last executing test programs: 12.907238528s ago: executing program 0 (id=58): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000016000000b70300000000fff48500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r6, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x2}}, 0x10, 0x0}, 0x10) 11.600643066s ago: executing program 0 (id=61): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500)=0x1, 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0xfffffffd, @empty, 0x5}}}, 0x30) 11.225169119s ago: executing program 0 (id=63): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xa9}}, &(0x7f0000000480)='GPL\x00'}, 0x90) keyctl$dh_compute(0x17, &(0x7f0000000700), &(0x7f0000000780), 0x0, &(0x7f00000008c0)={&(0x7f00000007c0)={'blake2s-128-generic\x00'}, &(0x7f0000000800)="16488a99a96b2b2862ca51fd34fbe6bb6cc4828fa5258d60c7c0b7ed804474b8237f458e0547090878c78ee564f9019c8cc77517486bffae55160b769cd9b44d061db1177f05ae87948702105448de8e102c34bfa82c4a81126a13dff8f69c5c01d9e59e499f410de14a1bcb18ee20796bbdf082da634deead0ea8c67eed3dff", 0x80}) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(0xffffffffffffffff, 0x0, 0xc) openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x8100, 0x0, 0x37) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f00000001c0)={0x0, @remote, @local}, 0x0) sendmsg$nl_route_sched_retired(r4, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x44005) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_ADV_PARAM={{0x79}, 0xce}}}, 0x7) 9.498558862s ago: executing program 4 (id=72): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) shutdown(r0, 0x1) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000280)={r1, r0, 0x1, 0x0, 0x0, 0x48, 0x1, 0x5, 0xa, 0x8, 0x1, 0x2, 'syz0\x00'}) 8.305695737s ago: executing program 4 (id=76): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x1, 0x9, 0x9}}, 0x28) 7.085789865s ago: executing program 1 (id=79): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000003600)=[{{&(0x7f0000000700)={0xa, 0x4e24, 0x3, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000e40)=[@pktinfo={{0x24, 0x29, 0x32, {@private2={0xfc, 0x2, '\x00', 0x1}}}}], 0x28}}], 0x1, 0xff00) 7.004161588s ago: executing program 4 (id=81): bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000008c0)={0xffffffffffffffff, &(0x7f0000000540), 0x0}, 0x20) 6.713481176s ago: executing program 1 (id=82): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x2, 0x2) syz_open_dev$usbfs(0x0, 0x77, 0x101301) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000980), 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000200)=@mmap={0x1, 0x1, 0x4, 0x1, 0x6, {0x77359400}, {0x1, 0x0, 0x5, 0x9, 0x64, 0xe, "7cf93be8"}, 0xfffffff7, 0x1, {}, 0x2}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 6.552020722s ago: executing program 4 (id=84): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000020603f7ff000000000000000700000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f7274"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 6.484494303s ago: executing program 0 (id=85): ioprio_set$uid(0x3, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0) write$cgroup_pid(r0, &(0x7f0000000080), 0x12) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x0, 0x4000}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 6.264308437s ago: executing program 0 (id=87): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_STATION(r0, 0x0, 0x0) 3.934897352s ago: executing program 2 (id=90): syz_usb_connect(0x0, 0x0, 0x0, 0x0) 3.764114139s ago: executing program 0 (id=91): r0 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000100)='mand\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x1, 0x3) 3.640785084s ago: executing program 1 (id=93): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000002c0)}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) close_range(r0, 0xffffffffffffffff, 0x0) 3.221449721s ago: executing program 1 (id=94): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0207e80702"], 0x10}}, 0x40044) r1 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@local, 0x400, 0x56, 0x2, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x8, 0x8, 0x2000000, 0xeffffffffffffffe}, {0x7, 0x0, 0x4}, 0x1, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in=@local, 0x3507, 0x4, 0x0, 0x0, 0xffffffff, 0x0, 0xffff}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xff}}}, 0x1c) 3.221215926s ago: executing program 2 (id=95): unshare(0x2040400) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 3.220979541s ago: executing program 3 (id=96): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) inotify_rm_watch(0xffffffffffffffff, 0x0) 2.992103305s ago: executing program 3 (id=97): set_mempolicy(0x4005, &(0x7f0000000040)=0x10000000005, 0x7) syz_io_uring_setup(0xd2, &(0x7f0000000000)={0x0, 0xb46, 0x0, 0x0, 0x34e}, &(0x7f00000002c0), &(0x7f0000000080)) 2.991504395s ago: executing program 2 (id=98): inotify_init1(0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r2, &(0x7f0000000040), 0x10) r3 = dup3(r2, 0xffffffffffffffff, 0x80000) write$tun(r3, 0x0, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) r5 = dup2(r4, r0) close_range(r5, 0xffffffffffffffff, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) fcntl$dupfd(r6, 0x0, r6) socket$unix(0x1, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) 2.738240171s ago: executing program 3 (id=99): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500)=0x1, 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0xfffffffd, @empty, 0x5}}}, 0x30) 2.52251149s ago: