last executing test programs: 9.33276288s ago: executing program 3 (id=4): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='nv\x00', 0x3) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f0000000080)={0x5, 0x2}) 9.116522339s ago: executing program 0 (id=1): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000400)={'ipvlan1\x00', &(0x7f0000000300)=@ethtool_drvinfo={0x3, "cfae1e8610332aaf073c8d7e23e24149747696f72937d0eaa72f3f6db551129c", "88525cd14f8eed12a8efcbb486d5f94e1f7192a907767ee928726d8541593048", "94ed2609f31e59a9041429955c25747ddc5a9aa68b65f79d739539ff50fe6bbc", "e6ece6330b875a499a782bbd0bde05326e338adc8f3a60c5212b04fb64fff642", "a4e30583baf6fdc385302137f3f6b686903632a36dd691e2f0de22424c816b2b", "69dcedab10ae79d6206beff9", 0x7fffffff, 0x0, 0x4, 0x1, 0x1000}}) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x200140, 0x0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x1}) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000100)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x7, 0x3a, '*.-*', 0x3a, '', 0x3a, './file0'}, 0x2b) open$dir(&(0x7f0000000200)='./file0\x00', 0x1e9240, 0x180) setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a7", 0x13}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) socket$kcm(0x10, 0x2, 0x0) msgrcv(0x0, 0x0, 0x0, 0x5, 0x4c00) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 8.789109199s ago: executing program 2 (id=3): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) unshare(0x64000600) chdir(0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x4008040) 8.003997446s ago: executing program 0 (id=6): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='nv\x00', 0x3) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f0000000080)={0x5, 0x2}) 7.906826143s ago: executing program 1 (id=2): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x1, 0x1, 0x4}, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000f40)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000e00), 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 6.096111463s ago: executing program 4 (id=5): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) write$snapshot(r0, &(0x7f0000000380)="63f5be5c3bee2b3bd39e01d11f8b3480e7f51a", 0x13) 5.981120322s ago: executing program 0 (id=7): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r0, 0x2285, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) write$sndseq(r1, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {0xa}, {0x0, 0x5}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x8, 0xf]}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x0, 0x101]}}, {0x1, 0x0, 0x0, 0x0, @tick, {0x0, 0x40}, {}, @connect}, {0x0, 0x4, 0x3, 0x80, @tick=0xfffffffa, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff85}, {}, {}, @time=@time}], 0xc4) write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54) write$sndseq(r1, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {}, {}, @connect={{0x8}}}, {0x0, 0x0, 0x0, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4) write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c) write$sndseq(r0, &(0x7f0000000c00), 0x0) write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x3}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4) write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c) 5.751355764s ago: executing program 0 (id=8): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x1, 0x1, 0x4}, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000f40)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000e00), 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 5.626061438s ago: executing program 4 (id=9): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x38, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x60}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000) 5.462295626s ago: executing program 4 (id=10): r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000040)={0x40, 0x17, 0x1, 'V'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001d00)={0x84, &(0x7f00000006c0)={0x40, 0x17}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000001500)={0x34, &(0x7f00000012c0)={0x20, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 5.359384747s ago: executing program 3 (id=11): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f2578fea7bc273dfaeab968586dd", 0xe, 0x2000c004, &(0x7f0000000000)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000140004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001000006000340000300000c000280050001009f0000000c00028005000100000000002c00018014000300fe80000000000000000000000000002d14000400fc0200000000"], 0x1e8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r4, 0x84, 0x85, &(0x7f0000002380)=""/4107, &(0x7f00000000c0)=0x1012) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000004400050020010000000000000000000000000000000000022b0000000a000000fc0100000000000000000000000000000000000004"], 0xfc}}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020ac050f0222000182830109022400010100000009040000020301020009210005000122000009058103"], 0x0) syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x0) r5 = socket(0x2, 0x3, 0xff) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x14b801, 0x0) write$tun(r6, &(0x7f0000001d80)=ANY=[@ANYBLOB="000088e5ab00f166a1470a803581d146dde1bbb140067eac680f33fb0b6a82e3f87c6dd4f0d67d80ff097186ef05c8d73bf45fff66819a41cd7fa88483f2e2578c425e6e7feb3c38d91e1ca178087f9229cfab8aeeeea6a11d81c29a4af381674dc9f0b6843d3a0f1b25821622753c3c59f766d188e5dbb2a8035c0080dd4a19383ec04c51f7ca"], 0x87) bind$inet(r5, &(0x7f0000000080)={0x2, 0x800, @local}, 0x10) connect$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmsg$kcm(r5, &(0x7f00000006c0)={&(0x7f0000000300)=@generic={0x2, "6dad6cfc0a6917c37d0e95335bcee18f011b6f0ab747245cf9676c659e0f66f07caeb99a6585fb9aa4b58431f765ad685190eecddc9cd4b97906adaaf2199fa9e88198b6b1e057b00f1e8d622150821e6f2cb52004158e90cb92d81cf53c7ebc8be7ad95b6dbe3af1488bdc91a9fb165900bf14b651cb3e0e84e1f5e0dcf"}, 