last executing test programs: 23.259250491s ago: executing program 3 (id=142): openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x2, 0x44, &(0x7f0000000800)={{0x12, 0x1, 0x0, 0x38, 0xb5, 0x11, 0x40, 0x6b86, 0xc211, 0x25ca, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x32, 0x1, 0x4, 0x0, 0x0, 0x2, [{{0x9, 0x4, 0x79, 0x3, 0x2, 0x8, 0x6, 0x62, 0x49, [], [{{0x9, 0x5, 0x6, 0x0, 0x40, 0xfd, 0x1, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x40, 0x100}]}}, {{0x9, 0x5, 0xe, 0x10, 0x40, 0x4, 0xa0, 0xa1}}]}}]}}]}}, 0x0) 19.961842663s ago: executing program 1 (id=146): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x35) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0x80045505, &(0x7f0000000040)=@usbdevfs_disconnect={0xffffffff}) ioctl$USBDEVFS_SETCONFIGURATION(r0, 0x80045505, &(0x7f0000000000)=0x1) 19.887264693s ago: executing program 3 (id=148): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_emit_ethernet(0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="ffffffffffff0180c200000008004500002d0000e00000119078000000000000000000000000001990782208000000000000bb03be81ea198111772d3be3125e4d20b1502e4fb93a6c5ee6dd63256151f3e22632099c3b7cbfaed855a4ec8859b812fddefae813c2dd7b44496b837eb80158bb493be7f5517c8c3528bf19facb1d6d35a9b04cdede0b98ad7d3da24baa8023d422ec4c1273b07267"], 0x0) syz_emit_ethernet(0x6e2, &(0x7f0000000540)=ANY=[@ANYBLOB="0180c2000002bbbbbbbbbbbb080045fc06d4000000020011907800000000000000000000000006c09078e2060000000000005e68e8b27bfd4e6d14d576d6473f793e5f1d71a9d0922314ce6c673dbbf360840c1cf8229733e77416b9c06c79c7906094de9cbe915b0f174bb67698e0a4a4768d094f2e19694a2fff0a603431f1d5dd04fc34ec4f384a94e6102588b787ee83e6b24a48607e4a967abdd25d8415893a51df91ec6efe6cdc736fcf2af3fb00928c08cf9b26f596680f99fdcfc866362121c731b570e6d5cbde119144907d6aa77f75e452e711515745e59c437c1e42009aae12e2a1b5312d2bc11da583e24e5ca37f8e9f03b8a7d4b75ac64ab988ac9648ac384123d5a14a7c9723df4dc1325ab2aecbca8162d223cfb54bb69eda67ad6de6d988c63f3c70276e0488f207107986c95a26da74cf5f7e6ceb547fd5c335c60e3e3c2b265b710e0dc2a793e0f8aaaa76030ef89369358639c227225f29a292c976509790b8a111a22c44e8378eb88778347e0f20873f1f94275a6563fb097efa6e1f2ea3468b21c405dbb7b098503ea5db97c761050c0ac95943e8a083ba7721f45cadd3614a57ffcf14f6d32c065a004cfa884ae47664932c825ffe3f1cf38e9b3f6c184a1485c169df3a64cae827ef47cbcb3f5756d3c3ff097eb603930419b987c2b57cc36537a23a68f5aca7a36de077a3897018ee89eb3849376d523e71cf3c4fdceeda6373f91455f5844635a78e44324cb4b65fda388722f4ae708ae6b9667cac40f72b0a8df210983c09d5fd8016d30bbd82cf141f5e58b37e7de567f0f866313df5a63b9b5f4d5516720a319ede0a2e4309a01fa824786ae6c2a5a0d7a6a083206d8256e53397dbd9892bec537a38fee4b167e474b7934383f7355917073c3b129d0da37fec98a17d5a7166adea1c7c105a60979b4c1a30eef86eaf4fab29ea75d4797207143749258fd66f438c8f94477703176b48db8734c0e4f7bfdd5697612f2dda2b0d270475cd2543bcb5a9b7484a1fe5f59bd11041cee45cdc970416d33e67f84cb6906d39e9454f6219060c4bf68138952650f230fd8734594e760f66e388beb4df344acafa5b0e0df532e544fd746143c17b8b17a60d675dfe2b071893c8f11fc9048d9b2de56e38a177cd0486ddc84e0a115399d6b7e8e021cc0539e843edbaa340a70f22fc7307f3b10e05f4506d8654e7faec5e1f4273c1b3ab78bfa1c3fff5e6aac49971706a590873a6ef23ce0d830efe89466f047419b9756f0c1f6c6c67bea4bd0ac08f7ff27b0b9a90020000000000000068b0a3d81078ed1f68233f2e2c13db986f71be473f9320fc0e3b99297460ebb7584dc0da1c4736581a305c54806940bb391975cffeded681c454359171230ef3c79462eb58ef42690e24c1ad4b69607f74c0f3a4f80922de07c03c35561427b00b3aab0fed6756a3f5504c8cfa7cf88afed32fe1995a850000000014de7466bd88f74d7a0e7cfacabfde417e2645733f965433293d835eeb56c8fa9d7f0721a0479ff6fb57f3916abe7f03b700bdfaf94e94cbaf56cf9fe869684981db4a6c402106ad87a50e6862d89ada4a22ea941b4f7f2bd6e706496bd1fab1c01e1c4b085f43ef1b482477f73e203fcac51a3d21a271b087e623b80141cca5584553d8cee175068ead0754818e3e1048b79913d6813946175fca5f01a253f36f31044dea17a3acc7f9d800f99d3d8ee7ef98036175155020b20a107be43941f64f8775b2ffda29244340cd33ee7d805a757e7f67694aa300aa71dbde3a61ce2fc36b1c8e6ddd9c500ed5737e7ca4fe204fc63aa434df5abb619828132e3ddc81beb18579fb8ab2a5a3c2681853418c0145acf63156c619afb579128e6714589b73ec373f11c1c5e4a27e8b0bb8f067efa9b9fc07a2ea12a353a653a930bb81719de7d6931120a6e5260e5a4da5a9555ca2c0e13b149d5ccaab0bfd6762124e8863acb2ad26fc2bc9b9a34eaf85c201bdb8cc4eb50acf489a49bcd171b521c0472310e74d5d603b2bdae30b6c29601d1579a439f429ad52ae52f940403f36ed23e8c842597f1422513e062e625dac47f1a4a020d2714f247060767e308e93591c17c5816e480c1809a9f6a694550e210595429bbea5a184dd1d4103290a32e530fe4d8ff75588b3c63fd89defbad3d040ed0aabb0af6aebd7ea3749d46a33fd4be029e382db8df98a17b5189154ea76f5f78daf64507c4e07da34338b27470821643005e674bfd53e7062c57befe788188e17e44062f0c98620d8d59f3269fca19bb9a6645e46df62efdfa0d0a1bbb955a17f803019dc985c263aecceb363314caa1dce5e36de5c3a0b2a3142daa2a8a3bb8cea350b1252f3c4572256d02609a1b4b3234246748dc89d00bc8f6cf26558a7a7bb246b85d26a51ddbeba6678f4e8c5cf74d8dd92159b302e44ad81603c9baa8dd6abbc58aefc9b60f0c27dad2b00"/1772], 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)="37dd34d0043939cd0d361d9cfa70d317d6c322044d29ed17ac77f315e20c99020bd12f587bdab284fe76a76dca1be6cae7e34d1b0eeca6d0143081e01c4721f412164de87d17c4540c06db44258d07417a230273574be4ab0dd3df136eb240d5e1e23672891b5c1f2b778fc4f23fc5b0b99d566b92175207e5c9018d433eb535324a12c96c3126818ddeab70e12ab159e0c8df0a7d60cb092bc694bb14e98b79db637a91ebcccf0654ea26475e98d89e68619ce379685c2ed2e8238d878d14f188d49de353c73426ddb467cea16af1dbf7a8174881644023ccb7d7b774dd0c", 0xdf) mmap(&(0x7f00007f8000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@generic={&(0x7f00000000c0)='./file0\x00', 0x0, 0x8}, 0x18) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) getgroups(0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)) setregid(0xffffffffffffffff, 0x0) socket$inet(0x2, 0x2, 0x1) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) shmctl$SHM_LOCK(0x0, 0xb) r3 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r3, 0xc0406619, &(0x7f0000000080)={@id={0x2, 0x0, @d}}) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0) creat(&(0x7f0000000200)='./file0\x00', 0x0) 18.44323815s ago: executing program 3 (id=150): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x1}, @window={0x3, 0x8, 0x6}, @timestamp, @sack_perm, @window={0x3, 0x1, 0x5}], 0x7) sendto$inet(r0, &(0x7f00000007c0)='%', 0x1, 0xe044, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000380)='x', 0x1, 0x480c1, 0x0, 0x0) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x810, 0x0, 0x0) 16.882200245s ago: executing program 0 (id=153): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\xfa\x8b\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x845n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\xfey\bJ\x86\x8d\xdf\x16\xbb3\x85\xf5\xe0zYe\xc2\n\x0f\x87\xc4\x8f\x8e\xec\xee\xcd\f\xe9\xc8\xbc\x97,\xb7!