last executing test programs: 5.340641016s ago: executing program 2 (id=3): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) syz_open_dev$vim2m(0x0, 0x7, 0x2) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000000c0)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6ae", 0x20) accept4(r2, 0x0, 0x0, 0x80000) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{r3, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000380)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.18777507s ago: executing program 0 (id=1): openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_usb_connect$cdc_ncm(0x3, 0x73, &(0x7f0000000000)=ANY=[@ANYBLOB="12015002020000202505a1a440000102030109026100020108b90a0904000001020d00000a240600019eea7d3ee20524000b000d240f01060000000100ff0f0706241a0700200905810310007f01080904010000020d00000904010102020d000009058202400004da0a09050302080006fff8"], &(0x7f0000000280)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0x4a, 0x3, 0x1, 0xff, 0x1}, 0x81, &(0x7f0000000140)={0x5, 0xf, 0x81, 0x5, [@generic={0x3d, 0x10, 0x2, "e3ecf9da0370449cc33dc8fce292d57ba51707e0f4e4ca929a55c2c416027efa5aedf1d700490da99d55ff25d781fc93bd5e4a940649db0cba15"}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "e53a8404a400e0efb28b5afa2d8215fd"}, @ss_container_id={0x14, 0x10, 0x4, 0x80, "a25c53bd463e77b0440a8665a9b21ba4"}, @ss_container_id={0x14, 0x10, 0x4, 0x81, "eceef15d5fdb496039168160442630e9"}, @ptm_cap={0x3}]}, 0x1, [{0x49, &(0x7f0000000200)=@string={0x49, 0x3, "eba8903045ac1f10f1d6e057568f3623fdc318e058b6c15c2cf2abd5c0ef789f3752a4ef0005483fc4d6325d4dcd33916fd79f2ce57e8f86795c28826f992ce9a8d7723f711e4e"}}]}) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x6) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82) r1 = fanotify_init(0x81, 0x40000) fanotify_mark(r1, 0x105, 0x40001032, r0, 0x0) syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000173000/0x1000)=nil, 0x1000, 0x0, 0x13, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r5, 0xffffffffffffffff, 0x3, 0x5) write$FUSE_INIT(r6, &(0x7f00000006c0)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0x22911c0, 0x1, 0xc36, 0x4, 0xffffbe9e, 0x0, 0x0, 0x2, 0xe}}, 0x50) ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x1f) r7 = syz_open_dev$usbfs(&(0x7f0000000140), 0x76, 0x101301) ioctl$USBDEVFS_ALLOC_STREAMS(r7, 0x8008551c, &(0x7f0000000580)=ANY=[@ANYBLOB="b08d00000100000081718374b58e8cb7e8d8a3956e424a7b2badbc941abffcab8fc534600de02f805c99a7f0fd6aae285b0e0e0af2151677dd0028592d8a67ab8426c5a5b8e51be34137cfecbd9d5f82fdb18f249152afcfe38d19b952a291555234d218ec8571aa32f1e4b66972f1ba3638c51042cab125d23ddb"]) 5.096616771s ago: executing program 1 (id=2): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x2004000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000018, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x400000000000000) socket$inet_tcp(0x2, 0x1, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x14, 0x51b, 0x70bd28, 0x25dfdbff, {0x11}}, 0x14}, 0x1, 0x0, 0x0, 0x2400a051}, 0x44000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0) ioctl$COMEDI_CMD(r7, 0x80506409, &(0x7f0000000180)={0x0, 0x1, 0x2, 0x6dd, 0x10, 0x200, 0x10, 0x3, 0x20, 0xffffffff, 0x20, 0x7, &(0x7f00000000c0)=[0x4], 0x1, 0x0}) mremap(&(0x7f00000ab000/0x4000)=nil, 0x4000, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x28, r8, 0x1, 0x0, 0x4000, {{0x2}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16f8}]]}, 0x28}, 0x1, 0x0, 0x0, 0x40005}, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000340)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 4.123022744s ago: executing program 2 (id=6): syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="fffffff1ffffbbbbbbbbbbbb86dd606b88ef00483a00fc01000000000000000000000000aa020090780000000060bdd7c300003300000000000000000000cb00000000000001fe8000000000000000000000000000aa29010007"], 0x0) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c) setsockopt$inet_mreqn(r0, 0xa4ff, 0x25, &(0x7f0000000080)={@multicast1, @local}, 0xc) 4.017010528s ago: executing program 1 (id=7): bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x1, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x9, 0x0, 0x0, 0x0, 0x61, 0x11, 0x10}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe, 0x0, 0x0, r0}, 0x94) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00'}) 3.834531212s ago: executing program 2 (id=8): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00'}) socket$can_j1939(0x1d, 0x2, 0x7) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48}) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r4, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) dup(r5) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x11, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) bind$packet(r7, &(0x7f00000001c0)={0x11, 0x0, r9, 0x1, 0x2, 0x6, @broadcast}, 0x14) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) r11 = socket(0x22, 0x2, 0x24) setsockopt$RXRPC_SECURITY_KEY(r11, 0x110, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 3.83363882s ago: executing program 1 (id=9): ioctl$KVM_SET_SREGS2(0xffffffffffffffff, 0x4140aecd, &(0x7f0000000280)={{0xdddd1000, 0x9000, 0xb, 0x2, 0xf7, 0x4, 0x8, 0x4, 0xa, 0x1, 0x1, 0x5}, {0x8000000, 0xa000, 0xa, 0xf, 0x6, 0x81, 0x0, 0x80, 0xb, 0x6, 0x10, 0x2}, {0x1, 0x100000, 0x4, 0x2, 0x47, 0x5, 0xb, 0xf, 0x5, 0x4, 0x25, 0x8}, {0xe000, 0x9000, 0xb, 0x58, 0x0, 0x9, 0x6, 0x6, 0x9, 0xf7, 0x3, 0x10}, {0x50000, 0x4, 0x0, 0xc2, 0x3, 0xfa, 0x4, 0x6, 0xf, 0x0, 0x0, 0x2b}, {0x7000, 0x3332f000, 0xd, 0x3, 0x0, 0x2, 0x7, 0x5, 0x9, 0x5, 0x5, 0xda}, {0xa000, 0x58000, 0xc, 0x5, 0x8, 0x9, 0x7, 0xf, 0x2, 0x0, 0x4, 0x3}, {0x200000, 0x25000, 0xf, 0x1, 0x80, 0x4, 0x4, 0x57, 0x5, 0x8, 0x5, 0xd}, {}, {0xf000, 0x101}, 0x40000001, 0x0, 0x3000, 0x400041, 0x0, 0x0, 0xb000, 0x0, [0x9, 0x6, 0x6, 0xee38]}) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000440)={{0x80}, 'port1\x00', 0x72, 0x220000, 0x0, 0x8000008, 0x4, 0x2, 0x1, 0x0, 0x7cce8c743ee810df, 0xa5}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x40, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}, @NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xbc}}, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e23, 0x3ff, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffe}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f0000000200)={0x800080, 0x858, 0x8, 0xc, 0x43, 0x558}) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336be", 0x95}, {0x0}], 0x2}}], 0x1, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000034000000040000000000000014000000000000002900000034000000fdffffff0000000000010000000000002900000004000000041c000000000000fe72f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc00f3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5801409e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad0738000000010c7a0180050000000000000009000000000000000400000000000000060000000000000000040000000000000b0000000000000005020a7e00010005020bf4c910fc0200000000000000000000780e000000000000000000140000000000000029000000340000000000000000000000700100000000000029000000360000005e2a000000000000ff4150d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70000100000100010800000000000000000708000000030000ff0f07100000000002070600ff7f00000000000008c6c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e86ab3030700008000000000000001082bdb86d1ce6a20c2000000000020000000000000002900000037000000730000000000000000010000000000001400000000000000290000000b000000000000020000000018000000000000002900000039000000000000000000000038"], 0x340}}, {{&(0x7f0000000300)={0xa, 0x4e20, 0x400, @empty, 0x7}, 