/0x290 [ 152.029975][ T5807] worker_thread+0x8a0/0xda0 [ 152.030016][ T5807] ? __kthread_parkme+0x7b/0x200 [ 152.030054][ T5807] kthread+0x711/0x8a0 [ 152.030087][ T5807] ? __pfx_worker_thread+0x10/0x10 [ 152.030110][ T5807] ? __pfx_kthread+0x10/0x10 [ 152.030136][ T5807] ? rt_spin_unlock+0x150/0x200 [ 152.030170][ T5807] ? rt_spin_unlock+0x161/0x200 [ 152.030196][ T5807] ? __pfx_kthread+0x10/0x10 [ 152.030226][ T5807] ret_from_fork+0x510/0xa50 [ 152.030253][ T5807] ? __pfx_ret_from_fork+0x10/0x10 [ 152.030274][ T5807] ? __switch_to+0xc9e/0x1480 [ 152.030308][ T5807] ? __pfx_kthread+0x10/0x10 [ 152.030338][ T5807] ret_from_fork_asm+0x1a/0x30 [ 152.030386][ T5807] [ 152.030552][ T5807] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 152.030594][ T5807] Bluetooth: hci2: failed to register connection device [ 152.050612][ T5807] Oops: general protection fault, probably for non-canonical address 0xdffffc000000006b: 0000 [#1] SMP KASAN PTI [ 152.050636][ T5807] KASAN: null-ptr-deref in range [0x0000000000000358-0x000000000000035f] [ 152.050656][ T5807] CPU: 0 UID: 0 PID: 5807 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 152.050677][ T5807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 152.050696][ T5807] Workqueue: hci2 hci_rx_work [ 152.050719][ T5807] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 152.050739][ T5807] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e [ 152.050754][ T5807] RSP: 0018:ffffc90004c7f340 EFLAGS: 00010202 [ 152.050769][ T5807] RAX: dffffc0000000000 RBX: ffffffff88ab2dce RCX: 0000000080000001 [ 152.050783][ T5807] RDX: 0000000000000000 RSI: ffffffff88ab2dce RDI: 000000000000006b [ 152.050795][ T5807] RBP: ffffffff89da1826 R08: 0000000000000001 R09: 0000000000000000 [ 152.050807][ T5807] R10: dffffc0000000000 R11: ffffffff89da17e0 R12: 0000000000000000 [ 152.050819][ T5807] R13: 0000000000000358 R14: 0000000000000358 R15: 0000000000000001 [ 152.050830][ T5807] FS: 0000000000000000(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000 [ 152.050845][ T5807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 152.050858][ T5807] CR2: 0000001b2f515ff8 CR3: 0000000027e26000 CR4: 00000000003526f0 [ 152.050876][ T5807] Call Trace: [ 152.050883][ T5807] [ 152.050890][ T5807] __kasan_check_byte+0x12/0x40 [ 152.050917][ T5807] lock_acquire+0x84/0x340 [ 152.050941][ T5807] ? work_grab_pending+0x3d6/0x8e0 [ 152.050965][ T5807] lock_sock_nested+0x3e/0x130 [ 152.050981][ T5807] ? l2cap_sock_ready_cb+0x46/0x170 [ 152.051008][ T5807] l2cap_sock_ready_cb+0x46/0x170 [ 152.051035][ T5807] l2cap_le_start+0xb0d/0x13b0 [ 152.051061][ T5807] ? __pfx_l2cap_le_start+0x10/0x10 [ 152.051085][ T5807] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 152.051104][ T5807] ? lockdep_hardirqs_on+0x7b/0x110 [ 152.051124][ T5807] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 152.051145][ T5807] ? mutex_lock_nested+0x154/0x1d0 [ 152.051167][ T5807] ? l2cap_connect_cfm+0x661/0x10e0 [ 152.051191][ T5807] l2cap_connect_cfm+0x6aa/0x10e0 [ 152.051217][ T5807] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 