\xf2\x93\xd3\t\xd9=\x93\x1d\x945\x97\x1e\x9d\xa6\xe9\xa6\xf9p,\xf7v>\xcd\xd9\xc4\x1b\x9c(\xb8\x90\xdeg\xbf[n\x82\x96\xaev\xd4\xac \x14\xf0\x18@\xc3\xf1\xe2\x14\x1c\x0f\xa4-\xde\xae\xfa;\xaf\xae\x06\x9ag\x02\x98\xd0C2\xe7?\xfb\xb01\x9d\xf8\xd3Q\xb3\xb2\x18V\xe8\x8c\x87\xf4\t\x1c\x85\xa4\xc1\xb1\xf4k!G\xf5\xbb\xbbs&\xeac\xb3\xafW\x846\v\xb3\xca\xeb\xb7\x9e\x9e#]\x10lj\xaf\xaf\xd1\'{\x11\xaa,\x0f\xc5OY\"\x82\x84\xb6:J\x8c\xf37\x1d\xca\xf1\xef\x9f\xcf\a\xcf\xcb', 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) splice(r2, 0x0, r1, &(0x7f0000000140)=0xe8, 0x9, 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 15.492882482s ago: executing program 2 (id=155): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x4, 0x8, 0xf}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x50}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) 14.855366521s ago: executing program 2 (id=156): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000004600)=""/102400, 0x19000) splice(r2, 0x0, r0, 0x0, 0x6, 0xe) 12.914382915s ago: executing program 2 (id=157): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044081}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x40084146, 0x40944f9c780000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x16, 0x0, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newspdinfo={0x14, 0x24, 0x21, 0x3, 0x0, 0x2}, 0x14}}, 0x20000090) ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000000580)=@vmx={0x0, 0x0, 0x2080, {0x0, 0xeeef0000, {}, 0x0, 0x2}}) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="660f388084000072baf80c66b860b4498c66efbafc0c66b80e0000002ebe660f38049f9e0064f30fc7b000101f20f30fc7b1030066b9800000c00f326635000400000f30d2bc0a000f23c80f21f86635040040000f08b8f4008ee0", 0x5b}], 0x1, 0x48, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11.249892257s ago: executing program 1 (id=159): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000540)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) dup(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x6, 0x9, &(0x7f00000001c0)={{0x2, @rand_addr, 0x0, 0x0, 'lblc\x00', 0x8, 0x3, 0x2000000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xe6c}}, 0x44) getsockopt$inet_tcp_int(r3, 0x6, 0x9, 0x0, &(0x7f0000000040)) 9.861883935s ago: executing program 4 (id=161): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) r1 = io_uring_setup(0xcda, &(0x7f0000000000)={0x0, 0x701b, 0x400, 0x2, 0x60}) close_range(r1, r1, 0x0) gettid() r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0) read(r2, &(0x7f0000000200)=""/202, 0xca) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x4b, &(0x7f0000000100)=0x401, 0x4) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) syz_emit_ethernet(0x1012, &(0x7f00000004c0)=ANY=[], 0x0) dup3(r3, r3, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6}, 0x1c) listen(r3, 0x401) 9.708690596s ago: executing program 3 (id=162): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002", 0x8a) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 9.491287951s ago: executing program 3 (id=163): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) syz_emit_ethernet(0x4a, &(0x7f0000000380)=ANY=[], 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) mlockall(0x2) r1 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil) shmat(r1, &(0x7f0000caa000/0x3000)=nil, 0x7000) 7.564947216s ago: executing program 0 (id=164): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x59b801, 0x1ce) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$alg(0x26, 0x5, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r3 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) epoll_pwait(r3, 0x0, 0x0, 0x2d516fb6, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r5, 0x400, 0x0) open(&(0x7f0000000040)='./file1\x00', 0x121200, 0x144) 6.406207317s ago: executing program 1 (id=165): openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = fsopen(&(0x7f00000003c0)='virtiofs\x00', 0x0) read(r3, 0x0, 0x0) 5.990499493s ago: executing program 1 (id=166): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) getgroups(0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r3) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000008c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={0x0}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)) setgroups(0x1, &(0x7f0000000000)=[0x0]) setregid(0xffffffffffffffff, 0x0) socket$inet(0x2, 0x2, 0x1) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = shmget$private(0x0, 0x400000, 0x1000, &(0x7f000000e000/0x400000)=nil) shmctl$SHM_LOCK(r4, 0xb) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0) 5.990197888s ago: executing program 0 (id=167): rseq(&(0x7f0000001080)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) utimensat(0xffffffffffffffff, &(0x7f0000000000)='./bus\x00', 0x0, 0x0) 4.43418383s ago: executing program 1 (id=168): write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000140)={0xf, 0x1f, 0x2, 0x9f8d}, 0xf) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@local, 0x0, 0x0, 0x1, 0x1}, 0x20) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r0, 0x0, 0x24000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) 4.415937224s ago: executing program 2 (id=169): sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000730000009500"], &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.414556857s ago: executing program 3 (id=170): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8003, 0x7}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) unshare(0x20000400) fsetxattr$security_capability(r0, 0x0, 0x0, 0x0, 0x3) 4.3644143s ago: executing program 4 (id=171): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x50, r0, 0x801, 0x400, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x50}}, 0x0) 2.953574615s ago: executing program 0 (id=172): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x1}, @window={0x3, 0x8, 0x6}, @timestamp, @sack_perm, @window={0x3, 0x1, 0x5}], 0x7) sendto$inet(r0, &(0x7f00000007c0)='%', 0x1, 0xe044, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000380)='x', 0x1, 0x480c1, 0x0, 0x0) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x810, 0x0, 0x0) 2.953383919s