0x1c, &(0x7f0000000f00)=[{&(0x7f0000000540)="a22caaffe37d4620d1a9427c00787b63b26c5b83ef8ce8f8fe823d77c642dd73361c1f115fdce55de92bede6e812191b9780a257fa4fb3bba896dc1a01fcc30adb201f2ee3a5c8676d6b812ec2342bd0723b7db488a027513df1870c31ffba527c5dfb132cb48cbc2e0f", 0x6a}, {0x0}, {&(0x7f00000006c0)}, {&(0x7f0000000700)="e59c889c8be9e17c21882a76c6907239d44f6a0efb65359c6a8e5e", 0x1b}], 0x4}}], 0x2, 0x810) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x20004040) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) epoll_create1(0x80000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="280000002d000100000000000000000008000000", @ANYRES32], 0x28}], 0x1}, 0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x4]}, 0x8, 0x800) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x9, 0x307}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}, {0xe, 0xffff}}}, 0x24}}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x6) r5 = socket$alg(0x26, 0x5, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000740)={"373ab6e870bf64ef25ad87deef94c3b7350df627ea76a6efbd6c33a19e5dde0b3718dac0c2b8e833beb9e0347000fc7332c43a3128856f23df4628fb1e54b1745094c19bc88c190192f58dda884b3296f7cd6373842bff61047e0697c9af6e9f62b88fd21621b527902efdae6efd3516c7e5a36f4aaa12cd1b3ac0686db46783f45fe6aa2515ab6996b4807b0d9575a9061a775ef515a40b97c34035e8e412b9200000001000000062a07ab97f50ff5deb8a5978611317016887694245b363252230bbe17ed0f591f935d8e4ae7563eeff2fdfad8a775f0a4b15f63f5c4851df9aef747ace240cec55ce1659c08d38714245835e15291c4973ade3b2006d8870a1d739eb8e7a284e23f660b2061e31a70627be4acb16ecbe8a4edde1c5397c761a2fe0690f5d580ebf35b8640441ddf47d1f67a5e2d892f14a4f88412ce3cc8ec4d0580729c8638502410837253d6ac316ee9c6a24eb5d83463ff9bdf81f31c12b04adec97fe1377d2f29067e5f6f48cc123f2c4c02afe60d224c7d974a63c1aa9b110d2187f18de3753b57c630eab26238e8201501a007da99f1d07f76c4da113859ab55792049a15c5d83051f41ae951912eb81154f2398a729b6d6c51d6850bddcd4b35b24996e4ec707d1a744dff58ea5030fcd6b46a468ac029f86be30c7c3d5708e3871fed2e63b9c3ad265350e87e9fc44696eadeecc1ff67e30b64be27f480180d26218d031380149bcc31bd712063e9c09ed5329a530800000025d79eb9d4491d82d2b7a3d7d0cf9286396fcb8c2ccf1655b3ba420c36c3fb88d788308e947cc15e0957a98a843911c954c2a2feccd60d0000da8330cd1de951bcd767cf211a241c882b8d5e608fc0e796afead2a7b05018b4ae6c034c4c4997868343a5d064838dd0aca0d21b429665a0a1b4fd17cd34e711cee01d2348dc5871cca7ab4e4924f6f4bc29e7dbfae6788549e600000000271cd7ddfabd45803a6d1145734a82b2b9a6a87c8e118629840a027fd3f8e5a6a5dccee1a480d6cd0402a64db2263b1a9de61848b1eb31b51189f4caa2fdf0c3a38275386522137fe573ec27693a337c324952480c9ae476a694010aa22095c6d8bfceb5e024cbc21d6c1d1b17fae63dc627a948c4eca7dfa3f8a5e628531472e00ed28f2d2b7fcf03b5ba1975fcc010482a08c7800b3c87587a9fea37402ffafcc9cabc16a123164765d10dafe323ce33f197af8a3cf57332dbbee3f263a16cb565b61690b5804341630437ad2277be4ff82d1aa32c15b0cf99c88c7bca0ecf47a3be490bf6079f19acdf9a71f636fff612167c849b5c149cb32d8dd98d2aa8bb0606a1214fc1f0da04476cd8c3c056ec88eefca4d331ecbd5416c356466202cb97ddfc320b7594d5ab2e9102d549ffa72300"}) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) accept4(r5, 0x0, 0x0, 0x800) syz_open_dev$vcsa(&(0x7f0000000500), 0x0, 0x0) 3.681118359s ago: executing program 1 (id=10): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x200082, 0x0) ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000040)=0x1) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0xa000, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000000c0)=0x1000) mkdir(&(0x7f0000000100)='./file0\x00', 0x142) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = creat(&(0x7f0000000140)='./file0\x00', 0x100) ioctl$VFAT_IOCTL_READDIR_SHORT(r3, 0x82307202, &(0x7f0000000180)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) mount(&(0x7f00000003c0)=@md0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='jffs2\x00', 0x100, &(0x7f0000000480)='/dev/net/tun\x00') r4 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x61, &(0x7f00000004c0)={'filter\x00', 0x4}, 0x68) r5 = syz_io_uring_setup(0x7531, &(0x7f0000000540)={0x0, 0x7e5b, 0x4, 0x2, 0x33c, 0x0, r3}, &(0x7f00000005c0), &(0x7f0000000600)) fallocate(r5, 0x31, 0x45ac, 0x200) socket$rds(0x15, 0x5, 0x0) getsockopt$PNPIPE_IFINDEX(r3, 0x113, 0x2, &(0x7f0000000640)=0x0, &(0x7f0000000680)=0x4) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xc, 0x86, 0x8, 0x5, 0x8, 0xffffffffffffffff, 0xdce, '\x00', r6, r3, 0x5, 0x1, 0x2}, 0x50) listen(r2, 0x6) syz_clone3(&(0x7f0000000980)={0x800, &(0x7f0000000740), &(0x7f0000000780), &(0x7f00000007c0)=0x0, {0x2c}, &(0x7f0000000800)=""/122, 0x7a, &(0x7f0000000880)=""/157, &(0x7f0000000940)=[0xffffffffffffffff], 0x1, {r3}}, 0x58) capget(&(0x7f0000000a00)={0x19980330, r8}, &(0x7f0000000a40)={0x2, 0x101, 0x578b439f, 0xb, 0xbd, 0x46cd777b}) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000a80), 0x8) ioctl$VT_DISALLOCATE(r3, 0x5608) mount$overlay(0x0, &(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00), 0xc0014, &(0x7f0000000b40)={[{@verity_on}], [{@dont_measure}, {@fowner_gt}]}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000b80), r2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d80)={0x6, 0x2, &(0x7f0000000bc0)=@raw=[@map_val={0x18, 0x17, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000c00)='syzkaller\x00', 0x4, 0x1f, &(0x7f0000000c40)=""/31, 0x41000, 0xa, '\x00', r6, 0x25, r3, 0x8, &(0x7f0000000c80)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000cc0)={0x4, 0x7, 0x1c, 0x8000}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000d00)=[r7, r7, 0x1, r3, r3], &(0x7f0000000d40)=[{0x3, 0x2, 0x7, 0x4}, {0x4, 0x3, 0xe, 0x9}, {0x2, 0x4, 0x1, 0xb}], 0x10, 0x5}, 0x94) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000e40)=@usbdevfs_connect={0xd}) fchmod(r4, 0x180) ioctl$EVIOCGUNIQ(r3, 0x80404508, &(0x7f0000000e80)=""/134) r9 = getpid() sched_setscheduler(r9, 0x2, &(0x7f0000000f40)=0xffffffff) mq_open(&(0x7f0000000f80)='}\x00', 0x2, 0x0, &(0x7f0000000fc0)={0x10001, 0x0, 0xce51}) 3.087388089s ago: executing program 1 (id=11): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00'}) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)={0x30, r5, 0x1, 0x0, 0x25dfdbff, {0x7}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x81}, @L2TP_ATTR_IFNAME={0x14}]}, 0x30}}, 0x2) syz_emit_ethernet(0xa5, &(0x7f0000000340)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @random='\b\x00', @void, {@mpls_uc={0x8847, {[{0xbf}, {}], @ipv4=@dccp={{0x10, 0x4, 0x0, 0x0, 0x8f, 0x67, 0x0, 0x5, 0x21, 0x0, @dev={0xac, 0x14, 0x14, 0x41}, @multicast2, {[@timestamp_prespec={0x44, 0x14, 0x18, 0x3, 0xc, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}, {@empty, 0x7}]}, @ssrr={0x89, 0x3, 0x54}, @timestamp_prespec={0x44, 0x14, 0x89, 0x3, 0x0, [{@rand_addr=0x64010102, 0x4}, {@local, 0x1}]}]}}, {{0x4e24, 0x4e22, 0x4, 0x1, 0x3, 0x0, 0x0, 0xf, 0x5, 'wdj', 0x2, "0df597"}, "ce470f753d6e9976d6d6798de1c1e853c44e940d7bb2471baa087e397a5d94a81711323dfb57250c7efbd49b066ce61fb8031d79cd1c08e9bcaddec57120a6"}}}}}}, 0x0) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$sock_inet_SIOCGIFADDR(r6, 0x8915, &(0x7f0000000040)={'team_slave_1\x00', {0x2, 0x0, @local}}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, 0x0) readv(r7, &(0x7f00000001c0), 0x0) prlimit64(0x0, 0x8, &(0x7f0000000140)={0x6, 0x9}, 0x0) shmget(0x1, 0x2000, 0x200, &(0x7f0000ffc000/0x2000)=nil) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) rmdir(&(0x7f0000000040)='./bus\x00') openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) syz_usb_connect(0x0, 0x48, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000022546940fa0ae803d0990102030109023600010000000009047500038cbb2a0009050a001000010000090588"], 0x0) 2.939599444s ago: executing program 4 (id=5): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x2004000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000018, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x400000000000000) socket$inet_tcp(0x2, 0x1, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x14, 0x51b, 0x70bd28, 0x25dfdbff, {0x11}}, 0x14}, 0x1, 0x0, 0x0, 0x2400a051}, 0x44000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0) ioctl$COMEDI_CMD(r7, 0x80506409, &(0x7f0000000180)={0x0, 0x1, 0x2, 0x6dd, 0x10, 0x200, 0x10, 0x3, 0x20, 0xffffffff, 0x20, 0x7, &(0x7f00000000c0)=[0x4], 0x1, 0x0}) mremap(&(0x7f00000ab000/0x4000)=nil, 0x4000, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x28, r8, 0x1, 0x0, 0x4000, {{0x2}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16f8}]]}, 0x28}, 0x1, 0x0, 0x0, 0x40005}, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000340)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x79, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.359074329s ago: executing program 3 (id=4): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000580)=@getlink={0x28, 0x12, 0x1, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x3080, 0x808}, [@IFLA_NET_NS_PID={0x8}]}, 0x28}}, 0x0) r2 = getpid() r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) write$char_usb(r3, &(0x7f00000008c0)='-0', 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r5, 0x1, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r1, &(0x7f0000008e40)={&(0x7f0000008d00)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000008e00)={&(0x7f0000008d40)={0xa4, r5, 0xf24, 0x70bd27, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x200}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x349c000}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x2404c000}, 0x8081) sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x1a0, r5, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r0) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r6, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x3c, r7, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x25, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x9c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) 1.54173776s ago: executing program 4 (id=12): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB='t\x00\x00\x00\n'], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000005800)={0x0, 0x0, &(0x7f00000057c0)={&(0x7f0000005740)={0x1c, 0x7, 0x6, 0x3, 0x0, 0x0, {0xa, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x804) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000000)=@ready={0x0, 0x0, 0x8, 'BBBB'}) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$SIOCPNENABLEPIPE(r7, 0x89ed, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x12, &(0x7f0000000040)=@conn_svc_rsp={0x0, 0x0, 0xa, "5e0d6ccb", {0x3, 0x30c, 0x0, 0x80, 0xf, 0x1, 0x7f}}) 1.52472193s ago: executing program 0 (id=13): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880)) r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, 0x0, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendmsg$SEG6_CMD_SETHMAC(r2, 0x0, 0x8801) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r5, 0xc048aec8, &(0x7f00000005c0)={0x20000085}) r6 = socket$packet(0x11, 0x3, 0x300) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000040)={@local, 0x2}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r7, 0x7ab, &(0x7f00000001c0)={0x0, 0x0, 0x8}) r8 = dup(r1) r9 = fcntl$dupfd(r0, 0x406, r6) ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) ioctl$VHOST_NET_SET_BACKEND(r9, 0x4008af30, &(0x7f0000000080)={0x0, r8}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x6, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800059e1100000100001b000ebeffffff040000a2890c1d", @ANYRES32, @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r10, 0x0, 0x0, 0x8, &(0x7f00000006c0), &(0x7f0000000700)=""/8, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x50) 1.134517977s ago: executing program 2 (id=14): unshare(0x40020100) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000b40)=ANY=[@ANYBLOB="1201000000000010580413500000000000010902240001000050000904000081030000000921faff000122a00009058103"], 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000100)={'fscrypt:', @desc1}, &(0x7f0000000140)={0x0, "bc410887c39b93ba733c40a6ebe73ed8cc4963e8d949bb4ff67c823dd18c8706c7973608f8f9fec843aad0da96bd888c8ff6ba75008e76ef31b000b31301b9f7", 0x3b}, 0x48, 0xffffffffffffffff) socket$key(0xf, 0x3, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$int_in(r4, 0x5452, &(0x7f00000001c0)=0x1) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0) 1.001908855s ago: executing program 0 (id=15): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x22803) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x1b1c07, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x80d02, 0x0) dup3(r1, r0, 0x0) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5111) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000040)={0x2, 0x3, 0x6, {0x0, 0x6f87}, 0xd56d, 0x7}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20c0, 0x0) 844.784179ms ago: executing program 0 (id=16): socket$inet6(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_getparam(0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) syz_emit_ethernet(0xe, &(0x7f0000000040)=ANY=[@ANYBLOB="0380c2000000dc9bf792a833abc99d4f6518e9a5a1654cb97f5efd1e12406fb95b3c28a9afff36e63fd8fc1601006bf084087e0ff50d69ac8335a0573b90f1d4a54f49651eb5326d1380de44da0eec3e340bd7e98b5aca612204da0000"], 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000380)={r3, @in6={{0xa, 0x4e20, 0x1, @loopback, 0xd70}}, [0x7, 0x0, 0x8, 0xffffffff, 0x53, 0x8, 0x6, 0x8, 0xffffffff80000000, 0x7, 0x1, 0x7ffffffffffffffb, 0xfffffffffffffffd, 0x200000000000, 0x8000000000000000]}, &(0x7f0000000100)=0x100) r4 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) eventfd(0xfffffff9) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, 0x0) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) mount$afs(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x4, &(0x7f0000000080)={[{@dyn}, {@flock_openafs}]}) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000001200010003950000000100000a0900004001000000000000000000000000ffff000000"], 0x4c}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r6, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, 0x0, 0x0) syz_usb_connect(0x1, 0x3d, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000", @ANYRES16=r8, @ANYBLOB], 0x1c}}, 0x0) 181.798678ms ago: executing program 3 (id=17): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880)) r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, 0x0, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendmsg$SEG6_CMD_SETHMAC(r2, 0x0, 0x8801) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r5, 0xc048aec8, &(0x7f00000005c0)={0x20000085}) r6 = socket$packet(0x11, 0x3, 0x300) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000040)={@local, 0x2}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r7, 0x7ab, &(0x7f00000001c0)={0x0, 0x0, 0x8}) r8 = dup(r1) r9 = fcntl$dupfd(r0, 0x406, r6) ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0}) ioctl$VHOST_NET_SET_BACKEND(r9, 0x4008af30, &(0x7f0000000080)={0x0, r8}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x6, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800059e1100000100001b000ebeffffff040000a2890c1d", @ANYRES32, @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r10, 0x0, 0x6, 0x8, &(0x7f00000006c0)="051cf3b75a97", &(0x7f0000000700)=""/8, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x50) 0s ago: executing program 3 (id=18): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi2\x00', 