last executing test programs: 47.753360928s ago: executing program 1 (id=249): io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x4}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) 47.517332975s ago: executing program 1 (id=253): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xfffffffffffffffe) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@loopback, 0x0, 0x0, 0x4e23, 0x2, 0xa, 0x20, 0x20}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x400000000}, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x40, 0x0}, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb3, 0xfffffffb, 0xfffffffe}}, 0xe8) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x1c) 46.289385325s ago: executing program 2 (id=260): syz_usb_connect$cdc_ecm(0x5, 0x55, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x43, 0x1, 0x1, 0x0, 0x0, 0x2, "", [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, [@mdlm_detail={0x4, 0x24, 0x13, 0xb4}, @mdlm_detail={0x4, 0x24, 0x13, 0x1}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x0, 0x0, 0x72}}}}}]}}]}}, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x10000001d, 0x8041) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)=@usbdevfs_connect) 42.933952246s ago: executing program 2 (id=267): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0x8}}}, 0x24}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0x0, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x705, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xffe0}, {0x10, 0x8}, {0xfff2, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 36.984143958s ago: executing program 4 (id=279): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SIOCGSTAMPNS(r1, 0x8907, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r5 = eventfd2(0x1, 0x1) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r6, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, 0x0) ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000180)={0x0, r5}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1e, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[]) write$FUSE_INIT(r7, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x50480240, 0x0, 0x61c6, 0x7, 0xa15, 0x0, 0x0, 0x1}}, 0x50) write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0x0, 0x100000000, 0x0, r0}}}, 0x28) 35.950537765s ago: executing program 1 (id=280): socket$pppl2tp(0x18, 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000019c0)={0x3, 0x3, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6(0xa, 0x2, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000440), 0x280000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) socket(0x10, 0x3, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x5c8, &(0x7f0000000400)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @broadcast, @val={@void, {0x8100, 0x2, 0x1, 0x1}}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @empty}}}}, 0x0) 35.839937303s ago: executing program 4 (id=281): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000540)='mounts\x00') epoll_create1(0x80000) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x6, &(0x7f0000000000)=""/16, &(0x7f0000000240)=0x10) 35.309486801s ago: executing program 1 (id=283): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e) ptrace$ARCH_SET_GS(0x1e, r0, &(0x7f0000000100), 0x1001) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0100, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) ioctl$TUNSETLINK(r3, 0x400454cd, 0x6) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) r4 = syz_io_uring_setup(0x45b4, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x200000, 0x46}, 0x0, &(0x7f00000000c0), &(0x7f0000000000)) io_uring_enter(r4, 0x2914, 0x58f2, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_i', @ANYBLOB=',group_i', @ANYRESDEC=0x0]) read$FUSE(r6, &(0x7f00000021c0)={0x2020}, 0x2020) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_i', @ANYRESDEC=0x0, @ANYBLOB="7827fcc8c9f0d93353fef6da07c098980b056b4fed5295aed7576f5f472e102b268cadd9bbe63f45e919bdf527fc3208d554a3c8279a306332a0cad32ac3bb6ccdaccb9096737c553170b29b5e8c5f63aa732f4a921bc0e8cc6fb788975b91b005af1b85bc4a4f6db27fece37b7171d43a000000000000000000000a818b935eba1e83f62d5d17f10000", @ANYBLOB=',\x00']) 34.353302763s ago: executing program 4 (id=285): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) r1 = openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 34.115902093s ago: executing program 1 (id=286): ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x20044000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(0x0, 0x4880) ptrace(0x10, r3) ptrace$pokeuser(0x6, r3, 0x388, 0x41d9fda7) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, &(0x7f0000000080)=0xf02) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000080000001801000020646c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000040000851000000200000085000000230000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r4}, 0xc) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0x0, 0x111, 0x4b4, 0x128, 0xd4feffff, 0x260, 0x20a, 0x278, 0x260, 0x278, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, [], [0x0, 0x0, 0x0, 0xffffff00], 'pimreg1\x00', 'veth1_vlan\x00', {}, {}, 0x6}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x22, 0x0, 0x4, 0xc}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@TCPMSS={0x20}}, {{@ipv6={@local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x0, 0x0, 0xff], 'syzkaller1\x00', 'caif0\x00', {0xff}, {0xff}}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390) 33.988188376s ago: executing program 2 (id=287): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f00000000c0)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x22020600) setpgid(r3, r3) fchdir(r2) chdir(&(0x7f0000000080)='./file0\x00') 33.980698155s ago: executing program 0 (id=288): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0x400000000000003, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfbffffff}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x50}}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmsg$key(r0, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2, 0x9, 0x0, 0x9, 0x2, 0x0, 0x0, 0x25dfdbff}, 0x10}}, 0x0) 32.573525153s ago: executing program 4 (id=290): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xfffffffffffffffe) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@loopback, 0x0, 0x0, 0x4e23, 0x2, 0xa, 0x20, 0x20}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x400000000}, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x40, 0x0}, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb3, 0xfffffffb, 0xfffffffe}}, 0xe8) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x1c) 30.577058823s ago: executing program 2 (id=291): socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000900)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r3, 0x0, 0x0) 30.515350826s ago: executing program 0 (id=292): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB], 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r3, r2, 0x7}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r1}, 0x20) write$eventfd(r0, &(0x7f0000000640)=0x9, 0x8) syz_emit_ethernet(0x26, &(0x7f0000000480)={@remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, @val={@val={0x88a8, 0x0, 0x1, 0x2}, {0x8100, 0x5, 0x1, 0x2}}, {@can={0xc, {{0x2, 0x1, 0x1}, 0x7, 0x2, 0x0, 0x0, "ff6507fc30459f71"}}}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000011c0)={0x1c, 0x0, 0x10, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0xfffffdea}, 0x1, 0x0, 0x0, 0x801}, 0x4) 29.357711778s ago: executing program 2 (id=293): socket$pppl2tp(0x18, 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000019c0)={0x3, 0x3, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6(0xa, 0x2, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000440), 0x280000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) socket(0x10, 0x3, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x5c8, &(0x7f0000000400)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @broadcast, @val={@void, {0x8100, 0x2, 0x1, 0x1}}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @empty}}}}, 0x0) 28.955213063s ago: executing program 0 (id=294): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000100)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x2, 0x0, 0x0, 0x6, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x26}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x10, 0x0, 0x0, 0x0, {[@generic={0x8, 0x2}]}}}}}}}, 0x0) 28.316953667s ago: executing program 0 (id=296): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e) ptrace$ARCH_SET_GS(0x1e, r0, &(0x7f0000000100), 0x1001) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0100, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) ioctl$TUNSETLINK(r3, 0x400454cd, 0x6) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) r4 = syz_io_uring_setup(0x45b4, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x200000, 0x46}, 0x0, &(0x7f00000000c0), &(0x7f0000000000)) io_uring_enter(r4, 0x2914, 0x58f2, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_i', @ANYBLOB=',group_i', @ANYRESDEC=0x0]) read$FUSE(r6, &(0x7f00000021c0)={0x2020}, 0x2020) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_i', @ANYRESDEC=0x0, @ANYBLOB="7827fcc8c9f0d93353fef6da07c098980b056b4fed5295aed7576f5f472e102b268cadd9bbe63f45e919bdf527fc3208d554a3c8279a306332a0cad32ac3bb6ccdaccb9096737c553170b29b5e8c5f63aa732f4a921bc0e8cc6fb788975b91b005af1b85bc4a4f6db27fece37b7171d43a000000000000000000000a818b935eba1e83f62d5d17f10000", @ANYBLOB=',\x00']) 26.90728793s ago: executing program 2 (id=298): socket$pppl2tp(0x18, 0x1, 0x1) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000000c0)="5c00000014006b05c84ea1000ab16d6e230675f811000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098f851f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r1, &(0x7f0000000040), 0x10) 26.85117785s ago: executing program 0 (id=299): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000008e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) ioctl$int_in(r3, 0x5421, &(0x7f0000000440)=0x6) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r4, 0x4b49, &(0x7f0000000040)={0x1a, "46a9f8981dc065b64c3d3f3b837274fee802a0bd3bb998d949325c1ab9e3b4f3cb507dd115d47b358f2e4266839985977a116f4191f20c8fe1cee27ca6fe7475d61f9278e6f98a2c66811b4c1f2aa3897d97ed7a83291ab1e27e25371d7fd7c564af48b52560bbbd023e3278e9eb88a2c2f9e691e79cbc841d66c47d5d7699add40c976657250a98cb5c7e5a2e37ad13f1c4413b56de58a85f85c379c887960772ab984801ed9b286042c7b3f0d7d1745fc6adb1c33149db8656816e5efe1a2815434bc7113ba10289bd2c4f333e186fd41db0e13651b0a52815ed2470252329edd2e2eb79f20bca22f2a1eaa7ae7c57f539889ba45ea047c1b9dde8d6f9f3ba55fcb825d4a5f03b30cd11cd31fc255b5d9486d98ad3c6904e42a6da9a0f310a4ae94f3e7ce9198d82e1ff838f3b6efce51d1e7ec3eaf766ef1b17db6e52e99010f58d3e471db22fe6e93e67734b48753747c2d975b081a02d0c73bb3ee5aa2e7f58a186c01798f5f68a55adf7a83c5baf78b1dff7d1d895dd270ef113312e8dff2a8b253d830dc5257e148a07d4c57b5954c74db299afe84c2b8eb589336ac4bda6aaa84cee2a0bd2019dda573a45a862a134a2716304f2b5f56382e83bb3c9e4705761a7fddf012a13fb1f8cac739b0202c2a251e19f983142c635a1ea42e170b9428c0ef03ec7a7be56bff68f0c4af0770b2876e1425211641a1c8544e640"}) close(r3) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) socket$xdp(0x2c, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x0, 0x0, {0xffffffffffffffff}}, 0x18) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB='tranS=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB]) getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)=@random={'user.', 'rfdno'}, 0x0, 0x0) 25.693397952s ago: executing program 1 (id=301): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f00000000c0)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x22020600) setpgid(r3, r3) fchdir(r2) chdir(&(0x7f0000000080)='./file0\x00') 25.520548583s ago: executing program 0 (id=302): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0x400000000000003, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfbffffff}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x50}}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmsg$key(r0, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2, 0x9, 0x0, 0x9, 0x2, 0x0, 0x0, 0x25dfdbff}, 0x10}}, 0x0) 25.508254977s ago: executing program 4 (id=303): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x2000002, 0x3a, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000c00)=0x11) 24.608029668s ago: executing program 4 (id=305): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) r1 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x20e, 0x43, 0x0, &(0x7f00000004c0)="b9180bb7600a070c009e40f086dd1fff310005e03300fd3a0010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d74733e0ab4439f0f570ff155bc5f7", 0x0, 0x31, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 24.134821003s ago: executing program 3 (id=306): r0 = io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x4}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x5, @any, 0x0, 0x1}, 0xe) bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) close_range(r0, 0xffffffffffffffff, 0x0) 21.495776916s ago: executing program 3 (id=307): r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 20.10766128s ago: executing program 3 (id=308): socket$pppl2tp(0x18, 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000019c0)={0x3, 0x3, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6(0xa, 0x2, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000440), 0x280000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) socket(0x10, 0x3, 0x0) signalfd4(0xffffffffffffffff, &(0x7f00000008c0)={[0xdcfe]}, 0x8, 0x80800) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x5c8, &(0x7f0000000400)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @broadcast, @val={@void, {0x8100, 0x2, 0x1, 0x1}}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @empty}}}}, 0x0) 19.545023803s ago: executing program 3 (id=309): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e) ptrace$ARCH_SET_GS(0x1e, r0, &(0x7f0000000100), 0x1001) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0100, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) ioctl$TUNSETLINK(r3, 0x400454cd, 0x6) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) r4 = syz_io_uring_setup(0x45b4, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x200000, 0x46}, 0x0, &(0x7f00000000c0), &(0x7f0000000000)) io_uring_enter(r4, 0x2914, 0x58f2, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_i', @ANYBLOB=',group_i', @ANYRESDEC=0x0]) read$FUSE(r6, &(0x7f00000021c0)={0x2020}, 0x2020) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_i', @ANYRESDEC=0x0, @ANYBLOB="7827fcc8c9f0d93353fef6da07c098980b056b4fed5295aed7576f5f472e102b268cadd9bbe63f45e919bdf527fc3208d554a3c8279a306332a0cad32ac3bb6ccdaccb9096737c553170b29b5e8c5f63aa732f4a921bc0e8cc6fb788975b91b005af1b85bc4a4f6db27fece37b7171d43a000000000000000000000a818b935eba1e83f62d5d17f10000", @ANYBLOB=',\x00']) 17.509713726s ago: executing program 3 (id=310): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0x8}}}, 0x24}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0x0, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x705, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xffe0}, {0x10, 0x8}, {0xfff2, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 16.671259189s ago: executing program 3 (id=311): ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x20044000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(0x0, 0x4880) ptrace(0x10, r3) ptrace$pokeuser(0x6, r3, 0x388, 0x41d9fda7) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, &(0x7f0000000080)=0xf02) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000080000001801000020646c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000040000851000000200000085000000230000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r4}, 0xc) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0x0, 0x111, 0x4b4, 0x128, 0xd4feffff, 0x260, 0x20a, 0x278, 0x260, 0x278, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, [], [0x0, 0x0, 0x0, 0xffffff00], 'pimreg1\x00', 'veth1_vlan\x00', {}, {}, 0x6}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x22, 0x0, 0x4, 0xc}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@TCPMSS={0x20}}, {{@ipv6={@local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x0, 0x0, 0xff], 'syzkaller1\x00', 'caif0\x00', {0xff}, {0xff}}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390) 10.620980078s ago: executing program 32 (id=298): socket$pppl2tp(0x18, 0x1, 0x1) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000000c0)="5c00000014006b05c84ea1000ab16d6e230675f811000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098f851f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r1, &(0x7f0000000040), 0x10) 7.274394866s ago: executing program 