ago: executing program 4 (id=173): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002", 0x8a) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 2.952943006s ago: executing program 4 (id=174): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x34, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x4}, @NL80211_ATTR_PBSS={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) 2.936498708s ago: executing program 0 (id=175): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000540)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) dup(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r4, 0x6, 0x9, &(0x7f00000001c0)={{0x2, @rand_addr, 0x0, 0x0, 'lblc\x00', 0x8, 0x3, 0x2000000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xe6c}}, 0x44) getsockopt$inet_tcp_int(r4, 0x6, 0x9, 0x0, &(0x7f0000000040)) 2.649477335s ago: executing program 4 (id=176): openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) fsopen(&(0x7f00000003c0)='virtiofs\x00', 0x0) 1.780721103s ago: executing program 0 (id=177): openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = fsopen(&(0x7f00000003c0)='virtiofs\x00', 0x0) read(r3, 0x0, 0x0) 620.368522ms ago: executing program 2 (id=178): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0xd, 0x0, 0x480c5}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x270}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611570000000000061136c0000000000bfa000000000000014000000ee0016055e03010000000000160500000001000069163e0000000000bf07000000000000260507000fff07206706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) ioctl(0xffffffffffffffff, 0xb8, &(0x7f0000000000)="15e0185428227964d1") r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x40300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000340)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x8000000000000001, 0x9, 0xfffffffffffffffd, 0x85, 0x2, 0x0, 0x4002004c8, 0x1004, 0x45c5, 0x20000c595, 0xfffffffffffffff9, 0xffffffffffffffff, 0x4, 0x0, 0x80000004000000, 0x4], 0x100000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 446.222717ms ago: executing program 4 (id=179): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x3214, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000400)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x40085507, &(0x7f0000000080)) 109.807092ms ago: executing program 1 (id=180): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x142ba3) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/oops_count', 0x8a883, 0x2) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x4000000000007, 0x4000000000000ffc, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x9]}}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 0s ago: executing program 2 (id=181): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17) r1 = userfaultfd(0x801) close_range(r1, r1, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.22' (ED25519) to the list of known hosts. [ 334.806376][ T5820] cgroup: Unknown subsys name 'net' [ 335.046968][ T5820] cgroup: Unknown subsys name 'cpuset' [ 335.122611][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 336.801149][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 340.671647][ T5111] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 340.693701][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 340.697809][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 340.698624][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 340.700173][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 340.700997][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 340.715617][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 340.718295][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 340.723798][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 340.728075][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 340.729417][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 340.730158][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 340.752297][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 340.753031][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 340.765427][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 340.772634][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 340.773766][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 340.774927][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 340.775343][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 340.776469][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 340.893155][ T5111] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 340.896487][ T5111] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 340.897308][ T5111] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 340.901668][ T5111] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 340.909492][ T5111] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 341.758290][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 341.778961][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 341.823061][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 341.888854][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 341.896565][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 342.148122][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.149274][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.149964][ T5836] bridge_slave_0: entered allmulticast mode [ 342.151588][ T5836] bridge_slave_0: entered promiscuous mode [ 342.204518][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.204636][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.204797][ T5835] bridge_slave_0: entered allmulticast mode [ 342.206474][ T5835] bridge_slave_0: entered promiscuous mode [ 342.210119][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.210199][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.210304][ T5836] bridge_slave_1: entered allmulticast mode [ 342.211640][ T5836] bridge_slave_1: entered promiscuous mode [ 342.286693][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.286792][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.286897][ T5833] bridge_slave_0: entered allmulticast mode [ 342.288384][ T5833] bridge_slave_0: entered promiscuous mode [ 342.290823][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.290935][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.291083][ T5835] bridge_slave_1: entered allmulticast mode [ 342.294238][ T5835] bridge_slave_1: entered promiscuous