last executing test programs:

3m25.988782715s ago: executing program 1 (id=2):
io_uring_setup(0x2c4b, &(0x7f0000000200)={0x0, 0x0, 0x1000})
socket$netlink(0x10, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1bc2, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
r1 = socket$inet(0x2, 0x80001, 0x84)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x10}], 0x1}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

3m25.376206123s ago: executing program 1 (id=13):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0xb, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r4, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="e80000003f00070100000000fddbdf25027c0000d100378013000300717472283414d6bba919736d34290000080008"], 0xe8}, 0x1, 0x0, 0x0, 0xc880}, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), r4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

3m20.659354039s ago: executing program 1 (id=17):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)={0x124, 0x0, 0x2, 0x301, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_EXPECT_NAT={0xf8, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0xa0, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x1a}}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x36}}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x401}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010102}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x4}]}, @CTA_EXPECT_NAT={0x4}, @CTA_EXPECT_NAT={0x14, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

3m17.737906869s ago: executing program 1 (id=22):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv2(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000700)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$uinput_user_dev(r3, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000000020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0)
syz_emit_vhci(&(0x7f0000000dc0)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi={{0x22, 0xf}, {0x1, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4, 0x3, "95a77f", 0x2b5, 0xa}]}}}, 0x12)
sendmsg$NFT_BATCH(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x40440c4)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)

3m1.564210508s ago: executing program 32 (id=22):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv2(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000700)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$uinput_user_dev(r3, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000000020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0)
syz_emit_vhci(&(0x7f0000000dc0)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi={{0x22, 0xf}, {0x1, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4, 0x3, "95a77f", 0x2b5, 0xa}]}}}, 0x12)
sendmsg$NFT_BATCH(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x40440c4)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)

3m0.990151514s ago: executing program 3 (id=46):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv2(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000700)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$uinput_user_dev(r3, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000000020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0)
syz_emit_vhci(&(0x7f0000000dc0)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi={{0x22, 0xf}, {0x1, [{@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x4, 0x3, "95a77f", 0x2b5, 0xa}]}}}, 0x12)
sendmsg$NFT_BATCH(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x40440c4)
ioctl$BINDER_GET_EXTENDED_ERROR(0xffffffffffffffff, 0xc0046209, &(0x7f0000001340))

2m59.62014213s ago: executing program 3 (id=49):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_IOVA_RANGES(r0, 0x3b84, &(0x7f0000000100)={0x20, r1, 0x2, 0x0, &(0x7f0000000140)=[{}, {}]})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, r1, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x7, r1, 0x0, 0x0, 0x0, 0x1c})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000280)={0x18, r1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f00000002c0)={0x28, 0x7, r1, 0x0, &(0x7f0000000300)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1c, 0x2})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000340)={0x18, r1, 0x2, 0x1c})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000380)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f00000003c0)={0x18, r1})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r1, 0x0, &(0x7f0000000480)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1c, 0x2})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f00000004c0)={0x28, 0x7, r2, r1, 0x1c, 0x3, 0x2})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000500)={0x18, r2, 0x3, 0x1c})
ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000540)={0x8, r2})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000580)={0x18, r1})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f00000005c0)={0x18, 0x0, 0x1})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000600)={0x18, 0x1, 0x1, 0x0, r1})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000006c0)={0x48, 0x1, r1, 0x0, 0x1000, 0x2000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r1, 0x0, <r3=>0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1004000})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r0, 0x3ba0, &(0x7f0000000800)={0x48, 0x3, r4, 0x0, 0x1004000, 0x1000, &(0x7f0000ffc000)})
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r0, 0x3ba0, &(0x7f0000000880)={0x48, 0x4, 0x0, 0x0, 0x1000, &(0x7f0000ffc000), 0x1})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000900)={0x18, r1, 0x1000, 0x1004000})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000940)={0x8, r3})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r1, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x0, <r5=>0x0, 0x0, 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000ac0)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x0, 0x10, &(0x7f0000000b40)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL'})
ioctl$IOMMU_TEST_OP_DESTROY_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000b80)={0x48, 0x6, 0x0, 0x0, r5})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000c00)={0x18, r1})
close(0xffffffffffffffff)
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000c40)={0x18, r1})
ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r0, 0x3ba0, &(0x7f0000000c80)={0x48, 0x9, 0x0, 0x0, 0x10})
ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000d00)={0x8, r1})
close(r0)

2m57.912782943s ago: executing program 3 (id=51):
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r0 = syz_clone3(&(0x7f00000001c0)={0x201180, 0x0, 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58)
get_robust_list(r0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="200000000c14010026bd7000fbdbdf2508003d00050000000800110000000000"], 0x20}, 0x1, 0x0, 0x0, 0x8060}, 0x4000040)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
add_key(&(0x7f00000013c0)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)='[', 0xfe95, 0xffffffffffffffff)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000100)=0x1, 0x4)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8b06, &(0x7f0000000000)={'virt_wifi0\x00', @random="060000000010"})

2m54.396502935s ago: executing program 3 (id=58):
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000020000082505a5a4400000000101090244000101000000090400000302060000052406000005242000000d240f0100000000000000000009058103200000000009058202080080000009050302"], 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x400000000000003, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0x70}}, 0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040))
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0})
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$sock(r3, &(0x7f0000003fc0)=[{{&(0x7f00000007c0)=@nl=@unspec, 0x80, 0x0}}], 0x1, 0x220088c5)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000005c0))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
write$eventfd(0xffffffffffffffff, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8)
socket$key(0xf, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x8c}}, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="4400000011002901800000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

