last executing test programs: 30.941435019s ago: executing program 1 (id=2): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x8, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x4000002, 0x1, 0x7f, 0x7, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x1c5b, 0x1, 0x24, 0xffffffff, 0x100, 0x1f461e2c, 0x1, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f01, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x7, 0x3c, 0x91, 0x6, 0xfffffffd, 0xfffffff8, 0x5, 0x4, 0x8, 0x0, 0x82, 0x0, 0x5, 0x6, 0x8, 0xfffffff9, 0x1, 0x40], [0x10000007, 0x8, 0x5, 0x8000, 0x0, 0x8, 0x129432e2, 0x40000cb, 0x5a, 0xb, 0xbf, 0x6c9, 0x9, 0xfffffffe, 0x7, 0x1, 0x7, 0x5, 0x2f, 0xe, 0x3, 0x78, 0xea4, 0x40, 0x3, 0x4000, 0x108000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7f, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x20000004, 0x100009, 0x6, 0x9, 0x40000006, 0x5, 0x0, 0x0, 0xf, 0xffff, 0x2, 0x7c, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xb7, 0x9, 0x48c93690, 0x3, 0x102], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x40008ce, 0x9, 0x1, 0x1, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x6, 0x5, 0x5, 0x86, 0x3, 0x10000009, 0x3e7, 0xfff, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x37, 0x3, 0x1fd, 0x80, 0x3, 0x4, 0x2, 0x0, 0x4ccd, 0x7, 0x53cf697b, 0x7, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x3, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x0, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0xfffffffd, 0x5, 0x1, 0x1ff, 0x6, 0x8af, 0x5, 0x3, 0x101, 0x10a0000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x8001, 0x6, 0x9, 0x14c, 0x60a7, 0x6, 0x1, 0xffffffff, 0x7ffffffe, 0x4f, 0x8, 0x0, 0x3, 0x3, 0xffff, 0x3, 0xb, 0xfe, 0x9602, 0x6, 0x97f, 0x2000001, 0x6, 0x1, 0x10000, 0x2, 0x8, 0x2b91, 0x4, 0x7, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x1ff, 0xb1c, 0x1, 0x203, 0x3, 0xfff]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x8000000000000001, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x2, 0x0, 0x7, 0x0, 0x5, 0x5, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x101, 0xaec4, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x20000, 0xcb5e, 0x0, 0x5, 0x1], 0x0, 0x41981}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 30.786362832s ago: executing program 0 (id=1): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000140)={0x40, 0xd, 0x2, {0x2, 0xc}}, 0x0, &(0x7f00000004c0)={0x0, 0xf, 0xa5, {0x5, 0xf, 0xa5, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x16, 0x0, 0x7}, @ss_container_id={0x14, 0x10, 0x4, 0xa, "0a1f7526ef88c693ab18d89cf00e5a61"}, @generic={0x62, 0x10, 0x4, "c8e1f285ded3f417a7c857adddce07f5f8d8cf4270af7294609635cfa7ac85860afb661d7fbd487ad6f369e81db0d4f36562ebbd83bcc9bf40efc2f72d9064e0c84e692165c6a7fd1c9956105bf23da346a928b88643792c768a14bca1c610"}, @ssp_cap={0x14, 0x10, 0xa, 0x2, 0x2, 0x400, 0xf000, 0x26b, [0xff0000, 0x3f00]}, @ssp_cap={0xc, 0x10, 0xa, 0x5, 0x0, 0x100, 0x0, 0x5}, @generic={0x3, 0x10, 0x1}]}}, &(0x7f0000000680)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x4, 0x8, 0x6, "467876a2", "26428a23"}}, 0x0}, &(0x7f0000000b80)={0x84, 0x0, &(0x7f00000007c0)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000800)={0x0, 0x8, 0x1, 0x4}, 0x0, &(0x7f0000000880)={0x20, 0x0, 0x8, {0x400, 0x4, [0xf0]}}, &(0x7f00000008c0)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000000900)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000000940)={0x40, 0xb, 0x2, "59fd"}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x40, 0x1a, 0x2, 0x4f1d}, 0x0, 0x0, &(0x7f0000000b40)={0x40, 0x21, 0x1, 0xa}}) syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084") 30.680134447s ago: executing program 1 (id=6): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x382, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x1000000000) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, 0x0, 0x0) r2 = syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, 0x0, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r3, 0xffffffffffffffff, 0x0) 29.770526214s ago: executing program 2 (id=7): setresgid(0xee00, 0xee01, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000040)='stat\x00') pread64(r2, &(0x7f0000000140)=""/15, 0xf, 0x4) 29.723863502s ago: executing program 2 (id=8): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x10000, 0x0, 0x0, 0xf, 0x1c, "fee8a2ab78fc979fd1f30d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000640)={0x0, {}, 0x0, {}, 0x4, 0x5, 0x1c, 0x4, "6742b0fe545b0cc9021bdabbd3aa47d879ca82d0009a0b48b25ad6cf31af1f3f126a5cf6fb374185c7dc58fb174691f423fa049e658889e24b564740fb7fbee5", "d896fa5dd053dc786a30b16d2b5c9496eb19aafb7d21b09074e07af285213f8c", [0xff, 0x1]}) 29.560705674s ago: executing program 2 (id=10): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x64, &(0x7f0000000040)=0xd00, 0x4) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xa, 0x6, 0x4, 0x17, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0xfec00000, 0x3000, 0x8, 0x13, 0x1, 0x8, 0x7, 0x8, 0x3, 0x42, 0x2}, {0x2, 0x6000, 0x4, 0xf, 0x5, 0x6, 0xc3, 0xe7, 0x3, 0x6, 0x7, 0x3}, {0x2, 0x0, 0xe, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x40000, 0x8080000, 0xe, 0xd, 0x59, 0x5, 0x80, 0xc, 0xfc, 0x0, 0xf8, 0xfc}, {0x2, 0xeeef0000, 0xc, 0xbe, 0x6, 0x7, 0x10, 0x1, 0x0, 0x18, 0x2, 0x4}, {0x5000, 0xb000, 0x4, 0x9, 0xff, 0xf, 0x0, 0x3, 0x8, 0x4, 0x80, 0x2}, {0x8000000, 0x4, 0x10, 0x4, 0x8, 0x1, 0x0, 0xf9, 0x3, 0x7, 0x0, 0xfe}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x60050018, 0x0, 0x0, 0x8, 0x100000002, 0x0, 0xdddd1000, [0x6, 0x4, 0x4000000000000009, 0x7]}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000140)={{0xffff1000, 0xeeee8000, 