mode [ 342.355026][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.355144][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.355298][ T5833] bridge_slave_1: entered allmulticast mode [ 342.357033][ T5833] bridge_slave_1: entered promiscuous mode [ 342.394627][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.394757][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.394932][ T5834] bridge_slave_0: entered allmulticast mode [ 342.396674][ T5834] bridge_slave_0: entered promiscuous mode [ 342.398223][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.398339][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.398491][ T5844] bridge_slave_0: entered allmulticast mode [ 342.400182][ T5844] bridge_slave_0: entered promiscuous mode [ 342.448616][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.449818][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.449929][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.450383][ T5834] bridge_slave_1: entered allmulticast mode [ 342.455497][ T5834] bridge_slave_1: entered promiscuous mode [ 342.457916][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.458029][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.458205][ T5844] bridge_slave_1: entered allmulticast mode [ 342.460743][ T5844] bridge_slave_1: entered promiscuous mode [ 342.486413][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.490740][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 342.539459][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.541902][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 342.590797][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 342.621105][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.633629][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 342.661166][ T5836] team0: Port device team_slave_0 added [ 342.663864][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 342.793783][ T5111] Bluetooth: hci3: command tx timeout [ 342.873790][ T5838] Bluetooth: hci1: command tx timeout [ 342.874245][ T61] Bluetooth: hci2: command tx timeout [ 342.874332][ T5111] Bluetooth: hci0: command tx timeout [ 342.935129][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 342.952278][ T5111] Bluetooth: hci4: command tx timeout [ 342.952646][ T5835] team0: Port device team_slave_0 added [ 342.975690][ T5836] team0: Port device team_slave_1 added [ 343.003421][ T5835] team0: Port device team_slave_1 added [ 343.022395][ T5833] team0: Port device team_slave_0 added [ 343.065737][ T5834] team0: Port device team_slave_0 added [ 343.067847][ T5833] team0: Port device team_slave_1 added [ 343.086205][ T5844] team0: Port device team_slave_0 added [ 343.105084][ T5834] team0: Port device team_slave_1 added [ 343.122942][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.122956][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.122970][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.126176][ T5844] team0: Port device team_slave_1 added [ 343.126805][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.126816][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.126830][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.165868][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.165884][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.165909][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.190242][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.190259][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.190283][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.238416][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.238434][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.238455][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.272944][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.272960][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.272984][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.279364][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.279380][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.279404][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.284389][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.284405][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.284439][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.287152][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.287172][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.287198][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.306682][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.306700][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 343.306723][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 343.489199][ T5836] hsr_slave_0: entered promiscuous mode [ 343.490760][ T5836] hsr_slave_1: entered promiscuous mode [ 343.525275][ T5835] hsr_slave_0: entered promiscuous mode [ 343.526714][ T5835] hsr_slave_1: entered promiscuous mode [ 343.528084][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 343.528217][ T5835] Cannot create hsr debugfs directory [ 343.581279][ T5833] hsr_slave_0: entered promiscuous mode [ 343.583260][ T5833] hsr_slave_1: entered promiscuous mode [ 343.584404][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 343.584435][ T5833] Cannot create hsr debugfs directory [ 343.599173][ T5834] hsr_slave_0: entered promiscuous mode [ 343.600569][ T5834] hsr_slave_1: entered promiscuous mode [ 343.601435][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 343.601457][ T5834] Cannot create hsr debugfs directory [ 343.659403][ T5844] hsr_slave_0: entered promiscuous mode [ 343.660776][ T5844] hsr_slave_1: entered promiscuous mode [ 343.661872][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 343.661898][ T5844] Cannot create hsr debugfs directory [ 344.763125][ T5836] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 344.802735][ T5836] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 344.828007][ T5836] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 344.873351][ T5111] Bluetooth: hci3: command tx timeout [ 344.881753][ T5836] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 344.953593][ T5838] Bluetooth: hci2: command tx timeout [ 344.953740][ T61] Bluetooth: hci1: command tx timeout [ 344.953807][ T5111] Bluetooth: hci0: command tx timeout [ 345.014026][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 345.032193][ T5111] Bluetooth: hci4: command tx timeout [ 345.041817][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 