2m50.283666714s ago: executing program 3 (id=68):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000020c0), 0x2000413, &(0x7f00000002c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}})
syz_fuse_handle_req(r2, &(0x7f0000009b40)="de98ee653502c564abeb97fc678bde22efebcf99c2d89952950acc703a3c6268a54c8b1bd1ee165c82980cd315b55a070dc41deeb2d4c1842d936a0bcde5fd7ed6031fdd9cb58ebfe8261528f097f309813b5722c24a1af8e6bc6ddaef7e85d2659690154bc5e6ee73c3fe7176509ad7b30e1098fc9873db91d3c1816825e710374de8d40693578b598922d9c523cfff93a630f121251d17ad40bce021d7fd57945fe2a186618a40b5f3995a9f0ceaa3e22b57e4f68e53fffeb5474fb83afaf5cde6b0aaf5cf0313ede442ddf1df6c280921e43d80dddfd005969272e1719b37fd8f749fcde83f8201826b4cf5b1c1da394568aa7d8833dd11309f46422b0152ede5ab29b17bc1ae80147346155b20a98d6fc2650bec3fe73327c45cad1b38f7c983cd070556a8f8ed5d58e1052f6436fad905099d18fb3e62c2c36a1c2209a94c820e30e5234e77be3beb4cd183015d281e7bf39cdcf0f1e541211c75d64a49b55ba4c2c444bef36d98df66bea814bab91ed65386d6a491a6295c24dbaf752a5e7a856e0dfe46a6f9e718ca3919c6f8978b0fd65c9e389114e5afd8e9e2a575b854463b63f46d08795f0f1d0d48d6d610fd74e9238de32ee3fa2ffef550336341803c083ac1d749be6c5440bbe4bd3bc3015bcde2b4e2160ba266d281a9641f74d9348fb6fa8550d1e8a8362999452e40b75c412cfa77ab8e1aaf1a9e83c855ec9b7ada38690f0d2e59f67a1f3babbcda8011595ea720816c24726b833beaca0a9d11e7b99373601d27d18c9e29940503d3a12149fdc4fe0065c3d023d6e7712eb853df19f2b4b886e08d61629288ff16c2597d7fae5bfc8b41f92fc325ffe0f61683b1f661409bdd7c3d88a854f8393484f4669b5d9654fd3a0819a32110b9064539a7419c332629b3fc71da35b783ef7c693842ce83733a63f2e6af37989cfcb768ab8cea5d21b82a0e9f6fdcec26b0107708867dec54c4e739fe9b931b3c6da013bfae097c57f1e16ba54f9028e672511938a0ad9d681d7feebc65a2f5f588abd66261393f3ba02d7b2cf650a9f7c6a4ca55b4d41132908dc9c90e26f0da8e2259e3a2b63b2d9e27754e278827ab80438070698c690ec375a9aeb4193079a28a2a062961ba0e65af01644af063f3ebefda92c4986379f7b099b2fd3960929578736f09887fc5816cb1b982e5b121b79662d1674dd0c6e82627cf8c63e576e5c1eb0af9415ddc10ff880e8ae3ce8c4fb87b8f9d364974c2a1d8eba4e04bc2bc018bfabc435683b2551c0e4908570b930c4fd7c03ddb95e9ec1d1994e3df0305fdac4e5b914641ae25b0c469b194c0bb78ab04887cdc4262da468475b926a18254d23b4c44705aeca34ef8a7b04dd55a43f39996529a23804e054655c5ba8661f7c02737e7539650364928d62b9b8d80988232009acb54214f06640e9bc6614c0ce02e4a22dc8b91a0aad711e4fd01d7020b7c7185e41e27ce266b9f5aec682cbd4bba3240d6277b17b564937254f37afe580cba0b78c6b0cc81830eaf10d7cc1f7e918d49e935629fe6c24b4368a04af1b99f6981340ee031874f3d4b3a9ebc31719b3b775bfe1fdfa0460a3820bff6f61b49b11ac2ca00836a0c4a74aed92a619f34231196669b942e761538e64f965d23d4f7814256e876263fe5307985c4e6eb69c974f66276764e80ab1de3f5c55e7b2cfdb78dd183a85473e968918ad73f29a266c818b9bf9f62eed86df25b2577bb6d98e3996e94f5bdf119b869541a94eb3536c979c3d77cc0df7c0c48a902ca2f03f5ba5a8ef9431cf95f6fc89744e8440e1d5ebb837e30ef7541fbc27672c31566ac3676a173cb9e466a2d206ba1ebc2b985eddcd6ff937375fbc8415eba46f5ec68cfa9f3a669d41b078867dd9f5160ba4572d170b345ccb3b1b7a6d77c977533659f7c7ac22c68f5e93c1df6c2a3d45b55a4afd3355680aed864f6bbe13da2da28a4851f73c88e555f3bb1c34a21fc45ab6c28287902e8b5fcae6899c804f364cd878a8d1734462bb075cb7bc709cc2c5d7747c4c29a2fa9259752301c26b852b7993adf889d45dbe39094c9b7b168756e5b939ed10bb6df57b8f5e14352cfc7d8b03cda5b978b06cf2430af5db17177b1ef664bc4b00307f970c4fc606a6bab72125f62b0f59655c35b104da7af188a953cfc09b3aa0785abf330830fefedcc8bf9a11d5dc4b5642f679d45cb44fe61ab1d906345c1c345f6b8027bae9585580c20115d2504d9c83ab54ea2557b6d2dd3bc65fa29f091aa46a215e77621836154104e6969fa9107139a19f2e45cc6bf55422a0e1a6d037ad9e63df5f9cd2045e13ac2d6a15bc12008c4cd23782df7d41bfecc0037292d22c7b42f2cc1a22db7502332d9f4fa85f7640c8635b9469681adb6bcec2dfdf6926f1815156d80a835ae918527f549ea6df45f350f618dc1f3ca139759be28e35013034f8bbfd3fa1a8f302594213c18015305911f42e287f2d86f17d76f8a0ea03fb574c60c808669f9f4454fc2eaf0e93873f688e34bd3341f6874d5d8fe754172a751d6ab23dc1642220e7fb1071df0ee3c7e07c338915494a3b360bdc0b38ed221c2c2bc86b29744448b255802b3ddfe600c1d0f9acabb2185e4e9dae5e456d5825f516c857f63e72e4a5f3d45eaf11a0e3a5ad0ba30a0bf0f94cc99586fd202d6118bb6f9c272f6cbe39dd9b8b36ea7fa51dfe0bb87a633be11c14f5ed1bce8492387696e195fa3c5f172690b4434aa2e91ce7d225d73b1983d2605ec725aae0ae402cd2f79fc202a307f1896f3dfcf8c0fd8b841dcfeda5d65bb7d76f7c2d2eb1b164c0368e9984f320a224d7d438bc5c699acbc18a587b7589e960af114afbc9f59243646557962fc2e0cb5b5bf160a313bcfd9ade3e140b808e9f19415808aa312ae9c9e8bcd5a47fc721eda59d10670088714984a71d5c0df8b68e675a8e31ec15a92ff6a04d17e0ef849c782b302d11f742efe6486ab904fd65c0aac4ec25c6d877b453dce80e894de703aa8b1e5d00701850f149fe437fd0944cb95e54a924a49bd86bb9a602cf2904fbd9e399f1cdcd0b45b6d8f872e285f9dfeaa26aa760074651393c6451b36c643dd0b7236ec7803d69cec1b09bf1b63fbb68ad7c01507f00083b184ff01a62096f386f4c8fdc85e93eecf3f4b384aec1c10ccc60d8109a6d887bd389c3406163f9600879f0e944443d783e8644f69344f6f44f7bbf1883cda7369c9b9904d991c01552135f158a0bbb7f40c354f292c034824d82c209ebc770f5b756768ae51d45f8875b59904a07090689e65b40625566eed5d209130db812f287b966ae21ba46a3a7a3a0360a4e284d8d91ba9ed9806ea063827c8dda0fa98f758cbfa523ac645421f444a40b95bb065a64256c19354b1ad5002bb7b2add9b5236ad64e9052734b9d263515683db121b5e4dc1eab244dd8fc0fc62d962834ba0b21aad872b127afc0a33c7869a3f213519aa2ef51bab9ab28ed18859fd8239841a6668fc614dedd099121ae6c220a143c119cb9bff9068f65d0554b4c12105e59a22e91203a08ab8c718ec62c42d7ebb7b495e9e1be8fb7e4aab2777025da37b48d9d7b97578841a73898a6eab994e250106e096390c77b0600537be881ab7d81e3cb468bf1fe318b1e804d8df9875e9b8da22e6244997317391cce608085a28b8d070d654a29afab324ba3eecf427b6dfd43501ec0db919f71a932897eb37fe3bd64ab5a34ec60011696298b74ddd7a3710d3e444cedcc5cdc357f9dd58e67dc0ed3fc8df6dad82b3c00b4290c3280c28f78df052ec9cdd9df025abe8834616eddd5bb93379c69092911cd60761e7d14b426a83e335bfc8bf67a14e01df7cefb6023f0c6556534b975ed889de0d96d968526372402ce3d21a2c5c64a449dc3ba4ee0b5ceabc2fa29679e225681c8e946dc94b48af024bb1633e1860c7d8c14500967f24e2f8f46db537232a4e9f4abf8408f53bb52b035bdb89917a6f2f4bd22403ad002c2d936b785ecd965177e9f6235787a185d0eca92532f1aab16756ae86ece13925ba4a1fd08125102ae08c428d073aa426c4e792b5a4acf618605df1707021ce1eed62da4ee87334e34edf43338a0076b8ec739e2c31071e10c6a853e19fbf25b8a356527a67c8f7696dc184e374f4641f4e5b0aa345f1e6c4bfeba3a392d9a994bc271717a051c98d6c5b1f3296caf4c01d80ffb75b6fbdd0a0583f9d4695a44a2878df0c09a85aaab14522320cc3d2611603a34e52da03677a60cc87cc3c689975e5b5366c82e040b6643b8865d8bea0c84cef9ff85245a8b4bc41af1a50775b29fe55e42ac4b29fe80ddaf02e8c9bd07cab823f3d9021ac88236525ec045688a2fc9c6df66f549b10720cebf09ead919524f071cd128fb7575c84190c698b420f89b3c11195b5d83022d1f7e48afc21203995caf8f9286dcd5bd51b65c1af1caadf5a1b3f12579066855ff851075adb959dc3e086a7fb4e9a27fe80e8f3c0959b042486310ae7b785b0612e0385e36f50d4cae3474dd000c3957955534b4907b9480e2e5d83dedbeb76cb78d893c5b64dd51e31abc8e8b4c56b96f67c4b6e43861d91681af3270aae1a8f50712bd97326ee46a2640285b2902f051071d5a3400e99b76459956ac6908688c314bd8e54365383a65b186a6386cc5218e41e0b386759de81bccf5aa68f8608831a9d33ad1af2bdbd8579c5921cd8c3dd2f3bf1f123c742e118c76e2f43618bb7885e44826b7417c9ca5a139d774c16fbf74c8969c038ba6a54f27bab46ecc94d6455188d8dc1edf1da715c8d9976226877096df4158eeecced2248c7b88de0dd11a076db1f06bae4adba8286dc39aa62a55233886e011622ae1cf97238914a55078a78908145295777dbbc4e0d34364e0f3daa9eba6fa54c085777b18c0523818ff8710dee4bfeb3db549c3f38dde73b99a7b1b219282407a4e0ab3794089e21f6f2045ab6254ac3703903edb302fb2f0f97e47cca7969ad6b5b6cf27314137a04d5f4f29c193cfc5540592ab1342a1a9cbd514a7b4d6b23f724a5d7bfa6ffe8e3d9de29b8661139f179a0fafecf234f19bee75c25faffc765e02377d83e0ad0a0029c08f5c71595bc1b2fe88f0fe958f3f1f8ba6821ab834cab9bc902b2d47bd4b5ed52b5b0d7b3bc999b2f68879be39ddcb0428ce3a617b68c11459b746651f413d9e9a098cd2b5c0fcfd0ea1db2cde1672818d7bc73b053015692f9e9259a0153e3c9ac5e73e3343dd350cfbcaa57be93cc881a35063aec2db4ed71df2b1bd90b5ecbd84f399d4530c5450d622188423e151cec49673dc633e503c497d53843f4824750dc09abae9f2f465e92888715b6879f5edbab7bcd58f0899e1430ffb5f3063450945cb0fb3b5c3088ed6966c54dddae3aab489a80341b45a17cac02ae62749f209a7e16ecdfd86b43569c7b34511c65474acf2b2c18834e158e20957bf2320e4a6b9d63caea93b3a7dd4f7ba54443aba1ac2b6f2b27e1bf6f17d3fd1582462e0debc7069bb70e219654cbb99adfed54ab94329382163f2ab6710bb581d189cb3449a02c917c1f2d1d5f51958ce605fdb0e37ae5f3cb3f123276d43b2c26ea948dee863e0b679ecddf0fe41ce78bbca30167c9c7d6b0e9193c98090facd7205a490727e1ac49bb4d639348a32546007459c61c27bf8df87dd2ed3f3228b8193422a72d15f848bac13c6ffa7b8a767cf04866feb7c7a81267d7a8e890128d4709e4873223578aa7febdd562403c6092c0a3f6e0650772ede935ab6ef95e375bcbfa395e23ef1d73532388b845a95f158dc845a123f798176c73e177926d39abd38a910d40653006375110be2f2c5f6efc87b31908be36dd07c8ba5853519a37dfc4dea981af855293f49a3270bb67cdc17b780fbf2a418fcec8953dae927909a6bbbdce230d23113efad9c02474682dafc63311050cb4f3f86c282ff29728eefac5c678360122b4ce221bcec82d24e053b63972d2e9a631a180b48bb8d2d4de7254d91a856071df51a1d87ca7eb5d19ac3def1fdd6ebd8f57c2c9e43cb6ff2fa00d27f279368f5ee29a84ba219a51d1f0f1965781164edbb3aa6209fbce6d40284fbb4a33f59bf9e1248100a623de16613eebc11f510b7718dde9f13b4c9b2b6a10dd932696cdb7fa4b5733b0377453471462762457d42038ebf8c0fb392ca7656ad1f050c326de75fffc698c48f5d809ae360ddb9856b9a54b811073233294bf91e46414441b6665f432201da12e49718b0d7929b6cbcbf310a09ce0d22f07ee5cfa8ffb9f03acd224641171ffafdf50f18be8fa3c907226cc1a6f3b16a776781a6396dbf09f689ad6bba4d537dad490a6f036a45ee3e224e6f519e44b7352ee3e7d3f0d89f8c7c8f54b6d2698c0298a07866c9d9ca09c96c2ac8efd7974294df6dd1bb0598debadb6135e7123bbfddf84870de54476a291586fc0e64784e65fdf78d462e8b51cbac38e7ff1878b11418f188220e3deb5367a2d90ad7d44395f6965cc6d680c59daac268c16814d1085302d0453b48e4a8ae78b8a5b6951a875ef42776f6d11955da7e5734a72b61cefcc6889b8f8d58db51ee78d7b1a8ffebd90e15a64654054767aaec24dd3b5f338b572496c8731049c10622b7f54fdfa43aaea316946291fee7bc9e64640e8bccf33fd1e8693b67020b49cf77faaaa8269e2fecc4e2b43c8c3378a4a9b9b85a4fe2c346c5512cda631542e0ff5706eba996f4f72e629b076d6be1966d44b1835ce664e3c6a4f18c68f5e32f900a0a167e547d5aa79c0aede966f83d00366a623ef8107e328654c8558d5e606f69a12b6c2a6fcbe0e08f945c4ad2738ed0b28d79c98514abe0819569c6e4f4751c665fd651aaa9ee392c330560ef6d57c0a97f0764f88433b2bf7641ba391634316b0ee1dac23a63be21270e50ea1ac24ac3b429a0b46c38dbd48c540bfb1e141b8b3df6caa179c7e54f2b7b1371e8eb05a30f13da95200ab70dc58325f6bea0ee9fe1f04154998df393f2b4ff4431363f3a7450fa5210e883d67620ae63cc41f72e74e26a0244de1ac722b6f1c1d293f7483b331a0efda65a4e4e9144547fe6dce2f4535e29048b07079329b63754bb124b9e046a6e97929b1f4a387765bf93804530791c9f649db6efbebebf46fa4f9af7ff2587130d0e70a32d4aab1dfbee6aadd1f3e5317e3d4c8cde75b1479bc3dd16ea35db3dca11cf1eb1d2bbac60b83605e171619d85fd4b6d0e24be8db76df12efef05eb87473b832e59f3039df44ef034e5e7546b399cc817a41b2f020286ff139072a5b909ebb185a3c955cf88f4a9929b2112e0a9ab43da0288ce3ea268ccc9f46f852d387f5d0a2831dfc8cb0bf593905ba376c069b8c9b70558ec826c5bf9835031199c4c6d84c913da7e9e7db49c1d34511d917b9ad3c40af0598737d58fd61b8f2adc46b73a284957a99943cf73414412fa5440a5f85b63c20794d122c267fba72bfcd0e2741642fd8ff5a0ae1ffd8b30d852c053d0e31f505ca13a21c0223a8ee77cdd92de1b9f87ebee4ea332e9d4573d7efb2ad3f50c35fb7a596c4edb4b72bf6df5a16ffe3c8a236f2cab8c0712ac26c2cbcc68c1dc45209b579c952c7d645642aeed7d60407ee2dc168179d536da950108e962c5c976d3a05bf5142466ee38939ee94e707a0135f99c99b5d6376f63c711e4f64950f08dbc931c812f34735d9eb1c5997770d8159068cdca2e0f192311ca438d613728b544d6a3e50ae0e4e6b1eb611ce55a96bb2f991d49173073d8547f5ede69d8b587a34bb8f637297a15ab4fc45f1384bbd19b3feab5fb81322ba831386eeb6067e55af374c1b1eb9613a6c41dfe2bbbcfad157dd042c67c44400b350f0dc40a8611f2e947f32ea3ac3f609027b5dbc95b157c13216fe7c35edcc82950bd4e38bcb02b63d2576489c331a222e013e73b5333694889b184bedbbb6fdd6fd40a62b1d5d494e68cd2aefc264f74bf70ef38373e599faaa326f574ae32b1aad86854af22db8c9673d14666aa7c0c3bbe0d76a835ba4b391552777ed20c5c6cd0aa84f3be73ca0a3c128914107fb8fc02220317fb111cf13398480cd3325582a7e55f4c4ef5a258bcd01a97615e95f89c8064d41d04340b88cd5f4b1d827a030637145d98422facadbbbce97dc3060402a7bfa73d7b4dde53184a0923c0ee29c6e8e2c35e396808df2481af6aab053b619fcb2833f14f87051c5461567c5f8dd40383a7521971775493f896e18c78bad8219f88258ea686652780c03ebafb63ecbfcb23e24d52a2f88a77ed3b2280637807a5e155f4fad7149b76841772471a3b77aa42e8058c0af1ac2be9d88b5152851708f1a77582b3e31702864ee6a244a38f3f95d9797a60cddeb5ddf08cc48fc677f03f9e717ebe7f472883e5a6a7df31ca4272228f26991460c537ebc8aecb6a0c34a763eb1f57124fbfafd6db4c21bedf6723b252aeb21eb1fd9f4f811fd3e2e764422964761b2ef3aaaf986a48f7be66f6387578f9492feebc97dfbc6bc97380394a5635dbe582e52a1fb18ea8fc4e53974c63d198cf0d878ba8a8d58688a037c0f753c7073337ef3da4c134ef939c98c8806d09943591e6013a1342de7c722f993fd7eb36ba8e8407d1ea60eb5724b0d6262c70469dbd8ea1956b8d7f5a77707a9cbe2137079e7abda3966c5bee4fd86e8a3c4969bc88ff328a2adc8f4546f647575866d5ced16df06bf40d9a5f178f9d19e490bd76e187c441e7de0e571f6cea5512ec9bea48903d91a519dc82defe34a06b0244d623090b5a250786bbc66c1e76db6b18d81ed33c81a7c93782d5cdbe0a7cf7d1ab29c04be6ff4a9bbc10f716a67d52fd52d91425abd2002cf83c3797861db5fbeaec745a552ca4a50604340f2cf2c1b10e9ba76c8ea43b283c73f774f8be213f17f70cf93b9f6a8bab1f516a935e80c3cc6756945edafd572e6e00840eedf61fc40351869f03562d8c13006de585a1141c02f1311fbc8e45e4b3878c32810698e4764a6e8495f165eefee35714a1794f9ab50897c5565ab745425933d9d6272a172c1f2a274f9ca7bc8e1b01a27b8bd06fd9dc61880789696348c99e9a70c9dd2a62ca04d1f86dc87380b618c2a78b16229d614702fce242fa17ea90cda2648f9375bf7e78b4267d558983e08a9566d95871998d23cc6d22c23370ae067b677609844abc140df81cbd9addbf657fffaab5c22c479acca18f3e4b508cf01ff7b2ca308ff116389790f26f2c7635f89c747a5bc66f61de575653069349a89fd7e3dd785266b7bccf16eb8b4a8a86751de60d33e17d64f6e4e0f9d13a16d243ad7364114db7ad011f094c4debf20a39e35e7eeb440bbe8811db2857b965edd1e2675ceb1bc9a1691f123dedb341962fbbe539485d2241b0409adce2587d035187a0dd5a62076ac4eb5c3e2f4455569b6eac0fc16155da1774cbe505dc92e2087585a7846bae699bef32e3c5ec2356dd4433ed29d4b03ff7b38f7b3cb96b92874eefda6c2e0e326214e40f14cc2ef80e1cd3fe226257a423b8ff5bb368b87ac7066c5136487775b5b122a858334c37f6a3f53d758c3c866e2e79daf9aeab36a59eddbae2fa5b6d20973014196ef0a4cde1373c7297833e6f1e46828f4a42eebd829dd4f17999abe285218ed5dc6007b21bceb588a213b29dbb1ab1a79b41a12df26fe35f0cf6a310c9e50cf10d71ad5960626e4efec211032ec4ae52512001362ba4108d86eb774d2d4d0364cbb1dae68f03a774e328c2dc09899ee80c05ac2a8e3ba905b0b3b7a08a3df20b505901123e7dc0a15db48d09c84189ca4345c23c2010c12cc35287fad30211cab9631e148a7c1e8bfab61ced30e098d1c3cf7b6a7fbd8288dfdc48044d0d47c17f129f6b5d751af1984d395ab1b08ccca3e7309a89a8a36dfc3fb82d2a4269bffc32571438d04a7b98137b46ae1fea1bd9ea64f99e2f0c5f12ed84886b10bbd511993b0447036c4e57b9dae6d5bdad6aa3f2d12e62471194e43111613b8b6944c2baf1f539ea14dd76c356bfef7e3d4b6fb91f6d321a796a4bce5a4c6a5caaf0f3eccd914dea21ae909be7ba486075ff6139e7e351fdd7e98013ba51ff0248852398c734f245ffd7fde8cacfa4805496ad7350b1c96d7bf9da9be492f2f414e973937ac9109b6e8b8315aa9b81840f2c21239caf85a28f0e590bb6ad12148e75bd4d7ea69a9ffb053781db98d5fb5aca30a734017be7683a559c203c006ecd4b135afe3650b906e0aa208c889f2af09f3f8263260c3bd07cf8021124b6f0e0d021f9839e47996905c3d7562df810484552de3bcc9ae054b62a01af6a7991e4d63f30c7a92d8b58e01052e53818e64d7540a3208af321709a5d891ceecae5d27a999b00ed01616a73ec8854ca61973ed1fd3d82f8628b215c55eb7908e297d77098a7b0c362709005a7d13c89c54556589b2a926c6e08cc1c0afebc7eeb5d7ae4ef0507c91b8e706e6dbf83d898819192c812554ad1c6377871a8ca50f1325630f7b5266b807ef61d0c8d399fada49cb02a14c16d39f4fa7b81272573808e761c9dce7cfd12f4f18dd06b0ee471c166e095bf84aa4aaa2d82f1afcf09e5d960257c0a8dc404225b4b62187829c59e57da50bf848d72fabfb69362c117c6913541f84095a2a4ccdd2d30860cd96640bb2315e435a4af08c62c584ad129300adb02a871f3c548b96c4f6c47efdf4a1163a8a5ba9b4766b01437bc5957324660a8cd87df0f7e000d1309e896e3ce9f57b17562c9368a95a4cf66b3a5b57f0cca563b045452bbc8ad07b96fd0322728ccb3b05bfda14ef36ecfa2f32c5aa899811a67f2d62ed970db5723d6e4e4913c98c81ed6c03469112c23549f7e20be6401c6544db9078f34e6a4ad3cc868bace2e7ec6ea17225986f9e941ec67d9a3fc57958f9df8a60f585aa38b1769e26ed3f68dd85685b2cefae9dd72a18abc0de6b94689785df377ef4a812a6abc7f738a396f0e99ccbc5731801c36e746ab6b1dda88ca6ecb899528e18543cb3dfd439cd5be566594f01a4533da3638e6331fedf5b67870938ad044aa0dfdae33e3a6258ad40baadd726eacb1f3c1eb8d83ef4e185d7603a4f1eb006d90bf5849e2f65d37ffe750eb061bbad08a0c0cfabb9abf7f27d36ee5687d23feaa923e09d2ae905410a9193f21ed9b1d6331bb1f3babb90da2f2e023a6ceda4b4fe0f5d864738ee7f65a0b136021fbe076b4adf2d3af760e1361bad7ae35cb7ca010ddf4488255a2d3c492d0b26a1a5643f998b5d04a52a59f176d9bda85c916ff901329f09fe953b030b92f6415172489d3e8cdcb4eda7dde5d4fcd5d6a584a312563558e784b0f9bcea7c53d26c3f2d3350c70a5e06a67c4c0373dd6279e29c320e6580fba8ab2df3039c289235c066af1b07dd112f25b25e292020f36c1aba246cba4e054d64b38f53ed57a712dffad7d3dc97f86af511638a2779107fc55da63b6498ea5f3ae36883163e5bf2324211a61a9889278f828e58daae797fdba9218d322da7aa23db7a48a00", 0x2000, &(0x7f0000000840)={&(0x7f00000003c0)={0x50, 0x0, 0x8000000000203, {0x7, 0x29, 0xcf940281, 0x702000a1, 0x1, 0x1, 0x4, 0x1801, 0x0, 0x0, 0x20, 