0x80, &(0x7f0000001cc0)=[{0x0}, {&(0x7f0000001c00)="0105cda8f23daa67afa7565c3793bf5d7739465a5c7cb3084bb5216483be03f9b90f6e026af5f65d077bee0b04522ade7a53418ffea64f5472b35385635d9d3ae774a1572d31ce582db2a888b35d239695f8d59ced722ac7e8f65b64939a6caf1e2540ce0bbd324d980ca1fa872f04afa1c713a849d7a427a0ee8d20a64cc2e3ce463d8a02649493b9b8aeb5470be285eaceb9269e4c31a5e76313", 0x9b}], 0x2, 0x0, 0x12a0}, 0xc010) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r7, 0x1, 0x23, 0x0, 0x0) r8 = add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) pipe2$watch_queue(0x0, 0x80) pipe2$watch_queue(0x0, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x14) keyctl$KEYCTL_WATCH_KEY(0x20, r8, 0xffffffffffffffff, 0x100000000000f7) ioctl$KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM(0xffffffffffffffff, 0x4068aea3, 0x0) read$watch_queue(0xffffffffffffffff, 0x0, 0x0) keyctl$revoke(0x3, r8) 4.616488007s ago: executing program 1 (id=12): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000094037b40fd080200fdca010203010902120001000000000904"], 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mknod(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x1, 0x84) mlock2(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[], 0x427) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00'}) socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000100)=0x8) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x44080) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x4e, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000001000010700000000200000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 4.306056784s ago: executing program 2 (id=13): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f2578fea7bc273dfaeab968586dd", 0xe, 0x2000c004, &(0x7f0000000000)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000140004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001000006000340000300000c000280050001009f0000000c00028005000100000000002c00018014000300fe80000000000000000000000000002d14000400fc0200000000000000000000000000010600034000"], 0x1e8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r4, 0x84, 0x85, &(0x7f0000002380)=""/4107, &(0x7f00000000c0)=0x1012) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000004400050020010000000000000000000000000000000000022b0000000a000000fc0100000000000000000000000000000000000004"], 0xfc}}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020ac050f0222000182830109022400010100000009040000020301020009210005000122000009058103"], 0x0) syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x0) r5 = socket(0x2, 0x3, 0xff) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x14b801, 0x0) write$tun(r6, &(0x7f0000001d80)=ANY=[@ANYBLOB="000088e5ab00f166a1470a803581d146dde1bbb140067eac680f33fb0b6a82e3f87c6dd4f0d67d80ff097186ef05c8d73bf45fff66819a41cd7fa88483f2e2578c425e6e7feb3c38d91e1ca178087f9229cfab8aeeeea6a11d81c29a4af381674dc9f0b6843d3a0f1b25821622753c3c59f766d188e5dbb2a8035c0080dd4a19383ec04c51f7ca"], 0x87) bind$inet(r5, &(0x7f0000000080)={0x2, 0x800, @local}, 0x10) connect$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmsg$kcm(r5, &(0x7f00000006c0)={&(0x7f0000000300)=@generic={0x2, "6dad6cfc0a6917c37d0e95335bcee18f011b6f0ab747245cf9676c659e0f66f07caeb99a6585fb9aa4b58431f765ad685190eecddc9cd4b97906adaaf2199fa9e88198b6b1e057b00f1e8d622150821e6f2cb52004158e90cb92d81cf53c7ebc8be7ad95b6dbe3af1488bdc91a9fb165900bf14b651cb3e0e84e1f5e0dcf"}, 0x80, &(0x7f0000001cc0)=[{0x0}, {&(0x7f0000001c00)="0105cda8f23daa67afa7565c3793bf5d7739465a5c7cb3084bb5216483be03f9b90f6e026af5f65d077bee0b04522ade7a53418ffea64f5472b35385635d9d3ae774a1572d31ce582db2a888b35d239695f8d59ced722ac7e8f65b64939a6caf1e2540ce0bbd324d980ca1fa872f04afa1c713a849d7a427a0ee8d20a64cc2e3ce463d8a02649493b9b8aeb5470be285eaceb9269e4c31a5e76313", 0x9b}], 0x2, 0x0, 0x12a0}, 0xc010) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r7, 0x1, 0x23, 0x0, 0x0) r8 = add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) pipe2$watch_queue(0x0, 0x80) pipe2$watch_queue(0x0, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x14) keyctl$KEYCTL_WATCH_KEY(0x20, r8, 0xffffffffffffffff, 0x100000000000f7) ioctl$KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM(0xffffffffffffffff, 0x4068aea3, 0x0) read$watch_queue(0xffffffffffffffff, 0x0, 0x0) keyctl$revoke(0x3, r8) 3.390537729s ago: executing program 3 (id=14): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000094037b40fd080200fdca010203010902120001000000000904"], 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mknod(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x1, 0x84) mlock2(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[], 0x427) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00'}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000100)=0x8) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x44080) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x4e, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000001000010700000000200000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2.568423223s ago: executing program 0 (id=15): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000006c0)=ANY=[@ANYBLOB="001304"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000180)={0x0, 0xa7f428a900bb13a0, 0x4, 'H00x0) io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, r1}]) write$binfmt_script(r1, 0x0, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000001c0)) ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000040)=0xc) close(r3) 2.309943073s ago: executing program 2 (id=17): socket$inet6(0xa, 0x11, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x50) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) chown(&(0x7f00000079c0)='.