152.051239][ T5807] ? lockdep_hardirqs_on+0x7b/0x110 [ 152.051255][ T5807] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 152.051273][ T5807] ? mutex_lock_nested+0x154/0x1d0 [ 152.051294][ T5807] ? hci_connect_cfm+0x2c/0x140 [ 152.051313][ T5807] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 152.051336][ T5807] hci_connect_cfm+0x95/0x140 [ 152.051357][ T5807] le_conn_complete_evt+0xf65/0x1420 [ 152.051382][ T5807] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 152.051403][ T5807] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 152.051420][ T5807] ? lockdep_hardirqs_on+0x7b/0x110 [ 152.051438][ T5807] ? skb_pull_data+0xfb/0x200 [ 152.051463][ T5807] hci_le_conn_complete_evt+0x187/0x480 [ 152.051485][ T5807] hci_event_packet+0x78f/0x1260 [ 152.051504][ T5807] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 152.051524][ T5807] ? __pfx_hci_event_packet+0x10/0x10 [ 152.051539][ T5807] ? rt_spin_unlock+0x150/0x200 [ 152.051565][ T5807] ? hci_send_to_monitor+0xe2/0x590 [ 152.051588][ T5807] hci_rx_work+0x3ee/0x1060 [ 152.051608][ T5807] ? process_scheduled_works+0x9ef/0x1770 [ 152.051627][ T5807] process_scheduled_works+0xad1/0x1770 [ 152.051655][ T5807] ? __pfx_process_scheduled_works+0x10/0x10 [ 152.051673][ T5807] ? do_raw_spin_lock+0x121/0x290 [ 152.051706][ T5807] worker_thread+0x8a0/0xda0 [ 152.051729][ T5807] ? __kthread_parkme+0x7b/0x200 [ 152.051752][ T5807] kthread+0x711/0x8a0 [ 152.051776][ T5807] ? __pfx_worker_thread+0x10/0x10 [ 152.051795][ T5807] ? __pfx_kthread+0x10/0x10 [ 152.051816][ T5807] ? rt_spin_unlock+0x150/0x200 [ 152.051839][ T5807] ? rt_spin_unlock+0x161/0x200 [ 152.051861][ T5807] ? __pfx_kthread+0x10/0x10 [ 152.051884][ T5807] ret_from_fork+0x510/0xa50 [ 152.051903][ T5807] ? __pfx_ret_from_fork+0x10/0x10 [ 152.051920][ T5807] ? __switch_to+0xc9e/0x1480 [ 152.051946][ T5807] ? __pfx_kthread+0x10/0x10 [ 152.051968][ T5807] ret_from_fork_asm+0x1a/0x30 [ 152.051999][ T5807] [ 152.052005][ T5807] Modules linked in: [ 152.052018][ T5807] ---[ end trace 0000000000000000 ]--- [ 152.052029][ T5807] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 152.052046][ T5807] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e [ 152.052060][ T5807] RSP: 0018:ffffc90004c7f340 EFLAGS: 00010202 [ 152.052075][ T5807] RAX: dffffc0000000000 RBX: ffffffff88ab2dce RCX: 0000000080000001 [ 152.052088][ T5807] RDX: 0000000000000000 RSI: ffffffff88ab2dce RDI: 000000000000006b [ 152.052099][ T5807] RBP: ffffffff89da1826 R08: 0000000000000001 R09: 0000000000000000 [ 152.052112][ T5807] R10: dffffc0000000000 R11: ffffffff89da17e0 R12: 0000000000000000 [ 152.052126][ T5807] R13: 0000000000000358 R14: 0000000000000358 R15: 0000000000000001 [ 152.052139][ T5807] FS: 0000000000000000(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000 [ 152.052155][ T5807] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 152.052167][ T5807] CR2: 0000001b2f515ff8 CR3: 0000000027e26000 CR4: 00000000003526f0 [ 152.052187][ T5807] Kernel panic - not syncing: Fatal exception [ 152.052346][ T5807] Kernel Offset: disabled