0x2000009e}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r2, &(0x7f00000042c0)="0d9ec529eb18ec94a35378619cb10ff8c913f67139447b7ee0cca809e36c363ba1d3975a7446b70c6bdd99e2cff540eda7589ea89efeb498df568916036f0848ede5f089bf502b483c67c0432c34b98b1bc085a99e2981103397e0b0eed2ec64c1075798b56a42ea532091f5326c97622a47c53fbf42e71c3ed4b954c559424b49a13598c6c63ef65b62384b038b3e6e98ebecd178289831eaecd986a01c751e8cca7a57c009f2b5310fe9dd8a63b91c4b5b13d1c44d2b874b32ae3e961b9e96a511ffaa3ed20248dfb470460d305e44ffcd287b355380319fd31f7538c6d00de06ddb8f72b3a59c4699c94d7379e1e190c6dd7786e12096f9e963a038b6b4375535047135ecc07b16035ceeb27ed09d77f52b6eae27a03071e060b05bf347b9ba44a984e5db346d230ae9c5324ecfd4e7725bc5019a9f4d20237c820359d73b82f9c668ae71f6b85d5350140a16f988bb2b8010effb52636e0b728be1b1ed37c1b8868ec67edd52951dbf65b479aa25e92667a98c755d88995e6303a48a64317bd4b201fc6dea59381abfb5e0fb1035bbd32a97a6324b08f404fe3991879a0c6362032864031737941d9cc534697da61a43c8723ecd1062906b65c504d86383cdf9631f228372b13aee64f8ea8db00dffc37fa092ab5daeb7431dab37091c44f91c9202df60876a6e06ceee3e6a095406fe5cc1f83de1a4adf36fbef5a94a622132cc85e56fb53a9cff67bc69a24d8c259ccfe19b1925061f0cad95d6b4158c1394b8acfa9a8f52a566c6cb4e0b14dd30c85b309289a5f395e01d981735f6fce6ab30994643d70b2f322b7a233a339e621ea2eb00a0082a175c231b330a58062680546c28db8ff5b7e66c0e3df0a9b74ab72abfd241fcbe1e3d27a2d1eab44cf88180dcef4482c866324133f9e4780b891a7c5000b005cab0c131c225e944fd1aab5de9e8d17b8770b4472b6e4a13b6cce90ba152e5144acf74cd8a9821ce3eae72dc7ddc81b76482226098329c3a8ecb923822610aa0b086f44329522dd8f9ae355b4666d1a10911ef8e21377578b42fe6ee0b2a77917157488d6e0bb388951f80551dcaebf212b396d1f922aec595bd340390d310f6006c4b3efdd80838f39d25470db39d6205ba8f52bac634f8145a3c10ed007acc2f25c5dbfe911f18f44a0c57cee33725eb8c5f2d9112f91787c2c323b67b67d9d1f593f16430d77189d4678fd8d7c11c1f2d744ad59a03a8cffc52ee0293c90b00d61897c80184aa63fcf43c109b06af20c808035af0a0bf9cbe544681768f92a2ebe3b4458dd020fb0550822bc2f769631e00d63bd91e7100299bbc4ce53a35e993e24028dc5c81d46f5377d21f2f38a9688ed981044346b865161b68f3390a50c2e625052396cdb6637e9434904c63d8ca45aa2325626293cdd9cd0179b1d995be10281fa8d281db16320f520e42af268ff30dc2d8885aa3d9e7f294eadb4d827d195cd5d18632928f2153261345c231efd143288b881638b61dc5dab8114c1948d83b8ac4e278f131ec3eef4e87e43a36f4b41a699a741ef3a7cd4f0bc5dbd2dffb1d223a5c5b38b98e49092631a176d15c4f3c077d639726a3482bf2fdc73c2bdb09208aaf90bc64b5fee89d231bb1679de3e5d31662db2c5824ce9941f94500e5a11b8fe79da548efed8cc44e9bc1d5175dd77fc16f8219a83b83ccca2181bf411b0945312598817e08e5277530eccffff17d198613cc8c991349141ced56e79031ab6cb98f3f39e5f20bac76017083041a1ee99ca257d0e0cf95e59617139afb08cf0c6a607d3f2ac2b5d3f4394a4a063c9769bb884ec522d46138228c7e9b5c7ea5e3a6c70815b565ce15a13fd0a5deb28e710c15fe25c744b430b4f6482532fb96566381c56e12632cab5acb5e08d6f973003c96a7d81ff76966e0f93c83c462bfcef230939e48c4983bfed78f68b0f540d1fff2196cbd1f1c1a1c310ec10f5a2745407000bc6db1fcc8540282cc7e96cf5582c4eaf874a2fe6369534176429b7505eb0aade883260806be2d86a42e76b315a76e5f686ca669f49e1f9054a77b8eaff14a43e9a9801244e8e94ff50a17b60dee0122ea70819bae3375070466c7f202c4ea0fc0c9aaae50c43cb65febea224c2b554e937f67689b3e18ed543749a7ef0997a7a7530b918c4ef935137137e1ee7e6a8919fb76a8f008ddcc2d8b2e18f3eb90f7a13cf4f49170ccf50c75de82e92a5e2d1f311e59071ff202b6cae4d6243fc3787cb9fbd401938cc18dcf5620f8b8f74e9e3b13dcde85ef896f31f5a2458118addae77206ab1506882f91873b4828950a7b91ddae74888155a9c486c7c60492813ac0e33362dc4e21e00538e5b05b78271d82486a0d156d4a5a07085bb1cd74f5d63763f18648a489352b5d05107909fe54b5d332cde2900c82c150b11071e028eeb275cc9a9614f1eda4e4830b128870e732d473100c24152aff2aa1659daa65d7e9591ebfcae5dca4e84c9a0965a01668e59843ef4a093d9b01067a0ae9d09e3d810c2cb63600ee05b10fc8685e8cb150e2d6d75baecfb8762f7a7d131417eb0721e19e1d21f5adcc1e09489f06b81d91b48608107fc7b3853e214a3c786a9812113ccbcf09907506d0e9cd72c79793584b4fe06a18a627bd969f628a5936367961f1e7d117d03a8fabc85f5ecdd0ddcfae49aa293893a2e5ae376be11031abc0e05ff250b35926345b52f8d3dc02b7497f7513e759247353db9b8e493120e73981aef4c4d9747621537a089848754c14cda1cad18084274e98ea2bf7400ca846184e0e31a571f9bd770222b1038a4ce60dcf8fe9cca4d60048cc29c37c1345de992e9dc7128ef093c1ce80232a88a3da7ae8bc87120c5b1f405d5186141288998fed9e021cd0ad6b12b51c217849390be3ea00cbd6c755958140bfb9b2a2765ad1f51ac045fdc5c28ee5886b1436015b88bd90d19328f91394110b0d891678e63b63d6cc4d35279f6f616d7692c6fe177a79d80ae8f7e4ad5078d8d7096f3ee664dcdb2f634eba98f4788de1f5e34f32ef09e2f0aee4fdc5bec4bc4aeec5721ac3a2da1bf52da017c3312095403d50dcde39671242b610f13132773796557f71455376a7741ab242a9fc94464180bf224d5e8c79b462e3a816f6c08ab0f5503386d34ddfd808b4b8d5d333548d4b873923c6c297b2fa1abe433ec9264385c50dca40316c37ed85db382e7c853ba331c727043cb3345de9f89b1c804e98205eda3d6b6e042c9c41877d456dcb8f12663e6dc1ba809229536fbcc4c58d01a137eb80af8596dfc7b5fa7a044cd141238aa82e440526e55a28c4ed2f4b26157a0eebb4a77c5ab66fcce2602e1a70aea07e5e7e7e5321d58ad128a5ea6b574730037f24a7300e0ad6fc96bd18e03763bbbf21bd3c388aff1cc5ea13728ba2f8e1eb70148d2603e55bb01cce0763c2020b5627a0ccb35ae3a9b3df380e6d9800d9506219a90971a3b8bde1dae6a43fce2aaecbc026be8f4e9bd749e10c87ed7d78f92014342fa449eef28e7175548e5a8ec4fe7d31fc86737aee63ef40b54485380b6898161676f0d82f76113b12a529fbce4482dd278a90aa416077c677aea623ddb3761bc81527ab7e3d73a3b4c8c3e4352c7c083cee8953ebd972a83caed837587e8d7cf360f28ce6ca71de75c9174e8744ba1098513bb6c7fdc6a3c7c8e5870223d6cc0b18b5d6edea926d5376aeb85488d3712e8f67128f0d3fb2b42f82363a0d4c1c806ff283f6e4ddc10ce4a0803be66a247207d6606c7dd67cd293dada159016d7fd7e88c4df53d09bdd9fd9fa3c732da45fb92bdf6f442eda15edd97bf1928a7699008f0b482240a684ff5efef0cadbf1b4f16888650d59b2bdaeae0d1112a79c5522dd0933ccc16fed7cd0ccabe929f625de8947b3b1532dc04253cca988a1584df2b31492b19410d6f681d614eaa20029592c00c948a98973a9fba87f1397f8859ba543edeb5c0b0db92f65462a1103947d780b539433332d65bd1418bc00c9e815f73e0cc0aca5fcc9f95f707c455013a55a0c4a29093b05b94edc5b5284ec7ccf3ec091002b4229036c174e2927127f40769ece890612bbeb960d9392f442765a2ca8990c52ad7d4441e975a7cf079d139945f2b2a8a34f0e85d76cbc96efbb52cf8b5ae681234e14b6648244d41cfee2d9b189cd831cc2f31ae7e5f11aaaff1629f8c2cf73494ac38e58da7010dd986f8b6134ee0dabfdcb30617d15720cffbec7651f22253aea21696d2ece4fe026543ea2f3473e4c12e65dbb3cbf764ffa0b3a396382b9b7f0c24eaaf3495554b2319b66f3cabf01a8d6cfd1382d94ab71cd11eae2a42e4dc841d4a9732c395688d3377c8ccff7e3f88a3129855a5f41a7de6b6a9ac40a87c288f4821295edfc4f5b8fe5a1fc0162e9820205c809935cc6047e8a835c651be02fb41c21de30ac770d7a7f2108c6a3f1cf2649cac444f028a6ebf4db422cbbdb7fd0cb39109a3130ffae17810bb58f5c557c99670224c2678fa07f1064911e6c665c0d1c26cd2f40f7089789208a48eb339bb8885910e035b4b8c69b1c3ad79270ac6e70b963493a6628b90501822878cdfac866268d914d8af2814612b0198f9e4c6b48e739e414d61f34e2f69ff7cdc4fc7ffe45a64c5faf191ef6c4e31cecebe09a2f6a63d60926ebaa7e925ccea5c93e403c7ec0ee55423ce4893471440006d4c09c141e489dda5577f73b57ecfc764ee5bc1bc88f7866dc6a494e3ee560c956dc12ae51842030251f1cedf2caca15549d0bb4ee3bef03702197350cd7586b5916ef6a0abcb5f30548d22ce5d8c4dbd82030b8d7b5481c51676b7d14d35c20346c74dcc7d96ea0b13f890f755a219993e88739da8246283ebbd82eb1b15956b5ec16ad523768c19ceba9199f97d7bb43b85fa11349ff7fb89a97b463b34c584ae9e2af6c8f20ab528750a22ff6c2297e400065fbd9a4660ec2c658afff6db9b67070352d2aa5e6cfe534eeb5ff271575b828dfd7f537e3627a1a6419ed0c84297fc3d362a52f3860a2eb7ae0a50f06d3c68c4a1463ec331ead7af2dba792332218b04d5b585de1a471d296df6e10316852d50f211e07643f749a1d75410e66e47db40bfcefe4b708d0b2879a50ccbd85939b89fe4b905a6a89a2d5a4e28d18c048e66108a06d8b6a64ec5737b5ae283d914484167c8ac7dde7ec007aad1999854c4d6a0e5f887f99de3662610d5e8d49bac7d41d6fb7d90b4b04939638e2151ba67e75362aded50edfb7d9919b345b5b7df6a909193ce64b20470e3480c68bd764968f4d8a5779ffd9a35e58558272a214ae26a094360b9f2ec97c5e0a7693f4b7509b962cd8537e90ce7be70b54e9531e7295f894b94566df49c50c2265842392dff50e17ed3f7beb9ba4ad0520a73db1d8d3b39759e7fffcbf26517316bc74437fef944fc915ec24affc1a53748cfc883e3ddea9e25063ea8383b06f0d5c9db13a0ff335f52699226b391543060ae5e2c25b585b9efdd5ff9495a4873cac58b5feff5f08717b04e81bfea349accc58fcc6a6505de3aa6ff4985d9c38bb83e8daa663ccb356df3ed52343ed7723687e416816f987c565eae22c7548c1d6b56a5b6819583da0ddf92739f65e604e37b3275a6cb1252d4ef7a515c4b1e9068d714be80066bf0d422f1e4d2ce6f95c9eac081d6e4596a6a8e16a57b732b575b7de16f176ff0e34e84b293d3fd77fa30a7b7cf12a1edd54170e56bf7f2d40620ad56acbc5cc615556300ff9e95ce3dda93c8333f23f0d97a5da12a0fe58f95d6b911f614563d343ac6e4f9fee1d149c94fc75a97ac839b6d8d7b27c5efb870d2bfc6dbe6b688490b23597d83982d7858215c59011042b1957a0b386842621c72f89a9b524008794ffa0c179753ab48d0f73e5ff13624b3b90287edaf6a5367dcfe4094a21ffad3e881b428b77ccac6924d5bde9c781d4189654d8f29885fbde07e6334c6406dd3ece359c6ac7c6147f5c4906e56764e9980a669bfdddd9eb780e7f9988630d1eb098b3e4fd4c795f11441fb6d0ff7cf086eb291b1ec8d90092e1eaf9722ccdcd15408617cdb8c49043bf71a6ea0ee6b7e840344fbcd377b995bfb1faf22754fcb363f6c630501b619bbd87cc13d5df0948a176771d2d69236eb50dd313817d9687967e7d71f854db6bff803f4501d999dfe3da37ccfdf894a7914c4c113fa7a18c3468a52d646a5070614a6f02b7ff21c9f6927f5de55be85ba815f4bb9e29f26a94423c58338947c804e0627d69bc5a6e93fc5fe8cae851700253f2d494622c6127b4d77bf54a1ac27957234628cbe2fea1729ec53be7d90806d510ccddfd76fab1b9bf1207db8b05c3eaa88fa4c0a5db13cec9310f4e02c1d8114705446fd6649df3829aa12786b8d10b4540d8c1f1c8208c4b41998435e3fa1ec5199cb2d3d0c5c04c5e0b3ffd69112252106bb39333ff23b38d167a9b45ad1bdabf434c8695e2676d461b34c5f048e70b67a44d824baa090c8be13a22ef0d0970cc7a94ed4b77bfc3a40427c6c11abd2b415817243f6801d535a3adc9924a1671b645100e822a0c1876a37d9c9e230e3d762f1cfbb89a8b28255ba4cc5b46cb1635cf185578fa068b68bac93991982b48e7faacc09745a7e33bb12de6b25a2342a7e03cff06dde29b4d05de84e56c78fc6d9dcd180438da3136767d5846bfe7168faeac5b9434394bd747126c5c1ecc6621d10817ce9b6540433828a3bb8f6da0cd8f2b54a47cd5473f6bc3dc1234bd115a6890aa678d1bce7840d7a4559cda556740860079e46217c20e45ee59b8b7078d9b70cb6a249eb2e5e4071d044f456fb61649f261689b8d7a532afaf88eb30041242ce491fb7e654a1f06add370e2706f75c2fe1afe8e065804414c660ec4d96f496b1ad87592de8b7d04baa7ab142f580f262c64c57fce8ef933f18904f001809cfdf94eb679c9eced5d125b4f1d0064ca2ccf5eaf61bb7841bd408ae213deeb15d860f7ee7224b9d2dd38ee9f6c3fca6590335715c218db8f8c98e6339a6944817a1ce2e115ae984699861631b9893c143f594d6dde0895a0c7edb9912f3fcd8fd0765227b3963033306d15711387044bc373ac10d7be73cd80f1a79cf1ea0989ea9ae8a0dbbd1227bc33df652792a6bd95f1d21c6497c4c35b9a1eadc0217e322285a2eb832753aae74ef42fc983e58a126b7c23e4b0bac16f0de1eff7d41477bb25052f32cc9cc956ebd209d6b945b1fa9182857e180672a6be7edeb5234830668b1ea749d0a0dd3a244684d4dd76221c3bdf98c2f1eacb7a6dcccafd249b0ba2592c88790de40895799ea4dfb045cc2392dbb623bfe420b24e5a425b84a4b24d787a68bbec9db363ac4e9453df597f0224d8b7b21629e1989e53accbae97e189cf9b59ebf8bb89591fe3fda450af548ffc46eff98b5216e238a9246e2fb95810f8f4d89504633a6d223484a765b9e6e5497159b31c51fa6cc10641bafa81b10c5ab853f3136fa1b4334bcbde99cb4689f077ca3c29c2f1aca2a05762943073d5992aac4d9b0d411ba25905c34fd02b8eb7b9db375a6f6516446cc195eb55eda1e007e26328e9e2642a9c4e90c56440cc60a1db77713860a56820901b3022d55c621e9d54f759dd17fc5b59331c63cf30e07081bf0cdee6cc94ddfe8c6179e7ed86607d4ba7d5f1e97fbc1139b43ae5fd04c1c715f4600f028d0852a421d472b1b48e591b6edfebcd86be3db2caf967b06776096e14f0deffc9bb126ec329c49ada996b963e942d9c404967dc23bdbd0eee951b2879f2ef7ae224d4ff25edac4ddeb2c0b8e579af283e87c625d3fae5286fa855930e45207af7054763937a9247dc38e37e6dee2e325b617280846012e463707b6ccfa2fc399a66e534221a45626cd18c79d46f5c77c2d359e19ea870cd230709b5e33cd52fd43388ef91dea0a1e0df6c72688d9fd32bb67f489a3618604ef1dfa0d7f569d40cc68e39994e4edab4007c988998f59485ce4723c1eeb7c72f7e833418bab47735a91c7ab24e8555d2ccf3a812b6c634c0c3a68271ec8b536aaa442e056945feca6fb4e54d2cf60a0334f494b2bdb6fbd597de0ce9d2cf03333a0c7121e086aa4c657360fbfb60f3ce0fc0d90ff12b03464e8ff0e5e546ff79735c5c800a0f9b680a478c772f60173a760e280d8287681986038444f2103e2894d5809d062cfe8380e34bca86475da3d7634131c2a8cdc98c5927bc137db61f94eaf9a74f87cc85072c201766eae17fbd5b732859fb1b1c980b36e377aa41a95bca18ccea529420e742899af7b968c1fb9c0d181da9f86358dbeea877c3e9123a9289c362fa61d96c707ac94b427318a1e5f21078aa9d1fd7a52704e0d73e527f3ca65b7b459734dd30db5335c450f1dbcc1e4259d657d13b6d6b4adddc3d0eae034d1878cd0aa1825991d75f8e6b5b4c0d6d17e8ce709b19ff794a8ef856abdfac65cd13631f1b66b20f2ebf2f3122d18e03cbfff88206a5998fc3cb2b40634fcecdb8f5bdbfe044dbf169ccd2cd60f7bf033272f38f587943fcc75d2d65d9028c02891c8415706c2b2459b7a3c5cc82b0446088d3b3bcc033ad453136afd4ac4678320fc17288dbfa1c5180ad57508a2a298ed4ebc716ede34fded574d9779be5d56517d4dd40f197312390c488f46914b0927b13901ce70c1684801f2811168fab533998a1fdabbb6e683abfa021f6b80077f19455c34cecf5dbdb2fa6e3930eb5940cb14504050cc74249424310dff81116b8f2076b8ebece84c302e758fa90af5a1888aa8a5a2bff4aeb7ebd1c7a216bdbb84bf9c021caf3c8efbfdc5d3aede46381bcda372a5398c89868ad57287736fec2a7e8ed638974fde5875eafa506a6bd7f772d2b221f4bde4920fe0c56f8e0847e2a7e8387c64ddef4203d77a526c46d7871befe0c5f9128bd67319acd963fc040185aac4e7815f728bbd7ffd8f3d125e63320182f202fa9a52505be9585556a5d1308c118ccdf01978027cbace7ab339d6f53d15e795b7f3fedae4f86c3f257ed80ee634375dc2333ceed1ccaeab1b6be7a9611ff33d79dccdec2007558c06dfc06612d56d37882e5f1de340cf05f4fffbe1a5def6d045bc5bdaf633f07360f9028cedd103bf03fec8beb9fdbf8c5fc684d12efae1859c53e2cc3e2f508a9cd0410ec036648d3760dd591f7ae04e4cdd61a2566319c943f0b63d87e422dfe5c0d1edcb2dc515778a0d7bb2c93ced3b1435adbc51d3fdca9c13679397bc4490093d64869998d6a28bb862ead0fa411585289cc00dc199eac6c607b8a84123dad3be80dd8fd86aa202113131046336352235f34c05f5ea6d5265adda98edbbfd11d6839c5b1bfe4fad4e688558d633d4a281df44d9c0a35abd464e01f8ab01a1e272cc8cd155a40b8aca4c6b1dc894c0fdc02f15a8f67ce94c7f99b6fcc0e4a3a8a71365645ad7809d47bb26f46ed8bd02f6e8f3d277224f82f3d41695f367e343ac6d507413f4bdacf9e344a49156c4de36d68c075415f8004748055b38b8a4110f869fafcc59cdae5663eda72a05be365a50e98bfd4b00e35aef687afae7bd6622cdd725326776f6fb1476c8cf8c20a0e5223e2bea494a1bbe4e79b25a5e48ba34bc66a84ecc4a0aba98e74ca2b1f61893e61a29498d855a778a2a9ce7b7fcaa44b4aedcbd0e28d6c49bdb6776975bf69161f372b964e4288ce6a3b877c3126f90c4c9749d45b8c5c840983b035993e484a945be5fc9d2d1bd3f3de4e6de7bc74a7a07b13e9e82acc11db85454f1d928fe52ad42ca783fd20dd3e94471b498c2736af40d2a45ff74f9ef874639e33306daa8a667674571e2ed93a48f49b57e9e3382fa8090774bc795609ee510b6a1ca48d9833819cbe8ac77eeebb0e3b6c59ced2d1ab355264934ff1914a3f654249bba60a692dd36368b8a866b333320e57e9c7d3646c375696ff14e303780ffd7b957d89ccdf57823d2d1e158773c2075233dd2f331eafe3802da683c293eaa24cd8b63a7582ddb202cd6f8c837c74f823727641c7eb680fe51ce7f250adb34956e4cab17b8a5f10edf144c700e376c682dd46c8fc89830fee1a44fafe0a5a2e7581d5d16ad6267d1dc2d5be8547f9352d1591b42de94f2559b44a80038360c6394541a77d95b196558a479b609882fc597b9cbe285ad7c7a41133ed85c8ab6e6dec5bf70f9e787985512d48865022705098a6703b255a6f2b05b62fc7ab32e67f06d785ccb33fb348205a76939e6c2991486c5aae8ec1556b2f8e30ca445a4a495cbf2c6013042b8cea615e58899fccbbf1fc4f17a6dc37e46b17ada0be033dc67904fbd7903086d3417e423af64338426a84ca0c2a3252db62695f9cdf10ebc09b9da5747d30e7f4adfb374e1d2bb24542b0373b1fb897690b49fe24d8575ec9800f019c9c76459421c11f002989ac82c13c04a202cf7f9f38b053f9a680d4d5012887a11d25cad201df20a4eee6d2c0474055579ac729c7514a88b1675bbf6b773448c6c1a5ccd157f44f7e032a6b848f2e734d773f029e48fd13c90d41666f9bd4e9bea91950737b6e7502f9d2677938f240e3f905d6095bb0f8bbe961b99b2d025538c3888bfff8957e3592ee5b26a75399b59c697f59fcdfbbe3bcffb8777340875611bf75486d2378e68de771800bfffe0572fb36ca855ec5fc8cb90c76455773c36ec40b101fb30c48f8a8e775f5220e024b4da9dddc2fcf4da413e7c5db9e0567cbb5fad0c91d779a0939debd9247d3f7d8107fd986f73a9c9067e6594fabde0b9e887040cfbe7d31332f41259de57b38f33275597725392efea51f290b8e1b5c243ffd9eb4c0231600f9b4b204344736849d527156c4720a463bbe88fbbdc333099d949853d5c6fda98bcd35ad3f1fb1d5a7d00541a8a202c8590e35360bb9d25d6431476649e1898f901fad37975d6dce9833956e7a78d0306f533d4aa3c9676017c7abc7e1f8f2f117774a4f5beba55d1c3cd580fb18defccc349cce24e94a4cf1f4c6f45d783ee0167a55369c9b5e1eb6d0a836f3eb2354fad3cd771a9d777ff84c63120baee86ddc52b3e6817dce339ac9c240e75f3e2f77afbffbc1d54eb5936d045370ce3b77365c5320892dc7bc36e488019461d2e552969de9f25bd8de049d693be450c43c5d22d7569fc384e8d56ddb577c5f3c3471f5ba2998bc0c697a06b6d8ba5f2f7236e78aaed69b468e761a5f07145c0326ebb94f50aaa8c5666c92006d8d139036f981003933f8e2eba106a0e251fa9f5407544e44aedbbb271a3bf1c660a9cb8c74dbd0713aaebba2dd046af8b9428709646521d6bf387a92996b35748e1e67b602309b7da0fb642e89de19f550925f4db082ef7e9821ac4b2aee93c9cf791c086751c4cb4172608a4f903dc40727858046851529205b45786e294c17abf5e5f6bc730cbfb8fd977c5501a8140ac7984a267880b53cb94157be9ac157be1cf12d8a9e5612947772b734ed6ae30e548a3b2faecf94a7e03f86317f52ac797aefb957d2a29de8f8ced414ce22c800e0dc7e49d3672fca633248f3e68c00", 0x2000, &(0x7f000000dcc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f000000db40)={0x78, 0x0, 0xa, {0x8, 0x0, 0x0, {0x4, 0x80800000009, 0x0, 0x7, 0x40000000000003, 0x2, 0x0, 0x35741061, 0x0, 0xa593e9c1ca988eda, 0xfff, 0x0, 0x0, 0x3d, 0xe}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2m45.961569189s ago: executing program 3 (id=73):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000400))
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x1)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r5, 0x800452d3, &(0x7f0000000100))