0x4, 0xf6, 0x2, 0xf3, 0xd7, 0x8, 0x7, 0x1, 0x9, 0x5}, {0x50000, 0xc0a0c0f0f5000ded, 0xd, 0x5, 0x3, 0x8, 0x5, 0x0, 0x80, 0xfc, 0xfc, 0x4}, {0x200000, 0x25000, 0xb, 0x6, 0xff, 0x3, 0x0, 0x5, 0xef, 0x22, 0xd5, 0x2}, {0x4000, 0x6000, 0x9, 0x9, 0x8f, 0x44, 0x83, 0xfc, 0xb, 0x1, 0x9, 0x3}, {0xffffffff, 0x0, 0x3, 0x2, 0x6, 0x1, 0x9, 0x2, 0x3, 0x3, 0x3, 0xe4}, {0x200000, 0xffff1000, 0xf, 0x0, 0x6, 0x0, 0xde, 0x9, 0x3, 0x0, 0x4, 0x30}, {0xdddd0000, 0x9000, 0xc, 0x1, 0x8, 0x3, 0x2, 0x6, 0x91, 0x8, 0x9, 0x88}, {0x8000000, 0xeeee0000, 0x10, 0x6, 0xc2, 0x8, 0x6, 0x10, 0x7, 0x3, 0x80, 0x87}, {0x6000, 0x8000}, {0x41000, 0x9}, 0x50000, 0x0, 0x0, 0x424000, 0x6, 0x8000, 0x0, [0x6, 0x5, 0x5, 0xe]}) add_key$fscrypt_v1(0x0, &(0x7f0000000180)={'fscrypt:', @desc3}, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f00000000c0)=@x86={0x60, 0x4, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x1, 0x0, 0x0, 0x8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x0, 0x1}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x8000000, 0x9, 0x10001, 0xfffffffd, 0x0, [{0x2, 0x2, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0xa}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x2, 0xf5, '\x00', 0xf}, {0x9, 0x89, 0xc, '\x00', 0xfb}, {0x0, 0x4, 0x54, '\x00', 0xff}, {0x71, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x4, 0x1, '\x00', 0x8}, {0x7f, 0x5, 0xb, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0xa}, {0x0, 0x28, 0x7, '\x00', 0xdc}, {0x40, 0x1, 0x5, '\x00', 0x2}, {0xfe, 0x3, 0x26}, {0xcf, 0xfa, 0xb, '\x00', 0x5}, {0xf, 0x6, 0x5, '\x00', 0x10}, {0x39, 0x2, 0x6, '\x00', 0x8}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0x7, 0x5, '\x00', 0xc}, {0x7, 0x1, 0x7}, {0x0, 0x80, 0x1, '\x00', 0x81}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x3, 0x3, '\x00', 0x10}, {0x1, 0x23, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4, '\x00', 0x8}]}}) 29.541090164s ago: executing program 3 (id=11): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffffc) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000000)={0x1, r1}) 29.432136266s ago: executing program 3 (id=12): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000300)={0x0, 0xa, 0x7, "477d40648e6921"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 29.396081955s ago: executing program 2 (id=13): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000280)={0x8f, 0x0, 0x2}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x1, 0x0, @pic={0x3, 0xff, 0xe4, 0x0, 0x6, 0x1, 0x41, 0x5, 0x2, 0x7, 0xa, 0x0, 0xff, 0xc, 0x4, 0x10}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x20, 0x3, 0x0, 0x106c, 0x8, 0x9, 0x80000004000080, 0x5, 0x8, 0x0, 0x4, 0x0, 0x8001], 0x1, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 29.239413951s ago: executing program 2 (id=14): r0 = syz_io_uring_setup(0x11d39, &(0x7f0000000180)={0x0, 0x2079d6, 0x3fff, 0x1, 0x29d}, 0x0, 0x0, &(0x7f0000000000)) mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x8010, r0, 0x10000000) r1 = landlock_create_ruleset(&(0x7f0000000000)={0x2, 0x2, 0x1}, 0x18, 0x2) r2 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000000680)=0xfeab) r3 = socket(0xa, 0x801, 0x0) getsockopt(r3, 0x0, 0x40, 0x0, &(0x7f00000000c0)=0x54) connect$unix(r2, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e) landlock_restrict_self(r1, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_TRANSLATE(r6, 0xc018ae85, &(0x7f0000000040)={0x9000, 0xfec00000, 0x3, 0xff}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) r8 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/pid_for_children\x00') ioctl$KVM_GET_DIRTY_LOG(r5, 0x4010ae42, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000ff8000/0x3000)=nil}) ioctl$NS_GET_PARENT(r8, 0xb702, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) truncate(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x2) 28.813196904s ago: executing program 0 (id=15): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$can_raw(0x1d, 0x3, 0x1) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000003c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r2, @ANYBLOB="05"], 0x0) 27.402879919s ago: executing program 3 (id=16): syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r2, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x4e}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4, 0x6, r1, &(0x7f00000001c0)='m', 0x1, 0x1}]) io_destroy(r2) 27.162095052s ago: executing program 3 (id=17): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b9c}, 0x36, [0xfffffff8, 0x8, 0x5, 0x109, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x1, 0x81, 0x8a, 0x79, 0x2, 0x8, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x7ff, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0x1, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc68, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0xfffffffe, 0x809, 0x4, 0x80a7, 0x8, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0xffff8001, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0xc7c, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x4, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d6, 0x9, 0x8, 0x3fc, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x101, 0x4005, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x8922, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa776, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0xc, 0x140f2, 0x5396, 0x3, 0x80000001, 0x80008001, 0x7777, 0x1, 0x2, 0x8100, 0xd8ce, 0x7fffffff, 0x110009, 0xc, 0x3, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x4, 0xf, 0x10001, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xb88, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x4, 