345.089258][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 345.151119][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 345.265242][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 345.288702][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 345.328539][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 345.387565][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 345.537765][ T5834] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 345.576359][ T5834] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 345.610681][ T5834] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 345.657218][ T5834] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 345.757359][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.810163][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 345.844060][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 345.886433][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 345.923257][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 345.974000][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.019150][ T1023] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.020007][ T1023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.049288][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.070503][ T5885] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.070778][ T5885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.146866][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.196623][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.196708][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.220297][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.250704][ T1023] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.250826][ T1023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.328532][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.366314][ T1236] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.366462][ T1236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.396180][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.438581][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.438670][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.521801][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.578331][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.578472][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.605572][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.658123][ T5885] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.658322][ T5885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.764933][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.820109][ T1023] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.821175][ T1023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.831347][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 346.889479][ T1236] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.889575][ T1236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.954699][ T5111] Bluetooth: hci3: command tx timeout [ 347.032149][ T5111] Bluetooth: hci0: command tx timeout [ 347.032180][ T5111] Bluetooth: hci1: command tx timeout [ 347.032201][ T5111] Bluetooth: hci2: command tx timeout [ 347.112981][ T61] Bluetooth: hci4: command tx timeout [ 347.116519][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.245070][ T5836] veth0_vlan: entered promiscuous mode [ 347.309953][ T5836] veth1_vlan: entered promiscuous mode [ 347.419917][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.434889][ T5835] veth0_vlan: entered promiscuous mode [ 347.494806][ T5835] veth1_vlan: entered promiscuous mode [ 347.507348][ T5836] veth0_macvtap: entered promiscuous mode [ 347.528287][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.565410][ T5836] veth1_macvtap: entered promiscuous mode [ 347.687224][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 347.741485][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 347.751171][ T5835] veth0_macvtap: entered promiscuous mode [ 347.765064][ T5833] veth0_vlan: entered promiscuous mode [ 347.822524][ T5835] veth1_macvtap: entered promiscuous mode [ 347.825846][ T58] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.830696][ T58] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.837715][ T58] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.880459][ T58] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 347.884022][ T5833] veth1_vlan: entered promiscuous mode [ 347.916844][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.047764][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 348.151358][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 348.226905][ T5932] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.247965][ T5932] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.257233][ T5932] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.272803][ T1023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 348.272828][ T1023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.281347][ T5833] veth0_macvtap: entered promiscuous mode [ 348.305320][ T5932] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.399992][ T5833] veth1_macvtap: entered promiscuous mode [ 348.482880][ T5844] veth0_vlan: entered promiscuous mode [ 348.490410][ T5834] veth0_vlan: entered promiscuous mode [ 348.503191][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 348.503211][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.624948][ T5844] veth1_vlan: entered promiscuous mode [ 348.630061][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 348.637517][ T5834] veth1_vlan: entered promiscuous mode [ 348.705753][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 348.707477][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 348.707497][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.753076][ T1236] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.755417][ T1236] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.760214][ T1236] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.783458][ T1236] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.837837][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 348.837855][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.978345][ T5953] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 349.023000][ T5844] veth0_macvtap: entered promiscuous mode [ 349.025236][ T5834] veth0_macvtap: entered promiscuous mode [ 349.033497][ T61] Bluetooth: hci3: command