last executing test programs: 6.125501903s ago: executing program 3 (id=14): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001b00)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100ffffffff00000000010000000c0002000400000000000000100007800c00018008000100", @ANYBLOB='\f\x00'], 0x3c}}, 0x20000000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast}) write$tun(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d000c2f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120088be"], 0xfdef) syz_clone(0x11c0400, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', &(0x7f0000000040)={0x240c40, 0x106, 0x20}, 0x33) r4 = fsopen(&(0x7f0000000000)='ecryptfs\x00', 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r4, 0x4, &(0x7f0000000100)='\x00\x16\xffM\xa8\x84\xa7j\xe4 v\x9b\xee\\\xce\x95~ \xdc-\xac\xd7\xf8\xd7Q.\xb6S\x11\xd6,v;w\xc4:J\x8dnO\xbe\x82\xbec\xf5\"_B-\x17c\xbe;\x1b\x06\x1d\xf0\xa4\x1e\x99^\x85 ?xFU@\xf9\xb6P6\xc1\xa8d\x9bE\xde \xbc\x0f`\xd3L\vyzH\xb54_\xfdp\xe9\x9a\x81\x84\x94\xa3z9\x1f\xfb\x8b\xe5fy]\xbc\x8c\xd5{\x1c\xf9I\xea\x8ee@\xe7\x1b\x97\xa4\x8d8\x1a\xe36\x18\x8c\xdfE\xf6\xb2\x95\x88\t\x95\xa6\xe6\xaa\xdcN-O\x1c\xeb~\x92\x01\xb1N\xf6\xff\x9f\xab\xab\xb2\x9e\x05\xfa\xc6\x1a \x83\f\x9f\xff\xae\x8d\r>\\\xea\vn\v\x85\xbe\xd2\t\xc9O\xcd\t\x9c\xce\xa6\'\xecF\xc1b\xa9\xfbP\rn\xe2\xccr[\xb2j\x84\x8d>\xfc\x0f\x8eH\x10\xaa\xbf\xd1\xb7\xdc\xc0V\xd8d\fq\xcb7\xc9\xc0\x9b\xbc\xa4&S\xba \xa9\xcaV=\x11\xd5\x19\xcc\xd7^M\x1f\xef\x04\xf8P\xb8\xf7\x84Xq\x9f#\x92\xd0.\xaa\x96\x8c R\xbfs\x1d\x8d\x17\xee]l\xa2\xc7\xeb\xa6c~\xa6yAo\xba\xcd\xf8\xf0\xb8\tP-\xc8\xe9\x88+\xd8#W5\x99\xc2hn4\xb8\x1b\xa9\xcbH\x12\xac', &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, 0x0) setpriority(0x1, 0x0, 0x80000000) 5.891041454s ago: executing program 3 (id=16): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e23, 0xfffffffc, @private2}, 0x1c) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080), 0x8) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x442, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f00001b0000/0x1000)=nil, 0x1000, 0x2000000, 0x10, r1, 0x23a13000) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000980)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)="89", 0x1}], 0x1}}], 0x1, 0x20000000) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000140)=ANY=[], 0x8397de475a1b5b02) 5.697903761s ago: executing program 3 (id=17): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x3}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000007b40)=ANY=[@ANYBLOB="200000002200010a000000000000000007000002"], 0x20}, 0x1, 0x0, 0x0, 0x4044000}, 0x0) r1 = syz_usb_connect(0x2, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006b36a2207b06a1279bb00102030109024c0001000010000904e7000229feac000b2402010302057ff49bfd052406000105240002000d240f0105000000090007000806241a7f000109050602ff030000000905820208"], 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) 4.498460088s ago: executing program 0 (id=26): ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) mount(&(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, 0x0, 0x200804, 0x0) connect$can_bcm(r0, &(0x7f0000001cc0), 0x10) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x46084, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000080)=0x2) ioctl$TCSETSF2(r2, 0x402c542d, &(0x7f0000000100)={0xfffffffc, 0xe7, 0x2, 0xff, 0x7, "ea71061d0000000001000200", 0x0, 0x80}) ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000001c0)=0xa) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0) socket(0x10, 0x3, 0x0) r3 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r3, &(0x7f0000000040), 0xc) read(r3, &(0x7f0000000180)=""/119, 0x77) write(r3, &(0x7f00000000c0)="2400000010000000000000020000000000000000", 0x14) 4.123439054s ago: executing program 2 (id=28): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0x3ff, 0x5479, 0x1035, 0x20200000000006, 0x0, 0x9, 0xfffffffffffffffc, 0xffffffff, 0xbf4, 0x80000fff, 0x808000000000005, 0x800000068], 0x2000, 0x80cd4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000240)=0x24) ioctl$KVM_RUN(r5, 0xae80, 0x0) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) 3.94992717s ago: executing program 2 (id=29): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000001640)={{0x30000, 0x40000, 0x9, 0x6, 0x2, 0x2, 0x4, 0x6, 0x4, 0x9, 0xbc, 0xd}, {0xfec00000, 0xdddd0000, 0x10, 0x81, 0x1, 0x2, 0x9, 0x50, 0x3, 0x0, 0xa0}, {0xdddd1000, 0xf000, 0xd, 0x0, 0x8, 0x6, 0x3, 0x2, 0x9, 0x7, 0x8, 0x4d}, {0x8080000, 0xfec44000, 0xf, 0xd, 0x6, 0xf9, 0x7, 0x9, 0xe, 0x7, 0xf3, 0x5}, {0x5000, 0x8000000, 0x13, 0xa, 0xd6, 0x39, 0x5, 0x0, 0xea, 0x7, 0x9}, {0x4, 0xd000, 0xd, 0x80, 0xfc, 0x7, 0x5, 0xd, 0x14, 0x0, 0x9, 0x3}, {0x30000, 0x8080000, 0x4, 0x74, 0xc, 0xd7, 0x1, 0x81, 0x39, 0x0, 0xd, 0x6}, {0x200000, 0x20c000, 0xf, 0x98, 0x2, 0x61, 0x2, 0x81, 0x2, 0x6, 0xdb, 0x7}, {0xeeef0000, 0x4889}, {0x10000, 0x4}, 0x5a13e491e0f739c7, 0x0, 0x10000, 0x360148, 0xc, 0x1, 0xb000, 0x0, [0x10, 0x0, 0x0, 0xffffffffffff5d3e]}) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000001a40)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0xf) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000040)={0x70000, 0x109000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000140)={0xb000, 0x10000, 0x1}) sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="380000001214010000000000fddbdf2508004f000000000008004b0013000000080003000100000008001500ffffffff08000100"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x8084) 3.926096013s ago: executing program 1 (id=30): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000cc0)=0x9) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$XFS_IOC_SCRUBV_METADATA(r1, 0xc0285840, &(0x7f0000000040)={0xfffffffffffffffc, 0x7, 0x0, 0x0, 0x3, 0xa, 0x0, &(0x7f0000000180)=[{0x1c, 0x1ff, 0xfff}, {0x5, 0x1ff, 0x4}, {0x15, 0x101, 0x40}, {0x12, 0x0, 0x1}, {0x17, 0x101, 0x666e5bf1}, {0x15, 0xfe, 0x3}, {0xffffffff, 0x101, 0x1}, {0x10, 0x101, 0x40}, {0x12, 0x1ff, 0x3}, {0x0, 0x0, 0x200}]}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x3, 0x81, 0x4, 0x1, 0x0, 0x2, 0xfffffffffffff804, 0x0, 0x0, 0x0, 0x2000000000000, 0x7, 0x2, 0x1, 0x8], 0xeeee0000, 0x4fb40}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.624447555s ago: executing program 2 (id=31): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x3, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000000)={0xc, r1}) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) r2 = socket$alg(0x26, 0x5, 0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) close(r3) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-ce\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00') accept4(r2, &(0x7f0000000140)=@generic, &(0x7f0000000000)=0x80, 0x400) set_mempolicy_home_node(&(0x7f00002d6000/0x2000)=nil, 0x2000, 0x2, 0x0) preadv(r4, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) r5 = accept$alg(r2, 0x0, 0x0) write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0', [{0x20, '+@{'}, {0x20, '\x00\x00\x00'}, {0x20, '%](]&-}\''}]}, 0x1c) recvmmsg(r5, &(0x7f0000000000), 0x0, 0xcb, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x3, 0x0) (async) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc}) (async) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000000)={0xc, r1}) (async) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) (async) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) (async) socket$alg(0x26, 0x5, 0x0) (async) socket$phonet_pipe(0x23, 0x5, 0x2) (async) close(r3) (async) bind$alg(r2, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-ce\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) (async) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) (async) syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00') (async) accept4(r2, &(0x7f0000000140)=@generic, &(0x7f0000000000)=0x80, 0x400) (async) set_mempolicy_home_node(&(0x7f00002d6000/0x2000)=nil, 0x2000, 0x2, 0x0) (async) preadv(r4, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) (async) accept$alg(r2, 0x0, 0x0) (async) write$binfmt_script(r5, &(0x7f0000000040)={'#! ', './file0', [{0x20, '+@{'}, {0x20, '\x00\x00\x00'}, {0x20, '%](]&-}\''}]}, 0x1c) (async) recvmmsg(r5, &(0x7f0000000000), 0x0, 0xcb, 0x0) (async) 3.623989974s ago: executing program 1 (id=32): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='memory.