Extracting prog: 1h32m43.410853057s
Minimizing prog: 43m10.57340158s
Simplifying prog options: 15m10.696185225s
Extracting C: 5m14.191120235s
Simplifying C: 0s


extracting reproducer from 67 programs
testing a last program of every proc
single: executing 17 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$urandom-socketpair$unix-connect$unix-openat$cgroup_ro-mmap-syz_clone-ftruncate-sendmsg$NFT_BATCH-mmap-madvise-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-sendmsg$nl_route-sendmsg$nl_route-mremap-syz_open_dev$sndctrl-openat$audio-fsopen-bpf$MAP_CREATE-close-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$BPF_PROG_TEST_RUN-fsconfig$FSCONFIG_CMD_CREATE-close-socket$nl_netfilter
detailed listing:
executing program 0:
openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x12, r1, 0x0)
syz_clone(0x81000000, 0x0, 0x0, 0x0, 0x0, 0x0)
ftruncate(r1, 0xc17a)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a200040b5766b01040000000000000000010080030900010073797a31000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000008c000000060a010400000000000000000100000008000b400000000070000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000380001800c000100626974776973650028000280080003400000000408000140000000170800024000000012040005800800048004000280140000001100010000000000000000"], 0x100}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x8031, r1, 0x1342e000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x400c0c0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000240), 0x141802, 0x0)
r4 = fsopen(&(0x7f0000000040)='binder\x00', 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x1, 0x4, 0x8}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x1, 0x9}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18180000000000000000000000000000850000002e00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
close(r4)
socket$nl_netfilter(0x10, 0x3, 0xc)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$char_usb-read$char_usb-syz_usb_disconnect-syz_clone-ptrace-socketpair$unix-ioctl$int_in-getpgid-fcntl$setownex-sendmmsg$unix-ptrace$peeksig-syz_usb_disconnect-close_range-syz_usb_disconnect-socket$inet6_tcp-setsockopt$inet6_tcp_int-connect$inet6-setsockopt$inet6_tcp_TCP_ULP-setsockopt$inet6_tcp_TCP_REPAIR_QUEUE-setsockopt$inet6_tcp_TLS_TX-setsockopt$inet6_tcp_TLS_TX-setsockopt$sock_int-syz_genetlink_get_family_id$ethtool-syz_clone3-socket$tipc-bind$tipc-ioctl$int_in-listen-socket$tipc
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r0, &(0x7f0000000000)=""/172, 0xac)
syz_usb_disconnect(0xffffffffffffffff)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000000040)=0x8001)
r4 = getpgid(0x0)
fcntl$setownex(r3, 0xf, &(0x7f0000000140)={0x2, r4})
sendmmsg$unix(r2, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x40015)
ptrace$peeksig(0x4209, r1, &(0x7f0000000000)={0x2, 0x1, 0x1}, &(0x7f0000000040)=[{}])
syz_usb_disconnect(0xffffffffffffffff)
close_range(0xffffffffffffffff, r0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x5, &(0x7f0000000040)=0x8, 0x4)
connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "b39625e03be22ead", "8da0640c9e8f6b81143f1a1a6d81ee2b", "3b0e7088", "19a4216dfdbf6602"}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000080)=@ccm_128={{0x304}, "f64e4099107323f5", "53c272d8b763f690b35605dff8a4a8d2", "3da2d199", "72392a24199b5903"}, 0x28)
setsockopt$sock_int(r5, 0x1, 0xa, &(0x7f00000001c0)=0x2, 0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r5)
syz_clone3(0x0, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
ioctl$int_in(r6, 0x5421, &(0x7f00000000c0)=0x7fffffffffffffff)
listen(r6, 0x0)
socket$tipc(0x1e, 0x5, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_mptcp-openat$uhid-write$UHID_CREATE2-mmap-prctl$PR_SET_SECCOMP-mincore-prctl$PR_SET_MM_MAP-brk-syz_open_dev$hidraw-dup2-syz_usb_connect-write$cgroup_subtree-socket$nl_generic-sendmsg$nl_generic-rename-bind$inet6-connect$inet6-sendmmsg$inet6-socket$nl_netfilter-sendmsg$NFT_BATCH-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-close_range
detailed listing:
executing program 0:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x70f9a000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mincore(&(0x7f0000922000/0x2000)=nil, 0x2000, &(0x7f0000000dc0)=""/4096)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000693000/0x1000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
brk(0x200000ffc000)
r2 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
r3 = dup2(r2, r1)
syz_usb_connect(0x1, 0x2d, &(0x7f0000002280)={{0x12, 0x1, 0x200, 0x5, 0x92, 0x2, 0x8, 0x681, 0x5, 0x56c0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x7, 0x3, 0x40, 0xf2, [{{0x9, 0x4, 0xfc, 0x8, 0x1, 0xa, 0xf4, 0x77, 0x5, [], [{{0x9, 0x5, 0xf, 0x1, 0x40, 0xe8, 0x6, 0x95}}]}}]}}]}}, &(0x7f0000003600)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
write$cgroup_subtree(r3, 0x0, 0xfdef)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x30, 0x40, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}, @typed={0x6, 0x12, 0x0, 0x0, @str='\x84;'}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
rename(&(0x7f0000000580)='./file0\x00', 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, 0x0, 0x0, 0x48800)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x30, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x63}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x3}]}], {0x14}}, 0x58}}, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r6, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-socketpair$tipc-recvmmsg-socketpair$unix-connect$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-syz_open_dev$video-syz_open_dev$loop-ioctl$BLKTRACESETUP-socket$packet-socket$packet-ioctl$ifreq_SIOCGIFINDEX_vcan-sendto$packet-ioctl$BLKTRACESTART-ioctl$BLKTRACETEARDOWN-setsockopt$IP_VS_SO_SET_ADD-openat$misdntimer-openat$nullb-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-sendfile-read$FUSE-rt_sigqueueinfo-socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e40), 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0x609cea4e, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000000)={'\x00', 0x81, 0x101, 0x2, 0x4ddf, 0x1})
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000080)="18", 0x48, 0x0, &(0x7f00000000c0)={0x11, 0xd, r4, 0x1, 0x0, 0x6, @random="42b106616fdb"}, 0x14)
ioctl$BLKTRACESTART(r1, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000200)={0x2b, @private, 0x0, 0x1, 'wlc\x00', 0x37, 0xfffffffb, 0x14}, 0x2c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0xa0000, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
sendfile(r5, r5, 0x0, 0x2000fb)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x3a, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet-setsockopt$sock_int-syz_usb_connect$hid-socket$inet6_tcp-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sendmsg-sched_setattr-syz_mount_image$fuse-read$FUSE-write$FUSE_INIT-bpf$PROG_LOAD-socket-setsockopt$sock_attach_bpf-sendmsg$nl_generic-fchmodat-openat$audio-syz_open_dev$vim2m-lsm_set_self_attr-ioctl$vim2m_VIDIOC_REQBUFS-ioctl$vim2m_VIDIOC_QBUF-ioctl$vim2m_VIDIOC_STREAMOFF-syz_fuse_handle_req-sendmsg$NFT_BATCH-close_range-socket-setsockopt$inet6_group_source_req
detailed listing:
executing program 0:
r0 = socket$inet(0x2, 0x1, 0x200)
setsockopt$sock_int(r0, 0x1, 0x48, &(0x7f0000000040)=0x3, 0x4)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[], 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000002200)={0x50, 0x0, 0x0, {0x7, 0x27, 0x2, 0x1dd880, 0x0, 0x3, 0x3, 0x3, 0x0, 0x0, 0x0, 0x5}}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4080000400000006110540000000000a6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2}, 0x48)
r5 = socket(0x10, 0x803, 0x0)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000600)=r4, 0x4)
sendmsg$nl_generic(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005200010000000000000000000a00000008000100", @ANYRES64=r4], 0x1c}}, 0x20040000)
fchmodat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
lsm_set_self_attr(0x0, &(0x7f0000002380)=ANY=[@ANYBLOB="6d00000000000000e50b00000000000020000000000e00"], 0x20, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r6, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x2, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000200)=0x2)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000009b80)="50b11747d6822c403d2e292ca265ae242f69d1baf07e8db9ad0716994717df62acbcd4ff57e3e37c7fa55330d96f3ae735f0b7879e13ac4a5b82a00649725fcdd8bc513e1c7dbb9ab9a66ea421ac231f677e50993bc669389d4c28140c0cb20fcdeb39fe8963f759220c33c901891e58ed9e9c97c473a5103ad07ebcc55d6a8a6b78f2db24fbbc39e86aa01fec234db80b009bba10bf5c95368489bac22d32fe73367dca9bf2e3dc398b18c63cb90d5d1a313cd25650ea28424882abd498005a60af451da873630495c2bd07f342d5f3de97c4ed62d454a0ca89d7c53792fb9266608d3525377e336e79cf54957c04e8abf1508e54e7b254cc730fdc8d010e5b1e4cb23464eeae445b6bf6fe6e87d5e45a06a97350386d766d695877fa1b0624de12c6c213908f2286a2363e02f4df497074a0bed6f7bc4c4cf5ba0a19c84f9021112a13daf592bec368e837d5c26870be4f1ab35f821f59bf46e3afeebcd4c1feacf28292e7069fa30dda3da246e3faaa3bb95719c69f02b76107ad47f1c526570ff628fcf705279c28b84a249ce36e927a784223d6bcdf4f9ddec51af87a6d308e6a0f4b9d01bf0c9eaba27f1a1c8637c1f42ebc2bb7dc93ba617788e140941b08935b6839b65c7486b4cd09f6a17ea526dd852c8b0242b6598dc3cc982f77c51db6e64df3335cccf419e38df41540067b106c699dfd1eb06c8debfc41d72346133d5e4cb50b5f2a19f154a8905b0c2b43bab0b11779b750362b991c88d34070286ff6ad42f30329a324877ecb1652564adda10a6064d5d5ce49f48409b2b568e059a77126c05072bdb5c38ef4791a985b24bf1d5fff34a45af5f6ee491eb922d696f0358cc35d87e97386149de0042ad067e3011fa0b4a6baa6215581a88fb67f3a113afd431ea70a92e11d81d8fb170f97953ca84260a93c2e01bc8369bc2ae4b995c0de707586bd4200723e17e1eb8128a6d5b4d59f0c34b2b7ae3229e97271c07e91b384d9e8c7846201a73a2e32b79f57cf0d4af12df342792b73810df698020280e9c5eaac577979e71a503b7860d7c6a6a98969e155aedc10c0f288778346ab5f4c7937a9c933caa4099ff25582e694af36de4da7acc4c5eda8ebbbbb70616224151c0f7a0e3d1fdcf27cb2d73416d2cb01e2be8d00685b1a7a5e7db3e48003d88993d34fa522de7089f25da6b86fad8e237a8dc3819942c59c5097664b8f88aecba45a9f9a59647dc32d78c0cc4ae728a30330c7df606ea11bc2bf16f0937a7491412656ddf8a91534cb1904573d1109f7498f146215aca96c11fa0c4122728bcf6705c8917403c425f4280b45981917e03830bc6a6d30bd46ff168ede03ba8ddb5478ace67254fe922cd4252cc8d94531b53b3bf074cb53c6ce923e29e09c4ed434e619e53d67150ee213876fda26d83cc814888b1d9471618781c9e2702363a86995088cf82ef72d47294a6cb102d617280df10a41bbace59dbafae9de4ecd669353d35c79cdbc8e2690e299f58dee2657d26907d10ab70c6941d08d1b63c6fe5eaeb2a7e4f64f2fba65f8c351e9a0d5a7443fdc901f1f48ac3871e417bc639983a5a6b4d541d321a97bda21fc41a02783f591ca3475ec51049da030c2f7291ca62cd3eb67de3ab86e180af3919edad86617f59fd17cb2c7ea33fa5dfeae37c947bb4cca26a3a02287aa5531013fd28a030c60be88624de3df16fea135cea6da3dc0192ff081ce9e4a29e7f6c204d92e90fa335308c8d6a722e253603e03d6884f5d45ced1924d2cc1e6a2d5bf1d459034de2248e7faeb7fca0cf841049a0449b24fd2ca8b8fd389437302f18946d7394775c9ba44a6602116ba9b0aea43b65af111d5766d4263e614d0719a40ad5c1757c14616d6a4413d9b1d29e49b7676b311042ae381b9240747e2a2a754c20d4f673f046083f5b742b732e83e6fb1361a0d510d72a63529be3a02bb5778c7f341e62a516a7ac3eabedc65eb3b842