2m29.520821383s ago: executing program 33 (id=73):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000400))
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x1)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r5, 0x800452d3, &(0x7f0000000100))

4.68189108s ago: executing program 0 (id=388):
r0 = socket(0x2a, 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x2c, r3, 0x101, 0x70bd2d, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x3b7}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x11}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4010}, 0x4000)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newqdisc={0x44, 0x24, 0xf0b, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x2, 0x9, 0xf06}}}}]}, 0x44}}, 0x4000840)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24004000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x833)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
capset(0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)

3.055962496s ago: executing program 2 (id=390):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"})
r1 = syz_open_pts(r0, 0x0)
poll(&(0x7f0000000140)=[{r1, 0x212e}], 0x1, 0x9e)
r2 = dup3(r1, r0, 0x0)
ioctl$TCSETSW2(r2, 0x402c542c, &(0x7f0000000bc0)={0x7, 0xdac2, 0x8, 0x7, 0x13, "4dd5d26bd8b1eb227705ecfba7158d29559dba", 0x5, 0xa6})

2.954376471s ago: executing program 0 (id=391):
sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="02180000180000000000000000000000030005000000000002000000e000", @ANYRESDEC], 0xc0}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffff", 0x19}], 0x1}, 0x0)
ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, &(0x7f0000000340)=0x5)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00fcff", 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

2.705279429s ago: executing program 0 (id=394):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

2.561578391s ago: executing program 2 (id=395):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r0 = fsopen(&(0x7f0000000000)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102400, 0x19000)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x800400, 0x0)
keyctl$unlink(0x9, 0x0, 0xffffffffffffffff)
ioctl$USBDEVFS_CONNECTINFO(0xffffffffffffffff, 0x40085511, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x10c)
lseek(r3, 0x3, 0x0)

2.295819838s ago: executing program 0 (id=396):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)={0x90, 0x0, 0x2, 0x301, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_EXPECT_NAT={0x74, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010102}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, @CTA_EXPECT_NAT={0x4}, @CTA_EXPECT_NAT={0x4}]}, 0x90}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

2.294951779s ago: executing program 4 (id=397):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/tty/drivers\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x106f)
r5 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$media(&(0x7f0000000040), 0x7fdffffe, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, &(0x7f0000000080)=<r7=>0xffffffffffffffff)
r8 = socket$alg(0x26, 0x5, 0x0)
r9 = accept4(r8, 0x0, 0x0, 0x0)
sendmmsg(r9, &(0x7f0000001140)=[{{0x0, 0x0, &(0x7f00000000c0)}}], 0x1, 0x8810)
r10 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r10, 0xc0205648, &(0x7f0000000000)={0xf010000, 0x0, 0x0, r7, 0x0, 0x0})

1.830465907s ago: executing program 2 (id=398):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8, 0x4}, {0x0, 0x8}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)

1.830055301s ago: executing program 4 (id=399):
r0 = socket(0x2a, 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x2c, r3, 0x101, 0x70bd2d, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x3b7}, @NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x11}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4010}, 0x4000)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newqdisc={0x44, 0x24, 0xf0b, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x2, 0x9, 0xf06}}}}]}, 0x44}}, 0x4000840)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24004000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x833)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
capset(0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)

1.635378392s ago: executing program 2 (id=400):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
r0 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f0d20"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c21", @ANYRESHEX=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de13577133898fe1184f05568ab34992"], 0x20}}, 0xc000)
r2 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

1.449810203s ago: executing program 4 (id=401):
io_uring_setup(0x2c4b, &(0x7f0000000200)={0x0, 0x0, 0x1000})
socket$netlink(0x10, 0x3, 0x0)
getrandom(&(0x7f0000000180)=""/263, 0x107, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1bc2, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
r1 = socket$inet(0x2, 0x80001, 0x84)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x10}], 0x1}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
sendmsg(0xffffffffffffffff, 0x0, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1.287292683s ago: executing program 0 (id=402):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f00000002c0)=r1}, 0x20)
sendmsg$inet(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000980)="0d60c86823928309000000000000001820e316dad1173051995f3a28eab3bc8fd43f12f34016f5ceaefd0d2f41c6c72aad04e8e5bec81738c019982baa3f48e1b0bcfb412c8be6756b486e36602dc6f54d19385cceb34f38341244a1485f788f7bdcf7e5a5e0b7cd25a1984615ae87e5ca0182dfa4a83304050000000c5788eb2809000000593f5a58051371244fa54ad937a75ef101dfefffb33116a24c0c60732b0180", 0xfffffe3a}], 0x1}, 0x4)

1.194779683s ago: executing program 2 (id=403):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"})
r1 = syz_open_pts(r0, 0x0)
poll(&(0x7f0000000140)=[{r1, 0x212e}], 0x1, 0x9e)
r2 = dup3(r1, r0, 0x0)
ioctl$TCSETSW2(r2, 0x402c542c, &(0x7f0000000bc0)={0x7, 0xdac2, 0x8, 0x7, 0x13, "4dd5d26bd8b1eb227705ecfba7158d29559dba", 0x5, 0xa6})

1.131987136s ago: executing program 4 (id=404):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$vim2m(0x0, 0x7, 0x2)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0xfffffffffffffffa, 0x418980)
ioctl$DRM_IOCTL_SET_VERSION(r1, 0xc0106407, &(0x7f0000000dc0)={0xffffffff, 0x1, 0x1})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0xa)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000040)='udf\x00', 0x400000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
openat$sndseq(0xffffffffffffff9c, 0x0, 0x101041)
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r6, 0x11c, 0x2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r5, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x223}}, './file1\x00'})
r7 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r7, &(0x7f0000000400)={0x18, 0x0, {0x4, @link_local, 'lo\x00'}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
connect$pppoe(r7, &(0x7f0000000040)={0x18, 0x0, {0x0, @random="cbfa0177ebfd", 'team_slave_0\x00'}}, 0x1e)

399.945729ms ago: executing program 4 (id=405):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

143.76012ms ago: executing program 0 (id=406):
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000180)=0x1)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz1\x00', {0x0, 0x7fff, 0x2, 0x2}, 0x51, [0x3ff, 0x2, 0x10000, 0x0, 0x7ca6, 0x9, 0xc2ad, 0x4, 0x9, 0x9, 0x5, 0x9, 0x8, 0x200, 0x5, 0x3, 0x7, 0x5, 0xfffffff9, 0x6, 0x3, 0xfff, 0x7f, 0x4152, 0x8b3, 0x9, 0x861, 0x7, 0x5, 0x0, 0x3c, 0x4, 0x1005, 0x4, 0x8, 0x38, 0x8, 0x8, 0xd5bb, 0x3, 0x1, 0x9de9, 0x8, 0x3, 0x3, 0x7f, 0x5, 0x8, 0x0, 0x1, 0x3ff, 0x6, 0x2e, 0x800, 0x846c, 0x3, 0x6, 0x31b, 0x8, 0xa, 0x1, 0x7, 0xffffffff, 0x3], [0x4a, 0x19a78cbf, 0xe936, 0x0, 0x200, 0xfffffff7, 0x2, 0x7d, 0x10001, 0x8, 0x3ff, 0x1, 0x7, 0x8f, 0x1, 0x5, 0x1ff, 0x200, 0x6f8, 0x7, 0xd, 0x7, 0x100788, 0x6, 0x0, 0x0, 0x8, 0x3, 0x5, 0x2, 0xa, 0x7, 0x80, 0x5aa, 0xfffff000, 0x400, 0x2, 0x7, 0x6, 0x6, 0x5, 0x3, 0x87, 0x22e2, 0x502, 0xffffffff, 0x7, 0x1ff, 0x6, 0x10001, 0x9e, 0x1, 0x5, 0x101, 0xfffffffa, 0x0, 0x2, 0x2, 0x6, 0x1ff, 0x8, 0x3, 0x6], [0x2, 0x94da, 0xffffffff, 0xb, 0xc0000, 0x4, 0x4, 0xfffffffa, 0x6, 0x7, 0xea, 0x7, 0x6, 0x400, 0xfffeffff, 0xfc000000, 0x8, 0x8, 0xd1, 0x2, 0xb66, 0x3, 0x4, 0x52c, 0x4, 0x10001, 0xfffffff8, 0x2, 0x9, 0x1, 0x7, 0xe86, 0x8, 0x20000100, 0x7, 0x1, 0x746a6ffd, 0x3, 0x4, 0x0, 0x1, 0x45a6c325, 0x8, 0x10000, 0x1000, 0x2, 0x5, 0x0, 0x2, 0x2, 0x1, 0x8, 0x2, 0x2, 0x81, 0x200, 0x3ff, 0xffffffcc, 0x6, 0xa000000, 0x8, 0xfff, 0x4000, 0x1], [0x8, 0x7, 0x3, 0xfffffffc, 0x8000, 0x2, 0x8, 0x1ff, 0xfffffffe, 0x10, 0x5e, 0x4, 0x8, 0x8, 0x5, 0x8, 0xfb, 0xf25, 0xd, 0x1ff, 0x2, 0x95, 0x9, 0x9, 0x1, 0xc, 0xffff6f9e, 0x4, 0xfffffff7, 0x10000, 0x7, 0x52a, 0x5, 0xc1a4, 0x4, 0x8, 0x3, 0x9, 0x5, 0xb7af, 0x3, 0x4, 0x0, 0x1ff8, 0x2, 0x7, 0x6, 0x80000000, 0x652d, 0x7, 0x7fffffff, 0xd, 0x40, 0x3ff, 0xc, 0x1ff, 0x9, 0x6, 0x0, 0x1000, 0x9, 0x2, 0x9, 0x4]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x810, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r4, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="e80000003f00070100000000fddbdf25027c0000d100378013000300717472283414d6bba919736d34290000080008"], 0xe8}, 0x1, 0x0, 0x0, 0xc880}, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), r4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r3, 0x60}], 0x1, 0x0, 0x0, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x4)

5.218592ms ago: executing program 4 (id=407):
socket$kcm(0x2b, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_usbip_server_init(0x1)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x4000880)
r2 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x8000005, @local, 0x8}, 0x1c)
sendmmsg$sock(r2, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@txtime={{0x18, 0x1, 0x41, 0x6}}], 0x18}}], 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r4 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, 0x0)
syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = socket(0xa, 0x1, 0x0)
ioctl$sock_ax25_SIOCDELRT(r5, 0x890c, &(0x7f00000001c0)={@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})

