Extracting prog: 2h17m52.510114273s
Minimizing prog: 1h26m10.07379533s
Simplifying prog options: 11m18.369203903s
Extracting C: 5m24.255861876s
Simplifying C: 0s


extracting reproducer from 35 programs
testing a last program of every proc
single: executing 10 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-sendmsg$netlink-recvmsg
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)=ANY=[@ANYBLOB="181600002400e5ff25bd7000fedbdf2505"], 0x1618}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)

program did not crash
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-socket$nl_generic-sendmsg$NL80211_CMD_VENDOR
detailed listing:
executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r0, 0x701, 0xfffffffd, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x41}, @void, @val={0xc, 0x99, {0x7, 0x29}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x880)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$nl_rdma-sendmsg$netlink-recvmsg
detailed listing:
executing program 0:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)=ANY=[@ANYBLOB="181600002400e5ff25bd7000fedbdf2505"], 0x1618}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$nl80211-socket$nl_generic-sendmsg$NL80211_CMD_VENDOR
detailed listing:
executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r0, 0x701, 0xfffffffd, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x41}, @void, @val={0xc, 0x99, {0x7, 0x29}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_IRQCHIP
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @ioapic={0xdddd1000, 0x5, 0x3eacc230, 0xb, 0x0, [{0xb, 0x1c, 0x7, '\x00', 0x8}, {0x4, 0x1, 0x9, '\x00', 0x2}, {0x8, 0x7, 0x8, '\x00', 0x9}, {0x40, 0x0, 0x8c}, {0x2, 0x9, 0x9}, {0x5, 0x3, 0x5, '\x00', 0x6}, {0x6, 0x5, 0x8, '\x00', 0x81}, {0x7, 0x7f, 0xad, '\x00', 0x81}, {0x7, 0x4, 0x10, '\x00', 0x6}, {0x6, 0x1, 0x9, '\x00', 0x4}, {0xf, 0xa, 0x4, '\x00', 0x9}, {0x24, 0xfa, 0x10, '\x00', 0x1b}, {0x0, 0x81, 0x1, '\x00', 0x40}, {0x6, 0x3c, 0xa0, '\x00', 0xa7}, {0x1, 0x2, 0x9, '\x00', 0x3}, {0x4, 0x1, 0x3, '\x00', 0xfb}, {0x9, 0x80, 0x1, '\x00', 0x5}, {0x9b, 0xe5, 0x2, '\x00', 0x8}, {0x7, 0xb, 0x9, '\x00', 0x6}, {0x10, 0xfe, 0x7, '\x00', 0x1}, {0x5, 0xb, 0x80, '\x00', 0x5}, {0x5, 0x0, 0x2, '\x00', 0x3}, {0x4, 0xa, 0x7, '\x00', 0x1}, {0x3, 0x5, 0x2, '\x00', 0xc}]}})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x880)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_X86_SET_MSR_FILTER
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000004940)={0x1, [{0x1, 0x3008, 0x9, &(0x7f0000002240)="828a8b2e4b292825bfc418bb9054cc63557f662258efbf3db1c1459db29ddef3bcefc68913e6ade6a9835e726a73e22fbd363dfb1c5ec904a026aad44e1f10452e6653bb36d762881e00eba7e8e623c96213b588659bf0500084046e631df60e135b20551e099be24576db82592afd68365fbdb100a44b8a6ad1f1a66322695688e1f176bfe23e54b2fae85c16a8be3ea24b2689445016e2b5855b0dce3c8589b8e362ecc8f0f9e70be04dcacd0777c25efb74050f904ee1f6fdfeb3ac30af138bf0642a337904519c832fe896c83095b50fe095c0d6ed25608d61166b0849585d5eed0cb58699bf592f8cf20c28684a687ad81b3ce1d1bc89e3ec3b4701e5e28659a75e1cb7877bc497ff2d08f5f35ceaa832884f51f0c2d2b2f681b9093a48e81b560f93e94e1528b10b3d8e6515f2ce74c66a54f9cf44e8e88a87ef4cb2ea5c865c54935d39ae455feb43dbf8ac889883f91fe8af956bc7ad824777847bfcbdba5fadcb84b70c43102c6d207ed9472d01b6e59a3ec61cc9a08293fa7018773857fedd86b75991eb38fab17edf206be35a176131bd0e390d1e586c9dbe7460bbf96d9711eec64d3d5074b7ccefc262e0eb3f7a17d0271b9db993a333ac619140a863a977285d80656bc4d6d501d3f5d2da1f379387b4b15f6c771447ebfee24632ea1690b37389e4501e6eaf3cba1b898993a9bbab17b1cab834aca1c282447ecf246b7147266e4ad58dab730f265cd88a2573d48a034dbe3a9d47118dac62339f7418e937a42b5129bae0736dc463d8a6f67df63bd61c2eebfb15d6b600f24b47073395592d15e535b59adcfa93f5d777e7c6f847ae854c47e4766e231b2e1224b1454811d45530df69129b43e8d07c23dcb79c8ac168ce88aede0afe719636f38acacc482470a02813ed07dca0d6ae76531a3c50bbf9b7950d49d08f254fd136164d3893462c3af9c64152c088d6737182d233023ec7d141bfd7d5c2fdd5bd01415e84b3b36d92793bedcd301598f1fe59644ec2b2c852571127f93e575cd6c450df1ad1dc66ab47c98ebc062aa02e6cbc2f66a795290f3f5eedab35c672ffeb755c99b5932392178302b41985e13ff3d433fcc0291c6b498939dc2322b14c3cb459ecd9dca0d0ee22341042226272133434efd65c05b9b33f26e9bdc622c2c5b2ab0490fa2f4bbbdd073e3e01696c246343156616b6f9d170fc9cc1dc194e7fd5037d80c2731c4b74ed6b628005d745ac019739d3a7082761231cd68cd1ecd33370a0eba0e91adac63c431ff1400bfd5edec39c8c0d582aaf033ab9c6fd5c0bcbe67876fe0159a2d9e8427c17bed3cb56fefcceff0ddabc403dc6cebd4590d21e4e56eb0e81d7fdaedf55ae0a2bd674e7dc9d4acf7c0e150d365ee6a84ef0efdbe01ba8539e014c0990071aa93bb6ee25819c290be98504b4664d3067e69a9b03ce1d2df4d27983f72adc6d97a75e3f668d2cc1d131dc26bbb6ae15aac689a39c4b5b59408e8830205f3aaf18f58c6c7447e0a18a3c0c48026a1f0e2568955d2ac5e763604056d721ef63a3d94fab566e6e571b42c4e880677fcac1838038908fd48a3cd5618c867de40bc21db5a474f3aa8e80cd81adba92867a18c5b3a54b5e95393c6425d0c208d490e13a6477e25129ab7608ced515ef9cf344113d871231f437f0b272420dc58bfecdae9e7444d1c42e26fb4a483e19480c5dab2ae285119e10d1232fed43cfdc81af9e3a696d8abbd81853dc0a86dcb9dec745401e603eb324c2bb70a421031413febc57c4430a1830d7a20a340e96d91f2c697b72cc3b5e15e25545e34c450627d507db571c6e37d05cf5c514395bccedda4355a99f9eea40e02e64ab181388e6c4ae9cc4e207eb0d0e2292e699571a9e920cefbadd4b8e19bd083684d6d6bf714aae54d4518c916c7d8c6f7fb5c5cd242a16d93b20b20823ea3fd4dc6b821b984fa2c2730cc48b95b45941ab16c059072e746af258cee0836b209e70d0eea2c99d7a38c7da804e6c95411dd810e9f1925703fd29298e55baa6a65489b21d2ddaf4ad7d61ea56465a4da7ab43b30a614ddbe7fd1e49484e44f0991796bd2c84aa8c6382708f87a8d7e4782b564e67ecb30d808b0e9cdd2aa778016eb6d0c220d8d008503e7d3f014fb1d0139a54253dced9fb1862"}, {0x3, 0x0, 0xc37, 0x0}, {0x1, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0xfffffffc, 0x0}, {0x2, 0x0, 0xa, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x2b7c, 0x0}, {0x3, 0x0, 0x9c7, 0x0}, {0x0, 0x0, 0x81, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x0, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x2, 0x0}]})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_IRQCHIP
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @ioapic={0xdddd1000, 0x5, 0x3eacc230, 0xb, 0x0, [{0xb, 0x1c, 0x7, '\x00', 0x8}, {0x4, 0x1, 0x9, '\x00', 0x2}, {0x8, 0x7, 0x8, '\x00', 0x9}, {0x40, 0x0, 0x8c}, {0x2, 0x9, 0x9}, {0x5, 0x3, 0x5, '\x00', 0x6}, {0x6, 0x5, 0x8, '\x00', 0x81}, {0x7, 0x7f, 0xad, '\x00', 0x81}, {0x7, 0x4, 0x10, '\x00', 0x6}, {0x6, 0x1, 0x9, '\x00', 0x4}, {0xf, 0xa, 0x4, '\x00', 0x9}, {0x24, 0xfa, 0x10, '\x00', 0x1b}, {0x0, 0x81, 0x1, '\x00', 0x40}, {0x6, 0x3c, 0xa0, '\x00', 0xa7}, {0x1, 0x2, 0x9, '\x00', 0x3}, {0x4, 0x1, 0x3, '\x00', 0xfb}, {0x9, 0x80, 0x1, '\x00', 0x5}, {0x9b, 0xe5, 0x2, '\x00', 0x8}, {0x7, 0xb, 0x9, '\x00', 0x6}, {0x10, 0xfe, 0x7, '\x00', 0x1}, {0x5, 0xb, 0x80, '\x00', 0x5}, {0x5, 0x0, 0x2, '\x00', 0x3}, {0x4, 0xa, 0x7, '\x00', 0x1}, {0x3, 0x5, 0x2, '\x00', 0xc}]}})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_X86_SET_MSR_FILTER
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000004940)={0x1, [{0x1, 0x3008, 0x9, &(0x7f0000002240)="828a8b2e4b292825bfc418bb9054cc63557f662258efbf3db1c1459db29ddef3bcefc68913e6ade6a9835e726a73e22fbd363dfb1c5ec904a026aad44e1f10452e6653bb36d762881e00eba7e8e623c96213b588659bf0500084046e631df60e135b20551e099be24576db82592afd68365fbdb100a44b8a6ad1f1a66322695688e1f176bfe23e54b2fae85c16a8be3ea24b2689445016e2b5855b0dce3c8589b8e362ecc8f0f9e70be04dcacd0777c25efb74050f904ee1f6fdfeb3ac30af138bf0642a337904519c832fe896c83095b50fe095c0d6ed25608d61166b0849585d5eed0cb58699bf592f8cf20c28684a687ad81b3ce1d1bc89e3ec3b4701e5e28659a75e1cb7877bc497ff2d08f5f35ceaa832884f51f0c2d2b2f681b9093a48e81b560f93e94e1528b10b3d8e6515f2ce74c66a54f9cf44e8e88a87ef4cb2ea5c865c54935d39ae455feb43dbf8ac889883f91fe8af956bc7ad824777847bfcbdba5fadcb84b70c43102c6d207ed9472d01b6e59a3ec61cc9a08293fa7018773857fedd86b75991eb38fab17edf206be35a176131bd0e390d1e586c9dbe7460bbf96d9711eec64d3d5074b7ccefc262e0eb3f7a17d0271b9db993a333ac619140a863a977285d80656bc4d6d501d3f5d2da1f379387b4b15f6c771447ebfee24632ea1690b37389e4501e6eaf3cba1b898993a9bbab17b1cab834aca1c282447ecf246b7147266e4ad58dab730f265cd88a2573d48a034dbe3a9d47118dac62339f7418e937a42b5129bae0736dc463d8a6f67df63bd61c2eebfb15d6b600f24b47073395592d15e535b59adcfa93f5d777e7c6f847ae854c47e4766e231b2e1224b1454811d45530df69129b43e8d07c23dcb79c8ac168ce88aede0afe719636f38acacc482470a02813ed07dca0d6ae76531a3c50bbf9b7950d49d08f254fd136164d3893462c3af9c64152c088d6737182d233023ec7d141bfd7d5c2fdd5bd01415e84b3b36d92793bedcd301598f1fe59644ec2b2c852571127f93e575cd6c450df1ad1dc66ab47c98ebc062aa02e6cbc2f66a795290f3f5eedab35c672ffeb755c99b5932392178302b41985e13ff3d433fcc0291c6b498939dc2322b14c3cb459ecd9dca0d0ee22341042226272133434efd65c05b9b33f26e9bdc622c2c5b2ab0490fa2f4bbbdd073e3e01696c246343156616b6f9d170fc9cc1dc194e7fd5037d80c2731c4b74ed6b628005d745ac019739d3a7082761231cd68cd1ecd33370a0eba0e91adac63c431ff1400bfd5edec39c8c0d582aaf033ab9c6fd5c0bcbe67876fe0159a2d9e8427c17bed3cb56fefcceff0ddabc403dc6cebd4590d21e4e56eb0e81d7fdaedf55ae0a2bd674e7dc9d4acf7c0e150d365ee6a84ef0efdbe01ba8539e014c0990071aa93bb6ee25819c290be98504b4664d3067e69a9b03ce1d2df4d27983f72adc6d97a75e3f668d2cc1d131dc26bbb6ae15aac689a39c4b5b59408e8830205f3aaf18f58c6c7447e0a18a3c0c48026a1f0e2568955d2ac5e763604056d721ef63a3d94fab566e6e571b42c4e880677fcac1838038908fd48a3cd5618c867de40bc21db5a474f3aa8e80cd81adba92867a18c5b3a54b5e95393c6425d0c208d490e13a6477e25129ab7608ced515ef9cf344113d871231f437f0b272420dc58bfecdae9e7444d1c42e26fb4a483e19480c5dab2ae285119e10d1232fed43cfdc81af9e3a696d8abbd81853dc0a86dcb9dec745401e603eb324c2bb70a421031413febc57c4430a1830d7a20a340e96d91f2c697b72cc3b5e15e25545e34c450627d507db571c6e37d05cf5c514395bccedda4355a99f9eea40e02e64ab181388e6c4ae9cc4e207eb0d0e2292e699571a9e920cefbadd4b8e19bd083684d6d6bf714aae54d4518c916c7d8c6f7fb5c5cd242a16d93b20b20823ea3fd4dc6b821b984fa2c2730cc48b95b45941ab16c059072e746af258cee0836b209e70d0eea2c99d7a38c7da804e6c95411dd810e9f1925703fd29298e55baa6a65489b21d2ddaf4ad7d61ea56465a4da7ab43b30a614ddbe7fd1e49484e44f0991796bd2c84aa8c6382708f87a8d7e4782b564e67ecb30d808b0e9cdd2aa778016eb6d0c220d8d008503e7d3f014fb1d0139a54253dced9fb1862"}, {0x3, 