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000100)=""/134, &(0x7f00000001c0)=0x86) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1c) r3 = syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil) r4 = syz_kvm_add_vcpu$x86(r3, &(0x7f0000000040)={0x0, &(0x7f0000000440)=[@enable_nested={0x12c, 0x18}], 0x18}) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETA(r5, 0x5434, 0x0) ioctl$NILFS_IOCTL_SET_ALLOC_RANGE(r0, 0x40106e8c, &(0x7f00000000c0)=[0x8, 0xfffffffffffffffc]) ioctl$KVM_RUN(r4, 0xae80, 0x0) ftruncate(r0, 0xc17a) inotify_init() mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000)=0x9, 0x8, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x17) setsockopt$inet6_udp_int(r0, 0x11, 0x0, &(0x7f0000000200)=0x800, 0x4) 3.50676432s ago: executing program 0 (id=33): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0x3ff, 0x5479, 0x1035, 0x20200000000006, 0x0, 0x9, 0xfffffffffffffffc, 0xffffffff, 0xbf4, 0x80000fff, 0x808000000000005, 0x800000068], 0x2000, 0x80cd4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$VIDIOC_G_PARM(0xffffffffffffffff, 0xc0cc5615, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000240)=0x24) ioctl$KVM_RUN(r5, 0xae80, 0x0) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) 3.353458332s ago: executing program 1 (id=34): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x40) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c0002800500010000000000a6620180080001000000000008000200000000002c00018014000300ff01000000000000000000000000000114000400090200000000000000000000000000010c00028005000100000000004700028005000100010000000600040000000000060005"], 0xe4}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 3.275961632s ago: executing program 2 (id=35): socket$inet6_udplite(0xa, 0x2, 0x88) (async) r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000040)={0x6, "90ec69664475e02216e251612ec509f1b2effe4126746bcd762bbd83a73cf46d", 0x4, 0x100, 0x1, 0x8, 0x10, 0x4, 0x2, 0x7}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)={0x20, 0x15, 0x10, 0x70bd26, 0x25dfdbfb, "", [@nested={0x10, 0x1e, 0x0, 0x1, [@nested={0x4, 0xb6}, @typed={0x8, 0x1c, 0x0, 0x0, @ipv4=@broadcast}]}]}, 0x20}, {&(0x7f00000010c0)={0x1030, 0x2f, 0x1, 0x70bd29, 0x25dfdbfb, "", [@typed={0x14, 0x131, 0x0, 0x0, @ipv6=@private1}, @generic="64183a866b6e6c4175e3c4c5ed48c2ea1d75df81049c8264440289a92b42b90b8db7021eece3db7b0de8024869a51ac044886e638e47badc1bf71b75b89f32ca7955fe2b5735e1a3d354f2adb3b094041fcbc083fcca597e34174d53f54a2641aa2e0f13324d4da58e02b4a194ee89e7b2214166eac59e6ecd3a0ed4637608f506030f3c7ad28285f4bf99c40c6e10797d111bc3ce423b572236e42547bd696dfe0d5f67737b8c537002b1a7e34802747e2ad4710438c277ee5800e80c0a415d26089e16455b72ee173a0bf4e38912244f7e24979d3c9c7f60ef6aed09336cf65d8f1cc0f93151fccd5ad78c23936ad3f76e83bdb6444c6ccf7ad11e371981e6601f7cd3732c28e638d7e02bb31199d048444a35ce491749583db71f792e81e7e08ba2316eb93fb200450c5d10e421925e8e293015fea59dd057eefeb5716f97b7ec6a6895e0d9f34e8519be8e1d351ecfbcb382a0579b255f9eece836fe421fdf94a5210b18acb892baa0556fb0d672558b14eba4c7381fa292c618a48aeb5c59af544845f9801d92f0ffde62f401043cee8c7198f1c24eb3a61544fb0d5ebbb08e2eeb9ab04956c518b87de168b066f4797f4b1fdffa30d0b26e66382add9f319d0087303bf1db6d633c6ddc58f3485facc5736ce4eb5e587e7e81d506a0f476b1ace9a08eee8c7da116de59d7a997b3e13659b56626d60079a5000f37b1661d67a62490202d5bd0044c05278683ba643e6faf5fb4e7997a638db994a6222b303cd82befcff57f4026f753e03f1c0b3b8231be127b6795d1e68ef1dec8d14601a6d4588db11543f4939ffb966266b07c7b5f03879242b2145875ce143db399370a431ff00c9910082464da31f9e85f94be15aabe8e7df0ba1c63cc9729bc632957a900ce7f424508a4db30bebe4b2fe5c712e390ffd59b14ad65b87e94be7a5a3a19e4a7799496a3a653c8f490127d8770122ab5f32f7d6e126baec707a95b94048cb1996c84893285530255c1128fc17204eb4ccfa9be157b389fe3e54efa4c6fe94045ee69e01ef2428befe67f1e0691747b2bdce610c262c65d9cc245a8a51348a9d441ba96d9b220884912ac3090f2d8aa5d53971cb4d1ec580f69e3aac30355b40bd2a3ffd485587143a7cb72aa55d476688c4f566eaa1400874c357a9a58432bef637835f0a873b285499cc9b485648a9dda1ee5bdc6b2d6151748c7d0f94fd230af787b8af58328dfae0efcde824011680756f24dc044de08b3e0c9eb37f08463fd407d35c77a74b0b9bc1af15388bfff731d129df6a290a12e55031c5030a8c36af324202e6bf4d5b3b28e370dbcb93c429ff434908f8ac737aff1112c921d4362acc2380e68db5e9d79fee7a9ef3079d18b261bf99ef78d401e6b3e16bb49e4cdec3caf155a9a94e5ea8ae8d8e08231073d1c8633373e994da130ac347d0f2b7532ac297bdfa7c54c293a21255e6889ce718b48481958b326b2ddcd917909e64f2f0480f03fc9b103b143568876c198f731fc7d52062d77e49b4124573f74045618ccf785896dd831e3e95bd1b1f892153a78ae95a983e936b0b9305aaaf5abca36efe90acbda5d99d2ad063fa8af871749f3de18af18cf02da3e39b6ad30e15e8697194513241d25bf1c4b1cf50200cb931264c3b8583c82ffbdc0c6ab157015b712a63df239f208dfd27e7c53b73a061c087c95fc8032894ce9987a2dadc6d653a819996ac183b09744af26d650abc05266df9bdb00051b01a35691aabdb0bc1793caf6295db5d970033351f94b49ba6800e914cdd82e525f44c501bd88fcc69ee1c2dafc2cceabca28a0be5f32035af3a1be9529a7af6fa8be3eadd6f8d40d57a4119c4a6e1ac5b6744fd17dc6d8900e4480b89023affffdfdb340c8bbb002d84fefbfdef613f702a2d398d26b51eb67db2fbde225301dd989fca47b85394dac132acf1df296956641ac0905074843e7eac1d663db43414395b05cf4b4812b161d783789f2bf9b7484940d2c16bc30b4f5422d459b71529f5a748e48e565780084bbd7763ea1d94bb342245149f08ffa75d8581408503bd0afcbce4e8467b381a7fd00bedb2e40852b6bd88b95b51cc8a1685d7773746479827c9fab3a4eec3e882e59108bb9c135f3f6df50a931cdcfb58a6d86cb8b0bdc8d5463f9bdb53cde892f5509a28be1e0975282bbf9ca9bbad2715165c3637e9cdb5533dca394af1d2bb026718845296e8f672ede50c95f34739eb093d8af3830f48a0b1b6293c5ccbd59da5324089989e5d694c2fac3ee1e5f8326fe7743b527afd650a8fee0849791570f65a7725957faae5b0c0454abd9f55b4328d119497334d22512ec57784867db01a014def4849a1e261d8dabb22794707f6401d75bdd98dcd382316cd5fdab7acb9b1ecc543cfb2b2587dafa9ff1af19655b5f7452927c0eed1afd14267ee47fa43371a123e9d6ee747dd69cb0a660bfac188ede087fbee119086cf33bb4e1e67c8294993380c49f71a1ab06e2ffa24ce7b14d0db87ef6baa2f5c0bfe8e075f27da679d46add5b09a81b34c3d2455b1f2bd63b2bd8cb79117f2f81cf1d44d46bdc13e973fac34c022b848864e716fcc78b2676a346ccc52011ec8f0ce1f3ff69c80d48b2203c63468457641cfcc6b6d226b2817768dd4fe7931cbec061cfe13a7f52cc230eddc86e3683ab59d325562681b614171a1796a88553e012ac50ea91a6b24396cfbdc30650eceb7c65bcc8206b244f14dcf238dae6e2ce8f840116534e7678f8d9fdb131af3ed31dd4b12c695df0cc3ba6de389fa7aac127a7b21c7f3758f1f5db933e8514f56340fb103fbbe37f76b3e5b89932e228fe01b3cd1f97499fd82a528d13cc0e2fc59da831f60f2c17f3e7398df453e75707240666bb7ac2255326596cc11b0bebe550b95db8ce0786f7b5a419a929572c82e7457a435bde07047cb00337529d14e49e98beac31e350874dec7c3fecae66d274a2704455d717e037d93ac2a470bb1d5ddb967e6df09498548ead90c740410da1fb85f50bdbc93e6358ff2fd1a28de65a7b3441339f43b54bc0ea32fb4ad9185b76fed67d9809fc3e85a97ec487d51d40471fef9a257f617bc7c448ce22b27fb0492216a373902de89ec1c8cc9de0a5bcade3853d52c6b92d2088d402d9ad1e57b565083ccf05622593a18c94acacff6c009c0e60a708713b6810666498004cdb8963eb415bf85e6b3880d7c05070d4b029473d9ffc4a763307eb69e64e409c9a9a54abc1ab4ae4482334b919dbc251a616b68020d5229aa5b8d57bae3508ff0bce9ddd5c0178281a9e7b081ea62ec9328ea639f0746ce50dfb6fe5515a0a08205279a529b377e9bbceb11bb18e5a6cb57444bc2c07242598b6cff46499317a063d5188fc146a680232e9b638e27405dfe656a520e217f4162ed111af00245d049e4fa01d4688b6b00e0ced5e7fd23dff7172c561a40ead420a4ac990b016e2fe344689b8a86d3181b82b0acd2586cf7c76fff53d56f50896c6eda95ce85ca1078b8e1d048f1fe9c80ae8f60b858506f17d0c8c89f3e41c7c3d294911e78cbeabbdeb2eb412ea9f40f82b17b650837db29752835765ab0c3a5e705abea21eff58b2409b8c1574425031b81d1824225d704bc6be08b277868a265cd361c49ce9f9593235b878c6177638f75b8fa49849fb1c0e59c1dc782c0dd338aeeb46a42f7c00ae3d82904c96389a0f3bf48120a7b1514989d140a75e2249c2050308957f731c2fbe7f515a4a7e0578ebff507f813363f61f8f820b200d1cdb130e65655c4b5929b28328e693a51a6623aec4e5c3f6c34b80836ecdd5a32d4ef89bc45247e070b6c89d788446877dcdef3a4bcd73bd95b2b47a4c40c2bf2f49f24b0e3227ca016c0bd00794586096f6be4beacfb61c3bcdc2bc47456aaab33de441e49ee07df053892493ef22a126bceed1e605cd05cbad8653337466660541f93969d033c6d4aef5f7e89394aafc263cf89f48dbac3c377ded53cfa262d906bbf7c6437a13d553038e0d159c192bb2f07f0dc409ea956793ddc1ea027f879e5cf390f073d25e084fb4b93ae4648daaf8fe5b1b5559c33e4d3acc06809e2404f58a341dba4105fd0a341b25ef825603dce0c5593c95299c4f94a1eb000354802720084f8a50d141522108aa26be8825fab93c2e98ebf1931a26f00ef48e15ffb77eb8cd051570687434fb5789a45549ff86f63108bb242de2cfc19e1dfd577131896bc5d3b00f1daec8e5b543f4a9e582d5c014120e21a68dede7fbaa8732a7a5bf6f48d3546bdcea0845fef679b6a09b6313229d52f0b5b52e3340322cecf04