0s ago: executing program 2 (id=408):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000080)={0x8, 0x8169, 0x6, 0x0, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000400)={r5})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.105' (ED25519) to the list of known hosts.
[   81.895938][ T5780] cgroup: Unknown subsys name 'net'
[   82.167446][ T5780] cgroup: Unknown subsys name 'cpuset'
[   82.232481][ T5780] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.135119][ T5780] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.395020][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.397015][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.401115][ T5803] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.403256][ T5803] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.403988][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.444429][ T5113] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.452643][ T5798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.455908][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.458111][ T5801] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.458874][ T5801] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.498127][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.499484][ T5801] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.503366][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.504378][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.508670][ T5803] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.509803][ T5803] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   86.514225][ T5803] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.515335][ T5803] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   86.516714][ T5803] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.519036][ T5803] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.519542][ T5809] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.520133][ T5809] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   86.524225][   T60] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   86.525259][   T60] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   86.538486][   T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   87.043232][   T31] cfg80211: failed to load regulatory.db
[   87.393817][ T5792] chnl_net:caif_netlink_parms(): no params data found
[   87.434059][ T5793] chnl_net:caif_netlink_parms(): no params data found
[   87.634315][ T5804] chnl_net:caif_netlink_parms(): no params data found
[   87.677698][ T5796] chnl_net:caif_netlink_parms(): no params data found
[   87.716861][ T5794] chnl_net:caif_netlink_parms(): no params data found
[   87.841914][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.843205][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.843342][ T5792] bridge_slave_0: entered allmulticast mode
[   87.844967][ T5792] bridge_slave_0: entered promiscuous mode
[   87.920537][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.920686][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.920995][ T5792] bridge_slave_1: entered allmulticast mode
[   87.943041][ T5792] bridge_slave_1: entered promiscuous mode
[   87.945880][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.945992][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.946113][ T5793] bridge_slave_0: entered allmulticast mode
[   87.947861][ T5793] bridge_slave_0: entered promiscuous mode
[   88.017048][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.017186][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.017296][ T5793] bridge_slave_1: entered allmulticast mode
[   88.019081][ T5793] bridge_slave_1: entered promiscuous mode
[   88.123190][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.141218][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.141401][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.141554][ T5804] bridge_slave_0: entered allmulticast mode
[   88.164640][ T5804] bridge_slave_0: entered promiscuous mode
[   88.198545][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.201465][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.220583][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.220809][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.221065][ T5804] bridge_slave_1: entered allmulticast mode
[   88.223575][ T5804] bridge_slave_1: entered promiscuous mode
[   88.245979][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.246102][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.246253][ T5796] bridge_slave_0: entered allmulticast mode
[   88.250067][ T5796] bridge_slave_0: entered promiscuous mode
[   88.279196][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.423810][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.423953][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.424096][ T5794] bridge_slave_0: entered allmulticast mode
[   88.425651][ T5794] bridge_slave_0: entered promiscuous mode
[   88.427758][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.427906][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.428078][ T5796] bridge_slave_1: entered allmulticast mode
[   88.430159][ T5796] bridge_slave_1: entered promiscuous mode
[   88.474401][ T5113] Bluetooth: hci0: command tx timeout
[   88.474925][   T60] Bluetooth: hci1: command tx timeout
[   88.498025][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.498163][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.498368][ T5794] bridge_slave_1: entered allmulticast mode
[   88.500369][ T5794] bridge_slave_1: entered promiscuous mode
[   88.525997][ T5792] team0: Port device team_slave_0 added
[   88.546391][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.552661][   T60] Bluetooth: hci4: command tx timeout
[   88.578347][ T5792] team0: Port device team_slave_1 added
[   88.598784][ T5793] team0: Port device team_slave_0 added
[   88.601315][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.637445][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.638677][   T60] Bluetooth: hci3: command tx timeout
[   88.641283][ T5793] team0: Port device team_slave_1 added
[   88.678095][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.680576][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.711991][   T60] Bluetooth: hci2: command tx timeout
[   88.729447][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.753411][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.753423][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.753438][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.804539][ T5804] team0: Port device team_slave_0 added
[   88.820591][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.820608][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.820635][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.822565][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.822579][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.822601][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.847697][ T5804] team0: Port device team_slave_1 added
[   88.850598][ T5796] team0: Port device team_slave_0 added
[   88.873225][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.873253][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   88.873277][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.877578][ T5794] team0: Port device team_slave_0 added
[   88.901310][ T5796] team0: Port device team_slave_1 added
[   88.921616][ T5794] team0: Port device team_slave_1 added
[   89.014535][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.014548][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.014566][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.053050][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.053067][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.053090][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.076241][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.076257][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.076282][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.077537][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.077549][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.077571][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.107095][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.107111][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.107134][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.108496][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.108507][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   89.108529][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.121446][ T5792] hsr_slave_0: entered promiscuous mode
[   89.123711][ T5792] hsr_slave_1: entered promiscuous mode
[   89.147929][ T5793] hsr_slave_0: entered promiscuous mode
[   89.149231][ T5793] hsr_slave_1: entered promiscuous mode
[   89.150324][ T5793] debugfs: 'hsr0' already exists in 'hsr'
[   89.150418][ T5793] Cannot create hsr debugfs directory
[   89.380113][ T5804] hsr_slave_0: entered promiscuous mode
[   89.381003][ T5804] hsr_slave_1: entered promiscuous mode
[   89.381573][ T5804] debugfs: 'hsr0' already exists in 'hsr'
[   89.381589][ T5804] Cannot create hsr debugfs directory
[   89.392129][ T5794] hsr_slave_0: entered promiscuous mode
[   89.393528][ T5794] hsr_slave_1: entered promiscuous mode
[   89.394744][ T5794] debugfs: 'hsr0' already exists in 'hsr'
[   89.394767][ T5794] Cannot create hsr debugfs directory
[   89.878214][ T5796] hsr_slave_0: entered promiscuous mode
[   89.879086][ T5796] hsr_slave_1: entered promiscuous mode
[   89.879722][ T5796] debugfs: 'hsr0' already exists in 'hsr'
[   89.879739][ T5796] Cannot create hsr debugfs directory
[   90.552040][ T5113] Bluetooth: hci0: command tx timeout
[   90.552193][   T60] Bluetooth: hci1: command tx timeout
[   90.632018][   T60] Bluetooth: hci4: command tx timeout
[   90.646788][ T5792] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   90.682848][ T5792] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   90.712076][   T60] Bluetooth: hci3: command tx timeout
[   90.720059][ T5792] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   90.783025][ T5792] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   90.800040][   T60] Bluetooth: hci2: command tx timeout
[   90.897709][ T5793] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   90.919563][ T5793] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   90.958873][ T5793] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   91.014970][ T5793] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   91.131335][ T5804] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   91.167703][ T5804] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   91.201599][ T5804] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   91.255366][ T5804] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   91.398050][ T5796] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   91.449122][ T5796] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   91.481388][ T5796] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   91.516057][ T5796] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   91.640810][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.680294][ T5794] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.730542][ T5794] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.764724][ T5794] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.799863][ T5794] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.877973][ T5792] 8021q: adding VLAN 0 to HW filter on device team0
[   91.924561][ T1272] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.926233][ T1272] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.968001][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.970911][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.971044][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.057915][ T5793] 8021q: adding VLAN 0 to HW filter on device team0
[   92.087011][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.096614][ T1272] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.096876][ T1272] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.134922][ T1272] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.135047][ T1272] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.195705][ T5804] 8021q: adding VLAN 0 to HW filter on device team0
[   92.218370][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.257753][ T1272] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.262545][ T1272] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.314718][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.314803][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.406992][ T5796] 8021q: adding VLAN 0 to HW filter on device team0
[   92.440804][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.496131][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.496220][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.559155][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.559387][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.615153][ T5794] 8021q: adding VLAN 0 to HW filter on device team0
[   92.632242][   T60] Bluetooth: hci1: command tx timeout
[   92.632277][   T60] Bluetooth: hci0: command tx timeout
[   92.657126][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.657362][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.687427][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.688627][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.704019][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.712443][ T5113] Bluetooth: hci4: command tx timeout
[   92.792902][ T5113] Bluetooth: hci3: command tx timeout
[   92.880596][ T5113] Bluetooth: hci2: command tx timeout
[   93.078493][ T5792] veth0_vlan: entered promiscuous mode
[   93.145162][ T5792] veth1_vlan: entered promiscuous mode
[   93.194264][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.238057][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.446338][ T5792] veth0_macvtap: entered promiscuous mode
[   93.471477][ T5792] veth1_macvtap: entered promiscuous mode
[   93.535017][ T5804] veth0_vlan: entered promiscuous mode
[   93.586519][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.633523][ T5804] veth1_vlan: entered promiscuous mode
[   93.644342][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.658280][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.675509][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.707779][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.725824][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.729979][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.749691][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.953448][ T5804] veth0_macvtap: entered promiscuous mode
[   94.022989][ T5804] veth1_macvtap: entered promiscuous mode
[   94.094578][  T992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.094601][  T992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.129936][ T5796] veth0_vlan: entered promiscuous mode
[   94.141286][ T5794] veth0_vlan: entered promiscuous mode
[   94.197414][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.214156][ T5793] veth0_vlan: entered promiscuous mode
[   94.217210][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.217230][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.225117][ T5794] veth1_vlan: entered promiscuous mode
[   94.250669][ T5796] veth1_vlan: entered promiscuous mode
[   94.257220][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.307438][ T5793] veth1_vlan: entered promiscuous mode
[   94.320372][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.331555][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.341083][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.350921][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.579221][ T5794] veth0_macvtap: entered promiscuous mode
[   94.627221][ T5796] veth0_macvtap: entered promiscuous mode
[   94.630386][ T5794] veth1_macvtap: entered promiscuous mode
[   94.712670][ T5113] Bluetooth: hci0: command tx timeout
[   94.712697][ T5113] Bluetooth: hci1: command tx timeout
[   94.792510][   T60] Bluetooth: hci4: command tx timeout
[   94.871998][   T60] Bluetooth: hci3: command tx timeout
[   94.951611][ T5796] veth1_macvtap: entered promiscuous mode
[   94.952850][   T60] Bluetooth: hci2: command tx timeout
[   94.964735][ T5793] veth0_macvtap: entered promiscuous mode
[   94.995717][ T1272] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.995741][ T1272] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.042742][ T5912] netlink: 180 bytes leftover after parsing attributes in process `syz.2.3'.
[   95.154076][   T60] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[   95.154104][   T60] CPU: 1 UID: 0 PID: 60 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[   95.154128][   T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   95.154141][   T60] Workqueue: hci0 hci_rx_work
[   95.154179][   T60] Call Trace:
[   95.154187][   T60]  <TASK>
[   95.154206][   T60]  dump_stack_lvl+0xe8/0x150
[   95.154243][   T60]  sysfs_create_dir_ns+0x271/0x2a0
[   95.154269][   T60]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[   95.154299][   T60]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   95.154329][   T60]  ? rt_spin_unlock+0x160/0x200
[   95.154360][   T60]  kobject_add_internal+0x631/0xd10
[   95.154395][   T60]  kobject_add+0x163/0x240
[   95.154433][   T60]  ? __pfx_kobject_add+0x10/0x10
[   95.154465][   T60]  ? get_device_parent+0x370/0x3a0
[   95.154494][   T60]  device_add+0x408/0xb80
[   95.154522][   T60]  hci_conn_add_sysfs+0xd5/0x210
[   95.154553][   T60]  le_conn_complete_evt+0xf1d/0x1430
[   95.154578][   T60]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   95.154591][   T60]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   95.154608][   T60]  ? lockdep_hardirqs_on+0x7a/0x110
[   95.154626][   T60]  ? skb_pull_data+0xfb/0x200
[   95.154643][   T60]  hci_le_conn_complete_evt+0x187/0x470
[   95.154660][   T60]  hci_event_packet+0x7af/0x12c0
[   95.154680][   T60]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   95.154697][   T60]  ? __pfx_hci_event_packet+0x10/0x10
[   95.154712][   T60]  ? rt_spin_unlock+0x14f/0x200
[   95.154731][   T60]  ? hci_send_to_monitor+0xe2/0x590
[   95.154747][   T60]  hci_rx_work+0x3ee/0x1030
[   95.154767][   T60]  ? process_scheduled_works+0xa8d/0x18c0
[   95.154785][   T60]  process_scheduled_works+0xb6e/0x18c0
[   95.154819][   T60]  ? __pfx_process_scheduled_works+0x10/0x10
[   95.154838][   T60]  ? assign_work+0x3d5/0x5e0
[   95.154857][   T60]  worker_thread+0xa53/0xfc0
[   95.154890][   T60]  kthread+0x388/0x470
[   95.154903][   T60]  ? __pfx_worker_thread+0x10/0x10
[   95.154917][   T60]  ? __pfx_kthread+0x10/0x10
[   95.154931][   T60]  ret_from_fork+0x51e/0xb90
[   95.154948][   T60]  ? __pfx_ret_from_fork+0x10/0x10
[   95.154963][   T60]  ? __switch_to+0xc7d/0x1450
[   95.154980][   T60]  ? __pfx_kthread+0x10/0x10
[   95.154993][   T60]  ret_from_fork_asm+0x1a/0x30
[   95.155023][   T60]  </TASK>
[   95.155043][   T60] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   95.155067][   T60] Bluetooth: hci0: failed to register connection device
[   95.221848][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   95.288926][ T5793] veth1_macvtap: entered promiscuous mode
[   95.302624][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.366648][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.378965][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.610106][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.615228][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.649359][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.667932][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.668021][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.687862][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.689606][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.689626][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.720403][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.737891][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.737982][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.796573][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.799823][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.867372][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.913500][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.941743][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.961973][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.492972][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.492995][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.808856][ T1306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.808878][ T1306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.851602][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.851623][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.102191][ T5930] netlink: 180 bytes leftover after parsing attributes in process `syz.2.8'.
[   98.150491][   T60] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  100.091827][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.191844][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.191878][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  100.431184][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.431241][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.674045][ T5932] netlink: 180 bytes leftover after parsing attributes in process `syz.3.9'.
[  101.751945][   T60] Bluetooth: hci0: command 0x0406 tx timeout