0x0, 0xc37, 0x0}, {0x1, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0xfffffffc, 0x0}, {0x2, 0x0, 0xa, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x2b7c, 0x0}, {0x3, 0x0, 0x9c7, 0x0}, {0x0, 0x0, 0x81, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x0, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x2, 0x0}]})

program did not crash
single: failed to extract reproducer
bisect: bisecting 35 programs with base timeout 6m0s
testing program (duration=6m8s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/icmp\x00')
read$FUSE(r0, &(0x7f0000001240)={0x2020}, 0x2020)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/186, 0xba}], 0x1, 0x5, 0x0)
executing program 0:
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='mpol=bind:7-'])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1004014, &(0x7f00000000c0))
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000300)="cd", 0x1)
setsockopt$inet6_tcp_int(r0, 0x6, 0xc, &(0x7f00000000c0)=0x9, 0x4)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
personality(0x500006)
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000004940)={0x1, [{0x1, 0x3008, 0x9, &(0x7f0000002240)="828a8b2e4b292825bfc418bb9054cc63557f662258efbf3db1c1459db29ddef3bcefc68913e6ade6a9835e726a73e22fbd363dfb1c5ec904a026aad44e1f10452e6653bb36d762881e00eba7e8e623c96213b588659bf0500084046e631df60e135b20551e099be24576db82592afd68365fbdb100a44b8a6ad1f1a66322695688e1f176bfe23e54b2fae85c16a8be3ea24b2689445016e2b5855b0dce3c8589b8e362ecc8f0f9e70be04dcacd0777c25efb74050f904ee1f6fdfeb3ac30af138bf0642a337904519c832fe896c83095b50fe095c0d6ed25608d61166b0849585d5eed0cb58699bf592f8cf20c28684a687ad81b3ce1d1bc89e3ec3b4701e5e28659a75e1cb7877bc497ff2d08f5f35ceaa832884f51f0c2d2b2f681b9093a48e81b560f93e94e1528b10b3d8e6515f2ce74c66a54f9cf44e8e88a87ef4cb2ea5c865c54935d39ae455feb43dbf8ac889883f91fe8af956bc7ad824777847bfcbdba5fadcb84b70c43102c6d207ed9472d01b6e59a3ec61cc9a08293fa7018773857fedd86b75991eb38fab17edf206be35a176131bd0e390d1e586c9dbe7460bbf96d9711eec64d3d5074b7ccefc262e0eb3f7a17d0271b9db993a333ac619140a863a977285d80656bc4d6d501d3f5d2da1f379387b4b15f6c771447ebfee24632ea1690b37389e4501e6eaf3cba1b898993a9bbab17b1cab834aca1c282447ecf246b7147266e4ad58dab730f265cd88a2573d48a034dbe3a9d47118dac62339f7418e937a42b5129bae0736dc463d8a6f67df63bd61c2eebfb15d6b600f24b47073395592d15e535b59adcfa93f5d777e7c6f847ae854c47e4766e231b2e1224b1454811d45530df69129b43e8d07c23dcb79c8ac168ce88aede0afe719636f38acacc482470a02813ed07dca0d6ae76531a3c50bbf9b7950d49d08f254fd136164d3893462c3af9c64152c088d6737182d233023ec7d141bfd7d5c2fdd5bd01415e84b3b36d92793bedcd301598f1fe59644ec2b2c852571127f93e575cd6c450df1ad1dc66ab47c98ebc062aa02e6cbc2f66a795290f3f5eedab35c672ffeb755c99b5932392178302b41985e13ff3d433fcc0291c6b498939dc2322b14c3cb459ecd9dca0d0ee22341042226272133434efd65c05b9b33f26e9bdc622c2c5b2ab0490fa2f4bbbdd073e3e01696c246343156616b6f9d170fc9cc1dc194e7fd5037d80c2731c4b74ed6b628005d745ac019739d3a7082761231cd68cd1ecd33370a0eba0e91adac63c431ff1400bfd5edec39c8c0d582aaf033ab9c6fd5c0bcbe67876fe0159a2d9e8427c17bed3cb56fefcceff0ddabc403dc6cebd4590d21e4e56eb0e81d7fdaedf55ae0a2bd674e7dc9d4acf7c0e150d365ee6a84ef0efdbe01ba8539e014c0990071aa93bb6ee25819c290be98504b4664d3067e69a9b03ce1d2df4d27983f72adc6d97a75e3f668d2cc1d131dc26bbb6ae15aac689a39c4b5b59408e8830205f3aaf18f58c6c7447e0a18a3c0c48026a1f0e2568955d2ac5e763604056d721ef63a3d94fab566e6e571b42c4e880677fcac1838038908fd48a3cd5618c867de40bc21db5a474f3aa8e80cd81adba92867a18c5b3a54b5e95393c6425d0c208d490e13a6477e25129ab7608ced515ef9cf344113d871231f437f0b272420dc58bfecdae9e7444d1c42e26fb4a483e19480c5dab2ae285119e10d1232fed43cfdc81af9e3a696d8abbd81853dc0a86dcb9dec745401e603eb324c2bb70a421031413febc57c4430a1830d7a20a340e96d91f2c697b72cc3b5e15e25545e34c450627d507db571c6e37d05cf5c514395bccedda4355a99f9eea40e02e64ab181388e6c4ae9cc4e207eb0d0e2292e699571a9e920cefbadd4b8e19bd083684d6d6bf714aae54d4518c916c7d8c6f7fb5c5cd242a16d93b20b20823ea3fd4dc6b821b984fa2c2730cc48b95b45941ab16c059072e746af258cee0836b209e70d0eea2c99d7a38c7da804e6c95411dd810e9f1925703fd29298e55baa6a65489b21d2ddaf4ad7d61ea56465a4da7ab43b30a614ddbe7fd1e49484e44f0991796bd2c84aa8c6382708f87a8d7e4782b564e67ecb30d808b0e9cdd2aa778016eb6d0c220d8d008503e7d3f014fb1d0139a54253dced9fb1862"}, {0x3, 0x0, 0xc37, 0x0}, {0x1, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0xfffffffc, 0x0}, {0x2, 0x0, 0xa, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x2b7c, 0x0}, {0x3, 0x0, 0x9c7, 0x0}, {0x0, 0x0, 0x81, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x0, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x2, 0x0}]})
executing program 1:
r0 = getpid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000029c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee01}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x38, 0x20000050}}], 0x2, 0x4840)
executing program 1:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x403, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x10000000002001ff)
executing program 1:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x228061, 0x0)
executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000002680)='net/udplite6\x00')
read(r0, &(0x7f00000028c0)=""/105, 0x69)
preadv(r0, &(0x7f0000004100)=[{&(0x7f0000002c40)=""/209, 0xd1}], 0x1, 0x5, 0x3)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newroute={0x28, 0x1a, 0x1, 0xfffffffc, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x4d6, 0x4, 0x5c}}]}, 0x28}}, 0x0)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @ioapic={0xdddd1000, 0x5, 0x3eacc230, 0xb, 0x0, [{0xb, 0x1c, 0x7, '\x00', 0x8}, {0x4, 0x1, 0x9, '\x00', 0x2}, {0x8, 0x7, 0x8, '\x00', 0x9}, {0x40, 0x0, 0x8c}, {0x2, 0x9, 0x9}, {0x5, 0x3, 0x5, '\x00', 0x6}, {0x6, 0x5, 0x8, '\x00', 0x81}, {0x7, 0x7f, 0xad, '\x00', 0x81}, {0x7, 0x4, 0x10, '\x00', 0x6}, {0x6, 0x1, 0x9, '\x00', 0x4}, {0xf, 0xa, 0x4, '\x00', 0x9}, {0x24, 0xfa, 0x10, '\x00', 0x1b}, {0x0, 0x81, 0x1, '\x00', 0x40}, {0x6, 0x3c, 0xa0, '\x00', 0xa7}, {0x1, 0x2, 0x9, '\x00', 0x3}, {0x4, 0x1, 0x3, '\x00', 0xfb}, {0x9, 0x80, 0x1, '\x00', 0x5}, {0x9b, 0xe5, 0x2, '\x00', 0x8}, {0x7, 0xb, 0x9, '\x00', 0x6}, {0x10, 0xfe, 0x7, '\x00', 0x1}, {0x5, 0xb, 0x80, '\x00', 0x5}, {0x5, 0x0, 0x2, '\x00', 0x3}, {0x4, 0xa, 0x7, '\x00', 0x1}, {0x3, 0x5, 0x2, '\x00', 0xc}]}})
executing program 32:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000004940)={0x1, [{0x1, 0x3008, 0x9, &(0x7f0000002240)="828a8b2e4b292825bfc418bb9054cc63557f662258efbf3db1c1459db29ddef3bcefc68913e6ade6a9835e726a73e22fbd363dfb1c5ec904a026aad44e1f10452e6653bb36d762881e00eba7e8e623c96213b588659bf0500084046e631df60e135b20551e099be24576db82592afd68365fbdb100a44b8a6ad1f1a66322695688e1f176bfe23e54b2fae85c16a8be3ea24b2689445016e2b5855b0dce3c8589b8e362ecc8f0f9e70be04dcacd0777c25efb74050f904ee1f6fdfeb3ac30af138bf0642a337904519c832fe896c83095b50fe095c0d6ed25608d61166b0849585d5eed0cb58699bf592f8cf20c28684a687ad81b3ce1d1bc89e3ec3b4701e5e28659a75e1cb7877bc497ff2d08f5f35ceaa832884f51f0c2d2b2f681b9093a48e81b560f93e94e1528b10b3d8e6515f2ce74c66a54f9cf44e8e88a87ef4cb2ea5c865c54935d39ae455feb43dbf8ac889883f91fe8af956bc7ad824777847bfcbdba5fadcb84b70c43102c6d207ed9472d01b6e59a3ec61cc9a08293fa7018773857fedd86b75991eb38fab17edf206be35a176131bd0e390d1e586c9dbe7460bbf96d9711eec64d3d5074b7ccefc262e0eb3f7a17d0271b9db993a333ac619140a863a977285d80656bc4d6d501d3f5d2da1f379387b4b15f6c771447ebfee24632ea1690b37389e4501e6eaf3cba1b898993a9bbab17b1cab834aca1c282447ecf246b7147266e4ad58dab730f265cd88a2573d48a034dbe3a9d47118dac62339f7418e937a42b5129bae0736dc463d8a6f67df63bd61c2eebfb15d6b600f24b47073395592d15e535b59adcfa93f5d777e7c6f847ae854c47e4766e231b2e1224b1454811d45530df69129b43e8d07c23dcb79c8ac168ce88aede0afe719636f38acacc482470a02813ed07dca0d6ae76531a3c50bbf9b7950d49d08f254fd136164d3893462c3af9c64152c088d6737182d233023ec7d141bfd7d5c2fdd5bd01415e