33 (id=302): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0x400000000000003, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfbffffff}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x50}}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmsg$key(r0, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2, 0x9, 0x0, 0x9, 0x2, 0x0, 0x0, 0x25dfdbff}, 0x10}}, 0x0) 7.070887167s ago: executing program 34 (id=301): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f00000000c0)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare(0x22020600) setpgid(r3, r3) fchdir(r2) chdir(&(0x7f0000000080)='./file0\x00') 6.905047213s ago: executing program 35 (id=305): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) r1 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000140)={@my=0x1}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x20e, 0x43, 0x0, &(0x7f00000004c0)="b9180bb7600a070c009e40f086dd1fff310005e03300fd3a0010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d74733e0ab4439f0f570ff155bc5f7", 0x0, 0x31, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 0s ago: executing program 36 (id=311): ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x20044000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(0x0, 0x4880) ptrace(0x10, r3) ptrace$pokeuser(0x6, r3, 0x388, 0x41d9fda7) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, &(0x7f0000000080)=0xf02) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000080000001801000020646c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff0000000000040000851000000200000085000000230000009500000000000000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r4}, 0xc) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0x0, 0x111, 0x4b4, 0x128, 0xd4feffff, 0x260, 0x20a, 0x278, 0x260, 0x278, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @empty, [], [0x0, 0x0, 0x0, 0xffffff00], 'pimreg1\x00', 'veth1_vlan\x00', {}, {}, 0x6}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x22, 0x0, 0x4, 0xc}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@TCPMSS={0x20}}, {{@ipv6={@local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x0, 0x0, 0xff], 'syzkaller1\x00', 'caif0\x00', {0xff}, {0xff}}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.61' (ED25519) to the list of known hosts. [ 78.594787][ T5583] cgroup: Unknown subsys name 'net' [ 78.837090][ T5583] cgroup: Unknown subsys name 'cpuset' [ 78.891174][ T5583] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 80.612460][ T5583] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.104441][ T5603] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.133951][ T5612] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.153038][ T5612] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.163119][ T5612] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.173968][ T5612] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.183256][ T5612] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.184471][ T5612] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.185611][ T5612] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.203060][ T5612] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 83.206119][ T5612] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.208288][ T5612] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.215422][ T5616] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.228016][ T5612] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.238100][ T4914] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.238228][ T5612] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 83.239151][ T5616] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.262720][ T5612] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 83.264132][ T5612] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.264741][ T5612] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.270706][ T5612] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.271522][ T4914] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.273814][ T5612] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.274356][ T5612] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.275083][ T5612] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 83.279408][ T5609] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.391945][ T4914] Bluetooth: hci3: command tx timeout [ 85.473356][ T4914] Bluetooth: hci0: command tx timeout [ 85.473391][ T5617] Bluetooth: hci1: command tx timeout [ 85.473496][ T4914] Bluetooth: hci4: command tx timeout [ 85.473798][ T5620] Bluetooth: hci2: command tx timeout [ 85.777457][ T5597] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.778490][ T5597] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.778771][ T5597] bridge_slave_0: entered allmulticast mode [ 85.780286][ T5597] bridge_slave_0: entered promiscuous mode [ 85.846064][ T5597] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.846164][ T5597] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.846642][ T5597] bridge_slave_1: entered allmulticast mode [ 85.848516][ T5597] bridge_slave_1: entered promiscuous mode [ 85.849506][ T5600] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.849594][ T5600] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.849682][ T5600] bridge_slave_0: entered allmulticast mode [ 85.853494][ T5600] bridge_slave_0: entered promiscuous mode [ 85.900981][ T5598] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.901129][ T5598] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.901322][ T5598] bridge_slave_0: entered allmulticast mode [ 85.904910][ T5598] bridge_slave_0: entered promiscuous mode [ 85.929635][ T5600] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.929722][ T5600] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.929995][ T5600] bridge_slave_1: entered allmulticast mode [ 85.945350][ T5600] bridge_slave_1: entered promiscuous mode [ 85.947061][ T5601] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.947183][ T5601] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.947332][ T5601] bridge_slave_0: entered allmulticast mode [ 85.949763][ T5601] bridge_slave_0: entered promiscuous mode [ 85.954598][ T5599] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.955693][ T5599] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.955869][ T5599] bridge_slave_0: entered allmulticast mode [ 85.959128][ T5599] bridge_slave_0: entered promiscuous mode [ 85.970559][ T5598] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.970674][ T5598] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.970840][ T5598] bridge_slave_1: entered allmulticast mode [ 85.983017][ T5598] bridge_slave_1: entered promiscuous mode [ 86.028034][ T5601] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.028182][ T5601] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.028345][ T5601] bridge_slave_1: entered allmulticast mode [ 86.032078][ T5601] bridge_slave_1: entered promiscuous mode [ 86.033966][ T5599] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.034075][ T5599] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.034213][ T5599] bridge_slave_1: entered allmulticast mode [ 86.036863][ T5599] bridge_slave_1: entered promiscuous mode [ 86.073688][ T5597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.133565][ T5597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.136362][ T5600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.254891][ T5598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.275468][ T5600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.278053][ T5601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.283972][ T5599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.291006][ T5598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.326321][ T5601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.328276][ T5599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.355047][ T5597] team0: Port device team_slave_0 added [ 86.404547][ T5597] team0: Port device team_slave_1 added [ 86.406195][ T5600] team0: Port device team_slave_0 added [ 86.436342][ T5598] team0: Port device team_slave_0 added [ 86.452975][ T5600] team0: Port device team_slave_1 added [ 86.454574][ T5601] team0: Port device team_slave_0 added [ 86.457023][ T5599] team0: Port device team_slave_0 added [ 86.459127][ T5598] team0: Port device team_slave_1 added [ 86.500736][ T5601] team0: Port device team_slave_1 added [ 86.502345][ T5599] team0: Port device team_slave_1 added [ 86.515474][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.515489][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.515512][ T5597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.584215][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.584231][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.584253][ T5597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.585182][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.585191][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.585204][ T5600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.665872][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.665887][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.665961][ T5598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.685072][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.685088][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.685110][ T5600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.687563][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.687579][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.687601][ T5601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.688787][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.688798][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.688821][ T5599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.696081][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.696095][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.696119][ T5598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.715764][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.715779][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.715802][ T5599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.717228][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.717240][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.717263][ T5601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.904018][ T5597] hsr_slave_0: entered promiscuous mode [ 86.906827][ T5597] hsr_slave_1: entered promiscuous mode [ 86.964773][ T5600] hsr_slave_0: entered promiscuous mode [ 86.965981][ T5600] hsr_slave_1: entered promiscuous mode [ 86.967708][ T5600] debugfs: 'hsr0' already exists in 'hsr' [ 86.967821][ T5600] Cannot create hsr debugfs directory [ 87.033948][ T5598] hsr_slave_0: entered promiscuous mode [ 87.034966][ T821] cfg80211: failed to load regulatory.db [ 87.036621][ T5598] hsr_slave_1: entered promiscuous mode [ 87.037517][ T5598] debugfs: 'hsr0' already exists in 'hsr' [ 87.037538][ T5598] Cannot create hsr debugfs directory [ 87.051033][ T5599] hsr_slave_0: entered promiscuous mode [ 87.052307][ T5599] hsr_slave_1: entered promiscuous mode [ 87.053167][ T5599] debugfs: 'hsr0' already exists in 'hsr' [ 87.053190][ T5599] Cannot create hsr debugfs directory [ 87.067907][ T5601] hsr_slave_0: entered promiscuous mode [ 87.069235][ T5601] hsr_slave_1: entered promiscuous mode [ 87.074086][ T5601] debugfs: 'hsr0' already exists in 'hsr' [ 87.074110][ T5601] Cannot create hsr debugfs directory [ 87.470727][ T5620] Bluetooth: hci3: command tx timeout [ 87.550701][ T5620] Bluetooth: hci2: command tx timeout [ 87.550732][ T5620] Bluetooth: hci1: command tx timeout [ 87.550758][ T5620] Bluetooth: hci0: command tx timeout [ 87.550952][ T5617] Bluetooth: hci4: command tx timeout [ 88.222238][ T5597] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.274348][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 88.290383][ T5597] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.324793][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 88.327571][ T5597] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.375381][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 88.397126][ T5597] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.434484][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 88.547782][ T5598] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.585645][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 88.590432][ T5598] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.613045][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 88.619863][ T5598] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.665937][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 88.690614][ T5598] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.728385][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 88.869868][ T5599] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.896560][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 88.908115][ T5599] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.934179][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 88.937824][ T5599] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.984963][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 89.007704][ T5599] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.046644][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 89.214520][ T5600] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.257103][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 89.273066][ T5600] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.316399][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 89.328929][ T5600] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.354869][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 89.382403][ T5600] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.413981][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 89.457141][ T5597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.535567][ T5601] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.550678][ T5617] Bluetooth: hci3: command tx timeout [ 89.576735][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 89.599565][ T5601] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.630920][ T5617] Bluetooth: hci4: command tx timeout [ 89.630954][ T5617] Bluetooth: hci0: command tx timeout [ 89.630974][ T5617] Bluetooth: hci1: command tx timeout [ 89.630992][ T5617] Bluetooth: hci2: command tx timeout [ 89.634749][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 89.639767][ T5601] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.704045][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 89.706761][ T5597] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.709707][ T5601] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.747165][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 89.782259][ T5598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.787443][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.787588][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.843083][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.843269][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.933799][ T5598] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.976652][ T5599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.998105][ T3723] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.998272][ T3723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.036041][ T3723] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.036165][ T3723] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.119663][ T5599] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.160221][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.160368][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.234122][ T5600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.247589][ T1785] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.248139][ T1785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.388112][ T5600] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.459371][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.459499][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.504217][ T5601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.552606][ T1785] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.552983][ T1785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.724508][ T5601] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.780063][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.780258][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.841822][ T91] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.843481][ T91] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.362739][ T5597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.605056][ T5598] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.631027][ T5620] Bluetooth: hci3: command tx timeout [ 91.711033][ T5620] Bluetooth: hci2: command tx timeout [ 91.711063][ T5620] Bluetooth: hci1: command tx timeout [ 91.711082][ T5620] Bluetooth: hci0: command tx timeout [ 91.711101][ T5620] Bluetooth: hci4: command tx timeout [ 91.759847][ T5597] veth0_vlan: entered promiscuous mode [ 91.867001][ T5597] veth1_vlan: entered promiscuous mode [ 92.059854][ T5598] veth0_vlan: entered promiscuous mode [ 92.169337][ T5598] veth1_vlan: entered promiscuous mode [ 92.178068][ T5597] veth0_macvtap: entered promiscuous mode [ 92.225775][ T5597] veth1_macvtap: entered promiscuous mode [ 92.234618][ T5599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.307371][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.365046][ T5600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.366494][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.392558][ T5598] veth0_macvtap: entered promiscuous mode [ 92.399192][ T5601] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.429237][ T176] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.443738][ T5598] veth1_macvtap: entered promiscuous mode [ 92.464112][ T56] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.469755][ T56] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.488004][ T56] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.660295][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.728065][ T5599] veth0_vlan: entered promiscuous mode [ 92.800997][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.869640][ T56] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.874264][ T5599] veth1_vlan: entered promiscuous mode [ 92.883650][ T56] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.896670][ T176] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.906683][ T176] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.987717][ T5601] veth0_vlan: entered promiscuous mode [ 93.097582][ T1032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.097610][ T1032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.199688][ T5601] veth1_vlan: entered promiscuous mode [ 93.318181][ T5599] veth0_macvtap: entered promiscuous mode [ 93.346172][ T91] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.346192][ T91] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.370014][ T5599] veth1_macvtap: entered promiscuous mode [ 93.376583][ T5600] veth0_vlan: entered promiscuous mode [ 93.505536][ T5600] veth1_vlan: entered promiscuous mode [ 93.516200][ T91] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.516217][ T91] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.549566][ T5601] veth0_macvtap: entered promiscuous mode [ 93.609756][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.621179][ T5601] veth1_macvtap: entered promiscuous mode [ 93.726597][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.730226][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.730245][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.795184][ T176] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.803306][ T176] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.812564][ T176] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.846943][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.848024][ T176] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.948025][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.995021][ T5600] veth0_macvtap: entered promiscuous mode [ 94.105724][ T1032] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.157025][ T1032] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.158985][ T5600] veth1_macvtap: entered promiscuous mode [ 94.300150][ T5793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 94.333511][ T1032] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.439949][ T176] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.729196][ T3723] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.729214][ T3723] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.841735][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.979995][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.012306][ T2265] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.012327][ T2265] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.052300][ T2265] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.055856][ T2265] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.056770][ T2265] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.059151][ T2265] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.327497][ T5796] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 95.328953][ T5797] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 95.352692][ T5797] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 95.566484][ T5797] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 95.587710][ T5805] warning: `syz.3.4' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 95.668367][ T5797] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 95.668722][ T5797] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 95.668838][ T5797] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 95.799064][ T5797] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 95.835546][ T5808] netlink: 'syz.3.8': attribute type 2 has an invalid length. [ 95.894680][ T5797] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 95.894791][ T5797] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 96.027809][ T5797] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 96.182130][ T5797] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 96.182215][ T5797] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 96.344326][ T5797] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 96.541994][ T5815] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10'. [ 96.722573][ T5819] comedi comedi1: board detection failed [ 96.910400][ T5818] bridge0: port 3(syz_tun) entered blocking state [ 96.911020][ T5617] Bluetooth: hci3: command 0x0c1a tx timeout [ 96.919389][ T5818] bridge0: port 3(syz_tun) entered disabled state [ 96.919834][ T5818] syz_tun: entered allmulticast mode [ 96.925961][ T5818] syz_tun: entered promiscuous mode [ 96.927116][ T5818] bridge0: port 3(syz_tun) entered blocking state [ 96.927256][ T5818] bridge0: port 3(syz_tun) entered forwarding state [ 97.113212][ T91] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.113231][ T91] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.710610][ T5617] Bluetooth: hci2: command 0x0c1a tx timeout [ 98.027448][ T5617] Bluetooth: hci1: command 0x0c1a tx timeout [ 98.190606][ T5617] Bluetooth: hci4: command 0x0c1a tx timeout [ 98.359786][ T3812] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.359806][ T3812] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.612693][ T176] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.612713][ T176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.806468][ T91] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.806485][ T91] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.991913][ T5617] Bluetooth: hci3: command 0x0c1a tx timeout [ 99.794394][ T5617] Bluetooth: hci2: command 0x0c1a tx timeout [ 100.032112][ T5617] Bluetooth: hci1: command 0x0c1a tx timeout [ 100.091120][ T5857] netlink: 'syz.4.5': attribute type 11 has an invalid length. [ 100.273922][ T5617] Bluetooth: hci4: command 0x0c1a tx timeout [ 101.662047][ T5617] Bluetooth: hci3: command 0x0c1a tx timeout [ 101.883782][ T5617] Bluetooth: hci2: command 0x0c1a tx timeout [ 102.111332][ T5620] Bluetooth: hci1: command 0x0c1a tx timeout [ 102.351190][ T5620] Bluetooth: hci4: command 0x0c1a tx timeout [ 103.307140][ T5905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.38'. [ 104.434239][ T5620] Bluetooth: hci4: command 0x0c1a tx timeout [ 104.866042][ T5905] team0: Port device team_slave_0 removed [ 105.587614][ T5903] NFSD: Failed to start, no listeners configured. [ 107.760393][ T5971] process 'syz.4.54' launched './file0' with NULL argv: empty string added [ 121.653756][ T37] audit: type=1804 audit(1778932427.329:2): pid=6134 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.119" name="bus" dev="ramfs" ino=9507 res=1 errno=0 [ 121.691030][ T37] audit: type=1804 audit(1778932427.369:3): pid=6134 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.119" name="bus" dev="ramfs" ino=9507 res=1 errno=0 [ 123.239145][ T6156] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 123.239172][ T6156] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 124.372466][ T6156] vhci_hcd vhci_hcd.0: Device attached [ 125.084716][ T6168] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 125.327377][ T6160] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 125.327406][ T6160] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 125.327536][ T6160] vhci_hcd vhci_hcd.0: Device attached [ 125.393069][ T6156] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(15) [ 125.393097][ T6156] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 125.393151][ T6156] vhci_hcd vhci_hcd.0: Device attached [ 125.455390][ T6156] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 125.498029][ T6158] vhci_hcd: connection closed [ 125.593040][ T6167] vhci_hcd: connection closed [ 125.598361][ T6170] vhci_hcd: connection closed [ 125.745316][ T3812] vhci_hcd vhci_hcd.0: stop threads [ 125.746067][ T3812] vhci_hcd vhci_hcd.0: release socket [ 125.746142][ T3812] vhci_hcd vhci_hcd.0: disconnect device [ 125.752218][ T3812] vhci_hcd vhci_hcd.0: stop threads [ 125.752235][ T3812] vhci_hcd vhci_hcd.0: release socket [ 125.752271][ T3812] vhci_hcd vhci_hcd.0: disconnect device [ 125.755445][ T3812] vhci_hcd vhci_hcd.0: stop threads [ 125.755459][ T3812] vhci_hcd vhci_hcd.0: release socket [ 125.755491][ T3812] vhci_hcd vhci_hcd.0: disconnect device [ 127.407607][ T37] audit: type=1804 audit(1778932433.079:4): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.138" name="bus" dev="ramfs" ino=9559 res=1 errno=0 [ 127.407655][ T37] audit: type=1804 audit(1778932433.089:5): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.138" name="bus" dev="ramfs" ino=9559 res=1 errno=0 [ 130.571016][ T6230] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 130.571042][ T6230] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 130.575326][ T6230] vhci_hcd vhci_hcd.0: Device attached [ 130.578808][ T6230] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 130.599899][ T6230] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 130.604601][ T6230] vhci_hcd vhci_hcd.0: Device attached [ 130.605741][ T6230] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 130.687782][ T6230] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(14) [ 130.687810][ T6230] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 130.688189][ T6230] vhci_hcd vhci_hcd.0: Device attached [ 130.701643][ T5617] Bluetooth: hci3: unexpected event for opcode 0x0c03 [ 130.701804][ T6238] vhci_hcd: connection closed [ 130.707267][ T56] vhci_hcd vhci_hcd.4: stop threads [ 130.707291][ T56] vhci_hcd vhci_hcd.4: release socket [ 130.707327][ T56] vhci_hcd vhci_hcd.4: disconnect device [ 130.720659][ T6231] vhci_hcd: connection closed [ 130.729780][ T56] vhci_hcd vhci_hcd.4: stop threads [ 130.729809][ T56] vhci_hcd vhci_hcd.4: release socket [ 130.729845][ T56] vhci_hcd vhci_hcd.4: disconnect device [ 130.729913][ T6233] vhci_hcd: connection closed [ 130.732502][ T56] vhci_hcd vhci_hcd.4: stop threads [ 130.732518][ T56] vhci_hcd vhci_hcd.4: release socket [ 130.732554][ T56] vhci_hcd vhci_hcd.4: disconnect device [ 132.275101][ T5611] Bluetooth: hci1: command 0x0c1a tx timeout [ 132.358578][ T6263] Zero length message leads to an empty skb [ 132.534197][ T37] audit: type=1804 audit(1778932438.219:6): pid=6273 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.158" name="bus" dev="ramfs" ino=10348 res=1 errno=0 [ 132.534846][ T37] audit: type=1804 audit(1778932438.219:7): pid=6273 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.158" name="bus" dev="ramfs" ino=10348 res=1 errno=0 [ 133.000009][ T1333] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.000099][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.288662][ T6332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.168'. [ 135.288681][ T6332] netlink: 12 bytes leftover after parsing attributes in process `syz.1.168'. [ 135.655519][ T6330] NFSD: Failed to start, no listeners configured. [ 135.671591][ T3812] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 135.671809][ T6332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.168'. [ 135.671826][ T6332] netlink: 12 bytes leftover after parsing attributes in process `syz.1.168'. [ 135.671920][ T3812] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 135.697231][ T3812] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 135.697281][ T3812] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.591836][ T5620] Bluetooth: hci4: command 0x0c1a tx timeout [ 138.976715][ T6405] __kmem_cache_create_args(nfsd_file) failed with error -12 [ 138.976774][ T6405] CPU: 1 UID: 0 PID: 6405 Comm: syz.4.186 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 138.976815][ T6405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 138.976839][ T6405] Call Trace: [ 138.976847][ T6405] [ 138.976855][ T6405] dump_stack_lvl+0xe8/0x150 [ 138.976891][ T6405] __kmem_cache_create_args+0x3ee/0x450 [ 138.976921][ T6405] nfsd_file_cache_init+0x194/0x530 [ 138.976951][ T6405] ? __pfx_nfsd_file_cache_init+0x10/0x10 [ 138.976983][ T6405] ? net_generic+0x1e/0x240 [ 138.977021][ T6405] ? net_generic+0x1e/0x240 [ 138.977059][ T6405] ? net_generic+0x1e/0x240 [ 138.977091][ T6405] ? net_generic+0x1f4/0x240 [ 138.977124][ T6405] nfsd_svc+0x347/0x800 [ 138.977151][ T6405] nfsd_nl_threads_set_doit+0xa7e/0xde0 [ 138.977184][ T6405] genl_family_rcv_msg_doit+0x22a/0x330 [ 138.977219][ T6405] ? __asan_memcpy+0x40/0x70 [ 138.977254][ T6405] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 138.977299][ T6405] ? bpf_lsm_capable+0x9/0x20 [ 138.977326][ T6405] ? security_capable+0x7e/0x2c0 [ 138.977364][ T6405] genl_rcv_msg+0x61c/0x7a0 [ 138.977402][ T6405] ? __pfx_genl_rcv_msg+0x10/0x10 [ 138.977431][ T6405] ? ref_tracker_free+0x673/0x820 [ 138.977457][ T6405] ? __pfx_nfsd_nl_threads_set_doit+0x10/0x10 [ 138.977481][ T6405] ? __pfx_ref_tracker_free+0x10/0x10 [ 138.977500][ T6405] ? __asan_memcpy+0x40/0x70 [ 138.977527][ T6405] ? __skb_clone+0x63/0x7a0 [ 138.977558][ T6405] netlink_rcv_skb+0x232/0x4b0 [ 138.977581][ T6405] ? __pfx_genl_rcv_msg+0x10/0x10 [ 138.977611][ T6405] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 138.977645][ T6405] ? netlink_deliver_tap+0x2e/0x1b0 [ 138.977667][ T6405] ? netlink_deliver_tap+0x2e/0x1b0 [ 138.977693][ T6405] genl_rcv+0x28/0x40 [ 138.977719][ T6405] netlink_unicast+0x780/0x920 [ 138.977751][ T6405] netlink_sendmsg+0x813/0xb40 [ 138.977782][ T6405] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.977810][ T6405] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 138.977833][ T6405] ____sys_sendmsg+0x94c/0x9c0 [ 138.977864][ T6405] ? __pfx_____sys_sendmsg+0x10/0x10 [ 138.977897][ T6405] ? import_iovec+0x73/0xa0 [ 138.977922][ T6405] ___sys_sendmsg+0x2a5/0x360 [ 138.977946][ T6405] ? __lock_acquire+0x6b5/0x2cf0 [ 138.977974][ T6405] ? __pfx____sys_sendmsg+0x10/0x10 [ 138.978007][ T6405] ? futex_wake+0x4af/0x580 [ 138.978060][ T6405] ? __fget_files+0x2a/0x420 [ 138.978079][ T6405] ? __fget_files+0x3a6/0x420 [ 138.978105][ T6405] __x64_sys_sendmsg+0x1c3/0x2a0 [ 138.978135][ T6405] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 138.978173][ T6405] ? rcu_is_watching+0x15/0xb0 [ 138.978214][ T6405] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.978237][ T6405] do_syscall_64+0x15f/0xf80 [ 138.978263][ T6405] ? trace_irq_disable+0x3b/0x140 [ 138.978288][ T6405] ? clear_bhb_loop+0x40/0x90 [ 138.978314][ T6405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.978335][ T6405] RIP: 0033:0x7fcaf870ce59 [ 138.978363][ T6405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.978380][ T6405] RSP: 002b:00007fcaf6945028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 138.978407][ T6405] RAX: ffffffffffffffda RBX: 00007fcaf8986090 RCX: 00007fcaf870ce59 [ 138.978423][ T6405] RDX: 0000000004000080 RSI: 0000200000000100 RDI: 0000000000000003 [ 138.978435][ T6405] RBP: 00007fcaf87a2d6f R08: 0000000000000000 R09: 0000000000000000 [ 138.978448][ T6405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.978459][ T6405] R13: 00007fcaf8986128 R14: 00007fcaf8986090 R15: 00007ffca6358e08 [ 138.978489][ T6405] [ 138.991019][ T6405] nfsd: unable to create nfsd_file_slab [ 140.909085][ T6473] fuse: Unknown parameter 'user_i' [ 140.987654][ T6475] fuse: Bad value for 'rootmode' [ 142.348560][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 142.732203][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 142.739535][ T9] usb 3-1: device descriptor read/all, error -71 [ 145.404620][ T6532] fuse: Unknown parameter 'user_i' [ 145.470505][ T6533] fuse: Bad value for 'rootmode' [ 149.916204][ T6575] fuse: Unknown parameter 'user_i' [ 150.208910][ T6576] fuse: Bad value for 'rootmode' [ 151.685662][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.697453][ T5620] Bluetooth: hci1: command 0x0c1a tx timeout [ 153.291276][ T6614] netlink: 'syz.3.243': attribute type 2 has an invalid length. [ 156.189590][ T6659] syz.3.258 uses obsolete (PF_INET,SOCK_PACKET) [ 157.850749][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 158.050551][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 158.136313][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 158.136342][ T9] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 158.136367][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 158.136387][ T9] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 158.216773][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 158.216802][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.216822][ T9] usb 3-1: Product: syz [ 158.216836][ T9] usb 3-1: Manufacturer: syz [ 158.216850][ T9] usb 3-1: SerialNumber: syz [ 158.969575][ T9] usb 3-1: No union descriptors [ 159.230717][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 159.261327][ T9] usb 3-1: USB disconnect, device number 4 [ 162.478510][ T6702] 9p: Bad value for 'rfdno' [ 164.170585][ T5611] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 165.444876][ T6715] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 167.528010][ T6736] fuse: Unknown parameter 'user_i' [ 167.586501][ T6737] fuse: Unknown parameter 'user_i00000000000000000000x'üÈÉðÙ3SþöÚÀ˜˜ kOíR•®×Wo_G.