056bc37fe03cfe910676803dcd2b7038df80cda342d3c478158983621fc8af66a276dacb5bd187d4205a42591ec6a0b8cd2b2560b3de60cec3ff0baeef5e4baaf0b76e5a2a6b92205267a5c9fe248895e71a90b05a07a9d929d905d601a7a7036951b55e6d82bfd1dfca1c12639907147fb201864c05b7a7bfe5e26ce28c4484aecac96fd6f964cac20e0a7d552905b1c7a3c796eb93ffb49d6d29fd25206ab17222cb1f45c3c0f43398cf53ce663e42f756c962c014a42c108327852fa52378f8190fd71a7847eebb32351238d040b73b33fc899904777f31aac8911c412cab86a76e470ccfc8f7a22fe6c029e9a4145c85f28ff5c4e2e521ac77835eb99a6462d8795ba86cb383751114fbefee1c97246ae8fa005d5d9a11dd1aad36aee1ac98b57ba8cdb113297b113fd2ee54e749640cfb1eb914e379c8bb2dd967504266e265557fdc01327e00de86c950ff1255ad68f6b766dda2f0f572a18fdd0a53fb37b18d5dff10759d74b0ba96854ac184b0ffc334b85a9a8afe5e7d5bb84373fa91042dc652ee7fe1b9e86097c0029041ad4efb8f7bbf7f99990fff7a677885e01f6b8fd939daac1c9e721fc87c8140b8546b227e4476404e6ea5b6f499c2567bbb8c5cadcfbd3dc8feeca191a28b96f7c20b56f20b98e7e6a6b7d304965919e10bc658e9a641cd64a7c5e1f8b024e58a2f1b1ebae2a10a3ef9b38b9070c89def8a0b970fd75c99092382e97ead02c47025d8548dbd15c707974ed2e78a39958402558b3b983878efea864b34c7bbeb02718f396bfed5f06e9d96946e66d54ffaab14d20bf5e3783605bc6b599edeecb1ab00d7fa9673bd6129fea4d57d093117c170d8d6f4657eb96775b06ebb4d33238bf554c031b3889b270812da6f34a163fb9bbb1f16303ecae540a78c1258fc4115b674e194b3bd33d0c5874fe61bbd81091ba925fb1defd1f13ec9fdaee00e6d0ab02bd9d0d3b3c5e5a45811601384ba1a19b98ff1044810187ab82a9d90e6c62dbd0298b37754fdbee159941df70045c29b7b2deb6053b9e4a135282dac1ad194d36d347da5f65ac1d1c307292ae667bcea3a648ea3a53dc7c9175a06bf0b8536436e67147b88b99c5b181923d07bcc8935bf7ef5f4f48239cc511bb7cae0c0b7fedf14300fa7aa9ab3175785f46771a9efd6363bb7cda28e8456be480af9ac709d94c7c0d8d899e27d3fba1329334f9a145c70675a0722823eea84b399a06582aa6ae934420f80868212f71d9ce9cbd8f7ae228144dcf3bc56db013f467e1560f6aa7423f9b9f776132a0eec54cfeea66b3640e2d731be12678ed83f08615af9ffd31ff3ae0ee554a2ce96f7f2eb461e880e1aea46712876a03add6c219845a9dd4e71ea9b8f467e85d6706e019b77da5b73557723591ed61f7919a6ae48bd94ce2ae6ed6af9ecb9e41b9ca0a38c2a4d24ac971f19c294ccd19a4f8869d33ac2df588edacee203e38ecda11c5d2ac70182f12e14523487963decca94cad84dd7e027bb07edeb9b3a0cc0f774d1bbec9700e88555fd745f707cabd78c7b8e868cc89ab8e735f6c7561a14c776e5ea73b807ad6c2469e20c2cdbfbeccce7a96927ee9219962e519e61652674ce591da2bb0dd60311ad31ea16d1c6eab2f89f6b5b02639cf871b37a9a40c541e68f31293a32f2a057ac3fcfb3e16cb8edd9166aff7e65ccc490385bbcb74d0be1702032dbd2d6c7757267765b051179e43b16773b73583fce72e19830998aaa021d8593d154ec64a2295664971611f8d96a52a12e5f4d1809346729d46d5f6f25542f41c93de415f4dd4cfb2b83d1ba8cbf1086da690e7d7ac2efb84914f2fa530d13ed548c6f598322defa8eaba95b41f3135884141ba495794fe368ffd1fac1a5009ad9430e032b6ba7d04c7f34fe938fb350bff445563b5c5846214373c4f262d33b70c72d295c8c73ce907d741b86826b10c7267eb1d7ad137e5744e52fbd48a4229ee75d980e9ab08b5ac280ee4faf19d5a19a220602c957cc9d3e394cdf1a7a494b21489f54c62441fef0ff0d4cd03bb1b6cf0ac3793046224ce3ab8fe22128a07f5bfecd26cbb2ca8aa74c009591d5b2dd36bc0b1974f2fdf87e0c2f06de06ef6ed995d984ab76adff0b9ab9e08022f69a8bc9005e6c20dc77b124fe5da958f91c64a02fef3af2899153459e6796bf29419c4de7c403b2919dea2ad9ad77f53f1ee873e8c3ebfb665883f26f2bfb42cdcaa2fe59e502695d80552c176cdd6aedb3f76992d7fe881602e20978a90a5295590439fb7e255851b4580bd5a21fb9f0755c9b547ffdf12517cb82fc3ed5ad960ad94607e84e90674d5e1e8068b1597ca3b85483141c34b9bc441f89ea85867c02b6a26575fa35fa982bb9f5b00b9ba0d68a1f88038728d8494915b5c85da0f701e5da2fd54b9d8a6c13b875e33743e3c9543b3f2d5b3c62fe48d068678b8a409f116584fb786a242fb12c0a59b34490b0b339cdb84b6f19cfbf68bf27a63961f1c2769e5b481600eeb45d713921a96d398d2c20bc9e2bd4bde46a12d764045877723164c02796af30de5f371e87c98afc1863c35a2b7a1da6af640f14c3ef30a26728426ba5742bffd32e047cb19f2412a707a0734b76f063925df581bf7e994cf11f72c73f285c8352413edcd85c1bc34d1a3ec8bb2073e596129884b2a6846973da06276fa64a4a1ac5e60952c302227a22c92ac7391f02f6b950838c19dd80bf6ce9fc540f9da98e4ed12eeb205fcf10c9ddd11dca7269dd2a4d75635c5ba52be04ad46bcd5a2bbd1e08289b8921ce3f0f36bc491a2df7d03f4f085e481b0a381612ec40c983b7e3688da11bae1937ecb9741fbc03c4e6a09f6bb97388e63ae2c94c9700180c47f90c37d991ef84833a61db647f8a14f1ddc19a5164d3602c34509550f2b068b859645c33f00483a4664f583072e221468ceef4c8f44aa6b1a8137d385d19729ba2ce6add2bb34e0a4840bcedd25373379a9d0e84afa829afebb7560c9417eeb19890ab9edab88afded20febdc9b8b9bfc8f0b8c58bf19db81124ee327b4cbe6e007fc00089f1c57ced6c9df212c60ece3c79e1d15c208da510c407db8414b9742f1e163dfe79cdc4ea5234e8747a027fb306e7db71708954090c37f3297f7eda75a2cc6d2f63d1b830706048d580d515beb95cedd63193fb0436f7754ca0678c0660a7f051daebc35ebb3a2f110a75c7c76d43133787b0dfda522f6e45a6abe0a0a65f7755146f705a6adcc3bfe861555dbec4957a98f17a6d6a372701f9e638ba53b4c195589cc457637df08d65bea188c1dbd7be40a3a519fb3ac09aa711d2628738b80d94fb59fb75dbc8a766e931f461f611168da51080e69bf503e33227851bc6203e0cd1b6cc1c63f42868d5d32bab680fa323200d2f41e1264468f9980ef00f409f06edb61bd47f19bc98e36dd21f8483efba942c952fc843764ec5e1ec30f6a370703324acb147434284885bc2249fd5ac97b6cee45d297400d0fd64c0e1d3b0379d43c67e47d4e323ad6504ed0e377f13b3cd458236a7cfff1fcaffdb94b2afa0d8541e2ddd51bebe5bb35e3566e4240a2f5bab3048b78e2eaea40406989c2e338756d199a8234d28c810790afe1bb2d3a0c98b60a54f38810a041e6365d7601eac573089941680313ff1c667f95c0319a052c4ea6a4fceca111d920a1672e785d778805e9e0af6d46f8db261de30ac30f3cfee13380cebe0a3aed23e2c3b8800ab00ef825c4b1b7f28e51fe92f6d3b03ae291607616d56a491213f3777ef581436d7964c8782640865bf767703c9038b45c895c9991cdc232f24963c3cecb0373dc4ec6d421daa96e986507efac5964b9a102edc02bddb6b314610ec6dc36a8e379593efd31ae32cba80c65579b76fa1c54554eb6c7a503fd21b6584bd1eb160d920aab21038ca95fdee0779cd761ec02e7d64e225a8e5c377dfe27c4ba4e2adc7f4460d65213c08312e671afe740daebceb5fedd1ab4ccca792862bd76b4b26a568fa0bc0ee14b9661fb2d7b043bd91b2975b677119532098bbf8271fe9adee0573b170149950c93fe8e50f5d39aa7f36a742e28e0c509d70403e58b14585c0a0741a48effbccc441f90c9102c1b61102156e59b9734d1565519f63ade10283906280898551facc5332b9f1034fad98b7dbe18187482d0b2a48120dafbbd698869fb40ba561b4330c5118f8225e033dec5e45c30937219dc9110b7c452af3932d40ec3b4ff6d644410461cc547d669dbe44c4e5d1095f5c26429fc664ca56769f7b51396a7636e9234fed751940fe6c0505c5da8a63af095befca386060e68f03432a162978eb7a4bc392070c21517a5496d8a336d9220cf595ef58eeaeab9af28369a7b2c4ceea21bc8f9463467f0ee3faeb30b390dd348465fb578a6fe485e5d0b528c92fc7bee3f6e16f1b43f3cd39b0a40a37a2c80f7d43ff8d9b8b6d31c60840fb05cb3518bdf95b2c747419368a3bd4bf88288cc6d8606c626862e0526832af026039b47d072bc998bfa10aa2e6555cfac9441c0bd9f54cc063fac57501483a8f9c7e2c8c98ecb9f04e5bfcda5864b2fc18814267e1ee9f4523aa5eae3edbd0a21e14b64a72e8fa2ad9702ea1cc33584da8a69b6765704be9abac81ad6544814c683511c50b9cb9a38f78459c3f2544ea5646a9560db98c2a61c9883c20f16317f834fa989fbc5ec50e06bc80af322f2cd3f4d42cc05cbfffda76af890ff886bbbe1a05ec9dcbfb69005e5070d0577ed62212f4a10587313ca324b7583f9ead0b697e26db128bdfc8cd993003035ab2eac1aee33f8ec6633d03fde1cbb18fce193b63aaf92de45eedf1a93a2a1d25e612965297dcbb34252287cf9ace9f7447a59dacd1e2e69b382cb625f492f9c39a101bc36a4d390f42d9826d9f002697d561842a1d5be4cef4a9fa0e6a0c2c542ab88bfd1bacdcc7457b45d41cad4e72bda2f7d5459460ee7f9206d9cb50c3ad358a155b3a1b9c024c981bdbf3bf045cbcdd9f9362feaa1f715f294945497956c6189495303c0d2daa695f5600cc3bf330ea4c1a79b5b726a1ae7864f7748a76b47c5f19c2c3a99b2893eff199d9d18b7d7f23ba3925212219047d31145dcdc4de57b51d762c3f3d82602366c4fffc3180e94c58fc17e0e30c5a7da180cc5df579376f088782baecc44029b42843562d60dc53bd293f0320dd7f5e557846529a22f4e26d70a09f1d3d4d9cad342cbd86cda8d7554cb9993ad8887906de8eb98aa4fb367ad16648d1e2c29c9abbea63aeec634fd3825e442a7e5e1d762ac8b0daa20d045c298a9fe44c8025673030146d4f3083b115c99637e3b9ef6f0a96d9232235cb74ac1df4cd50e804e73c239372afa5c3d9d8314765ab0c49168eda1451478611bb9f4ce3f6efe549fece5691b3d66286b111c918b71de8b55c306930feef596b9e725b94467bd558d71336505b18d291055435ac93c5f2141e93661d29c91615bf21ae957d1bc4b10ede79a25f11469cc6d271c8f8d111e87902f425412be72ff5bf09d17d0d7e1405ddb1cdc10d616c6991173f09a1c246d644c785855a44d137d9e98bb320a7f60dee883ed945e11ee84a0e6c9a764d9bfd2e14742c6cefbbdc064240ca778bad305f0e2d66961e696d45f3f2289ab06bdcadbf352699be0233131114b767725c0f31ec588ee3dd60af55576efec24e295f915d560a7fe5832b9dc10dcb6a6b898a2daa1b20c8cfe2ad6782a93cea070e098a25f72d92cb793e1701308a3f2d69d826a571e9c2dba02f17840bd890e9f3b40aeabacc6c625fa25dfe805e3253bcc1f98eebee91e73eb132e33a13e882bf2427e6d385e53e2dcb20f037e93be1de07cda7b2d9f768a988bdcbbe16dc350e064857c06867a5ebccf2ef9f63522077f9353ef7562b77f199ab6630732b85e30b7a6838823d5c8b2f2d4aa257ad91c3d0b01652f2f47dff1a5d0b1ba4c79de90a6bbc4d1d30fafe8514793bff0aa9a450ed1a560505a948b7e3e7255d14f52d3e0cacf3a69e0526e0eff0d0b668c474841ff3eca5f2fd7b3b621631f236b5d7c44584868b73c64ae15ff464ac3c6eeb6d7c4ee423a3573acfd5270be643e3625818e734c01c0f4ac403b0649c0f8691b9e3fdd4d390d2aefb8c6b2bbee85c9394a0e78013f6d737d9b9a7784868b64133e41f47f9fcf013656bf426741811b2c768d2a21e246d6bdadf37a09b0bed69eb47bb69832bb908060c6855e2f584f85ce1d2090a60192448c5a1b2adfc2633cc6cea0ba6dafe570d961ba6bd5c178ca862762de6bf970673f54fbcac58745d0631cab35154ce61ef54c9de7859b1a06746dd402c090a3d10b8f2882769889cc7840e1b5e63cdc1d0f6dd720d00e312a755025b71ec25aef7c1c56432cb38fb0affca7e01080a6ec7f81f0a8278afaab95ba58936eac4255514fdd9529a2cc3c64c846dcc6c82be84efbc9eeae9d85c1981f06b41136f23411225f17361f123c156464dcade756c80b7f5d90f4c6b534f7929146e91a305b20ca1128321345bd580f96663f167868d2128a63a869215e2913a19c7ef801bb13679bf90efa1abd06183f37aee170ad36d88649a9219f6f4113ee8fc5e94e72f074ce295006f6d2f0253cbcbe610383bdcc17a4387ffda3ea717a678092a90b4fc2669d90108e976274e64cfcdee5839573f63952f079874ed1540a89f729982df9cb31a5a27c96e1f09b73794b282eadc7719546c778ee51f547682f44f9ac4b09640c43d78dc57e64c6886e9ddcf4a6df2388fb8ae346563284cab5d93298c02aa76b8144c806adfae987db4e9ee826030a2a0f083272f8299a1aec76b17d30e2bab99848e393933e7f570fa5c171728377316689f2f207e59ecebcff5665c8198bc41d3c0ff734365df176c1cde67d84e93494908f8a16a0784da3a3c48d67185c4e2a9720f8221856dcd2f2a4ff0d8325003745209c4c796440f8a28db1e83d214641123d3daf1e61279cefd90739a32fbdaf1a4041e068277b2a31de9f1e34519e309d923be5dff1193782c900cb9229a81fac3c05258d95c992d39c9277107ca6f8298e2e03046a87c51978895fb357fa8af5284ab4018141740b90b588c9f15057aa033ebcf2afb41715b4d30d057439cebba113ece1433182df041b48a1a9e90f405a4763026899179bf728e45e122c069b4a3c7381fcaa187e1fa9784e8581c298d4aab3d9df8057c893c0ea07028bc8c97359e4b8f59d1969953d8dc9c7a3e4f63aa2efaec5af4e62ecd6e6b8c1b34e17e7a4b18ccacb9eb9171f365b1a13d761cdf3525c7d3e16ce8c128931060aebaf59b81828cd6813c426b5216d9a5b1f49813500b05512284f6a993146ce160df74634d041654b41cd4bfad14acc62d0f4d7995176ce6791a29ab1b2a898fa0751fbbc4f877c6f11383edc67678b37a23a6a431d64c443aa0380d36afd5925c79799d042f2932f70148c69fd2ddda80180c71870f1be3fa2788f4d82a06e29d0544deeb0365a3047c121049574a3054a5c530488d22d3f106763998e3edbfcd989c8a919b70df19141342522af8fb8cf83322c2d0ef575f640adcd70e9e4cc483b8726a0fa420ec55075dfca4f144662558ef1bdaa41643af55e3b1db151c22ec83c90d574797a8881faac018e2342f7161d959f9b13a5193ca13d224085291b0ad4c51cec776ab5c74bbdf544ea9f53cf43ecf69780dc0dd5369939989e01e5113c881b9f7f12117fb433b2bc0aeb521cee7a6a2d32db0d0fb4c87eba7f61f35f7eed39c9c3720a562f02ca0ef7c292274a1dd4a5644e61b6374c5f8d67c27cc2d6b6bc81a5bce637b569118c449b3805d548eea41a301e491bc50c2deb8cc241c2a781976ce8708118ad82d33f9fc6639033cea15091b311c2ec96be1cc2b1866179911d9cc012adfadaaa0ae5d42568b8ccae833ed30b0aca93d87aaa1aadf7cde62dae506a8186f63696623a3c764c7a43184faf5a24792382e53f89e30204697bd201dcc4443f11a6ddc79a610389109f933d0e911680a9df0a14ba2add425391169c452b2439e51a8ca7c147c2efb5879ffb6dce33498836c5f8cfb268c62827a4ec349946a313c362003c82f71fb42b37e04ecd74fe559aeb737059033ac19f0735f9d094242eea2399cd57c2c053d14ab708d9419769b833d119e271ebe06246a10e7713876c59b9fae9860cfef8d7671293ce0c50d1e6afdfa351927e3aa68a54f05cfd6943ec10d98fbb8199da131e50fefe8b0b32ca561ace46f0c21fdfba4b1162caf1ed2a5322f6bffc1bc97fdd556146c4938165d8032fad6bbf38fbbe42b2afe79873c8c1b622ab9a750f3dd7ecedf3e310d478d7058c0a90c33a2a7a7380f61b457db9f68844d3405608f14e0040ed2ba8d99fe5b8c373ebcc322957a02e9fd24ba5cc8e9acc8aad0f6e80a00b113c6cd20656037074098249155581e10a321fa8285286da3e3108f7b8e6d2e6506f8fa4df3075b3c36b4a33b0899fb05bd74f6faa57280fb6686f20cf613a1ada130d3661502aa9c2e861968670bec121bda18d555efc1d706cb2b5d7d6fac67e1c4c4920a5f257fbce9848861377e624a54dc08383a3bacaf66e81f9a5d3bd30fd6bb132c2a7903a821b008714dce1c20954ba0dfcd94ddd606e3bdff3851e9a7219023d4db7bbe57382d3d286008312477e79fc92f21c9f67b24108279fd972d1f9035d80f6ac42e4ed5d1d91d544d55e74fbbd564b16a4536d20f609cbcb043307de321478134bf65aa1cf990feac1539b268283aaca8ce9dca398e0ad96733aaa9cdf7e4639b47a817bf69c2ff07692c262099db93dacea55fc8c2ea5313b2fac432a0e9110bd413672738be7afaa95afa04bbcf70f14c7f45ad344c6ad417257f94eb56be33a93aac3b2e6fd8046ff4cf250eef8ecf084d8161e266b2c90540729c41a56ccd0d933dadd7cc32e60c4bf600d82a62fd9f2ee4c74bef4c6b499a3a35b6ff71413cd30302001dacd8dc4219a9c565b75e7fd436ed1d1cbe5bb03a1bd7340cdf2304f4c4e9e25949396adfa855bf647a142f1717bab399993511e984f60ac71956e32e6ece7927b8f35703b3df06e598568c37ec7703be1d4436069a7c614711a5d95158c00b154dc2dcf24f50886366ed347112420adef713185e71c8b5b87d978f8a8149e572260465bd21d65a03468e44fef91b9ce891ce359a396dae0a345483dad902707a1252757752afc2197d6e3fd973e63c18c289cd63d88403175bb83ff9327842be4f54d14bdfcc5dd4f376de8a3194452f20ebcb3d15349545e6cf573ceed6b9f08765eaffc2f7b4af494fed9d0ecc0af63149eef699e9082356a9a24269fd6136f4f9d03094efb847fad7c83ee00915b1bb4e09bfb83ebc6ff1e5d4894c9de9092eda25c90f61c705e3e5fe204242598ec13afe2f71a2b4d4e426fdb3af88f221fbe399fdf1cd304663c8bdcb3e091bb4fab8da1226dff97ff940883c405db4d1da3dd981b77a39f614e7bccd1f48085cfef4f46d16243c0411be1551be3ab213002b9afffe3ae7d7727412a39b03b3e30", 0x2000, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffecc, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x40010)
close_range(r1, 0xffffffffffffffff, 0x0)
r7 = socket(0x80000000000000a, 0x1, 0x0)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2f, &(0x7f0000000500)={0xfffffffd, {{0xa, 0x0, 0x1, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x3, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet-setsockopt$sock_int-syz_usb_connect$hid-socket$inet6_tcp-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sendmsg-sched_setattr-syz_mount_image$fuse-read$FUSE-write$FUSE_INIT-bpf$PROG_LOAD-socket-setsockopt$sock_attach_bpf-sendmsg$nl_generic-fchmodat-openat$audio-syz_open_dev$vim2m-lsm_set_self_attr-ioctl$vim2m_VIDIOC_REQBUFS-ioctl$vim2m_VIDIOC_QBUF-ioctl$vim2m_VIDIOC_STREAMOFF-syz_fuse_handle_req-sendmsg$NFT_BATCH-close_range-socket-setsockopt$inet6_group_source_req
detailed listing:
executing program 0:
r0 = socket$inet(0x2, 0x1, 0x200)
setsockopt$sock_int(r0, 0x1, 0x48, &(0x7f0000000040)=0x3, 0x4)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[], 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000002200)={0x50, 0x0, 0x0, {0x7, 0x27, 0x2, 0x1dd880, 0x0, 0x3, 0x3, 0x3, 0x0, 0x0, 0x0, 0x5}}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4080000400000006110540000000000a6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2}, 0x48)
r5 = socket(0x10, 0x803, 0x0)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000600)=r4, 0x4)
sendmsg$nl_generic(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005200010000000000000000000a00000008000100", @ANYRES64=r4], 0x1c}}, 0x20040000)
fchmodat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
lsm_set_self_attr(0x0, &(0x7f0000002380)=ANY=[@ANYBLOB="6d00000000000000e50b00000000000020000000000e00"], 0x20, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r6, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x2, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000200)=0x2)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000009b80)="50b11747d6822c403d2e292ca265ae242f69d1baf07e8db9ad0716994717df62acbcd4ff57e3e37c7fa55330d96f3ae735f0b7879e13ac4a5b82a00649725fcdd8bc513e1c7dbb9ab9a66ea421ac231f677e50993bc669389d4c28140c0cb20fcdeb39fe8963f759220c33c901891e58ed9e9c97c473a5103ad07ebcc55d6a8a6b78f2db24fbbc39e86aa01fec234db80b009bba10bf5c95368489bac22d32fe73367dca9bf2e3dc398b18c63cb90d5d1a313cd25650ea28424882abd498005a60af451da873630495c2bd07f342d5f3de97c4ed62d454a0ca89d7c53792fb9266608d3525377e336e79cf54957c04e8abf1508e54e7b254cc730fdc8d010e5b1e4cb23464eeae445b6bf6fe6e87d5e45a06a97350386d766d695877fa1b0624de12c6c213908f2286a2363e02f4df497074a0bed6f7bc4c4cf5ba0a19c84f9021112a13daf592bec368e837d5c26870be4f1ab35f821f59bf46e3afeebcd4c1feacf28292e7069fa30dda3da246e3faaa3bb95719c69f02b76107ad47f1c526570ff628fcf705279c28b84a249ce36e927a784223d6bcdf4f9ddec51af87a6d308e6a0f4b9d01bf0c9eaba27f1a1c8637c1f42ebc2bb7dc93ba617788e140941b08935b6839b65c7486b4cd09f6a17ea526dd852c8b0242b6598dc3cc982f77c51db6e64df3335cccf419e38df41540067b106c699dfd1eb06c8debfc41d72346133d5e4cb50b5f2a19f154a8905b0c2b43bab0b11779b750362b991c88d34070286ff6ad42f30329a324877ecb1652564adda10a6064d5d5ce49f48409b2b568e059a77126c05072bdb5c38ef4791a985b24bf1d5fff34a45af5f6ee491eb922d696f0358cc35d87e97386149de0042ad067e3011fa0b4a6baa6215581a88fb67f3a113afd431ea70a92e11d81d8fb170f97953ca84260a93c2e01bc8369bc2ae4b995c0de707586bd4200723e17e1eb8128a6d5b4d59f0c34b2b7ae3229e97271c07e91b384d9e8c7846201a73a2e32b79f57cf0d4af12df342792b73810df698020280e9c5eaac577979e71a503b7860d7c6a6a98969e155aedc10c0f288778346ab5f4c7937a9c933caa4099ff25582e694af36de4da7acc4c5eda8ebbbbb70616224151c0f7a0e3d1fdcf27cb2d73416d2cb01e2be8d00685b1a7a5e7db3e48003d88993d34fa522de7089f25da6b86fad8e237a8dc3819942c59c5097664b8f88aecba45a9f9a59647dc32d78c0cc4ae728a30330c7df606ea11bc2bf16f0937a7491412656ddf8a91534cb1904573d1109f7498f146215aca96c11fa0c4122728bcf6705c8917403c425f4280b45981917e03830bc6a6d30bd46ff168ede03ba8ddb5478ace67254fe922cd4252cc8d94531b53b3bf074cb53c6ce923e29e09c4ed434e619e53d67150ee213876fda26d83cc814888b1d9471618781c9e2702363a86995088cf82ef72d47294a6cb102d617280df10a41bbace59dbafae9de4ecd669353d35c79cdbc8e2690e299f58dee2657d26907d10ab70c6941d08d1b63c6fe5eaeb2a7e4f64f2fba65f8c351e9a0d5a7443fdc901f1f48ac3871e417bc639983a5a6b4d541d321a97bda21fc41a02783f591ca3475ec51049da030c2f7291ca62cd3eb67de3ab86e180af3919edad86617f59fd17cb2c7ea33fa5dfeae37c947bb4cca26a3a02287aa5531013fd28a030c60be88624de3df16fea135cea6da3dc0192ff081ce9e4a29e7f6c204d92e90fa335308c8d6a722e253603e03d6884f5d45ced1924d2cc1e6a2d5bf1d459034de2248e7faeb7fca0cf841049a0449b24fd2ca8b8fd389437302f18946d7394775c9ba44a6602116ba9b0aea43b65af111d5766d4263e614d0719a40ad5c1757c14616d6a4413d9b1d29e49b7676b311042ae381b9240747e2a2a754c20d4f673f046083f5b742b732e83e6fb1361a0d510d72a63529be3a02bb5778c7f341e62a516a7ac3eabedc65eb3b842056bc37fe03cfe910676803dcd2b7038df80cda342d3c478158983621fc8af66a276dacb5bd187d4205a42591ec6a0b8cd2b2560b3de60cec3ff0baeef5e4baaf0b76e5a2a6b92205267a5c9fe248895e71a90b05a07a9d929d905d601a7a7036951b55e6d82bfd1dfca1c12639907147fb201864c05b7a7bfe5e26ce28c4484aecac96fd6f964cac20e0a7d552905b1c7a3c796eb93ffb49d6d29fd25206ab17222cb1f45c3c0f43398cf53ce663e42f756c962c014a42c108327852fa52378f8190fd71a7847eebb32351238d040b73b33fc899904777f31aac8911c412cab86a76e470ccfc8f7a22fe6c029e9a4145c85f28ff5c4e2e521ac77835eb99a6462d8795ba86cb383751114fbefee1c97246ae8fa005d5d9a11dd1aad36aee1ac98b57ba8cdb113297b113fd2ee54e749640cfb1eb914e379c8bb2dd967504266e265557fdc01327e00de86c950ff1255ad68f6b766dda2f0f572a18fdd0a53fb37b18d5dff10759d74b0ba96854ac184b0ffc334b85a9a8afe5e7d5bb84373fa91042dc652ee7fe1b9e86097c0029041ad4efb8f7bbf7f99990fff7a677885e01f6b8fd939daac1c9e721fc87c8140b8546b227e4476404e6ea5b6f499c2567bbb8c5cadcfbd3dc8feeca191a28b96f7c20b56f20b98e7e6a6b7d304965919e10bc658e9a641cd64a7c5e1f8b024e58a2f1b1ebae2a10a3ef9b38b9070c89def8a0b970fd75c99092382e97ead02c47025d8548dbd15c707974ed2e78a39958402558b3b983878efea864b34c7bbeb02718f396bfed5f06e9d96946e66d54ffaab14d20bf5e3783605bc6b599edeecb1ab00d7fa9673bd6129fea4d57d093117c170d8d6f4657eb96775b06ebb4d33238bf554c031b3889b270812da6f34a163fb9bbb1f16303ecae540a78c1258fc4115b674e194b3bd33d0c5874fe61bbd81091ba925fb1defd1f13ec9fdaee00e6d0ab02bd9d0d3b3c5e5a45811601384ba1a19b98ff1044810187ab82a9d90e6c62dbd0298b37754fdbee159941df70045c29b7b2deb6053b9e4a135282dac1ad194d36d347da5f65ac1d1c307292ae667bcea3a648ea3a53dc7c9175a06bf0b8536436e67147b88b99c5b181923d07bcc8935bf7ef5f4f48239cc511bb7cae0c0b7fedf14300fa7aa9ab3175785f46771a9efd6363bb7cda28e8456be480af9ac709d94c7c0d8d899e27d3fba1329334f9a145c70675a0722823eea84b399a06582aa6ae934420f80868212f71d9ce9cbd8f7ae228144dcf3bc56db013f467e1560f6aa7423f9b9f776132a0eec54cfeea66b3640e2d731be12678ed83f08615af9ffd31ff3ae0ee554a2ce96f7f2eb461e880e1aea46712876a03add6c219845a9dd4e71ea9b8f467e85d6706e019b77da5b73557723591ed61f7919a6ae48bd94ce2ae6ed6af9ecb9e41b9ca0a38c2a4d24ac971f19c294ccd19a4f8869d33ac2df588edacee203e38ecda11c5d2ac70182f12e14523487963decca94cad84dd7e027bb07edeb9b3a0cc0f774d1bbec9700e88555fd745f707cabd78c7b8e868cc89ab8e735f6c7561a14c776e5ea73b807ad6c2469e20c2cdbfbeccce7a96927ee9219962e519e61652674ce591da2bb0dd60311ad31ea16d1c6eab2f89f6b5b02639cf871b37a9a40c541e68f31293a32f2a057ac3fcfb3e16cb8edd9166aff7e65ccc490385bbcb74d0be1702032dbd2d6c7757267765b051179e43b16773b73583fce72e19830998aaa021d8593d154ec64a2295664971611f8d96a52a12e5f4d1809346729d46d5f6f25542f41c93de415f4dd4cfb2b83d1ba8cbf1086da690e7d7ac2efb84914f2fa530d13ed548c6f598322defa8eaba95b41f3135884141ba495794fe368ffd1fac1a5009ad9430e032b6ba7d04c7f34fe938fb350bff445563b5c5846214373c4f262d33b70c72d295c8c73ce907d741b86826b10c7267eb1d7ad137e5744e52fbd48a4229ee75d980e9ab08b5ac280ee4faf19d5a19a220602c957cc9d3e394cdf1a7a494b21489f54c62441fef0ff0d4cd03bb1b6cf0ac3793046224ce3ab8fe22128a07f5bfecd26cbb2ca8aa74c009591d5b2dd36bc0b1974f2fdf87e0c2f06de06ef6ed995d984ab76adff0b9ab9e08022f69a8bc9005e6c20dc77b124fe5da958f91c64a02fef3af2899153459e6796bf29419c4de7c403b2919dea2ad9ad77f53f1ee873e8c3ebfb665883f26f2bfb42cdcaa2fe59e502695d80552c176cdd6aedb3f76992d7fe881602e20978a90a5295590439fb7e255851b4580bd5a21fb9f0755c9b547ffdf12517cb82fc3ed5ad960ad94607e84e90674d5e1e8068b1597ca3b85483141c34b9bc441f89ea85867c02b6a26575fa35fa982bb9f5b00b9ba0d68a1f88038728d8494915b5c85da0f701e5da2fd54b9d8a6c13b875e33743e3c9543b3f2d5b3c62fe48d068678b8a409f116584fb786a242fb12c0a59b34490b0b339cdb84b6f19cfbf68bf27a63961f1c2769e5b481600eeb45d713921a96d398d2c20bc9e2bd4bde46a12d764045877723164c02796af30de5f371e87c98afc1863c35a2b7a1da6af640f14c3ef30a26728426ba5742bffd32e047cb19f2412a707a0734b76f063925df581bf7e994cf11f72c73f285c8352413edcd85c1bc34d1a3ec8bb2073e596129884b2a6846973da06276fa64a4a1ac5e60952c302227a22c92ac7391f02f6b950838c19dd80bf6ce9fc540f9da98e4ed12eeb205fcf10c9ddd11dca7269dd2