0x1, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0xb, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x202310}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 26.150811946s ago: executing program 3 (id=18): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYRES32=r0], 0x80}}, 0x4048000) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x10, 0x0, @mcast2}}}, 0x88) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x4, 0x6, 0x3, 0x200000000000043, 0x2000004, 0x0, 0x2004cb, 0x0, 0xa7c, 0x9, 0x8, 0x8000000009, 0x803, 0x0, 0x9], 0xeeee8000, 0x202}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0xeeee3001, 0x8, 0x0, 0xb, 0xe6, 0x40, 0x0, 0x0, 0x81, 0x80}, {0x5000, 0xd000, 0x3, 0x0, 0x42, 0x5, 0x9, 0x2, 0x36, 0xd, 0x6, 0x89}, {0x25000, 0xd000, 0xe, 0x4, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x0, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0x0, 0x8, 0x7, 0xe}, {0xf000, 0x1000, 0xf, 0x3, 0x16, 0x7, 0x9, 0x8, 0x7, 0x9, 0xf7, 0x97}, {0xeeefa000, 0x0, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x54000, 0x10000, 0xf, 0x5, 0x7, 0x5, 0x7, 0x3, 0x3, 0x81, 0x40, 0x70}, {0xdddd0000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x3, 0x9, 0x2, 0xa, 0xb0, 0x83}, {0xeeee0000, 0x30}, {0xf000, 0x7}, 0x80000021, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x5, 0x2, 0x7369e232]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 26.143733357s ago: executing program 1 (id=19): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9401"}, @global=@item_4={0x3, 0x1, 0x1, '\a\x00'}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) 25.997398179s ago: executing program 2 (id=20): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket(0x10, 0x3, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20, 0x0) 25.942880577s ago: executing program 3 (id=21): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x181403, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000000)={0x9f63422128890807, 0x0, {[0x9fffffffffffe, 0x7, 0x7, 0xfffffffffffffff6, 0x804, 0xd, 0x2200000000000f, 0xe340]}}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, 0x0}], 0x1, 0x40, 0x0, 0x0) 412.794647ms ago: executing program 0 (id=22): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af60, &(0x7f0000000000)={0x1}) 412.624817ms ago: executing program 32 (id=19): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9401"}, @global=@item_4={0x3, 0x1, 0x1, '\a\x00'}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) 345.136192ms ago: executing program 33 (id=20): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket(0x10, 0x3, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20, 0x0) 217.684512ms ago: executing program 34 (id=21): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x181403, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000000)={0x9f63422128890807, 0x0, {[0x9fffffffffffe, 0x7, 0x7, 0xfffffffffffffff6, 0x804, 0xd, 0x2200000000000f, 0xe340]}}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, 0x0}], 0x1, 0x40, 0x0, 0x0) 198.835248ms ago: executing program 0 (id=26): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'vlan1\x00', &(0x7f0000000400)=@ethtool_sfeatures={0x3b, 0x2, [{0xc, 0x63}, {0x0, 0x73}]}}) 0s ago: executing program 0 (id=27): openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b9c}, 0x36, [0xfffffff8, 0x8, 0x5, 0x109, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x1, 0x81, 0x8a, 0x79, 0x2, 0x8, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x7ff, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc68, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0xfffffffe, 0x809, 0x4, 0x80a7, 0x8, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0xffff8001, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0xc7c, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d6, 0x9, 0x8, 0x3fc, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x4005, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x8922, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa776, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x4, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0xc, 0x140f2, 0x5396, 0x3, 0x80000001, 0x80008001, 0x7777, 0x1, 0x2, 0x8100, 0xd8ce, 0x7fffffff, 0x110009, 0xc, 0x3, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x4, 0xf, 0x10001, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xb88, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x100, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000440)={{0x100000, 0xdddd0000, 0x4, 0x1, 0x0, 0x1, 0x0, 0x8, 0x0, 0xfc, 0x9, 0x1}, {0x9000, 0x30000, 0xf, 0x2, 0x0, 0x2, 0x7, 0x9, 0x9, 0x81, 0x40, 0x24}, {0x9000, 0x9000, 0x10, 0x4, 0x3, 0xe2, 0xd8, 0x7, 0x40, 0x40, 0x10, 0x2}, {0x26000, 0x10000, 0x4, 0x6, 0x4, 0x73, 0x9, 0xa, 0x8, 0xe, 0x6}, {0x100000, 0x0, 0xe, 0x8, 0x3, 0x9, 0x33, 0x3a, 0x0, 0x7, 0x7, 0xf}, {0x200000, 0x0, 0xe, 0xd4, 0x8, 0x1, 0x4, 0xfc, 0x1, 0xf1, 0x2}, {0x1, 0x1, 0xe, 0x33, 0x5, 0x7, 0x6, 0x1, 0xc, 0x7, 0x81, 0x1}, {0x25000, 0x0, 0xd, 0xd, 0x7, 0xd8, 0xff, 0x9, 0x8b, 0x9, 0x9, 0x6}, {0x40000, 0xff}, {0x7000, 0x3}, 0x40000038, 0x0, 0x40000, 0x224, 0x4, 0x0, 0x3000, [0x8, 0x3, 0x1, 0x80]}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 0s ago: executing program 0 (id=28): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x300000f, 0x11, r2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:53319' (ED25519) to the list of known hosts. [ 56.912443][ T5730] cgroup: Unknown subsys name 'net' [ 57.034301][ T5730] cgroup: Unknown subsys name 'cpuset' [ 57.038478][ T5730] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 57.979806][ T5730] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.818882][ T5756] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.820306][ T5755] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.821648][ T5756] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 61.824230][ T5755] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.826592][ T5759] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.829921][ T5757] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.830938][ T5759] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 61.833085][ T5757] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 61.836546][ T5759] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 61.838634][ T5757] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.838891][ T5756] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.839652][ T5756] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.840279][ T5756] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 61.840510][ T5759] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 61.842609][ T5759] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.843502][ T5757] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.843800][ T5757] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.845536][ T5756] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.848255][ T5759] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.868374][ T5759] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.357542][ T5750] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.361134][ T5750] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.366109][ T5750] bridge_slave_0: entered allmulticast mode [ 62.370027][ T5750] bridge_slave_0: entered promiscuous mode [ 62.384566][ T5750] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.386796][ T5750] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.389010][ T5750] bridge_slave_1: entered allmulticast mode [ 62.391818][ T5750] bridge_slave_1: entered promiscuous mode [ 62.445412][ T5750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.454652][ T5750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.504327][ T5750] team0: Port device team_slave_0 added [ 62.506158][ T5743] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.508381][ T5743] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.510591][ T5743] bridge_slave_0: entered allmulticast mode [ 62.513261][ T5743] bridge_slave_0: entered promiscuous mode [ 62.516962][ T5743] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.519194][ T5743] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.521776][ T5743] bridge_slave_1: entered allmulticast mode [ 62.524273][ T5743] bridge_slave_1: entered promiscuous mode [ 62.540148][ T5750] team0: Port device team_slave_1 added [ 62.585257][ T5750] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.587415][ T5750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.595469][ T5750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.600411][ T5743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.613686][ T5750] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.616079][ T5750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.624043][ T5750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.629436][ T5743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.632415][ T5746] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.634772][ T5746] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.637010][ T5746] bridge_slave_0: entered allmulticast mode [ 62.639526][ T5746] bridge_slave_0: entered promiscuous mode [ 62.642594][ T5746] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.644915][ T5746] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.647114][ T5746] bridge_slave_1: entered allmulticast mode [ 62.649623][ T5746] bridge_slave_1: entered promiscuous mode [ 62.674613][ T5744] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.677136][ T5744] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.679334][ T5744] bridge_slave_0: entered allmulticast mode [ 62.682733][ T5744] bridge_slave_0: entered promiscuous mode [ 62.707462][ T5744] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.709783][ T5744] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.712273][ T5744] bridge_slave_1: entered allmulticast mode [ 62.715284][ T5744] bridge_slave_1: entered promiscuous mode [ 62.718558][ T5743] team0: Port device team_slave_0 added [ 62.721733][ T5746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.738229][ T5750] hsr_slave_0: entered promiscuous mode [ 62.740529][ T5750] hsr_slave_1: entered promiscuous mode [ 62.743686][ T5743] team0: Port device team_slave_1 added [ 62.746476][ T5746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.762214][ T5744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.772564][ T5744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.807357][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.809495][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.817770][ T5743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.822929][ T5746] team0: Port device team_slave_0 added [ 62.842916][ T5743] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.845005][ T5743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.853199][ T5743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.857739][ T5746] team0: Port device team_slave_1 added [ 62.870012][ T5744] team0: Port device team_slave_0 added [ 62.889962][ T5744] team0: Port device team_slave_1 added [ 62.898284][ T5746] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.900421][ T5746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.908123][ T5746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.915842][ T5746] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.917947][ T5746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.925492][ T5746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.938056][ T5744] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.940724][ T5744] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.950724][ T5744] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.969007][ T5744] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.971803][ T5744] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.981403][ T5744] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.010450][ T5743] hsr_slave_0: entered promiscuous mode [ 63.013428][ T5743] hsr_slave_1: entered promiscuous mode [ 63.016000][ T5743] debugfs: 'hsr0' already exists in 'hsr' [ 63.017869][ T5743] Cannot create hsr debugfs directory [ 63.052441][ T5746] hsr_slave_0: entered promiscuous mode [ 63.054762][ T5746] hsr_slave_1: entered promiscuous mode [ 63.056807][ T5746] debugfs: 'hsr0' already exists in 'hsr' [ 63.058545][ T5746] Cannot create hsr debugfs directory [ 63.085514][ T5744] hsr_slave_0: entered promiscuous mode [ 63.087741][ T5744] hsr_slave_1: entered promiscuous mode [ 63.089805][ T5744] debugfs: 'hsr0' already exists in 'hsr' [ 63.091694][ T5744] Cannot create hsr debugfs directory [ 63.223131][ T5750] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.230335][ T5750] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 63.260214][ T5750] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.264440][ T5750] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 63.305959][ T5750] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.311855][ T5750] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 63.318499][ T5750] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.322806][ T5750] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 63.397180][ T5743] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.403015][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 63.406697][ T5743] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.413594][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 63.417205][ T5743] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.423386][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 63.426874][ T5743] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.432870][ T5743] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 63.496754][ T5746] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.504325][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 63.509106][ T5746] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.515541][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 63.520425][ T5746] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.530180][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 63.535966][ T5746] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.541453][ T5746] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 63.604096][ T5744] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.611266][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 63.614216][ T5744] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.617596][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 63.623466][ T5750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.626798][ T5744] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.632979][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 63.639821][ T5744] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.645623][ T5744] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 63.685106][ T5750] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.705176][ T5743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.710069][ T1260] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.712630][ T1260] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.726388][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.728796][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.753591][ T5743] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.774615][ T1260] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.777582][ T1260] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.790855][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.793108][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.807316][ T5746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.859843][ T5746] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.878641][ T5744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.882459][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.884754][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.894744][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.897022][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.901900][ T5747] Bluetooth: hci2: command tx timeout [ 63.911949][ T5747] Bluetooth: hci1: command tx timeout [ 63.912921][ T5744] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.914728][ T5759] Bluetooth: hci0: command tx timeout [ 63.914784][ T62] Bluetooth: hci3: command tx timeout [ 63.927681][ T172] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.930087][ T172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.939605][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.942016][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.150498][ T5750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.161232][ T5743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.212164][ T5750] veth0_vlan: entered promiscuous mode [ 64.218675][ T5743] veth0_vlan: entered promiscuous mode [ 64.224320][ T5746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.232052][ T5750] veth1_vlan: entered promiscuous mode [ 64.239861][ T5744] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.245864][ T5743] veth1_vlan: entered promiscuous mode [ 64.282583][ T5750] veth0_macvtap: entered promiscuous mode [ 64.290558][ T5750] veth1_macvtap: entered promiscuous mode [ 64.295833][ T5743] veth0_macvtap: entered promiscuous mode [ 64.328909][ T5743] veth1_macvtap: entered promiscuous mode [ 64.334978][ T5750] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.338550][ T5744] veth0_vlan: entered promiscuous mode [ 64.345932][ T5750] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.348385][ T5746] veth0_vlan: entered promiscuous mode [ 64.359373][ T5744] veth1_vlan: entered promiscuous mode [ 64.363665][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.367666][ T5746] veth1_vlan: entered promiscuous mode [ 64.382594][ T46] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.385497][ T46] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.389776][ T5743] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.398786][ T46] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.402018][ T46] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.416025][ T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.424656][ T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.429201][ T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.437617][ T46] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.472331][ T172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.475918][ T172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.477986][ T5744] veth0_macvtap: entered promiscuous mode [ 64.486050][ T5746] veth0_macvtap: entered promiscuous mode [ 64.493052][ T5744] veth1_macvtap: entered promiscuous mode [ 64.500631][ T5746] veth1_macvtap: entered promiscuous mode [ 64.530193][ T172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.530909][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.533222][ T5744] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.533843][ T172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.535829][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.550228][ T5746] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.561913][ T5746] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.566181][ T5744] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.570595][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.573954][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.578125][ T79] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.580926][ T79] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.590893][ T79] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.594519][ T79] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.598498][ T5750] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 64.606861][ T79] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.614018][ T79] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.616891][ T79] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.623820][ T79] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.690900][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.700363][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.743532][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.749190][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.753930][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.760662][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xab000) 50:50 [ 64.783936][ T137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.788403][ T137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.990965][ T1260] Bluetooth: hci4: Frame reassembly failed (-84) [ 65.035741][ T5906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5'. [ 65.161418][ T66] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 65.252181][ T34] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 65.314773][ T66] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 65.319299][ T66] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 65.322923][ T66] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.328180][ T66] usb 5-1: config 0 descriptor?? [ 65.401390][ T34] usb 8-1: Using ep0 maxpacket: 32 [ 65.410053][ T34] usb 8-1: unable to get BOS descriptor or descriptor too short [ 65.413851][ T34] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 65.416364][ T34] usb 8-1: can't read configurations, error -71 [ 65.749359][ T66] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 65.758169][ T66] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0926:3333.0002/input/input5 [ 65.801063][ T10] cfg80211: failed to load regulatory.db [ 65.859776][ T66] keytouch 0003:0926:3333.0002: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 65.982448][ T5747] Bluetooth: hci3: command tx timeout [ 65.982519][ T62] Bluetooth: hci0: command tx timeout [ 65.984662][ T5754] Bluetooth: hci1: command tx timeout [ 65.984699][ T5754] Bluetooth: hci2: command tx timeout [ 66.261632][ T50] usb 5-1: USB disconnect, device number 2 [ 66.471974][ T34] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 66.632890][ T34] usb 8-1: config 0 has an invalid interface number: 41 but max is 0 [ 66.635468][ T34] usb 8-1: config 0 has no interface number 0 [ 66.637288][ T34] usb 8-1: config 0 interface 41 has no altsetting 0 [ 66.640797][ T34] usb 8-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 66.643697][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.646132][ T34] usb 8-1: Product: syz [ 66.647412][ T34] usb 8-1: Manufacturer: syz [ 66.648817][ T34] usb 8-1: SerialNumber: syz [ 66.654631][ T34] usb 8-1: config 0 descriptor?? [ 67.022892][ T5759] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 67.023074][ T62] Bluetooth: hci4: command 0x1003 tx timeout [ 67.673974][ T34] CoreChips 8-1:0.41: probe with driver CoreChips failed with error -71 [ 67.679300][ T34] usb 8-1: USB disconnect, device number 3 [ 68.062304][ T5759] Bluetooth: hci3: command tx timeout [ 68.062347][ T62] Bluetooth: hci0: command tx timeout [ 68.062375][ T5747] Bluetooth: hci2: command tx timeout [ 68.541680][ T62] Bluetooth: hci1: command 0x0419 tx timeout [ 68.546063][ T5931] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 69.406085][ T5931] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 69.411886][ T5931] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 69.417009][ T5931] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 69.419478][ T5931] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 69.423365][ T5931] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 69.427699][ T5931] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 69.429395][ T5931] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 69.432403][ T5931] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 69.435154][ T5931] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 69.436842][ T5931] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 69.439281][ T5931] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 69.681562][ T843] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 69.761456][ T5827] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 69.921355][ T5827] usb 6-1: Using ep0 maxpacket: 16 [ 69.924886][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.929211][ T5827] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.933004][ T5827] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 69.938669][ T5827] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 69.942431][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.949698][ T5827] usb 6-1: config 0 descriptor?? [ 70.031525][ T843] usb 5-1: device not accepting address 3, error -71 [ 70.621939][ T62] Bluetooth: hci1: command 0x0419 tx timeout [ 71.421414][ T62] Bluetooth: hci0: command 0x0c1a tx timeout [ 71.501464][ T62] Bluetooth: hci3: command 0x0c1a tx timeout [ 71.501480][ T5759] Bluetooth: hci2: command 0x0c1a tx timeout [ 72.701440][ T62] Bluetooth: hci1: command 0x0419 tx timeout [ 73.501531][ T62] Bluetooth: hci0: command 0x0c1a tx timeout [ 73.581511][ T62] Bluetooth: hci3: command 0x0c1a tx timeout [ 73.582256][ T5759] Bluetooth: hci2: command 0x0c1a tx timeout [ 74.782333][ T5759] Bluetooth: hci1: command 0x0419 tx timeout [ 75.023362][ T5827] usbhid 6-1:0.0: can't add hid device: -32 [ 75.025218][ T5827] usbhid 6-1:0.0: probe with driver usbhid failed with error -32 [ 75.581910][ T5759] Bluetooth: hci0: command 0x0c1a tx timeout [ 75.661476][ T5759] Bluetooth: hci2: command 0x0c1a tx timeout [ 75.661563][ T62] Bluetooth: hci3: command 0x0c1a tx timeout [ 76.233620][ T1433] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.236402][ T1433] ieee802154 phy1 wpan1: encryption failed: -22 [ 94.822416][ T1127] ata1.00: exception Emask 0x0 SAct 0x4000 SErr 0x0 action 0x6 frozen [ 94.825508][ T1127] ata1.00: failed command: WRITE FPDMA QUEUED [ 94.827918][ T1127] ata1.00: cmd 61/58:70:36:11:08/05:00:00:00:00/40 tag 14 ncq dma 700416 out [ 94.827918][ T1127] res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout) [ 94.833993][ T1127] ata1.00: status: { DRDY } [ 94.835537][ T1127] ata1: hard resetting link [ 95.155712][ T1127] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 95.158861][ T1127] ata1.00: configured for UDMA/100 [ 95.160716][ T1127] ata1: EH complete [ 95.193326][ T5849] usb 6-1: USB disconnect, device number 2 [ 95.448685][ T5759] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.455890][ T5759] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.459007][ T5759] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.462347][ T5759] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.465734][ T5759] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.500178][ T5759] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.505329][ T5759] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.511395][ T5759] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.516434][ T5759] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.520088][ T5759] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.564834][ T62] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 95.577518][ T62] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 95.584148][ T62] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 95.589330][ T62] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 95.593476][ T62] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 Stopping sshd: stopped /usr/sbin/sshd (pid 5542) OK Stopping crond: [ 95.717086][ T79] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 stopped /usr/sbin/crond (pid 5535) OK Stopping dhcpcd... stopped /sbin/dhcpcd (pid 5453) [ 95.867694][ T79] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.919164][ T6032] ------------[ cut here ]------------ [ 95.921552][ T6032] ((d_inode(path->dentry))->i_flags & (1 << 19)) && !