c9ee7c904014c55652fc164f61f91100e1fc0384caac5c9ec4becf1295a97a5832554404f673b5a3c0d0c3d98ad4bd011407ccc34f71f61ddf6722a92da4375c3d80ccc6fc6d6c31ca6c8602bfaaa9e55ad770ea20b24e260b560c57542d4e8689b1d5a74089a5fca63ae0f57b257411d1aad928e0608c405bdaba1af15de2a64a17daf5295c85f55c85ab96239fbb010cbb9514aa65e2a022f9935b8faf73611405e6caa98992f16aa7387468e9e51f3399f5f7e565ff939b5db5a7ad2675b4c071c75a424eae3ac342a0c1c237542718208edf937a62ead30d405c260d0bcf3e73a1c5f6c38d32ab5d47aa1c5ee565669a4323e96a0ec5f58d61ba223c7af3c60b65a020e09b8522eb379c7aff9db2a986c5a8799b400cfb16f83242568845b1d52e8034e16d19af3df4551bf5055f16ef40a5c8b34fe16845377e74bea2f11f6de5d4a244ba98670e595cbb8963146aadddad23b735d174f1a2fc7303ca4d8be7dabd477ba1ad94848f46f716911e107e4f907b040174d1d33517130b81238e35d27a5645a0b5213d248bbdbc8ceaa7165869ae8fd5c3d16b25c38e9d857a4a1bc2c24a9afaedfbb6a7d9946a4ef356c5cb4c66ed6e769e2b1f4256a9393db285659a184546a2e54dacbdcd1d5443c1161580bcec039774e202b1071a39c6379d1923dcb79f950b6dbfac44a86ca763016d208500052fa1ac3c809b6c4a5d40f37a948aefe14215ab05fbff86cc6363291be16273beb8714ccd1771f202b64965e400b96b763c9b466b378cd0aeb591b3165f625f5a3be82ef8acd8367f61561b6c75fc8671f065c8349f09deb869325197caf3ada00d7b9b117c2b8a8e3cf2e74e1db1e90d88cd8b4114e58404bc498f7ca559a41a665c639724e0717ec3635483360430a7c25595acbfebc00ca53b5b0921fc4c53701c43d6422fe518ca7b63dd54c70ac19020576dd57e3872e041baf5e37488b0f634081dfc06e2e0d8b53c7d0bd60cea14b18f208a67dacb0ae89bae560a9485a27d9f68ae1bafb39e5b9c0b4edd42d1602d20782640b21b4681ccb1c399cf57c29eaeb93f4bb81970bd49dc16aa18016fc6da20a57a707b8de736eb500a8a838c9fcb42b312653b9ce52a835e2000be720b121e9f4ec6192ad6c835778b2c564949dba29144889fed3943891d22ff8205992fd914fbbd9bd60b994f55effb4c778dd77256cb84d27e649801c8ab8f22d2e8b3379c7bb94d27b3c89fb7a901f608afc5bd836b7dd9c681780fb196c6bdc9a450c8b319f5d085b2a3fa4bf9542210178d14216e9ec12c13212fab76b6e4ca8e759091db92f983684900f10c0cec3681d353e0d94885fec82c684d6f2626558ac34f151297f10156f4ccf81fd781bbf7e6964395e90e5940cb06049bbb49a6df922b165a989a5ab4b3f5a9dea306b2cb42f406b3d63c556", @typed={0xc, 0xe5, 0x0, 0x0, @u64=0x40000000040}]}, 0x1030}], 0x2}, 0x0) 3.129695167s ago: executing program 1 (id=36): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001030000000904"], 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r2, 0x4068aea3, &(0x7f0000000500)={0xa4, 0x0, 0x1}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000380)=@arm64) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000005c0)={0x1c, &(0x7f0000000480)={0x0, 0x6, 0x3, "33a420"}, 0x0, 0x0}) syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001030000000904"], 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r2, 0x4068aea3, &(0x7f0000000500)={0xa4, 0x0, 0x1}) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000380)=@arm64) (async) syz_usb_control_io$uac1(r0, 0x0, 0x0) (async) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000005c0)={0x1c, &(0x7f0000000480)={0x0, 0x6, 0x3, "33a420"}, 0x0, 0x0}) (async) 2.711394565s ago: executing program 2 (id=37): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000140)={0xffffffffffffffff}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x7}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) splice(r1, 0x0, r0, 0x0, 0x408cd, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r4) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x28, r5, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_CONNECTED_TO_GATE={0x5, 0x1d, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = getpgid(0x0) sendmsg$unix(r10, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@cred={{0x1c, 0x1, 0x2, {r12}}}], 0x20}, 0x0) setsockopt$SO_ATTACH_FILTER(r11, 0x1, 0x4c, &(0x7f000002eff0)={0x133, &(0x7f0000000000)=[{}]}, 0x10) recvmmsg(r11, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r9}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x28}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) r13 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYRESHEX=r9, @ANYRES8=0x0, @ANYRESOCT=r8, @ANYRES64, @ANYRES8=r3], 0x0) syz_usb_disconnect(r13) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000220edf104c05c106"], 0x0) 2.706244723s ago: executing program 0 (id=38): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0x3ff, 0x5479, 0x1035, 0x20200000000006, 0x0, 0x9, 0xfffffffffffffffc, 0xffffffff, 0xbf4, 0x80000fff, 0x808000000000005, 0x800000068], 0x2000, 0x80cd4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3b, 0x0, &(0x7f0000000240)=0x24) ioctl$KVM_RUN(r5, 0xae80, 0x0) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) 2.705834507s ago: executing program 3 (id=39): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x3f}, 0x1c) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000700000014000180050002000100c8da080006001a00"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r5 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_GET_EVENT(r5, 0x80286f4e, &(0x7f0000001540)={0x0, {0x0, 0x0, @qam}}) r6 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_restrict_self(r6, 0x8) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r7) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0) 2.504888912s ago: executing program 0 (id=40): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @broadcast}) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="d8000000200081044e81f782db44b90402000000e8fe55a1180015000600142603600e1209000a0000000401a80016000a00114006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee0808856e408e8d8ef52b49816277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9db22fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006d8df969b3ef35ce3bb9ad809d561cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970100040000", 0xd8}], 0x1}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c0001800600060065580000080002"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 1.937976583s ago: executing program 0 (id=41): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101900, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)) (async) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0xffff0000) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000002540)=0x1) syz_usb_connect(0x0, 0x2d, &(0x7f00000001c0)={{0x12, 0x1, 0x220, 0x9f, 0x7b, 0x91, 0x20, 0x403, 0x6015, 0xb76e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x21, 0x0, 0x20, 0x2, "", [{{0x9, 0x4, 0x5c, 0x0, 0x1, 0xad, 0xb0, 0xc2, 0x5, [], [{{0x9, 0x5, 0x5, 0x10, 0x10, 0x9, 0x1, 0x4}}]}}]}}]}}, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0}) 1.653928937s ago: executing program 3 (id=42): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f00000001c0)={0x0, 0x10000, 0x3342, 0x965c, 0x3, [], [0x5, 0x401, 0x3a, 0x2], [0xff, 0x2, 0xffffffff, 0xe35], [0x1, 0x0, 0x7, 0x530]}) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r6, 0x8b26, &(0x7f0000000000)={'wlan1\x00', @random="000010c20800"}) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001500)=ANY=[@ANYBLOB="400000001400010000000000000000000a0000000000000000000000000000000000000000000100"/50], 0x40}}, 0x20000000) 1.567733966s ago: executing program 1 (id=43): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r1, 0x1) ioctl$int_in(r1, 0x5452, &(0x7f0000000300)=0x208) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000180), 0x4) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010019f92abd7000ffdbef2503000000080006000000000008000b00", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x44084) mount_setattr(0xffffffffffffff9c, 0x0, 0x1800, &(0x7f0000000200)={0x1, 0x70, 0x2c0000}, 0x20) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001200010a"], 0x26}}, 0x0) 133.894885ms ago: executing program 0 (id=44): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x40010, 0xffffffffffffffff, 0xf45fd000) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_SMBUS(r1, 0x706, 0x0) mmap(&(0x7f0000b3d000/0x1000)=nil, 0x1000, 0x300000a, 0x4000010, 0xffffffffffffffff, 0x1000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) move_pages(0x0, 0x1, &(0x7f0000000180)=[&(0x7f0000002000/0x2000)=nil], &(0x7f0000000140)=[0x1], 0x0, 0x2) r3 = shmget(0x3, 0x1000, 0x1000, &(0x7f0000434000/0x1000)=nil) shmat(r3, &(0x7f0000e47000/0x2000)=nil, 0x4000) r4 = userfaultfd(0x80001) r5 = dup(r4) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000040)={0x0, 0x0, r5}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r5, 0xc01864c2, &(0x7f00000001c0)={0x0, 