0x20401, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x1008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x32cc0000) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf) setfsgid(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = fspick(0xffffffffffffffff, 0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, 0x0, &(0x7f0000002280)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\\\\\\x00\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x97\xd7R\xab2\x1eW\x00\x00\x00\x00ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8DD\x9bp\x01\xcc:\xa6\x85n\x9f\xfb\x81 \x10\x0fQ\x90}Zd\xeb\xab\xf70\x99\xef\x8b 1 [ 60.443140][ T5823] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.448791][ T5139] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.451385][ T5823] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.458512][ T5139] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.467411][ T5823] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 60.479232][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 60.484800][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.494282][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.501872][ T5828] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 60.508973][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 60.512032][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.517388][ T5828] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 60.528746][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 60.531659][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.537718][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 60.550811][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.551408][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 60.558392][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.567602][ T5828] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 60.573662][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 60.579741][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 60.594277][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.601292][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 60.601304][ T30] audit: type=1400 audit(1765007299.505:80): avc: denied { read } for pid=5813 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 60.655358][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 60.662801][ T30] audit: type=1400 audit(1765007299.505:81): avc: denied { open } for pid=5813 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 60.686885][ T30] audit: type=1400 audit(1765007299.505:82): avc: denied { mounton } for pid=5813 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 60.691164][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 60.978023][ T30] audit: type=1400 audit(1765007299.885:83): avc: denied { module_request } for pid=5813 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 61.069400][ T5813] chnl_net:caif_netlink_parms(): no params data found [ 61.101110][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 61.215156][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 61.239396][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 61.256402][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 61.326665][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.334356][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.341817][ T5813] bridge_slave_0: entered allmulticast mode [ 61.348453][ T5813] bridge_slave_0: entered promiscuous mode [ 61.378733][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.385881][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.393027][ T5813] bridge_slave_1: entered allmulticast mode [ 61.399583][ T5813] bridge_slave_1: entered promiscuous mode [ 61.446336][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.453545][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.460708][ T5827] bridge_slave_0: entered allmulticast mode [ 61.467334][ T5827] bridge_slave_0: entered promiscuous mode [ 61.489834][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.496985][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.504241][ T5812] bridge_slave_0: entered allmulticast mode [ 61.511365][ T5812] bridge_slave_0: entered promiscuous mode [ 61.518491][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.525819][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.533185][ T5827] bridge_slave_1: entered allmulticast mode [ 61.539726][ T5827] bridge_slave_1: entered promiscuous mode [ 61.555047][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.571594][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.578654][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.585817][ T5812] bridge_slave_1: entered allmulticast mode [ 61.592534][ T5812] bridge_slave_1: entered promiscuous mode [ 61.614277][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.622225][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.629285][ T5825] bridge_slave_0: entered allmulticast mode [ 61.636189][ T5825] bridge_slave_0: entered promiscuous mode [ 61.644690][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.674141][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.681342][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.688542][ T5825] bridge_slave_1: entered allmulticast mode [ 61.695286][ T5825] bridge_slave_1: entered promiscuous mode [ 61.708660][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.715785][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.723120][ T5811] bridge_slave_0: entered allmulticast mode [ 61.729672][ T5811] bridge_slave_0: entered promiscuous mode [ 61.737905][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.748762][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.771994][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.779094][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.786477][ T5811] bridge_slave_1: entered allmulticast mode [ 61.793730][ T5811] bridge_slave_1: entered promiscuous mode [ 61.801923][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.812479][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.829411][ T5813] team0: Port device team_slave_0 added [ 61.857467][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.868050][ T5813] team0: Port device team_slave_1 added [ 61.895154][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.913310][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.923612][ T5812] team0: Port device team_slave_0 added [ 61.930356][ T5827] team0: Port device team_slave_0 added [ 61.951695][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.962668][ T5812] team0: Port device team_slave_1 added [ 61.968824][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.975976][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.002309][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.015500][ T5827] team0: Port device team_slave_1 added [ 62.046509][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.053670][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.079718][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.097594][ T5825] team0: Port device team_slave_0 added [ 62.129134][ T5825] team0: Port device team_slave_1 added [ 62.136115][ T5811] team0: Port device team_slave_0 added [ 62.142393][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.149307][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.175321][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.187092][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.194127][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.220013][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.236040][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.243119][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.269026][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.289386][ T5811] team0: Port device team_slave_1 added [ 62.302309][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.309225][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.335516][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.372107][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.379029][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.405101][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.416806][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.423886][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.449921][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.475014][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.481970][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.508110][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.521548][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.528477][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.554390][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.568650][ T5813] hsr_slave_0: entered promiscuous mode [ 62.574789][ T5813] hsr_slave_1: entered promiscuous mode [ 62.601313][ T5823] Bluetooth: hci2: command tx timeout [ 62.602252][ T5812] hsr_slave_0: entered promiscuous mode [ 62.612788][ T5812] hsr_slave_1: entered promiscuous mode [ 62.618582][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 62.624500][ T5812] Cannot create hsr debugfs directory [ 62.654289][ T5827] hsr_slave_0: entered promiscuous mode [ 62.661335][ T5827] hsr_slave_1: entered promiscuous mode [ 62.667138][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 62.672930][ T5823] Bluetooth: hci1: command tx timeout [ 62.678301][ T5833] Bluetooth: hci3: command tx timeout [ 62.680825][ T5823] Bluetooth: hci0: command tx timeout [ 62.683942][ T5827] Cannot create hsr debugfs directory [ 62.750539][ T5825] hsr_slave_0: entered promiscuous mode [ 62.756717][ T5825] hsr_slave_1: entered promiscuous mode [ 62.760968][ T5823] Bluetooth: hci4: command tx timeout [ 62.763080][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 62.773797][ T5825] Cannot create hsr debugfs directory [ 62.789291][ T5811] hsr_slave_0: entered promiscuous mode [ 62.795276][ T5811] hsr_slave_1: entered promiscuous mode [ 62.801313][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 62.807015][ T5811] Cannot create hsr debugfs directory [ 63.110136][ T5813] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.122630][ T5813] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.138105][ T5813] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.147137][ T5813] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.184032][ T5825] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 63.198493][ T5825] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 63.208256][ T5825] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 63.219408][ T5825] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 63.286242][ T5811] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.298406][ T5811] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.308124][ T5811] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.321455][ T5811] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.395619][ T5812] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.404968][ T5812] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.415103][ T5812] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.425501][ T5812] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.486240][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.513811][ T5827] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.524369][ T5827] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.536666][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.545823][ T5827] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.556869][ T5827] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.595354][ T5813] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.610602][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.624135][ T1010] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.631293][ T1010] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.649721][ T1010] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.656778][ T1010] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.678345][ T1010] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.685425][ T1010] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.694965][ T1010] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.702015][ T1010] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.753557][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.767028][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.806938][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.818892][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.836101][ T4030] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.843192][ T4030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.867299][ T4030] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.874427][ T4030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.882098][ T30] audit: type=1400 audit(1765007302.795:84): avc: denied { sys_module } for pid=5813 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 63.923922][ T4030] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.931031][ T4030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.945132][ T4030] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.952249][ T4030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.048763][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.110724][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.134731][ T3502] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.142010][ T3502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.172482][ T3502] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.179588][ T3502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.229062][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.317792][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.336169][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.409512][ T5813] veth0_vlan: entered promiscuous mode [ 64.459355][ T5812] veth0_vlan: entered promiscuous mode [ 64.472867][ T5813] veth1_vlan: entered promiscuous mode [ 64.486574][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.514773][ T5812] veth1_vlan: entered promiscuous mode [ 64.596140][ T5812] veth0_macvtap: entered promiscuous mode [ 64.629726][ T5813] veth0_macvtap: entered promiscuous mode [ 64.639949][ T5812] veth1_macvtap: entered promiscuous mode [ 64.648403][ T5811] veth0_vlan: entered promiscuous mode [ 64.669233][ T5811] veth1_vlan: entered promiscuous mode [ 64.675519][ T5823] Bluetooth: hci2: command tx timeout [ 64.684147][ T5813] veth1_macvtap: entered promiscuous mode [ 64.699733][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.722643][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.739842][ T4030] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.749646][ T4030] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.759404][ T5823] Bluetooth: hci0: command tx timeout [ 64.759429][ T5833] Bluetooth: hci1: command tx timeout [ 64.765561][ T5823] Bluetooth: hci3: command tx timeout [ 64.784017][ T4030] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.793324][ T4030] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.808091][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.819378][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.831537][ T5823] Bluetooth: hci4: command tx timeout [ 64.831784][ T5811] veth0_macvtap: entered promiscuous mode [ 64.847212][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.864153][ T5811] veth1_macvtap: entered