+&Œ­Ù»æ?Eé½õ'ü2ÕT£È'š0c2 ÊÓ*ûlͬ˖s|U1p²›^Œ_cªs/J’ÀèÌo·ˆ—[‘°¯…¼JOm²ìã{qqÔ:' [ 169.195704][ T6754] 9p: Bad value for 'rfdno' [ 169.728602][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 173.995339][ T6777] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 174.594220][ T6785] fuse: Unknown parameter 'user_i' [ 174.660776][ T6786] fuse: Unknown parameter 'user_i00000000000000000000x'üÈÉðÙ3SþöÚÀ˜˜ kOíR•®×Wo_G.+&Œ­Ù»æ?Eé½õ'ü2ÕT£È'š0c2 ÊÓ*ûlͬ˖s|U1p²›^Œ_cªs/J’ÀèÌo·ˆ—[‘°¯…¼JOm²ìã{qqÔ:' [ 175.961944][ T6794] netlink: 'syz.2.298': attribute type 2 has an invalid length. [ 176.322474][ T6798] 9p: Bad value for 'rfdno' [ 184.249850][ T6825] fuse: Unknown parameter 'user_i' [ 184.313985][ T6826] fuse: Unknown parameter 'user_i00000000000000000000x'üÈÉðÙ3SþöÚÀ˜˜ kOíR•®×Wo_G.+&Œ­Ù»æ?Eé½õ'ü2ÕT£È'š0c2 ÊÓ*ûlͬ˖s|U1p²›^Œ_cªs/J’ÀèÌo·ˆ—[‘°¯…¼JOm²ìã{qqÔ:' [ 197.024554][ T5620] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 197.092351][ T5620] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 197.100747][ T5620] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 197.119004][ T5620] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 197.132451][ T5620] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 197.740215][ T5620] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 197.777305][ T5620] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 197.779411][ T5620] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 197.820919][ T5620] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 197.821815][ T5620] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 198.125692][ T5611] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 198.159890][ T5611] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 198.177252][ T5611] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 198.183168][ T5611] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 198.208118][ T5611] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 198.937322][ T5611] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 198.976594][ T5611] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 199.011527][ T5611] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 199.013873][ T5611] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 199.175595][ T5611] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 199.231440][ T5611] Bluetooth: hci5: command tx timeout [ 199.950614][ T5620] Bluetooth: hci6: command tx timeout [ 200.441661][ T5620] Bluetooth: hci7: command tx timeout [ 201.730590][ T5620] Bluetooth: hci8: command tx timeout [ 201.731017][ T5620] Bluetooth: hci5: command tx timeout [ 202.030847][ T5611] Bluetooth: hci6: command tx timeout [ 202.511921][ T5611] Bluetooth: hci7: command tx timeout [ 203.811276][ T5611] Bluetooth: hci5: command tx timeout [ 203.811313][ T5611] Bluetooth: hci8: command tx timeout [ 204.140466][ T5620] Bluetooth: hci6: command tx timeout [ 204.590514][ T5620] Bluetooth: hci7: command tx timeout [ 205.870543][ T5620] Bluetooth: hci8: command tx timeout [ 205.870577][ T5620] Bluetooth: hci5: command tx timeout [ 206.200624][ T5611] Bluetooth: hci6: command tx timeout [ 206.670915][ T5611] Bluetooth: hci7: command tx timeout [ 207.950483][ T5611] Bluetooth: hci8: command tx timeout [ 208.802626][ T5620] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 208.842740][ T5620] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 208.844767][ T5620] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 208.847848][ T5620] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 208.850001][ T5620] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 209.793149][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 210.990609][ T5611] Bluetooth: hci9: command tx timeout [ 213.071014][ T5611] Bluetooth: hci9: command tx timeout [ 215.181998][ T5611] Bluetooth: hci9: command tx timeout [ 217.230500][ T5611] Bluetooth: hci9: command tx timeout [ 224.687043][ T6847][ 224.687043][ T6847] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.687166][ T6847] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.687376][ T6847] bridge_slave_0: entered allmulticast mode [ 224.710784][ T6847] bridge_slave_0: entered promiscuous mode [ 224.899574][ T6847] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.899692][ T6847] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.899921][ T6847] bridge_slave_1: entered allmulticast mode [ 224.906856][ T6847] bridge_slave_1: entered promiscuous mode [ 225.158526][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 225.760958][ T6847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.951177][ T6847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.953697][ T6843] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.953814][ T6843] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.954008][ T6843] bridge_slave_0: entered allmulticast mode [ 225.960737][ T6843] bridge_slave_0: entered promiscuous mode [ 226.134098][ T6843] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.134218][ T6843] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.134394][ T6843] bridge_slave_1: entered allmulticast mode [ 226.148313][ T6843] bridge_slave_1: entered promiscuous mode [ 226.362710][ T6852] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.362846][ T6852] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.363034][ T6852] bridge_slave_0: entered allmulticast mode [ 226.399926][ T6852] bridge_slave_0: entered promiscuous mode [ 226.442499][ T6847] team0: Port device team_slave_0 added [ 226.657813][ T6852] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.657944][ T6852] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.658118][ T6852] bridge_slave_1: entered allmulticast mode [ 226.669866][ T6852] bridge_slave_1: entered promiscuous mode [ 226.691311][ T6847] team0: Port device team_slave_1 added [ 226.698790][ T6843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.895183][ T6843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.384019][ T6852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.491339][ T6847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 227.491357][ T6847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 227.491382][ T6847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 227.620678][ T6852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.623995][ T6847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 227.624009][ T6847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 227.624034][ T6847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 227.759991][ T6843] team0: Port device team_slave_0 added [ 228.142555][ T6843] team0: Port device team_slave_1 added [ 228.350713][ T6852] team0: Port device team_slave_0 added [ 228.600609][ T6852] team0: Port device team_slave_1 added [ 228.691794][ T6843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.691810][ T6843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 228.691834][ T6843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.893319][ T6881] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.893446][ T6881] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.893620][ T6881] bridge_slave_0: entered allmulticast mode [ 228.899110][ T6881] bridge_slave_0: entered promiscuous mode [ 228.928081][ T6843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.928099][ T6843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 228.928124][ T6843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.046367][ T6847] hsr_slave_0: entered promiscuous mode [ 229.071247][ T6847] hsr_slave_1: entered promiscuous mode [ 229.074755][ T6847] debugfs: 'hsr0' already exists in 'hsr' [ 229.074780][ T6847] Cannot create hsr debugfs directory [ 229.185648][ T6881] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.185862][ T6881] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.186065][ T6881] bridge_slave_1: entered allmulticast mode [ 229.223347][ T6881] bridge_slave_1: entered promiscuous mode [ 229.616570][ T6852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 229.616588][ T6852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 229.616612][ T6852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.688172][ T6852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.688188][ T6852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 229.688221][ T6852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.922482][ T6881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 230.128136][ T6881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 230.430710][ T6843] hsr_slave_0: entered promiscuous mode [ 230.433579][ T6843] hsr_slave_1: entered promiscuous mode [ 230.436490][ T6843] debugfs: 'hsr0' already exists in 'hsr' [ 230.436515][ T6843] Cannot create hsr debugfs directory [ 231.367650][ T6881] team0: Port device team_slave_0 added [ 245.630890][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 257.297430][ T5620] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 257.332279][ T5620] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 257.339817][ T5620] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 257.355528][ T5620] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 257.356416][ T5620] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 257.578277][ T5611] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 257.615114][ T5611] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 257.616587][ T5611] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 257.618283][ T5611] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 257.619089][ T5611] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 257.882445][ T5611] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 257.912885][ T5611] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 257.916340][ T5611] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 257.937793][ T5611] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 257.940585][ T5611] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 258.108642][ T5611] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 258.148761][ T5611] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 258.151101][ T5611] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 258.154320][ T5611] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 258.156801][ T5611] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 263.478669][ T5611] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 263.512910][ T5611] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 263.515581][ T5611] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 263.516908][ T5611] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 263.517949][ T5611] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 282.140366][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 282.140383][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5597/5:b..l [ 282.140418][ C0] rcu: (detected by 0, t=10502 jiffies, g=14629, q=13709 ncpus=2) [ 282.140439][ C0] task:syz-executor state:R running task stack:20448 pid:5597 tgid:5597 ppid:1 task_flags:0x400140 flags:0x00080002 [ 282.140498][ C0] Call Trace: [ 282.140505][ C0] [ 282.140517][ C0] __schedule+0x16ec/0x5620 [ 282.140550][ C0] ? finish_task_switch+0x4de/0xbe0 [ 282.140585][ C0] ? __schedule+0x1702/0x5620 [ 282.140620][ C0] ? __pfx___schedule+0x10/0x10 [ 282.140645][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 282.140679][ C0] preempt_schedule_irq+0x4d/0xa0 [ 282.140701][ C0] irqentry_exit+0x14f/0x760 [ 282.140725][ C0] ? trace_irq_disable+0x3b/0x140 [ 282.140750][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 282.140771][ C0] RIP: 0010:lock_acquire+0x221/0x350 [ 282.140794][ C0] Code: ff ff ff e8 61 de 7c 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 3b 89 ca 10 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 8d 3d 38 e3 eb [ 282.140808][ C0] RSP: 0018:ffffc90004a372a8 EFLAGS: 00000282 [ 282.140823][ C0] RAX: aff5d9f996a3cc00 RBX: 0000000000000000 RCX: 0000000000000046 [ 282.140835][ C0] RDX: 00000000ac0c005d RSI: ffffffff8d86520c RDI: ffffffff8ba751e0 [ 282.140848][ C0] RBP: ffffffff82329b66 R08: ffffffff82329b66 R09: ffffffff8dfc81c0 [ 282.140861][ C0] R10: dffffc0000000000 R11: fffff9400028b7b1 R12: 0000000000000002 [ 282.140873][ C0] R13: ffffffff8dfc81c0 R14: 0000000000000000 R15: 0000000000000246 [ 282.140888][ C0] ? page_table_check_set+0x126/0x510 [ 282.140911][ C0] ? page_table_check_set+0x126/0x510 [ 282.140941][ C0] ? page_table_check_set+0x126/0x510 [ 282.140962][ C0] page_table_check_set+0x143/0x510 [ 282.140982][ C0] ? page_table_check_set+0x126/0x510 [ 282.141007][ C0] copy_pmd_range+0x350b/0x5550 [ 282.141062][ C0] ? __pfx_copy_pmd_range+0x10/0x10 [ 282.141086][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 282.141116][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 282.141156][ C0] copy_page_range+0xaf4/0x1120 [ 282.141200][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 282.141231][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 282.141255][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 282.141277][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 282.141303][ C0] dup_mmap+0xf4c/0x1d50 [ 282.141345][ C0] ? __pfx_dup_mmap+0x10/0x10 [ 282.141366][ C0] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 282.141396][ C0] ? copy_mm+0x130/0x4a0 [ 282.141417][ C0] ? copy_mm+0x130/0x4a0 [ 282.141450][ C0] copy_mm+0x13b/0x4a0 [ 282.141474][ C0] copy_process+0x1f24/0x4450 [ 282.141511][ C0] ? copy_process+0xd87/0x4450 [ 282.141542][ C0] ? __pfx_copy_process+0x10/0x10 [ 282.141578][ C0] kernel_clone+0x283/0x870 [ 282.141602][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 282.141642][ C0] __x64_sys_clone+0x1b6/0x230 [ 282.141668][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 282.141706][ C0] ? do_user_addr_fault+0xc6f/0x1340 [ 282.141735][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.141754][ C0] do_syscall_64+0x15f/0xf80 [ 282.141778][ C0] ? trace_irq_disable+0x3b/0x140 [ 282.141798][ C0] ? clear_bhb_loop+0x40/0x90 [ 282.141821][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.141839][ C0] RIP: 0033:0x7feddb4f58d2 [ 282.141855][ C0] RSP: 002b:00007ffc567bf570 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 282.141873][ C0] RAX: ffffffffffffffda RBX: 00007ffc567bf570 RCX: 00007feddb4f58d2 [ 282.141885][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 282.141896][ C0] RBP: 00007ffc567bf6fc R08: 0000000000000000 R09: 0000000000000001 [ 282.141906][ C0] R10: 000055557b4737d0 R11: 0000000000000246 R12: 0000000000000001 [ 282.141917][ C0] R13: 000055557b486a00 R14: 0000000000029891 R15: 00007ffc567bf750 [ 282.141947][ C0] [ 282.141960][ C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 4867 jiffies! g14629 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 282.141979][ C0] rcu: Possible timer handling issue on cpu=0 timer-softirq=10537 [ 282.141989][ C0] rcu: rcu_preempt kthread starved for 4868 jiffies! g14629 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 