tx timeout [ 349.097717][ T5844] veth1_macvtap: entered promiscuous mode [ 349.100809][ T5834] veth1_macvtap: entered promiscuous mode [ 349.114628][ T61] Bluetooth: hci2: command tx timeout [ 349.114664][ T61] Bluetooth: hci1: command tx timeout [ 349.114705][ T61] Bluetooth: hci0: command tx timeout [ 349.192764][ T5111] Bluetooth: hci4: command tx timeout [ 349.302077][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 349.328467][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 349.329470][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.329487][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.386968][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 349.422987][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 349.551998][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 349.562021][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 349.571998][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 349.581978][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 349.591964][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 349.601995][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 349.611974][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 349.622006][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 349.625920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 349.626953][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 350.950668][ T58] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.985819][ T58] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.994028][ T58] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.024185][ T5932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.024207][ T5932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.053267][ T1023] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.076584][ T1023] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.103056][ T1023] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.175460][ T1023] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.240586][ T1023] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.706546][ T1023] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.706566][ T1023] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.867337][ T1236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.867358][ T1236] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.872282][ T5967] binder: 5966:5967 ioctl c0306201 200000001a80 returned -14 [ 352.174611][ T5951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 352.174631][ T5951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 353.247982][ T5951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.248005][ T5951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.565838][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 355.802033][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 355.885092][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 355.885119][ T10] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 355.885157][ T10] usb 2-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 355.885179][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.984561][ T10] usb 2-1: config 0 descriptor?? [ 356.085621][ T5916] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 356.256555][ T5893] usb 2-1: USB disconnect, device number 2 [ 356.262547][ T5916] usb 3-1: Using ep0 maxpacket: 32 [ 356.269252][ T5916] usb 3-1: config 1 has an invalid interface number: 221 but max is 0 [ 356.269279][ T5916] usb 3-1: config 1 has no interface number 0 [ 356.269328][ T5916] usb 3-1: config 1 interface 221 has no altsetting 0 [ 356.303496][ T5916] usb 3-1: New USB device found, idVendor=0421, idProduct=02d9, bcdDevice=af.ce [ 356.303526][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.303545][ T5916] usb 3-1: Product: syz [ 356.303558][ T5916] usb 3-1: Manufacturer: syz [ 356.303572][ T5916] usb 3-1: SerialNumber: syz [ 356.666303][ T5916] rndis_host 3-1:1.221: skipping garbage [ 356.666332][ T5916] usb 3-1: bad CDC descriptors [ 356.714880][ T5916] cdc_acm 3-1:1.221: skipping garbage [ 356.824768][ T5916] usb 3-1: USB disconnect, device number 2 [ 356.979720][ T6017] Illegal XDP return value 4294967294 on prog (id 4) dev N/A, expect packet loss! [ 359.242109][ T5111] Bluetooth: hci4: command tx timeout [ 365.476485][ T6039] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 373.312055][ T5916] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 373.482088][ T5916] usb 5-1: Using ep0 maxpacket: 16 [ 373.484569][ T5916] usb 5-1: config 0 interface 0 has no altsetting 0 [ 373.484603][ T5916] usb 5-1: New USB device found, idVendor=056a, idProduct=005d, bcdDevice= 0.00 [ 373.484616][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.531722][ T5916] usb 5-1: config 0 descriptor?? [ 375.343443][ T5916] wacom 0003:056A:005D.0001: unknown main item tag 0x0 [ 375.343485][ T5916] wacom 0003:056A:005D.0001: unknown main item tag 0x0 [ 375.343511][ T5916] wacom 0003:056A:005D.0001: unknown main item tag 0x0 [ 375.343536][ T5916] wacom 0003:056A:005D.0001: unknown main item tag 0x0 [ 375.343560][ T5916] wacom 0003:056A:005D.0001: unknown main item tag 0x0 [ 375.343585][ T5916] wacom 0003:056A:005D.0001: unknown main item tag 0x0 [ 375.343610][ T5916] wacom 0003:056A:005D.0001: unknown main item tag 0x0 [ 375.625405][ T9] usb 5-1: USB disconnect, device number 2 [ 376.581492][ T6114] netlink: 4 bytes leftover after parsing attributes in process `syz.3.49'. [ 378.145691][ C1] Unknown status report in ack skb [ 379.712719][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.712817][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.036467][ T6149] mmap: syz.4.64 (6149) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 391.032063][ T5893] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 391.397365][ T31] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 391.402056][ T5893] usb 1-1: Invalid ep0 maxpacket: 16 [ 391.540918][ T5893] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 391.565276][ T31] usb 3-1: config 4 has an invalid interface number: 121 but max is 0 [ 391.565305][ T31] usb 3-1: config 4 has no interface number 0 [ 391.565349][ T31] usb 3-1: config 4 interface 121 has no altsetting 0 [ 391.567995][ T31] usb 3-1: New USB device found, idVendor=6b86, idProduct=c211, bcdDevice=25.ca [ 391.568013][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.568023][ T31] usb 3-1: Product: syz [ 391.568030][ T31] usb 3-1: Manufacturer: syz [ 391.568038][ T31] usb 3-1: SerialNumber: syz [ 392.662041][ T5893] usb 1-1: Invalid ep0 maxpacket: 16 [ 392.664269][ T5893] usb usb1-port1: attempt power cycle [ 392.817282][ T31] usb 3-1: USB disconnect, device number 3 [ 393.521557][ T6208] Bluetooth: MGMT ver 1.23 [ 395.917488][ T6226] 9pnet_virtio: no channels available for device 127.0.0.1 [ 399.299698][ T5913] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 399.482509][ T5913] usb 5-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00 [ 399.482537][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.487834][ T5913] usb 5-1: config 0 descriptor?? [ 399.785040][ T5111] Bluetooth: hci2: command tx timeout [ 403.238372][ T5913] usbhid 5-1:0.0: can't add hid device: -71 [ 403.241291][ T5913] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 403.272524][ T5913] usb 5-1: USB disconnect, device number 3 [ 403.452319][ T6261] binder: 6260:6261 ioctl 4018620d 0 returned -22 [ 403.453228][ T6261] binder: 6260:6261 ioctl c00c620f 2000000001c0 returned -22 [ 405.232104][ T5893] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 405.402088][ T5893] usb 5-1: Using ep0 maxpacket: 16 [ 405.412919][ T5893] usb 5-1: config index 0 descriptor too short (expected 48456, got 72) [ 405.412946][ T5893] usb 5-1: config 85 has too many interfaces: 104, using maximum allowed: 32 [ 405.412966][ T5893] usb 5-1: config 85 descriptor has 1 excess byte, ignoring [ 405.412983][ T5893] usb 5-1: config 85 has 0 interfaces, different from the descriptor's value: 104 [ 405.416023][ T5893] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 405.416049][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=21 [ 405.416069][ T5893] usb 5-1: Product: syz [ 405.416082][ T5893] usb 5-1: Manufacturer: syz [ 405.416095][ T5893] usb 5-1: SerialNumber: syz [ 405.744001][ T5893] usb 5-1: USB disconnect, device number 4 [ 408.819054][ T6004] udevd[6004]: inotify_add_watch(7, /dev/loop1, 10) failed: No such file or directory [ 415.404268][ T6322] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 417.511741][ C0] wlan1: beacon TX faster than countdown (channel/color switch) completion [ 425.179151][ T5822] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 427.762092][ T5816] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 427.782118][ T5822] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 427.920723][ T5816] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 427.920743][ T5816] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.920753][ T5816] usb 1-1: Product: syz [ 427.920760][ T5816] usb 1-1: Manufacturer: syz [ 427.920767][ T5816] usb 1-1: SerialNumber: syz [ 427.954419][ T5822] usb 4-1: config 4 has an invalid interface number: 121 but max is 0 [ 427.954452][ T5822] usb 4-1: config 4 has no interface number 0 [ 427.954497][ T5822] usb 4-1: config 4 interface 121 has no altsetting 0 [ 427.960676][ T5822] usb 4-1: New USB device found, idVendor=6b86, idProduct=c211, bcdDevice=25.ca [ 427.960706][ T5822] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.960724][ T5822] usb 4-1: Product: syz [ 427.960737][ T5822] usb 4-1: Manufacturer: syz [ 427.960750][ T5822] usb 4-1: SerialNumber: syz [ 428.146198][ T5816] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 428.146273][ T5816] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 428.146296][ T5816] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 428.219387][ T5816] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71 [ 428.337454][ T5822] usb 4-1: USB disconnect, device number 2 [ 428.433264][ T5816] usb 1-1: USB disconnect, device number 6 [ 439.353263][ T6453] hub 1-0:1.0: USB hub found [ 439.360610][ T6453] hub 1-0:1.0: 1 port detected [ 440.832707][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.832775][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.769157][ T6494] Zero length message leads to an empty skb [ 451.220963][ T6527] [ 451.220976][ T6527] ====================================================== [ 451.220984][ T6527] WARNING: possible circular locking dependency detected [ 451.221002][ T6527] syzkaller #0 Not tainted [ 451.221012][ T6527] ------------------------------------------------------ [ 451.221020][ T6527] syz.1.180/6527 is trying to acquire lock: [ 451.221031][ T6527] ffff888019e872c0 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450 [ 451.221092][ T6527] [ 451.221092][ T6527] but task is already holding lock: [ 451.221098][ T6527] ffff8880250c9490 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1a69/0x1fc0 [ 451.221152][ T6527] [ 451.221152][ T6527] which lock already depends on the new lock. [ 451.221152][ T6527] [ 451.221159][ T6527] [ 451.221159][ T6527] the existing dependency chain (in reverse order) is: [ 451.221165][ T6527] [ 451.221165][ T6527] -> #2 (&q->q_usage_counter(io)#24){++++}-{0:0}: [ 451.221193][ T6527] blk_alloc_queue+0x54e/0x690 [ 451.221212][ T6527] __blk_mq_alloc_disk+0x197/0x390 [ 451.221232][ T6527] loop_add+0x482/0xb50 [ 451.221247][ T6527] loop_init+0xd9/0x170 [ 451.221261][ T6527] do_one_initcall+0x250/0x840 [ 451.221282][ T6527] do_initcall_level+0x104/0x190 [ 451.221299][ T6527] do_initcalls+0x59/0xa0 [ 451.221314][ T6527] kernel_init_freeable+0x2a6/0x3d0 [ 451.221331][ T6527] kernel_init+0x1d/0x1d0 [ 451.221346][ T6527] ret_from_fork+0x51e/0xb90 [ 451.221365][ T6527] ret_from_fork_asm+0x1a/0x30 [ 451.221387][ T6527] [ 451.221387][ T6527] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 451.221409][ T6527] fs_reclaim_acquire+0x71/0x100 [ 451.221429][ T6527] kmem_cache_alloc_noprof+0x44/0x680 [ 451.221446][ T6527] __kernfs_iattrs+0xdf/0x340 [ 451.221462][ T6527] kernfs_iop_setattr+0xea/0x3f0 [ 451.221478][ T6527] notify_change+0xc18/0xf60 [ 451.221495][ T6527] do_truncate+0x1c2/0x250 [ 451.221511][ T6527] path_openat+0x2fbe/0x38a0 [ 451.221527][ T6527] do_file_open+0x23e/0x4a0 [ 451.221542][ T6527] do_sys_openat2+0x113/0x200 [ 451.221562][ T6527] __x64_sys_openat+0x138/0x170 [ 451.221583][ T6527] do_syscall_64+0x14d/0xf80 [ 451.221603][ T6527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.221630][ T6527] [ 451.221630][ T6527] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 451.221657][ T6527] __lock_acquire+0x15a5/0x2cf0 [ 451.221680][ T6527] lock_acquire+0x106/0x330 [ 451.221701][ T6527] down_read+0x97/0x200 [ 451.221723][ T6527] kernfs_iop_getattr+0x9e/0x450 [ 451.221739][ T6527] vfs_getattr_nosec+0x2e1/0x430 [ 