\x00', 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x10, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) 2.289022361s ago: executing program 4 (id=18): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180100000000000000000000850000006d0000009579fff7a22a94621d2aed86b37406e07f932d9e4e7cd2ed54ecce630bad7679c4cd5a416787f81f091d09d0caca94a1f813105a854b861d8d01e2bdfd71c4c60f7d6615ed232914fcdc16d2bbcc2c976e24c8fc28518ab985ff8069d85927d5510c8e1b13304d6b3191d7a060077e7a4114cc8073f05956b30e0e7c81eb56f5d166267c91e9eca0923175e95ffc83b0bc39692f97538e7e909b69cfb8b20f33d0baaa00431be1f344fccd00082a1b4f31"], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x12, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r2 = socket(0x2, 0x2, 0x1) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'veth0\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080086dd4803", 0x10300, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x101800) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x80, 0xc95a, 0x100f, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x9, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0xb, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x5, 0x404, 0x8, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0x9, 0x10000, 0x6, 0x5, 0x1, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x9, 0x420, 0x401, 0x6, 0x2, 0xff, 0x2, 0xc2, 0x4, 0xd, 0x4e0, 0x2, 0x2, 0xb, 0x4, 0x9, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xc113, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x1, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x0, 0x2, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x7d, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x8001, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x5, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0xfffff800, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0xc, 0x3, 0x7ff, 0x12b, 0x40000004, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2007, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x80b, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0xf142, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xb, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x10000226, 0x5, 0x5, 0x8, 0x30b1d693, 0x40a1f, 0xf40, 0x7, 0x1, 0x6c1c, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x1fd, 0xffff343e, 0xfff]}, 0x45c) chdir(0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000000)="0a000000010001", 0x7) 37.519423ms ago: executing program 4 (id=19): read$FUSE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) semop(0x0, &(0x7f0000002480)=[{0x0, 0x0, 0x1000}], 0x1) semop(0x0, &(0x7f00000003c0)=[{0x0, 0xfffc, 0x800}], 0x1) r2 = fsopen(&(0x7f0000000100)='ocfs2_dlmfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000a00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x94) io_setup(0x9, &(0x7f00000000c0)=0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/sync_on_suspend', 0x20001, 0x0) io_submit(r3, 0x1, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000100)='9', 0x1, 0x8000000000}]) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, 0x0, 0x8000) unshare(0x68040200) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000004200)={0x0, 0x0, &(0x7f00000041c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="4c0000000008010200000000000000000e00000105000300060000001c00048008000a400000000a080005400000000808000b40000100000600024088fb0000090001"], 0x4c}, 0x1, 0x0, 0x0, 0x84}, 0x80) syz_usb_connect(0x2, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="120100002c23b740c71b4010b1b501020301090224000100000000090400", @ANYRES8], 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) 0s ago: executing program 2 (id=20): socket$inet6(0xa, 0x11, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x50) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) chown(&(0x7f00000079c0)='.\x00', 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x10, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x100000, 0x8, 0x1}, {0x0, 0x2000, 0xf, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72, 0x0, 0x80, 0x80, 0x4}, {0x10000, 0xffff1000, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x3}, {0x0, 0xffff1000, 0xc, 0x2, 0x3, 0x10, 0x6, 0x0, 0x1, 0x0, 0x4}, {0x8080000, 0x10000, 0x0, 0x0, 0x0, 0xfd}, {0x0, 0x0, 0xa, 0x0, 0x80, 0xf9, 0x0, 0x7, 0x3a, 0x2}, {0x0, 0x3000, 0x0, 0x2, 0x0, 0x54, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x2, 0x400}, {}, 0xddf8ffdb, 0x0, 0x11111001, 0x100, 0x8, 0x8000, 0x3000, [0x0, 0x0, 0x2]}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts. [ 87.883109][ T5818] cgroup: Unknown subsys name 'net' [ 87.994304][ T5818] cgroup: Unknown subsys name 'cpuset' [ 88.003878][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 89.769587][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.082262][ T1208] cfg80211: failed to load regulatory.db [ 94.437527][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 94.441925][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 94.447025][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 94.453522][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.459953][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 94.469510][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 94.474771][ T5847] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 94.481698][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 94.488500][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 94.497821][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 94.503095][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 94.511960][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 94.517337][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.531204][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.543199][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.543552][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 