0x1, r5}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r5, 0xc03064ca, &(0x7f0000000280)={&(0x7f0000000200)=[r6, r7], &(0x7f0000000240)=[0x7, 0xfffffffffffffff9, 0x0], 0x700, 0x2, 0x3}) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2}) 129.649895ms ago: executing program 3 (id=45): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000140)=0x7f, 0x4) socketpair(0x26, 0x3, 0x5, &(0x7f0000000100)={0xffffffffffffffff}) lchown(&(0x7f0000000240)='./cgroup/cgroup.procs\x00', 0xffffffffffffffff, 0x0) r2 = syz_usb_connect(0x0, 0x81, &(0x7f00000008c0)=ANY=[@ANYBLOB="12010000a7420040ab0501030001010203010902240001000000000904000002aad45c0009058e02000000000009050a06"], 0x0) connect$phonet_pipe(r1, &(0x7f00000006c0)={0x23, 0xff, 0x8, 0xe8}, 0x10) syz_usb_connect$uac3(0x2, 0x113, &(0x7f0000000140)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x0, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x101, 0x3, 0x1, 0x2, 0x50, 0x2, {0x8, 0xb, 0x0, 0x1, 0x1, 0x25, 0x30, 0x23}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0xe, 0x4f, 0x8}, [@feature_unit={0x11, 0x24, 0x7, 0x4, 0x3, [0x3, 0xe, 0xa]}, @input_terminal={0x14, 0x24, 0x2, 0x1, 0x404, 0x3, 0x1, 0xc0, 0x7, 0x8001, 0x8, 0x745}, @power_domain={0xd, 0x24, 0x10, 0x1, 0x7, 0x400, 0x5, "efadf9a5"}, @power_domain={0xa, 0x24, 0x10, 0x6, 0x6, 0x45b, 0x86, "f3"}, @selector_unit={0x9, 0x24, 0xc, 0xb, 0x4, "0eb34037"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@as_header={0x17, 0x24, 0x1, 0x0, 0x7a72, 0x9, 0x1, 0x0, 0x5, 0x1, 0xa}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x8, 0x9, "ca367dfb2677"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x4, 0x4, 0xb, 0xd8, "e988"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x6, 0x2, 0xd, 0x6, "", "fa9774"}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0xc8, 0xe, 0x6, {0xa, 0x25, 0x25, 0x401, 0x20, 0xff81}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x6, 0x1, 0x0, 0x9, "", 'pj'}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0xec, 0x2, 0x7, 0x3, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x2, 0x7, 0xc4, {0xa, 0x25, 0x25, 0x1, 0x8, 0xfe00}}}}}}}}]}}, &(0x7f0000000080)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x0, 0x5, 0x3, 0x0, 0x3}, 0xc, &(0x7f0000000040)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x16, 0x8, 0x9, 0xfffb}]}, 0x2, [{0x100, &(0x7f00000002c0)=@string={0x100, 0x3, "0595d7dd2b6e9105585505d800c4743a49e62c5dfa4f773a686cb17da5d65c1e656d724c2f0e25ea79784d9cb85acc0ac20a828751b0c6f62522143bcae9312cf4cfba0035d5749ebce4120eee3f9cca4f87c22fc3748835fa761e23013dd97d69393df3a5da31cb4595e7f674bdbd14a80d8118c524eb0b7e669a3d6cacd8dd1085e1ed068d868e030d2c2c56faa4466d1d3d5bef9dc2cb8e89e9a68f241fdf530b70627d331913f76eff846da17482f8d3f426d0f9e9577a45c0b830e78d134bbfb77f1998af3dfa756ac4cd3e0f0cca6d215eecb60b3e5efa3f6eb1a9a7c0838aa83113994d8a22757cf54a192d6c0287505bcce27400206b6a4ea384"}}, {0x89, &(0x7f00000003c0)=@string={0x89, 0x3, "832412d0e6e28b1665d1f349b8b163b92bcf8350082fc52510a9df68e91646f3c08fb0486d97270eeab0585d26f1a17aa9b6c71e4325c8c05ba25b67f1653592608fc1ad2ee94af26021f44d09f62a4db627acc75d925223a9e3d2e93587f1aef1cebeadde908e50ebdc108698068532267c76e6c96e66fde22b9bf5375f40235751e111a62e9f"}}]}) r3 = syz_usb_connect(0x6, 0xb2c, &(0x7f0000000900)={{0x12, 0x1, 0x300, 0xb4, 0x48, 0xa5, 0x10, 0x1b3d, 0x930e, 0x3b90, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb1a, 0x3, 0x8, 0x0, 0x60, 0x1, "", [{{0x9, 0x4, 0x42, 0x7, 0xe, 0x0, 0x3c, 0x97, 0x3, [@uac_control={{0xa, 0x24, 0x1, 0x9, 0x14}, [@selector_unit={0xa, 0x24, 0x5, 0x2, 0x2, "ce1c238fc3"}]}], [{{0x9, 0x5, 0xa, 0x3, 0x34, 0x3, 0x6, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x5, 0x1}]}}, {{0x9, 0x5, 0x0, 0x3, 0x200, 0x5, 0xfc, 0xf4, [@generic={0x4a, 0x7, "f0f70e2727e281aa73539fcd087924b8b120b3982a236d570d321bb44ea94145f8164a410bf5c2392fec0678d16235a1606042bb02b63cf7a6b742e2c7750717d736c843dbc7342f"}]}}, {{0x9, 0x5, 0x2102dfab948df964, 0x2, 0x200, 0x0, 0x7, 0x8, [@generic={0x1f, 0xb, "d10adf21ebbf791768ea68fd9f68e8283330a1aa76abd408c4f41d4c9d"}, @generic={0x2f, 0x9, "976228772a0fea8a3308d87f075aec83a8f244f503a208ec686823e45fe13d674c4f3ca3bbc71b5bac7e6f8bdb"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x40, 0x7, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x5, 0x33ca}]}}, {{0x9, 0x5, 0x88, 0x0, 0x400, 0xfb, 0x5, 0xf0, [@generic={0x5d, 0x1b, "a8d402d64124790f74de5989b3903d592cbc4e2060218d8122882953e485290217a411a3e80bedd4425736b546c181bba3fdbc82393bd64948cfdb67aaade9a860c6119bda9d121333afc8d4ef3bf861df9dbcf7f6d78f12486735"}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0xa, 0x3}]}}, {{0x9, 0x5, 0x9, 0x10, 0x200, 0xce, 0x7b, 0xc, [@generic={0xb, 0x21, "dc4de9f510b963bb46"}, @generic={0x9, 0xc, "130e6b59751ac5"}]}}, {{0x9, 0x5, 0xc, 0xc, 0x10, 0x7b, 0x7, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x7, 0xc}, @generic={0xd1, 0x23, "88843d2481de20eae1124e45b3bfbd9fc28c79ebeb8874167a65e7197e5dffeded3b67cf6001f090c213608a71dc0671906b24581e3c275d17a83162bf71e1473dfef234f536710c297d95d2b2a1876da4eb4a82fbb33713be26ac54e8a89d25a730d6d809dec26c888c875e4514cbcd1e1ecdf65160bc74f4c1ea3a7c0357a1d7ebe4fc5061747d0896c02493531c1cc1aa95a274383a09df651c783670e1cccb57b77b574e79bdf230d34ed2e29e103a94fa1b3e9aabc41ec9cbf0be61f8abcd8d14a8e942bb566551e079b60324"}]}}, {{0x9, 0x5, 0x9, 0x0, 0x10, 0x7, 0x1, 0x0, [@generic={0x3, 0x30, '}'}]}}, {{0x9, 0x5, 0x3, 0x8, 0x20, 0xcd, 0x6, 0x89, [@generic={0xc7, 0x31, "a5cc86a8ab0309517d5cc1b1d41b586a474fa34eed04185dee6b715bfb383f32eb8845927185dce10d57fd174b13d794db1a4e8ee3f182902ab04b5a26ac4469ccf1422b2cbd905f816e5aac6d9eadb40df9307975a272f00b558c3102b6bfe2496d6c37eee8cea460424705c63e16fea7512793a9c0a5c2370c717d73e99dd1ed1ce927abf72dbfa9b58276b68f70be25269d33d96d9d4f05928ec49f1e55249ddebdf632a9b0ac15310c2f714974980e04c3529dfeb4a2c365a4ba32aaf0b5472831df96"}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0x2, 0xfe41}]}}, {{0x9, 0x5, 0x4, 0x0, 0x10, 0x7, 0x0, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0x0, 0x6}, @generic={0x74, 0x8, "436bd58d92c999b22b8b4180e71ae74bb31e5744ceab0a9a4c5f9761c0d3973b9192e5cc0a9dc3343c189903ee334104df7533bf295748a4f29a7a4c24bc63aa97037a07cd4f322a7a118e56b811a502e8cb801dd96d5ae2218419139c26778d796390ae57dab68d229279d342d3df493d5f"}]}}, {{0x9, 0x5, 0x4, 0xc, 0x0, 0x5, 0x5, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x81, 0x7}, @generic={0xa7, 0x6, "15cd25dd9b6c870ca6e1abfb24d1c100c8ce7a0b836dece63e35824881c7aa3fd69f87c0b5062eafb387756bbb85fbb28fd2a1f205dfa36b564cb343fc6471261f2a23c35f2e925d11b60ecae01664e5a1de1f4f9b0d54fe07520030dfc8a236e371d49843dce0ba0b2e0116799637725ad4c43729480cdba715df5edc9f0a13e6997e9d2d840b4a128996254a6a08dc0f448611399fa01078f0ca4c83e82b959cc50152df"}]}}, {{0x9, 0x5, 0x7, 0x1, 0x0, 0xa, 0x37, 0xf, [@generic={0x6, 0x4, "3f746492"}, @generic={0xde, 0x31, "61c5645b886650ce1a418791c6d0ac9704b832d87d99f48af781295500c6285533e9df0ca8ebfa483e781d8764d91ed55c7e5b909cf384e844ee2022b20f9d2347eef04e173212ba90a42811c11049ac02e5e687aadc2a8850020dacf83e29efcc81a1a35f92667c297239882469bc6e142a7b725177d5d10e7624bcb188ff4ce781ae94cbc013bf1491b6102c7e0d57c8961557c4837dc757d9a7d679527686d170525633f50f645f7eaa656ba08bbff37273dbd3ee36f3dd7f2ea05db6cda391858e98caeb1ed2520043a0faba73872a45b81231f70ffe0f558c1f"}]}}, {{0x9, 0x5, 0xa, 0xe, 0x40, 0x2, 0x5, 0xb, [@generic={0xdb, 0x21, "6bded96ac2471250dcee3b2830f804ff4e78872a4139e38aa2f1b1abd4c6c95c518be247faa3ee6f1a8207296ce879f246fbd84031309c1a31c42d606f7233c96de173453d6c02c115f09843511b86f4b67aaea12da803e7e76171ea407f18427d65395a1885bcab95f6819748d3e7db9b02581e0f0bf3c92da9b99d821387e30bc193996bf395fd195ed88c2dbd9df760688c7f81263a58e6bd12b8f1c2f331209d6b4a44f6153f26b6d7385f5d1307a2f2008c492bb548935878e05004733120923c070e718e7d46e9f2fa9a45e1812925627658fe50a341"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0x2b, 0x0, 0x0, [@generic={0x5c, 0x2, "83e106bbe5dc557b9d8342512e001c85b7dc62c7dabdbe7a03e16f96cc58a843dd508a936720163187d2d816ade1aa02b1c6e4c6d5ecaa1145739250d259f76cbcfea8f70b0f318a0692f50175b92a7e2f8ab4bb5b33b120dd41"}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0xf9, 0x3}]}}]}}, {{0x9, 0x4, 0x60, 0x23, 0x5, 0xff, 0xff, 0xff, 0x7, [@generic={0x2d, 0x7, "dc456dd97c84c33b02147dbfaba359a6b56f4ea7dbfb455079351a352cb9450727b8582091b2772ead096d"}], [{{0x9, 0x5, 0xc, 0x0, 0x40, 0x8, 0x0, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x5, 