84b3b36d92793bedcd301598f1fe59644ec2b2c852571127f93e575cd6c450df1ad1dc66ab47c98ebc062aa02e6cbc2f66a795290f3f5eedab35c672ffeb755c99b5932392178302b41985e13ff3d433fcc0291c6b498939dc2322b14c3cb459ecd9dca0d0ee22341042226272133434efd65c05b9b33f26e9bdc622c2c5b2ab0490fa2f4bbbdd073e3e01696c246343156616b6f9d170fc9cc1dc194e7fd5037d80c2731c4b74ed6b628005d745ac019739d3a7082761231cd68cd1ecd33370a0eba0e91adac63c431ff1400bfd5edec39c8c0d582aaf033ab9c6fd5c0bcbe67876fe0159a2d9e8427c17bed3cb56fefcceff0ddabc403dc6cebd4590d21e4e56eb0e81d7fdaedf55ae0a2bd674e7dc9d4acf7c0e150d365ee6a84ef0efdbe01ba8539e014c0990071aa93bb6ee25819c290be98504b4664d3067e69a9b03ce1d2df4d27983f72adc6d97a75e3f668d2cc1d131dc26bbb6ae15aac689a39c4b5b59408e8830205f3aaf18f58c6c7447e0a18a3c0c48026a1f0e2568955d2ac5e763604056d721ef63a3d94fab566e6e571b42c4e880677fcac1838038908fd48a3cd5618c867de40bc21db5a474f3aa8e80cd81adba92867a18c5b3a54b5e95393c6425d0c208d490e13a6477e25129ab7608ced515ef9cf344113d871231f437f0b272420dc58bfecdae9e7444d1c42e26fb4a483e19480c5dab2ae285119e10d1232fed43cfdc81af9e3a696d8abbd81853dc0a86dcb9dec745401e603eb324c2bb70a421031413febc57c4430a1830d7a20a340e96d91f2c697b72cc3b5e15e25545e34c450627d507db571c6e37d05cf5c514395bccedda4355a99f9eea40e02e64ab181388e6c4ae9cc4e207eb0d0e2292e699571a9e920cefbadd4b8e19bd083684d6d6bf714aae54d4518c916c7d8c6f7fb5c5cd242a16d93b20b20823ea3fd4dc6b821b984fa2c2730cc48b95b45941ab16c059072e746af258cee0836b209e70d0eea2c99d7a38c7da804e6c95411dd810e9f1925703fd29298e55baa6a65489b21d2ddaf4ad7d61ea56465a4da7ab43b30a614ddbe7fd1e49484e44f0991796bd2c84aa8c6382708f87a8d7e4782b564e67ecb30d808b0e9cdd2aa778016eb6d0c220d8d008503e7d3f014fb1d0139a54253dced9fb1862"}, {0x3, 0x0, 0xc37, 0x0}, {0x1, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0xfffffffc, 0x0}, {0x2, 0x0, 0xa, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x2b7c, 0x0}, {0x3, 0x0, 0x9c7, 0x0}, {0x0, 0x0, 0x81, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x0, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x2, 0x0}]})
executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9e46, &(0x7f0000006680))
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
unlinkat(0xffffffffffffffff, 0x0, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x4, 0xfffffffe, {0x1e}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
executing program 2:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x90}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0006"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x6, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="a03e324fb80c", 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 2:
r0 = getpgrp(0x0)
prctl$PR_SET_PTRACER(0x59616d61, r0)
prctl$PR_SET_PTRACER(0x59616d61, r0)
executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000240)={0x34, r1, 0x1, 0x3ffe, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ={0x8, 0x9, 0x3}]}, 0x34}}, 0x0)
executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
getdents64(r0, &(0x7f00000041c0)=""/4111, 0x100f)
getdents64(r0, 0x0, 0x0)
executing program 3:
r0 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x1, 0xd59f80, 0x19ef, 0x2800, 0x19ef, 0x3, 0x6, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}})
executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x880)
executing program 3:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r0, &(0x7f0000000100)={0x0, 0x10})
executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
cachestat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
executing program 33:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @ioapic={0xdddd1000, 0x5, 0x3eacc230, 0xb, 0x0, [{0xb, 0x1c, 0x7, '\x00', 0x8}, {0x4, 0x1, 0x9, '\x00', 0x2}, {0x8, 0x7, 0x8, '\x00', 0x9}, {0x40, 0x0, 0x8c}, {0x2, 0x9, 0x9}, {0x5, 0x3, 0x5, '\x00', 0x6}, {0x6, 0x5, 0x8, '\x00', 0x81}, {0x7, 0x7f, 0xad, '\x00', 0x81}, {0x7, 0x4, 0x10, '\x00', 0x6}, {0x6, 0x1, 0x9, '\x00', 0x4}, {0xf, 0xa, 0x4, '\x00', 0x9}, {0x24, 0xfa, 0x10, '\x00', 0x1b}, {0x0, 0x81, 0x1, '\x00', 0x40}, {0x6, 0x3c, 0xa0, '\x00', 0xa7}, {0x1, 0x2, 0x9, '\x00', 0x3}, {0x4, 0x1, 0x3, '\x00', 0xfb}, {0x9, 0x80, 0x1, '\x00', 0x5}, {0x9b, 0xe5, 0x2, '\x00', 0x8}, {0x7, 0xb, 0x9, '\x00', 0x6}, {0x10, 0xfe, 0x7, '\x00', 0x1}, {0x5, 0xb, 0x80, '\x00', 0x5}, {0x5, 0x0, 0x2, '\x00', 0x3}, {0x4, 0xa, 0x7, '\x00', 0x1}, {0x3, 0x5, 0x2, '\x00', 0xc}]}})
executing program 3:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r0, 0x701, 0xfffffffd, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x41}, @void, @val={0xc, 0x99, {0x7, 0x29}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
executing program 4:
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e19, @multicast1=0xe0000002}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x41}, @loopback}}}], 0x20}, 0xc000)
sendmsg$kcm(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x20004890)
executing program 4:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000010000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 4:
mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6002, &(0x7f0000000000)=0x3, 0xf, 0x0)
set_mempolicy_home_node(&(0x7f0000ffc000/0x4000)=nil, 0x403f, 0x0, 0x0)
syz_io_uring_setup(0x18d6, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x0, 0xfffffffd}, &(0x7f0000ffe000), &(0x7f0000ffe000))
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0xb8, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x24, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0xb8}}, 0x0)
executing program 4:
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000140)={0x0, 0x2000bb22, 0x2, {0x1, @raw_data="3d924b827139e8a4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc331c96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a700"}})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000000c0)=@userptr={0x7, 0x1, 0x4, 0xd08b012a, 0x0, {0x0, 0xea60}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x4, "f1439fae"}, 0x0, 0x2, {0x0}, 0x20000, 0x0, r0})
executing program 4:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)=ANY=[@ANYBLOB="181600002400e5ff25bd7000fedbdf2505"], 0x1618}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)
executing program 34:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x880)
executing program 35:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r0, 0x701, 0xfffffffd, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x41}, @void, @val={0xc, 0x99, {0x7, 0x29}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
executing program 36:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)=ANY=[@ANYBLOB="181600002400e5ff25bd7000fedbdf2505"], 0x1618}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)

program crashed: INFO: task hung in kvm_mmu_uninit_vm
bisect: bisecting 35 programs
bisect: split chunks (needed=false): <35>
bisect: split chunk #0 of len 35 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=6m5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 32:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000004940)={0x1, [{0x1, 0x3008, 0x9, &(0x7f0000002240)="828a8b2e4b292825bfc418bb9054cc63557f662258efbf3db1c1459db29ddef3bcefc68913e6ade6a9835e726a73e22fbd363dfb1c5ec904a026aad44e1f10452e6653bb36d762881e00eba7e8e623c96213b588659bf0500084046e631df60e135b20551e099be24576db82592afd68365fbdb100a44b8a6ad1f1a66322695688e1f176bfe23e54b2fae85c16a8be3ea24b2689445016e2b5855b0dce3c8589b8e362ecc8f0f9e70be04dcacd0777c25efb74050f904ee1f6fdfeb3ac30af138bf0642a337904519c832fe896c83095b50fe095c0d6ed25608d61166b0849585d5eed0cb58699bf592f8cf20c28684a687ad81b3ce1d1bc89e3ec3b4701e5e28659a75e1cb7877bc497ff2d08f5f35ceaa832884f51f0c2d2b2f681b9093a48e81b560f93e94e1528b10b3d8e6515f2ce74c66a54f9cf44e8e88a87ef4cb2ea5c865c54935d39ae455feb43dbf8ac889883f91fe8af956bc7ad824777847bfcbdba5fadcb84b70c43102c6d207ed9472d01b6e59a3ec61cc9a08293fa7018773857fedd86b75991eb38fab17edf206be35a176131bd0e390d1e586c9dbe7460bbf96d9711eec64d3d5074b7ccefc262e0eb3f7a17d0271b9db993a333ac619140a863a977285d80656bc4d6d501d3f5d2da1f379387b4b15f6c771447ebfee24632ea1690b37389e4501e6eaf3cba1b898993a9bbab17b1cab834aca1c282447ecf246b7147266e4ad58dab730f265cd88a2573d48a034dbe3a9d47118dac62339f7418e937a42b5129bae0736dc463d8a6f67df63bd61c2eebfb15d6b600f24b47073395592d15e535b59adcfa93f5d777e7c6f847ae854c47e4766e231b2e1224b1454811d45530df69129b43e8d07c23dcb79c8ac168ce88aede0afe719636f38acacc482470a02813ed07dca0d6ae76531a3c50bbf9b7950d49d08f254fd136164d3893462c3af9c64152c088d6737182d233023ec7d141bfd7d5c2fdd5bd01415e84b3b36d92793bedcd301598f1fe59644ec2b2c852571127f93e575cd6c450df1ad1dc66ab47c98ebc062aa02e6cbc2f66a795290f3f5eedab35c672ffeb755c99b5932392178302b41985e13ff3d433fcc0291c6b498939dc2322b14c3cb459ecd9dca0d0ee22341042226272133434efd65c05b9b33f26e9bdc622c2c5b2ab0490fa2f4bbbdd073e3e01696c246343156616b6f9d170fc9cc1dc194e7fd5037d80c2731c4b74ed6b628005d745ac019739d3a7082761231cd68cd1ecd33370a0eba0e91adac63c431ff1400bfd5edec39c8c0d582aaf033ab9c6fd5c0bcbe67876fe0159a2d9e8427c17bed3cb56fefcceff0ddabc403dc6cebd4590d21e4e56eb0e81d7fdaedf55ae0a2bd674e7dc9d4acf7c0e150d365ee6a84ef0efdbe01ba8539e014c0990071aa93bb6ee25819c290be98504b4664d3067e69a9b03ce1d2df4d27983f72adc6d97a75e3f668d2cc1d131dc26bbb6ae15aac689a39c4b5b59408e8830205f3aaf18f58c6c7447e0a18a3c0c48026a1f0e2568955d2ac5e763604056d721ef63a3d94fab566e6e571b42c4e880677fcac1838038908fd48a3cd5618c867de40bc21db5a474f3aa8e80cd81adba92867a18c5b3a54b5e95393c6425d0c208d490e13a6477e25129ab7608ced515ef9cf344113d871231f437f0b272420dc58bfecdae9e7444d1c42e26fb4a483e19480c5dab2ae285119e10d1232fed43cfdc81af9e3a696d8abbd81853dc0a86dcb9dec745401e603eb324c2bb70a421031413febc57c4430a1830d7a20a340e96d91f2c697b72cc3b5e15e25545e34c450627d507db571c6e37d05cf5c514395bccedda4355a99f9eea40e02e64ab181388e6c4ae9cc4e207eb0d0e2292e699571a9e920cefbadd4b8e19bd083684d6d6bf714aae54d4518c916c7d8c6f7fb5c5cd242a16d93b20b20823ea3fd4dc6b821b984fa2c2730cc48b95b45941ab16c059072e746af258cee0836b209e70d0eea2c99d7a38c7da804e6c95411dd810e9f1925703fd29298e55baa6a65489b21d2ddaf4ad7d61ea56465a4da7ab43b30a614ddbe7fd1e49484e44f0991796bd2c84aa8c6382708f87a8d7e4782b564e67ecb30d808b0e9cdd2aa778016eb6d0c220d8d008503e7d3f014fb1d0139a54253dced9fb1862"}, {0x3, 