last executing test programs: 17.579992102s ago: executing program 2 (id=54): ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000080)=0x6) 17.287881801s ago: executing program 2 (id=56): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x6, 0x80, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000004c0), 0x8000, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0, 0x2}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000200)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000240)=0x1c) r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5) prlimit64(r4, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x0, 0x0, 0xf730ac4d9e9750df, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000280)='\x02\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00\xfaC\x93\xc0S\xaf\f\x1a\fEik\x86\x15\xab\x909\xf8i\xc0\xa7\xa9\xb1\xbe\xc7\x1d\xe0\x18\xd2\xbaG|\xd5fC\x8d\t\x00/I\x8b\xbf\x94\xf4\x96[us\x96\x90\x8d\x9d\xfb\xdc\x7f0&\xab\x17@)\xf1\xc3Q\xb2M :\xaa\x99G\xdd\xa9E6A]@>\f\xb1n\x1a\x8c\xc6e7{@\x90\x8fz\xfcf\x88\x15A\x0e\xbf\xb8\xff\xa8\xb9\xab\x83>\xf9I0\xdd\x93#\x1e\x00\xed#\xc9\xd0Uk\xa6b\xa6/\x15\x92\xc6,p\xc9\xce\xe1\xc3\xd5\x89Lw\x17\x16\x18\xddh\xc8\x81w\x1e\x7f\xc7\x16\xe5\x96\x03\t\xc3\x94\xc7\xeb\xd6.\xfa\xb3\xe0\x1f\xa9\x19\xfaS\x1f[T\x1e\xc5nX\x84\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=0\xc3\xbc\xfd\xce~\xe3\xcaO\"\xbb\xd1\x15\xf2y\xb91\x1d\xab\xeaO\x19\rH4\xc2\xe4\x922~K^K`55\xb7\xd1\n\xba\xb7,\xdb\xc2\x86\xc30bnc\x06\x06q\xe9\x97\fHA<\x94`\xf7H?\x86\xb8C9\b\x18vFWRdNee\xf1A\x06\x8f\x97\x99\xa5A\xfa\x94IfB\xa9\xf5\xd8\x83\xc5\b\x0eL\\Z\x80](f6D\x1a\xf7si\xa4l\xa8\x0f\xcc\xa1\xef\x1bCq\x0e\xf87\xfc\xce\x96cm\x83\x05S\x01Zj`dP:d\xba\x02\x14\xaa\x051\xd7\x87\x1b\xcb\xa2.\x89\x16CRx\x9b\x04\x1f\x8fA\t<\x99/\'tk\xcb\xd7|\x0f\xc9m\x95\x9a\n\v&\xca\xcd\x11\xec\xfd\x17a$.\xe9\x14\x8f\n\x15\x8d\rJ\x99\x8a\x87\x81\xc4S\x85L\xe5w\xa1\xbf\x91Q&6\x8e\xd1\x02\x19K\xd3\xab\xe5\xdc\xac\x05\x8dQ\xf4\x1aa\x86\xbc6\\\x06\xdf\x84\x00+F|\xa6\xc4\xab\x00G\xd0\x14N+\xf9\x84i?C\x81\x8eu\xd3\xcbg\xb7\a\xd9\x9a*\x17>\xac\x9d\x9d\xf6\t\xd8b\x19\x8a\x1e&\xde\x87-%\xf3\x8a2L\x1cQ2\f\x94\xf7\xf9\xadI\xedU\xabr\xe2\xe1\xc2{\b\xa8\xc2\n4\x0f\'\xed\xcc\xd7qG\xa7p\x8ct\xe3/l\v\x93\x8a\x95R\xd6\x19L\x85\x80\x18\x15\xcezn\xa8,i\xf1\x91@\xc0\xb1\a\xfd\xec\x95>\b(\xfa~O\xfd\xe2\a6b\x97\xc6$?;\x8eJ/P\x9d\x17\xaaU\xc4\b') openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) ioctl$int_in(r3, 0x5452, &(0x7f00000001c0)=0x1) 16.98831039s ago: executing program 1 (id=58): kexec_load(0x3, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x5, 0xffffffff}], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0) sendmmsg$alg(r2, &(0x7f0000007640)=[{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000740)="bd9c629b909dddebc0508bf412865663aded7919352b141faa7dc00680ce5a44ff1ed1c813c6c1e58e28c509cd269d0e79fff4d2ea4c1da69fa672c4f5eb15788aa929e9f5c94e443cf68a1759ee805958a7c76c8c7f11a39ea32c019c2f2c8cce48d92d659f623081974c0135dc1fe2a057f725a843c083e0620ffa607d3b9570a5b4094fca255491844b3d5cb63bab3d76ad07f9503d1450f1fb860b18ac983285f983e51262c539312073482f1538d9588323b836e6e2b7704dff3cbf89c2b828c7613310eafd664c946b1a6728154b1877257a8abe3d983344da083b86aee35e6b9b0d93", 0xe6}], 0x1, &(0x7f00000008c0)=[@iv={0x68, 0x117, 0x2, 0x50, "bd19a432ebf20eb0a0ee39d005e869fe74b9842d9c92be0054aa20f9dbfeb8e59fa49c486a1a51c45c98c886185e506d1cf93255718fc79d6b6d1d434c678807c5ab4264c8ba94065d11d8ee27dd16f4"}, @assoc={0x18, 0x117, 0x4, 0x6}], 0x80, 0x40800}, {0x0, 0x0, &(0x7f0000003900)=[{&(0x7f00000009c0)="c2debd9e2d4617d17e01e704d3576f8b26b757ffa164a105efcaa28e5d52d4383258c148e95e4ee927dab4ba9cdbf4dbf6b0e19f8b7e9a95211ec6aedfd78a09200b7076afabdae9c87c6837e202845b6cf3ac6b728856d66eef286087e0154a40c153e5fe7505615fb53b33f629928c80aeea7fd091180968d44cd4544b6bb4c116f4d6c4c3d148eb273bd4fa76ad8f709ed07bd2a91564fc364f1b971b0e005fe1d24f1b0d7f157b695c625cc39aac2d6f07b11d926c", 0xb7}, {&(0x7f0000000ac0)="3fe4c8a328", 0x5}, {&(0x7f0000000b40)="86545d2157646172b815818bfd0e1457556266898579380233", 0x19}, {&(0x7f0000000b80)="0d4842ef613cd072196eae2d74d31c309df1c61a888039b1a23acbea852fb54afae1761845284c6e484aa5154a2b418ffe2ac1d6363010c9d8f2d75a71eb55849202714884c6a0a760f5e028016a68fc07407f5671a5a4a8c91e9d056039df63390376a7359c6fc2059d1e3ffeec1ff0f4c09099e8e61c268324d0fc621f6dc2912e4bd5316ff808ac5126ade9b759e1489c04a517e992d7b56d9df469c0c906000e0f82c089ec12677e7ade15e68a60", 0xb0}, {&(0x7f0000000c40)="176d6b3905505e2a41391bf6fd66d8ad4ebc86e07694005204b0151bfa8dc581a5be209d8850a950791f10f76de79651272a11f6d7267276ff1596a47826a90a0b74b425d8ff2bbea5c5732f69a908c45b4b348abc24d2cd2031a9508ef8e3594bd12ebc38c466f76d6ff3618471f4f6574e1043766375eb889750ca25429f976089462bf1b689280ebc67640f4534eef4b7ffd85963bc5d8b114670c00f76cbdd722662dce5fc58daf323bf987ef7d646a99794c02b62b30e189691c4be9094ea58e9df52d9dbd9e0fae7a4a130246680b2", 0xd2}], 0x5, 0x0, 0x0, 0xc0}], 0x2, 0x48040) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 16.631073311s ago: executing program 0 (id=60): r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x840) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fcntl$lock(r2, 0x6, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008011}, 0x40) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r4, &(0x7f0000000040)={0x1f, @none}, 0x8) connect$bt_sco(r4, &(0x7f00000008c0)={0x1f, @none}, 0x8) 14.280301893s ago: executing program 0 (id=62): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r1, 0x0, 0x0, 0x20008000) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, 0x0) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=@get={0xe0, 0x13, 0x1, 0x0, 0x0, {{'xchacha20\x00'}}}, 0xe0}}, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000400)={0x5, 0x2}) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x2) r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r7, 0xc0045627, &(0x7f00000000c0)=0x3) recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380), 0x5c}, 0x123) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x10000042, 0x3}, 0x10) 14.279621093s ago: executing program 2 (id=63): kexec_load(0x3, 0x1, &(0x7f00000005c0)=[{&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c8f68476969bf8c4bcd37ba24e4", 0x64, 0x5, 0xffffffff}], 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000740)}], 0x2}, 0x41) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0) sendmmsg$alg(r2, &(0x7f0000007640)=[{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000740)="bd9c629b909dddebc0508bf412865663aded7919352b141faa7dc00680ce5a44ff1ed1c813c6c1e58e28c509cd269d0e79fff4d2ea4c1da69fa672c4f5eb15788aa929e9f5c94e443cf68a1759ee805958a7c76c8c7f11a39ea32c019c2f2c8cce48d92d659f623081974c0135dc1fe2a057f725a843c083e0620ffa607d3b9570a5b4094fca255491844b3d5cb63bab3d76ad07f9503d1450f1fb860b18ac983285f983e51262c539312073482f1538d9588323b836e6e2b7704dff3cbf89c2b828c7613310eafd664c946b1a6728154b1877257a8abe3d983344da083b86aee35e6b9b0d9307", 0xe7}], 0x1, &(0x7f00000008c0)=[@iv={0x68, 0x117, 0x2, 0x50, "bd19a432ebf20eb0a0ee39d005e869fe74b9842d9c92be0054aa20f9dbfeb8e59fa49c486a1a51c45c98c886185e506d1cf93255718fc79d6b6d1d434c678807c5ab4264c8ba94065d11d8ee27dd16f4"}, @assoc={0x18, 