executing program 2 (id=100): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) preadv2(r4, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x880) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x2a}, 0x91ee, 0x1, 0x1, 0x0, 0x2, 0x80}, &(0x7f00000002c0)=0x20) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000080)={0x0, 0xddf}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, &(0x7f0000000380)={r6, 0x3}, 0x8) io_uring_setup(0x4aec, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x6c, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}}, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x200000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000097e3075ad39065cd72319ca29942e7fbecc18690de53b500639afa8e"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.370866833s ago: executing program 3 (id=101): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000007cc0), 0x0, 0x931766f6319eed40) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0500"], 0x48) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x7d, &(0x7f0000000840)=""/4127, &(0x7f0000000000)=0x101f) 2.217933354s ago: executing program 3 (id=102): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000240), &(0x7f0000000140)=@tcp6=r4}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r5, &(0x7f0000000080)="ff25f7", &(0x7f0000000cc0)=""/4096}, 0x20) 1.179467834s ago: executing program 3 (id=103): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x2, 0x2) syz_open_dev$usbfs(0x0, 0x77, 0x101301) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000980), 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000200)=@mmap={0x1, 0x1, 0x4, 0x1, 0x6, {0x77359400}, {0x1, 0x0, 0x5, 0x9, 0x64, 0xe, "7cf93be8"}, 0xfffffff7, 0x1, {}, 0x2}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 1.153355985s ago: executing program 1 (id=104): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="5800000010000304000300"/20, @ANYRES32=0x0, @ANYBLOB="00000000010000002800128009000100766c616e00000000180002800c0002001e0000001f000bd306000100fc0f000008000500", @ANYRES32], 0x58}}, 0x48000) 925.124296ms ago: executing program 2 (id=105): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) fstat(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r1) timerfd_create(0x9, 0x80800) 570.177084ms ago: executing program 2 (id=106): syz_usb_connect(0x0, 0x0, 0x0, 0x0) 545.208258ms ago: executing program 1 (id=107): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = syz_io_uring_setup(0xa0, &(0x7f0000000100)={0x0, 0x200089bd, 0x80, 0x1, 0x385}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000300)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x40, 0x2007, @fd=r4, 0xc000000, &(0x7f00000000c0)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x1e}) io_uring_enter(r5, 0x32dc, 0x0, 0xe, 0x0, 0x0) 436.090546ms ago: executing program 4 (id=108): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) inotify_rm_watch(r0, 0x0) 0s ago: executing program 4 (id=109): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x3e, 0x6542) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/mem_sleep', 0x0, 0x80) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0xffffffffffffff00, 0x7]}}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts. [ 79.561390][ T5786] cgroup: Unknown subsys name 'net' [ 79.802108][ T5786] cgroup: Unknown subsys name 'cpuset' [ 79.838037][ T5786] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.495488][ T5786] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.133618][ T5814] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.150774][ T5821] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.156368][ T5816] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.168389][ T5816] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.170138][ T5816] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.170991][ T5816] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.172730][ T5816] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.173294][ T5816] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.173910][ T5816] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.175748][ T5816] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.182484][ T5821] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.184515][ T5816] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.185688][ T5816] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.185879][ T5816] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.186563][ T5816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.187842][ T5816] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.188173][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.196000][ T5821] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.196679][ T5816] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.197809][ T5816] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.201111][ T5823] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.240255][ T5807] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.243258][ T5807] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.265247][ T5807] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.265414][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.203431][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 86.399050][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 86.403574][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 86.409278][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 86.427956][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 