0x0, 0xc37, 0x0}, {0x1, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0xfffffffc, 0x0}, {0x2, 0x0, 0xa, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x2b7c, 0x0}, {0x3, 0x0, 0x9c7, 0x0}, {0x0, 0x0, 0x81, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x0, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x2, 0x0}]})
executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9e46, &(0x7f0000006680))
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
unlinkat(0xffffffffffffffff, 0x0, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x4, 0xfffffffe, {0x1e}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
executing program 2:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x90}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0006"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x6, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000140)="a03e324fb80c", 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 2:
r0 = getpgrp(0x0)
prctl$PR_SET_PTRACER(0x59616d61, r0)
prctl$PR_SET_PTRACER(0x59616d61, r0)
executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000240)={0x34, r1, 0x1, 0x3ffe, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ={0x8, 0x9, 0x3}]}, 0x34}}, 0x0)
executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
getdents64(r0, &(0x7f00000041c0)=""/4111, 0x100f)
getdents64(r0, 0x0, 0x0)
executing program 3:
r0 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x1, 0xd59f80, 0x19ef, 0x2800, 0x19ef, 0x3, 0x6, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}})
executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x880)
executing program 3:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r0, &(0x7f0000000100)={0x0, 0x10})
executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
cachestat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
executing program 33:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @ioapic={0xdddd1000, 0x5, 0x3eacc230, 0xb, 0x0, [{0xb, 0x1c, 0x7, '\x00', 0x8}, {0x4, 0x1, 0x9, '\x00', 0x2}, {0x8, 0x7, 0x8, '\x00', 0x9}, {0x40, 0x0, 0x8c}, {0x2, 0x9, 0x9}, {0x5, 0x3, 0x5, '\x00', 0x6}, {0x6, 0x5, 0x8, '\x00', 0x81}, {0x7, 0x7f, 0xad, '\x00', 0x81}, {0x7, 0x4, 0x10, '\x00', 0x6}, {0x6, 0x1, 0x9, '\x00', 0x4}, {0xf, 0xa, 0x4, '\x00', 0x9}, {0x24, 0xfa, 0x10, '\x00', 0x1b}, {0x0, 0x81, 0x1, '\x00', 0x40}, {0x6, 0x3c, 0xa0, '\x00', 0xa7}, {0x1, 0x2, 0x9, '\x00', 0x3}, {0x4, 0x1, 0x3, '\x00', 0xfb}, {0x9, 0x80, 0x1, '\x00', 0x5}, {0x9b, 0xe5, 0x2, '\x00', 0x8}, {0x7, 0xb, 0x9, '\x00', 0x6}, {0x10, 0xfe, 0x7, '\x00', 0x1}, {0x5, 0xb, 0x80, '\x00', 0x5}, {0x5, 0x0, 0x2, '\x00', 0x3}, {0x4, 0xa, 0x7, '\x00', 0x1}, {0x3, 0x5, 0x2, '\x00', 0xc}]}})
executing program 3:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r0, 0x701, 0xfffffffd, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x41}, @void, @val={0xc, 0x99, {0x7, 0x29}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
executing program 4:
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e19, @multicast1=0xe0000002}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x41}, @loopback}}}], 0x20}, 0xc000)
sendmsg$kcm(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x20004890)
executing program 4:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000010000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 4:
mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6002, &(0x7f0000000000)=0x3, 0xf, 0x0)
set_mempolicy_home_node(&(0x7f0000ffc000/0x4000)=nil, 0x403f, 0x0, 0x0)
syz_io_uring_setup(0x18d6, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x0, 0xfffffffd}, &(0x7f0000ffe000), &(0x7f0000ffe000))
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0xb8, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x24, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0xb8}}, 0x0)
executing program 4:
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000140)={0x0, 0x2000bb22, 0x2, {0x1, @raw_data="3d924b827139e8a4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc331c96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a700"}})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000000c0)=@userptr={0x7, 0x1, 0x4, 0xd08b012a, 0x0, {0x0, 0xea60}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x4, "f1439fae"}, 0x0, 0x2, {0x0}, 0x20000, 0x0, r0})
executing program 4:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)=ANY=[@ANYBLOB="181600002400e5ff25bd7000fedbdf2505"], 0x1618}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)
executing program 34:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x880)
executing program 35:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r0, 0x701, 0xfffffffd, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x41}, @void, @val={0xc, 0x99, {0x7, 0x29}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
executing program 36:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)=ANY=[@ANYBLOB="181600002400e5ff25bd7000fedbdf2505"], 0x1618}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)

program did not crash
bisect: testing without sub-chunk 2/3
testing program (duration=6m5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/icmp\x00')
read$FUSE(r0, &(0x7f0000001240)={0x2020}, 0x2020)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/186, 0xba}], 0x1, 0x5, 0x0)
executing program 0:
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='mpol=bind:7-'])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1004014, &(0x7f00000000c0))
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000300)="cd", 0x1)
setsockopt$inet6_tcp_int(r0, 0x6, 0xc, &(0x7f00000000c0)=0x9, 0x4)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
personality(0x500006)
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000004940)={0x1, [{0x1, 0x3008, 0x9, &(0x7f0000002240)="828a8b2e4b292825bfc418bb9054cc63557f662258efbf3db1c1459db29ddef3bcefc68913e6ade6a9835e726a73e22fbd363dfb1c5ec904a026aad44e1f10452e6653bb36d762881e00eba7e8e623c96213b588659bf0500084046e631df60e135b20551e099be24576db82592afd68365fbdb100a44b8a6ad1f1a66322695688e1f176bfe23e54b2fae85c16a8be3ea24b2689445016e2b5855b0dce3c8589b8e362ecc8f0f9e70be04dcacd0777c25efb74050f904ee1f6fdfeb3ac30af138bf0642a337904519c832fe896c83095b50fe095c0d6ed25608d61166b0849585d5eed0cb58699bf592f8cf20c28684a687ad81b3ce1d1bc89e3ec3b4701e5e28659a75e1cb7877bc497ff2d08f5f35ceaa832884f51f0c2d2b2f681b9093a48e81b560f93e94e1528b10b3d8e6515f2ce74c66a54f9cf44e8e88a87ef4cb2ea5c865c54935d39ae455feb43dbf8ac889883f91fe8af956bc7ad824777847bfcbdba5fadcb84b70c43102c6d207ed9472d01b6e59a3ec61cc9a08293fa7018773857fedd86b75991eb38fab17edf206be35a176131bd0e390d1e586c9dbe7460bbf96d9711eec64d3d5074b7ccefc262e0eb3f7a17d0271b9db993a333ac619140a863a977285d80656bc4d6d501d3f5d2da1f379387b4b15f6c771447ebfee24632ea1690b37389e4501e6eaf3cba1b898993a9bbab17b1cab834aca1c282447ecf246b7147266e4ad58dab730f265cd88a2573d48a034dbe3a9d47118dac62339f7418e937a42b5129bae0736dc463d8a6f67df63bd61c2eebfb15d6b600f24b47073395592d15e535b59adcfa93f5d777e7c6f847ae854c47e4766e231b2e1224b1454811d45530df69129b43e8d07c23dcb79c8ac168ce88aede0afe719636f38acacc482470a02813ed07dca0d6ae76531a3c50bbf9b7950d49d08f254fd136164d3893462c3af9c64152c088d6737182d233023ec7d141bfd7d5c2fdd5bd01415e84b3b36d92793bedcd301598f1fe59644ec2b2c852571127f93e575cd6c450df1ad1dc66ab47c98ebc062aa02e6cbc2f66a795290f3f5eedab35c672ffeb755c99b5932392178302b41985e13ff3d433fcc0291c6b498939dc2322b14c3cb459ecd9dca0d0ee22341042226272133434efd65c05b9b33f26e9bdc622c2c5b2ab0490fa2f4bbbdd073e3e01696c246343156616b6f9d170fc9cc1dc194e7fd5037d80c2731c4b74ed6b628005d745ac019739d3a7082761231cd68cd1ecd33370a0eba0e91adac63c431ff1400bfd5edec39c8c0d582aaf033ab9c6fd5c0bcbe67876fe0159a2d9e8427c17bed3cb56fefcceff0ddabc403dc6cebd4590d21e4e56eb0e81d7fdaedf55ae0a2bd674e7dc9d4acf7c0e150d365ee6a84ef0efdbe01ba8539e014c0990071aa93bb6ee25819c290be98504b4664d3067e69a9b03ce1d2df4d27983f72adc6d97a75e3f668d2cc1d131dc26bbb6ae15aac689a39c4b5b59408e8830205f3aaf18f58c6c7447e0a18a3c0c48026a1f0e2568955d2ac5e763604056d721ef63a3d94fab566e6e571b42c4e880677fcac1838038908fd48a3cd5618c867de40bc21db5a474f3aa8e80cd81adba92867a18c5b3a54b5e95393c6425d0c208d490e13a6477e25129ab7608ced515ef9cf344113d871231f437f0b272420dc58bfecdae9e7444d1c42e26fb4a483e19480c5dab2ae285119e10d1232fed43cfdc81af9e3a696d8abbd81853dc0a86dcb9dec745401e603eb324c2bb70a421031413febc57c4430a1830d7a20a340e96d91f2c697b72cc3b5e15e25545e34c450627d507db571c6e37d05cf5c514395bccedda4355a99f9eea40e02e64ab181388e6c4ae9cc4e207eb0d0e2292e699571a9e920cefbadd4b8e19bd083684d6d6bf714aae54d4518c916c7d8c6f7fb5c5cd242a16d93b20b20823ea3fd4dc6b821b984fa2c2730cc48b95b45941ab16c059072e746af258cee0836b209e70d0eea2c99d7a38c7da804e6c95411dd810e9f1925703fd29298e55baa6a65489b21d2ddaf4ad7d61ea56465a4da7ab43b30a614ddbe7fd1e49484e44f0991796bd2c84aa8c6382708f87a8d7e4782b564e67ecb30d808b0e9cdd2aa778016eb6d0c220d8d008503e7d3f014fb1d0139a54253dced9fb1862"}, {0x3, 