(path->mnt->mnt_sb->s_iflags & 0x00000002) [ 95.921586][ T6032] WARNING: fs/exec.c:118 at path_noexec+0x1cf/0x230, CPU#2: syz.0.28/6032 [ 95.927925][ T6032] Modules linked in: [ 95.930386][ T6032] CPU: 2 UID: 0 PID: 6032 Comm: syz.0.28 Not tainted syzkaller #0 PREEMPT(full) [ 95.933385][ T6032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Stopping network: [ 95.937191][ T6032] RIP: 0010:path_noexec+0x1cf/0x230 [ 95.939214][ T6032] Code: 58 31 ff 83 e3 02 48 89 de 48 d1 eb e8 fa 76 7e ff 83 e3 01 e8 12 7c 7e ff 89 d8 5b 5d 41 5c c3 cc cc cc cc e8 02 7c 7e ff 90 <0f> 0b 90 e9 46 ff ff ff e8 c4 43 eb ff e9 a3 fe ff ff e8 ba 43 eb [ 95.945330][ T6032] RSP: 0018:ffffc90003cdfc00 EFLAGS: 00010283 [ 95.948052][ T6032] RAX: 00000000000000ae RBX: 0000000000000000 RCX: ffffc90007941000 [ 95.950590][ T6032] RDX: 0000000000080000 RSI: ffffffff8289907e RDI: ffff888024708000 [ 95.953366][ T6032] RBP: ffff8880204ff1a0 R08: 0000000000000007 R09: 0000000000000000 [ 95.955984][ T6032] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000080000 [ 95.958736][ T6032] R13: 0000000000000001 R14: ffff8880521f5008 R15: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 95.961194][ T6032] FS: 0000000000000000(0000) GS:ffff888097374000(0063) knlGS:00000000f545db40 [ 95.964432][ T6032] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 95.966833][ T6032] CR2: 00000000f73b00fc CR3: 000000004cdd3000 CR4: 0000000000352ef0 [ 95.969718][ T6032] Call Trace: [ 95.972905][ T6032] [ 95.974498][ T6032] do_mmap+0x857/0x12f0 [ 95.975865][ T6032] ? __pfx_do_mmap+0x10/0x10 [ 95.977361][ T6032] ? __pfx_down_write_killable+0x10/0x10 [ 95.979242][ T6032] vm_mmap_pgoff+0x29e/0x470 [ 95.980733][ T6032] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 95.982477][ T6032] ? __fget_files+0x215/0x3d0 [ 95.983961][ T6032] ? __fget_files+0x21f/0x3d0 [ 95.985467][ T6032] ksys_mmap_pgoff+0x3cb/0x610 [ 95.986978][ T6032] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 95.988620][ T6032] ? rcu_is_watching+0x12/0xc0 [ 95.990220][ T6032] __do_fast_syscall_32+0xe7/0x950 [ 95.991921][ T6032] do_fast_syscall_32+0x32/0x70 [ 95.993471][ T6032] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 95.995474][ T6032] RIP: 0023:0xf706ef7c [ 95.996751][ T6032] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 96.003248][ T6032] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0 [ 96.005827][ T6032] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000003000 [ 96.008277][ T6032] RDX: 000000000300000f RSI: 0000000000000011 RDI: 0000000000000005 [ 96.010795][ T6032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 96.013327][ T6032] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 96.015785][ T6032] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 96.018224][ T6032] [ 96.019229][ T6032] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 96.021636][ T6032] CPU: 2 UID: 0 PID: 6032 Comm: syz.0.28 Not tainted syzkaller #0 PREEMPT(full) [ 96.024406][ T6032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 96.027475][ T6032] Call Trace: [ 96.028514][ T6032] [ 96.029457][ T6032] dump_stack_lvl+0x100/0x190 [ 96.030950][ T6032] vpanic+0x552/0x970 [ 96.032304][ T6032] ? __pfx_vpanic+0x10/0x10 [ 96.033780][ T6032] panic+0xd1/0xe0 [ 96.034963][ T6032] ? __pfx_panic+0x10/0x10 [ 96.036351][ T6032] check_panic_on_warn.cold+0x19/0x34 [ 96.038004][ T6032] ? path_noexec+0x1cf/0x230 [ 96.039455][ T6032] __warn.cold+0x191/0x328 [ 96.040851][ T6032] __report_bug+0x296/0x3d0 [ 96.042275][ T6032] ? path_noexec+0x1cf/0x230 [ 96.043822][ T6032] ? __pfx___report_bug+0x10/0x10 [ 96.045404][ T6032] ? arch_get_unmapped_area_topdown+0x3e6/0x9b0 [ 96.047375][ T6032] ? path_noexec+0x1cf/0x230 [ 96.048822][ T6032] report_bug+0xb2/0x220 [ 96.050167][ T6032] ? path_noexec+0x1cf/0x230 [ 96.051621][ T6032] handle_bug+0x16a/0x2a0 [ 96.052986][ T6032] exc_invalid_op+0x17/0x50 [ 96.054496][ T6032] asm_exc_invalid_op+0x1a/0x20 [ 96.056012][ T6032] RIP: 0010:path_noexec+0x1cf/0x230 [ 96.057628][ T6032] Code: 58 31 ff 83 e3 02 48 89 de 48 d1 eb e8 fa 76 7e ff 83 e3 01 e8 12 7c 7e ff 89 d8 5b 5d 41 5c c3 cc cc cc cc e8 02 7c 7e ff 90 <0f> 0b 90 e9 46 ff ff ff e8 c4 43 eb ff e9 a3 fe ff ff e8 ba 43 eb [ 96.063540][ T6032] RSP: 0018:ffffc90003cdfc00 EFLAGS: 00010283 [ 96.065573][ T6032] RAX: 00000000000000ae RBX: 0000000000000000 RCX: ffffc90007941000 [ 96.068003][ T6032] RDX: 0000000000080000 RSI: ffffffff8289907e RDI: ffff888024708000 [ 96.070447][ T6032] RBP: ffff8880204ff1a0 R08: 0000000000000007 R09: 0000000000000000 [ 96.072895][ T6032] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000080000 [ 96.075480][ T6032] R13: 0000000000000001 R14: ffff8880521f5008 R15: 0000000000000000 [ 96.077923][ T6032] ? path_noexec+0x1ce/0x230 [ 96.079385][ T6032] do_mmap+0x857/0x12f0 [ 96.080691][ T6032] ? __pfx_do_mmap+0x10/0x10 [ 96.082138][ T6032] ? __pfx_down_write_killable+0x10/0x10 [ 96.083890][ T6032] vm_mmap_pgoff+0x29e/0x470 [ 96.085351][ T6032] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 96.087002][ T6032] ? __fget_files+0x215/0x3d0 [ 96.088476][ T6032] ? __fget_files+0x21f/0x3d0 [ 96.089959][ T6032] ksys_mmap_pgoff+0x3cb/0x610 [ 96.091463][ T6032] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 96.093117][ T6032] ? rcu_is_watching+0x12/0xc0 [ 96.094622][ T6032] __do_fast_syscall_32+0xe7/0x950 [ 96.096295][ T6032] do_fast_syscall_32+0x32/0x70 [ 96.097911][ T6032] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 96.099877][ T6032] RIP: 0023:0xf706ef7c [ 96.101152][ T6032] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 96.107064][ T6032] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0 [ 96.109641][ T6032] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000003000 [ 96.112082][ T6032] RDX: 000000000300000f RSI: 0000000000000011 RDI: 0000000000000005 [ 96.114540][ T6032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 96.116963][ T6032] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 96.119443][ T6032] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 96.121873][ T6032] [ 96.123666][ T6032] Kernel Offset: disabled [ 96.125015][ T6032] Rebooting in 86400 seconds..