94.551231][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.559007][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 94.564829][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 94.579784][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 94.641171][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 94.651518][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 94.660365][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 94.669844][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 94.677952][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 95.177789][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 95.322025][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 95.452885][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 95.493420][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.503738][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.512535][ T5838] bridge_slave_0: entered allmulticast mode [ 95.519959][ T5838] bridge_slave_0: entered promiscuous mode [ 95.593422][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.600719][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.607963][ T5838] bridge_slave_1: entered allmulticast mode [ 95.615915][ T5838] bridge_slave_1: entered promiscuous mode [ 95.694034][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 95.773189][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.783269][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 95.795343][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.802791][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.810377][ T5836] bridge_slave_0: entered allmulticast mode [ 95.817628][ T5836] bridge_slave_0: entered promiscuous mode [ 95.847996][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.877948][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.885382][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.893085][ T5836] bridge_slave_1: entered allmulticast mode [ 95.900586][ T5836] bridge_slave_1: entered promiscuous mode [ 95.949471][ T5838] team0: Port device team_slave_0 added [ 96.007705][ T5838] team0: Port device team_slave_1 added [ 96.031157][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.051263][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.061160][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.068797][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.076350][ T5837] bridge_slave_0: entered allmulticast mode [ 96.084512][ T5837] bridge_slave_0: entered promiscuous mode [ 96.092728][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.099845][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.107761][ T5837] bridge_slave_1: entered allmulticast mode [ 96.116045][ T5837] bridge_slave_1: entered promiscuous mode [ 96.239089][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.246566][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.273245][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.301837][ T5836] team0: Port device team_slave_0 added [ 96.308046][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.315294][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.322672][ T5835] bridge_slave_0: entered allmulticast mode [ 96.330678][ T5835] bridge_slave_0: entered promiscuous mode [ 96.341718][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.359001][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.366036][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.392169][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.405115][ T5836] team0: Port device team_slave_1 added [ 96.411701][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.418852][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.426613][ T5835] bridge_slave_1: entered allmulticast mode [ 96.434345][ T5835] bridge_slave_1: entered promiscuous mode [ 96.458064][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.547858][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.572474][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.579720][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.589947][ T5852] bridge_slave_0: entered allmulticast mode [ 96.597581][ T5852] bridge_slave_0: entered promiscuous mode [ 96.608365][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.615821][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.623055][ T5852] bridge_slave_1: entered allmulticast mode [ 96.630433][ T5852] bridge_slave_1: entered promiscuous mode [ 96.641176][ T5847] Bluetooth: hci3: command tx timeout [ 96.641221][ T5850] Bluetooth: hci1: command tx timeout [ 96.646738][ T5150] Bluetooth: hci2: command tx timeout [ 96.652819][ T5839] Bluetooth: hci0: command tx timeout [ 96.687846][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.697799][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.707517][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.720969][ T5839] Bluetooth: hci4: command tx timeout [ 96.738767][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.751911][ T5837] team0: Port device team_slave_0 added [ 96.760870][ T5837] team0: Port device team_slave_1 added [ 96.793591][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.801126][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.827183][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.867700][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.927881][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.953637][ T5835] team0: Port device team_slave_0 added [ 96.962884][ T5835] team0: Port device team_slave_1 added [ 96.975954][ T5838] hsr_slave_0: entered promiscuous mode [ 96.982871][ T5838] hsr_slave_1: entered promiscuous mode [ 96.990001][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.997234][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.023292][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.036003][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.043067][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.069367][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.096969][ T5852] team0: Port device team_slave_0 added [ 97.137581][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.145098][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.171799][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.213704][ T5852] team0: Port device team_slave_1 added [ 97.236628][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.244047][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.270423][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.296708][ T5836] hsr_slave_0: entered promiscuous mode [ 97.303201][ T5836] hsr_slave_1: entered promiscuous mode [ 97.309407][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 97.315617][ T5836] Cannot create hsr debugfs directory [ 97.441131][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.448671][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.475298][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.506421][ T5837] hsr_slave_0: entered promiscuous mode [ 97.512878][ T5837] hsr_slave_1: entered promiscuous mode [ 97.521458][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 97.527223][ T5837] Cannot create hsr debugfs directory [ 97.547284][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.554337][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.580798][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.652030][ T5835] hsr_slave_0: entered promiscuous mode [ 97.658439][ T5835] hsr_slave_1: entered promiscuous mode [ 97.665056][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 97.670856][ T5835] Cannot create hsr debugfs directory [ 97.881134][ T5852] hsr_slave_0: entered promiscuous mode [ 97.887622][ T5852] hsr_slave_1: entered promiscuous mode [ 97.894577][ T5852] debugfs: 'hsr0' already exists in 'hsr' [ 97.900406][ T5852] Cannot create hsr debugfs directory [ 98.116289][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.137681][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.203138][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.213417][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.366806][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.378899][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.406862][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.426814][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.476794][ T5837] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.511423][ T5837] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.523687][ T5837] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.556697][ T5837] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.631449][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.643886][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.666173][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.694546][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.720703][ T5150] Bluetooth: hci1: command tx timeout [ 98.727317][ T5839] Bluetooth: hci0: command tx timeout [ 98.733776][ T5150] Bluetooth: hci2: command tx timeout [ 98.739224][ T5150] Bluetooth: hci3: command tx timeout [ 98.801137][ T5150] Bluetooth: hci4: command tx timeout [ 98.878324][ T5852] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 98.894342][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.908639][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.918822][ T5852] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 98.951336][ T5852] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 98.967719][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.989393][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.996931][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.020201][ T5852] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 99.036030][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.043272][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.059184][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.082809][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.101918][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.109072][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.141730][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.148893][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.251379][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.294937][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.302133][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.339655][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.346840][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.378129][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.506602][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.543284][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.550502][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.597453][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.604680][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.698333][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.846444][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.918099][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.925356][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.982654][ T3534] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.989871][ T3534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.018717][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.046481][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.095902][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.268086][ T5838] veth0_vlan: entered promiscuous mode [ 100.315904][ T5836] veth0_vlan: entered promiscuous mode [ 100.347149][ T5838] veth1_vlan: entered promiscuous mode [ 100.364032][ T5836] veth1_vlan: entered promiscuous mode [ 100.394565][ T5837] veth0_vlan: entered promiscuous