[  101.823673][ T5113] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  101.823701][ T5113] CPU: 1 UID: 0 PID: 5113 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  101.823723][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  101.823736][ T5113] Workqueue: hci4 hci_rx_work
[  101.823772][ T5113] Call Trace:
[  101.823780][ T5113]  <TASK>
[  101.823790][ T5113]  dump_stack_lvl+0xe8/0x150
[  101.823825][ T5113]  sysfs_create_dir_ns+0x271/0x2a0
[  101.823850][ T5113]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  101.823879][ T5113]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  101.823907][ T5113]  ? rt_spin_unlock+0x160/0x200
[  101.823936][ T5113]  kobject_add_internal+0x631/0xd10
[  101.823968][ T5113]  kobject_add+0x163/0x240
[  101.823996][ T5113]  ? __pfx_kobject_add+0x10/0x10
[  101.824025][ T5113]  ? get_device_parent+0x370/0x3a0
[  101.824055][ T5113]  device_add+0x408/0xb80
[  101.824080][ T5113]  hci_conn_add_sysfs+0xd5/0x210
[  101.824111][ T5113]  le_conn_complete_evt+0xf1d/0x1430
[  101.824146][ T5113]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  101.824170][ T5113]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  101.824201][ T5113]  ? lockdep_hardirqs_on+0x7a/0x110
[  101.824241][ T5113]  ? skb_pull_data+0xfb/0x200
[  101.824269][ T5113]  hci_le_conn_complete_evt+0x187/0x470
[  101.824301][ T5113]  hci_event_packet+0x7af/0x12c0
[  101.824337][ T5113]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  101.824370][ T5113]  ? __pfx_hci_event_packet+0x10/0x10
[  101.824397][ T5113]  ? rt_spin_unlock+0x14f/0x200
[  101.824434][ T5113]  ? hci_send_to_monitor+0xe2/0x590
[  101.824459][ T5113]  hci_rx_work+0x3ee/0x1030
[  101.824496][ T5113]  ? process_scheduled_works+0xa8d/0x18c0
[  101.824526][ T5113]  process_scheduled_works+0xb6e/0x18c0
[  101.824589][ T5113]  ? __pfx_process_scheduled_works+0x10/0x10
[  101.824624][ T5113]  ? assign_work+0x3d5/0x5e0
[  101.824656][ T5113]  worker_thread+0xa53/0xfc0
[  101.824714][ T5113]  kthread+0x388/0x470
[  101.824735][ T5113]  ? __pfx_worker_thread+0x10/0x10
[  101.824760][ T5113]  ? __pfx_kthread+0x10/0x10
[  101.824784][ T5113]  ret_from_fork+0x51e/0xb90
[  101.824815][ T5113]  ? __pfx_ret_from_fork+0x10/0x10
[  101.824843][ T5113]  ? __switch_to+0xc7d/0x1450
[  101.824873][ T5113]  ? __pfx_kthread+0x10/0x10
[  101.824895][ T5113]  ret_from_fork_asm+0x1a/0x30
[  101.824935][ T5113]  </TASK>
[  101.824965][ T5113] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  101.825003][ T5113] Bluetooth: hci4: failed to register connection device
[  101.902085][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  101.962496][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  101.963791][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  101.965121][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  101.966463][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  101.967801][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  102.412017][   T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.412040][   T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.611670][ T1272] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.611694][ T1272] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.359076][ T5940] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  103.661943][ T5959] netlink: 180 bytes leftover after parsing attributes in process `syz.1.13'.
[  104.463748][   T60] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  104.463817][   T60] CPU: 0 UID: 0 PID: 60 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  104.463844][   T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  104.463858][   T60] Workqueue: hci3 hci_rx_work
[  104.463894][   T60] Call Trace:
[  104.463903][   T60]  <TASK>
[  104.463913][   T60]  dump_stack_lvl+0xe8/0x150
[  104.463950][   T60]  sysfs_create_dir_ns+0x271/0x2a0
[  104.463977][   T60]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  104.464007][   T60]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  104.464037][   T60]  ? rt_spin_unlock+0x160/0x200
[  104.464068][   T60]  kobject_add_internal+0x631/0xd10
[  104.464104][   T60]  kobject_add+0x163/0x240
[  104.464133][   T60]  ? __pfx_kobject_add+0x10/0x10
[  104.464164][   T60]  ? get_device_parent+0x370/0x3a0
[  104.464194][   T60]  device_add+0x408/0xb80
[  104.464222][   T60]  hci_conn_add_sysfs+0xd5/0x210
[  104.464256][   T60]  le_conn_complete_evt+0xf1d/0x1430
[  104.464293][   T60]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  104.464318][   T60]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  104.464351][   T60]  ? lockdep_hardirqs_on+0x7a/0x110
[  104.464387][   T60]  ? skb_pull_data+0xfb/0x200
[  104.464419][   T60]  hci_le_conn_complete_evt+0x187/0x470
[  104.464458][   T60]  hci_event_packet+0x7af/0x12c0
[  104.464502][   T60]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  104.464537][   T60]  ? __pfx_hci_event_packet+0x10/0x10
[  104.464579][   T60]  ? hci_send_to_monitor+0xe2/0x590
[  104.464608][   T60]  hci_rx_work+0x3ee/0x1030
[  104.464646][   T60]  ? process_scheduled_works+0xa8d/0x18c0
[  104.464680][   T60]  process_scheduled_works+0xb6e/0x18c0
[  104.464746][   T60]  ? __pfx_process_scheduled_works+0x10/0x10
[  104.464785][   T60]  ? assign_work+0x3d5/0x5e0
[  104.464822][   T60]  worker_thread+0xa53/0xfc0
[  104.464884][   T60]  kthread+0x388/0x470
[  104.464908][   T60]  ? __pfx_worker_thread+0x10/0x10
[  104.464949][   T60]  ? __pfx_kthread+0x10/0x10
[  104.464975][   T60]  ret_from_fork+0x51e/0xb90
[  104.465010][   T60]  ? __pfx_ret_from_fork+0x10/0x10
[  104.465040][   T60]  ? __switch_to+0xc7d/0x1450
[  104.465073][   T60]  ? __pfx_kthread+0x10/0x10
[  104.465098][   T60]  ret_from_fork_asm+0x1a/0x30
[  104.465141][   T60]  </TASK>
[  104.465524][   T60] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  104.465571][   T60] Bluetooth: hci3: failed to register connection device
[  108.332713][ T5978] netlink: 180 bytes leftover after parsing attributes in process `syz.0.18'.
[  108.455177][   T60] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  108.455206][   T60] CPU: 0 UID: 0 PID: 60 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  108.455230][   T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  108.455241][   T60] Workqueue: hci2 hci_rx_work
[  108.455276][   T60] Call Trace:
[  108.455284][   T60]  <TASK>
[  108.455294][   T60]  dump_stack_lvl+0xe8/0x150
[  108.455330][   T60]  sysfs_create_dir_ns+0x271/0x2a0
[  108.455355][   T60]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  108.455388][   T60]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  108.455419][   T60]  ? rt_spin_unlock+0x160/0x200
[  108.455448][   T60]  kobject_add_internal+0x631/0xd10
[  108.455483][   T60]  kobject_add+0x163/0x240
[  108.455512][   T60]  ? __pfx_kobject_add+0x10/0x10
[  108.455544][   T60]  ? get_device_parent+0x370/0x3a0
[  108.455573][   T60]  device_add+0x408/0xb80
[  108.455602][   T60]  hci_conn_add_sysfs+0xd5/0x210
[  108.455634][   T60]  le_conn_complete_evt+0xf1d/0x1430
[  108.455669][   T60]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  108.455691][   T60]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  108.455723][   T60]  ? lockdep_hardirqs_on+0x7a/0x110
[  108.455756][   T60]  ? skb_pull_data+0xfb/0x200
[  108.455786][   T60]  hci_le_conn_complete_evt+0x187/0x470
[  108.455818][   T60]  hci_event_packet+0x7af/0x12c0
[  108.455855][   T60]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  108.455888][   T60]  ? __pfx_hci_event_packet+0x10/0x10
[  108.455917][   T60]  ? rt_spin_unlock+0x14f/0x200
[  108.455948][   T60]  ? hci_send_to_monitor+0xe2/0x590
[  108.455974][   T60]  hci_rx_work+0x3ee/0x1030
[  108.456013][   T60]  ? process_scheduled_works+0xa8d/0x18c0
[  108.456047][   T60]  process_scheduled_works+0xb6e/0x18c0
[  108.456112][   T60]  ? __pfx_process_scheduled_works+0x10/0x10
[  108.456165][   T60]  ? assign_work+0x3d5/0x5e0
[  108.456200][   T60]  worker_thread+0xa53/0xfc0
[  108.456262][   T60]  kthread+0x388/0x470
[  108.456286][   T60]  ? __pfx_worker_thread+0x10/0x10
[  108.456311][   T60]  ? __pfx_kthread+0x10/0x10
[  108.456337][   T60]  ret_from_fork+0x51e/0xb90
[  108.456371][   T60]  ? __pfx_ret_from_fork+0x10/0x10
[  108.456398][   T60]  ? __switch_to+0xc7d/0x1450
[  108.456428][   T60]  ? __pfx_kthread+0x10/0x10
[  108.456453][   T60]  ret_from_fork_asm+0x1a/0x30
[  108.456494][   T60]  </TASK>
[  108.457581][   T60] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  108.457627][   T60] Bluetooth: hci2: failed to register connection device
[  108.503160][ T5980] netlink: 180 bytes leftover after parsing attributes in process `syz.3.20'.
[  108.818734][ T5978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.18'.
[  109.468618][   T60] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection
[  109.470755][   T60] Bluetooth: hci4: command 0x0406 tx timeout
[  111.924113][ T5881] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  112.355453][ T5978] nbd: socks must be embedded in a SOCK_ITEM attr
[  113.213523][ T5113] Bluetooth: hci3: command 0x0406 tx timeout
[  113.989770][ T6002] netlink: 'syz.0.25': attribute type 1 has an invalid length.
[  114.127982][ T6002] vlan2: entered allmulticast mode
[  114.128006][ T6002] syz_tun: entered allmulticast mode
[  114.319544][ T5993] udevd[5993]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  114.420912][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  114.554676][ T6009] trusted_key: syz.4.27 sent an empty control message without MSG_MORE.
[  114.946156][ T6017] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size.
[  116.419921][ T6023] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  116.929771][ T6029] netlink: 180 bytes leftover after parsing attributes in process `syz.0.32'.
[  117.114117][ T6031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.32'.
[  117.581203][ T6030] Zero length message leads to an empty skb
[  117.862625][ T6031] nbd: socks must be embedded in a SOCK_ITEM attr
[  118.309358][ T6037] netlink: 180 bytes leftover after parsing attributes in process `syz.2.34'.
[  118.389963][   T60] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  118.874017][ T5113] Bluetooth: hci2: command 0x0406 tx timeout
[  122.615111][ T5993] udevd[5993]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  122.725179][ T6056] netlink: 180 bytes leftover after parsing attributes in process `syz.3.36'.
[  122.960911][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  122.972790][ T6057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.36'.
[  125.095089][ T6057] nbd: socks must be embedded in a SOCK_ITEM attr
[  127.081982][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  127.137243][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  129.005539][ T5113] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  129.008636][ T5113] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  129.010985][ T5113] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  129.019064][ T5113] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  129.020052][ T5113] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  129.252521][ T6095] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  129.598329][ T6100] netlink: 180 bytes leftover after parsing attributes in process `syz.0.48'.
[  129.668583][ T5113] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  131.112095][   T60] Bluetooth: hci5: command tx timeout
[  132.747557][ T6090] chnl_net:caif_netlink_parms(): no params data found
[  133.122197][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  133.122295][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  133.191959][   T60] Bluetooth: hci5: command tx timeout
[  133.221896][ T5997] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  133.255916][ T6090] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.259963][ T6090] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.260224][ T6090] bridge_slave_0: entered allmulticast mode
[  133.294226][ T6090] bridge_slave_0: entered promiscuous mode
[  133.312767][ T6090] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.312906][ T6090] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.313170][ T6090] bridge_slave_1: entered allmulticast mode
[  133.318814][ T6090] bridge_slave_1: entered promiscuous mode
[  133.424549][ T5997] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  133.424586][ T5997] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  133.426140][ T5997] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  133.426168][ T5997] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  133.426188][ T5997] usb 1-1: SerialNumber: syz
[  133.503133][ T6106] warning: `syz.3.51' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  133.708437][ T5997] usb 1-1: bad CDC descriptors
[  133.743645][ T5997] usb-storage 1-1:1.0: USB Mass Storage device detected
[  133.785758][ T5997] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  133.786814][ T5997] scsi host1: usb-storage 1-1:1.0
[  134.139463][ T6134] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  134.555709][ T6090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.689566][ T6090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  134.707910][ T5797] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  134.889944][ T5797] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  134.889983][ T5797] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  134.891564][ T5797] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  134.892561][ T5797] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  134.892588][ T5797] usb 4-1: SerialNumber: syz
[  134.964653][ T5797] usb 4-1: bad CDC descriptors
[  134.965400][ T5797] usb-storage 4-1:1.0: USB Mass Storage device detected
[  135.249035][ T5797] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  135.270279][ T1272] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.272851][   T60] Bluetooth: hci5: command tx timeout
[  135.273321][ T5797] scsi host2: usb-storage 4-1:1.0
[  135.816619][ T6090] team0: Port device team_slave_0 added
[  136.135134][ T1272] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.213772][ T6090] team0: Port device team_slave_1 added
[  136.487547][ T5881] usb 1-1: USB disconnect, device number 2
[  137.165378][ T6165] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  137.351906][   T60] Bluetooth: hci5: command tx timeout
[  137.694488][ T6170] netlink: 180 bytes leftover after parsing attributes in process `syz.0.67'.
[  137.786670][   T60] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  137.880121][ T1272] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.300784][ T6090] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.300808][ T6090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  138.300837][ T6090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  139.140596][ T6090] batman_adv: batadv0: Adding interface: batadv_slave_1
[  139.140649][ T6090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  139.140712][ T6090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  140.559727][ T5997] usb 4-1: USB disconnect, device number 2
[  141.176447][ T6183] netlink: 180 bytes leftover after parsing attributes in process `syz.2.69'.
[  141.208457][ T5113] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  143.817008][ T6186] netlink: 180 bytes leftover after parsing attributes in process `syz.0.72'.
[  144.656122][ T5113] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  144.868392][ T1272] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.105566][ T6186] netlink: 4 bytes leftover after parsing attributes in process `syz.0.72'.
[  149.150945][ T6186] nbd: socks must be embedded in a SOCK_ITEM attr
[  149.818632][ T6090] hsr_slave_0: entered promiscuous mode
[  149.830218][ T6090] hsr_slave_1: entered promiscuous mode
[  150.403099][ T6208] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  150.695109][ T6090] debugfs: 'hsr0' already exists in 'hsr'
[  150.695144][ T6090] Cannot create hsr debugfs directory
[  150.846960][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  150.973300][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  153.754726][ T5997] libceph: connect (1)[c::]:6789 error -101
[  153.755408][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  153.779252][ T5997] libceph: connect (1)[c::]:6789 error -101
[  153.779482][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  154.272789][ T6225] syz.2.79 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  154.277548][ T6225] ubi31: attaching mtd0
[  154.282303][ T6225] ubi31: scanning is finished
[  154.282326][ T6225] ubi31: empty MTD device detected
[  154.490804][ T5802] libceph: connect (1)[c::]:6789 error -101
[  154.490951][ T5802] libceph: mon0 (1)[c::]:6789 connect error
[  154.532729][ T6213] ceph: No mds server is up or the cluster is laggy
[  154.879721][ T6225] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  154.879751][ T6225] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  154.879769][ T6225] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  154.879784][ T6225] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  154.879800][ T6225] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  154.879815][ T6225] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  154.879833][ T6225] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2403223066
[  154.879852][ T6225] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  154.881645][ T6233] ubi31: background thread "ubi_bgt31d" started, PID 6233
[  154.934986][ T1272] bridge_slave_1: left allmulticast mode
[  154.935096][ T1272] bridge_slave_1: left promiscuous mode
[  154.940267][ T1272] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.106004][ T1272] bridge_slave_0: left allmulticast mode
[  155.106047][ T1272] bridge_slave_0: left promiscuous mode
[  155.106335][ T1272] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.638791][ T6258] netlink: 180 bytes leftover after parsing attributes in process `syz.0.90'.
[  156.646312][   T60] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  160.055711][ T6273] netlink: 180 bytes leftover after parsing attributes in process `syz.2.95'.
[  160.114921][ T5113] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  163.325739][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  163.330007][ T5113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  163.334386][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  163.335536][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  163.336249][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  164.266431][ T1272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  164.396111][ T1272] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  164.414931][ T1272] bond0 (unregistering): Released all slaves
[  165.123652][ T6292] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  165.222185][    T9] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  165.361368][   T60] Bluetooth: hci3: command tx timeout
[  165.401245][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  165.401285][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  165.424705][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  165.424737][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  165.424757][    T9] usb 1-1: SerialNumber: syz
[  165.506290][    T9] usb 1-1: bad CDC descriptors
[  165.507355][    T9] usb-storage 1-1:1.0: USB Mass Storage device detected
[  165.770968][    T9] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  165.825985][    T9] scsi host1: usb-storage 1-1:1.0
[  166.696038][ T6322] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  167.023437][   T37] audit: type=1326 audit(1773819989.532:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6329 comm="syz.2.108" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff92375c799 code=0x0
[  167.432769][   T60] Bluetooth: hci3: command tx timeout
[  167.697857][ T1272] hsr_slave_0: left promiscuous mode
[  167.740984][ T1272] hsr_slave_1: left promiscuous mode
[  167.789814][ T1272] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  167.805699][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_0
[  167.881706][ T1272] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  167.881728][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_1
[  167.914943][    T9] usb 1-1: USB disconnect, device number 3
[  168.080337][ T1272] veth1_macvtap: left promiscuous mode
[  168.080589][ T1272] veth0_macvtap: left promiscuous mode
[  168.081269][ T1272] veth1_vlan: left promiscuous mode
[  168.088450][ T1272] veth0_vlan: left promiscuous mode
[  169.512966][   T60] Bluetooth: hci3: command tx timeout
[  171.742138][   T60] Bluetooth: hci3: command tx timeout
[  172.662983][ T1272] team0 (unregistering): Port device team_slave_1 removed
[  172.722820][ T1272] team0 (unregistering): Port device team_slave_0 removed
[  173.358911][ T6383] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  174.527589][ T6090] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  176.432040][ T6090] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  176.673757][ T6090] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  176.904667][ T6090] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  178.318059][ T6414] ceph: No mds server is up or the cluster is laggy
[  178.322176][   T36] libceph: connect (1)[c::]:6789 error -101
[  178.322401][   T36] libceph: mon0 (1)[c::]:6789 connect error
[  179.366658][ T6284] chnl_net:caif_netlink_parms(): no params data found
[  179.767783][ T6443] netlink: 180 bytes leftover after parsing attributes in process `syz.2.125'.