a4d75635c5ba52be04ad46bcd5a2bbd1e08289b8921ce3f0f36bc491a2df7d03f4f085e481b0a381612ec40c983b7e3688da11bae1937ecb9741fbc03c4e6a09f6bb97388e63ae2c94c9700180c47f90c37d991ef84833a61db647f8a14f1ddc19a5164d3602c34509550f2b068b859645c33f00483a4664f583072e221468ceef4c8f44aa6b1a8137d385d19729ba2ce6add2bb34e0a4840bcedd25373379a9d0e84afa829afebb7560c9417eeb19890ab9edab88afded20febdc9b8b9bfc8f0b8c58bf19db81124ee327b4cbe6e007fc00089f1c57ced6c9df212c60ece3c79e1d15c208da510c407db8414b9742f1e163dfe79cdc4ea5234e8747a027fb306e7db71708954090c37f3297f7eda75a2cc6d2f63d1b830706048d580d515beb95cedd63193fb0436f7754ca0678c0660a7f051daebc35ebb3a2f110a75c7c76d43133787b0dfda522f6e45a6abe0a0a65f7755146f705a6adcc3bfe861555dbec4957a98f17a6d6a372701f9e638ba53b4c195589cc457637df08d65bea188c1dbd7be40a3a519fb3ac09aa711d2628738b80d94fb59fb75dbc8a766e931f461f611168da51080e69bf503e33227851bc6203e0cd1b6cc1c63f42868d5d32bab680fa323200d2f41e1264468f9980ef00f409f06edb61bd47f19bc98e36dd21f8483efba942c952fc843764ec5e1ec30f6a370703324acb147434284885bc2249fd5ac97b6cee45d297400d0fd64c0e1d3b0379d43c67e47d4e323ad6504ed0e377f13b3cd458236a7cfff1fcaffdb94b2afa0d8541e2ddd51bebe5bb35e3566e4240a2f5bab3048b78e2eaea40406989c2e338756d199a8234d28c810790afe1bb2d3a0c98b60a54f38810a041e6365d7601eac573089941680313ff1c667f95c0319a052c4ea6a4fceca111d920a1672e785d778805e9e0af6d46f8db261de30ac30f3cfee13380cebe0a3aed23e2c3b8800ab00ef825c4b1b7f28e51fe92f6d3b03ae291607616d56a491213f3777ef581436d7964c8782640865bf767703c9038b45c895c9991cdc232f24963c3cecb0373dc4ec6d421daa96e986507efac5964b9a102edc02bddb6b314610ec6dc36a8e379593efd31ae32cba80c65579b76fa1c54554eb6c7a503fd21b6584bd1eb160d920aab21038ca95fdee0779cd761ec02e7d64e225a8e5c377dfe27c4ba4e2adc7f4460d65213c08312e671afe740daebceb5fedd1ab4ccca792862bd76b4b26a568fa0bc0ee14b9661fb2d7b043bd91b2975b677119532098bbf8271fe9adee0573b170149950c93fe8e50f5d39aa7f36a742e28e0c509d70403e58b14585c0a0741a48effbccc441f90c9102c1b61102156e59b9734d1565519f63ade10283906280898551facc5332b9f1034fad98b7dbe18187482d0b2a48120dafbbd698869fb40ba561b4330c5118f8225e033dec5e45c30937219dc9110b7c452af3932d40ec3b4ff6d644410461cc547d669dbe44c4e5d1095f5c26429fc664ca56769f7b51396a7636e9234fed751940fe6c0505c5da8a63af095befca386060e68f03432a162978eb7a4bc392070c21517a5496d8a336d9220cf595ef58eeaeab9af28369a7b2c4ceea21bc8f9463467f0ee3faeb30b390dd348465fb578a6fe485e5d0b528c92fc7bee3f6e16f1b43f3cd39b0a40a37a2c80f7d43ff8d9b8b6d31c60840fb05cb3518bdf95b2c747419368a3bd4bf88288cc6d8606c626862e0526832af026039b47d072bc998bfa10aa2e6555cfac9441c0bd9f54cc063fac57501483a8f9c7e2c8c98ecb9f04e5bfcda5864b2fc18814267e1ee9f4523aa5eae3edbd0a21e14b64a72e8fa2ad9702ea1cc33584da8a69b6765704be9abac81ad6544814c683511c50b9cb9a38f78459c3f2544ea5646a9560db98c2a61c9883c20f16317f834fa989fbc5ec50e06bc80af322f2cd3f4d42cc05cbfffda76af890ff886bbbe1a05ec9dcbfb69005e5070d0577ed62212f4a10587313ca324b7583f9ead0b697e26db128bdfc8cd993003035ab2eac1aee33f8ec6633d03fde1cbb18fce193b63aaf92de45eedf1a93a2a1d25e612965297dcbb34252287cf9ace9f7447a59dacd1e2e69b382cb625f492f9c39a101bc36a4d390f42d9826d9f002697d561842a1d5be4cef4a9fa0e6a0c2c542ab88bfd1bacdcc7457b45d41cad4e72bda2f7d5459460ee7f9206d9cb50c3ad358a155b3a1b9c024c981bdbf3bf045cbcdd9f9362feaa1f715f294945497956c6189495303c0d2daa695f5600cc3bf330ea4c1a79b5b726a1ae7864f7748a76b47c5f19c2c3a99b2893eff199d9d18b7d7f23ba3925212219047d31145dcdc4de57b51d762c3f3d82602366c4fffc3180e94c58fc17e0e30c5a7da180cc5df579376f088782baecc44029b42843562d60dc53bd293f0320dd7f5e557846529a22f4e26d70a09f1d3d4d9cad342cbd86cda8d7554cb9993ad8887906de8eb98aa4fb367ad16648d1e2c29c9abbea63aeec634fd3825e442a7e5e1d762ac8b0daa20d045c298a9fe44c8025673030146d4f3083b115c99637e3b9ef6f0a96d9232235cb74ac1df4cd50e804e73c239372afa5c3d9d8314765ab0c49168eda1451478611bb9f4ce3f6efe549fece5691b3d66286b111c918b71de8b55c306930feef596b9e725b94467bd558d71336505b18d291055435ac93c5f2141e93661d29c91615bf21ae957d1bc4b10ede79a25f11469cc6d271c8f8d111e87902f425412be72ff5bf09d17d0d7e1405ddb1cdc10d616c6991173f09a1c246d644c785855a44d137d9e98bb320a7f60dee883ed945e11ee84a0e6c9a764d9bfd2e14742c6cefbbdc064240ca778bad305f0e2d66961e696d45f3f2289ab06bdcadbf352699be0233131114b767725c0f31ec588ee3dd60af55576efec24e295f915d560a7fe5832b9dc10dcb6a6b898a2daa1b20c8cfe2ad6782a93cea070e098a25f72d92cb793e1701308a3f2d69d826a571e9c2dba02f17840bd890e9f3b40aeabacc6c625fa25dfe805e3253bcc1f98eebee91e73eb132e33a13e882bf2427e6d385e53e2dcb20f037e93be1de07cda7b2d9f768a988bdcbbe16dc350e064857c06867a5ebccf2ef9f63522077f9353ef7562b77f199ab6630732b85e30b7a6838823d5c8b2f2d4aa257ad91c3d0b01652f2f47dff1a5d0b1ba4c79de90a6bbc4d1d30fafe8514793bff0aa9a450ed1a560505a948b7e3e7255d14f52d3e0cacf3a69e0526e0eff0d0b668c474841ff3eca5f2fd7b3b621631f236b5d7c44584868b73c64ae15ff464ac3c6eeb6d7c4ee423a3573acfd5270be643e3625818e734c01c0f4ac403b0649c0f8691b9e3fdd4d390d2aefb8c6b2bbee85c9394a0e78013f6d737d9b9a7784868b64133e41f47f9fcf013656bf426741811b2c768d2a21e246d6bdadf37a09b0bed69eb47bb69832bb908060c6855e2f584f85ce1d2090a60192448c5a1b2adfc2633cc6cea0ba6dafe570d961ba6bd5c178ca862762de6bf970673f54fbcac58745d0631cab35154ce61ef54c9de7859b1a06746dd402c090a3d10b8f2882769889cc7840e1b5e63cdc1d0f6dd720d00e312a755025b71ec25aef7c1c56432cb38fb0affca7e01080a6ec7f81f0a8278afaab95ba58936eac4255514fdd9529a2cc3c64c846dcc6c82be84efbc9eeae9d85c1981f06b41136f23411225f17361f123c156464dcade756c80b7f5d90f4c6b534f7929146e91a305b20ca1128321345bd580f96663f167868d2128a63a869215e2913a19c7ef801bb13679bf90efa1abd06183f37aee170ad36d88649a9219f6f4113ee8fc5e94e72f074ce295006f6d2f0253cbcbe610383bdcc17a4387ffda3ea717a678092a90b4fc2669d90108e976274e64cfcdee5839573f63952f079874ed1540a89f729982df9cb31a5a27c96e1f09b73794b282eadc7719546c778ee51f547682f44f9ac4b09640c43d78dc57e64c6886e9ddcf4a6df2388fb8ae346563284cab5d93298c02aa76b8144c806adfae987db4e9ee826030a2a0f083272f8299a1aec76b17d30e2bab99848e393933e7f570fa5c171728377316689f2f207e59ecebcff5665c8198bc41d3c0ff734365df176c1cde67d84e93494908f8a16a0784da3a3c48d67185c4e2a9720f8221856dcd2f2a4ff0d8325003745209c4c796440f8a28db1e83d214641123d3daf1e61279cefd90739a32fbdaf1a4041e068277b2a31de9f1e34519e309d923be5dff1193782c900cb9229a81fac3c05258d95c992d39c9277107ca6f8298e2e03046a87c51978895fb357fa8af5284ab4018141740b90b588c9f15057aa033ebcf2afb41715b4d30d057439cebba113ece1433182df041b48a1a9e90f405a4763026899179bf728e45e122c069b4a3c7381fcaa187e1fa9784e8581c298d4aab3d9df8057c893c0ea07028bc8c97359e4b8f59d1969953d8dc9c7a3e4f63aa2efaec5af4e62ecd6e6b8c1b34e17e7a4b18ccacb9eb9171f365b1a13d761cdf3525c7d3e16ce8c128931060aebaf59b81828cd6813c426b5216d9a5b1f49813500b05512284f6a993146ce160df74634d041654b41cd4bfad14acc62d0f4d7995176ce6791a29ab1b2a898fa0751fbbc4f877c6f11383edc67678b37a23a6a431d64c443aa0380d36afd5925c79799d042f2932f70148c69fd2ddda80180c71870f1be3fa2788f4d82a06e29d0544deeb0365a3047c121049574a3054a5c530488d22d3f106763998e3edbfcd989c8a919b70df19141342522af8fb8cf83322c2d0ef575f640adcd70e9e4cc483b8726a0fa420ec55075dfca4f144662558ef1bdaa41643af55e3b1db151c22ec83c90d574797a8881faac018e2342f7161d959f9b13a5193ca13d224085291b0ad4c51cec776ab5c74bbdf544ea9f53cf43ecf69780dc0dd5369939989e01e5113c881b9f7f12117fb433b2bc0aeb521cee7a6a2d32db0d0fb4c87eba7f61f35f7eed39c9c3720a562f02ca0ef7c292274a1dd4a5644e61b6374c5f8d67c27cc2d6b6bc81a5bce637b569118c449b3805d548eea41a301e491bc50c2deb8cc241c2a781976ce8708118ad82d33f9fc6639033cea15091b311c2ec96be1cc2b1866179911d9cc012adfadaaa0ae5d42568b8ccae833ed30b0aca93d87aaa1aadf7cde62dae506a8186f63696623a3c764c7a43184faf5a24792382e53f89e30204697bd201dcc4443f11a6ddc79a610389109f933d0e911680a9df0a14ba2add425391169c452b2439e51a8ca7c147c2efb5879ffb6dce33498836c5f8cfb268c62827a4ec349946a313c362003c82f71fb42b37e04ecd74fe559aeb737059033ac19f0735f9d094242eea2399cd57c2c053d14ab708d9419769b833d119e271ebe06246a10e7713876c59b9fae9860cfef8d7671293ce0c50d1e6afdfa351927e3aa68a54f05cfd6943ec10d98fbb8199da131e50fefe8b0b32ca561ace46f0c21fdfba4b1162caf1ed2a5322f6bffc1bc97fdd556146c4938165d8032fad6bbf38fbbe42b2afe79873c8c1b622ab9a750f3dd7ecedf3e310d478d7058c0a90c33a2a7a7380f61b457db9f68844d3405608f14e0040ed2ba8d99fe5b8c373ebcc322957a02e9fd24ba5cc8e9acc8aad0f6e80a00b113c6cd20656037074098249155581e10a321fa8285286da3e3108f7b8e6d2e6506f8fa4df3075b3c36b4a33b0899fb05bd74f6faa57280fb6686f20cf613a1ada130d3661502aa9c2e861968670bec121bda18d555efc1d706cb2b5d7d6fac67e1c4c4920a5f257fbce9848861377e624a54dc08383a3bacaf66e81f9a5d3bd30fd6bb132c2a7903a821b008714dce1c20954ba0dfcd94ddd606e3bdff3851e9a7219023d4db7bbe57382d3d286008312477e79fc92f21c9f67b24108279fd972d1f9035d80f6ac42e4ed5d1d91d544d55e74fbbd564b16a4536d20f609cbcb043307de321478134bf65aa1cf990feac1539b268283aaca8ce9dca398e0ad96733aaa9cdf7e4639b47a817bf69c2ff07692c262099db93dacea55fc8c2ea5313b2fac432a0e9110bd413672738be7afaa95afa04bbcf70f14c7f45ad344c6ad417257f94eb56be33a93aac3b2e6fd8046ff4cf250eef8ecf084d8161e266b2c90540729c41a56ccd0d933dadd7cc32e60c4bf600d82a62fd9f2ee4c74bef4c6b499a3a35b6ff71413cd30302001dacd8dc4219a9c565b75e7fd436ed1d1cbe5bb03a1bd7340cdf2304f4c4e9e25949396adfa855bf647a142f1717bab399993511e984f60ac71956e32e6ece7927b8f35703b3df06e598568c37ec7703be1d4436069a7c614711a5d95158c00b154dc2dcf24f50886366ed347112420adef713185e71c8b5b87d978f8a8149e572260465bd21d65a03468e44fef91b9ce891ce359a396dae0a345483dad902707a1252757752afc2197d6e3fd973e63c18c289cd63d88403175bb83ff9327842be4f54d14bdfcc5dd4f376de8a3194452f20ebcb3d15349545e6cf573ceed6b9f08765eaffc2f7b4af494fed9d0ecc0af63149eef699e9082356a9a24269fd6136f4f9d03094efb847fad7c83ee00915b1bb4e09bfb83ebc6ff1e5d4894c9de9092eda25c90f61c705e3e5fe204242598ec13afe2f71a2b4d4e426fdb3af88f221fbe399fdf1cd304663c8bdcb3e091bb4fab8da1226dff97ff940883c405db4d1da3dd981b77a39f614e7bccd1f48085cfef4f46d16243c0411be1551be3ab213002b9afffe3ae7d7727412a39b03b3e30", 0x2000, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffecc, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x40010)
close_range(r1, 0xffffffffffffffff, 0x0)
r7 = socket(0x80000000000000a, 0x1, 0x0)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2f, &(0x7f0000000500)={0xfffffffd, {{0xa, 0x0, 0x1, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x3, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-socketpair$tipc-recvmmsg-socketpair$unix-connect$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-syz_open_dev$video-syz_open_dev$loop-ioctl$BLKTRACESETUP-socket$packet-socket$packet-ioctl$ifreq_SIOCGIFINDEX_vcan-sendto$packet-ioctl$BLKTRACESTART-ioctl$BLKTRACETEARDOWN-setsockopt$IP_VS_SO_SET_ADD-openat$misdntimer-openat$nullb-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-sendfile-read$FUSE-rt_sigqueueinfo-socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e40), 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0x609cea4e, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000000)={'\x00', 0x81, 0x101, 0x2, 0x4ddf, 0x1})
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000080)="18", 0x48, 0x0, &(0x7f00000000c0)={0x11, 0xd, r4, 0x1, 0x0, 0x6, @random="42b106616fdb"}, 0x14)
ioctl$BLKTRACESTART(r1, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000200)={0x2b, @private, 0x0, 0x1, 'wlc\x00', 0x37, 0xfffffffb, 0x14}, 0x2c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0xa0000, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