mode [ 100.437712][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.449139][ T5837] veth1_vlan: entered promiscuous mode [ 100.534602][ T5836] veth0_macvtap: entered promiscuous mode [ 100.543821][ T5838] veth0_macvtap: entered promiscuous mode [ 100.574530][ T5838] veth1_macvtap: entered promiscuous mode [ 100.592819][ T5836] veth1_macvtap: entered promiscuous mode [ 100.603492][ T5837] veth0_macvtap: entered promiscuous mode [ 100.644007][ T5837] veth1_macvtap: entered promiscuous mode [ 100.674816][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.706840][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.717606][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.728818][ T5835] veth0_vlan: entered promiscuous mode [ 100.744376][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.774653][ T5835] veth1_vlan: entered promiscuous mode [ 100.796934][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.807329][ T5150] Bluetooth: hci3: command tx timeout [ 100.813230][ T5839] Bluetooth: hci0: command tx timeout [ 100.818648][ T5839] Bluetooth: hci2: command tx timeout [ 100.820397][ T5847] Bluetooth: hci1: command tx timeout [ 100.831417][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.843629][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.880787][ T5847] Bluetooth: hci4: command tx timeout [ 100.886816][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.926175][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.935635][ T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.947652][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.984163][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.009155][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.028640][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.069409][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.105887][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.156805][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.169874][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.190993][ T5835] veth0_macvtap: entered promiscuous mode [ 101.210450][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.223721][ T5835] veth1_macvtap: entered promiscuous mode [ 101.239367][ T1330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.250685][ T1330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.337538][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.382895][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.389488][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.398776][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.417724][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.427193][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.477728][ T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.542126][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 101.549395][ T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.569533][ T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.585556][ T3534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.593579][ T3534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.615165][ T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.648707][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.667084][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.767027][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.792349][ T5852] veth0_vlan: entered promiscuous mode [ 101.819526][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.867651][ T5852] veth1_vlan: entered promiscuous mode [ 101.939605][ T3534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.966355][ T3534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.168848][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.655103][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.684140][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.750004][ T5852] veth0_macvtap: entered promiscuous mode [ 102.788747][ T5852] veth1_macvtap: entered promiscuous mode [ 102.877851][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.886417][ T5847] Bluetooth: hci1: command tx timeout [ 102.892137][ T5850] Bluetooth: hci2: command tx timeout [ 102.894156][ T5839] Bluetooth: hci3: command tx timeout [ 102.898232][ T5847] Bluetooth: hci0: command tx timeout [ 102.960400][ T5150] Bluetooth: hci4: command tx timeout [ 103.104594][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.356457][ T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.386858][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.631786][ T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.665410][ T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.696931][ T5904] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 103.940882][ T5904] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.981687][ T5904] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 104.007361][ T5904] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 104.062331][ T5904] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 104.091054][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 104.102804][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.104423][ T5904] usb 2-1: Product: syz [ 104.133505][ T5904] usb 2-1: Manufacturer: syz [ 104.138255][ T5904] usb 2-1: SerialNumber: syz [ 104.143185][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.152892][ T5904] usb 2-1: config 0 descriptor?? [ 104.213051][ T5904] radio-si470x 2-1:0.0: could not find interrupt in endpoint [ 104.243300][ T5904] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5 [ 104.273956][ T5904] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 104.284727][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.327831][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.145449][ T5975] random: crng reseeded on system resumption [ 105.651098][ T5947] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 