0x0, 0xc37, 0x0}, {0x1, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0xfffffffc, 0x0}, {0x2, 0x0, 0xa, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x2b7c, 0x0}, {0x3, 0x0, 0x9c7, 0x0}, {0x0, 0x0, 0x81, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x0, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x2, 0x0}]})
executing program 1:
r0 = getpid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000029c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee01}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x38, 0x20000050}}], 0x2, 0x4840)
executing program 1:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x403, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x10000000002001ff)
executing program 1:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x228061, 0x0)
executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000002680)='net/udplite6\x00')
read(r0, &(0x7f00000028c0)=""/105, 0x69)
preadv(r0, &(0x7f0000004100)=[{&(0x7f0000002c40)=""/209, 0xd1}], 0x1, 0x5, 0x3)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newroute={0x28, 0x1a, 0x1, 0xfffffffc, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x4d6, 0x4, 0x5c}}]}, 0x28}}, 0x0)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @ioapic={0xdddd1000, 0x5, 0x3eacc230, 0xb, 0x0, [{0xb, 0x1c, 0x7, '\x00', 0x8}, {0x4, 0x1, 0x9, '\x00', 0x2}, {0x8, 0x7, 0x8, '\x00', 0x9}, {0x40, 0x0, 0x8c}, {0x2, 0x9, 0x9}, {0x5, 0x3, 0x5, '\x00', 0x6}, {0x6, 0x5, 0x8, '\x00', 0x81}, {0x7, 0x7f, 0xad, '\x00', 0x81}, {0x7, 0x4, 0x10, '\x00', 0x6}, {0x6, 0x1, 0x9, '\x00', 0x4}, {0xf, 0xa, 0x4, '\x00', 0x9}, {0x24, 0xfa, 0x10, '\x00', 0x1b}, {0x0, 0x81, 0x1, '\x00', 0x40}, {0x6, 0x3c, 0xa0, '\x00', 0xa7}, {0x1, 0x2, 0x9, '\x00', 0x3}, {0x4, 0x1, 0x3, '\x00', 0xfb}, {0x9, 0x80, 0x1, '\x00', 0x5}, {0x9b, 0xe5, 0x2, '\x00', 0x8}, {0x7, 0xb, 0x9, '\x00', 0x6}, {0x10, 0xfe, 0x7, '\x00', 0x1}, {0x5, 0xb, 0x80, '\x00', 0x5}, {0x5, 0x0, 0x2, '\x00', 0x3}, {0x4, 0xa, 0x7, '\x00', 0x1}, {0x3, 0x5, 0x2, '\x00', 0xc}]}})
executing program 33:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @ioapic={0xdddd1000, 0x5, 0x3eacc230, 0xb, 0x0, [{0xb, 0x1c, 0x7, '\x00', 0x8}, {0x4, 0x1, 0x9, '\x00', 0x2}, {0x8, 0x7, 0x8, '\x00', 0x9}, {0x40, 0x0, 0x8c}, {0x2, 0x9, 0x9}, {0x5, 0x3, 0x5, '\x00', 0x6}, {0x6, 0x5, 0x8, '\x00', 0x81}, {0x7, 0x7f, 0xad, '\x00', 0x81}, {0x7, 0x4, 0x10, '\x00', 0x6}, {0x6, 0x1, 0x9, '\x00', 0x4}, {0xf, 0xa, 0x4, '\x00', 0x9}, {0x24, 0xfa, 0x10, '\x00', 0x1b}, {0x0, 0x81, 0x1, '\x00', 0x40}, {0x6, 0x3c, 0xa0, '\x00', 0xa7}, {0x1, 0x2, 0x9, '\x00', 0x3}, {0x4, 0x1, 0x3, '\x00', 0xfb}, {0x9, 0x80, 0x1, '\x00', 0x5}, {0x9b, 0xe5, 0x2, '\x00', 0x8}, {0x7, 0xb, 0x9, '\x00', 0x6}, {0x10, 0xfe, 0x7, '\x00', 0x1}, {0x5, 0xb, 0x80, '\x00', 0x5}, {0x5, 0x0, 0x2, '\x00', 0x3}, {0x4, 0xa, 0x7, '\x00', 0x1}, {0x3, 0x5, 0x2, '\x00', 0xc}]}})
executing program 3:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r0, 0x701, 0xfffffffd, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x41}, @void, @val={0xc, 0x99, {0x7, 0x29}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
executing program 4:
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e19, @multicast1=0xe0000002}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x41}, @loopback}}}], 0x20}, 0xc000)
sendmsg$kcm(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x20004890)
executing program 4:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000010000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 4:
mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6002, &(0x7f0000000000)=0x3, 0xf, 0x0)
set_mempolicy_home_node(&(0x7f0000ffc000/0x4000)=nil, 0x403f, 0x0, 0x0)
syz_io_uring_setup(0x18d6, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x0, 0xfffffffd}, &(0x7f0000ffe000), &(0x7f0000ffe000))
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0xb8, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x24, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0xb8}}, 0x0)
executing program 4:
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000140)={0x0, 0x2000bb22, 0x2, {0x1, @raw_data="3d924b827139e8a4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc331c96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a700"}})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000000c0)=@userptr={0x7, 0x1, 0x4, 0xd08b012a, 0x0, {0x0, 0xea60}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x4, "f1439fae"}, 0x0, 0x2, {0x0}, 0x20000, 0x0, r0})
executing program 4:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)=ANY=[@ANYBLOB="181600002400e5ff25bd7000fedbdf2505"], 0x1618}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)
executing program 34:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x880)
executing program 35:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x30, r0, 0x701, 0xfffffffd, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x41}, @void, @val={0xc, 0x99, {0x7, 0x29}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
executing program 36:
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000021c0)=ANY=[@ANYBLOB="181600002400e5ff25bd7000fedbdf2505"], 0x1618}], 0x1}, 0x0)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)

program crashed: INFO: task hung in kvm_mmu_uninit_vm
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
testing program (duration=6m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/icmp\x00')
read$FUSE(r0, &(0x7f0000001240)={0x2020}, 0x2020)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/186, 0xba}], 0x1, 0x5, 0x0)
executing program 0:
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='mpol=bind:7-'])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1004014, &(0x7f00000000c0))
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000300)="cd", 0x1)
setsockopt$inet6_tcp_int(r0, 0x6, 0xc, &(0x7f00000000c0)=0x9, 0x4)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
personality(0x500006)
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000004940)={0x1, [{0x1, 0x3008, 0x9, &(0x7f0000002240)="828a8b2e4b292825bfc418bb9054cc63557f662258efbf3db1c1459db29ddef3bcefc68913e6ade6a9835e726a73e22fbd363dfb1c5ec904a026aad44e1f10452e6653bb36d762881e00eba7e8e623c96213b588659bf0500084046e631df60e135b20551e099be24576db82592afd68365fbdb100a44b8a6ad1f1a66322695688e1f176bfe23e54b2fae85c16a8be3ea24b2689445016e2b5855b0dce3c8589b8e362ecc8f0f9e70be04dcacd0777c25efb74050f904ee1f6fdfeb3ac30af138bf0642a337904519c832fe896c83095b50fe095c0d6ed25608d61166b0849585d5eed0cb58699bf592f8cf20c28684a687ad81b3ce1d1bc89e3ec3b4701e5e28659a75e1cb7877bc497ff2d08f5f35ceaa832884f51f0c2d2b2f681b9093a48e81b560f93e94e1528b10b3d8e6515f2ce74c66a54f9cf44e8e88a87ef4cb2ea5c865c54935d39ae455feb43dbf8ac889883f91fe8af956bc7ad824777847bfcbdba5fadcb84b70c43102c6d207ed9472d01b6e59a3ec61cc9a08293fa7018773857fedd86b75991eb38fab17edf206be35a176131bd0e390d1e586c9dbe7460bbf96d9711eec64d3d5074b7ccefc262e0eb3f7a17d0271b9db993a333ac619140a863a977285d80656bc4d6d501d3f5d2da1f379387b4b15f6c771447ebfee24632ea1690b37389e4501e6eaf3cba1b898993a9bbab17b1cab834aca1c282447ecf246b7147266e4ad58dab730f265cd88a2573d48a034dbe3a9d47118dac62339f7418e937a42b5129bae0736dc463d8a6f67df63bd61c2eebfb15d6b600f24b47073395592d15e535b59adcfa93f5d777e7c6f847ae854c47e4766e231b2e1224b1454811d45530df69129b43e8d07c23dcb79c8ac168ce88aede0afe719636f38acacc482470a02813ed07dca0d6ae76531a3c50bbf9b7950d49d08f254fd136164d3893462c3af9c64152c088d6737182d233023ec7d141bfd7d5c2fdd5bd01415e84b3b36d92793bedcd301598f1fe59644ec2b2c852571127f93e575cd6c450df1ad1dc66ab47c98ebc062aa02e6cbc2f66a795290f3f5eedab35c672ffeb755c99b5932392178302b41985e13ff3d433fcc0291c6b498939dc2322b14c3cb459ecd9dca0d0ee22341042226272133434efd65c05b9b33f26e9bdc622c2c5b2ab0490fa2f4bbbdd073e3e01696c246343156616b6f9d170fc9cc1dc194e7fd5037d80c2731c4b74ed6b628005d745ac019739d3a7082761231cd68cd1ecd33370a0eba0e91adac63c431ff1400bfd5edec39c8c0d582aaf033ab9c6fd5c0bcbe67876fe0159a2d9e8427c17bed3cb56fefcceff0ddabc403dc6cebd4590d21e4e56eb0e81d7fdaedf55ae0a2bd674e7dc9d4acf7c0e150d365ee6a84ef0efdbe01ba8539e014c0990071aa93bb6ee25819c290be98504b4664d3067e69a9b03ce1d2df4d27983f72adc6d97a75e3f668d2cc1d131dc26bbb6ae15aac689a39c4b5b59408e8830205f3aaf18f58c6c7447e0a18a3c0c48026a1f0e2568955d2ac5e763604056d721ef63a3d94fab566e6e571b42c4e880677fcac1838038908fd48a3cd5618c867de40bc21db5a474f3aa8e80cd81adba92867a18c5b3a54b5e95393c6425d0c208d490e13a6477e25129ab7608ced515ef9cf344113d871231f437f0b272420dc58bfecdae9e7444d1c42e26fb4a483e19480c5dab2ae285119e10d1232fed43cfdc81af9e3a696d8abbd81853dc0a86dcb9dec745401e603eb324c2bb70a421031413febc57c4430a1830d7a20a340e96d91f2c697b72cc3b5e15e25545e34c450627d507db571c6e37d05cf5c514395bccedda4355a99f9eea40e02e64ab181388e6c4ae9cc4e207eb0d0e2292e699571a9e920cefbadd4b8e19bd083684d6d6bf714aae54d4518c916c7d8c6f7fb5c5cd242a16d93b20b20823ea3fd4dc6b821b984fa2c2730cc48b95b45941ab16c059072e746af258cee0836b209e70d0eea2c99d7a38c7da804e6c95411dd810e9f1925703fd29298e55baa6a65489b21d2ddaf4ad7d61ea56465a4da7ab43b30a614ddbe7fd1e49484e44f0991796bd2c84aa8c6382708f87a8d7e4782b564e67ecb30d808b0e9cdd2aa778016eb6d0c220d8d008503e7d3f014fb1d0139a54253dced9fb1862"}, {0x3, 