sendfile(r5, r5, 0x0, 0x2000fb)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x3a, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare-syz_usb_connect$hid-syz_open_dev$sndmidi-dup-write$6lowpan_enable-syz_io_uring_setup-epoll_create1-syz_open_dev$sg-fcntl$dupfd-write$sndseq-read$snapshot-ioctl$SG_GET_NUM_WAITING-pipe2$9p-write$P9_RREADDIR-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-write$FUSE_NOTIFY_RETRIEVE-io_uring_enter
detailed listing:
executing program 0:
unshare(0x2040400)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000140)=ANY=[], 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x86d, &(0x7f00000000c0)={0x0, 0x4d15, 0x400, 0x4, 0xc1}, &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
epoll_create1(0x80000)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = fcntl$dupfd(r5, 0x0, r5)
write$sndseq(r6, &(0x7f00000005c0)=[{0x3, 0x4, 0x5, 0x1, @tick, {0x1, 0x10}, {0x4, 0x10}, @raw32={[0x4, 0x1, 0x81]}}, {0x2, 0x7, 0x7f, 0x1, @time={0x40, 0xe69}, {0xe}, {0x7, 0x9}, @ext={0x0, 0x0}}], 0x38)
read$snapshot(r6, 0x0, 0xffffffbf)
ioctl$SG_GET_NUM_WAITING(r6, 0x227d, &(0x7f0000000140))
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RREADDIR(r7, &(0x7f0000000640)={0xb, 0x29, 0x2, {0xf}}, 0xfffffc95)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r1, 0x0, 0x0, 0x0, 0x80000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f0000000180)={0x30, 0x5, 0x0, {0x0, 0x6, 0x4, 0x40}}, 0x30)
io_uring_enter(r2, 0x47f5, 0x0, 0x0, 0x0, 0x0)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): unshare-syz_usb_connect$hid-syz_open_dev$sndmidi-dup-write$6lowpan_enable-syz_io_uring_setup-epoll_create1-syz_open_dev$sg-fcntl$dupfd-write$sndseq-read$snapshot-ioctl$SG_GET_NUM_WAITING-pipe2$9p-write$P9_RREADDIR-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-write$FUSE_NOTIFY_RETRIEVE-io_uring_enter
detailed listing:
executing program 0:
unshare(0x2040400)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000140)=ANY=[], 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x86d, &(0x7f00000000c0)={0x0, 0x4d15, 0x400, 0x4, 0xc1}, &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
epoll_create1(0x80000)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r6 = fcntl$dupfd(r5, 0x0, r5)
write$sndseq(r6, &(0x7f00000005c0)=[{0x3, 0x4, 0x5, 0x1, @tick, {0x1, 0x10}, {0x4, 0x10}, @raw32={[0x4, 0x1, 0x81]}}, {0x2, 0x7, 0x7f, 0x1, @time={0x40, 0xe69}, {0xe}, {0x7, 0x9}, @ext={0x0, 0x0}}], 0x38)
read$snapshot(r6, 0x0, 0xffffffbf)
ioctl$SG_GET_NUM_WAITING(r6, 0x227d, &(0x7f0000000140))
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RREADDIR(r7, &(0x7f0000000640)={0xb, 0x29, 0x2, {0xf}}, 0xfffffc95)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r1, 0x0, 0x0, 0x0, 0x80000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f0000000180)={0x30, 0x5, 0x0, {0x0, 0x6, 0x4, 0x40}}, 0x30)
io_uring_enter(r2, 0x47f5, 0x0, 0x0, 0x0, 0x0)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-socketpair$tipc-recvmmsg-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-syz_open_dev$video-syz_open_dev$loop-ioctl$BLKTRACESETUP-socket$packet-ioctl$ifreq_SIOCGIFINDEX_vcan-sendto$packet-ioctl$BLKTRACESTART-ioctl$BLKTRACETEARDOWN-setsockopt$IP_VS_SO_SET_ADD-openat$misdntimer-openat$nullb-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-sendfile-read$FUSE-rt_sigqueueinfo-socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e40), 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0x609cea4e, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000000)={'\x00', 0x81, 0x101, 0x2, 0x4ddf, 0x1})
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000080)="18", 0x48, 0x0, &(0x7f00000000c0)={0x11, 0xd, r4, 0x1, 0x0, 0x6, @random="42b106616fdb"}, 0x14)
ioctl$BLKTRACESTART(r2, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000200)={0x2b, @private, 0x0, 0x1, 'wlc\x00', 0x37, 0xfffffffb, 0x14}, 0x2c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0xa0000, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
sendfile(r5, r5, 0x0, 0x2000fb)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x3a, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-socketpair$tipc-recvmmsg-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-syz_open_dev$video-syz_open_dev$loop-ioctl$BLKTRACESETUP-socket$packet-ioctl$ifreq_SIOCGIFINDEX_vcan-sendto$packet-ioctl$BLKTRACESTART-ioctl$BLKTRACETEARDOWN-setsockopt$IP_VS_SO_SET_ADD-openat$misdntimer-openat$nullb-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-sendfile-read$FUSE-rt_sigqueueinfo-socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e40), 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0x609cea4e, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000000)={'\x00', 0x81, 0x101, 0x2, 0x4ddf, 0x1})
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000080)="18", 0x48, 0x0, &(0x7f00000000c0)={0x11, 0xd, r4, 0x1, 0x0, 0x6, @random="42b106616fdb"}, 0x14)
ioctl$BLKTRACESTART(r2, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000200)={0x2b, @private, 0x0, 0x1, 'wlc\x00', 0x37, 0xfffffffb, 0x14}, 0x2c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0xa0000, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
sendfile(r5, r5, 0x0, 0x2000fb)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x3a, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-socketpair$tipc-recvmmsg-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-syz_open_dev$video-syz_open_dev$loop-ioctl$BLKTRACESETUP-socket$packet-socket$packet-ioctl$ifreq_SIOCGIFINDEX_vcan-ioctl$BLKTRACESTART-ioctl$BLKTRACETEARDOWN-setsockopt$IP_VS_SO_SET_ADD-openat$misdntimer-openat$nullb-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-sendfile-read$FUSE-rt_sigqueueinfo-socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e40), 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0x609cea4e, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000000)={'\x00', 0x81, 0x101, 0x2, 0x4ddf, 0x1})
r3 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000180)={'vcan0\x00'})
ioctl$BLKTRACESTART(r2, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000200)={0x2b, @private, 0x0, 0x1, 'wlc\x00', 0x37, 0xfffffffb, 0x14}, 0x2c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0xa0000, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
sendfile(r4, r4, 0x0, 0x2000fb)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x3a, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-socketpair$tipc-recvmmsg-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-syz_open_dev$video-syz_open_dev$loop-ioctl$BLKTRACESETUP-socket$packet-socket$packet-ioctl$ifreq_SIOCGIFINDEX_vcan-ioctl$BLKTRACESTART-ioctl$BLKTRACETEARDOWN-setsockopt$IP_VS_SO_SET_ADD-openat$misdntimer-openat$nullb-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-sendfile-read$FUSE-rt_sigqueueinfo-socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e40), 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0x609cea4e, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000000)={'\x00', 0x81, 0x101, 0x2, 0x4ddf, 0x1})
r3 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000180)={'vcan0\x00'})
ioctl$BLKTRACESTART(r2, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000200)={0x2b, @private, 0x0, 0x1, 'wlc\x00', 0x37, 0xfffffffb, 0x14}, 0x2c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0xa0000, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
sendfile(r4, r4, 0x0, 0x2000fb)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x3a, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-recvmmsg-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-socket$can_j1939-setsockopt$SO_J1939_ERRQUEUE-syz_open_dev$video-syz_open_dev$loop-ioctl$BLKTRACESETUP-ioctl$BLKTRACESTART-ioctl$BLKTRACETEARDOWN-setsockopt$IP_VS_SO_SET_ADD-openat$misdntimer-openat$nullb-openat$kvm-linkat-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-sendfile-read$FUSE-rt_sigqueueinfo-socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-ptrace$getsig-setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e40), 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_ERRQUEUE(r2, 0x6b, 0x4, 0x0, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x3, 0x1, 0x4ddf, 0x1})
ioctl$BLKTRACESTART(r3, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000000)={0x1, @private, 0x0, 0x0, 'sed\x00', 0xa, 0xfffffffb, 0x14}, 0x2c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0xa0000, 0x0)
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x2800)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
sendfile(r4, r4, 0x0, 0x2000fb)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x3a, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
ptrace$getsig(0x4202, 0x0, 0x5, &(0x7f00000011c0))
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)=0x80, 0x4)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-recvmmsg-socketpair$unix-sendmmsg$unix-prctl$PR_SCHED_CORE-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-recvmmsg-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-socket$can_j1939-setsockopt$SO_J1939_ERRQUEUE-syz_open_dev$video-syz_open_dev$loop-ioctl$BLKTRACESETUP-ioctl$BLKTRACESTART-ioctl$BLKTRACETEARDOWN-setsockopt$IP_VS_SO_SET_ADD-openat$misdntimer-openat$nullb-openat$kvm-linkat-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-sendfile-read$FUSE-rt_sigqueueinfo-socket$inet6_sctp-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-ptrace$getsig-setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e40), 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_ERRQUEUE(r2, 0x6b, 0x4, 0x0, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x3, 0x1, 0x4ddf, 0x1})
ioctl$BLKTRACESTART(r3, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000000)={0x1, @private, 0x0, 0x0, 'sed\x00', 0xa, 0xfffffffb, 0x14}, 0x2c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0xa0000, 0x0)
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x2800)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
sendfile(r4, r4, 0x0, 0x2000fb)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x3a, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
ptrace$getsig(0x4202, 0x0, 0x5, &(0x7f00000011c0))
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)=0x80, 0x4)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-recvmmsg-socketpair$unix-sendmmsg$unix-prctl$PR_SCHED_CORE-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in blk_trace_setup
single: successfully extracted reproducer
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-recvmmsg-socketpair$unix-sendmmsg$unix-prctl$PR_SCHED_CORE-syz_open_dev$loop
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-recvmmsg-socketpair$unix-sendmmsg$unix-prctl$PR_SCHED_CORE-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-recvmmsg-socketpair$unix-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: SYZFAIL: failed to recv rpc
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-recvmmsg-socketpair$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in blk_trace_setup
suppressed program crash: INFO: task hung in blk_trace_setup
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-recvmmsg-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: SYZFAIL: failed to recv rpc
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in corrupted