105.702997][ T5987] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11'. [ 105.714137][ T5987] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11'. [ 105.812983][ T5947] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.825360][ T5947] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 105.837359][ T5947] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 105.872934][ T5947] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 105.892194][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 105.910147][ T5947] usb 1-1: Product: syz [ 105.914645][ T5947] usb 1-1: Manufacturer: syz [ 105.919276][ T5947] usb 1-1: SerialNumber: syz [ 105.941432][ T5947] usb 1-1: config 0 descriptor?? [ 105.954451][ T5904] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 105.971754][ T5947] radio-si470x 1-1:0.0: could not find interrupt in endpoint [ 105.979538][ T5947] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5 [ 105.988694][ T5947] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 106.090222][ T43] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 106.110263][ T5904] usb 5-1: Using ep0 maxpacket: 16 [ 106.135184][ T5904] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 106.148613][ T5904] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 106.158005][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.200313][ T5904] usb 5-1: Product: syz [ 106.204562][ T5904] usb 5-1: Manufacturer: syz [ 106.209205][ T5904] usb 5-1: SerialNumber: syz [ 106.224413][ T5904] usb 5-1: config 0 descriptor?? [ 106.270171][ T43] usb 4-1: Using ep0 maxpacket: 32 [ 106.284743][ T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.296438][ T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.306514][ T43] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 106.322788][ T43] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 106.332113][ T43] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 106.340840][ T43] usb 4-1: Product: syz [ 106.345851][ T43] usb 4-1: Manufacturer: syz [ 106.402871][ T5904] usb 2-1: USB disconnect, device number 2 [ 106.441734][ T43] usb 4-1: SerialNumber: syz [ 106.485401][ T43] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input5 [ 106.743069][ T5896] usb 4-1: USB disconnect, device number 2 [ 106.770614][ T5896] appletouch 4-1:1.0: input: appletouch disconnected [ 106.794198][ T5994] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13'. [ 106.818171][ T5994] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13'. [ 106.821572][ T5904] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 106.995914][ T5904] usb 2-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd [ 107.007745][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.016691][ T5904] usb 2-1: Product: syz [ 107.021544][ T5904] usb 2-1: Manufacturer: syz [ 107.026209][ T5904] usb 2-1: SerialNumber: syz [ 107.033451][ T5904] usb 2-1: config 0 descriptor?? [ 107.055127][ T5150] Bluetooth: hci5: urb ffff888028419c00 submission failed (2) [ 107.080257][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 107.250405][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 107.257584][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.342228][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.397265][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 107.580345][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 107.592876][ T9] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 107.681189][ T9] usb 3-1: Product: syz [ 107.710219][ T9] usb 3-1: Manufacturer: syz [ 107.781219][ T9] usb 3-1: SerialNumber: syz [ 107.872212][ T9] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input6 [ 107.921938][ T5991] Zero length message leads to an empty skb [ 107.961985][ T9] usb 2-1: USB disconnect, device number 3 [ 108.102616][ T5904] usb 3-1: USB disconnect, device number 2 [ 108.135285][ T5904] appletouch 3-1:1.0: input: appletouch disconnected [ 108.191981][ T5918] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 108.366990][ T5918] usb 4-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd [ 108.376940][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.385676][ T5918] usb 4-1: Product: syz [ 108.389969][ T5918] usb 4-1: Manufacturer: syz [ 108.395075][ T5918] usb 4-1: SerialNumber: syz [ 108.404166][ T5918] usb 4-1: config 0 descriptor?? [ 108.425488][ T5970] usb 1-1: USB disconnect, device number 2 [ 108.460650][ T5150] Bluetooth: hci5: urb ffff888142fc4400 submission failed (2) [ 108.720444][ T5918] usb 5-1: USB disconnect, device number 2 [ 108.830379][ T5970] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 108.840684][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.091482][ T5970] usb 1-1: Using ep0 maxpacket: 32 [ 109.133995][ T5970] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 109.259444][ T5970] usb 1-1: config 0 has no interface number 0 [ 109.339068][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 109.439148][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 109.585213][ T5970] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 109.746426][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 110.062556][ T6019] Bluetooth: MGMT ver 1.23 [ 110.462800][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 110.840144][ T5970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.848220][ T5970] usb 1-1: Product: syz [ 110.868649][ T5970] usb 1-1: Manufacturer: syz [ 110.879741][ T5970] usb 1-1: SerialNumber: syz [ 110.887397][ T5970] usb 1-1: config 0 descriptor?? [ 111.026300][ T5970] smsc95xx v2.0.0 [ 111.084461][ T5837] [ 111.086862][ T5837] ============================================ [ 111.093037][ T5837] WARNING: possible recursive locking detected [ 111.099201][ T5837] 6.16.0-rc4-next-20250703-syzkaller #0 Not tainted [ 111.105780][ T5837] -------------------------------------------- [ 111.111953][ T5837] syz-executor/5837 is trying to acquire lock: [ 111.118101][ T5837] ffff88807e3fc8c8 (&sb->s_type->i_mutex_key#21){+.