promiscuous mode [ 64.884130][ T4030] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.893472][ T4030] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.905769][ T4030] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.915526][ T4030] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.932069][ T5825] veth0_vlan: entered promiscuous mode [ 64.993835][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.014507][ T4030] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.015022][ T5827] veth0_vlan: entered promiscuous mode [ 65.022572][ T4030] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.033927][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.055226][ T5825] veth1_vlan: entered promiscuous mode [ 65.065967][ T5827] veth1_vlan: entered promiscuous mode [ 65.091548][ T3785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.100249][ T3785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.112308][ T3785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.124130][ T3785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.143117][ T4030] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.155220][ T4030] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.182514][ T495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.191428][ T495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.218980][ T5825] veth0_macvtap: entered promiscuous mode [ 65.225397][ T30] audit: type=1400 audit(1765007304.125:85): avc: denied { mounton } for pid=5812 comm="syz-executor" path="/root/syzkaller.oLc13t/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 65.261194][ T30] audit: type=1400 audit(1765007304.165:86): avc: denied { mount } for pid=5812 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 65.264228][ T5825] veth1_macvtap: entered promiscuous mode [ 65.289066][ T30] audit: type=1400 audit(1765007304.165:87): avc: denied { mounton } for pid=5812 comm="syz-executor" path="/root/syzkaller.oLc13t/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 65.322650][ T30] audit: type=1400 audit(1765007304.165:88): avc: denied { mount } for pid=5812 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 65.345177][ T30] audit: type=1400 audit(1765007304.165:89): avc: denied { mounton } for pid=5812 comm="syz-executor" path="/root/syzkaller.oLc13t/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 65.379098][ T5812] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.387521][ T3785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.402745][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.415927][ T4030] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.416760][ T5827] veth0_macvtap: entered promiscuous mode [ 65.429483][ T4030] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.436508][ T3785] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.444497][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.456851][ T5827] veth1_macvtap: entered promiscuous mode [ 65.499319][ T61] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.515097][ T61] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.552293][ T61] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.562879][ T495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.584861][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.590921][ T495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.611092][ T61] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.626870][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.696636][ T61] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.720097][ T61] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.741835][ T61] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.752987][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 65.753000][ T30] audit: type=1400 audit(1765007304.665:100): avc: denied { read write } for pid=5934 comm="syz.0.1" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 65.862632][ T30] audit: type=1400 audit(1765007304.685:101): avc: denied { create } for pid=5932 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 65.864257][ T495] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.884537][ T30] audit: type=1400 audit(1765007304.695:102): avc: denied { read } for pid=5932 comm="syz.2.3" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 65.934656][ T30] audit: type=1400 audit(1765007304.695:103): avc: denied { open } for pid=5932 comm="syz.2.3" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 65.999636][ T30] audit: type=1400 audit(1765007304.695:104): avc: denied { open } for pid=5934 comm="syz.0.1" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 66.623148][ T5943] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 66.624679][ T30] audit: type=1400 audit(1765007304.835:105): avc: denied { read write } for pid=5934 comm="syz.0.1" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 66.666308][ T5815] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 66.694729][ T30] audit: type=1400 audit(1765007304.835:106): avc: denied { open } for pid=5934 comm="syz.0.1" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 66.719990][ T30] audit: type=1400 audit(1765007304.835:107): avc: denied { ioctl } for pid=5934 comm="syz.0.1" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 66.783338][ T30] audit: type=1400 audit(1765007304.865:108): avc: denied { create } for pid=5932 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 66.803412][ T5823] Bluetooth: hci2: command tx timeout [ 66.823207][ T30] audit: type=1400 audit(1765007304.865:109): avc: denied { bind } for pid=5932 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 66.842415][ T5815] usb 1-1: Using ep0 maxpacket: 32 [ 66.850404][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.851150][ T5815] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 127, changing to 10 [ 66.870322][ T5823] Bluetooth: hci3: command tx timeout [ 66.873407][ T5828] Bluetooth: hci0: command tx timeout [ 66.877816][ T5833] Bluetooth: hci1: command tx timeout [ 66.886795][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.887933][ T5815] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 66.905541][ T5815] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 66.915730][ T5833] Bluetooth: hci4: command tx timeout [ 66.923569][ T5815] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 66.933560][ T5815] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.942712][ T5815] usb 1-1: Product: syz [ 66.947426][ T5815] usb 1-1: Manufacturer: syz [ 66.987808][ T5815] usb 1-1: SerialNumber: syz [ 67.056759][ T1010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.077465][ T5956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9'. [ 67.079927][ T2107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.096583][ T1010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.101783][ T2107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.194967][ T5958] netlink: 'syz.2.8': attribute type 10 has an invalid length. [ 67.240926][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 67.312485][ T5959] ubi31: attaching mtd0 [ 67.406049][ T5962] usb usb8: usbfs: process 5962 (syz.0.1) did not claim interface 0 before use [ 67.414694][ T5963] jffs2: Unknown parameter '/dev/net/tun' [ 67.426263][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.440713][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.494259][ T5963] capability: warning: `syz.1.10' uses 32-bit capabilities (legacy support in use) [ 67.522615][ T5959] ubi31: scanning is finished [ 67.527409][ T5959] ubi31: empty MTD device detected [ 67.550871][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.594889][ T5958] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.614603][ T5958] bond0: (slave team0): Enslaving as an active interface with an up link [ 67.640756][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 67.698685][ T1010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.730347][ T1010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.855928][ T5953] delete_channel: no stack [ 67.959806][ T5959] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 67.970567][ T5959] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 68.030938][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 68.323776][ T5959] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 68.332727][ T5959] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 68.351617][ T5959] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 68.410817][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 68.440755][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 68.510736][ T5959] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 68.851250][ T5833] Bluetooth: hci2: command tx timeout [ 68.913848][ T5828] Bluetooth: hci3: command tx timeout [ 68.919805][ T5828] Bluetooth: hci0: command tx timeout [ 68.926066][ T5833] Bluetooth: hci1: command tx timeout [ 69.004514][ T5823] Bluetooth: hci4: command tx timeout [ 69.014257][ T5959] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 31224473 [ 69.030273][ T5959] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 69.040288][ T5973] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 69.121304][ T5968] ubi31: background thread "ubi_bgt31d" started, PID 5968 [ 69.131212][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.139635][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.327800][ T5815] cdc_ncm 1-1:1.0: bind() failure [ 69.338046][ T5815] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 69.345347][ T5815] cdc_ncm 1-1:1.1: bind() failure [ 69.365719][ T5815] usb 1-1: USB disconnect, device number 2 [ 69.513565][ T5979] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.540824][ T5886] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 69.608735][ T5979] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.629641][ T5872] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 69.733686][ T5886] usb 2-1: config 0 has an invalid interface number: 117 but max is 0 [ 69.754569][ T5979] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.759578][ T5886] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 69.776437][ T5886] usb 2-1: config 0 has no interface number 0 [ 69.784598][ T5886] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 69.795146][ T5886] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 69.816442][ T5886] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 69.826023][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.834550][ T5872] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 69.850417][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.865092][ T5872] usb 5-1: Product: syz [ 69.885819][ T5872] usb 5-1: Manufacturer: syz [ 69.890442][ T5886] usb 2-1: Product: syz [ 69.896876][ T5979] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.897174][ T5872] usb 5-1: SerialNumber: syz [ 69.912347][ T5886] usb 2-1: Manufacturer: syz [ 69.916948][ T5886] usb 2-1: SerialNumber: syz [ 69.928975][ T5886] usb 2-1: config 0 descriptor?? [ 69.941391][ T5872] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 69.972536][ T50] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 69.973451][ T5980] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 70.042810][ T3831] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.106491][ T3831] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.450160][ T5886] usbtouchscreen 2-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 70.471352][ T5980] usb 3-1: Using ep0 maxpacket: 16 [ 70.473705][ T5886] usb 2-1: USB disconnect, device number 2 [ 70.499536][ T5980] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 70.544919][ T5980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.564103][ T1010] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.573555][ T5980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.599689][ T5980] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 70.618790][ T5999] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.620870][ T5980] usb 3-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 70.649046][ T5980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.660428][ T5980] usb 3-1: config 0 descriptor?? [ 70.892606][ T30] kauditd_printk_skb: 48 callbacks suppressed [ 70.892639][ T30] audit: type=1400 audit(1765007309.805:158): avc: denied { create } for pid=5992 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 70.932365][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.938795][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.123242][ T30] audit: type=1400 audit(1765007310.025:159): avc: denied { append } for pid=6004 comm="syz.3.18" name="comedi2" dev="devtmpfs" ino=1278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.947078][ T50] usb 5-1: Service connection timeout for: 256 [ 71.956353][ T50] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 71.990066][ T50] ath9k_htc: Failed to initialize the device [ 72.000044][ T50] usb 5-1: ath9k_htc: USB layer deinitialized [ 132.355950][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 177.020619][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 177.027619][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6000/1:b..l [ 177.035711][ C1] rcu: (detected by 1, t=10502 jiffies, g=7689, q=1251 ncpus=2) [ 177.043403][ C1] task:syz.4.12 state:R running task stack:26120 pid:6000 tgid:5983 ppid:5825 task_flags:0x400040 flags:0x00080000 [ 177.057108][ C1] Call Trace: [ 177.060365][ C1] [ 177.063290][ C1] ? __schedule+0x10b9/0x6150 [ 177.067966][ C1] __schedule+0x1139/0x6150 [ 177.072469][ C1] ? __pfx___schedule+0x10/0x10 [ 177.077300][ C1] ? mark_held_locks+0x49/0x80 [ 177.082053][ C1] preempt_schedule_irq+0x51/0x90 [ 177.087062][ C1] irqentry_exit+0x1d8/0x8c0 [ 177.091629][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 177.097585][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x41/0x70 [ 177.103716][ C1] Code: a9 00 01 ff 00 74 1d f6 c4 01 74 43 a9 00 00 0f 00 75 3c a9 00 00 f0 00 75 35 8b 82 6c 16 00 00 85 c0 74 2b 8b 82 48 16 00 00 <83> f8 02 75 20 48 8b 8a 50 16 00 00 8b 92 4c 16 00 00 48 8b 01 48 [ 177.123291][ C1] RSP: 0018:ffffc90004bef508 EFLAGS: 00000246 [ 177.129333][ C1] RAX: 0000000000000002 RBX: ffff888024164582 RCX: ffffffff8b65dd38 [ 177.137285][ C1] RDX: ffff88802ef524c0 RSI: ffffffff8b65dd47 RDI: 0000000000000001 [ 177.145255][ C1] RBP: ffffc90004bef580 R08: 0000000000000001 R09: 000000000000003f [ 177.153221][ C1] R10: 0000000000000006 R11: 00000000f9f0d9a0 R12: 0000000000000225 [ 177.161181][ C1] R13: ffff888024164580 R14: 0000000000000006 R15: 0000000000000225 [ 177.169144][ C1] ? xas_load+0x118/0x5b0 [ 177.173456][ C1] ? xas_load+0x127/0x5b0 [ 177.177786][ C1] xas_load+0x127/0x5b0 [ 177.181931][ C1] ? __lock_acquire+0x433/0x22f0 [ 177.186852][ C1] filemap_get_entry+0x109/0x3b0 [ 177.191769][ C1] ? __pfx_filemap_get_entry+0x10/0x10 [ 177.197210][ C1] shmem_get_folio_gfp+0x221/0x1610 [ 177.202422][ C1] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 177.208041][ C1] ? filemap_map_pages+0x12dd/0x1e00 [ 177.213334][ C1] shmem_fault+0x1fe/0xa00 [ 177.217761][ C1] ? __pfx_shmem_fault+0x10/0x10 [ 177.222694][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 177.228231][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 177.233676][ C1] __do_fault+0x10d/0x490 [ 177.238004][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 177.243457][ C1] do_fault+0xae4/0x1ce0 [ 