0x117, 0x4, 0x6}], 0x80, 0x40800}, {0x0, 0x0, &(0x7f0000003900)=[{&(0x7f00000009c0)="c2debd9e2d4617d17e01e704d3576f8b26b757ffa164a105efcaa28e5d52d4383258c148e95e4ee927dab4ba9cdbf4dbf6b0e19f8b7e9a95211ec6aedfd78a09200b7076afabdae9c87c6837e202845b6cf3ac6b728856d66eef286087e0154a40c153e5fe7505615fb53b33f629928c80aeea7fd091180968d44cd4544b6bb4c116f4d6c4c3d148eb273bd4fa76ad8f709ed07bd2a91564fc364f1b971b0e005f", 0xa1}, {&(0x7f0000000b40)="86545d2157646172b815818bfd0e1457556266898579380233e0e3853e4a118a5a2bcc52eeea6b2dc4fc32c3f81f9b1d06cd70a1b428c0", 0x37}, {&(0x7f0000000b80)="0d4842ef613cd072196eae2d74d31c309df1c61a888039b1a23acbea852fb54afae1761845284c6e484aa5154a2b418ffe2ac1d6363010c9d8f2d75a71eb55849202714884c6a0a760f5e028016a68fc07407f5671a5a4a8c91e9d056039df63390376a7359c6fc2059d1e3ffeec1ff0f4c09099e8e61c268324d0fc621f6dc2912e4bd5316ff808ac5126ade9b759e1489c04a517e992d7b56d9df469c0c906000e0f82c089ec12677e7ade15e68a60", 0xb0}, {&(0x7f0000000c40)="176d6b3905505e2a41391bf6fd66d8ad4ebc86e07694005204b0151bfa8dc581a5be209d8850a950791f10f76de79651272a11f6d7267276ff1596a47826a90a0b74b425d8ff2bbea5c5732f69a908c45b4b348abc24d2cd2031a9508ef8e3594bd12ebc38c466f76d6ff3618471f4f6574e1043766375eb889750ca25429f976089462bf1b689280ebc67640f4534eef4b7ffd85963bc5d8b114670c00f76cbdd722662dce5fc58daf323bf987ef7d646a99794c02b62b30e189691c4be9094ea58e9df52d9dbd9e0fae7a4a130246680b2", 0xd2}, {&(0x7f0000000d40)="7edb39aa76e39c9fc185dd49e1d028ba5e90ec3bb54d3c486f189f406945a495fe7b4ad51446c162f581368e4d711db9add53f7917e1dc55ae9543ea21d63f85d9a5a996f6fa32ead42a9b7e97a7ae1b4a8f76ff9321b4ec76606f9709bb57eda4e8c45e797ff2cabc03a3d03ca57b523983", 0x72}], 0x5, 0x0, 0x0, 0xc0}], 0x2, 0x48040) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 13.836984357s ago: executing program 1 (id=65): connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xff}, 0x1c) socket$netlink(0x10, 0x3, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) pipe2$9p(&(0x7f0000000200), 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 13.329873162s ago: executing program 1 (id=68): socket$inet6(0x10, 0x3, 0x0) socket$xdp(0x2c, 0x3, 0x0) pipe2$9p(&(0x7f0000001900), 0x0) socket$packet(0x11, 0x3, 0x300) socket$unix(0x1, 0x2, 0x0) socket$kcm(0x2, 0x5, 0x0) socket$netlink(0x10, 0x3, 0x0) memfd_create(&(0x7f0000002b40)='/$!}\\\x00', 0x4) creat(&(0x7f0000000140)='./file0\x00', 0x2d) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[], 0x0) 13.183747327s ago: executing program 3 (id=69): socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101400, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="12000000de0000000800000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r2}, &(0x7f0000000180), &(0x7f0000000280)=r1}, 0x20) socket(0x2b, 0x80801, 0x1) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0x1000000f, 0x80000006}, 0x0, 0x0) 12.10152867s ago: executing program 3 (id=70): open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setresuid(0xee01, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x117) socket$tipc(0x1e, 0x2, 0x0) r2 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r2, 0x29, 0x2b, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff01000000000000000000000000000100"/120], 0x190) 11.327453613s ago: executing program 2 (id=71): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x6, 0x80, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000004c0), 0x8000, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0, 0x2}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000200)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000240)=0x1c) r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5) prlimit64(r4, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x0, 0x0, 0xf730ac4d9e9750df, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000280)='\x02\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00\xfaC\x93\xc0S\xaf\f\x1a\fEik\x86\x15\xab\x909\xf8i\xc0\xa7\xa9\xb1\xbe\xc7\x1d\xe0\x18\xd2\xbaG|\xd5fC\x8d\t\x00/I\x8b\xbf\x94\xf4\x96[us\x96\x90\x8d\x9d\xfb\xdc\x7f0&\xab\x17@)\xf1\xc3Q\xb2M :\xaa\x99G\xdd\xa9E6A]@>\f\xb1n\x1a\x8c\xc6e7{@\x90\x8fz\xfcf\x88\x15A\x0e\xbf\xb8\xff\xa8\xb9\xab\x83>\xf9I0\xdd\x93#\x1e\x00\xed#\xc9\xd0Uk\xa6b\xa6/\x15\x92\xc6,p\xc9\xce\xe1\xc3\xd5\x89Lw\x17\x16\x18\xddh\xc8\x81w\x1e\x7f\xc7\x16\xe5\x96\x03\t\xc3\x94\xc7\xeb\xd6.\xfa\xb3\xe0\x1f\xa9\x19\xfaS\x1f[T\x1e\xc5nX\x84\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=0\xc3\xbc\xfd\xce~\xe3\xcaO\"\xbb\xd1\x15\xf2y\xb91\x1d\xab\xeaO\x19\rH4\xc2\xe4\x922~K^K`55\xb7\xd1\n\xba\xb7,\xdb\xc2\x86\xc30bnc\x06\x06q\xe9\x97\fHA<\x94`\xf7H?\x86\xb8C9\b\x18vFWRdNee\xf1A\x06\x8f\x97\x99\xa5A\xfa\x94IfB\xa9\xf5\xd8\x83\xc5\b\x0eL\\Z\x80](f6D\x1a\xf7si\xa4l\xa8\x0f\xcc\xa1\xef\x1bCq\x0e\xf87\xfc\xce\x96cm\x83\x05S\x01Zj`dP:d\xba\x02\x14\xaa\x051\xd7\x87\x1b\xcb\xa2.\x89\x16CRx\x9b\x04\x1f\x8fA\t<\x99/\'tk\xcb\xd7|\x0f\xc9m\x95\x9a\n\v&\xca\xcd\x11\xec\xfd\x17a$.\xe9\x14\x8f\n\x15\x8d\rJ\x99\x8a\x87\x81\xc4S\x85L\xe5w\xa1\xbf\x91Q&6\x8e\xd1\x02\x19K\xd3\xab\xe5\xdc\xac\x05\x8dQ\xf4\x1aa\x86\xbc6\\\x06\xdf\x84\x00+F|\xa6\xc4\xab\x00G\xd0\x14N+\xf9\x84i?C\x81\x8eu\xd3\xcbg\xb7\a\xd9\x9a*\x17>\xac\x9d\x9d\xf6\t\xd8b\x19\x8a\x1e&\xde\x87-%\xf3\x8a2L\x1cQ2\f\x94\xf7\xf9\xadI\xedU\xabr\xe2\xe1\xc2{\b\xa8\xc2\n4\x0f\'\xed\xcc\xd7qG\xa7p\x8ct\xe3/l\v\x93\x8a\x95R\xd6\x19L\x85\x80\x18\x15\xcezn\xa8,i\xf1\x91@\xc0\xb1\a\xfd\xec\x95>\b(\xfa~O\xfd\xe2\a6b\x97\xc6$?;\x8eJ/P\x9d\x17\xaaU\xc4\b') openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) ioctl$int_in(r3, 0x5452, &(0x7f00000001c0)=0x1) 11.048097322s ago: executing program 3 (id=72): unshare(0x400) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x1, 0xa) fchdir(r2) r3 = open(&(0x7f0000000080)='./bus\x00', 0x1031c2, 0xb4) ftruncate(r3, 0x2007ffb) close(r0) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x404, &(0x7f00000000c0)={0xa, 0x4e24, 0x208, @loopback, 0x1c000000}, 0x1c) fcntl$notify(r4, 0x402, 0x8000003d) openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0) syz_usb_connect$midi(0x2, 0x40, &(0x7f0000000180)=ANY=[], 0x0) 7.449331982s ago: executing program 2 (id=73): kexec_load(0x3, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x5, 0xffffffff}], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0) sendmmsg$alg(r2, &(0x7f0000007640)=[{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000740)="bd9c629b909dddebc0508bf412865663aded7919352b141faa7dc00680ce5a44ff1ed1c813c6c1e58e28c509cd269d0e79fff4d2ea4c1da69fa672c4f5eb15788aa929e9f5c94e443cf68a1759ee805958a7c76c8c7f11a39ea32c019c2f2c8cce48d92d659f623081974c0135dc1fe2a057f725a843c083e0620ffa607d3b9570a5b4094fca255491844b3d5cb63bab3d76ad07f9503d1450f1fb860b18ac983285f983e51262c539312073482f1538d9588323b836e6e2b7704dff3cbf89c2b828c7613310eafd664c946b1a6728154b1877257a8abe3d983344da083b86aee35e6b9b0d93", 0xe6}], 0x1, &(0x7f00000008c0)=[@iv={0x68, 0x117, 0x2, 0x50, "bd19a432ebf20eb0a0ee39d005e869fe74b9842d9c92be0054aa20f9dbfeb8e59fa49c486a1a51c45c98c886185e506d1cf93255718fc79d6b6d1d434c678807c5ab4264c8ba94065d11d8ee27dd16f4"}, @assoc={0x18, 