+.}-{4:4}, at: rpc_close_pipes+0x10a/0x730 [ 111.128397][ T5837] [ 111.128397][ T5837] but task is already holding lock: [ 111.135756][ T5837] ffff88807e3f91c8 (&sb->s_type->i_mutex_key#21){+.+.}-{4:4}, at: __simple_recursive_removal+0x190/0x510 [ 111.146996][ T5837] [ 111.146996][ T5837] other info that might help us debug this: [ 111.155082][ T5837] Possible unsafe locking scenario: [ 111.155082][ T5837] [ 111.162550][ T5837] CPU0 [ 111.165830][ T5837] ---- [ 111.169105][ T5837] lock(&sb->s_type->i_mutex_key#21); [ 111.174574][ T5837] lock(&sb->s_type->i_mutex_key#21); [ 111.180050][ T5837] [ 111.180050][ T5837] *** DEADLOCK *** [ 111.180050][ T5837] [ 111.188204][ T5837] May be due to missing lock nesting notation [ 111.188204][ T5837] [ 111.196532][ T5837] 4 locks held by syz-executor/5837: [ 111.201821][ T5837] #0: ffff8880786b60e0 (&type->s_umount_key#50){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0 [ 111.212020][ T5837] #1: ffff888027f528a0 (&sn->pipefs_sb_lock){+.+.}-{4:4}, at: rpc_kill_sb+0x77/0x190 [ 111.221607][ T5837] #2: ffffffff8f6d0e30 ((rpc_pipefs_notifier_list).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x54/0x90 [ 111.233710][ T5837] #3: ffff88807e3f91c8 (&sb->s_type->i_mutex_key#21){+.+.}-{4:4}, at: __simple_recursive_removal+0x190/0x510 [ 111.245391][ T5837] [ 111.245391][ T5837] stack backtrace: [ 111.251302][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 111.251322][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.251337][ T5837] Call Trace: [ 111.251345][ T5837] [ 111.251352][ T5837] dump_stack_lvl+0x189/0x250 [ 111.251379][ T5837] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.251401][ T5837] ? __pfx__printk+0x10/0x10 [ 111.251417][ T5837] ? print_lock_name+0xde/0x100 [ 111.251433][ T5837] print_deadlock_bug+0x28b/0x2a0 [ 111.251455][ T5837] validate_chain+0x1a3f/0x2140 [ 111.251484][ T5837] __lock_acquire+0xab9/0xd20 [ 111.251503][ T5837] ? rpc_close_pipes+0x10a/0x730 [ 111.251521][ T5837] lock_acquire+0x120/0x360 [ 111.251537][ T5837] ? rpc_close_pipes+0x10a/0x730 [ 111.251559][ T5837] down_write+0x96/0x1f0 [ 111.251575][ T5837] ? rpc_close_pipes+0x10a/0x730 [ 111.251592][ T5837] ? __pfx_down_write+0x10/0x10 [ 111.251607][ T5837] ? __pfx_find_submount+0x10/0x10 [ 111.251628][ T5837] ? _raw_spin_unlock+0x28/0x50 [ 111.251653][ T5837] ? d_walk+0x6f4/0x780 [ 111.251674][ T5837] rpc_close_pipes+0x10a/0x730 [ 111.251698][ T5837] ? d_invalidate+0x204/0x260 [ 111.251720][ T5837] ? __pfx_rpc_close_pipes+0x10/0x10 [ 111.251758][ T5837] ? up_write+0x1c4/0x420 [ 111.251780][ T5837] ? __pfx_rpc_close_pipes+0x10/0x10 [ 111.251798][ T5837] __simple_recursive_removal+0x20b/0x510 [ 111.251819][ T5837] ? __pfx_rpc_close_pipes+0x10/0x10 [ 111.251837][ T5837] rpc_unlink+0x56/0x80 [ 111.251854][ T5837] rpc_pipefs_event+0xc0/0x170 [ 111.251869][ T5837] notifier_call_chain+0x1b3/0x3e0 [ 111.251893][ T5837] blocking_notifier_call_chain+0x6a/0x90 [ 111.251915][ T5837] rpc_kill_sb+0xd0/0x190 [ 111.251937][ T5837] deactivate_locked_super+0xb9/0x130 [ 111.251955][ T5837] cleanup_mnt+0x425/0x4c0 [ 111.251972][ T5837] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.251995][ T5837] task_work_run+0x1d1/0x260 [ 111.252011][ T5837] ? __pfx_task_work_run+0x10/0x10 [ 111.252025][ T5837] ? __x64_sys_umount+0x122/0x160 [ 111.252047][ T5837] ? exit_to_user_mode_loop+0x40/0x110 [ 111.252065][ T5837] exit_to_user_mode_loop+0xec/0x110 [ 111.252082][ T5837] do_syscall_64+0x2bd/0x3b0 [ 111.252096][ T5837] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.252117][ T5837] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.252132][ T5837] ? clear_bhb_loop+0x60/0xb0 [ 111.252148][ T5837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.252168][ T5837] RIP: 0033:0x7f38e878fc57 [ 111.252186][ T5837] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 111.252198][ T5837] RSP: 002b:00007ffd41eb46a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 111.252215][ T5837] RAX: 0000000000000000 RBX: 00007f38e8810925 RCX: 00007f38e878fc57 [ 111.252225][ T5837] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd41eb4760 [ 111.252234][ T5837] RBP: 00007ffd41eb4760 R08: 0000000000000000 R09: 0000000000000000 [ 111.252243][ T5837] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd41eb57f0 [ 111.252253][ T5837] R13: 00007f38e8810925 R14: 000000000001b0a9 R15: 00007ffd41eb5830 [ 111.252269][ T5837] [ 111.573674][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 111.582821][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 111.640432][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.896905][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 112.600664][ T977] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 112.717165][ T5970] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 112.727451][ T5970] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 112.741355][ T5946] usb 4-1: USB disconnect, device number 3 [ 112.775464][ T5970] usb 1-1: USB disconnect, device number 3 [ 112.803659][ T5150] Bluetooth: hci0: command tx timeout [ 112.922817][ T977] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.933031][ T977] usb 5-1: config 0 interface 0 has no altsetting 0 [ 112.941753][ T977] usb 5-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1 [ 112.952065][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.960117][ T977] usb 5-1: Product: syz [ 112.964299][ T977] usb 5-1: Manufacturer: syz [ 112.968900][ T977] usb 5-1: SerialNumber: syz [ 112.976845][ T977] usb 5-1: config 0 descriptor?? [ 112.985696][ T977] option 5-1:0.0: GSM modem (1-port) converter detected [ 113.246232][ T5970] usb 5-1: USB disconnect, device number 3 [ 113.253322][ T5970] option 5-1:0.0: device disconnected