451.221759][ T6527] loop_assign_backing_file+0x286/0x4c0 [ 451.221779][ T6527] lo_ioctl+0x1ae6/0x1fc0 [ 451.221796][ T6527] blkdev_ioctl+0x5e6/0x750 [ 451.221816][ T6527] __se_sys_ioctl+0xff/0x170 [ 451.221832][ T6527] do_syscall_64+0x14d/0xf80 [ 451.221853][ T6527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.221869][ T6527] [ 451.221869][ T6527] other info that might help us debug this: [ 451.221869][ T6527] [ 451.221876][ T6527] Chain exists of: [ 451.221876][ T6527] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#24 [ 451.221876][ T6527] [ 451.221928][ T6527] Possible unsafe locking scenario: [ 451.221928][ T6527] [ 451.221934][ T6527] CPU0 CPU1 [ 451.221939][ T6527] ---- ---- [ 451.221944][ T6527] lock(&q->q_usage_counter(io)#24); [ 451.221961][ T6527] lock(fs_reclaim); [ 451.221975][ T6527] lock(&q->q_usage_counter(io)#24); [ 451.221992][ T6527] rlock(&root->kernfs_iattr_rwsem); [ 451.222004][ T6527] [ 451.222004][ T6527] *** DEADLOCK *** [ 451.222004][ T6527] [ 451.222009][ T6527] 3 locks held by syz.1.180/6527: [ 451.222020][ T6527] #0: ffff8880251f9498 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x14d8/0x1fc0 [ 451.222065][ T6527] #1: ffff8880250c9490 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1a69/0x1fc0 [ 451.222115][ T6527] #2: ffff8880250c94c8 (&q->q_usage_counter(queue)#8){+.+.}-{0:0}, at: lo_ioctl+0x1a69/0x1fc0 [ 451.222164][ T6527] [ 451.222164][ T6527] stack backtrace: [ 451.222190][ T6527] CPU: 1 UID: 0 PID: 6527 Comm: syz.1.180 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 451.222211][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 451.222228][ T6527] Call Trace: [ 451.222240][ T6527] [ 451.222250][ T6527] dump_stack_lvl+0xe8/0x150 [ 451.222273][ T6527] print_circular_bug+0x2e1/0x300 [ 451.222291][ T6527] check_noncircular+0x12e/0x150 [ 451.222313][ T6527] __lock_acquire+0x15a5/0x2cf0 [ 451.222354][ T6527] ? __pfx___schedule+0x10/0x10 [ 451.222377][ T6527] ? kernfs_iop_getattr+0x9e/0x450 [ 451.222394][ T6527] lock_acquire+0x106/0x330 [ 451.222417][ T6527] ? kernfs_iop_getattr+0x9e/0x450 [ 451.222438][ T6527] down_read+0x97/0x200 [ 451.222461][ T6527] ? kernfs_iop_getattr+0x9e/0x450 [ 451.222479][ T6527] ? __pfx_down_read+0x10/0x10 [ 451.222502][ T6527] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 451.222524][ T6527] kernfs_iop_getattr+0x9e/0x450 [ 451.222544][ T6527] vfs_getattr_nosec+0x2e1/0x430 [ 451.222569][ T6527] loop_assign_backing_file+0x286/0x4c0 [ 451.222604][ T6527] ? __pfx_loop_assign_backing_file+0x10/0x10 [ 451.222640][ T6527] lo_ioctl+0x1ae6/0x1fc0 [ 451.222663][ T6527] ? __pfx_lo_ioctl+0x10/0x10 [ 451.222686][ T6527] ? ima_match_policy+0x112/0x21e0 [ 451.222711][ T6527] ? __lock_acquire+0x6b5/0x2cf0 [ 451.222736][ T6527] ? __lock_acquire+0x6b5/0x2cf0 [ 451.222762][ T6527] ? __lock_acquire+0x6b5/0x2cf0 [ 451.222787][ T6527] ? __lock_acquire+0x6b5/0x2cf0 [ 451.222814][ T6527] ? __lock_acquire+0x6b5/0x2cf0 [ 451.222839][ T6527] ? __lock_acquire+0x6b5/0x2cf0 [ 451.222867][ T6527] ? unwind_next_frame+0xa5/0x23c0 [ 451.222904][ T6527] ? unwind_next_frame+0xa5/0x23c0 [ 451.222931][ T6527] ? is_bpf_text_address+0x26/0x2b0 [ 451.222956][ T6527] ? is_bpf_text_address+0x26/0x2b0 [ 451.222977][ T6527] ? is_bpf_text_address+0x292/0x2b0 [ 451.222996][ T6527] ? is_bpf_text_address+0x26/0x2b0 [ 451.223017][ T6527] ? kernel_text_address+0xa5/0xe0 [ 451.223035][ T6527] ? __kernel_text_address+0xd/0x30 [ 451.223052][ T6527] ? unwind_get_return_address+0x4d/0x90 [ 451.223077][ T6527] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 451.223099][ T6527] ? arch_stack_walk+0xfb/0x150 [ 451.223127][ T6527] ? stack_trace_save+0xa9/0x100 [ 451.223155][ T6527] ? __pfx_stack_trace_save+0x10/0x10 [ 451.223174][ T6527] ? kasan_save_free_info+0x46/0x50 [ 451.223200][ T6527] ? stack_depot_save_flags+0x33/0x810 [ 451.223225][ T6527] ? kasan_save_track+0x4f/0x80 [ 451.223242][ T6527] ? kasan_save_track+0x3e/0x80 [ 451.223257][ T6527] ? kasan_save_free_info+0x46/0x50 [ 451.223279][ T6527] ? __kasan_slab_free+0x5c/0x80 [ 451.223297][ T6527] ? kfree+0x1c1/0x690 [ 451.223313][ T6527] ? tomoyo_path_number_perm+0x501/0x630 [ 451.223339][ T6527] ? security_file_ioctl+0xc3/0x2a0 [ 451.223364][ T6527] ? __se_sys_ioctl+0x47/0x170 [ 451.223382][ T6527] ? do_syscall_64+0x14d/0xf80 [ 451.223404][ T6527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.223426][ T6527] ? __asan_memset+0x22/0x50 [ 451.223452][ T6527] ? blk_get_meta_cap+0x16d/0x7a0 [ 451.223474][ T6527] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 451.223497][ T6527] ? blkdev_common_ioctl+0x14b7/0x3250 [ 451.223521][ T6527] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 451.223544][ T6527] ? kasan_quarantine_put+0xbb/0x1f0 [ 451.223581][ T6527] ? tomoyo_path_number_perm+0x219/0x630 [ 451.223609][ T6527] ? tomoyo_path_number_perm+0x219/0x630 [ 451.223637][ T6527] ? do_vfs_ioctl+0x117b/0x1540 [ 451.223657][ T6527] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 451.223683][ T6527] ? do_futex+0x333/0x420 [ 451.223708][ T6527] ? __asan_memset+0x22/0x50 [ 451.223734][ T6527] ? smack_file_ioctl+0x263/0x360 [ 451.223760][ T6527] ? __pfx_smack_file_ioctl+0x10/0x10 [ 451.223786][ T6527] ? __pfx_lo_ioctl+0x10/0x10 [ 451.223807][ T6527] blkdev_ioctl+0x5e6/0x750 [ 451.223830][ T6527] ? __pfx_blkdev_ioctl+0x10/0x10 [ 451.223858][ T6527] ? __fget_files+0x2a/0x420 [ 451.223884][ T6527] ? bpf_lsm_file_ioctl+0x9/0x20 [ 451.223914][ T6527] ? __pfx_blkdev_ioctl+0x10/0x10 [ 451.223936][ T6527] __se_sys_ioctl+0xff/0x170 [ 451.223956][ T6527] do_syscall_64+0x14d/0xf80 [ 451.223979][ T6527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.223998][ T6527] ? trace_irq_disable+0x37/0x100 [ 451.224014][ T6527] ? clear_bhb_loop+0x40/0x90 [ 451.224035][ T6527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.224054][ T6527] RIP: 0033:0x7fec944cbf79 [ 451.224078][ T6527] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 451.224095][ T6527] RSP: 002b:00007fec9271e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 451.224116][ T6527] RAX: ffffffffffffffda RBX: 00007fec94745fa0 RCX: 00007fec944cbf79 [ 451.224132][ T6527] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003 [ 451.224145][ T6527] RBP: 00007fec945627e0 R08: 0000000000000000 R09: 0000000000000000 [ 451.224157][ T6527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.224169][ T6527] R13: 00007fec94746038 R14: 00007fec94745fa0 R15: 00007ffdf03e0048 [ 451.224191][ T6527]