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in blk_trace_setup
suppressed program crash: INFO: task hung in blk_trace_setup
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(0x0, 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: SYZFAIL: failed to recv rpc
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in blk_trace_setup
suppressed program crash: INFO: task hung in blk_trace_setup
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in blk_trace_setup
suppressed program crash: INFO: task hung in blk_trace_setup
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: SYZFAIL: failed to recv rpc
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in blk_trace_setup
suppressed program crash: INFO: task hung in blk_trace_setup
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: SYZFAIL: failed to recv rpc
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in blk_trace_setup
suppressed program crash: INFO: task hung in blk_trace_setup
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in blk_trace_setup
suppressed program crash: INFO: task hung in blk_trace_setup
validation run: crashed=false
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$tipc-sendmmsg$unix-syz_open_dev$loop-ioctl$BLKTRACESETUP
detailed listing:
executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x4, 0x1fff, 0x80000, 0x4ddf, 0x1})

program crashed: INFO: task hung in blk_trace_setup
validation run: crashed=true
reproducing took 3h6m23.35694889s
repro crashed as (corrupted=false):
INFO: task syz.2.19:6099 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D stack:27072 pid:6099  tgid:6099  ppid:5970   task_flags:0x480040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x1585/0x5340 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7004
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
 blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 blk_debugfs_lock block/blk.h:752 [inline]
 blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
 blk_trace_ioctl+0x37f/0x920 kernel/trace/blktrace.c:938
 blkdev_ioctl+0x4c1/0x740 block/ioctl.c:793
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feab999c799
RSP: 002b:00007feab9d3fae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007feab9c15fa0 RCX: 00007feab999c799
RDX: 0000200000000000 RSI: 00000000c0481273 RDI: 0000000000000003
RBP: 00007feab9a32bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007feab9c15fac R14: 00007feab9c15fa0 R15: 00007feab9c15fa0
 </TASK>
INFO: task syz.0.17:6101 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:27072 pid:6101  tgid:6101  ppid:5957   task_flags:0x480040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x1585/0x5340 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7004
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
 blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 blk_debugfs_lock block/blk.h:752 [inline]
 blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
 blk_trace_ioctl+0x37f/0x920 kernel/trace/blktrace.c:938
 blkdev_ioctl+0x4c1/0x740 block/ioctl.c:793
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe7b7d9c799
RSP: 002b:00007fe7b813fae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe7b8015fa0 RCX: 00007fe7b7d9c799
RDX: 0000200000000000 RSI: 00000000c0481273 RDI: 0000000000000003
RBP: 00007fe7b7e32bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe7b8015fac R14: 00007fe7b8015fa0 R15: 00007fe7b8015fa0
 </TASK>
INFO: task syz.1.18:6102 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18        state:D stack:27072 pid:6102  tgid:6102  ppid:5962   task_flags:0x480040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x1585/0x5340 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7004
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
 blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 blk_debugfs_lock block/blk.h:752 [inline]
 blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
 blk_trace_ioctl+0x37f/0x920 kernel/trace/blktrace.c:938
 blkdev_ioctl+0x4c1/0x740 block/ioctl.c:793
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcf5f99c799
RSP: 002b:00007fcf5fd3fae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fcf5fc15fa0 RCX: 00007fcf5f99c799
RDX: 0000200000000000 RSI: 00000000c0481273 RDI: 0000000000000003
RBP: 00007fcf5fa32bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fcf5fc15fac R14: 00007fcf5fc15fa0 R15: 00007fcf5fc15fa0
 </TASK>

Showing all locks held in the system:
2 locks held by kthreadd/2:
 #0: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4421 [inline]
 #0: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xbd/0x310 mm/page_alloc.c:4446
 #1: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834 [inline]
 #1: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #1: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1416 [inline]
 #1: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xc0c/0x1f80 mm/zswap.c:1527
2 locks held by kworker/u8:1/13:
 #0: ffff88813fe4c948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff88813fe4c948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc90000127c40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc90000127c40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
1 lock held by khungtaskd/31:
 #0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by oom_reaper/32:
5 locks held by kworker/u9:0/51:
 #0: ffff888035b4a948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff888035b4a948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc90000bb7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc90000bb7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff88805ba30ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff88805ba300c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340 net/bluetooth/hci_conn.c:1342
4 locks held by kworker/u8:5/83:
 #0: ffff88813fe4b148 ((wq_completion)kvfree_rcu_reclaim){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff88813fe4b148 ((wq_completion)kvfree_rcu_reclaim){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc900025bfc40 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc900025bfc40 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4421 [inline]
 #2: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xbd/0x310 mm/page_alloc.c:4446
 #3: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834 [inline]
 #3: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #3: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1416 [inline]
 #3: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xc0c/0x1f80 mm/zswap.c:1527
3 locks held by kworker/u9:1/5146:
 #0: ffff8881f5236148 ((wq_completion)hci8){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff8881f5236148 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: 
ffffc9000feb7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
ffffc9000feb7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8881f2a9cec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
3 locks held by udevd/5195:
 #0: ffff888023990580 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1093 [inline]
 #0: ffff888023990580 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_fault+0x97c/0x1320 mm/filemap.c:3556
 #1: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4421 [inline]
 #1: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xbd/0x310 mm/page_alloc.c:4446
 #2: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834 [inline]
 #2: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1416 [inline]
 #2: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xc0c/0x1f80 mm/zswap.c:1527
1 lock held by dhcpcd/5489:
2 locks held by getty/5586:
 #0: ffff88803693a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000331e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
1 lock held by syz-execprog/5848:
3 locks held by syz-executor/5853:
 #0: ffff88807e966f08 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1093 [inline]
 #0: ffff88807e966f08 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_fault+0x97c/0x1320 mm/filemap.c:3556
 #1: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4421 [inline]
 #1: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xbd/0x310 mm/page_alloc.c:4446
 #2: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:647
5 locks held by kworker/u9:3/5959:
 #0: ffff88802ae3c948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff88802ae3c948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc90003cc7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc90003cc7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff88805a1e8ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff88805a1e80c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
 #4: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770 kernel/rcu/tree_exp.h:961
7 locks held by kworker/u9:4/5964:
 #0: ffff888079ce3148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff888079ce3148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc90004137c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc90004137c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff88805a48cec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff88805a48c0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340 net/bluetooth/hci_conn.c:1342
 #5: ffff888075fab2f8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5c0 net/bluetooth/l2cap_core.c:1755
 #6: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #6: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 kernel/rcu/tree_exp.h:961
5 locks held by kworker/u9:5/5966:
 #0: ffff8881f5234148 ((wq_completion)hci9){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff8881f5234148 ((wq_completion)hci9){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc900036b7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc900036b7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8881f2aa0ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff8881f2aa00c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340 net/bluetooth/hci_conn.c:1342
2 locks held by syz.4.21/6098:
1 lock held by syz.2.19/6099:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.0.17/6101:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.1.18/6102:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.6.22/6132:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.9.25/6185:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.8.24/6186:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.7.23/6189:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.3.26/6190:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.5.27/6211:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.2.30/6260:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.4.31/6273:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.1.29/6274:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.0.28/6275:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.6.32/6294:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.7.33/6337:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.8.34/6363:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.3.36/6364:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.9.35/6365:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.5.37/6381:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.2.38/6397:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