[  179.813213][   T60] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  179.813241][   T60] CPU: 1 UID: 0 PID: 60 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  179.813270][   T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  179.813284][   T60] Workqueue: hci0 hci_rx_work
[  179.813320][   T60] Call Trace:
[  179.813328][   T60]  <TASK>
[  179.813338][   T60]  dump_stack_lvl+0xe8/0x150
[  179.813374][   T60]  sysfs_create_dir_ns+0x271/0x2a0
[  179.813400][   T60]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  179.813429][   T60]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  179.813458][   T60]  ? rt_spin_unlock+0x160/0x200
[  179.813489][   T60]  kobject_add_internal+0x631/0xd10
[  179.813523][   T60]  kobject_add+0x163/0x240
[  179.813552][   T60]  ? __pfx_kobject_add+0x10/0x10
[  179.813583][   T60]  ? get_device_parent+0x370/0x3a0
[  179.813612][   T60]  device_add+0x408/0xb80
[  179.813641][   T60]  hci_conn_add_sysfs+0xd5/0x210
[  179.813675][   T60]  le_conn_complete_evt+0xf1d/0x1430
[  179.813712][   T60]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  179.813737][   T60]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  179.813767][   T60]  ? lockdep_hardirqs_on+0x7a/0x110
[  179.813798][   T60]  ? skb_pull_data+0xfb/0x200
[  179.813828][   T60]  hci_le_conn_complete_evt+0x187/0x470
[  179.813858][   T60]  hci_event_packet+0x7af/0x12c0
[  179.813887][   T60]  ? irqentry_exit+0x59e/0x620
[  179.813922][   T60]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  179.813957][   T60]  ? __pfx_hci_event_packet+0x10/0x10
[  179.813987][   T60]  ? preempt_schedule_common+0x82/0xd0
[  179.814018][   T60]  ? preempt_schedule_thunk+0x16/0x30
[  179.814048][   T60]  ? hci_send_to_monitor+0xe2/0x590
[  179.814074][   T60]  hci_rx_work+0x3ee/0x1030
[  179.814105][   T60]  ? preempt_schedule_thunk+0x16/0x30
[  179.814134][   T60]  ? process_scheduled_works+0xa8d/0x18c0
[  179.814178][   T60]  process_scheduled_works+0xb6e/0x18c0
[  179.814245][   T60]  ? __pfx_process_scheduled_works+0x10/0x10
[  179.814283][   T60]  ? assign_work+0x3d5/0x5e0
[  179.814320][   T60]  worker_thread+0xa53/0xfc0
[  179.814383][   T60]  kthread+0x388/0x470
[  179.814407][   T60]  ? __pfx_worker_thread+0x10/0x10
[  179.814436][   T60]  ? __pfx_kthread+0x10/0x10
[  179.814461][   T60]  ret_from_fork+0x51e/0xb90
[  179.814496][   T60]  ? __pfx_ret_from_fork+0x10/0x10
[  179.814525][   T60]  ? __switch_to+0xc7d/0x1450
[  179.814558][   T60]  ? __pfx_kthread+0x10/0x10
[  179.814583][   T60]  ret_from_fork_asm+0x1a/0x30
[  179.814625][   T60]  </TASK>
[  179.814752][   T60] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  179.814857][   T60] Bluetooth: hci0: failed to register connection device
[  179.959089][ T6443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.125'.
[  180.497521][ T6443] nbd: socks must be embedded in a SOCK_ITEM attr
[  184.150241][ T6090] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.322368][ T6449] udevd[6449]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  184.395330][ T6389] udevd[6389]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  184.774688][ T6284] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.774843][ T6284] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.775100][ T6284] bridge_slave_0: entered allmulticast mode
[  184.806399][ T6284] bridge_slave_0: entered promiscuous mode
[  184.852760][ T6284] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.852918][ T6284] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.853162][ T6284] bridge_slave_1: entered allmulticast mode
[  184.857367][ T6284] bridge_slave_1: entered promiscuous mode
[  185.007682][ T6090] 8021q: adding VLAN 0 to HW filter on device team0
[  185.029219][ T6284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  185.411958][ T5802] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  185.571891][ T5802] usb 5-1: Using ep0 maxpacket: 32
[  185.575451][ T5802] usb 5-1: config 0 has an invalid interface number: 196 but max is 0
[  185.575481][ T5802] usb 5-1: config 0 has no interface number 0
[  185.575531][ T5802] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  185.575554][ T5802] usb 5-1: config 0 interface 196 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  185.575578][ T5802] usb 5-1: config 0 interface 196 has no altsetting 0
[  185.582713][ T5802] usb 5-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[  185.582745][ T5802] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.582765][ T5802] usb 5-1: Product: syz
[  185.582780][ T5802] usb 5-1: Manufacturer: syz
[  185.582794][ T5802] usb 5-1: SerialNumber: syz
[  185.671782][ T5802] usb 5-1: config 0 descriptor??
[  185.673732][ T6476] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  185.731647][ T6284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  185.865967][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.866617][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.888780][ T5802] ipheth 5-1:0.196: Unable to find endpoints
[  186.191859][  T810] usb 5-1: USB disconnect, device number 2
[  186.288639][ T1272] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.310488][ T6493] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  186.436968][ T6495] fuse: Bad value for 'fd'
[  186.477111][ T6284] team0: Port device team_slave_0 added
[  186.495890][ T6284] team0: Port device team_slave_1 added
[  186.537280][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.537487][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.845887][ T1272] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.040319][ T6284] batman_adv: batadv0: Adding interface: batadv_slave_0
[  187.040339][ T6284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  187.040366][ T6284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  187.299421][ T1272] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.420522][ T6284] batman_adv: batadv0: Adding interface: batadv_slave_1
[  187.420541][ T6284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  187.420569][ T6284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  187.900382][ T5801] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  187.932327][ T5801] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  187.934566][ T5801] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  187.936864][ T5801] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  187.937708][ T5801] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  188.230827][ T1272] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.868272][ T6284] hsr_slave_0: entered promiscuous mode
[  188.883345][ T6534] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.156'.
[  188.883722][ T6284] hsr_slave_1: entered promiscuous mode
[  188.884821][ T6284] debugfs: 'hsr0' already exists in 'hsr'
[  188.886298][ T6284] Cannot create hsr debugfs directory
[  189.745074][ T5113] Bluetooth: hci0: command 0x0406 tx timeout
[  190.485682][ T6550] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  190.656697][   T60] Bluetooth: hci4: command tx timeout
[  192.953700][   T60] Bluetooth: hci4: command tx timeout
[  193.115001][ T6577] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.166'.
[  193.319085][ T1272] bridge_slave_1: left allmulticast mode
[  193.319119][ T1272] bridge_slave_1: left promiscuous mode
[  193.319389][ T1272] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.455572][ T1272] bridge_slave_0: left allmulticast mode
[  193.455605][ T1272] bridge_slave_0: left promiscuous mode
[  193.455916][ T1272] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.636913][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  194.636994][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  195.031982][   T60] Bluetooth: hci4: command tx timeout
[  196.592778][ T1272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.660395][ T1272] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.695354][ T1272] bond0 (unregistering): Released all slaves
[  196.924008][ T6611] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.177'.
[  197.074694][   T60] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  197.123901][ T5113] Bluetooth: hci4: command tx timeout
[  197.129400][ T6618] netlink: 4 bytes leftover after parsing attributes in process `syz.0.179'.
[  200.065225][ T6618] nbd: socks must be embedded in a SOCK_ITEM attr
[  201.294995][ T6389] udevd[6389]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  203.231912][ T5997] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  203.286014][ T6518] chnl_net:caif_netlink_parms(): no params data found
[  203.390988][ T5997] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  203.391017][ T5997] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  203.401930][ T5997] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  203.401950][ T5997] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  203.401962][ T5997] usb 1-1: SerialNumber: syz
[  203.447387][ T5997] usb 1-1: bad CDC descriptors
[  203.449839][ T5997] usb-storage 1-1:1.0: USB Mass Storage device detected
[  203.464227][ T1272] hsr_slave_0: left promiscuous mode
[  203.466576][ T5997] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  203.469079][ T5997] scsi host1: usb-storage 1-1:1.0
[  203.500561][ T1272] hsr_slave_1: left promiscuous mode
[  203.507510][ T1272] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.507531][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_0
[  203.533239][ T1272] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  203.533269][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_1
[  203.608595][ T1272] veth1_macvtap: left promiscuous mode
[  203.608676][ T1272] veth0_macvtap: left promiscuous mode
[  203.608841][ T1272] veth1_vlan: left promiscuous mode
[  203.608945][ T1272] veth0_vlan: left promiscuous mode
[  204.693971][ T1272] team0 (unregistering): Port device team_slave_1 removed
[  204.754603][ T1272] team0 (unregistering): Port device team_slave_0 removed
[  206.551865][ T6284] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  206.903547][ T6284] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  206.999611][ T6284] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  207.100721][ T6284] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  209.224426][ T6689] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  209.379111][ T6518] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.379267][ T6518] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.379484][ T6518] bridge_slave_0: entered allmulticast mode
[  209.422973][ T6518] bridge_slave_0: entered promiscuous mode
[  209.429240][ T6518] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.429458][ T6518] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.429684][ T6518] bridge_slave_1: entered allmulticast mode
[  209.473614][ T6518] bridge_slave_1: entered promiscuous mode
[  209.638684][ T6518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.675118][ T6518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  209.877703][ T5881] usb 1-1: USB disconnect, device number 4
[  210.277967][ T6518] team0: Port device team_slave_0 added
[  210.334831][ T6518] team0: Port device team_slave_1 added
[  211.654321][ T6518] batman_adv: batadv0: Adding interface: batadv_slave_0
[  211.654339][ T6518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  211.654366][ T6518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  211.665282][ T6518] batman_adv: batadv0: Adding interface: batadv_slave_1
[  211.665298][ T6518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  211.665320][ T6518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  211.920409][ T6736] No control pipe specified
[  212.229207][ T6518] hsr_slave_0: entered promiscuous mode
[  212.230725][ T6518] hsr_slave_1: entered promiscuous mode
[  212.231710][ T6518] debugfs: 'hsr0' already exists in 'hsr'
[  212.231974][ T5113] Bluetooth: hci1: command 0x0406 tx timeout
[  212.232007][ T5113] Bluetooth: hci2: command 0x0406 tx timeout
[  212.264726][ T6518] Cannot create hsr debugfs directory
[  212.313000][   T60] Bluetooth: hci0: command 0x0406 tx timeout
[  212.786971][ T6284] 8021q: adding VLAN 0 to HW filter on device bond0
[  213.286262][ T6284] 8021q: adding VLAN 0 to HW filter on device team0
[  217.070121][  T743] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.071702][  T743] bridge0: port 1(bridge_slave_0) entered forwarding state
[  217.833290][  T743] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.833450][  T743] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.904653][ T6813] netlink: 180 bytes leftover after parsing attributes in process `syz.2.228'.
[  222.842204][ T1272] bridge_slave_1: left allmulticast mode
[  222.842235][ T1272] bridge_slave_1: left promiscuous mode
[  222.842513][ T1272] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.033783][ T1272] bridge_slave_0: left allmulticast mode
[  223.033814][ T1272] bridge_slave_0: left promiscuous mode
[  223.034079][ T1272] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.172861][   T60] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  223.186194][   T60] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  223.188124][   T60] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  223.197503][   T60] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  223.199359][   T60] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  224.851928][ T5955] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  225.006366][ T5955] usb 5-1: Using ep0 maxpacket: 32
[  225.018471][ T5955] usb 5-1: config 0 has an invalid interface number: 196 but max is 0
[  225.018501][ T5955] usb 5-1: config 0 has no interface number 0
[  225.018534][ T5955] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  225.018548][ T5955] usb 5-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  225.018560][ T5955] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  225.018574][ T5955] usb 5-1: config 0 interface 196 has no altsetting 0
[  225.020865][ T5955] usb 5-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[  225.020885][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.020896][ T5955] usb 5-1: Product: syz
[  225.020904][ T5955] usb 5-1: Manufacturer: syz
[  225.020912][ T5955] usb 5-1: SerialNumber: syz
[  225.210063][ T5955] usb 5-1: config 0 descriptor??
[  225.210932][ T6840] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  225.352626][ T5801] Bluetooth: hci5: command tx timeout
[  225.426652][    C0] raw-gadget.0 gadget.4: ignoring, device is not running
[  225.442954][ T1272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  225.444073][ T5955] ipheth 5-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[  225.444404][ T5955] ipheth 5-1:0.196: probe with driver ipheth failed with error -71
[  225.477060][ T5955] usb 5-1: USB disconnect, device number 3
[  225.552665][ T1272] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  225.714739][ T1272] bond0 (unregistering): Released all slaves
[  226.314446][ T6860] netlink: 180 bytes leftover after parsing attributes in process `syz.2.239'.
[  227.432755][ T5801] Bluetooth: hci5: command tx timeout
[  228.066130][ T1272] hsr_slave_0: left promiscuous mode
[  228.424117][ T1272] hsr_slave_1: left promiscuous mode
[  228.467534][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_0
[  228.547724][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_1
[  229.511886][ T5801] Bluetooth: hci5: command tx timeout
[  230.111107][ T6911] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  231.387242][ T1272] team0 (unregistering): Port device team_slave_1 removed
[  231.458750][ T1272] team0 (unregistering): Port device team_slave_0 removed
[  231.625495][ T5801] Bluetooth: hci5: command tx timeout
[  232.640018][ T6927] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  232.867343][ T6930] netlink: 180 bytes leftover after parsing attributes in process `syz.2.250'.
[  235.986692][ T6518] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  236.304046][ T6518] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  236.949483][ T6518] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  237.393019][ T6518] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  239.544592][ T6518] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.745187][ T6518] 8021q: adding VLAN 0 to HW filter on device team0
[  239.789062][ T6821] chnl_net:caif_netlink_parms(): no params data found
[  239.867936][ T6985] netlink: 180 bytes leftover after parsing attributes in process `syz.2.261'.
[  239.983795][  T992] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.985919][  T992] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.540766][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.581949][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[  241.669619][ T6821] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.669847][ T6821] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.670103][ T6821] bridge_slave_0: entered allmulticast mode
[  241.716021][ T6821] bridge_slave_0: entered promiscuous mode
[  241.740436][ T6821] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.740570][ T6821] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.740804][ T6821] bridge_slave_1: entered allmulticast mode
[  241.761132][ T6821] bridge_slave_1: entered promiscuous mode
[  243.116446][ T6821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.168000][ T6821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  244.051347][ T6821] team0: Port device team_slave_0 added
[  244.092112][ T7035] netlink: 180 bytes leftover after parsing attributes in process `syz.0.278'.
[  244.439508][ T6821] team0: Port device team_slave_1 added
[  250.116150][   T60] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  250.120923][   T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  250.142027][   T60] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  250.148158][   T60] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  250.168806][   T60] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  250.609373][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_0
[  250.609392][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  250.609419][ T6821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  250.675465][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_1
[  250.675477][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  250.675493][ T6821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  252.069165][ T6821] hsr_slave_0: entered promiscuous mode
[  252.094479][ T6821] hsr_slave_1: entered promiscuous mode
[  252.095135][ T6821] debugfs: 'hsr0' already exists in 'hsr'
[  252.095151][ T6821] Cannot create hsr debugfs directory
[  252.482068][   T60] Bluetooth: hci3: command tx timeout
[  253.402544][ T7096] syz.4.290 uses obsolete (PF_INET,SOCK_PACKET)
[  253.828003][ T1272] bridge_slave_1: left allmulticast mode
[  253.828026][ T1272] bridge_slave_1: left promiscuous mode
[  253.828185][ T1272] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.963036][ T1272] bridge_slave_0: left allmulticast mode
[  253.963060][ T1272] bridge_slave_0: left promiscuous mode
[  253.963245][ T1272] bridge0: port 1(bridge_slave_0) entered disabled state
[  254.551927][   T60] Bluetooth: hci3: command tx timeout
[  255.564703][ T1272] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  255.653858][ T1272] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  255.694690][ T1272] bond0 (unregistering): Released all slaves
[  256.016168][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  256.016252][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  256.671931][   T60] Bluetooth: hci3: command tx timeout
[  256.932554][ T7125] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  256.982186][ T1272] hsr_slave_0: left promiscuous mode
[  257.317466][ T1272] hsr_slave_1: left promiscuous mode
[  257.318889][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_0
[  258.040723][ T1272] batman_adv: batadv0: Removing interface: batadv_slave_1
[  258.724250][   T60] Bluetooth: hci3: command tx timeout
[  259.016047][ T1272] team0 (unregistering): Port device team_slave_1 removed
[  259.116754][ T1272] team0 (unregistering): Port device team_slave_0 removed
[  264.280461][ T7056] chnl_net:caif_netlink_parms(): no params data found
[  264.689731][  T810] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  264.894245][  T810] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  264.894285][  T810] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  264.895989][  T810] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  264.896133][  T810] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  264.896154][  T810] usb 5-1: SerialNumber: syz
[  265.019289][  T810] usb 5-1: bad CDC descriptors
[  265.020397][  T810] usb-storage 5-1:1.0: USB Mass Storage device detected
[  265.116060][  T810] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  265.116777][  T810] scsi host1: usb-storage 5-1:1.0
[  268.892044][ T5955] usb 5-1: USB disconnect, device number 4
[  269.319252][ T7056] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.319391][ T7056] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.319606][ T7056] bridge_slave_0: entered allmulticast mode
[  269.360496][ T7056] bridge_slave_0: entered promiscuous mode
[  270.097252][ T7056] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.102899][ T7056] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.103161][ T7056] bridge_slave_1: entered allmulticast mode
[  270.164339][ T7056] bridge_slave_1: entered promiscuous mode
[  270.606760][ T7196] netlink: 180 bytes leftover after parsing attributes in process `syz.0.318'.
[  270.644890][   T60] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  270.765947][ T7197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.318'.