282.142007][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 282.142016][ C0] rcu: RCU grace-period kthread stack dump: [ 282.142022][ C0] task:rcu_preempt state:I stack:27768 pid:18 tgid:18 ppid:2 task_flags:0x208040 flags:0x00080000 [ 282.142068][ C0] Call Trace: [ 282.142074][ C0] [ 282.142085][ C0] __schedule+0x16ec/0x5620 [ 282.142105][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 282.142163][ C0] ? __pfx___schedule+0x10/0x10 [ 282.142193][ C0] ? schedule+0x90/0x360 [ 282.142217][ C0] schedule+0x164/0x360 [ 282.142240][ C0] schedule_timeout+0x158/0x2c0 [ 282.142264][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 282.142285][ C0] ? __pfx_process_timeout+0x10/0x10 [ 282.142310][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 282.142333][ C0] ? prepare_to_swait_event+0x340/0x370 [ 282.142361][ C0] rcu_gp_fqs_loop+0x312/0x11d0 [ 282.142398][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 282.142423][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 282.142444][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 282.142472][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 282.142498][ C0] rcu_gp_kthread+0x9e/0x2b0 [ 282.142524][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 282.142545][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 282.142569][ C0] ? __kthread_parkme+0x7a/0x1f0 [ 282.142591][ C0] ? __kthread_parkme+0x19c/0x1f0 [ 282.142617][ C0] kthread+0x388/0x470 [ 282.142641][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 282.142662][ C0] ? __pfx_kthread+0x10/0x10 [ 282.142686][ C0] ret_from_fork+0x514/0xb70 [ 282.142710][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 282.142729][ C0] ? __switch_to+0xc79/0x1410 [ 282.142758][ C0] ? __pfx_kthread+0x10/0x10 [ 282.142783][ C0] ret_from_fork_asm+0x1a/0x30 [ 282.142821][ C0] [ 282.142827][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 282.142848][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 282.142868][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 282.142877][ C0] RIP: 0010:deref_stack_reg+0x27/0x230 [ 282.142900][ C0] Code: 90 90 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 54 24 18 49 89 f0 49 89 ff 48 be 00 00 00 00 00 fc ff df 48 8d 5f 08 <49> 89 dc 49 c1 ec 03 41 80 3c 34 00 4c 89 04 24 74 16 48 89 df e8 [ 282.142913][ C0] RSP: 0018:ffffc90000146b00 EFLAGS: 00000286 [ 282.142927][ C0] RAX: fffffffffffffff0 RBX: ffffc90000146c30 RCX: 0000000000000000 [ 282.142939][ C0] RDX: ffffc90000146c68 RSI: dffffc0000000000 RDI: ffffc90000146c28 [ 282.142951][ C0] RBP: dffffc0000000000 R08: ffffc900001475f0 R09: 0000000000000000 [ 282.142963][ C0] R10: ffffc90000146c78 R11: fffff52000028d91 R12: ffffc900001475f0 [ 282.142976][ C0] R13: 1ffff92000028d87 R14: ffffc90000146c28 R15: ffffc90000146c28 [ 282.142988][ C0] FS: 0000000000000000(0000) GS:ffff888126173000(0000) knlGS:0000000000000000 [ 282.143001][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 282.143012][ C0] CR2: 00007f596465570a CR3: 0000000038872000 CR4: 00000000003526f0 [ 282.143028][ C0] Call Trace: [ 282.143035][ C0] [ 282.143047][ C0] unwind_next_frame+0x19d5/0x2550 [ 282.143076][ C0] ? unwind_next_frame+0xa6/0x2550 [ 282.143098][ C0] ? nft_do_chain+0x48d/0x1ae0 [ 282.143121][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 282.143150][ C0] arch_stack_walk+0x11b/0x150 [ 282.143178][ C0] ? nft_do_chain_inet+0x360/0x4b0 [ 282.143206][ C0] ? __alloc_skb+0x1d0/0x7d0 [ 282.143227][ C0] stack_trace_save+0xa9/0x100 [ 282.143247][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 282.143268][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 282.143296][ C0] kasan_save_track+0x3e/0x80 [ 282.143313][ C0] ? kasan_save_track+0x3e/0x80 [ 282.143328][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 282.143345][ C0] ? kmem_cache_alloc_node_noprof+0x22a/0x6e0 [ 282.143363][ C0] ? __alloc_skb+0x1d0/0x7d0 [ 282.143381][ C0] ? synproxy_send_client_synack+0x172/0xe30 [ 282.143405][ C0] ? nft_synproxy_eval_v4+0x34a/0x4e0 [ 282.143428][ C0] ? nft_synproxy_do_eval+0x305/0x580 [ 282.143451][ C0] ? nft_do_chain+0x48d/0x1ae0 [ 282.143511][ C0] __kasan_slab_alloc+0x6c/0x80 [ 282.143532][ C0] kmem_cache_alloc_node_noprof+0x22a/0x6e0 [ 282.143551][ C0] ? __alloc_skb+0x1d0/0x7d0 [ 282.143576][ C0] __alloc_skb+0x1d0/0x7d0 [ 282.143601][ C0] synproxy_send_client_synack+0x172/0xe30 [ 282.143638][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 282.143663][ C0] ? nft_log_init+0x380/0x9a0 [ 282.143683][ C0] ? synproxy_pernet+0x45/0x270 [ 282.143713][ C0] nft_synproxy_eval_v4+0x34a/0x4e0 [ 282.143744][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 282.143771][ C0] ? nf_ip_checksum+0x13c/0x510 [ 282.143794][ C0] nft_synproxy_do_eval+0x305/0x580 [ 282.143818][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 282.143844][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 282.143873][ C0] ? update_cfs_rq_load_avg+0x3fb/0x4e0 [ 282.143904][ C0] nft_do_chain+0x48d/0x1ae0 [ 282.143918][ C0] ? lock_acquire+0x106/0x350 [ 282.143945][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 282.143985][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 282.144015][ C0] nft_do_chain_inet+0x360/0x4b0 [ 282.144044][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 282.144078][ C0] ? NF_HOOK+0x9e/0x3c0 [ 282.144097][ C0] ? NF_HOOK+0x9e/0x3c0 [ 282.144114][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 282.144148][ C0] nf_hook_slow+0xc5/0x220 [ 282.144177][ C0] NF_HOOK+0x21f/0x3c0 [ 282.144196][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 282.144214][ C0] ? NF_HOOK+0x9e/0x3c0 [ 282.144230][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 282.144245][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 282.144265][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 282.144289][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 282.144309][ C0] NF_HOOK+0x336/0x3c0 [ 282.144325][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 282.144350][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 282.144367][ C0] ? NF_HOOK+0x9e/0x3c0 [ 282.144383][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 282.144403][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 282.144425][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 282.144442][ C0] ? process_backlog+0x271/0xc60 [ 282.144460][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 282.144478][ C0] process_backlog+0x569/0xc60 [ 282.144514][ C0] __napi_poll+0xab/0x550 [ 282.144535][ C0] net_rx_action+0x696/0xe00 [ 282.144568][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 282.144586][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 282.144616][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 282.144657][ C0] handle_softirqs+0x1de/0x6d0 [ 282.144686][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 282.144706][ C0] run_ksoftirqd+0x52/0x180 [ 282.144729][ C0] smpboot_thread_fn+0x541/0xa50 [ 282.144751][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 282.144780][ C0] kthread+0x388/0x470 [ 282.144803][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 282.144822][ C0] ? __pfx_kthread+0x10/0x10 [ 282.144846][ C0] ret_from_fork+0x514/0xb70 [ 282.144868][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 282.144888][ C0] ? __switch_to+0xc79/0x1410 [ 282.144916][ C0] ? __pfx_kthread+0x10/0x10 [ 282.144939][ C0] ret_from_fork_asm+0x1a/0x30 [ 282.144975][ C0] [ 319.837323][ T5611] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 319.882232][ T5611] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 319.901989][ T5611] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 319.903165][ T5611] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 319.903955][ T5611] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 320.025084][ T5620] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 320.056184][ T5620] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 320.058360][ T5620] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 320.101117][ T5620] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 320.106171][ T5620] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 320.322585][ T5611] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 320.348527][ T5611] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 320.372456][ T5611] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 320.391696][ T5611] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 320.392513][ T5611] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 320.497341][ T5611] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 320.539861][ T5611] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 320.541687][ T5611] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 320.552940][ T5611] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 320.570450][ T5611] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 327.888157][ T5620] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1 [ 327.925956][ T5620] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9 [ 327.965020][ T5620] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9 [ 328.036252][ T5620] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4 [ 328.070561][ T5620] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2 [ 353.151002][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 381.443859][ T5620] Bluetooth: hci20: unexpected cc 0x0c03 length: 249 > 1 [ 381.476721][ T5620] Bluetooth: hci20: unexpected cc 0x1003 length: 249 > 9 [ 381.480205][ T5620] Bluetooth: hci20: unexpected cc 0x1001 length: 249 > 9 [ 381.498762][ T5620] Bluetooth: hci20: unexpected cc 0x0c23 length: 249 > 4 [ 381.504743][ T5620] Bluetooth: hci20: unexpected cc 0x0c38 length: 249 > 2 [ 381.618888][ T5611] Bluetooth: hci21: unexpected cc 0x0c03 length: 249 > 1 [ 381.650464][ T5611] Bluetooth: hci21: unexpected cc 0x1003 length: 249 > 9 [ 381.667460][ T5611] Bluetooth: hci21: unexpected cc 0x1001 length: 249 > 9 [ 381.669114][ T5611] Bluetooth: hci21: unexpected cc 0x0c23 length: 249 > 4 [ 381.671886][ T5611] Bluetooth: hci21: unexpected cc 0x0c38 length: 249 > 2 [ 381.821366][ T5620] Bluetooth: hci22: unexpected cc 0x0c03 length: 249 > 1 [ 381.849915][ T5620] Bluetooth: hci22: unexpected cc 0x1003 length: 249 > 9 [ 381.851359][ T5620] Bluetooth: hci22: unexpected cc 0x1001 length: 249 > 9 [ 381.865800][ T5620] Bluetooth: hci22: unexpected cc 0x0c23 length: 249 > 4 [ 381.871837][ T5620] Bluetooth: hci22: unexpected cc 0x0c38 length: 249 > 2 [ 382.126130][ T5611] Bluetooth: hci23: unexpected cc 0x0c03 length: 249 > 1 [ 382.152507][ T5611] Bluetooth: hci23: unexpected cc 0x1003 length: 249 > 9 [ 382.153780][ T5611] Bluetooth: hci23: unexpected cc 0x1001 length: 249 > 9 [ 382.221871][ T5611] Bluetooth: hci23: unexpected cc 0x0c23 length: 249 > 4 [ 382.224687][ T5611] Bluetooth: hci23: unexpected cc 0x0c38 length: 249 > 2 [ 384.849101][ T5620] Bluetooth: hci24: unexpected cc 0x0c03 length: 249 > 1 [ 384.881002][ T5620] Bluetooth: hci24: unexpected cc 0x1003 length: 249 > 9 [ 384.882237][ T5620] Bluetooth: hci24: unexpected cc 0x1001 length: 249 > 9 [ 384.895040][ T5620] Bluetooth: hci24: unexpected cc 0x0c23 length: 249 > 4 [ 384.895913][ T5620] Bluetooth: hci24: unexpected cc 0x0c38 length: 249 > 2 [ 394.110902][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 435.464589][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 435.477278][ T38] INFO: task kworker/u8:13:3812 blocked for more than 213 seconds. [ 435.477303][ T38] Not tainted syzkaller #0 [ 435.477313][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.477322][ T38] task:kworker/u8:13 state:D stack:20384 pid:3812 tgid:3812 ppid:2 task_flags:0x4208160 flags:0x00080000 [ 435.477372][ T38] Workqueue: events_unbound cfg80211_wiphy_work [ 435.490338][ T5620] Bluetooth: hci11: command tx timeout [ 435.490710][ T5620] Bluetooth: hci10: command tx timeout [ 435.490906][ T5620] Bluetooth: hci13: command tx timeout [ 435.491100][ T5620] Bluetooth: hci12: command tx timeout [ 435.491296][ T5620] Bluetooth: hci14: command tx timeout [ 435.495091][ T5611] Bluetooth: hci17: command tx timeout [ 435.495329][ T5611] Bluetooth: hci16: command tx timeout [ 435.495507][ T5611] Bluetooth: hci15: command tx timeout [ 435.619734][ T5611] Bluetooth: hci19: command tx timeout [ 435.619928][ T5611] Bluetooth: hci18: command tx timeout [ 435.689300][ T38] Call Trace: [ 435.689316][ T38] [ 435.689331][ T38] __schedule+0x16ec/0x5620 [ 435.689384][ T38] ? unwind_next_frame+0xa6/0x2550 [ 435.689413][ T38] ? look_up_lock_class+0x57/0x110 [ 435.689441][ T38] ? __pfx___schedule+0x10/0x10 [ 435.689473][ T38] ? schedule+0x90/0x360 [ 435.689499][ T38] schedule+0x164/0x360 [ 435.689524][ T38] schedule_timeout+0xc3/0x2c0 [ 435.689551][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.689575][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.689608][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.689631][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.689657][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.689694][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.689721][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.689747][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.689770][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.689799][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.689820][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.689857][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.689904][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.689937][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.689978][ T38] ? rcu_is_watching+0x15/0xb0 [ 435.690015][ T38] ? synchronize_net+0xa/0x90 [ 435.690046][ T38] __sta_info_destroy+0x37/0x50 [ 435.690067][ T38] ieee80211_ibss_work+0x85c/0x10d0 [ 435.690104][ T38] ? __pfx_ieee80211_ibss_work+0x10/0x10 [ 435.690132][ T38] ? rt_mutex_futex_unlock+0xe3/0x140 [ 435.690163][ T38] ? skb_dequeue+0x11a/0x150 [ 435.690184][ T38] ? ieee80211_iface_work+0x12de/0x1390 [ 435.690217][ T38] ? trace_wiphy_work_run+0x81/0x1f0 [ 435.690245][ T38] cfg80211_wiphy_work+0x2cf/0x460 [ 435.737504][ T38] ? process_scheduled_works+0xa70/0x1860 [ 435.737541][ T38] process_scheduled_works+0xb5d/0x1860 [ 435.737592][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 435.737620][ T38] ? assign_work+0x3d5/0x5e0 [ 435.737646][ T38] worker_thread+0xa53/0xfc0 [ 435.737695][ T38] kthread+0x388/0x470 [ 435.737721][ T38] ? __pfx_worker_thread+0x10/0x10 [ 435.737740][ T38] ? __pfx_kthread+0x10/0x10 [ 435.737766][ T38] ret_from_fork+0x514/0xb70 [ 435.737789][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 435.737809][ T38] ? __switch_to+0xc79/0x1410 [ 435.737838][ T38] ? __pfx_kthread+0x10/0x10 [ 435.737863][ T38] ret_from_fork_asm+0x1a/0x30 [ 435.751868][ T38] [ 435.752159][ T38] INFO: task syz.2.298:6794 blocked for more than 254 seconds. [ 435.752177][ T38] Not tainted syzkaller #0 [ 435.752187][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.752196][ T38] task:syz.2.298 state:D stack:27168 pid:6794 tgid:6792 ppid:5601 task_flags:0x400140 flags:0x00080003 [ 435.752272][ T38] Call Trace: [ 435.752280][ T38] [ 435.752292][ T38] __schedule+0x16ec/0x5620 [ 435.752347][ T38] ? look_up_lock_class+0x57/0x110 [ 435.752376][ T38] ? __pfx___schedule+0x10/0x10 [ 435.752409][ T38] ? schedule+0x90/0x360 [ 435.752435][ T38] schedule+0x164/0x360 [ 435.752460][ T38] schedule_timeout+0xc3/0x2c0 [ 435.752486][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.752509][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.752543][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.752566][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.752592][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.752629][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.752655][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.752679][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.752703][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.752731][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.752752][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.752793][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.752840][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.752872][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.752903][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.752927][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.752952][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.752976][ T38] ? rt_mutex_slowunlock+0x1cb/0x300 [ 435.752996][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 435.753036][ T38] pep_sock_unhash+0x1c3/0x280 [ 435.753063][ T38] sk_common_release+0xb0/0x330 [ 435.753088][ T38] pep_sock_close+0x7c/0x5b0 [ 435.753115][ T38] pn_socket_release+0x9b/0xc0 [ 435.753143][ T38] sock_close+0xc3/0x240 [ 435.753173][ T38] ? __pfx_sock_close+0x10/0x10 [ 435.753234][ T38] __fput+0x461/0xa70 [ 435.771178][ T38] task_work_run+0x1d9/0x270 [ 435.771234][ T38] ? __pfx_task_work_run+0x10/0x10 [ 435.771270][ T38] ? task_work_add+0x395/0x440 [ 435.771299][ T38] ? __pfx_task_work_add+0x10/0x10 [ 435.771329][ T38] get_signal+0x11eb/0x1330 [ 435.771371][ T38] arch_do_signal_or_restart+0xbc/0x840 [ 435.771404][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 435.771454][ T38] exit_to_user_mode_loop+0x8c/0x4d0 [ 435.771479][ T38] ? rcu_is_watching+0x15/0xb0 [ 435.771508][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.771529][ T38] do_syscall_64+0x33e/0xf80 [ 435.771554][ T38] ? trace_irq_disable+0x3b/0x140 [ 435.771576][ T38] ? clear_bhb_loop+0x40/0x90 [ 435.771601][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.771631][ T38] RIP: 0033:0x7f490953ce59 [ 435.771650][ T38] RSP: 002b:00007f4907796028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 435.771671][ T38] RAX: fffffffffffffe00 RBX: 00007f49097b5fa0 RCX: 00007f490953ce59 [ 435.771685][ T38] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000005 [ 435.771697][ T38] RBP: 00007f49095d2d6f R08: 0000000000000000 R09: 0000000000000000 [ 435.771709][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.771720][ T38] R13: 00007f49097b6038 R14: 00007f49097b5fa0 R15: 00007ffff5f41768 [ 435.771752][ T38] [ 435.771761][ T38] INFO: task syz.0.302:6800 blocked for more than 254 seconds. [ 435.771776][ T38] Not tainted syzkaller #0 [ 435.771786][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.771794][ T38] task:syz.0.302 state:D stack:24824 pid:6800 tgid:6800 ppid:5598 task_flags:0x400040 flags:0x00080002 [ 435.771843][ T38] Call Trace: [ 435.771850][ T38] [ 435.771861][ T38] __schedule+0x16ec/0x5620 [ 435.771884][ T38] ? update_cfs_rq_load_avg+0x3fb/0x4e0 [ 435.771925][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.771958][ T38] ? look_up_lock_class+0x57/0x110 [ 435.771985][ T38] ? __pfx___schedule+0x10/0x10 [ 435.772017][ T38] ? schedule+0x90/0x360 [ 435.772043][ T38] schedule+0x164/0x360 [ 435.772068][ T38] schedule_timeout+0xc3/0x2c0 [ 435.772102][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.772125][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.772158][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.772182][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.772208][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.772250][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.772276][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.772301][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.772325][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.772355][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.772375][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.772411][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.772442][ T38] ? look_up_lock_class+0x57/0x110 [ 435.772473][ T38] ? pfkey_release+0x183/0x310 [ 435.772507][ T38] ? pfkey_release+0x183/0x310 [ 435.772531][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.772562][ T38] ? skb_queue_purge_reason+0x23f/0x3c0 [ 435.783361][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.783405][ T38] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 435.783428][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.783466][ T38] ? pfkey_release+0x183/0x310 [ 435.783499][ T38] ? pfkey_release+0x183/0x310 [ 435.783525][ T38] ? pfkey_release+0x183/0x310 [ 435.783550][ T38] pfkey_release+0x272/0x310 [ 435.783580][ T38] sock_close+0xc3/0x240 [ 435.783610][ T38] ? __pfx_sock_close+0x10/0x10 [ 435.783638][ T38] __fput+0x461/0xa70 [ 435.783677][ T38] task_work_run+0x1d9/0x270 [ 435.783717][ T38] ? __pfx_task_work_run+0x10/0x10 [ 435.783754][ T38] exit_to_user_mode_loop+0xf3/0x4d0 [ 435.783778][ T38] ? rcu_is_watching+0x15/0xb0 [ 435.783806][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.783828][ T38] do_syscall_64+0x33e/0xf80 [ 435.783852][ T38] ? trace_irq_disable+0x3b/0x140 [ 435.783875][ T38] ? clear_bhb_loop+0x40/0x90 [ 435.783899][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.783918][ T38] RIP: 0033:0x7f9dd018ce59 [ 435.783935][ T38] RSP: 002b:00007fffdd73ca18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 435.783956][ T38] RAX: 0000000000000000 RBX: 00007f9dd0407da0 RCX: 00007f9dd018ce59 [ 435.783969][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 435.783981][ T38] RBP: 00007f9dd0407da0 R08: 0000000000000006 R09: 0000000000000000 [ 435.783992][ T38] R10: 00007f9dd0407cb0 R11: 0000000000000246 R12: 000000000002b6ea [ 435.784006][ T38] R13: 00007f9dd040609c R14: 000000000002b439 R15: 00007f9dd0406090 [ 435.784037][ T38] [ 435.784047][ T38] INFO: task dhcpcd:6806 blocked for more than 254 seconds. [ 435.784061][ T38] Not tainted syzkaller #0 [ 435.784071][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.784079][ T38] task:dhcpcd state:D stack:25720 pid:6806 tgid:6806 ppid:5259 task_flags:0x400140 flags:0x00080000 [ 435.784128][ T38] Call Trace: [ 435.784135][ T38] [ 435.784146][ T38] __schedule+0x16ec/0x5620 [ 435.784186][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.784219][ T38] ? look_up_lock_class+0x57/0x110 [ 435.784253][ T38] ? __pfx___schedule+0x10/0x10 [ 435.784286][ T38] ? schedule+0x90/0x360 [ 435.784312][ T38] schedule+0x164/0x360 [ 435.784337][ T38] schedule_timeout+0xc3/0x2c0 [ 435.784363][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.784387][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.784419][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.784443][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.784469][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.784506][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.784532][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.784556][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.784580][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.784610][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.784630][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.784651][ T38] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 435.784701][ T38] ? register_lock_class+0x31/0x2e0 [ 435.784750][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.804004][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.804056][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.804083][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.804107][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.804132][ T38] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 435.804152][ T38] ? rt_spin_lock+0x1e0/0x400 [ 435.804191][ T38] __unregister_prot_hook+0x50c/0x6e0 [ 435.804214][ T38] ? packet_do_bind+0x90/0xe10 [ 435.804245][ T38] ? packet_do_bind+0x90/0xe10 [ 435.804267][ T38] packet_do_bind+0x536/0xe10 [ 435.804292][ T38] ? packet_do_bind+0x90/0xe10 [ 435.804322][ T38] __sys_bind+0x2e9/0x410 [ 435.804346][ T38] ? __pfx___sys_bind+0x10/0x10 [ 435.804387][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.804409][ T38] __x64_sys_bind+0x7a/0x90 [ 435.804432][ T38] do_syscall_64+0x15f/0xf80 [ 435.804456][ T38] ? trace_irq_disable+0x3b/0x140 [ 435.804479][ T38] ? clear_bhb_loop+0x40/0x90 [ 435.804504][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.804523][ T38] RIP: 0033:0x7f72474022d7 [ 435.804542][ T38] RSP: 002b:00007ffd739b6ad8 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 [ 435.804562][ T38] RAX: ffffffffffffffda RBX: 0000558dafb77770 RCX: 00007f72474022d7 [ 435.804577][ T38] RDX: 0000000000000014 RSI: 00007ffd739b6af0 RDI: 0000000000000003 [ 435.804589][ T38] RBP: 0000558d769394b0 R08: 00007f72474d1ac0 R09: 0000000000000000 [ 435.804602][ T38] R10: 0000000000000003 R11: 0000000000000213 R12: 0000000000000000 [ 435.804613][ T38] R13: 0000558dafb6b750 R14: 0000000000000000 R15: 0000558d7694eac0 [ 435.804644][ T38] [ 435.804653][ T38] INFO: task syz.4.305:6807 blocked for more than 234 seconds. [ 435.804669][ T38] Not tainted syzkaller #0 [ 435.804678][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.804687][ T38] task:syz.4.305 state:D stack:24824 pid:6807 tgid:6807 ppid:5600 task_flags:0x400040 flags:0x00080002 [ 435.804736][ T38] Call Trace: [ 435.804743][ T38] [ 435.804754][ T38] __schedule+0x16ec/0x5620 [ 435.804799][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.804827][ T38] ? look_up_lock_class+0x57/0x110 [ 435.804854][ T38] ? __pfx___schedule+0x10/0x10 [ 435.804887][ T38] ? schedule+0x90/0x360 [ 435.804913][ T38] schedule+0x164/0x360 [ 435.804938][ T38] schedule_timeout+0xc3/0x2c0 [ 435.804964][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.804987][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.805019][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.805042][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.805068][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.805105][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.805131][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.805156][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.805179][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.805209][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.805229][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.805255][ T38] ? kasan_save_stack+0x4d/0x60 [ 435.805272][ T38] ? kasan_save_stack+0x3e/0x60 [ 435.805289][ T38] ? kasan_record_aux_stack+0xbd/0xd0 [ 435.805327][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.805377][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.865704][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.865756][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.865783][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.865808][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.865853][ T38] vhost_vsock_dev_release+0x16c/0x6f0 [ 435.865880][ T38] ? evm_file_release+0x10a/0x1e0 [ 435.865911][ T38] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 435.865936][ T38] __fput+0x461/0xa70 [ 435.865975][ T38] task_work_run+0x1d9/0x270 [ 435.866007][ T38] ? __pfx_task_work_run+0x10/0x10 [ 435.866045][ T38] exit_to_user_mode_loop+0xf3/0x4d0 [ 435.866069][ T38] ? rcu_is_watching+0x15/0xb0 [ 435.866098][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.866120][ T38] do_syscall_64+0x33e/0xf80 [ 435.866144][ T38] ? trace_irq_disable+0x3b/0x140 [ 435.866167][ T38] ? clear_bhb_loop+0x40/0x90 [ 435.866191][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.866211][ T38] RIP: 0033:0x7fcaf870ce59 [ 435.866235][ T38] RSP: 002b:00007ffca6358f68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 435.866256][ T38] RAX: 0000000000000000 RBX: 00007fcaf8987da0 RCX: 00007fcaf870ce59 [ 435.866269][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 435.866281][ T38] RBP: 00007fcaf8987da0 R08: 0000000000000006 R09: 0000000000000000 [ 435.866293][ T38] R10: 00007fcaf8987cb0 R11: 0000000000000246 R12: 000000000002c294 [ 435.866306][ T38] R13: 00007fcaf8985fac R14: 000000000002c22e R15: 00007ffca6359070 [ 435.866338][ T38] [ 435.866349][ T38] INFO: task vhost-6808:6809 blocked for more than 234 seconds. [ 435.866363][ T38] Not tainted syzkaller #0 [ 435.866373][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.866381][ T38] task:vhost-6808 state:D stack:28824 pid:6809 tgid:6807 ppid:5600 task_flags:0x404440 flags:0x00080002 [ 435.866433][ T38] Call Trace: [ 435.866440][ T38] [ 435.866452][ T38] __schedule+0x16ec/0x5620 [ 435.866501][ T38] ? look_up_lock_class+0x57/0x110 [ 435.866530][ T38] ? __pfx___schedule+0x10/0x10 [ 435.866563][ T38] ? schedule+0x90/0x360 [ 435.866588][ T38] schedule+0x164/0x360 [ 435.866614][ T38] schedule_timeout+0xc3/0x2c0 [ 435.866639][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.866662][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.866696][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.866719][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.866746][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.866783][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.866810][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.866835][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.866859][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.866888][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.866908][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.866926][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.866967][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.867017][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.867049][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.867085][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.867110][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.867154][ T38] vhost_worker_killed+0x2fe/0x390 [ 435.867188][ T38] ? __pfx_vhost_worker_killed+0x10/0x10 [ 435.867213][ T38] vhost_task_fn+0x444/0x4a0 [ 435.867255][ T38] ? __pfx_vhost_task_fn+0x10/0x10 [ 435.867288][ T38] ? rt_spin_unlock+0x14f/0x200 [ 435.867313][ T38] ? rt_spin_unlock+0x160/0x200 [ 435.867332][ T38] ? __pfx_vhost_task_fn+0x10/0x10 [ 435.867359][ T38] ret_from_fork+0x514/0xb70 [ 435.867385][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 435.867407][ T38] ? __switch_to+0xc79/0x1410 [ 435.867438][ T38] ? __pfx_vhost_task_fn+0x10/0x10 [ 435.867466][ T38] ret_from_fork_asm+0x1a/0x30 [ 435.867507][ T38] [ 435.867516][ T38] INFO: task dhcpcd:6810 blocked for more than 254 seconds. [ 435.867529][ T38] Not tainted syzkaller #0 [ 435.867539][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.867547][ T38] task:dhcpcd state:D stack:25720 pid:6810 tgid:6810 ppid:5259 task_flags:0x400140 flags:0x00080000 [ 435.867595][ T38] Call Trace: [ 435.867601][ T38] [ 435.867613][ T38] __schedule+0x16ec/0x5620 [ 435.867650][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.867683][ T38] ? look_up_lock_class+0x57/0x110 [ 435.867711][ T38] ? __pfx___schedule+0x10/0x10 [ 435.867744][ T38] ? schedule+0x90/0x360 [ 435.867770][ T38] schedule+0x164/0x360 [ 435.867794][ T38] schedule_timeout+0xc3/0x2c0 [ 435.867819][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.867843][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.867875][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.867898][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.867924][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.867961][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.867987][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.868013][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.893842][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.893887][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.893910][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.893931][ T38] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 435.893969][ T38] ? register_lock_class+0x31/0x2e0 [ 435.894018][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.894052][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.894082][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.894108][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.894132][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.894157][ T38] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 435.894176][ T38] ? rt_spin_lock+0x1e0/0x400 [ 435.894215][ T38] __unregister_prot_hook+0x50c/0x6e0 [ 435.894246][ T38] ? packet_do_bind+0x90/0xe10 [ 435.894271][ T38] ? packet_do_bind+0x90/0xe10 [ 435.894292][ T38] packet_do_bind+0x536/0xe10 [ 435.894317][ T38] ? packet_do_bind+0x90/0xe10 [ 435.894354][ T38] __sys_bind+0x2e9/0x410 [ 435.894379][ T38] ? __pfx___sys_bind+0x10/0x10 [ 435.894420][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.894442][ T38] __x64_sys_bind+0x7a/0x90 [ 435.894465][ T38] do_syscall_64+0x15f/0xf80 [ 435.894489][ T38] ? trace_irq_disable+0x3b/0x140 [ 435.894512][ T38] ? clear_bhb_loop+0x40/0x90 [ 435.894536][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.894556][ T38] RIP: 0033:0x7f72474022d7 [ 435.894573][ T38] RSP: 002b:00007ffd739b6ad8 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 [ 435.894594][ T38] RAX: ffffffffffffffda RBX: 0000558dafb77770 RCX: 00007f72474022d7 [ 435.894608][ T38] RDX: 0000000000000014 RSI: 00007ffd739b6af0 RDI: 0000000000000003 [ 435.894620][ T38] RBP: 0000558d769394b0 R08: 00007f72474d1ac0 R09: 0000000000000000 [ 435.894633][ T38] R10: 0000000000000003 R11: 0000000000000213 R12: 0000000000000000 [ 435.894644][ T38] R13: 0000558dafb6b580 R14: 0000000000000000 R15: 0000558d7694eac0 [ 435.894675][ T38] [ 435.894685][ T38] INFO: task dhcpcd:6811 blocked for more than 254 seconds. [ 435.894700][ T38] Not tainted syzkaller #0 [ 435.894710][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.894718][ T38] task:dhcpcd state:D stack:25720 pid:6811 tgid:6811 ppid:5259 