0x0, 0xc37, 0x0}, {0x1, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0xfffffffc, 0x0}, {0x2, 0x0, 0xa, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x2b7c, 0x0}, {0x3, 0x0, 0x9c7, 0x0}, {0x0, 0x0, 0x81, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x0, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x2, 0x0}]})
executing program 1:
r0 = getpid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000029c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee01}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x38, 0x20000050}}], 0x2, 0x4840)
executing program 1:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x403, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x10000000002001ff)
executing program 1:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x228061, 0x0)
executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000002680)='net/udplite6\x00')
read(r0, &(0x7f00000028c0)=""/105, 0x69)
preadv(r0, &(0x7f0000004100)=[{&(0x7f0000002c40)=""/209, 0xd1}], 0x1, 0x5, 0x3)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newroute={0x28, 0x1a, 0x1, 0xfffffffc, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x4d6, 0x4, 0x5c}}]}, 0x28}}, 0x0)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @ioapic={0xdddd1000, 0x5, 0x3eacc230, 0xb, 0x0, [{0xb, 0x1c, 0x7, '\x00', 0x8}, {0x4, 0x1, 0x9, '\x00', 0x2}, {0x8, 0x7, 0x8, '\x00', 0x9}, {0x40, 0x0, 0x8c}, {0x2, 0x9, 0x9}, {0x5, 0x3, 0x5, '\x00', 0x6}, {0x6, 0x5, 0x8, '\x00', 0x81}, {0x7, 0x7f, 0xad, '\x00', 0x81}, {0x7, 0x4, 0x10, '\x00', 0x6}, {0x6, 0x1, 0x9, '\x00', 0x4}, {0xf, 0xa, 0x4, '\x00', 0x9}, {0x24, 0xfa, 0x10, '\x00', 0x1b}, {0x0, 0x81, 0x1, '\x00', 0x40}, {0x6, 0x3c, 0xa0, '\x00', 0xa7}, {0x1, 0x2, 0x9, '\x00', 0x3}, {0x4, 0x1, 0x3, '\x00', 0xfb}, {0x9, 0x80, 0x1, '\x00', 0x5}, {0x9b, 0xe5, 0x2, '\x00', 0x8}, {0x7, 0xb, 0x9, '\x00', 0x6}, {0x10, 0xfe, 0x7, '\x00', 0x1}, {0x5, 0xb, 0x80, '\x00', 0x5}, {0x5, 0x0, 0x2, '\x00', 0x3}, {0x4, 0xa, 0x7, '\x00', 0x1}, {0x3, 0x5, 0x2, '\x00', 0xc}]}})

program crashed: INFO: task hung in kvm_mmu_uninit_vm
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <12>
bisect: split chunk #0 of len 12 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3]
detailed listing:
executing program 1:
r0 = getpid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000029c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee01}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x38, 0x20000050}}], 0x2, 0x4840)
executing program 1:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x403, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x10000000002001ff)
executing program 1:
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x228061, 0x0)
executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000002680)='net/udplite6\x00')
read(r0, &(0x7f00000028c0)=""/105, 0x69)
preadv(r0, &(0x7f0000004100)=[{&(0x7f0000002c40)=""/209, 0xd1}], 0x1, 0x5, 0x3)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newroute={0x28, 0x1a, 0x1, 0xfffffffc, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x4d6, 0x4, 0x5c}}]}, 0x28}}, 0x0)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x3, 0x0, @ioapic={0xdddd1000, 0x5, 0x3eacc230, 0xb, 0x0, [{0xb, 0x1c, 0x7, '\x00', 0x8}, {0x4, 0x1, 0x9, '\x00', 0x2}, {0x8, 0x7, 0x8, '\x00', 0x9}, {0x40, 0x0, 0x8c}, {0x2, 0x9, 0x9}, {0x5, 0x3, 0x5, '\x00', 0x6}, {0x6, 0x5, 0x8, '\x00', 0x81}, {0x7, 0x7f, 0xad, '\x00', 0x81}, {0x7, 0x4, 0x10, '\x00', 0x6}, {0x6, 0x1, 0x9, '\x00', 0x4}, {0xf, 0xa, 0x4, '\x00', 0x9}, {0x24, 0xfa, 0x10, '\x00', 0x1b}, {0x0, 0x81, 0x1, '\x00', 0x40}, {0x6, 0x3c, 0xa0, '\x00', 0xa7}, {0x1, 0x2, 0x9, '\x00', 0x3}, {0x4, 0x1, 0x3, '\x00', 0xfb}, {0x9, 0x80, 0x1, '\x00', 0x5}, {0x9b, 0xe5, 0x2, '\x00', 0x8}, {0x7, 0xb, 0x9, '\x00', 0x6}, {0x10, 0xfe, 0x7, '\x00', 0x1}, {0x5, 0xb, 0x80, '\x00', 0x5}, {0x5, 0x0, 0x2, '\x00', 0x3}, {0x4, 0xa, 0x7, '\x00', 0x1}, {0x3, 0x5, 0x2, '\x00', 0xc}]}})

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3]
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/icmp\x00')
read$FUSE(r0, &(0x7f0000001240)={0x2020}, 0x2020)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/186, 0xba}], 0x1, 0x5, 0x0)
executing program 0:
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='mpol=bind:7-'])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1004014, &(0x7f00000000c0))
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000300)="cd", 0x1)
setsockopt$inet6_tcp_int(r0, 0x6, 0xc, &(0x7f00000000c0)=0x9, 0x4)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
personality(0x500006)
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000004940)={0x1, [{0x1, 0x3008, 0x9, &(0x7f0000002240)="828a8b2e4b292825bfc418bb9054cc63557f662258efbf3db1c1459db29ddef3bcefc68913e6ade6a9835e726a73e22fbd363dfb1c5ec904a026aad44e1f10452e6653bb36d762881e00eba7e8e623c96213b588659bf0500084046e631df60e135b20551e099be24576db82592afd68365fbdb100a44b8a6ad1f1a66322695688e1f176bfe23e54b2fae85c16a8be3ea24b2689445016e2b5855b0dce3c8589b8e362ecc8f0f9e70be04dcacd0777c25efb74050f904ee1f6fdfeb3ac30af138bf0642a337904519c832fe896c83095b50fe095c0d6ed25608d61166b0849585d5eed0cb58699bf592f8cf20c28684a687ad81b3ce1d1bc89e3ec3b4701e5e28659a75e1cb7877bc497ff2d08f5f35ceaa832884f51f0c2d2b2f681b9093a48e81b560f93e94e1528b10b3d8e6515f2ce74c66a54f9cf44e8e88a87ef4cb2ea5c865c54935d39ae455feb43dbf8ac889883f91fe8af956bc7ad824777847bfcbdba5fadcb84b70c43102c6d207ed9472d01b6e59a3ec61cc9a08293fa7018773857fedd86b75991eb38fab17edf206be35a176131bd0e390d1e586c9dbe7460bbf96d9711eec64d3d5074b7ccefc262e0eb3f7a17d0271b9db993a333ac619140a863a977285d80656bc4d6d501d3f5d2da1f379387b4b15f6c771447ebfee24632ea1690b37389e4501e6eaf3cba1b898993a9bbab17b1cab834aca1c282447ecf246b7147266e4ad58dab730f265cd88a2573d48a034dbe3a9d47118dac62339f7418e937a42b5129bae0736dc463d8a6f67df63bd61c2eebfb15d6b600f24b47073395592d15e535b59adcfa93f5d777e7c6f847ae854c47e4766e231b2e1224b1454811d45530df69129b43e8d07c23dcb79c8ac168ce88aede0afe719636f38acacc482470a02813ed07dca0d6ae76531a3c50bbf9b7950d49d08f254fd136164d3893462c3af9c64152c088d6737182d233023ec7d141bfd7d5c2fdd5bd01415e84b3b36d92793bedcd301598f1fe59644ec2b2c852571127f93e575cd6c450df1ad1dc66ab47c98ebc062aa02e6cbc2f66a795290f3f5eedab35c672ffeb755c99b5932392178302b41985e13ff3d433fcc0291c6b498939dc2322b14c3cb459ecd9dca0d0ee22341042226272133434efd65c05b9b33f26e9bdc622c2c5b2ab0490fa2f4bbbdd073e3e01696c246343156616b6f9d170fc9cc1dc194e7fd5037d80c2731c4b74ed6b628005d745ac019739d3a7082761231cd68cd1ecd33370a0eba0e91adac63c431ff1400bfd5edec39c8c0d582aaf033ab9c6fd5c0bcbe67876fe0159a2d9e8427c17bed3cb56fefcceff0ddabc403dc6cebd4590d21e4e56eb0e81d7fdaedf55ae0a2bd674e7dc9d4acf7c0e150d365ee6a84ef0efdbe01ba8539e014c0990071aa93bb6ee25819c290be98504b4664d3067e69a9b03ce1d2df4d27983f72adc6d97a75e3f668d2cc1d131dc26bbb6ae15aac689a39c4b5b59408e8830205f3aaf18f58c6c7447e0a18a3c0c48026a1f0e2568955d2ac5e763604056d721ef63a3d94fab566e6e571b42c4e880677fcac1838038908fd48a3cd5618c867de40bc21db5a474f3aa8e80cd81adba92867a18c5b3a54b5e95393c6425d0c208d490e13a6477e25129ab7608ced515ef9cf344113d871231f437f0b272420dc58bfecdae9e7444d1c42e26fb4a483e19480c5dab2ae285119e10d1232fed43cfdc81af9e3a696d8abbd81853dc0a86dcb9dec745401e603eb324c2bb70a421031413febc57c4430a1830d7a20a340e96d91f2c697b72cc3b5e15e25545e34c450627d507db571c6e37d05cf5c514395bccedda4355a99f9eea40e02e64ab181388e6c4ae9cc4e207eb0d0e2292e699571a9e920cefbadd4b8e19bd083684d6d6bf714aae54d4518c916c7d8c6f7fb5c5cd242a16d93b20b20823ea3fd4dc6b821b984fa2c2730cc48b95b45941ab16c059072e746af258cee0836b209e70d0eea2c99d7a38c7da804e6c95411dd810e9f1925703fd29298e55baa6a65489b21d2ddaf4ad7d61ea56465a4da7ab43b30a614ddbe7fd1e49484e44f0991796bd2c84aa8c6382708f87a8d7e4782b564e67ecb30d808b0e9cdd2aa778016eb6d0c220d8d008503e7d3f014fb1d0139a54253dced9fb1862"}, {0x3, 0x0, 0xc37, 0x0}, {0x1, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0xfffffffc, 0x0}, {0x2, 0x0, 0xa, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x2b7c, 0x0}, {0x3, 0x0, 0x9c7, 0x0}, {0x0, 0x0, 0x81, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x0, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x2, 0x0}]})