3 locks held by syz-executor/6435:
1 lock held by syz.1.39/6454:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz-executor/6457:
 #0: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
1 lock held by dhcpcd/6469:
 #0: ffff8881ea850260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881ea850260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
1 lock held by dhcpcd/6470:
 #0: ffff8881f75fa260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881f75fa260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
1 lock held by dhcpcd/6471:
 #0: ffff8881fd44c260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881fd44c260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
5 locks held by kworker/u9:6/6472:
 #0: ffff8881f4d95148 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff8881f4d95148 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc900053afc40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc900053afc40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8881f32e4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff8881f32e40c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340 net/bluetooth/hci_conn.c:1342
4 locks held by kworker/u9:7/6475:
 #0: ffff8880282f0148 ((wq_completion)hci27#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff8880282f0148 ((wq_completion)hci27#2){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc900053efc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc900053efc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8881ab6400c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x950 net/bluetooth/hci_event.c:3720
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x54c/0x950 net/bluetooth/hci_event.c:3754
1 lock held by dhcpcd/6476:
 #0: ffff8881fd44e260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881fd44e260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
1 lock held by dhcpcd/6478:
 #0: ffff8881f75fc260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881f75fc260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
1 lock held by dhcpcd/6480:
 #0: ffff8881d37ce260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881d37ce260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
4 locks held by kworker/u9:11/6488:
 #0: ffff888091fbb948 ((wq_completion)hci28#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff888091fbb948 ((wq_completion)hci28#2){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc9000546fc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc9000546fc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8882293880c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x950 net/bluetooth/hci_event.c:3720
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x54c/0x950 net/bluetooth/hci_event.c:3754
4 locks held by kworker/u9:12/6489:
 #0: ffff88806aa99948 ((wq_completion)hci26#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff88806aa99948 ((wq_completion)hci26#2){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc9000547fc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc9000547fc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff88822938c0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x950 net/bluetooth/hci_event.c:3720
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x54c/0x950 net/bluetooth/hci_event.c:3754
2 locks held by syz-executor/6490:
 #0: ffffffff9011c650 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff9011c650 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff9011c650 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
2 locks held by syz-executor/6491:
 #0: ffffffff9011cbf8 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff9011cbf8 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff9011cbf8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
1 lock held by syz-executor/6492:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xfd9/0x1030 kernel/hung_task.c:515
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6457 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:rcu_preempt_read_exit kernel/rcu/tree_plugin.h:396 [inline]
RIP: 0010:__rcu_read_unlock+0x32/0xe0 kernel/rcu/tree_plugin.h:435
Code: 41 55 41 54 53 49 bf 00 00 00 00 00 fc ff df 65 48 8b 3d b9 67 70 11 48 8d 9f 84 04 00 00 49 89 dc 49 c1 ec 03 43 0f b6 04 3c <84> c0 75 4f ff 0b 75 1d 4c 8d b7 88 04 00 00 4c 89 f0 48 c1 e8 03
RSP: 0018:ffffc90000007748 EFLAGS: 00000803
RAX: 0000000000000000 RBX: ffff88815e0322c4 RCX: 0000000000000102
RDX: 0000000000000004 RSI: ffffffff8e162f46 RDI: ffff88815e031e40
RBP: dffffc0000000000 R08: ffffc900052ffcb0 R09: 0000000000000000
R10: ffffc90000007898 R11: fffff52000000f15 R12: 1ffff1102bc06458
R13: ffffc900052f8000 R14: ffffc90000007848 R15: dffffc0000000000
FS:  000055556044c500(0000) GS:ffff888125464000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbb6e80a358 CR3: 0000000209c7e000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rcu_read_unlock include/linux/rcupdate.h:883 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1193 [inline]
 unwind_next_frame+0x1aaf/0x23c0 arch/x86/kernel/unwind_orc.c:695
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:57
 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:556
 insert_work+0x3d/0x330 kernel/workqueue.c:2199
 __queue_work+0xd03/0x1020 kernel/workqueue.c:2354
 call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1794 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x67e/0x8b0 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404

final repro crashed as (corrupted=false):
INFO: task syz.2.19:6099 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.19        state:D stack:27072 pid:6099  tgid:6099  ppid:5970   task_flags:0x480040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x1585/0x5340 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7004
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
 blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 blk_debugfs_lock block/blk.h:752 [inline]
 blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
 blk_trace_ioctl+0x37f/0x920 kernel/trace/blktrace.c:938
 blkdev_ioctl+0x4c1/0x740 block/ioctl.c:793
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feab999c799
RSP: 002b:00007feab9d3fae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007feab9c15fa0 RCX: 00007feab999c799
RDX: 0000200000000000 RSI: 00000000c0481273 RDI: 0000000000000003
RBP: 00007feab9a32bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007feab9c15fac R14: 00007feab9c15fa0 R15: 00007feab9c15fa0
 </TASK>
INFO: task syz.0.17:6101 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.17        state:D stack:27072 pid:6101  tgid:6101  ppid:5957   task_flags:0x480040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x1585/0x5340 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7004
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
 blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 blk_debugfs_lock block/blk.h:752 [inline]
 blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
 blk_trace_ioctl+0x37f/0x920 kernel/trace/blktrace.c:938
 blkdev_ioctl+0x4c1/0x740 block/ioctl.c:793
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe7b7d9c799
RSP: 002b:00007fe7b813fae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe7b8015fa0 RCX: 00007fe7b7d9c799
RDX: 0000200000000000 RSI: 00000000c0481273 RDI: 0000000000000003
RBP: 00007fe7b7e32bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fe7b8015fac R14: 00007fe7b8015fa0 R15: 00007fe7b8015fa0
 </TASK>
INFO: task syz.1.18:6102 blocked for more than 147 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.1.18        state:D stack:27072 pid:6102  tgid:6102  ppid:5962   task_flags:0x480040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0x1585/0x5340 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7004
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7061
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0x7fe/0x1300 kernel/locking/mutex.c:776
 blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 blk_debugfs_lock block/blk.h:752 [inline]
 blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
 blk_trace_ioctl+0x37f/0x920 kernel/trace/blktrace.c:938
 blkdev_ioctl+0x4c1/0x740 block/ioctl.c:793
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcf5f99c799
RSP: 002b:00007fcf5fd3fae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fcf5fc15fa0 RCX: 00007fcf5f99c799
RDX: 0000200000000000 RSI: 00000000c0481273 RDI: 0000000000000003
RBP: 00007fcf5fa32bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fcf5fc15fac R14: 00007fcf5fc15fa0 R15: 00007fcf5fc15fa0
 </TASK>

Showing all locks held in the system:
2 locks held by kthreadd/2:
 #0: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4421 [inline]
 #0: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xbd/0x310 mm/page_alloc.c:4446
 #1: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834 [inline]
 #1: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #1: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1416 [inline]
 #1: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xc0c/0x1f80 mm/zswap.c:1527
2 locks held by kworker/u8:1/13:
 #0: ffff88813fe4c948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff88813fe4c948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc90000127c40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc90000127c40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
1 lock held by khungtaskd/31:
 #0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by oom_reaper/32:
5 locks held by kworker/u9:0/51:
 #0: ffff888035b4a948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff888035b4a948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc90000bb7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc90000bb7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff88805ba30ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff88805ba300c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340 net/bluetooth/hci_conn.c:1342
4 locks held by kworker/u8:5/83:
 #0: ffff88813fe4b148 ((wq_completion)kvfree_rcu_reclaim){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff88813fe4b148 ((wq_completion)kvfree_rcu_reclaim){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc900025bfc40 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc900025bfc40 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4421 [inline]
 #2: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xbd/0x310 mm/page_alloc.c:4446
 #3: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834 [inline]
 #3: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #3: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1416 [inline]
 #3: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xc0c/0x1f80 mm/zswap.c:1527
3 locks held by kworker/u9:1/5146:
 #0: ffff8881f5236148 ((wq_completion)hci8){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff8881f5236148 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: 
ffffc9000feb7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