task_flags:0x400140 flags:0x00080000 [ 435.894768][ T38] Call Trace: [ 435.894775][ T38] [ 435.894786][ T38] __schedule+0x16ec/0x5620 [ 435.894825][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.894858][ T38] ? look_up_lock_class+0x57/0x110 [ 435.894885][ T38] ? __pfx___schedule+0x10/0x10 [ 435.894918][ T38] ? schedule+0x90/0x360 [ 435.894945][ T38] schedule+0x164/0x360 [ 435.894970][ T38] schedule_timeout+0xc3/0x2c0 [ 435.894995][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.895019][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.895050][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.895074][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.895099][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.895135][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.895161][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.895186][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.895210][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.895245][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.895265][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.895286][ T38] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 435.895324][ T38] ? register_lock_class+0x31/0x2e0 [ 435.895371][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.895404][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.895434][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.895459][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.895483][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.895507][ T38] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 435.895540][ T38] ? rt_spin_lock+0x1e0/0x400 [ 435.895580][ T38] __unregister_prot_hook+0x50c/0x6e0 [ 435.895602][ T38] ? packet_do_bind+0x90/0xe10 [ 435.895626][ T38] ? packet_do_bind+0x90/0xe10 [ 435.926166][ T38] packet_do_bind+0x536/0xe10 [ 435.926207][ T38] ? packet_do_bind+0x90/0xe10 [ 435.926245][ T38] __sys_bind+0x2e9/0x410 [ 435.926271][ T38] ? __pfx___sys_bind+0x10/0x10 [ 435.926313][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.926336][ T38] __x64_sys_bind+0x7a/0x90 [ 435.926358][ T38] do_syscall_64+0x15f/0xf80 [ 435.926383][ T38] ? trace_irq_disable+0x3b/0x140 [ 435.926406][ T38] ? clear_bhb_loop+0x40/0x90 [ 435.926430][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.926450][ T38] RIP: 0033:0x7f72474022d7 [ 435.926468][ T38] RSP: 002b:00007ffd739b6ad8 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 [ 435.926489][ T38] RAX: ffffffffffffffda RBX: 0000558dafb77770 RCX: 00007f72474022d7 [ 435.926504][ T38] RDX: 0000000000000014 RSI: 00007ffd739b6af0 RDI: 0000000000000003 [ 435.926516][ T38] RBP: 0000558d769394b0 R08: 00007f72474d1ac0 R09: 0000000000000000 [ 435.926536][ T38] R10: 0000000000000003 R11: 0000000000000213 R12: 0000000000000000 [ 435.926547][ T38] R13: 0000558dafb76c70 R14: 0000000000000000 R15: 0000558d7694eac0 [ 435.926579][ T38] [ 435.926674][ T38] INFO: task dhcpcd:6812 blocked for more than 254 seconds. [ 435.926691][ T38] Not tainted syzkaller #0 [ 435.926700][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.926709][ T38] task:dhcpcd state:D stack:25720 pid:6812 tgid:6812 ppid:5259 task_flags:0x400140 flags:0x00080000 [ 435.926759][ T38] Call Trace: [ 435.926766][ T38] [ 435.926777][ T38] __schedule+0x16ec/0x5620 [ 435.926817][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.926851][ T38] ? look_up_lock_class+0x57/0x110 [ 435.926879][ T38] ? __pfx___schedule+0x10/0x10 [ 435.926912][ T38] ? schedule+0x90/0x360 [ 435.926937][ T38] schedule+0x164/0x360 [ 435.926963][ T38] schedule_timeout+0xc3/0x2c0 [ 435.926988][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.927011][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.927043][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.927066][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.927092][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.927128][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.927155][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.927180][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.927203][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.927240][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.927261][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.927282][ T38] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 435.927319][ T38] ? register_lock_class+0x31/0x2e0 [ 435.927367][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.927401][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.927431][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.927456][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.927480][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.927505][ T38] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 435.927525][ T38] ? rt_spin_lock+0x1e0/0x400 [ 435.927564][ T38] __unregister_prot_hook+0x50c/0x6e0 [ 435.927587][ T38] ? packet_do_bind+0x90/0xe10 [ 435.927611][ T38] ? packet_do_bind+0x90/0xe10 [ 435.927633][ T38] packet_do_bind+0x536/0xe10 [ 435.927658][ T38] ? packet_do_bind+0x90/0xe10 [ 435.927687][ T38] __sys_bind+0x2e9/0x410 [ 435.927711][ T38] ? __pfx___sys_bind+0x10/0x10 [ 435.931740][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.931772][ T38] __x64_sys_bind+0x7a/0x90 [ 435.931797][ T38] do_syscall_64+0x15f/0xf80 [ 435.931835][ T38] ? trace_irq_disable+0x3b/0x140 [ 435.931858][ T38] ? clear_bhb_loop+0x40/0x90 [ 435.931881][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.931901][ T38] RIP: 0033:0x7f72474022d7 [ 435.931919][ T38] RSP: 002b:00007ffd739b6ad8 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 [ 435.931938][ T38] RAX: ffffffffffffffda RBX: 0000558dafb77770 RCX: 00007f72474022d7 [ 435.931953][ T38] RDX: 0000000000000014 RSI: 00007ffd739b6af0 RDI: 0000000000000003 [ 435.931965][ T38] RBP: 0000558d769394b0 R08: 00007f72474d1ac0 R09: 0000000000000000 [ 435.931977][ T38] R10: 0000000000000003 R11: 0000000000000213 R12: 0000000000000000 [ 435.931989][ T38] R13: 0000558dafb76e40 R14: 0000000000000000 R15: 0000558d7694eac0 [ 435.932019][ T38] [ 435.932092][ T38] INFO: task dhcpcd:6814 blocked for more than 254 seconds. [ 435.932108][ T38] Not tainted syzkaller #0 [ 435.932117][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.932126][ T38] task:dhcpcd state:D stack:25272 pid:6814 tgid:6814 ppid:5259 task_flags:0x400140 flags:0x00080000 [ 435.932174][ T38] Call Trace: [ 435.932181][ T38] [ 435.932192][ T38] __schedule+0x16ec/0x5620 [ 435.932238][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.932272][ T38] ? look_up_lock_class+0x57/0x110 [ 435.932300][ T38] ? __pfx___schedule+0x10/0x10 [ 435.932333][ T38] ? schedule+0x90/0x360 [ 435.932359][ T38] schedule+0x164/0x360 [ 435.932383][ T38] schedule_timeout+0xc3/0x2c0 [ 435.932410][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.932434][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.932466][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.932489][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.932515][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.932552][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.932578][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.932603][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.932627][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.932657][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.932677][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.932698][ T38] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 435.932735][ T38] ? register_lock_class+0x31/0x2e0 [ 435.932783][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.932816][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.932846][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.932870][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.932894][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.932919][ T38] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 435.932939][ T38] ? rt_spin_lock+0x1e0/0x400 [ 435.932978][ T38] __unregister_prot_hook+0x50c/0x6e0 [ 435.933001][ T38] ? packet_do_bind+0x90/0xe10 [ 435.933025][ T38] ? packet_do_bind+0x90/0xe10 [ 435.933046][ T38] packet_do_bind+0x536/0xe10 [ 435.933071][ T38] ? packet_do_bind+0x90/0xe10 [ 435.933101][ T38] __sys_bind+0x2e9/0x410 [ 435.933125][ T38] ? __pfx___sys_bind+0x10/0x10 [ 435.933166][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.933188][ T38] __x64_sys_bind+0x7a/0x90 [ 435.933210][ T38] do_syscall_64+0x15f/0xf80 [ 435.933241][ T38] ? trace_irq_disable+0x3b/0x140 [ 435.933263][ T38] ? clear_bhb_loop+0x40/0x90 [ 435.978446][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.978481][ T38] RIP: 0033:0x7f72474022d7 [ 435.978499][ T38] RSP: 002b:00007ffd739b6ad8 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 [ 435.978520][ T38] RAX: ffffffffffffffda RBX: 0000558dafb77770 RCX: 00007f72474022d7 [ 435.978534][ T38] RDX: 0000000000000014 RSI: 00007ffd739b6af0 RDI: 0000000000000003 [ 435.978546][ T38] RBP: 0000558d769394b0 R08: 000000000000005e R09: 0000000000000000 [ 435.978559][ T38] R10: 00007f72474d1b70 R11: 0000000000000213 R12: 0000000000000000 [ 435.978571][ T38] R13: 0000558dafb77ab0 R14: 0000000000000000 R15: 0000558d7694eac0 [ 435.978602][ T38] [ 435.978611][ T38] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 435.978623][ T38] INFO: task dhcpcd:6816 blocked for more than 234 seconds. [ 435.978638][ T38] Not tainted syzkaller #0 [ 435.978647][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 435.978656][ T38] task:dhcpcd state:D stack:25720 pid:6816 tgid:6816 ppid:5259 task_flags:0x400140 flags:0x00080000 [ 435.978705][ T38] Call Trace: [ 435.978712][ T38] [ 435.978723][ T38] __schedule+0x16ec/0x5620 [ 435.978764][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 435.978798][ T38] ? look_up_lock_class+0x57/0x110 [ 435.978826][ T38] ? __pfx___schedule+0x10/0x10 [ 435.978860][ T38] ? schedule+0x90/0x360 [ 435.978886][ T38] schedule+0x164/0x360 [ 435.978910][ T38] schedule_timeout+0xc3/0x2c0 [ 435.978937][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 435.978960][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 435.978992][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.979015][ T38] ? wait_for_completion+0x274/0x5e0 [ 435.979042][ T38] wait_for_completion+0x2cc/0x5e0 [ 435.979079][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 435.979105][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.979130][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.979154][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.979182][ T38] synchronize_rcu_normal+0x1c7/0x330 [ 435.979203][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 435.979229][ T38] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 435.979267][ T38] ? register_lock_class+0x31/0x2e0 [ 435.979315][ T38] synchronize_rcu_expedited+0x15a/0x770 [ 435.979348][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 435.979378][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 435.979403][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 435.979426][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 435.979449][ T38] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 435.979469][ T38] ? rt_spin_lock+0x1e0/0x400 [ 435.979508][ T38] __unregister_prot_hook+0x50c/0x6e0 [ 435.979532][ T38] ? packet_do_bind+0x90/0xe10 [ 435.979557][ T38] ? packet_do_bind+0x90/0xe10 [ 435.979579][ T38] packet_do_bind+0x536/0xe10 [ 435.979603][ T38] ? packet_do_bind+0x90/0xe10 [ 435.979633][ T38] __sys_bind+0x2e9/0x410 [ 435.979657][ T38] ? __pfx___sys_bind+0x10/0x10 [ 435.979698][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.979719][ T38] __x64_sys_bind+0x7a/0x90 [ 435.979742][ T38] do_syscall_64+0x15f/0xf80 [ 435.979765][ T38] ? trace_irq_disable+0x3b/0x140 [ 435.979788][ T38] ? clear_bhb_loop+0x40/0x90 [ 435.979812][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.979832][ T38] RIP: 0033:0x7f72474022d7 [ 435.979848][ T38] RSP: 002b:00007ffd739b6ad8 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 [ 435.979866][ T38] RAX: ffffffffffffffda RBX: 0000558dafb77770 RCX: 00007f72474022d7 [ 435.979880][ T38] RDX: 0000000000000014 RSI: 00007ffd739b6af0 RDI: 0000000000000003 [ 435.979892][ T38] RBP: 0000558d769394b0 R08: 00007f72474d1ac0 R09: 0000000000000000 [ 435.979905][ T38] R10: 0000000000000003 R11: 0000000000000213 R12: 0000000000000000 [ 435.979917][ T38] R13: 0000558dafb76430 R14: 0000000000000000 R15: 0000558d7694eac0 [ 435.979948][ T38] [ 435.979955][ T38] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 435.980177][ T38] [ 435.980177][ T38] Showing all locks held in the system: [ 435.980186][ T38] 2 locks held by kthreadd/2: [ 435.980200][ T38] 4 locks held by kworker/0:0/9: [ 435.980210][ T38] 5 locks held by kworker/0:1/10: [ 435.980227][ T38] #0: ffff888033d52938 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.988201][ T38] #1: ffffc900000f7c40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.988270][ T38] #2: ffff88803ff763e0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 435.988321][ T38] #3: ffffffff8e109770 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 435.988365][ T38] #4: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 435.988414][ T38] 6 locks held by kworker/u8:0/12: [ 435.988426][ T38] 2 locks held by kworker/u8:1/13: [ 435.988436][ T38] #0: ffff88801a074138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.988483][ T38] #1: ffffc90000127c40 ((work_completion)(&pool->idle_cull_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.988530][ T38] 1 lock held by kworker/R-mm_pe/14: [ 435.988541][ T38] #0: ffffffff8de67f18 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 435.988589][ T38] 4 locks held by pr/legacy/17: [ 435.988602][ T38] 4 locks held by rcuc/1/28: [ 435.988613][ T38] 2 locks held by kworker/1:0/31: [ 435.988623][ T38] 4 locks held by kworker/1:1/36: [ 435.988633][ T38] 1 lock held by khungtaskd/38: [ 435.988643][ T38] #0: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 435.988694][ T38] 2 locks held by kworker/u8:2/40: [ 435.988704][ T38] #0: ffff88801a074938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.988754][ T38] #1: ffffc90000b17c40 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.988803][ T38] 3 locks held by kworker/u8:3/56: [ 435.988814][ T38] #0: ffff88801a074138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.988859][ T38] #1: ffffc9000122fc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.988904][ T38] #2: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 435.988957][ T38] 3 locks held by kworker/u8:4/66: [ 435.988967][ T38] #0: ffff88803299e938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.989012][ T38] #1: ffffc9000151fc40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.989058][ T38] #2: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 435.989110][ T38] 3 locks held by kworker/u8:5/91: [ 435.989121][ T38] #0: ffff8880397eb938 ((wq_completion)wg-kex-wg0#7){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.989171][ T38] #1: ffffc9000153fc40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.989223][ T38] #2: ffff88801e2bf858 (&n->list_lock){+.+.}-{3:3}, at: __refill_objects_node+0x87/0x560 [ 435.989277][ T38] 5 locks held by kworker/u8:6/164: [ 435.989289][ T38] 5 locks held by kworker/u8:7/176: [ 435.989301][ T38] 6 locks held by kworker/1:2/821: [ 435.989311][ T38] 5 locks held by kworker/0:2/822: [ 435.989326][ T38] 2 locks held by kworker/u8:8/1032: [ 435.989336][ T38] #0: ffff88801e390938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.989381][ T38] #1: ffffc900060cfc40 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.989431][ T38] 4 locks held by aoe_tx0/1333: [ 435.989442][ T38] 3 locks held by kworker/u8:9/1785: [ 435.989452][ T38] #0: ffff8880607af938 ((wq_completion)wg-kex-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.989502][ T38] #1: ffffc900079afc40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.989548][ T38] #2: ffff88801e2bf858 (&n->list_lock){+.+.}-{3:3}, at: __refill_objects_node+0x87/0x560 [ 435.989598][ T38] 5 locks held by kworker/u8:10/1926: [ 435.989610][ T38] 2 locks held by kworker/u8:11/2265: [ 435.989620][ T38] #0: ffff88801e390938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.989665][ T38] #1: ffffc900080a7c40 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.989725][ T38] 3 locks held by kworker/u8:12/3723: [ 435.989737][ T38] 3 locks held by kworker/u8:13/3812: [ 435.989747][ T38] #0: ffff88801a074138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 435.989807][ T38] #1: ffffc9000faa7c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 435.989853][ T38] #2: ffff888064be08b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 [ 436.020577][ T38] 4 locks held by klogd/4953: [ 436.020589][ T38] #0: ffffffff8e109770 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 436.020634][ T38] #1: ffff8880b8842c18 (&pcp->lock){+.