177.247696][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 177.253149][ C1] __handle_mm_fault+0x1768/0x2cf0 [ 177.258266][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 177.263714][ C1] ? __pte_offset_map_lock+0x174/0x310 [ 177.269142][ C1] ? find_held_lock+0x2b/0x80 [ 177.273801][ C1] ? follow_page_pte+0x611/0x1390 [ 177.278816][ C1] handle_mm_fault+0x3fe/0xad0 [ 177.283563][ C1] __get_user_pages+0x605/0x33a0 [ 177.288526][ C1] ? __pfx___get_user_pages+0x10/0x10 [ 177.293903][ C1] populate_vma_page_range+0x267/0x3f0 [ 177.299345][ C1] ? __pfx_populate_vma_page_range+0x10/0x10 [ 177.305323][ C1] ? __pfx_find_vma_intersection+0x10/0x10 [ 177.311118][ C1] ? do_mmap+0x69c/0x1210 [ 177.315444][ C1] __mm_populate+0x1d8/0x380 [ 177.320056][ C1] ? __pfx___mm_populate+0x10/0x10 [ 177.325142][ C1] ? up_write+0x282/0x4e0 [ 177.329451][ C1] vm_mmap_pgoff+0x37f/0x470 [ 177.334036][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 177.339123][ C1] ? get_timespec64+0x147/0x240 [ 177.343971][ C1] ? __x64_sys_futex+0x1e0/0x4c0 [ 177.348883][ C1] ? __x64_sys_futex+0x1e9/0x4c0 [ 177.353798][ C1] ksys_mmap_pgoff+0x7d/0x5c0 [ 177.358448][ C1] ? xfd_validate_state+0x61/0x180 [ 177.363527][ C1] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 177.369664][ C1] __x64_sys_mmap+0x125/0x190 [ 177.374321][ C1] do_syscall_64+0xcd/0xf80 [ 177.378814][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.384684][ C1] RIP: 0033:0x7f379438f749 [ 177.389077][ C1] RSP: 002b:00007f3795278038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 177.397472][ C1] RAX: ffffffffffffffda RBX: 00007f37945e6090 RCX: 00007f379438f749 [ 177.405429][ C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000 [ 177.413373][ C1] RBP: 00007f3794413f91 R08: ffffffffffffffff R09: 0000000000000000 [ 177.421322][ C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 177.429274][ C1] R13: 00007f37945e6128 R14: 00007f37945e6090 R15: 00007ffc8f958838 [ 177.437233][ C1] [ 177.440237][ C1] rcu: rcu_preempt kthread starved for 10322 jiffies! g7689 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 177.451320][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 177.461258][ C1] rcu: RCU grace-period kthread stack dump: [ 177.467110][ C1] task:rcu_preempt state:R running task stack:29112 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 177.480575][ C1] Call Trace: [ 177.483835][ C1] [ 177.486747][ C1] ? __schedule+0x10b9/0x6150 [ 177.491398][ C1] __schedule+0x1139/0x6150 [ 177.495888][ C1] ? __pfx___schedule+0x10/0x10 [ 177.500720][ C1] ? find_held_lock+0x2b/0x80 [ 177.505376][ C1] ? schedule+0x2d7/0x3a0 [ 177.509691][ C1] schedule+0xe7/0x3a0 [ 177.513735][ C1] schedule_timeout+0x123/0x290 [ 177.518572][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 177.523914][ C1] ? __pfx_process_timeout+0x10/0x10 [ 177.529185][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 177.534979][ C1] ? prepare_to_swait_event+0xf5/0x480 [ 177.540415][ C1] rcu_gp_fqs_loop+0x1ea/0xaf0 [ 177.545157][ C1] ? rcu_gp_init+0xc2e/0x15e0 [ 177.549812][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 177.555080][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 177.560254][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 177.565166][ C1] ? rcu_gp_cleanup+0x7c1/0xe90 [ 177.569999][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 177.575773][ C1] rcu_gp_kthread+0x26d/0x380 [ 177.580415][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 177.585582][ C1] ? rcu_is_watching+0x12/0xc0 [ 177.590328][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 177.595509][ C1] ? __kthread_parkme+0x19e/0x250 [ 177.600512][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 177.605681][ C1] kthread+0x3c5/0x780 [ 177.609735][ C1] ? __pfx_kthread+0x10/0x10 [ 177.614310][ C1] ? rcu_is_watching+0x12/0xc0 [ 177.619045][ C1] ? __pfx_kthread+0x10/0x10 [ 177.623617][ C1] ret_from_fork+0x983/0xb10 [ 177.628180][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 177.633279][ C1] ? __switch_to+0x7af/0x10d0 [ 177.637936][ C1] ? __pfx_kthread+0x10/0x10 [ 177.642513][ C1] ret_from_fork_asm+0x1a/0x30 [ 177.647271][ C1] [ 177.650277][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 177.656580][ C1] Sending NMI from CPU 1 to CPUs 0: [ 177.661761][ C0] NMI backtrace for cpu 0 [ 177.661774][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 177.661794][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 177.661801][ C0] RIP: 0010:clockevents_program_event+0x26e/0x370 [ 177.661820][ C0] Code: 00 00 00 00 fc ff df 48 89 fa 48 d3 ed 48 c1 ea 03 80 3c 02 00 0f 85 f7 00 00 00 48 89 ef 48 89 de 48 8b 43 08 2e 2e 2e ff d0 <31> ff 89 c5 89 c6 e8 67 f5 0f 00 85 ed 74 2c e8 ae fa 0f 00 31 ff [ 177.661832][ C0] RSP: 0018:ffffc90000007e48 EFLAGS: 00000046 [ 177.661843][ C0] RAX: 0000000000000000 RBX: ffff8880b8423f40 RCX: 0000000000000838 [ 177.661852][ C0] RDX: 0000000000000000 RSI: 0000000000001e00 RDI: 0000000000000038 [ 177.661859][ C0] RBP: 0000000000001e00 R08: 0000000000000005 R09: 000000000000003f [ 177.661867][ C0] R10: 0000000000000020 R11: 0000000037609dba R12: 0000000000000001 [ 177.661878][ C0] R13: 0000000000000001 R14: 0000000000000020 R15: 000000295c2b4a00 [ 177.661886][ C0] FS: 0000000000000000(0000) GS:ffff888124956000(0000) knlGS:0000000000000000 [ 177.661899][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.661907][ C0] CR2: 000055c572259ea0 CR3: 000000002888a000 CR4: 00000000003526f0 [ 177.661915][ C0] Call Trace: [ 177.661921][ C0] [ 177.661927][ C0] tick_program_event+0xa9/0x140 [ 177.661945][ C0] hrtimer_reprogram+0x27b/0x450 [ 177.661961][ C0] hrtimer_run_softirq+0x262/0x350 [ 177.661976][ C0] handle_softirqs+0x219/0x8b0 [ 177.661992][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 177.662007][ C0] __irq_exit_rcu+0x109/0x170 [ 177.662018][ C0] irq_exit_rcu+0x9/0x30 [ 177.662031][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 177.662047][ C0] [ 177.662051][ C0] [ 177.662055][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 177.662069][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 177.662083][ C0] Code: e6 6e 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 53 65 22 00 fb f4 cc 2f 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 177.662094][ C0] RSP: 0018:ffffffff8e007df8 EFLAGS: 000002c6 [ 177.662103][ C0] RAX: 0000000000c4fae1 RBX: 0000000000000000 RCX: ffffffff8b67f6d9 [ 177.662111][ C0] RDX: 0000000000000000 RSI: ffffffff8dabfef6 RDI: ffffffff8bf22980 [ 177.662119][ C0] RBP: fffffbfff1c12f50 R08: 0000000000000001 R09: ffffed101708673d [ 177.662127][ C0] R10: ffff8880b84339eb R11: 00000000ffffffff R12: 0000000000000000 [ 177.662135][ C0] R13: ffffffff8e097a80 R14: ffffffff908743d0 R15: 0000000000000000 [ 177.662146][ C0] ? ct_kernel_exit+0x139/0x190 [ 177.662164][ C0] default_idle+0x13/0x20 [ 177.662180][ C0] default_idle_call+0x6c/0xb0 [ 177.662195][ C0] do_idle+0x38d/0x510 [ 177.662210][ C0] ? __pfx_do_idle+0x10/0x10 [ 177.662226][ C0] cpu_startup_entry+0x4f/0x60 [ 177.662240][ C0] rest_init+0x16b/0x2b0 [ 177.662256][ C0] ? acpi_subsystem_init+0x133/0x180 [ 177.662270][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 177.662283][ C0] start_kernel+0x3f6/0x4d0 [ 177.662302][ C0] x86_64_start_reservations+0x18/0x30 [ 177.662321][ C0] x86_64_start_kernel+0x130/0x190 [ 177.662339][ C0] common_startup_64+0x13e/0x148 [ 177.662360][ C0] [ 185.791039][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 185.797072][ T5832] Bluetooth: hci1: command 0x0406 tx timeout [ 185.803466][ T5826] Bluetooth: hci2: command 0x0406 tx timeout [ 185.809446][ T5819] Bluetooth: hci4: command 0x0406 tx timeout [ 185.815796][ T5832] Bluetooth: hci0: command 0x0406 tx timeout