86.821564][ T9] cfg80211: failed to load regulatory.db [ 86.998777][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.999802][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.000196][ T5806] bridge_slave_0: entered allmulticast mode [ 87.001745][ T5806] bridge_slave_0: entered promiscuous mode [ 87.053215][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.053285][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.053583][ T5806] bridge_slave_1: entered allmulticast mode [ 87.054967][ T5806] bridge_slave_1: entered promiscuous mode [ 87.218931][ T5823] Bluetooth: hci2: command tx timeout [ 87.218938][ T5117] Bluetooth: hci3: command tx timeout [ 87.299380][ T5117] Bluetooth: hci4: command tx timeout [ 87.299873][ T5823] Bluetooth: hci0: command tx timeout [ 87.377574][ T5823] Bluetooth: hci1: command tx timeout [ 87.738466][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.738652][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.738850][ T5804] bridge_slave_0: entered allmulticast mode [ 87.740457][ T5804] bridge_slave_0: entered promiscuous mode [ 87.741882][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.741998][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.742160][ T5808] bridge_slave_0: entered allmulticast mode [ 87.743818][ T5808] bridge_slave_0: entered promiscuous mode [ 87.746137][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.746253][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.746407][ T5805] bridge_slave_0: entered allmulticast mode [ 87.749932][ T5805] bridge_slave_0: entered promiscuous mode [ 87.753298][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.753415][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.753853][ T5803] bridge_slave_0: entered allmulticast mode [ 87.755349][ T5803] bridge_slave_0: entered promiscuous mode [ 87.860226][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.860498][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.860633][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.860819][ T5804] bridge_slave_1: entered allmulticast mode [ 87.862619][ T5804] bridge_slave_1: entered promiscuous mode [ 87.865730][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.865850][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.866261][ T5808] bridge_slave_1: entered allmulticast mode [ 87.888906][ T5808] bridge_slave_1: entered promiscuous mode [ 87.891020][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.891141][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.891603][ T5805] bridge_slave_1: entered allmulticast mode [ 87.894445][ T5805] bridge_slave_1: entered promiscuous mode [ 87.903476][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.903584][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.903785][ T5803] bridge_slave_1: entered allmulticast mode [ 87.905610][ T5803] bridge_slave_1: entered promiscuous mode [ 87.988237][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.601807][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.671042][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.674019][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.678375][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.706125][ T5806] team0: Port device team_slave_0 added [ 88.709775][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.724701][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.726683][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.730213][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.732651][ T5806] team0: Port device team_slave_1 added [ 89.299006][ T5823] Bluetooth: hci2: command tx timeout [ 89.299040][ T5823] Bluetooth: hci3: command tx timeout [ 89.377564][ T5823] Bluetooth: hci4: command tx timeout [ 89.377599][ T5823] Bluetooth: hci0: command tx timeout [ 89.430310][ T5804] team0: Port device team_slave_0 added [ 89.432482][ T5808] team0: Port device team_slave_0 added [ 89.434460][ T5805] team0: Port device team_slave_0 added [ 89.436494][ T5803] team0: Port device team_slave_0 added [ 89.438274][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.438288][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.438311][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.443572][ T5804] team0: Port device team_slave_1 added [ 89.447202][ T5808] team0: Port device team_slave_1 added [ 89.450379][ T5805] team0: Port device team_slave_1 added [ 89.453099][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.453114][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.453138][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.457557][ T5823] Bluetooth: hci1: command tx timeout [ 89.716897][ T5803] team0: Port device team_slave_1 added [ 90.268870][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.268882][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.268895][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.270237][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.270250][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.270271][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.272926][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.272939][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.272962][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.449029][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.449045][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.449070][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.450956][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.450971][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.450995][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.452470][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.452482][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.452506][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.540422][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.540440][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.540464][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.679317][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.679332][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.679352][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.711455][ T5806] hsr_slave_0: entered promiscuous mode [ 90.712934][ T5806] hsr_slave_1: entered promiscuous mode [ 91.202582][ T5804] hsr_slave_0: entered promiscuous mode [ 91.203351][ T5804] hsr_slave_1: entered promiscuous mode [ 91.204052][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 91.204138][ T5804] Cannot create hsr debugfs directory [ 91.213833][ T5808] hsr_slave_0: entered promiscuous mode [ 91.215078][ T5808] hsr_slave_1: entered promiscuous mode [ 91.216078][ T5808] debugfs: 'hsr0' already exists in 'hsr' [ 91.216100][ T5808] Cannot create hsr debugfs directory [ 91.324249][ T5805] hsr_slave_0: entered promiscuous mode [ 91.325113][ T5805] hsr_slave_1: entered promiscuous mode [ 91.325623][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 91.325645][ T5805] Cannot create hsr debugfs directory [ 91.377579][ T5823] Bluetooth: hci2: command tx timeout [ 91.387652][ T5823] Bluetooth: hci3: command tx timeout [ 91.423865][ T5803] hsr_slave_0: entered promiscuous mode [ 91.424687][ T5803] hsr_slave_1: entered promiscuous mode [ 91.425193][ T5803] debugfs: 'hsr0' already exists in 'hsr' [ 91.425210][ T5803] Cannot create hsr debugfs directory [ 91.458840][ T5823] Bluetooth: hci0: command tx timeout [ 91.458854][ T5117] Bluetooth: hci4: command tx timeout [ 91.537800][ T5823] Bluetooth: hci1: command tx timeout [ 92.878741][ T5806] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.910328][ T5806] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.942238][ T5806] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.997081][ T5806] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.109894][ T5808] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.136861][ T5808] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.175091][ T5808] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.227048][ T5808] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.349929][ T5805] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.397824][ T5805] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.438629][ T5805] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.457637][ T5117] Bluetooth: hci2: command tx timeout [ 93.457682][ T5823] Bluetooth: hci3: command tx timeout [ 93.498671][ T5805] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.537843][ T5823] Bluetooth: hci4: command tx timeout [ 93.537876][ T5823] Bluetooth: hci0: command tx timeout [ 93.617636][ T5823] Bluetooth: hci1: command tx timeout [ 93.655944][ T5804] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.698069][ T5804] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.743955][ T5804] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.800685][ T5804] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.946955][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.959777][ T5803] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.006495][ T5803] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.031233][ T5803] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.064152][ T5803] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.151366][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.154479][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.202857][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.203624][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.252048][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.252428][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.287754][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.332969][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.333091][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.355148][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.392151][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.392245][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.469861][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.499026][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.499151][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.541350][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.541502][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.544691][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.671825][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.677063][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.761250][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.761414][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.824520][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.838696][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.861306][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.925311][ T809] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.925509][ T809] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.983852][ T809] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.984053][ T809] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.062541][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.151072][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.340371][ T5806] veth0_vlan: entered promiscuous mode [ 95.404713][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.445707][ T5806] veth1_vlan: entered promiscuous mode [ 95.453582][ T5808] veth0_vlan: entered promiscuous mode [ 95.507166][ T5808] veth1_vlan: entered promiscuous mode [ 95.588464][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.622499][ T5806] veth0_macvtap: entered promiscuous mode [ 95.666439][ T5805] veth0_vlan: entered promiscuous mode [ 95.670644][ T5806] veth1_macvtap: entered promiscuous mode [ 95.694211][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.723911][ T5808] veth0_macvtap: entered promiscuous mode [ 95.748731][ T5808] veth1_macvtap: entered promiscuous mode [ 95.750200][ T5805] veth1_vlan: entered promiscuous mode [ 95.780956][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.817276][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.855307][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.874967][ T809] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.889660][ T809] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.894872][ T809] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.907694][ T809] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.909816][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.960393][ T809] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.016896][ T152] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.032919][ T152] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.040354][ T152] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.048069][ T5803] veth0_vlan: entered promiscuous mode [ 96.082985][ T5805] veth0_macvtap: entered promiscuous mode [ 96.170203][ T5805] veth1_macvtap: entered promiscuous mode [ 96.224187][ T5803] veth1_vlan: entered promiscuous mode [ 96.394036][ T1223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.394060][ T1223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.395143][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.459133][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.489176][ T1303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.489197][ T1303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.540555][ T1303] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.565793][ T1303] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.566002][ T5804] veth0_vlan: entered promiscuous mode [ 96.591776][ T1303] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.604562][ T1223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.604588][ T1223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.605563][ T1303] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.649293][ T5803] veth0_macvtap: entered promiscuous mode [ 96.707625][ T5804] veth1_vlan: entered promiscuous mode [ 96.709743][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.709758][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.710078][ T5803] veth1_macvtap: entered promiscuous mode [ 96.955239][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.109645][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.113885][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.113904][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.244957][ T68] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.270579][ T68] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.305796][ T68] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.338213][ T68] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.339216][ T5804] veth0_macvtap: entered promiscuous mode [ 97.352722][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.352741][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.506519][ T5804] veth1_macvtap: entered promiscuous mode [ 97.689991][ T5936] Bluetooth: MGMT ver 1.23 [ 97.837637][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.027389][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.034646][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 98.057382][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.447397][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.517372][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.526681][ T10] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 98.526722][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.547388][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.547422][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.587384][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.587416][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.767381][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.125649][ T10] usb 1-1: config 0 descriptor?? [ 99.433132][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.471368][ T10] cp210x 1-1:0.0: cp210x converter detected [ 99.579553][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.609108][ T3562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.609128][ T3562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.690793][ T809] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.725528][ T5940] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11'. [ 99.746392][ T809] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.746728][ T809] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.746767][ T809] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.760664][ T5940] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11'. [ 99.902290][ T10] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -71 [ 99.906244][ T10] cp210x 1-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 99.906271][ T10] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 99.980858][ T10] usb 1-1: cp210x converter now attached to ttyUSB0 [ 100.021536][ T10] usb 1-1: USB disconnect, device number 2 [ 100.106571][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 100.124537][ T10] cp210x 1-1:0.0: device disconnected [ 100.241236][ T5946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.241257][ T5946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.181509][ T3590] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.181531][ T3590] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.463759][ T5975] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2'. [ 102.466000][ T5950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.466018][ T5950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.487586][ T835] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 104.638064][ T835] usb 5-1: Using ep0 maxpacket: 32 [ 104.641659][ T835] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 104.641686][ T835] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 104.641704][ T835] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 104.641756][ T835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 104.641782][ T835] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 104.641804][ T835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 104.641823][ T835] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 104.641844][ T835] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 104.641885][ T835] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 104.641905][ T835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.762841][ T835] usb 5-1: config 0 descriptor?? [ 105.056340][ T835] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 105.088303][ T835] usb 5-1: USB disconnect, device number 2 [ 105.115056][ T835] usblp0: removed [ 105.170246][ T5997] Zero length message leads to an empty skb [ 105.803579][ T5772] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 106.007776][ T5772] usb 3-1: Using ep0 maxpacket: 32 [ 106.015345][ T5772] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.015370][ T5772] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 106.015406][ T5772] usb 3-1: config 0 interface 0 has no altsetting 0 [ 106.020254][ T5772] usb 3-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice=8e.57 [ 106.020282][ T5772] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.020299][ T5772] usb 3-1: Product: syz [ 106.020312][ T5772] usb 3-1: Manufacturer: syz [ 106.020325][ T5772] usb 3-1: SerialNumber: syz [ 106.038877][ T5772] usb 3-1: config 0 descriptor?? [ 106.055572][ T5772] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 106.082196][ T5772] usb 3-1: selecting invalid altsetting 0 [ 109.122270][ T5772] usb 3-1: USB disconnect, device number 2 [ 109.480404][ T6014] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 109.627452][ T6014] usb 4-1: Using ep0 maxpacket: 8 [ 109.659291][ T6014] usb 4-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 109.659349][ T6014] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 109.659375][ T6014] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 109.659395][ T6014] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 109.659416][ T6014] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 109.659455][ T6014] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 109.659475][ T6014] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.788510][ T6014] usb 4-1: config 0 descriptor?? [ 109.833255][ T6047] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 109.987861][ T6052] autofs: Unknown parameter 'fd0x0000000000000004' [ 112.727266][ T6014] usb 4-1: USB disconnect, device number 2 [ 113.996654][ T6078] orangefs_mount: mount request failed with -4 [ 114.491609][ T6097] netlink: 48 bytes leftover after parsing attributes in process `syz.2.55'. [ 120.386776][ T6162] netlink: 48 bytes leftover after parsing attributes in process `syz.2.77'. [ 121.229489][ T5808] cgroup: fork rejected by pids controller in /syz0 [ 124.691551][ T5946] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.829346][ T5117] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 124.845414][ T5117] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 124.858368][ T5117] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 124.859613][ T5117] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 124.860436][ T5117] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 126.347272][ T5946] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.708719][ T6258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.104'. [ 126.977690][ T5117] Bluetooth: hci4: command tx timeout [ 127.455753][ T5946] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.617303][ T6272] loop2: detected capacity change from 0 to 7 [ 127.745562][ T5946] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.900111][ T5863] Dev loop2: unable to read RDB block 7 [ 127.900147][ T5863] loop2: unable to read partition table [ 127.900285][ T5863] loop2: partition table beyond EOD, truncated [ 127.919921][ T6273] [ 127.919932][ T6273] ====================================================== [ 127.919940][ T6273] WARNING: possible circular locking dependency detected [ 127.919957][ T6273] syzkaller #0 Not tainted [ 127.919966][ T6273] ------------------------------------------------------ [ 127.919973][ T6273] syz.4.109/6273 