0x117, 0x4, 0x6}], 0x80, 0x40800}, {0x0, 0x0, &(0x7f0000003900)=[{&(0x7f00000009c0)="c2debd9e2d4617d17e01e704d3576f8b26b757ffa164a105efcaa28e5d52d4383258c148e95e4ee927dab4ba9cdbf4dbf6b0e19f8b7e9a95211ec6aedfd78a09200b7076afabdae9c87c6837e202845b6cf3ac6b728856d66eef286087e0154a40c153e5fe7505615fb53b33f629928c80aeea7fd091180968d44cd4544b6bb4c116f4d6c4c3d148eb273bd4fa76ad8f709ed07bd2a91564fc364f1b971b0e005fe1d24f1b0d7f157b695c625cc39aac2d6f07b11d926c", 0xb7}, {&(0x7f0000000ac0)="3fe4c8a328", 0x5}, {&(0x7f0000000b40)="86545d2157646172b815818bfd0e1457556266898579380233", 0x19}, {&(0x7f0000000b80)="0d4842ef613cd072196eae2d74d31c309df1c61a888039b1a23acbea852fb54afae1761845284c6e484aa5154a2b418ffe2ac1d6363010c9d8f2d75a71eb55849202714884c6a0a760f5e028016a68fc07407f5671a5a4a8c91e9d056039df63390376a7359c6fc2059d1e3ffeec1ff0f4c09099e8e61c268324d0fc621f6dc2912e4bd5316ff808ac5126ade9b759e1489c04a517e992d7b56d9df469c0c906000e0f82c089ec12677e7ade15e68a60", 0xb0}, {&(0x7f0000000c40)="176d6b3905505e2a41391bf6fd66d8ad4ebc86e07694005204b0151bfa8dc581a5be209d8850a950791f10f76de79651272a11f6d7267276ff1596a47826a90a0b74b425d8ff2bbea5c5732f69a908c45b4b348abc24d2cd2031a9508ef8e3594bd12ebc38c466f76d6ff3618471f4f6574e1043766375eb889750ca25429f976089462bf1b689280ebc67640f4534eef4b7ffd85963bc5d8b114670c00f76cbdd722662dce5fc58daf323bf987ef7d646a99794c02b62b30e189691c4be9094ea58e9df52d9dbd9e0fae7a4a130246680b2", 0xd2}], 0x5, 0x0, 0x0, 0xc0}], 0x2, 0x48040) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 6.86636711s ago: executing program 1 (id=74): ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000080)=0x6) 6.008450816s ago: executing program 0 (id=75): socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) socket$netlink(0x10, 0x3, 0xa) syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x40b00) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet(0x2, 0x4000000000000001, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet(0x2, 0x3, 0x8d) socket(0xa, 0x1, 0x0) socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x723080, 0x0) 5.86725361s ago: executing program 1 (id=76): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) add_key(0x0, 0x0, &(0x7f0000000000)="100c0681000000ba8b0ad775b31b", 0xe, 0xfffffffffffffffc) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000005feffff720af0fff8ffffff71a4f0ff000000002d030000000000001d400500000000004704000001ed000072030000000000001d44000000000000db0a00fee10000007303000000000000b500f3ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000190000404f045db600000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\"\a'], 0x0}, 0x0) 5.751750974s ago: executing program 0 (id=77): io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1a1}) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)) syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2) open(&(0x7f0000000180)='./bus\x00', 0x8517e, 0x8b) socket$inet6_udp(0xa, 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$vim2m(&(0x7f0000000340), 0xffff7fff, 0x2) eventfd2(0x4009, 0x801) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)}, {&(0x7f0000000100)="16000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec300059191b00867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0xff}, {0x0}], 0x3) 5.57877155s ago: executing program 0 (id=78): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc800) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000200)=0x10002000005) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x7, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001a400)=""/102384, 0x18ff0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000540)={0x48}) 5.409868065s ago: executing program 3 (id=79): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(r0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x0, 0x0, 0xf730ac4d9e9750df, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)}) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) 2.251970341s ago: executing program 0 (id=80): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="710501"], 0x15) 1.575939712s ago: executing program 3 (id=81): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="180000001800599c6d0e0000ded650492d"], 0xfe33) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0), 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, 0x0, &(0x7f0000000280)=r3}, 0x20) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r5, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r2}, 0x20) shutdown(r2, 0x0) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000b80)=""/4119, 0x1017}], 0x1}}], 0x1, 0x4002, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f00000001c0)={'netdevsim0\x00', 0x1}) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x280, 0x1000, 0x3, 0x1, 0x0, {0x0, 0x9}, {0x350, 0x20002, 0xfffffffd}, {0xf4ef, 0x0, 0x4}, {0x4, 0x0, 0x7fe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) setresgid(0xffffffffffffffff, 0xffffffffffffffff, 0xee00) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) socket$inet_sctp(0x2, 0x0, 0x84) 1.544987993s ago: executing program 1 (id=82): socket$inet6(0x10, 0x3, 0x0) socket$xdp(0x2c, 0x3, 0x0) pipe2$9p(&(0x7f0000001900), 0x0) socket$packet(0x11, 0x3, 0x300) socket$unix(0x1, 0x2, 0x0) socket$kcm(0x2, 0x5, 0x0) socket$netlink(0x10, 0x3, 0x0) memfd_create(&(0x7f0000002b40)='/$!}\\\x00', 0x4) creat(&(0x7f0000000140)='./file0\x00', 0x2d) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[], 0x0) 181.451325ms ago: executing program 2 (id=83): r0 = syz_open_procfs$namespace(0x0, 0x0) r1 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10) r3 = socket$kcm(0x29, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)) sendmmsg$inet(r3, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f0000000340)}}], 0x1, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) close(r3) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r5, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r5, 0x60}], 0x1, 0x0, 0x0, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000100)={r1, r2, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha256\x00'}, 0x0, 0x2d}) keyctl$dh_compute(0x17, &(0x7f0000000080)={r1, r2, r1}, &(0x7f0000000240)=""/186, 0xba, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 3 (id=84): rename(0x0, &(0x7f00000000c0)='./file0/../file0/file0\x00') ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000700)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x8890) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={0x0}, 0x1, 0x0, 0x0, 0x20040040}, 0x20004080) r0 = socket$alg(0x26, 0x5, 0x0) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000640)=ANY=[@ANYBLOB="736563757216ae2c69747900000000000000000000000000000000000000000000000004"], 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c235aa9c5", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = syz_usb_connect(0x5, 0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb10000000010200090502"], 0x0) syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.80' (ED25519) to the list of known hosts. [ 79.319824][ T5766] cgroup: Unknown