0xea6}]}}, {{0x9, 0x5, 0x4, 0x4, 0x400, 0x7, 0x5, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0x94, 0x6}]}}, {{0x9, 0x5, 0x5, 0x2, 0x20, 0x6, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x85, 0x3}]}}, {{0x9, 0x5, 0x2, 0x0, 0x10, 0x16, 0x0, 0x3, [@generic={0xbf, 0xc, "49c1ac2839fb1ee31e9a425b57eef97e0803d78d4226de702ca846a44b3e8bdc259168121049482fee6c1d068c1d9b72762552fad45e72368e3d6d2f91f94e5cb292f3a01fad7503b688340e7681f1496e3a1c728a0bccfada0d96fc9c9f2748a2ecd5e57c3cf5d32002ac96992d60e87ff1e421faff378255610d2ec292fd570e152e26410320c33e0667fc32beb07aa176979e89cf611acf88301c10a2ac0702dc98e7a43a92450ee4555a927165485b1449ec8e00101c620e9c81ad"}]}}, {{0x9, 0x5, 0xf, 0x8, 0x10, 0xb, 0x2, 0x82, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x8, 0x4}]}}]}}, {{0x9, 0x4, 0xf8, 0x0, 0x8, 0x7a, 0x46, 0x2b, 0xdb, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "b00b3f0269"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x4, 0x40, 0x9}, [@acm={0x4, 0x24, 0x2, 0x4}, @mdlm={0x15, 0x24, 0x12, 0x1}, @dmm={0x7, 0x24, 0x14, 0xfff, 0x8}, @dmm={0x7, 0x24, 0x14, 0x4e, 0xac0}, @mbim_extended={0x8, 0x24, 0x1c, 0x4, 0xd, 0x9}, @country_functional={0xc, 0x24, 0x7, 0x51, 0x9bf6, [0xfff7, 0x6, 0x100]}]}, @uac_control={{0xa, 0x24, 0x1, 0x8000, 0x44}, [@mixer_unit={0x6, 0x24, 0x4, 0x1, 0x8, "05"}, @processing_unit={0x9, 0x24, 0x7, 0x4, 0x0, 0x5, "d649"}, @feature_unit={0x9, 0x24, 0x6, 0x6, 0x5, 0x1, [0x3], 0xf}, @extension_unit={0xd, 0x24, 0x8, 0x4, 0xf1e7, 0xd5, "71b2fcd7a26b"}, @extension_unit={0xc, 0x24, 0x8, 0x6, 0xc9, 0x2, "135a6e1a76"}, @output_terminal={0x9, 0x24, 0x3, 0x3, 0x404, 0x6, 0x6, 0x82}]}], [{{0x9, 0x5, 0xe, 0x1, 0x8, 0x3, 0x76, 0x2, [@generic={0x83, 0xc, "a71ea4738c0eea3bcb1f2429d259ab0c5eed3b47d3bd0a45ee77cf288143c92a88814cfc1f4a8e3a9251325859c435a1e08b7c6aa581cffa731903de75eacacd46896231ded46cf8037f344febcb437fb2397abb04f43c03549dd93aaac4ab96f6ea00225b687ca143b458d38e2b3d5ce4bedbc21f346a1e3b4f6239c6b0eaf27d"}]}}, {{0x9, 0x5, 0x2, 0x8, 0x8, 0xf, 0x68, 0x8, [@generic={0xc, 0x9, "6e4ed8fae219e7451736"}]}}, {{0x9, 0x5, 0x3, 0xd, 0x1b7, 0x7e, 0x9, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x7, 0x5}]}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0x5, 0x4, 0x80, [@generic={0xb0, 0xc, "305b1fc2790c643181de64577238182a1e980b9326c3d4ad2d712069f1e384d520bf9f8792458f9908c5a1e959aa52dac42e547138600e8c4fc4d0b4e1dcc1ace653aed9f032bc6e6e1c5da7f3c777bdf080ecb3bcfb4b81d0605534aca74677765b02df89fae9781fb0d0c734b761c7aa697ec5b13a652e0d52e2a08ff492d0e698e93f992b2eb3c8dbdd373446079b9fd65d7eee80137dc54f07b030d119c836fdbbe36facd7384a8a58cb334d"}]}}, {{0x9, 0x5, 0x8, 0x8, 0x20, 0x4, 0xa2, 0xf6, [@generic={0x30, 0xf, "1742a33f42f3e0cf771512acee0f47dd2c02928ab283d2c67e0cde89d5c5fe5fe860d3f907776e110ab93e944078"}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0x7, 0x401}]}}, {{0x9, 0x5, 0x2, 0x0, 0x400, 0x7, 0x0, 0x6, [@generic={0xa1, 0x21, "2b06d19d834390c10d837dac86d18c42ac7f34cb9794b348840a5d057610db3026ec5107fca9aeafd94c203bf29160782f26a1cc51cbd36f388b1d314143a28c42bbd8bde518b44ffb84a22c0a2a1cb73f6d3e596b11a67f7ac99f567c7c8fd33fbb86962f6a1f918f07d432d9fbbb1b5ab09f48e8e48b56126a98c9b3297a28f34f31f7c06cab92904970b59b68cfeb9760053718b5671e21dfa633ee8365"}]}}, {{0x9, 0x5, 0x2, 0x2, 0x8, 0x1e, 0xba, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xfe, 0x4}]}}, {{0x9, 0x5, 0x4, 0x1, 0x8, 0x3, 0x6, 0xfd, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x3, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0x1, 0x3}]}}]}}]}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000480)={0xa, 0x6, 0x250, 0x40, 0x7, 0xf6, 0x10, 0x40}, 0x33, &(0x7f00000004c0)={0x5, 0xf, 0x33, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0x3, 0x1, 0x8}, @ssp_cap={0x10, 0x10, 0xa, 0x7, 0x1, 0x1, 0xf, 0x2, [0xc00f]}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "7717a53270a83d1838fe59e10e25b508"}]}, 0x4, [{0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x45b}}, {0x80, &(0x7f0000000540)=@string={0x80, 0x3, "13b3af8dccd8c3fe0a2a9f949bdb531d8235a97aa80160298c073c3070d5c16acc0d1f765407499ca8c12c5057fcb93e360be62f81bce92be80297563fe8beeb4721a1cc722d309fd86b282c946ddaa7b22642e78d10e7ee67df6b93969c01645c99a5306e5c0f1f79ea98d2d515f7b77ac7b1dfc66d078ed4753c8d5a1c"}}, {0x38, &(0x7f00000005c0)=@string={0x38, 0x3, "006a8c339200008ee468b96c0109632a610ed107689fd5bc14290abf911e0e1836e5667143cb8e6acf3aec8e770f57d57ee68e57a0f6"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x240a}}]}) syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x0, &(0x7f0000001440)) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0x0, 0x9}, 0x8) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, &(0x7f00000000c0)={0x14, 0x0, 0x0}, &(0x7f0000000280)={0x1c, &(0x7f0000000100)={0x40, 0xe}, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x9) 7.252819ms ago: executing program 2 (id=46): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) read(r0, &(0x7f0000000040)=""/177, 0xb1) close(0xffffffffffffffff) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000680)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000640)={0xffffffffffffffff}, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f00000000c0)={0x1, 0x10, 0xfa00, {0x0, r3}}, 0x18) socket$inet_mptcp(0x2, 0x1, 0x106) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r6, 0xae03, 0xe9) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000440)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r4}}) 0s ago: executing program 1 (id=47): r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r1 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x1, 0x8) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r3, 0x8942, &(0x7f0000000180)={'virt_wifi0\x00', @ifru_ivalue=0xbfdd}) r4 = openat$cgroup(r2, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) timerfd_create(0x7, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f00000001c0)='cgroup.controllers\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000000340)={0x2020}, 0x2020) keyctl$restrict_keyring(0xa, r0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='ex+\x88\xfe\xf7\x01') kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts. [ 65.217975][ T5820] cgroup: Unknown subsys name 'net' [ 65.319856][ T5820] cgroup: Unknown subsys name 'cpuset' [ 65.329028][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.680838][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.250815][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.258668][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.281186][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.290493][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.299479][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.308921][ T5847] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.309137][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.320033][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.324944][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.339675][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.341456][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.347736][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.356277][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.370742][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.378002][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.381303][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.387042][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.389731][ T5847] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.403601][ T5847] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.418923][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.987267][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 71.003288][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 71.070610][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 71.177105][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 71.291456][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.299029][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.306588][ T5840] bridge_slave_0: entered allmulticast mode [ 71.314353][ T5840] bridge_slave_0: entered promiscuous mode [ 71.323780][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.331022][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.338282][ T5835] bridge_slave_0: entered allmulticast mode [ 71.345602][ T5835] bridge_slave_0: entered promiscuous