[  273.474680][ T7197] nbd: socks must be embedded in a SOCK_ITEM attr
[  273.726730][ T7056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  274.926940][ T7056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  275.806985][ T6389] udevd[6389]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  275.848786][ T7056] team0: Port device team_slave_0 added
[  276.363340][ T7056] team0: Port device team_slave_1 added
[  276.366998][ T6821] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  276.532707][ T6821] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  276.760524][ T7234] netlink: 180 bytes leftover after parsing attributes in process `syz.2.327'.
[  276.829062][   T60] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  276.973448][ T7235] netlink: 4 bytes leftover after parsing attributes in process `syz.2.327'.
[  277.508031][ T7235] nbd: socks must be embedded in a SOCK_ITEM attr
[  279.752455][ T6842] udevd[6842]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  279.757072][ T6389] udevd[6389]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  279.787177][ T6821] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  279.989213][ T7056] batman_adv: batadv0: Adding interface: batadv_slave_0
[  279.989233][ T7056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  279.989260][ T7056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  279.990845][ T6821] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  280.123463][   T36] libceph: connect (1)[c::]:6789 error -101
[  280.123697][   T36] libceph: mon0 (1)[c::]:6789 connect error
[  280.155111][ T7056] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.155129][ T7056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  280.155157][ T7056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  280.336874][   T60] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  280.354321][   T60] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  280.369789][   T60] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  280.371622][   T60] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  280.391527][   T60] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  280.394841][ T5997] libceph: connect (1)[c::]:6789 error -101
[  280.395042][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  280.681325][ T7241] ceph: No mds server is up or the cluster is laggy
[  281.031269][ T7056] hsr_slave_0: entered promiscuous mode
[  281.102446][ T7056] hsr_slave_1: entered promiscuous mode
[  281.103537][ T7056] debugfs: 'hsr0' already exists in 'hsr'
[  281.103562][ T7056] Cannot create hsr debugfs directory
[  282.195847][ T7264] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  282.473793][   T60] Bluetooth: hci4: command tx timeout
[  283.561378][ T7287] IPVS: set_ctl: invalid protocol: 227 172.20.20.187:20000
[  283.573281][   T36] IPVS: starting estimator thread 0...
[  283.662257][ T7289] IPVS: using max 6 ests per chain, 14400 per kthread
[  284.819715][   T60] Bluetooth: hci4: command tx timeout
[  284.846505][   T36] libceph: connect (1)[c::]:6789 error -101
[  284.846732][   T36] libceph: mon0 (1)[c::]:6789 connect error
[  284.979159][ T7292] ceph: No mds server is up or the cluster is laggy
[  285.314471][  T743] bridge_slave_1: left allmulticast mode
[  285.314502][  T743] bridge_slave_1: left promiscuous mode
[  285.314793][  T743] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.719663][  T743] bridge_slave_0: left allmulticast mode
[  285.719693][  T743] bridge_slave_0: left promiscuous mode
[  285.720063][  T743] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.816433][ T5955] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  286.863216][ T7321] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  286.872174][   T60] Bluetooth: hci4: command tx timeout
[  286.961933][ T5955] usb 3-1: Using ep0 maxpacket: 32
[  287.042522][ T5955] usb 3-1: config 0 has an invalid interface number: 196 but max is 0
[  287.042553][ T5955] usb 3-1: config 0 has no interface number 0
[  287.042605][ T5955] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  287.042631][ T5955] usb 3-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  287.042652][ T5955] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  287.042676][ T5955] usb 3-1: config 0 interface 196 has no altsetting 0
[  287.045801][ T5955] usb 3-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[  287.045830][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.045850][ T5955] usb 3-1: Product: syz
[  287.045864][ T5955] usb 3-1: Manufacturer: syz
[  287.045879][ T5955] usb 3-1: SerialNumber: syz
[  287.150833][ T5955] usb 3-1: config 0 descriptor??
[  287.157667][ T7318] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  288.256204][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  288.256670][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  288.257125][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  288.257615][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  288.301940][ T5955] ipheth 3-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[  288.302280][ T5955] ipheth 3-1:0.196: probe with driver ipheth failed with error -71
[  288.381889][ T5955] usb 3-1: USB disconnect, device number 3
[  288.743035][  T743] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  288.832582][  T743] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  288.853925][  T743] bond0 (unregistering): Released all slaves
[  288.953023][   T60] Bluetooth: hci4: command tx timeout
[  289.045776][ T7246] chnl_net:caif_netlink_parms(): no params data found
[  291.640191][  T743] hsr_slave_0: left promiscuous mode
[  291.765227][  T743] hsr_slave_1: left promiscuous mode
[  291.766305][  T743] batman_adv: batadv0: Removing interface: batadv_slave_0
[  291.867586][  T743] batman_adv: batadv0: Removing interface: batadv_slave_1
[  292.316120][  T743] team0 (unregistering): Port device team_slave_1 removed
[  292.352452][  T743] team0 (unregistering): Port device team_slave_0 removed
[  292.641669][ T7357] netlink: 20 bytes leftover after parsing attributes in process `syz.0.356'.
[  293.807435][ T7246] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.807591][ T7246] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.807809][ T7246] bridge_slave_0: entered allmulticast mode
[  293.814543][ T7246] bridge_slave_0: entered promiscuous mode
[  293.821058][ T7246] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.843507][ T7246] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.843748][ T7246] bridge_slave_1: entered allmulticast mode
[  293.852582][ T7246] bridge_slave_1: entered promiscuous mode
[  294.116802][ T7246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  294.144339][ T7246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  294.603491][ T7246] team0: Port device team_slave_0 added
[  294.607528][ T7246] team0: Port device team_slave_1 added
[  295.758946][ T7246] batman_adv: batadv0: Adding interface: batadv_slave_0
[  295.758964][ T7246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  295.758991][ T7246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  295.765406][ T7401] netlink: 20 bytes leftover after parsing attributes in process `syz.0.367'.
[  295.838936][ T7246] batman_adv: batadv0: Adding interface: batadv_slave_1
[  295.838955][ T7246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  295.838982][ T7246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  296.118423][ T7246] hsr_slave_0: entered promiscuous mode
[  296.141950][ T7246] hsr_slave_1: entered promiscuous mode
[  296.143024][ T7246] debugfs: 'hsr0' already exists in 'hsr'
[  296.143049][ T7246] Cannot create hsr debugfs directory
[  298.211674][ T7056] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  298.589333][ T7056] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  299.978137][ T7056] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  299.992823][ T7432] netlink: 20 bytes leftover after parsing attributes in process `syz.0.377'.
[  303.620943][ T7056] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  304.284911][ T7470] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  304.286053][ T7470] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  304.309145][ T7470] vhci_hcd vhci_hcd.0: Device attached
[  304.892484][ T7471] vhci_hcd: connection closed
[  305.026422][ T6894] vhci_hcd vhci_hcd.2: stop threads
[  305.027651][ T6894] vhci_hcd vhci_hcd.2: release socket
[  305.098678][ T6894] vhci_hcd vhci_hcd.2: disconnect device
[  307.168179][ T7519] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.400'.
[  307.351214][ T7056] 8021q: adding VLAN 0 to HW filter on device bond0
[  307.420192][ T7056] 8021q: adding VLAN 0 to HW filter on device team0
[  307.444114][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.444242][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  307.485228][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.485483][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[  308.697252][ T7542] netlink: 180 bytes leftover after parsing attributes in process `syz.0.406'.
[  308.750845][   T60] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  308.851348][ T7543] netlink: 4 bytes leftover after parsing attributes in process `syz.0.406'.
[  309.823233][ T7543] nbd: socks must be embedded in a SOCK_ITEM attr
[  310.083651][   T60] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  310.348007][   T60] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  310.439591][   T60] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  310.681432][  T743] bridge_slave_1: left allmulticast mode
[  310.681465][  T743] bridge_slave_1: left promiscuous mode
[  310.715933][   T60] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  310.859279][  T743] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.876066][   T60] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  312.399384][  T743] bridge_slave_0: left allmulticast mode
[  312.399408][  T743] bridge_slave_0: left promiscuous mode
[  312.399570][  T743] bridge0: port 1(bridge_slave_0) entered disabled state
[  312.598301][ T5801] ==================================================================
[  312.598321][ T5801] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x86a/0x1390
[  312.598358][ T5801] Read of size 8 at addr ffff888021370500 by task kworker/u9:3/5801
[  312.598376][ [  312.598376][ T5801] 
[  312.598389][ T5801] CPU: 0 UID: 0 PID: 5801 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  312.598413][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  312.598429][ T5801] Workqueue: hci5 hci_rx_work
[  312.598460][ T5801] Call Trace:
[  312.598468][ T5801]  <TASK>
[  312.598478][ T5801]  dump_stack_lvl+0xe8/0x150
[  312.598510][ T5801]  print_report+0xba/0x230
[  312.598537][ T5801]  ? l2cap_connect_cfm+0x86a/0x1390
[  312.598560][ T5801]  kasan_report+0x117/0x150
[  312.598582][ T5801]  ? l2cap_connect_cfm+0x86a/0x1390
[  312.598611][ T5801]  l2cap_connect_cfm+0x86a/0x1390
[  312.598640][ T5801]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  312.598664][ T5801]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  312.598705][ T5801]  ? lockdep_hardirqs_on+0x7a/0x110
[  312.598737][ T5801]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  312.598768][ T5801]  ? mutex_lock_nested+0x152/0x1d0
[  312.598792][ T5801]  ? hci_connect_cfm+0x2c/0x140
[  312.598812][ T5801]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  312.598836][ T5801]  hci_connect_cfm+0x95/0x140
[  312.598857][ T5801]  le_conn_complete_evt+0xf65/0x1430
[  312.598885][ T5801]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  312.598908][ T5801]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  312.598939][ T5801]  ? lockdep_hardirqs_on+0x7a/0x110
[  312.598970][ T5801]  ? skb_pull_data+0xfb/0x200
[  312.598995][ T5801]  hci_le_conn_complete_evt+0x187/0x470
[  312.599019][ T5801]  hci_event_packet+0x7af/0x12c0
[  312.599052][ T5801]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  312.599085][ T5801]  ? __pfx_hci_event_packet+0x10/0x10
[  312.599113][ T5801]  ? rt_spin_unlock+0x14f/0x200
[  312.599142][ T5801]  ? hci_send_to_monitor+0xe2/0x590
[  312.599168][ T5801]  hci_rx_work+0x3ee/0x1030
[  312.599200][ T5801]  ? process_scheduled_works+0xa8d/0x18c0
[  312.599231][ T5801]  process_scheduled_works+0xb6e/0x18c0
[  312.599274][ T5801]  ? __pfx_process_scheduled_works+0x10/0x10
[  312.599305][ T5801]  ? assign_work+0x3d5/0x5e0
[  312.599336][ T5801]  worker_thread+0xa53/0xfc0
[  312.599378][ T5801]  kthread+0x388/0x470
[  312.599401][ T5801]  ? __pfx_worker_thread+0x10/0x10
[  312.599430][ T5801]  ? __pfx_kthread+0x10/0x10
[  312.599451][ T5801]  ret_from_fork+0x51e/0xb90
[  312.599482][ T5801]  ? __pfx_ret_from_fork+0x10/0x10
[  312.599510][ T5801]  ? __switch_to+0xc7d/0x1450
[  312.599537][ T5801]  ? __pfx_kthread+0x10/0x10
[  312.599559][ T5801]  ret_from_fork_asm+0x1a/0x30
[  312.599588][ T5801]  </TASK>
[  312.599596][ T5801] 
[  312.599601][ T5801] Allocated by task 5801:
[  312.599611][ T5801]  kasan_save_track+0x3e/0x80
[  312.599639][ T5801]  __kasan_kmalloc+0x93/0xb0
[  312.599666][ T5801]  __kmalloc_cache_noprof+0x3a6/0x690
[  312.599705][ T5801]  l2cap_chan_create+0x51/0x7a0
[  312.599730][ T5801]  l2cap_sock_new_connection_cb+0x182/0x2e0
[  312.599755][ T5801]  l2cap_connect_cfm+0x368/0x1390
[  312.599776][ T5801]  hci_connect_cfm+0x95/0x140
[  312.599793][ T5801]  le_conn_complete_evt+0xf65/0x1430
[  312.599812][ T5801]  hci_le_conn_complete_evt+0x187/0x470
[  312.599830][ T5801]  hci_event_packet+0x7af/0x12c0
[  312.599856][ T5801]  hci_rx_work+0x3ee/0x1030
[  312.599882][ T5801]  process_scheduled_works+0xb6e/0x18c0
[  312.599908][ T5801]  worker_thread+0xa53/0xfc0
[  312.599934][ T5801]  kthread+0x388/0x470
[  312.599952][ T5801]  ret_from_fork+0x51e/0xb90
[  312.599978][ T5801]  ret_from_fork_asm+0x1a/0x30
[  312.599995][ T5801] 
[  312.600000][ T5801] Freed by task 7542:
[  312.600010][ T5801]  kasan_save_track+0x3e/0x80
[  312.600036][ T5801]  kasan_save_free_info+0x46/0x50
[  312.600059][ T5801]  __kasan_slab_free+0x5c/0x80
[  312.600086][ T5801]  kfree+0x1c1/0x6c0
[  312.600111][ T5801]  l2cap_sock_cleanup_listen+0xf0/0x440
[  312.600135][ T5801]  l2cap_sock_release+0x6e/0x270
[  312.600157][ T5801]  sock_close+0xc3/0x240
[  312.600179][ T5801]  __fput+0x461/0xa90
[  312.600201][ T5801]  task_work_run+0x1d9/0x270
[  312.600221][ T5801]  exit_to_user_mode_loop+0xed/0x480
[  312.600250][ T5801]  do_syscall_64+0x32d/0xf80
[  312.600278][ T5801]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.600298][ T5801] 
[  312.600303][ T5801] The buggy address belongs to the object at ffff888021370000
[  312.600303][ T5801]  which belongs to the cache kmalloc-2k of size 2048
[  312.600320][ T5801] The buggy address is located 1280 bytes inside of
[  312.600320][ T5801]  freed 2048-byte region [ffff888021370000, ffff888021370800)
[  312.600342][ T5801] 
[  312.600348][ T5801] The buggy address belongs to the physical page:
[  312.600358][ T5801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21370
[  312.600377][ T5801] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  312.600394][ T5801] flags: 0x80000000000040(head|node=0|zone=1)
[  312.600411][ T5801] page_type: f5(slab)
[  312.600430][ T5801] raw: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[  312.600446][ T5801] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  312.600466][ T5801] head: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122
[  312.600484][ T5801] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[  312.600502][ T5801] head: 0080000000000003 ffffea000084dc01 00000000ffffffff 00000000ffffffff
[  312.600518][ T5801] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  312.600529][ T5801] page dumped because: kasan: bad access detected
[  312.600539][ T5801] page_owner tracks the page as allocated
[  312.600546][ T5801] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u8:0), ts 92606262940, free_ts 92565707199
[  312.600583][ T5801]  post_alloc_hook+0x231/0x280
[  312.600612][ T5801]  get_page_from_freelist+0x28bb/0x2950
[  312.600633][ T5801]  __alloc_frozen_pages_noprof+0x18d/0x380
[  312.600653][ T5801]  allocate_slab+0x77/0x660
[  312.600675][ T5801]  refill_objects+0x334/0x3c0
[  312.600704][ T5801]  __pcs_replace_empty_main+0x35c/0x710
[  312.600728][ T5801]  __kmalloc_node_track_caller_noprof+0x60b/0x7e0
[  312.600759][ T5801]  __alloc_skb+0x2c1/0x7d0
[  312.600785][ T5801]  inet6_ifinfo_notify+0x70/0x120
[  312.600812][ T5801]  addrconf_notify+0xca0/0x1050
[  312.600830][ T5801]  notifier_call_chain+0x1be/0x400
[  312.600849][ T5801]  netif_state_change+0x27d/0x3a0
[  312.600873][ T5801]  __linkwatch_run_queue+0x575/0x850
[  312.600892][ T5801]  linkwatch_event+0x4c/0x60
[  312.600910][ T5801]  process_scheduled_works+0xb6e/0x18c0
[  312.600936][ T5801]  worker_thread+0xa53/0xfc0
[  312.600962][ T5801] page last free pid 5792 tgid 5792 stack trace:
[  312.600974][ T5801]  __free_frozen_pages+0xfe3/0x1170
[  312.601003][ T5801]  __slab_free+0x24f/0x2a0
[  312.601019][ T5801]  qlist_free_all+0x97/0x100
[  312.601044][ T5801]  kasan_quarantine_reduce+0x148/0x160
[  312.601071][ T5801]  __kasan_slab_alloc+0x22/0x80
[  312.601098][ T5801]  __kmalloc_cache_noprof+0x338/0x690
[  312.601128][ T5801]  ____ip_mc_inc_group+0x518/0xdd0
[  312.601146][ T5801]  ip_mc_up+0x115/0x2e0
[  312.601164][ T5801]  inetdev_event+0xff6/0x1610
[  312.601188][ T5801]  notifier_call_chain+0x1be/0x400
[  312.601206][ T5801]  __dev_notify_flags+0x1a9/0x310
[  312.601234][ T5801]  netif_change_flags+0xe8/0x1a0
[  312.601262][ T5801]  do_setlink+0xf82/0x4590
[  312.601289][ T5801]  rtnl_newlink+0x15a9/0x1be0
[  312.601314][ T5801]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  312.601338][ T5801]  netlink_rcv_skb+0x232/0x4b0
[  312.601362][ T5801] 
[  312.601367][ T5801] Memory state around the buggy address:
[  312.601378][ T5801]  ffff888021370400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  312.601392][ T5801]  ffff888021370480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  312.601405][ T5801] >ffff888021370500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  312.601415][ T5801]                    ^
[  312.601426][ T5801]  ffff888021370580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  312.601439][ T5801]  ffff888021370600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  312.601448][ T5801] ==================================================================
[  312.645280][ T5801] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  312.645304][ T5801] CPU: 0 UID: 0 PID: 5801 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  312.645330][ T5801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  312.645344][ T5801] Workqueue: hci5 hci_rx_work
[  312.645381][ T5801] Call Trace:
[  312.645390][ T5801]  <TASK>
[  312.645399][ T5801]  vpanic+0x56c/0xa60
[  312.645435][ T5801]  ? __pfx_vpanic+0x10/0x10
[  312.645468][ T5801]  panic+0xc5/0xd0
[  312.645498][ T5801]  ? __pfx_panic+0x10/0x10
[  312.645530][ T5801]  ? preempt_schedule_thunk+0x16/0x30
[  312.645558][ T5801]  ? l2cap_connect_cfm+0x86a/0x1390
[  312.645581][ T5801]  ? preempt_schedule_thunk+0x16/0x30
[  312.645607][ T5801]  ? l2cap_connect_cfm+0x86a/0x1390
[  312.645631][ T5801]  check_panic_on_warn+0x89/0xb0
[  312.645656][ T5801]  ? l2cap_connect_cfm+0x86a/0x1390
[  312.645680][ T5801]  end_report+0x73/0x180
[  312.645709][ T5801]  ? l2cap_connect_cfm+0x86a/0x1390
[  312.645731][ T5801]  kasan_report+0x128/0x150
[  312.645751][ T5801]  ? l2cap_connect_cfm+0x86a/0x1390
[  312.645778][ T5801]  l2cap_connect_cfm+0x86a/0x1390
[  312.645807][ T5801]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  312.645832][ T5801]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  312.645864][ T5801]  ? lockdep_hardirqs_on+0x7a/0x110
[  312.645895][ T5801]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  312.645927][ T5801]  ? mutex_lock_nested+0x152/0x1d0
[  312.645951][ T5801]  ? hci_connect_cfm+0x2c/0x140
[  312.645971][ T5801]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  312.645995][ T5801]  hci_connect_cfm+0x95/0x140
[  312.646017][ T5801]  le_conn_complete_evt+0xf65/0x1430
[  312.646046][ T5801]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  312.646068][ T5801]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  312.646100][ T5801]  ? lockdep_hardirqs_on+0x7a/0x110
[  312.646131][ T5801]  ? skb_pull_data+0xfb/0x200
[  312.646157][ T5801]  hci_le_conn_complete_evt+0x187/0x470
[  312.646182][ T5801]  hci_event_packet+0x7af/0x12c0
[  312.646213][ T5801]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  312.646246][ T5801]  ? __pfx_hci_event_packet+0x10/0x10
[  312.646274][ T5801]  ? rt_spin_unlock+0x14f/0x200
[  312.646304][ T5801]  ? hci_send_to_monitor+0xe2/0x590
[  312.646330][ T5801]  hci_rx_work+0x3ee/0x1030
[  312.646362][ T5801]  ? process_scheduled_works+0xa8d/0x18c0
[  312.646393][ T5801]  process_scheduled_works+0xb6e/0x18c0
[  312.646435][ T5801]  ? __pfx_process_scheduled_works+0x10/0x10
[  312.646465][ T5801]  ? assign_work+0x3d5/0x5e0
[  312.646495][ T5801]  worker_thread+0xa53/0xfc0
[  312.646537][ T5801]  kthread+0x388/0x470
[  312.646559][ T5801]  ? __pfx_worker_thread+0x10/0x10
[  312.646587][ T5801]  ? __pfx_kthread+0x10/0x10
[  312.646609][ T5801]  ret_from_fork+0x51e/0xb90
[  312.646641][ T5801]  ? __pfx_ret_from_fork+0x10/0x10
[  312.646670][ T5801]  ? __switch_to+0xc7d/0x1450
[  312.646705][ T5801]  ? __pfx_kthread+0x10/0x10
[  312.646727][ T5801]  ret_from_fork_asm+0x1a/0x30
[  312.646755][ T5801]  </TASK>
[  312.647142][ T5801] Kernel Offset: disabled