subsys name 'net' [ 79.460635][ T5766] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.103947][ T5766] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.822268][ T5783] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.830678][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.840085][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.847967][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.855996][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.866311][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.874441][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.882691][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.890834][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 82.899287][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.929803][ T5789] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.951419][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 82.959338][ T5789] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.967377][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.969326][ T5783] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.977179][ T5789] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.981964][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.993768][ T5789] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.003657][ T5793] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.011967][ T5793] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 83.013397][ T5789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.027790][ T5793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.042203][ T5789] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 83.051497][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.512846][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 83.655466][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.663463][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.670938][ T5780] bridge_slave_0: entered allmulticast mode [ 83.678876][ T5780] bridge_slave_0: entered promiscuous mode [ 83.693759][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 83.711166][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.718424][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.726018][ T5780] bridge_slave_1: entered allmulticast mode [ 83.733616][ T5780] bridge_slave_1: entered promiscuous mode [ 83.788215][ T5778] chnl_net:caif_netlink_parms(): no params data found [ 83.802466][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.812577][ T5779] chnl_net:caif_netlink_parms(): no params data found [ 83.846095][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.947244][ T5780] team0: Port device team_slave_0 added [ 83.975918][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.983297][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.990643][ T5784] bridge_slave_0: entered allmulticast mode [ 83.998482][ T5784] bridge_slave_0: entered promiscuous mode [ 84.007856][ T5780] team0: Port device team_slave_1 added [ 84.037848][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.045126][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.053154][ T5784] bridge_slave_1: entered allmulticast mode [ 84.060663][ T5784] bridge_slave_1: entered promiscuous mode [ 84.127983][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.136687][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.164470][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.187453][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.195581][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.203014][ T5779] bridge_slave_0: entered allmulticast mode [ 84.210546][ T5779] bridge_slave_0: entered promiscuous mode [ 84.220341][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.231960][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.238939][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.265638][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.296418][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.303930][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.311113][ T5779] bridge_slave_1: entered allmulticast mode [ 84.318570][ T5779] bridge_slave_1: entered promiscuous mode [ 84.327788][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.337186][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.344629][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.352531][ T5778] bridge_slave_0: entered allmulticast mode [ 84.359564][ T5778] bridge_slave_0: entered promiscuous mode [ 84.369421][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.376873][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.384457][ T5778] bridge_slave_1: entered allmulticast mode [ 84.391820][ T5778] bridge_slave_1: entered promiscuous mode [ 84.479657][ T5784] team0: Port device team_slave_0 added [ 84.489032][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.502276][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.514126][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.537324][ T5784] team0: Port device team_slave_1 added [ 84.567864][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.585381][ T5780] hsr_slave_0: entered promiscuous mode [ 84.593930][ T5780] hsr_slave_1: entered promiscuous mode [ 84.636899][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.643972][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.670058][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.697908][ T5778] team0: Port device team_slave_0 added [ 84.707119][ T5778] team0: Port device team_slave_1 added [ 84.723811][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.730812][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.757165][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.795324][ T5779] team0: Port device team_slave_0 added [ 84.845346][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.852450][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.878709][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.892803][ T5779] team0: Port device team_slave_1 added [ 84.899284][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.906596][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.932684][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.021303][ T5784] hsr_slave_0: entered promiscuous mode [ 85.027907][ T5784] hsr_slave_1: entered promiscuous mode [ 85.036975][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.045014][ T5784] Cannot create hsr debugfs directory [ 85.051686][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.058684][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.086048][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.090841][ T5789] Bluetooth: hci2: command tx timeout [ 85.102939][ T5789] Bluetooth: hci3: command tx timeout [ 85.145225][ T5778] hsr_slave_0: entered promiscuous mode [ 85.151638][ T5087] Bluetooth: hci0: command tx timeout [ 85.151659][ T5789] Bluetooth: hci1: command tx timeout [ 85.163559][ T5778] hsr_slave_1: entered promiscuous mode [ 85.170232][ T5778] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.178397][ T5778] Cannot create hsr debugfs directory [ 85.187347][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.194785][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.221645][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.367429][ T5779] hsr_slave_0: entered promiscuous mode [ 85.375353][ T5779] hsr_slave_1: entered promiscuous mode [ 85.382100][ T5779] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.389704][ T5779] Cannot create hsr debugfs directory [ 85.644881][ T5780] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.657813][ T5780] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.669644][ T5780] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.705208][ T5780] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 85.803169][ T5784] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 85.824554][ T5784] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 85.838677][ T5784] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 85.849558][ T5784] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 85.958688][ T5778] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 85.983906][ T5778] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 85.997212][ T5778] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.008033][ T5778] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 86.124942][ T5779] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.136328][ T5779] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.153046][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.167654][ T5779] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.188424][ T5779] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.228278][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.262598][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.269992][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.287483][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.320614][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.327978][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.369851][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.385963][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.393273][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.415146][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.437266][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.444518][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.507040][ T5778] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.543480][ T3494] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.550683][ T3494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.606026][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.613375][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.652402][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.733893][ T5779] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.798118][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.805385][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.857153][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.864387][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.089580][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.152594][ T5087] Bluetooth: hci3: command tx timeout [ 87.158074][ T5087] Bluetooth: hci2: command tx timeout [ 87.231650][ T5087] Bluetooth: hci1: command tx timeout [ 87.233103][ T5789] Bluetooth: hci0: command tx timeout [ 87.308657][ T5780] veth0_vlan: entered promiscuous mode [ 87.326478][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.412565][ T5780] veth1_vlan: entered promiscuous mode [ 87.524976][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.575262][ T5784] veth0_vlan: entered promiscuous mode [ 87.603096][ T5780] veth0_macvtap: entered promiscuous mode [ 87.646332][ T5784] veth1_vlan: entered promiscuous mode [ 87.709123][ T5780] veth1_macvtap: entered promiscuous mode [ 87.760905][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.822225][ T5778] veth0_vlan: entered promiscuous mode [ 87.877720][ T5784] veth0_macvtap: entered promiscuous mode [ 87.916487][ T5784] veth1_macvtap: entered promiscuous mode [ 87.927392][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.940510][ T5778] veth1_vlan: entered promiscuous mode [ 87.963650][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.999354][ T5779] veth0_vlan: entered promiscuous mode [ 88.030821][ T5780] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.042476][ T5780] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.051496][ T5780] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.060235][ T5780] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.089880][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.102872][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.117694][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.140711][ T5779] veth1_vlan: entered promiscuous mode [ 88.166762][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.177467][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.189738][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.219505][ T5778] veth0_macvtap: entered promiscuous mode [ 88.250390][ T5778] veth1_macvtap: entered promiscuous mode [ 88.270745][ T5784] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.284829][ T5784] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.293656][ T5784] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.302618][ T5784] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.361011][ T5779] veth0_macvtap: entered promiscuous mode [ 88.393591][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.404408][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.414394][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.428084][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.440685][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.454487][ T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.474890][ T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.485825][ T5779] veth1_macvtap: entered promiscuous mode [ 88.504081][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.519501][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.529653][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.540393][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.553554][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.598622][ T3494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.612164][ T3494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.625645][ T5778] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.635821][ T5778] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.645768][ T5778] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.654963][ T5778] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.724008][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.739802][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.750734][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.763162][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.773488][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.784375][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.796427][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.835934][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.856396][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.867328][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.878242][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.888675][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.900441][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.912897][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.944091][ T5779] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.962610][ T5779] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.975680][ T5779] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.985385][ T5779] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.027174][ T3494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.039702][ T3494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.191624][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.200927][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.235203][ T3519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.254084][ T5789] Bluetooth: hci3: command tx timeout [ 89.259564][ T5789] Bluetooth: hci2: command tx timeout [ 89.283282][ T3519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.312808][ T5789] Bluetooth: hci1: command tx timeout [ 89.321545][ T5789] Bluetooth: hci0: command tx timeout [ 89.464210][ T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.476098][ T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.659478][ T5851] block device autoloading is deprecated and will be removed. [ 90.384936][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.415425][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.440078][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.461427][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.311499][ T5789] Bluetooth: hci2: command tx timeout [ 91.317015][ T5789] Bluetooth: hci3: command tx timeout [ 91.391936][ T5087] Bluetooth: hci1: command tx timeout [ 91.397484][ T5789] Bluetooth: hci0: command tx timeout [ 92.037887][ T8] cfg80211: failed to load regulatory.db [ 93.631651][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!! [ 94.041344][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.096657][ T5768] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 95.301551][ T5768] usb 1-1: Using ep0 maxpacket: 16 [ 95.332809][ T5768] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 95.370866][ T5768] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 95.402184][ T5768] usb 1-1: config 0 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 95.431756][ T5768] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 95.474812][ T5768] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 95.502986][ T5768] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 95.525104][ T5768] usb 1-1: Manufacturer: syz [ 95.544416][ T5768] usb 1-1: config 0 descriptor?? [ 99.074330][ T5768] usb 1-1: USB disconnect, device number 2 [ 99.217922][ T5917] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.311248][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 102.231335][ T5846] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 102.281434][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 102.431329][ T5846] usb 2-1: Using ep0 maxpacket: 8 [ 102.452536][ T5846] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 102.471283][ T23] usb 3-1: Using ep0 maxpacket: 16 [ 102.476624][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.491407][ T5846] usb 2-1: Product: syz [ 102.497366][ T23] usb 3-1: config 0 has an invalid descriptor of length 176, skipping remainder of the config [ 102.518235][ T5846] usb 2-1: Manufacturer: syz [ 102.523490][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 102.534743][ T5846] usb 2-1: SerialNumber: syz [ 102.545651][ T5846] usb 2-1: config 0 descriptor?? [ 102.557135][ T23] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFA, skipping [ 102.570221][ T5846] gspca_main: se401-2.14.0 probing 047d:5003 [ 102.581462][ T23] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 102.597823][ T23] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 102.611877][ T23] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 102.630626][ T23] usb 3-1: Manufacturer: syz [ 102.646283][ T23] usb 3-1: config 0 descriptor?? [ 102.761046][ T5941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.794652][ T5941] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.944599][ T5947] netlink: 24 bytes leftover after parsing attributes in process `syz.0.30'. [ 103.236044][ T5846] input: se401 as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5 [ 103.296474][ T5846] usb 2-1: USB disconnect, device number 2 [ 104.634598][ T5963] snd_dummy snd_dummy.0: control 0:57412:0:syz0:0 is already present [ 105.873953][ T8] usb 3-1: USB disconnect, device number 2 [ 108.089542][ T5978] syz.3.42[5978]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 111.131394][ T23] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 111.443498][ T6004] Can't find a SQUASHFS superblock on nullb0 [ 111.481625][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 111.487906][ T23] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.487938][ T23] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 111.491746][ T23] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 111.491767][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.491782][ T23] usb 4-1: Product: syz [ 111.491792][ T23] usb 4-1: Manufacturer: syz [ 111.491802][ T23] usb 4-1: SerialNumber: syz [ 112.124396][ T23] usb 4-1: 0:2 : does not exist [ 112.129655][ T23] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 112.179708][ T23] usb 4-1: USB disconnect, device number 2 [ 112.304433][ T5781] udevd[5781]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 115.361242][ C0] sched: RT throttling activated [ 117.471598][ T975] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 117.651383][ T975] usb 2-1: device descriptor read/64, error -71 [ 118.001428][ T975] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 118.221396][ T975] usb 2-1: device descriptor read/64, error -71 [ 118.362798][ T975] usb usb2-port1: attempt power cycle [ 118.823439][ T975] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 118.886837][ T975] usb 2-1: device descriptor read/8, error -71 [ 121.201373][ T975] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 122.771793][ T975] usb 2-1: device descriptor read/8, error -71 [ 122.921483][ T5768] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 123.014104][ T975] usb usb2-port1: unable to enumerate USB device [ 123.203421][ T5768] usb 4-1: device descriptor read/64, error -71 [ 123.637856][ T5768] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 124.005975][ T5768] usb 4-1: device descriptor read/64, error -71 [ 124.231815][ T5768] usb usb4-port1: attempt power cycle [ 124.651867][ T5822] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 125.591783][ T6096] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 125.617434][ T5822] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.742928][ T5822] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.756538][ T5822] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 125.767870][ T5822] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.803634][ T5822] usb 2-1: config 0 descriptor?? [ 126.201236][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 126.501539][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 127.001456][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 127.191217][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 127.291215][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.587878][ T5822] usbhid 2-1:0.0: can't add hid device: -71 [ 128.601465][ T5822] usbhid: probe of 2-1:0.0 failed with error -71 [ 128.662860][ T5822] usb 2-1: USB disconnect, device number 7 [ 129.181298][ T5822] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 129.361439][ T5822] usb 2-1: device descriptor read/64, error -71 [ 129.840853][ T5822] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 129.991377][ T5822] usb 2-1: device descriptor read/64, error -71 [ 130.125692][ T5822] usb usb2-port1: attempt power cycle [ 130.551895][ T5822] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 130.594371][ T5822] usb 2-1: device descriptor read/8, error -71 [ 130.711925][ T5789] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 130.721868][ T5789] CPU: 1 PID: 5789 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 130.729457][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 130.739555][ T5789] Workqueue: hci2 hci_rx_work [ 130.744338][ T5789] Call Trace: [ 130.747662][ T5789] [ 130.750651][ T5789] dump_stack_lvl+0x18c/0x250 [ 130.755421][ T5789] ? show_regs_print_info+0x20/0x20 [ 130.760678][ T5789] ? load_image+0x420/0x420 [ 130.765255][ T5789] sysfs_create_dir_ns+0x26e/0x2a0 [ 130.770423][ T5789] ? sysfs_warn_dup+0xa0/0xa0 [ 130.775149][ T5789] ? do_raw_spin_unlock+0x121/0x230 [ 130.780408][ T5789] kobject_add_internal+0x61c/0xcc0 [ 130.785673][ T5789] kobject_add+0x164/0x240 [ 130.790148][ T5789] ? __rwlock_init+0x150/0x150 [ 130.794966][ T5789] ? kobject_init+0x1e0/0x1e0 [ 130.799698][ T5789] ? _raw_spin_unlock+0x28/0x40 [ 130.804614][ T5789] ? get_device_parent+0x366/0x390 [ 130.809792][ T5789] device_add+0x408/0xc50 [ 130.814184][ T5789] hci_conn_add_sysfs+0xd5/0x1e0 [ 130.819177][ T5789] le_conn_complete_evt+0xf5d/0x1540 [ 130.824496][ T5789] ? hci_event_packet+0x4cb/0x1270 [ 130.829653][ T5789] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 130.835917][ T5789] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 130.841577][ T5789] ? skb_pull_data+0xfb/0x200 [ 130.846288][ T5789] hci_le_conn_complete_evt+0x187/0x440 [ 130.851861][ T5789] ? hci_remote_host_features_evt+0x150/0x150 [ 130.857952][ T5789] hci_event_packet+0x7ba/0x1270 [ 130.862957][ T5789] ? bis_list+0x290/0x290 [ 130.867335][ T5789] ? lockdep_hardirqs_on+0x98/0x150 [ 130.872562][ T5789] ? hci_send_to_monitor+0xd7/0x4f0 [ 130.877802][ T5789] hci_rx_work+0x43a/0xd60 [ 130.882251][ T5789] ? process_scheduled_works+0x96f/0x15d0 [ 130.888000][ T5789] process_scheduled_works+0xa5d/0x15d0 [ 130.893596][ T5789] ? worker_attach_to_pool+0x380/0x380 [ 130.899087][ T5789] ? assign_work+0x3d2/0x5d0 [ 130.903712][ T5789] worker_thread+0xa55/0xfc0 [ 130.908356][ T5789] kthread+0x2fa/0x390 [ 130.912455][ T5789] ? pr_cont_work+0x560/0x560 [ 130.917182][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 130.921799][ T5789] ret_from_fork+0x48/0x80 [ 130.926247][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 130.930862][ T5789] ret_from_fork_asm+0x11/0x20 [ 130.935671][ T5789] [ 130.939651][ C1] vkms_vblank_simulate: vblank timer overrun [ 130.948387][ T5789] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 130.962654][ T5789] Bluetooth: hci2: failed to register connection device [ 130.979256][ T5789] ================================================================== [ 130.987454][ T5789] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6df/0x1070 [ 130.995469][ T5789] Read of size 8 at addr ffff88805fe3d480 by task kworker/u5:5/5789 [ 131.003462][ T5789] [ 131.005807][ T5789] CPU: 1 PID: 5789 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 131.013374][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 131.023454][ T5789] Workqueue: hci2 hci_rx_work [ 131.028164][ T5789] Call Trace: [ 131.031469][ T5789] [ 131.034422][ T5789] dump_stack_lvl+0x18c/0x250 [ 131.039124][ T5789] ? __lock_acquire+0x7d40/0x7d40 [ 131.044168][ T5789] ? show_regs_print_info+0x20/0x20 [ 131.049388][ T5789] ? load_image+0x420/0x420 [ 131.053917][ T5789] ? __virt_addr_valid+0x469/0x540 [ 131.059065][ T5789] print_report+0xa8/0x210 [ 131.063501][ T5789] ? l2cap_connect_cfm+0x6df/0x1070 [ 131.068715][ T5789] kasan_report+0x117/0x150 [ 131.073248][ T5789] ? l2cap_connect_cfm+0x6df/0x1070 [ 131.078473][ T5789] l2cap_connect_cfm+0x6df/0x1070 [ 131.083522][ T5789] ? l2cap_ertm_resend+0x1040/0x1040 [ 131.088826][ T5789] ? l2cap_ertm_resend+0x1040/0x1040 [ 131.094133][ T5789] hci_connect_cfm+0x8f/0x130 [ 131.098840][ T5789] le_conn_complete_evt+0xfdc/0x1540 [ 131.104152][ T5789] ? hci_event_packet+0x4cb/0x1270 [ 131.109304][ T5789] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 131.115582][ T5789] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 131.121252][ T5789] ? skb_pull_data+0xfb/0x200 [ 131.125971][ T5789] hci_le_conn_complete_evt+0x187/0x440 [ 131.131544][ T5789] ? hci_remote_host_features_evt+0x150/0x150 [ 131.137637][ T5789] hci_event_packet+0x7ba/0x1270 [ 131.142607][ T5789] ? bis_list+0x290/0x290 [ 131.146963][ T5789] ? lockdep_hardirqs_on+0x98/0x150 [ 131.152189][ T5789] ? hci_send_to_monitor+0xd7/0x4f0 [ 131.157413][ T5789] hci_rx_work+0x43a/0xd60 [ 131.161865][ T5789] ? process_scheduled_works+0x96f/0x15d0 [ 131.167625][ T5789] process_scheduled_works+0xa5d/0x15d0 [ 131.173208][ T5789] ? worker_attach_to_pool+0x380/0x380 [ 131.178694][ T5789] ? assign_work+0x3d2/0x5d0 [ 131.183314][ T5789] worker_thread+0xa55/0xfc0 [ 131.187949][ T5789] kthread+0x2fa/0x390 [ 131.192039][ T5789] ? pr_cont_work+0x560/0x560 [ 131.196742][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 131.201364][ T5789] ret_from_fork+0x48/0x80 [ 131.205800][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 131.210409][ T5789] ret_from_fork_asm+0x11/0x20 [ 131.215203][ T5789] [ 131.218236][ T5789] [ 131.220570][ T5789] Allocated by task 5789: [ 131.224926][ T5789] kasan_set_track+0x4e/0x70 [ 131.229641][ T5789] __kasan_kmalloc+0x8f/0xa0 [ 131.234265][ T5789] l2cap_chan_create+0x50/0x760 [ 131.239149][ T5789] l2cap_sock_new_connection_cb+0x191/0x2b0 [ 131.245069][ T5789] l2cap_connect_cfm+0x375/0x1070 [ 131.250115][ T5789] hci_connect_cfm+0x8f/0x130 [ 131.254826][ T5789] le_conn_complete_evt+0xfdc/0x1540 [ 131.260136][ T5789] hci_le_conn_complete_evt+0x187/0x440 [ 131.265707][ T5789] hci_event_packet+0x7ba/0x1270 [ 131.270673][ T5789] hci_rx_work+0x43a/0xd60 [ 131.275112][ T5789] process_scheduled_works+0xa5d/0x15d0 [ 131.280697][ T5789] worker_thread+0xa55/0xfc0 [ 131.285310][ T5789] kthread+0x2fa/0x390 [ 131.289394][ T5789] ret_from_fork+0x48/0x80 [ 131.293834][ T5789] ret_from_fork_asm+0x11/0x20 [ 131.298630][ T5789] [ 131.300974][ T5789] Freed by task 6118: [ 131.304968][ T5789] kasan_set_track+0x4e/0x70 [ 131.309763][ T5789] kasan_save_free_info+0x2e/0x50 [ 131.314814][ T5789] ____kasan_slab_free+0x126/0x1e0 [ 131.319964][ T5789] slab_free_freelist_hook+0x130/0x1a0 [ 131.325445][ T5789] __kmem_cache_free+0xba/0x1e0 [ 131.330328][ T5789] l2cap_sock_destruct+0x97/0x280 [ 131.335372][ T5789] __sk_destruct+0x83/0x660 [ 131.339924][ T5789] l2cap_sock_cleanup_listen+0x1d9/0x520 [ 131.345754][ T5789] l2cap_sock_release+0x6a/0x1e0 [ 131.350713][ T5789] sock_close+0xbd/0x230 [ 131.354991][ T5789] __fput+0x234/0x970 [ 131.358998][ T5789] task_work_run+0x1d4/0x260 [ 131.363644][ T5789] exit_to_user_mode_loop+0xe6/0x110 [ 131.368957][ T5789] exit_to_user_mode_prepare+0xee/0x180 [ 131.374530][ T5789] syscall_exit_to_user_mode+0x1a/0x50 [ 131.380021][ T5789] do_syscall_64+0x61/0xb0 [ 131.384461][ T5789] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 131.390381][ T5789] [ 131.392720][ T5789] The buggy address belongs to the object at ffff88805fe3d000 [ 131.392720][ T5789] which belongs to the cache kmalloc-2k of size 2048 [ 131.406794][ T5789] The buggy address is located 1152 bytes inside of [ 131.406794][ T5789] freed 2048-byte region [ffff88805fe3d000, ffff88805fe3d800) [ 131.420783][ T5789] [ 131.423127][ T5789] The buggy address belongs to the physical page: [ 131.429564][ T5789] page:ffffea00017f8e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5fe38 [ 131.439739][ T5789] head:ffffea00017f8e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 131.448702][ T5789] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 131.456727][ T5789] page_type: 0xffffffff() [ 131.461074][ T5789] raw: 00fff00000000840 ffff888017c42000 dead000000000100 dead000000000122 [ 131.469676][ T5789] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 131.478274][ T5789] page dumped because: kasan: bad access detected [ 131.484711][ T5789] page_owner tracks the page as allocated [ 131.490446][ T5789] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5779, tgid 5779 (syz-executor), ts 83262792722, free_ts 28158200973 [ 131.512794][ T5789] post_alloc_hook+0x1c1/0x200 [ 131.517598][ T5789] get_page_from_freelist+0x1951/0x19e0 [ 131.523167][ T5789] __alloc_pages+0x1f0/0x460 [ 131.527779][ T5789] alloc_slab_page+0x5d/0x160 [ 131.532491][ T5789] new_slab+0x87/0x2d0 [ 131.536617][ T5789] ___slab_alloc+0xc5d/0x12f0 [ 131.541329][ T5789] __kmem_cache_alloc_node+0x19e/0x250 [ 131.546821][ T5789] __kmalloc_node_track_caller+0xa2/0x230 [ 131.552660][ T5789] kmalloc_reserve+0x116/0x240 [ 131.557452][ T5789] pskb_expand_head+0x180/0x1190 [ 131.562520][ T5789] netlink_trim+0x180/0x220 [ 131.567065][ T5789] netlink_broadcast_filtered+0x80/0x1110 [ 131.572831][ T5789] nlmsg_notify+0xf0/0x1a0 [ 131.577304][ T5789] register_netdevice+0x17b8/0x1bb0 [ 131.582533][ T5789] __ip_tunnel_create+0x3bc/0x4d0 [ 131.587607][ T5789] ip_tunnel_init_net+0x2df/0x790 [ 131.592671][ T5789] page last free stack trace: [ 131.597361][ T5789] free_unref_page_prepare+0x7b2/0x8c0 [ 131.602857][ T5789] free_unref_page+0x32/0x2e0 [ 131.607566][ T5789] free_contig_range+0xa1/0x150 [ 131.612443][ T5789] destroy_args+0x80/0x850 [ 131.616918][ T5789] debug_vm_pgtable+0x411/0x440 [ 131.621800][ T5789] do_one_initcall+0x242/0x790 [ 131.626601][ T5789] do_initcall_level+0x137/0x1f0 [ 131.631578][ T5789] do_initcalls+0x69/0xd0 [ 131.635946][ T5789] kernel_init_freeable+0x3ed/0x580 [ 131.641173][ T5789] kernel_init+0x1d/0x1c0 [ 131.645542][ T5789] ret_from_fork+0x48/0x80 [ 131.649988][ T5789] ret_from_fork_asm+0x11/0x20 [ 131.654791][ T5789] [ 131.657132][ T5789] Memory state around the buggy address: [ 131.662784][ T5789] ffff88805fe3d380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.670861][ T5789] ffff88805fe3d400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.678943][ T5789] >ffff88805fe3d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.687023][ T5789] ^ [ 131.691107][ T5789] ffff88805fe3d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.699192][ T5789] ffff88805fe3d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 131.707268][ T5789] ================================================================== [ 131.715413][ C1] vkms_vblank_simulate: vblank timer overrun [ 131.735879][ T5789] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 131.743143][ T5789] CPU: 1 PID: 5789 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 131.750721][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 131.760805][ T5789] Workqueue: hci2 hci_rx_work [ 131.765550][ T5789] Call Trace: [ 131.768866][ T5789] [ 131.771837][ T5789] dump_stack_lvl+0x18c/0x250 [ 131.776567][ T5789] ? show_regs_print_info+0x20/0x20 [ 131.781819][ T5789] ? load_image+0x420/0x420 [ 131.786372][ T5789] panic+0x2dc/0x730 [ 131.790315][ T5789] ? bpf_jit_dump+0xd0/0xd0 [ 131.794870][ T5789] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 131.800905][ T5789] ? _raw_spin_unlock+0x40/0x40 [ 131.805802][ T5789] ? print_memory_metadata+0x314/0x400 [ 131.811302][ T5789] ? l2cap_connect_cfm+0x6df/0x1070 [ 131.816545][ T5789] check_panic_on_warn+0x84/0xa0 [ 131.821527][ T5789] ? l2cap_connect_cfm+0x6df/0x1070 [ 131.826766][ T5789] end_report+0x6f/0x130 [ 131.831052][ T5789] kasan_report+0x128/0x150 [ 131.835586][ T5789] ? l2cap_connect_cfm+0x6df/0x1070 [ 131.840806][ T5789] l2cap_connect_cfm+0x6df/0x1070 [ 131.845859][ T5789] ? l2cap_ertm_resend+0x1040/0x1040 [ 131.851166][ T5789] ? l2cap_ertm_resend+0x1040/0x1040 [ 131.856480][ T5789] hci_connect_cfm+0x8f/0x130 [ 131.861192][ T5789] le_conn_complete_evt+0xfdc/0x1540 [ 131.866543][ T5789] ? hci_event_packet+0x4cb/0x1270 [ 131.871696][ T5789] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 131.877969][ T5789] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 131.883637][ T5789] ? skb_pull_data+0xfb/0x200 [ 131.888343][ T5789] hci_le_conn_complete_evt+0x187/0x440 [ 131.893918][ T5789] ? hci_remote_host_features_evt+0x150/0x150 [ 131.900018][ T5789] hci_event_packet+0x7ba/0x1270 [ 131.904991][ T5789] ? bis_list+0x290/0x290 [ 131.909348][ T5789] ? lockdep_hardirqs_on+0x98/0x150 [ 131.914599][ T5789] ? hci_send_to_monitor+0xd7/0x4f0 [ 131.919831][ T5789] hci_rx_work+0x43a/0xd60 [ 131.924274][ T5789] ? process_scheduled_works+0x96f/0x15d0 [ 131.930022][ T5789] process_scheduled_works+0xa5d/0x15d0 [ 131.935619][ T5789] ? worker_attach_to_pool+0x380/0x380 [ 131.941108][ T5789] ? assign_work+0x3d2/0x5d0 [ 131.945743][ T5789] worker_thread+0xa55/0xfc0 [ 131.950367][ T5789] kthread+0x2fa/0x390 [ 131.954455][ T5789] ? pr_cont_work+0x560/0x560 [ 131.959157][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 131.963763][ T5789] ret_from_fork+0x48/0x80 [ 131.968203][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 131.972812][ T5789] ret_from_fork_asm+0x11/0x20 [ 131.977608][ T5789] [ 131.981213][ T5789] Kernel Offset: disabled [ 131.985547][ T5789] Rebooting in 86400 seconds..