mode [ 71.375315][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.382589][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.389882][ T5840] bridge_slave_1: entered allmulticast mode [ 71.399933][ T5840] bridge_slave_1: entered promiscuous mode [ 71.405218][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.413156][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.429846][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.437150][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.444336][ T5835] bridge_slave_1: entered allmulticast mode [ 71.451937][ T5835] bridge_slave_1: entered promiscuous mode [ 71.470116][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.477491][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.484740][ T5839] bridge_slave_0: entered allmulticast mode [ 71.493081][ T5839] bridge_slave_0: entered promiscuous mode [ 71.531033][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.538727][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.545946][ T5839] bridge_slave_1: entered allmulticast mode [ 71.553592][ T5839] bridge_slave_1: entered promiscuous mode [ 71.575554][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.619573][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.633496][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.653312][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.660681][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.668004][ T5831] bridge_slave_0: entered allmulticast mode [ 71.675500][ T5831] bridge_slave_0: entered promiscuous mode [ 71.697572][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.725698][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.735438][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.743229][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.750793][ T5831] bridge_slave_1: entered allmulticast mode [ 71.758581][ T5831] bridge_slave_1: entered promiscuous mode [ 71.792296][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.814910][ T5840] team0: Port device team_slave_0 added [ 71.823471][ T5835] team0: Port device team_slave_0 added [ 71.855150][ T5840] team0: Port device team_slave_1 added [ 71.863632][ T5835] team0: Port device team_slave_1 added [ 71.884515][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.922523][ T5839] team0: Port device team_slave_0 added [ 71.931717][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.966165][ T5839] team0: Port device team_slave_1 added [ 71.984696][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.991895][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.017848][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.031012][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.038438][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.064395][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.097332][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.104298][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.130586][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.143110][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.150295][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.176233][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.204135][ T5831] team0: Port device team_slave_0 added [ 72.225462][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.232477][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.258568][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.272360][ T5831] team0: Port device team_slave_1 added [ 72.284757][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.292242][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.318205][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.405231][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.412417][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.439223][ T5836] Bluetooth: hci0: command tx timeout [ 72.445244][ T5851] Bluetooth: hci1: command tx timeout [ 72.445260][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.451769][ T5836] Bluetooth: hci2: command tx timeout [ 72.471250][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.478269][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.504203][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.517835][ T5836] Bluetooth: hci3: command tx timeout [ 72.531964][ T5840] hsr_slave_0: entered promiscuous mode [ 72.538733][ T5840] hsr_slave_1: entered promiscuous mode [ 72.562908][ T5835] hsr_slave_0: entered promiscuous mode [ 72.569796][ T5835] hsr_slave_1: entered promiscuous mode [ 72.576219][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 72.582091][ T5835] Cannot create hsr debugfs directory [ 72.650133][ T5839] hsr_slave_0: entered promiscuous mode [ 72.657414][ T5839] hsr_slave_1: entered promiscuous mode [ 72.663881][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 72.669764][ T5839] Cannot create hsr debugfs directory [ 72.734017][ T5831] hsr_slave_0: entered promiscuous mode [ 72.740803][ T5831] hsr_slave_1: entered promiscuous mode [ 72.747668][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 72.753424][ T5831] Cannot create hsr debugfs directory [ 73.227884][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.244316][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.256215][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.267353][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.353119][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 73.365300][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.379179][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.405740][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.485353][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 73.496922][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 73.509039][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 73.531191][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 73.664637][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.685391][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.705327][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.720448][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.738194][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.824862][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.862002][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.889883][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.897520][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.929041][ T3491] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.936182][ T3491] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.973838][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.002738][ T3491] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.009869][ T3491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.061671][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.068807][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.088800][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.168538][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.206445][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.213801][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.231991][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.271637][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.278843][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.330155][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.371884][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.379142][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.426674][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.433883][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.518149][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.527638][ T5851] Bluetooth: hci1: command tx timeout [ 74.533807][ T51] Bluetooth: hci0: command tx timeout [ 74.540390][ T5836] Bluetooth: hci2: command tx timeout [ 74.599570][ T5836] Bluetooth: hci3: command tx timeout [ 74.778988][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.870820][ T5835] veth0_vlan: entered promiscuous mode [ 74.915336][ T5835] veth1_vlan: entered promiscuous mode [ 74.951202][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.013960][ T5839] veth0_vlan: entered promiscuous mode [ 75.047587][ T5839] veth1_vlan: entered promiscuous mode [ 75.065554][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.114025][ T5835] veth0_macvtap: entered promiscuous mode [ 75.131625][ T5835] veth1_macvtap: entered promiscuous mode [ 75.195202][ T5831] veth0_vlan: entered promiscuous mode [ 75.209411][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.244488][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.258770][ T5831] veth1_vlan: entered promiscuous mode [ 75.269137][ T5839] veth0_macvtap: entered promiscuous mode [ 75.306284][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.316468][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.335600][ T5839] veth1_macvtap: entered promiscuous mode [ 75.345781][ T5840] veth0_vlan: entered promiscuous mode [ 75.354182][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.363528][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.407878][ T5840] veth1_vlan: entered promiscuous mode [ 75.445594][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.493673][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.513364][ T5831] veth0_macvtap: entered promiscuous mode [ 75.571176][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.581341][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.593974][ T5831] veth1_macvtap: entered promiscuous mode [ 75.605532][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.615164][ T3491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.624119][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.634820][ T3491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.643171][ T5840] veth0_macvtap: entered promiscuous mode [ 75.712153][ T5840] veth1_macvtap: entered promiscuous mode [ 75.744160][ T3484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.756165][ T3484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.769510][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.795755][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.823284][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.860196][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.870836][ T3484] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.877536][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 75.901344][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.921757][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.933959][ T3484] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.969260][ T3484] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.982606][ T3484] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.052655][ T3484] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.083355][ T3491] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.088716][ T5927] netlink: 187320 bytes leftover after parsing attributes in process `syz.2.3'. [ 76.092247][ T3491] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.115724][ T3484] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.128299][ T3484] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.157984][ T3484] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.374032][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.395254][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.514703][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.521358][ T5932] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 76.548482][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.555767][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.573944][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.599223][ T5836] Bluetooth: hci2: command tx timeout [ 76.604690][ T51] Bluetooth: hci0: command tx timeout [ 76.610131][ T5851] Bluetooth: hci1: command tx timeout [ 76.673933][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.687379][ T5851] Bluetooth: hci3: command tx timeout [ 76.699359][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.063275][ T5942] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 77.086112][ T5942] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 77.116571][ T5945] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 77.118261][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 77.260283][ T5949] befs: (nullb0): invalid magic header [ 77.292434][ T10] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 77.303624][ T10] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 77.315744][ T10] usb 2-1: config 1 interface 0 has no altsetting 0 [ 77.341309][ T10] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 77.352810][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.362429][ T10] usb 2-1: Product: syz [ 77.369355][ T10] usb 2-1: Manufacturer: syz [ 77.377530][ T10] usb 2-1: SerialNumber: syz [ 77.394660][ T5935] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 77.409519][ T5935] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 77.445855][ T5957] hugetlbfs: Unknown parameter 'nr_i' [ 77.461191][ T5957] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11'. [ 77.496775][ T5889] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 77.646755][ T5889] usb 3-1: Using ep0 maxpacket: 8 [ 77.658697][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 77.670100][ T5889] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 77.680962][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.697810][ T5889] usb 3-1: config 0 descriptor?? [ 77.839396][ T5968] netlink: 12 bytes leftover after parsing attributes in process `syz.3.14'. [ 77.895537][ T5968] syz.3.14 uses obsolete (PF_INET,SOCK_PACKET) [ 77.905523][ T5968] syzkaller1: entered promiscuous mode [ 77.911311][ T5968] syzkaller1: entered allmulticast mode [ 77.928841][ T5889] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 78.291859][ T10] rtl8150 2-1:1.0: couldn't reset the device [ 78.301261][ T10] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5 [ 78.324626][ T10] usb 2-1: USB disconnect, device number 2 [ 78.436345][ T5921] usb 3-1: USB disconnect, device number 2 [ 78.577165][ T5917] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 78.677940][ T5851] Bluetooth: hci1: command tx timeout [ 78.683833][ T5836] Bluetooth: hci2: command tx timeout [ 78.689582][ T51] Bluetooth: hci0: command tx timeout [ 78.752656][ T5917] usb 4-1: config 0 has an invalid interface number: 231 but max is 0 [ 78.761743][ T5836] Bluetooth: hci3: command tx timeout [ 78.769336][ T5917] usb 4-1: config 0 has no interface number 0 [ 78.775497][ T5917] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 78.798466][ T5917] usb 4-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 78.816739][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.829417][ T5917] usb 4-1: Product: syz [ 78.839323][ T5917] usb 4-1: Manufacturer: syz [ 78.848924][ T5917] usb 4-1: SerialNumber: syz [ 78.876900][ T5917] usb 4-1: config 0 descriptor?? [ 78.891694][ T5983] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 78.980288][ T5917] plusb 4-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.3-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 9a:ff:fe:5c:03:ed [ 79.104849][ T5917] IPVS: starting estimator thread 0... [ 79.128356][ T5995] IPVS: wrr: SCTP 172.20.20.187:0 - no destination available [ 79.237660][ T5998] IPVS: using max 34 ests per chain, 81600 per kthread [ 79.358194][ T6010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'. [ 79.396855][ T6010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'. [ 79.488953][ T6012] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 79.539462][ T6018] netlink: 'syz.2.25': attribute type 3 has an invalid length. [ 80.113736][ T6035] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 80.391137][ T5984] usb 4-1: USB disconnect, device number 2 [ 80.432052][ T5984] plusb 4-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.3-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 80.662090][ T6052] Zero length message leads to an empty skb [ 80.685873][ T6052] netlink: 192 bytes leftover after parsing attributes in process `syz.1.34'. [ 80.705074][ T6055] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.107249][ T5984] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 81.308780][ T5984] usb 2-1: Using ep0 maxpacket: 32 [ 81.331013][ T5984] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 81.358704][ T5984] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.433074][ T5984] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 81.538326][ T6086] warning: `syz.0.40' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 81.570830][ T6087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.39'. [ 81.602065][ T6087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.39'. [ 81.603850][ T6089] netlink: 'syz.0.40': attribute type 10 has an invalid length. [ 81.623017][ T6064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 81.714782][ T6086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.40'. [ 81.727326][ T5889] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 81.740983][ T6089] netlink: 156 bytes leftover after parsing attributes in process `syz.0.40'. [ 81.752973][ T6064] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.787076][ T6086] : entered promiscuous mode [ 82.086038][ T6060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.120445][ T6060] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.367478][ T24] usb 2-1: USB disconnect, device number 3 [ 83.170636][ T6106] netlink: 40 bytes leftover after parsing attributes in process `syz.3.42'. [ 83.206650][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 83.269901][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 83.270050][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 83.372690][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 83.474883][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 83.474962][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 84.058668][ T6110] [ 84.061048][ T6110] ====================================================== [ 84.068340][ T6110] WARNING: possible circular locking dependency detected [ 84.075388][ T6110] syzkaller #0 Not tainted [ 84.079801][ T6110] ------------------------------------------------------ [ 84.086820][ T6110] syz.0.44/6110 is trying to acquire lock: [ 84.092629][ T6110] ffff888077746738 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 84.101540][ T6110] [ 84.101540][ T6110] but task is already holding lock: [ 84.108906][ T6110] ffff88805bee9ab0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 84.118669][ T6110] [ 84.118669][ T6110] which lock already depends on the new lock. [ 84.118669][ T6110] [ 84.129080][ T6110] [ 84.129080][ T6110] the existing dependency chain (in reverse order) is: [ 84.138101][ T6110] [ 84.138101][ T6110] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}: [ 84.146457][ T6110] down_read+0x47/0x2e0 [ 84.151233][ T6110] mfill_get_vma+0x162/0x660 [ 84.156357][ T6110] mfill_atomic_continue+0x189/0x12c0 [ 84.162256][ T6110] userfaultfd_ioctl+0x232d/0x4c70 [ 84.167910][ T6110] __se_sys_ioctl+0xfc/0x170 [ 84.173041][ T6110] do_syscall_64+0x14d/0xf80 [ 84.178167][ T6110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.184598][ T6110] [ 84.184598][ T6110] -> #1 (vm_lock){++++}-{0:0}: [ 84.191568][ T6110] __vma_start_exclude_readers+0x28a/0x940 [ 84.197920][ T6110] __vma_start_write+0xdc/0x290 [ 84.203318][ T6110] mprotect_fixup+0x5eb/0xa80 [ 84.208538][ T6110] setup_arg_pages+0x565/0xac0 [ 84.213930][ T6110] load_elf_binary+0xc5e/0x2980 [ 84.219312][ T6110] bprm_execve+0x949/0x1470 [ 84.224366][ T6110] kernel_execve+0x844/0x930 [ 84.229489][ T6110] try_to_run_init_process+0x13/0x60 [ 84.235395][ T6110] kernel_init+0xad/0x1d0 [ 84.240256][ T6110] ret_from_fork+0x51e/0xb90 [ 84.245382][ T6110] ret_from_fork_asm+0x1a/0x30 [ 84.250679][ T6110] [ 84.250679][ T6110] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 84.258254][ T6110] __lock_acquire+0x15a5/0x2cf0 [ 84.263661][ T6110] lock_acquire+0xf0/0x2e0 [ 84.268624][ T6110] __might_fault+0xcb/0x130 [ 84.273666][ T6110] userfaultfd_ioctl+0x2372/0x4c70 [ 84.279313][ T6110] __se_sys_ioctl+0xfc/0x170 [ 84.284444][ T6110] do_syscall_64+0x14d/0xf80 [ 84.289567][ T6110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.295996][ T6110] [ 84.295996][ T6110] other info that might help us debug this: [ 84.295996][ T6110] [ 84.306225][ T6110] Chain exists of: [ 84.306225][ T6110] &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock [ 84.306225][ T6110] [ 84.319203][ T6110] Possible unsafe locking scenario: [ 84.319203][ T6110] [ 84.326658][ T6110] CPU0 CPU1 [ 84.332033][ T6110] ---- ---- [ 84.337405][ T6110] rlock(&ctx->map_changing_lock); [ 84.342623][ T6110] lock(vm_lock); [ 84.348880][ T6110] lock(&ctx->map_changing_lock); [ 84.356525][ T6110] rlock(&mm->mmap_lock); [ 84.360954][ T6110] [ 84.360954][ T6110] *** DEADLOCK *** [ 84.360954][ T6110] [ 84.369104][ T6110] 2 locks held by syz.0.44/6110: [ 84.374047][ T6110] #0: ffff88806c15bd08 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 84.383306][ T6110] #1: ffff88805bee9ab0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 84.393529][ T6110] [ 84.393529][ T6110] stack backtrace: [ 84.399538][ T6110] CPU: 0 UID: 0 PID: 6110 Comm: syz.0.44 Not tainted syzkaller #0 PREEMPT(full) [ 84.399564][ T6110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 84.399583][ T6110] Call Trace: [ 84.399591][ T6110] [ 84.399599][ T6110] dump_stack_lvl+0xe8/0x150 [ 84.399631][ T6110] print_circular_bug+0x2e1/0x300 [ 84.399653][ T6110] check_noncircular+0x12e/0x150 [ 84.399675][ T6110] __lock_acquire+0x15a5/0x2cf0 [ 84.399705][ T6110] ? mfill_atomic_continue+0x1054/0x12c0 [ 84.399724][ T6110] ? unwind_get_return_address+0x4d/0x90 [ 84.399742][ T6110] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 84.399765][ T6110] ? arch_stack_walk+0xfb/0x150 [ 84.399786][ T6110] lock_acquire+0xf0/0x2e0 [ 84.399811][ T6110] ? __might_fault+0xaf/0x130 [ 84.399838][ T6110] ? __might_fault+0xaf/0x130 [ 84.399861][ T6110] __might_fault+0xcb/0x130 [ 84.399883][ T6110] ? __might_fault+0xaf/0x130 [ 84.399906][ T6110] userfaultfd_ioctl+0x2372/0x4c70 [ 84.399930][ T6110] ? __kasan_slab_free+0x5c/0x80 [ 84.399945][ T6110] ? kfree+0x1c5/0x650 [ 84.399974][ T6110] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 84.400010][ T6110] ? kasan_quarantine_put+0xbb/0x1f0 [ 84.400039][ T6110] ? tomoyo_path_number_perm+0x219/0x630 [ 84.400064][ T6110] ? tomoyo_path_number_perm+0x219/0x630 [ 84.400087][ T6110] ? do_vfs_ioctl+0x1166/0x1530 [ 84.400107][ T6110] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 84.400129][ T6110] ? do_futex+0x395/0x420 [ 84.400152][ T6110] ? __fget_files+0x2a/0x420 [ 84.400176][ T6110] ? __fget_files+0x2a/0x420 [ 84.400198][ T6110] ? __fget_files+0x3a0/0x420 [ 84.400220][ T6110] ? __fget_files+0x2a/0x420 [ 84.400243][ T6110] ? bpf_lsm_file_ioctl+0x9/0x20 [ 84.400261][ T6110] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 84.400285][ T6110] __se_sys_ioctl+0xfc/0x170 [ 84.400303][ T6110] do_syscall_64+0x14d/0xf80 [ 84.400328][ T6110] ? trace_irq_disable+0x3b/0x150 [ 84.400350][ T6110] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.400369][ T6110] ? clear_bhb_loop+0x40/0x90 [ 84.400390][ T6110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.400408][ T6110] RIP: 0033:0x7fdc7639c799 [ 84.400433][ T6110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.400449][ T6110] RSP: 002b:00007fdc77212028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.400468][ T6110] RAX: ffffffffffffffda RBX: 00007fdc76615fa0 RCX: 00007fdc7639c799 [ 84.400482][ T6110] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000006 [ 84.400495][ T6110] RBP: 00007fdc76432c99 R08: 0000000000000000 R09: 0000000000000000 [ 84.400506][ T6110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.400517][ T6110] R13: 00007fdc76616038 R14: 00007fdc76615fa0 R15: 00007ffcb57ab038 [ 84.400537][ T6110] [ 84.926952][ T5917] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 85.078555][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 85.088368][ T5917] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 85.098181][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 85.107877][ T5917] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 85.119905][ T5917] usb 4-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 85.129041][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.137107][ T5917] usb 4-1: Product: syz [ 85.141304][ T5917] usb 4-1: Manufacturer: syz [ 85.145917][ T5917] usb 4-1: SerialNumber: syz [ 85.151866][ T5917] usb 4-1: config 0 descriptor?? [ 85.158627][ T5917] ums-isd200 4-1:0.0: USB Mass Storage device detected [ 85.359802][ T6119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.368745][ T6119] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 85.378938][ T5917] scsi host1: usb-storage 4-1:0.0 [ 85.582011][ T5917] usb 4-1: USB disconnect, device number 3 [ 86.760592][ T29] cfg80211: failed to load regulatory.db