+.}-{3:3}, at: __free_frozen_pages+0x870/0x10f0 [ 436.020682][ T38] #2: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10c/0x2b0 [ 436.020728][ T38] #3: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_pcppages_bulk+0x61/0x4d0 [ 436.020775][ T38] 2 locks held by udevd/4964: [ 436.020785][ T38] #0: ffffffff8e109770 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 436.020828][ T38] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 436.020875][ T38] 2 locks held by crond/5335: [ 436.020886][ T38] #0: ffffffff8e109770 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 436.020928][ T38] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 436.020973][ T38] 2 locks held by getty/5349: [ 436.020983][ T38] #0: ffff888036c260a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 436.021031][ T38] #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 [ 436.021084][ T38] 3 locks held by kworker/1:3/5585: [ 436.021095][ T38] 4 locks held by kworker/1:4/5586: [ 436.021106][ T38] 10 locks held by syz-executor/5597: [ 436.021118][ T38] 1 lock held by kworker/u9:2/5603: [ 436.021129][ T38] #0: ffffffff8de67f18 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_thread+0xeb5/0xfc0 [ 436.021177][ T38] 5 locks held by kworker/0:3/5604: [ 436.021188][ T38] #0: ffff88802cb85138 ((wq_completion)wg-kex-wg0#8){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 436.021246][ T38] #1: ffffc90004ef7c40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 436.021303][ T38] #2: ffff88803ba0ae98 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 436.021352][ T38] #3: ffffffff8e109770 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 436.021394][ T38] #4: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 436.021439][ T38] 5 locks held by kworker/0:4/5606: [ 436.021450][ T38] #0: ffff888033d2f538 ((wq_completion)wg-kex-wg1#2){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 436.021499][ T38] #1: ffffc90004f07c40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 436.021556][ T38] #2: ffff88803ff77930 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 436.021603][ T38] #3: ffffffff8e109770 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 436.021646][ T38] #4: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 436.021691][ T38] 3 locks held by kworker/u9:4/5611: [ 436.021702][ T38] #0: ffff88805ea17138 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 436.021765][ T38] #1: ffffc90004f57c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 436.021811][ T38] #2: ffff88803689cf80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 [ 436.021860][ T38] 2 locks held by kworker/0:5/5613: [ 436.021871][ T38] 3 locks held by kworker/u9:8/5620: [ 436.021882][ T38] #0: ffff88803ee5e138 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 436.021926][ T38] #1: ffffc90004fe7c40 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 436.021971][ T38] #2: ffff88803a61cf80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 [ 436.022019][ T38] 1 lock held by kworker/R-wg-cr/5687: [ 436.022029][ T38] #0: ffffffff8de67f18 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 436.022076][ T38] 5 locks held by kworker/R-wg-cr/5688: [ 436.022087][ T38] 1 lock held by kworker/R-wg-cr/5689: [ 436.022098][ T38] #0: ffffffff8de67f18 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 436.022144][ T38] 1 lock held by kworker/R-wg-cr/5690: [ 436.022155][ T38] 1 lock held by kworker/R-wg-cr/5691: [ 436.022166][ T38] #0: ffffffff8de67f18 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 436.022211][ T38] 2 locks held by kworker/R-wg-cr/5692: [ 436.022229][ T38] 1 lock held by kworker/R-wg-cr/5693: [ 436.022239][ T38] #0: ffffffff8de67f18 (wq_pool_attach_mutex){+.+.}-{4:4}, at: rescuer_thread+0xc4d/0x1130 [ 436.022301][ T38] 1 lock held by kworker/R-wg-cr/5694: [ 436.022312][ T38] #0: ffffffff8de67f18 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 436.022359][ T38] 1 lock held by kworker/R-wg-cr/5695: [ 436.022369][ T38] #0: ffffffff8de67f18 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 436.022416][ T38] 9 locks held by kworker/R-wg-cr/5696: [ 436.022427][ T38] 2 locks held by kworker/R-wg-cr/5697: [ 436.022438][ T38] 4 locks held by kworker/R-wg-cr/5698: [ 436.022449][ T38] 1 lock held by kworker/R-wg-cr/5699: [ 436.022459][ T38] #0: ffffffff8de67f18 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 436.029429][ T38] 2 locks held by kworker/R-wg-cr/5700: [ 436.029443][ T38] 7 locks held by kworker/R-wg-cr/5701: [ 436.029457][ T38] 11 locks held by kworker/1:5/5720: [ 436.029469][ T38] 2 locks held by kworker/1:6/5733: [ 436.029481][ T38] 5 locks held by kworker/0:6/5803: [ 436.029491][ T38] #0: ffff888034dc3938 ((wq_completion)wg-kex-wg1#4){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 436.029544][ T38] #1: ffffc90005c97c40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 436.029602][ T38] #2: ffff88803ff743e8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 436.029652][ T38] #3: ffffffff8e109770 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 436.029696][ T38] #4: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 436.029742][ T38] 2 locks held by kworker/0:7/5877: [ 436.029753][ T38] #0: ffffffff8e109770 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 436.029796][ T38] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 436.029841][ T38] 3 locks held by kworker/u8:15/6108: [ 436.029852][ T38] #0: ffff88801a074138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 436.029897][ T38] #1: ffffc900066afc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 436.029943][ T38] #2: ffff8880637508b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 [ 436.029992][ T38] 3 locks held by kworker/u8:16/6151: [ 436.030003][ T38] #0: ffff88801a074138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 436.030048][ T38] #1: ffffc9000691fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 436.030094][ T38] #2: ffff888063aa08b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 [ 436.030142][ T38] 2 locks held by kworker/u8:17/6165: [ 436.030153][ T38] #0: ffffffff8e109770 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 436.030195][ T38] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 436.030247][ T38] 5 locks held by kworker/1:7/6193: [ 436.052436][ T38] 3 locks held by kworker/u8:18/6306: [ 436.052455][ T38] #0: ffff88801a074138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 436.052511][ T38] #1: ffffc90006e9fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 436.052558][ T38] #2: ffff8880648308b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 [ 436.052608][ T38] 3 locks held by kworker/u8:19/6308: [ 436.052619][ T38] #0: ffff88801a074138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 436.052664][ T38] #1: ffffc90006ebfc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 436.052710][ T38] #2: ffff888064cf08b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460 [ 436.052759][ T38] 4 locks held by kworker/u8:20/6435: [ 436.052771][ T38] 3 locks held by kworker/1:2H/6675: [ 436.052782][ T38] 9 locks held by kworker/1:8/6678: [ 436.052794][ T38] 2 locks held by syz.2.298/6794: [ 436.052804][ T38] #0: ffff88803e35f578 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 436.052862][ T38] #1: ffff8880644a4958 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_unhash+0x2a/0x280 [ 436.052910][ T38] 1 lock held by syz.0.302/6800: [ 436.052920][ T38] #0: ffff888061dc1038 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 436.052977][ T38] 1 lock held by dhcpcd/6806: [ 436.052987][ T38] #0: ffff8880272b0358 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 [ 436.053035][ T38] 2 locks held by vhost-6808/6809: [ 436.053046][ T38] #0: ffff888037a8a0d8 (&vtsk->exit_mutex){+.+.}-{4:4}, at: vhost_task_fn+0x395/0x4a0 [ 436.053096][ T38] #1: ffff88803fa00770 (&worker->mutex){+.+.}-{4:4}, at: vhost_worker_killed+0x57/0x390 [ 436.053147][ T38] 1 lock held by dhcpcd/6810: [ 436.053158][ T38] #0: ffff8880272e4358 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 [ 436.053205][ T38] 1 lock held by dhcpcd/6811: [ 436.053222][ T38] #0: ffff888028eb8358 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 [ 436.053269][ T38] 1 lock held by dhcpcd/6812: [ 436.053279][ T38] #0: ffff888062764358 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 [ 436.053326][ T38] 1 lock held by dhcpcd/6814: [ 436.053336][ T38] #0: ffff88803e868358 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 [ 436.053383][ T38] 1 lock held by dhcpcd/6816: [ 436.053393][ T38] #0: ffff888025ee8358 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xe10 [ 436.053441][ T38] 1 lock held by syz.3.311/6832: [ 436.053452][ T38] 2 locks held by syz-executor/6843: [ 436.053463][ T38] #0: ffffffff8eac0208 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 436.053515][ T38] #1: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 436.053561][ T38] 2 locks held by syz-executor/6847: [ 436.053572][ T38] #0: ffffffff8ea9ef48 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 436.053622][ T38] #1: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 436.053669][ T38] 2 locks held by syz-executor/6852: [ 436.053679][ T38] #0: ffffffff8f8af8c8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 436.053730][ T38] #1: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 436.053775][ T38] 2 locks held by kworker/u8:2/6871: [ 436.053786][ T38] 1 lock held by syz-executor/6881: [ 436.053796][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 436.053847][ T38] 1 lock held by syz-executor/6930: [ 436.053857][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.053906][ T38] 1 lock held by syz-executor/6931: [ 436.053916][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.053963][ T38] 2 locks held by udevd/6932: [ 436.053973][ T38] #0: ffff88801a0644b0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x2c2/0x9e0 [ 436.054020][ T38] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcab/0x2840 [ 436.054070][ T38] 2 locks held by udevd/6934: [ 436.054080][ T38] #0: ffff88801a065eb0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x2c2/0x9e0 [ 436.054148][ T38] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcab/0x2840 [ 436.054199][ T38] 2 locks held by udevd/6936: [ 436.054209][ T38] #0: ffff88801a0637b0 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x2c2/0x9e0 [ 436.054259][ T38] #1: ffff88813fffc358 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcab/0x2840 [ 436.054308][ T38] 1 lock held by syz-executor/6938: [ 436.054319][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054367][ T38] 1 lock held by syz-executor/6940: [ 436.054377][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054425][ T38] 1 lock held by syz-executor/6950: [ 436.054435][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054482][ T38] 1 lock held by syz-executor/6958: [ 436.054492][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054539][ T38] 1 lock held by syz-executor/6960: [ 436.054550][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054597][ T38] 1 lock held by syz-executor/6962: [ 436.054608][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054656][ T38] 1 lock held by syz-executor/6965: [ 436.054666][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054713][ T38] 1 lock held by syz-executor/6975: [ 436.054723][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054771][ T38] 1 lock held by syz-executor/6983: [ 436.054782][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054829][ T38] 1 lock held by syz-executor/6984: [ 436.054839][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054886][ T38] 1 lock held by syz-executor/6987: [ 436.054897][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.054944][ T38] 1 lock held by syz-executor/6990: [ 436.054954][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.055002][ T38] 1 lock held by syz-executor/7000: [ 436.055013][ T38] #0: ffffffff8f357df8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 436.055061][ T38] [ 436.055066][ T38] ============================================= [ 436.055066][ T38] [ 436.055089][ T38] NMI backtrace for cpu 0 [ 436.055109][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 436.055130][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 436.055142][ T38] Call Trace: [ 436.055150][ T38] [ 436.055158][ T38] dump_stack_lvl+0xe8/0x150 [ 436.055182][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 436.055202][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 436.055231][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 436.055254][ T38] sys_info+0x135/0x170 [ 436.055279][ T38] watchdog+0xfd3/0x1030 [ 436.055308][ T38] ? watchdog+0x1c9/0x1030 [ 436.055334][ T38] kthread+0x388/0x470 [ 436.055359][ T38] ? __pfx_watchdog+0x10/0x10 [ 436.055378][ T38] ? __pfx_kthread+0x10/0x10 [ 436.055403][ T38] ret_from_fork+0x514/0xb70 [ 436.055428][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 436.055449][ T38] ? __switch_to+0xc79/0x1410 [ 436.055478][ T38] ? __pfx_kthread+0x10/0x10 [ 436.055504][ T38] ret_from_fork_asm+0x1a/0x30 [ 436.055542][ T38] [ 436.055549][ T38] Sending NMI from CPU 0 to CPUs 1: [ 436.055576][ C1] NMI backtrace for cpu 1 [ 436.055588][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 436.055606][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 436.055614][ C1] RIP: 0010:__lock_acquire+0x669/0x2cf0 [ 436.055637][ C1] Code: 7c 24 08 4c 89 ee ba 05 00 00 00 eb 38 85 c9 74 19 31 ed 48 8b 7c 24 08 4c 89 ee 31 d2 e8 af 44 00 00 85 c0 0f 84 c3 0d 00 00 <48> 8b 44 24 08 83 b8 dc 0b 00 00 00 74 1a 48 8b 7c 24 08 4c 89 ee [ 436.055649][ C1] RSP: 0018:ffffc90000a3f960 EFLAGS: 00000046 [ 436.055662][ C1] RAX: 00000000000c0000 RBX: ffff88801d6b4a60 RCX: 0000000000000000 [ 436.055673][ C1] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000000 [ 436.055682][ C1] RBP: ffff88801d6b4a40 R08: ffffffff84ac0fcc R09: ffffffff99aa4088 [ 436.055693][ C1] R10: dffffc0000000000 R11: fffff52000147f80 R12: 0000000000000002 [ 436.055704][ C1] R13: ffff88801d6b4a40 R14: ffff88801d6b3d80 R15: 0000000000000005 [ 436.055714][ C1] FS: 0000000000000000(0000) GS:ffff888126273000(0000) knlGS:0000000000000000 [ 436.055727][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 436.055737][ C1] CR2: 00007f127536e990 CR3: 0000000035f98000 CR4: 00000000003526f0 [ 436.055751][ C1] Call Trace: [ 436.055757][ C1] [ 436.055769][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 436.055790][ C1] ? debug_object_deactivate+0x6c/0x3a0 [ 436.055811][ C1] lock_acquire+0x106/0x350 [ 436.055829][ C1] ? debug_object_deactivate+0x6c/0x3a0 [ 436.055851][ C1] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 436.055870][ C1] _raw_spin_lock_irqsave+0x40/0x60 [ 436.055888][ C1] ? debug_object_deactivate+0x6c/0x3a0 [ 436.055910][ C1] debug_object_deactivate+0x6c/0x3a0 [ 436.055933][ C1] __hrtimer_run_queues+0x27f/0xb10 [ 436.055957][ C1] hrtimer_run_softirq+0x18f/0x260 [ 436.055981][ C1] handle_softirqs+0x1de/0x6d0 [ 436.056000][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 436.056017][ C1] run_ktimerd+0x69/0x100 [ 436.056034][ C1] smpboot_thread_fn+0x541/0xa50 [ 436.056051][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 436.056072][ C1] kthread+0x388/0x470 [ 436.056090][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 436.056106][ C1] ? __pfx_kthread+0x10/0x10 [ 436.056125][ C1] ret_from_fork+0x514/0xb70 [ 436.056142][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 436.056158][ C1] ? __switch_to+0xc79/0x1410 [ 436.056180][ C1] ? __pfx_kthread+0x10/0x10 [ 436.056198][ C1] ret_from_fork_asm+0x1a/0x30 [ 436.056223][ C1] [ 436.056580][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 436.056594][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 436.056616][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 436.056627][ T38] Call Trace: [ 436.056634][ T38] [ 436.056641][ T38] vpanic+0x56c/0xa60 [ 436.056669][ T38] ? __pfx_vpanic+0x10/0x10 [ 436.056700][ T38] panic+0xc5/0xd0 [ 436.056722][ T38] ? __pfx_panic+0x10/0x10 [ 436.056753][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 436.056777][ T38] watchdog+0x102c/0x1030 [ 436.056805][ T38] ? watchdog+0x1c9/0x1030 [ 436.056832][ T38] kthread+0x388/0x470 [ 436.056857][ T38] ? __pfx_watchdog+0x10/0x10 [ 436.056876][ T38] ? __pfx_kthread+0x10/0x10 [ 436.056901][ T38] ret_from_fork+0x514/0xb70 [ 436.056925][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 436.056946][ T38] ? __switch_to+0xc79/0x1410 [ 436.056976][ T38] ? __pfx_kthread+0x10/0x10 [ 436.057001][ T38] ret_from_fork_asm+0x1a/0x30 [ 436.057040][ T38] [ 436.057447][ T38] Kernel Offset: disabled