is trying to acquire lock: [ 127.919983][ T6273] ffff88813ff742c0 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450 [ 127.920047][ T6273] [ 127.920047][ T6273] but task is already holding lock: [ 127.920053][ T6273] ffff8881413eb2d8 (&q->q_usage_counter(io)#19){++++}-{0:0}, at: lo_ioctl+0x161d/0x1c70 [ 127.920102][ T6273] [ 127.920102][ T6273] which lock already depends on the new lock. [ 127.920102][ T6273] [ 127.920108][ T6273] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 127.920108][ T6273] the existing dependency chain (in reverse order) is: [ 127.920115][ T6273] [ 127.920115][ T6273] -> #2 (&q->q_usage_counter(io)#19){++++}-{0:0}: [ 127.920144][ T6273] blk_alloc_queue+0x537/0x620 [ 127.920165][ T6273] __blk_mq_alloc_disk+0x15c/0x340 [ 127.920189][ T6273] loop_add+0x411/0xae0 [ 127.920207][ T6273] loop_init+0xd9/0x170 [ 127.920227][ T6273] do_one_initcall+0x1f1/0x800 [ 127.920251][ T6273] do_initcall_level+0x104/0x190 [ 127.920269][ T6273] do_initcalls+0x59/0xa0 [ 127.920285][ T6273] kernel_init_freeable+0x2a7/0x3d0 [ 127.920302][ T6273] kernel_init+0x1d/0x1d0 [ 127.920321][ T6273] ret_from_fork+0x510/0xa50 [ 127.920339][ T6273] ret_from_fork_asm+0x1a/0x30 [ 127.920362][ T6273] [ 127.920362][ T6273] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 127.920386][ T6273] fs_reclaim_acquire+0x72/0x100 [ 127.920401][ T6273] kmem_cache_alloc_noprof+0x40/0x6c0 [ 127.920423][ T6273] __kernfs_iattrs+0xd9/0x320 [ 127.920445][ T6273] kernfs_iop_setattr+0xea/0x3f0 [ 127.920467][ T6273] notify_change+0xc18/0xf60 [ 127.920490][ T6273] do_truncate+0x1a4/0x220 [ 127.920509][ T6273] path_openat+0x35b9/0x3df0 [ 127.920527][ T6273] do_filp_open+0x1fa/0x410 [ 127.920545][ T6273] do_sys_openat2+0x121/0x200 [ 127.920562][ T6273] __x64_sys_openat+0x138/0x170 [ 127.920580][ T6273] do_syscall_64+0xec/0xf80 [ 127.920594][ T6273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.920609][ T6273] [ 127.920609][ T6273] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 127.920634][ T6273] __lock_acquire+0x15a6/0x2cf0 [ 127.920667][ T6273] lock_acquire+0x107/0x340 [ 127.920688][ T6273] down_read+0x97/0x1f0 [ 127.920704][ T6273] kernfs_iop_getattr+0x9e/0x450 [ 127.920727][ T6273] vfs_getattr_nosec+0x2e1/0x430 [ 127.920745][ T6273] loop_assign_backing_file+0x22e/0x410 [ 127.920767][ T6273] lo_ioctl+0x169b/0x1c70 [ 127.920787][ T6273] blkdev_ioctl+0x611/0x710 [ 127.920809][ T6273] __se_sys_ioctl+0xff/0x170 [ 127.920840][ T6273] do_syscall_64+0xec/0xf80 [ 127.920856][ T6273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.920873][ T6273] [ 127.920873][ T6273] other info that might help us debug this: [ 127.920873][ T6273] [ 127.920879][ T6273] Chain exists of: [ 127.920879][ T6273] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#19 [ 127.920879][ T6273] [ 127.920913][ T6273] Possible unsafe locking scenario: [ 127.920913][ T6273] [ 127.920919][ T6273] CPU0 CPU1 [ 127.920924][ T6273] ---- ---- [ 127.920930][ T6273] lock(&q->q_usage_counter(io)#19); [ 127.920946][ T6273] lock(fs_reclaim); [ 127.920960][ T6273] lock(&q->q_usage_counter(io)#19); [ 127.920978][ T6273] rlock(&root->kernfs_iattr_rwsem); [ 127.920990][ T6273] [ 127.920990][ T6273] *** DEADLOCK *** [ 127.920990][ T6273] [ 127.920995][ T6273] 3 locks held by syz.4.109/6273: [ 127.921006][ T6273] #0: ffff8880241a4498 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x11fd/0x1c70 [ 127.921053][ T6273] #1: ffff8881413eb2d8 (&q->q_usage_counter(io)#19){++++}-{0:0}, at: lo_ioctl+0x161d/0x1c70 [ 127.921100][ T6273] #2: ffff8881413eb310 (&q->q_usage_counter(queue)#3){+.+.}-{0:0}, at: lo_ioctl+0x161d/0x1c70 [ 127.921150][ T6273] [ 127.921150][ T6273] stack backtrace: [ 127.921175][ T6273] CPU: 1 UID: 0 PID: 6273 Comm: syz.4.109 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 127.921196][ T6273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 127.921215][ T6273] Call Trace: [ 127.921225][ T6273] [ 127.921233][ T6273] dump_stack_lvl+0xe8/0x150 [ 127.921261][ T6273] print_circular_bug+0x2e2/0x300 [ 127.921281][ T6273] check_noncircular+0x12e/0x150 [ 127.921311][ T6273] __lock_acquire+0x15a6/0x2cf0 [ 127.921343][ T6273] ? kernfs_iop_getattr+0x9e/0x450 [ 127.921366][ T6273] lock_acquire+0x107/0x340 [ 127.921388][ T6273] ? kernfs_iop_getattr+0x9e/0x450 [ 127.921417][ T6273] down_read+0x97/0x1f0 [ 127.921434][ T6273] ? kernfs_iop_getattr+0x9e/0x450 [ 127.921457][ T6273] ? __pfx_down_read+0x10/0x10 [ 127.921475][ T6273] ? kernfs_root+0x1c/0x230 [ 127.921498][ T6273] ? kernfs_root+0x1c/0x230 [ 127.921523][ T6273] kernfs_iop_getattr+0x9e/0x450 [ 127.921550][ T6273] vfs_getattr_nosec+0x2e1/0x430 [ 127.921569][ T6273] loop_assign_backing_file+0x22e/0x410 [ 127.921595][ T6273] ? __pfx_loop_assign_backing_file+0x10/0x10 [ 127.921619][ T6273] ? rt_spin_unlock+0x150/0x200 [ 127.921657][ T6273] lo_ioctl+0x169b/0x1c70 [ 127.921683][ T6273] ? __pfx_lo_ioctl+0x10/0x10 [ 127.921708][ T6273] ? is_bpf_text_address+0x26/0x2b0 [ 127.921733][ T6273] ? __lock_acquire+0x6b6/0x2cf0 [ 127.921758][ T6273] ? __lock_acquire+0x6b6/0x2cf0 [ 127.921789][ T6273] ? __lock_acquire+0x6b6/0x2cf0 [ 127.921812][ T6273] ? __lock_acquire+0x6b6/0x2cf0 [ 127.921837][ T6273] ? __lock_acquire+0x6b6/0x2cf0 [ 127.921860][ T6273] ? __lock_acquire+0x6b6/0x2cf0 [ 127.921887][ T6273] ? unwind_next_frame+0xa5/0x23d0 [ 127.921913][ T6273] ? unwind_next_frame+0xa5/0x23d0 [ 127.921936][ T6273] ? is_bpf_text_address+0x26/0x2b0 [ 127.921962][ T6273] ? is_bpf_text_address+0x26/0x2b0 [ 127.921985][ T6273] ? is_bpf_text_address+0x292/0x2b0 [ 127.922007][ T6273] ? is_bpf_text_address+0x26/0x2b0 [ 127.922028][ T6273] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 127.922052][ T6273] ? kernel_text_address+0xa5/0xe0 [ 127.922079][ T6273] ? __kernel_text_address+0xd/0x40 [ 127.922105][ T6273] ? unwind_get_return_address+0x4d/0x90 [ 127.922127][ T6273] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 127.922149][ T6273] ? arch_stack_walk+0xfc/0x150 [ 127.922175][ T6273] ? stack_trace_save+0x9c/0xe0 [ 127.922196][ T6273] ? __pfx_stack_trace_save+0x10/0x10 [ 127.922218][ T6273] ? stack_depot_save_flags+0x33/0x810 [ 127.922241][ T6273] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 127.922265][ T6273] ? kasan_save_track+0x4f/0x80 [ 127.922289][ T6273] ? kasan_save_track+0x3e/0x80 [ 127.922311][ T6273] ? kasan_save_free_info+0x46/0x50 [ 127.922331][ T6273] ? __kasan_slab_free+0x5c/0x80 [ 127.922355][ T6273] ? kfree+0x1bd/0x900 [ 127.922375][ T6273] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 127.922398][ T6273] ? security_file_ioctl+0xcb/0x2d0 [ 127.922422][ T6273] ? __se_sys_ioctl+0x47/0x170 [ 127.922444][ T6273] ? do_syscall_64+0xec/0xf80 [ 127.922460][ T6273] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.922485][ T6273] ? __asan_memset+0x22/0x50 [ 127.922506][ T6273] ? blk_get_meta_cap+0x18c/0x750 [ 127.922531][ T6273] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 127.922556][ T6273] ? blkdev_common_ioctl+0x11d9/0x2c80 [ 127.922582][ T6273] ? kasan_quarantine_put+0xbb/0x1f0 [ 127.922608][ T6273] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 127.922632][ T6273] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 127.922662][ T6273] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 127.922686][ T6273] ? do_vfs_ioctl+0xbeb/0x1440 [ 127.922709][ T6273] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 127.922730][ T6273] ? handle_mm_fault+0x123f/0x1330 [ 127.922754][ T6273] ? handle_mm_fault+0xd1/0x1330 [ 127.922775][ T6273] ? __asan_memset+0x22/0x50 [ 127.922793][ T6273] ? smack_file_ioctl+0x24d/0x340 [ 127.922812][ T6273] ? __pfx_smack_file_ioctl+0x10/0x10 [ 127.922830][ T6273] ? __pfx_lo_ioctl+0x10/0x10 [ 127.922849][ T6273] blkdev_ioctl+0x611/0x710 [ 127.922870][ T6273] ? __pfx_blkdev_ioctl+0x10/0x10 [ 127.922889][ T6273] ? __fget_files+0x2a/0x420 [ 127.922905][ T6273] ? bpf_lsm_file_ioctl+0x9/0x20 [ 127.922927][ T6273] ? __pfx_blkdev_ioctl+0x10/0x10 [ 127.922946][ T6273] __se_sys_ioctl+0xff/0x170 [ 127.922966][ T6273] do_syscall_64+0xec/0xf80 [ 127.922980][ T6273] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.922994][ T6273] ? trace_irq_disable+0x37/0x100 [ 127.923010][ T6273] ? clear_bhb_loop+0x60/0xb0 [ 127.923026][ T6273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.923041][ T6273] RIP: 0033:0x7f548df9f749 [ 127.923062][ T6273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.923076][ T6273] RSP: 002b:00007f548c1dd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 127.923093][ T6273] RAX: ffffffffffffffda RBX: 00007f548e1f6090 RCX: 00007f548df9f749 [ 127.923105][ T6273] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003 [ 127.923115][ T6273] RBP: 00007f548e023f91 R08: 0000000000000000 R09: 0000000000000000 [ 127.923126][ T6273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.923135][ T6273] R13: 00007f548e1f6128 R14: 00007f548e1f6090 R15: 00007fffe4569a48 [ 127.923153][ T6273] [ 128.223776][ T6272] Dev loop2: unable to read RDB block 7 [ 128.223822][ T6272] loop2: unable to read partition table [ 128.223954][ T6272] loop2: partition table beyond EOD, truncated [ 128.224072][ T6272] loop_reread_partitions: partition scan of loop2 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 128.766333][ T6273] Dev loop2: unable to read RDB block 7 [ 128.766377][ T6273] loop2: unable to read partition table [ 128.766509][ T6273] loop2: partition table beyond EOD, truncated [ 128.767424][ T6273] loop_reread_partitions: partition scan of loop2 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 129.057968][ T5117] Bluetooth: hci4: command tx timeout [ 129.257990][ T5946] bridge_slave_1: left allmulticast mode [ 129.258015][ T5946] bridge_slave_1: left promiscuous mode [ 129.258193][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.398449][ T5946] bridge_slave_0: left allmulticast mode [ 129.398474][ T5946] bridge_slave_0: left promiscuous mode [ 129.398649][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.879973][ T5946] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 130.957855][ T5946] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 130.981953][ T5946] bond0 (unregistering): Released all slaves [ 132.887627][ T5946] hsr_slave_0: left promiscuous mode [ 132.900032][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.900080][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.937519][ T5946] hsr_slave_1: left promiscuous mode [ 132.937977][ T5946] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 132.937990][ T5946] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 132.969837][ T5946] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.969860][ T5946] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 133.028772][ T5946] veth1_macvtap: left promiscuous mode [ 133.028809][ T5946] veth0_macvtap: left promiscuous mode [ 133.028873][ T5946] veth1_vlan: left promiscuous mode [ 133.028921][ T5946] veth0_vlan: left promiscuous mode [ 134.607893][ T5946] team0 (unregistering): Port device team_slave_1 removed [ 134.798268][ T5946] team0 (unregistering): Port device team_slave_0 removed