ffffc9000feb7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8881f2a9cec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
3 locks held by udevd/5195:
 #0: ffff888023990580 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1093 [inline]
 #0: ffff888023990580 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_fault+0x97c/0x1320 mm/filemap.c:3556
 #1: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4421 [inline]
 #1: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xbd/0x310 mm/page_alloc.c:4446
 #2: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: acomp_ctx_get_cpu_lock mm/zswap.c:834 [inline]
 #2: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_compress mm/zswap.c:865 [inline]
 #2: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store_page mm/zswap.c:1416 [inline]
 #2: ffffe8ffffc26770 (&per_cpu_ptr(pool->acomp_ctx, cpu)->mutex){+.+.}-{4:4}, at: zswap_store+0xc0c/0x1f80 mm/zswap.c:1527
1 lock held by dhcpcd/5489:
2 locks held by getty/5586:
 #0: ffff88803693a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc9000331e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 drivers/tty/n_tty.c:2211
1 lock held by syz-execprog/5848:
3 locks held by syz-executor/5853:
 #0: ffff88807e966f08 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1093 [inline]
 #0: ffff88807e966f08 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_fault+0x97c/0x1320 mm/filemap.c:3556
 #1: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4421 [inline]
 #1: ffffffff8e8844c0 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim+0xbd/0x310 mm/page_alloc.c:4446
 #2: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150 kernel/sched/core.c:647
5 locks held by kworker/u9:3/5959:
 #0: ffff88802ae3c948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff88802ae3c948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc90003cc7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc90003cc7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff88805a1e8ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff88805a1e80c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:311 [inline]
 #4: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770 kernel/rcu/tree_exp.h:961
7 locks held by kworker/u9:4/5964:
 #0: ffff888079ce3148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff888079ce3148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc90004137c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc90004137c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff88805a48cec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff88805a48c0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340 net/bluetooth/hci_conn.c:1342
 #5: ffff888075fab2f8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x7b/0x5c0 net/bluetooth/l2cap_core.c:1755
 #6: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #6: ffffffff8e766578 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 kernel/rcu/tree_exp.h:961
5 locks held by kworker/u9:5/5966:
 #0: ffff8881f5234148 ((wq_completion)hci9){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff8881f5234148 ((wq_completion)hci9){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc900036b7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc900036b7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8881f2aa0ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff8881f2aa00c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340 net/bluetooth/hci_conn.c:1342
2 locks held by syz.4.21/6098:
1 lock held by syz.2.19/6099:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.0.17/6101:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.1.18/6102:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.6.22/6132:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.9.25/6185:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.8.24/6186:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.7.23/6189:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.3.26/6190:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.5.27/6211:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.2.30/6260:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.4.31/6273:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.1.29/6274:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.0.28/6275:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.6.32/6294:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.7.33/6337:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.8.34/6363:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.3.36/6364:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.9.35/6365:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.5.37/6381:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz.2.38/6397:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
3 locks held by syz-executor/6435:
1 lock held by syz.1.39/6454:
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock_nomemsave block/blk.h:740 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_debugfs_lock block/blk.h:752 [inline]
 #0: ffff888026151bf0 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0x2d3/0x520 kernel/trace/blktrace.c:789
1 lock held by syz-executor/6457:
 #0: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
1 lock held by dhcpcd/6469:
 #0: ffff8881ea850260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881ea850260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
1 lock held by dhcpcd/6470:
 #0: ffff8881f75fa260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881f75fa260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
1 lock held by dhcpcd/6471:
 #0: ffff8881fd44c260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881fd44c260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
5 locks held by kworker/u9:6/6472:
 #0: ffff8881f4d95148 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff8881f4d95148 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc900053afc40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc900053afc40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8881f32e4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 net/bluetooth/hci_sync.c:331
 #3: ffff8881f32e40c0 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0xa6f/0x1190 net/bluetooth/hci_sync.c:5734
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #4: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x340 net/bluetooth/hci_conn.c:1342
4 locks held by kworker/u9:7/6475:
 #0: ffff8880282f0148 ((wq_completion)hci27#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff8880282f0148 ((wq_completion)hci27#2){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc900053efc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc900053efc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8881ab6400c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x950 net/bluetooth/hci_event.c:3720
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x54c/0x950 net/bluetooth/hci_event.c:3754
1 lock held by dhcpcd/6476:
 #0: ffff8881fd44e260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881fd44e260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
1 lock held by dhcpcd/6478:
 #0: ffff8881f75fc260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881f75fc260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
1 lock held by dhcpcd/6480:
 #0: ffff8881d37ce260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1709 [inline]
 #0: ffff8881d37ce260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 net/packet/af_packet.c:3197
4 locks held by kworker/u9:11/6488:
 #0: ffff888091fbb948 ((wq_completion)hci28#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff888091fbb948 ((wq_completion)hci28#2){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc9000546fc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc9000546fc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff8882293880c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x950 net/bluetooth/hci_event.c:3720
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x54c/0x950 net/bluetooth/hci_event.c:3754
4 locks held by kworker/u9:12/6489:
 #0: ffff88806aa99948 ((wq_completion)hci26#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3250 [inline]
 #0: ffff88806aa99948 ((wq_completion)hci26#2){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 kernel/workqueue.c:3358
 #1: ffffc9000547fc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3251 [inline]
 #1: ffffc9000547fc40 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 kernel/workqueue.c:3358
 #2: ffff88822938c0c0 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x950 net/bluetooth/hci_event.c:3720
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2136 [inline]
 #3: ffffffff8fd593a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x54c/0x950 net/bluetooth/hci_event.c:3754
2 locks held by syz-executor/6490:
 #0: ffffffff9011c650 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff9011c650 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff9011c650 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
2 locks held by syz-executor/6491:
 #0: ffffffff9011cbf8 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff9011cbf8 (&ops->srcu#2){.+.+}-{0:0}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff9011cbf8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 net/core/rtnetlink.c:570
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #1: ffffffff8fbccd08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071
1 lock held by syz-executor/6492:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x274/0x2d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xfd9/0x1030 kernel/hung_task.c:515
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 6457 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:rcu_preempt_read_exit kernel/rcu/tree_plugin.h:396 [inline]
RIP: 0010:__rcu_read_unlock+0x32/0xe0 kernel/rcu/tree_plugin.h:435
Code: 41 55 41 54 53 49 bf 00 00 00 00 00 fc ff df 65 48 8b 3d b9 67 70 11 48 8d 9f 84 04 00 00 49 89 dc 49 c1 ec 03 43 0f b6 04 3c <84> c0 75 4f ff 0b 75 1d 4c 8d b7 88 04 00 00 4c 89 f0 48 c1 e8 03
RSP: 0018:ffffc90000007748 EFLAGS: 00000803
RAX: 0000000000000000 RBX: ffff88815e0322c4 RCX: 0000000000000102
RDX: 0000000000000004 RSI: ffffffff8e162f46 RDI: ffff88815e031e40
RBP: dffffc0000000000 R08: ffffc900052ffcb0 R09: 0000000000000000
R10: ffffc90000007898 R11: fffff52000000f15 R12: 1ffff1102bc06458
R13: ffffc900052f8000 R14: ffffc90000007848 R15: dffffc0000000000
FS:  000055556044c500(0000) GS:ffff888125464000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbb6e80a358 CR3: 0000000209c7e000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rcu_read_unlock include/linux/rcupdate.h:883 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1193 [inline]
 unwind_next_frame+0x1aaf/0x23c0 arch/x86/kernel/unwind_orc.c:695
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:57
 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:556
 insert_work+0x3d/0x330 kernel/workqueue.c:2199
 __queue_work+0xd03/0x1020 kernel/workqueue.c:2354
 call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1794 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x67e/0x8b0 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404