program crashed: INFO: rcu detected stall in corrupted
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <6>
bisect: split chunk #0 of len 6 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3]
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000300)="cd", 0x1)
setsockopt$inet6_tcp_int(r0, 0x6, 0xc, &(0x7f00000000c0)=0x9, 0x4)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
personality(0x500006)
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000004940)={0x1, [{0x1, 0x3008, 0x9, &(0x7f0000002240)="828a8b2e4b292825bfc418bb9054cc63557f662258efbf3db1c1459db29ddef3bcefc68913e6ade6a9835e726a73e22fbd363dfb1c5ec904a026aad44e1f10452e6653bb36d762881e00eba7e8e623c96213b588659bf0500084046e631df60e135b20551e099be24576db82592afd68365fbdb100a44b8a6ad1f1a66322695688e1f176bfe23e54b2fae85c16a8be3ea24b2689445016e2b5855b0dce3c8589b8e362ecc8f0f9e70be04dcacd0777c25efb74050f904ee1f6fdfeb3ac30af138bf0642a337904519c832fe896c83095b50fe095c0d6ed25608d61166b0849585d5eed0cb58699bf592f8cf20c28684a687ad81b3ce1d1bc89e3ec3b4701e5e28659a75e1cb7877bc497ff2d08f5f35ceaa832884f51f0c2d2b2f681b9093a48e81b560f93e94e1528b10b3d8e6515f2ce74c66a54f9cf44e8e88a87ef4cb2ea5c865c54935d39ae455feb43dbf8ac889883f91fe8af956bc7ad824777847bfcbdba5fadcb84b70c43102c6d207ed9472d01b6e59a3ec61cc9a08293fa7018773857fedd86b75991eb38fab17edf206be35a176131bd0e390d1e586c9dbe7460bbf96d9711eec64d3d5074b7ccefc262e0eb3f7a17d0271b9db993a333ac619140a863a977285d80656bc4d6d501d3f5d2da1f379387b4b15f6c771447ebfee24632ea1690b37389e4501e6eaf3cba1b898993a9bbab17b1cab834aca1c282447ecf246b7147266e4ad58dab730f265cd88a2573d48a034dbe3a9d47118dac62339f7418e937a42b5129bae0736dc463d8a6f67df63bd61c2eebfb15d6b600f24b47073395592d15e535b59adcfa93f5d777e7c6f847ae854c47e4766e231b2e1224b1454811d45530df69129b43e8d07c23dcb79c8ac168ce88aede0afe719636f38acacc482470a02813ed07dca0d6ae76531a3c50bbf9b7950d49d08f254fd136164d3893462c3af9c64152c088d6737182d233023ec7d141bfd7d5c2fdd5bd01415e84b3b36d92793bedcd301598f1fe59644ec2b2c852571127f93e575cd6c450df1ad1dc66ab47c98ebc062aa02e6cbc2f66a795290f3f5eedab35c672ffeb755c99b5932392178302b41985e13ff3d433fcc0291c6b498939dc2322b14c3cb459ecd9dca0d0ee22341042226272133434efd65c05b9b33f26e9bdc622c2c5b2ab0490fa2f4bbbdd073e3e01696c246343156616b6f9d170fc9cc1dc194e7fd5037d80c2731c4b74ed6b628005d745ac019739d3a7082761231cd68cd1ecd33370a0eba0e91adac63c431ff1400bfd5edec39c8c0d582aaf033ab9c6fd5c0bcbe67876fe0159a2d9e8427c17bed3cb56fefcceff0ddabc403dc6cebd4590d21e4e56eb0e81d7fdaedf55ae0a2bd674e7dc9d4acf7c0e150d365ee6a84ef0efdbe01ba8539e014c0990071aa93bb6ee25819c290be98504b4664d3067e69a9b03ce1d2df4d27983f72adc6d97a75e3f668d2cc1d131dc26bbb6ae15aac689a39c4b5b59408e8830205f3aaf18f58c6c7447e0a18a3c0c48026a1f0e2568955d2ac5e763604056d721ef63a3d94fab566e6e571b42c4e880677fcac1838038908fd48a3cd5618c867de40bc21db5a474f3aa8e80cd81adba92867a18c5b3a54b5e95393c6425d0c208d490e13a6477e25129ab7608ced515ef9cf344113d871231f437f0b272420dc58bfecdae9e7444d1c42e26fb4a483e19480c5dab2ae285119e10d1232fed43cfdc81af9e3a696d8abbd81853dc0a86dcb9dec745401e603eb324c2bb70a421031413febc57c4430a1830d7a20a340e96d91f2c697b72cc3b5e15e25545e34c450627d507db571c6e37d05cf5c514395bccedda4355a99f9eea40e02e64ab181388e6c4ae9cc4e207eb0d0e2292e699571a9e920cefbadd4b8e19bd083684d6d6bf714aae54d4518c916c7d8c6f7fb5c5cd242a16d93b20b20823ea3fd4dc6b821b984fa2c2730cc48b95b45941ab16c059072e746af258cee0836b209e70d0eea2c99d7a38c7da804e6c95411dd810e9f1925703fd29298e55baa6a65489b21d2ddaf4ad7d61ea56465a4da7ab43b30a614ddbe7fd1e49484e44f0991796bd2c84aa8c6382708f87a8d7e4782b564e67ecb30d808b0e9cdd2aa778016eb6d0c220d8d008503e7d3f014fb1d0139a54253dced9fb1862"}, {0x3, 0x0, 0xc37, 0x0}, {0x1, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0xfffffffc, 0x0}, {0x2, 0x0, 0xa, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x3, 0x0, 0x2b7c, 0x0}, {0x3, 0x0, 0x9c7, 0x0}, {0x0, 0x0, 0x81, 0x0}, {0x5, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x8001, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x0, 0x0, 0xffffffff, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x2, 0x0}]})

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3]
detailed listing:
executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/icmp\x00')
read$FUSE(r0, &(0x7f0000001240)={0x2020}, 0x2020)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/186, 0xba}], 0x1, 0x5, 0x0)
executing program 0:
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='mpol=bind:7-'])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1004014, &(0x7f00000000c0))
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program crashed: INFO: task hung in inet_rtm_newaddr
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program crashed: INFO: task hung in reg_check_chans_work
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program crashed: INFO: task hung in inet_rtm_newaddr
bisect: concatenation succeeded
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-syz_emit_ethernet
detailed listing:
executing program 0:
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in inet_rtm_newaddr
extracting C reproducer
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
program crashed: INFO: task hung in cfg80211_event_work
a never seen crash title: INFO: task hung in cfg80211_event_work, ignore
simplifying guilty program options
testing program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in addrconf_dad_work
a never seen crash title: INFO: task hung in addrconf_dad_work, ignore
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in addrconf_dad_work
a never seen crash title: INFO: task hung in addrconf_dad_work, ignore
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in inet_rtm_newaddr
validation run: crashed=true
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in addrconf_dad_work
validation run: crashed=true
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in inet6_rtm_newaddr
validation run: crashed=true
reproducing took 4h16m14.733928158s
repro crashed as (corrupted=false):
INFO: task syz-executor:5951 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20488 pid:5951  tgid:5[  290.918110][   T38] task:syz-executor    state:D stack:20488 pid:5951  tgid:5951  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet6_rtm_newaddr+0x5b7/0xd20 net/ipv6/addrconf.c:5027
 rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6c30420a7c
RSP: 002b:00007ffefc46e050 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f6c31184620 RCX: 00007f6c30420a7c
RDX: 0000000000000040 RSI: 00007f6c31184670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffefc46e0a4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f6c31184670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:5959 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20488 pid:5959  tgid:5959  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_lock net/core/rtnetlink.c:80 [inline]
 rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
 rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff3de110a7c
RSP: 002b:00007ffc509b9750 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ff3dee74620 RCX: 00007ff3de110a7c
RDX: 000000000000002c RSI: 00007ff3dee74670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffc509b97a4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007ff3dee74670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:5960 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:21672 pid:5960  tgid:5960  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_lock net/core/rtnetlink.c:80 [inline]
 rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
 rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fde01990a7c
RSP: 002b:00007ffcfe2f0e60 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fde026f4620 RCX: 00007fde01990a7c
RDX: 000000000000002c RSI: 00007fde026f4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffcfe2f0eb4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fde026f4670 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:1/10:
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900000f7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900000f7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 net/wireless/reg.c:2483
4 locks held by kworker/u8:0/12:
 #0: ffff888030b77138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030b77138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000117bc0 ((work_completion)(&(&bat_priv->tt.work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000117bc0 ((work_completion)(&(&bat_priv->tt.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
2 locks held by ksoftirqd/0/15:
 #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by rcuc/0/20:
4 locks held by kworker/1:0/31:
 #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000a5fbc0 (reg_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000a5fbc0 (reg_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: reg_todo+0x1c/0x8c0 net/wireless/reg.c:3219
 #3: ffff88805b0b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #3: ffff88805b0b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_process_self_managed_hints+0xaf/0x1c0 net/wireless/reg.c:3209
1 lock held by khungtaskd/38:
 #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:3/57:
 #0: ffff8880302f0938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff8880302f0938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000123fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000123fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 net/ipv6/addrconf.c:4194
5 locks held by kworker/u9:0/59:
 #0: ffff88802995c138 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802995c138 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000125fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000125fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88803aa38e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff88803aa380a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 net/bluetooth/hci_conn.c:1313
7 locks held by kworker/u8:4/67:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000152fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000152fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880348eb300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888058df8d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888058df8d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888058df8d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by kworker/u8:5/150:
7 locks held by kworker/u8:6/1142:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004a87bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004a87bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888036797300 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888147bde120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888147bde120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888147bde120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by kworker/u8:7/1159:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004b47bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004b47bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805b0b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #2: ffff88805b0b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 net/wireless/core.c:421
 #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by kworker/u8:8/1174:
2 locks held by kworker/0:2/1231:
3 locks held by kworker/u8:9/1469:
4 locks held by kworker/u9:1/5155:
 #0: ffff888026a2d938 ((wq_completion)hci4){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888026a2d938 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000fe7fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000fe7fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888057d84e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff888057d840a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
3 locks held by udevd/5206:
 #0: ffff8880396a8350 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff8880396a8350 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: netlink_insert+0xd3/0x1370 net/netlink/af_netlink.c:557
 #1: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by dhcpcd/5501:
2 locks held by getty/5599:
 #0: ffff88823bf280a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003e762e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 drivers/tty/n_tty.c:2222
2 locks held by dhcpcd/5642:
 #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/0:3/5893:
 #0: ffff88803d4d2938 ((wq_completion)wg-crypt-wg1){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803d4d2938 ((wq_completion)wg-crypt-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004af7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004af7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u9:2/5894:
 #0: ffff888030547138 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030547138 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004c27bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004c27bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805f7480a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/0:4/5945:
 #0: ffff888056507538 ((wq_completion)wg-crypt-wg2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888056507538 ((wq_completion)wg-crypt-wg2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000411fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000411fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880338aa818 (&p->pi_lock){-...}-{2:2}, at: mark_wakeup_next_waiter kernel/locking/rtmutex.c:1319 [inline]
 #3: ffff8880338aa818 (&p->pi_lock){-...}-{2:2}, at: rt_mutex_slowunlock+0x181/0x8a0 kernel/locking/rtmutex.c:1466
3 locks held by kworker/1:3/5946:
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900040ffbc0 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900040ffbc0 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: crda_timeout_work+0x15/0x50 net/wireless/reg.c:541
1 lock held by syz-executor/5951:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x5b7/0xd20 net/ipv6/addrconf.c:5027
3 locks held by syz-executor/5957:
 #0: ffff8880297ace80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff8880297ace80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff8880297ac0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
1 lock held by syz-executor/5959:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
1 lock held by syz-executor/5960:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
4 locks held by kworker/u9:3/5962:
 #0: ffff888028170138 ((wq_completion)hci8#4){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888028170138 ((wq_completion)hci8#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004be7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004be7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880631f40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by syz.1.22/6127:
 #0: ffff888028da0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888028da0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff888028da00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
 #3: ffff888026a2b358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 net/bluetooth/l2cap_core.c:1762
1 lock held by syz-executor/6143:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by syz-executor/6149:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by syz-executor/6150:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
5 locks held by kworker/u9:5/6157:
 #0: ffff888026a2a938 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888026a2a938 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003abfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003abfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880333b8e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff8880333b80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 net/bluetooth/hci_conn.c:1313
1 lock held by syz-executor/6164:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by syz-executor/6167:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
4 locks held by kworker/u9:6/6171:
 #0: ffff888039ed4938 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888039ed4938 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003a3fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003a3fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88806f8040a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
5 locks held by kworker/u9:7/6172:
 #0: ffff88802fb12938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802fb12938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003b0fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003b0fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88803df08e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff88803df080a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 net/bluetooth/hci_conn.c:1313
4 locks held by kworker/1:7/6173:
 #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004d27bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004d27bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by syz-executor/6176:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by syz-executor/6180:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
4 locks held by kworker/u9:8/6184:
 #0: ffff88803ddcc138 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803ddcc138 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000156fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000156fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88806acf40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by syz-executor/6185:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by dhcpcd/6188:
 #0: ffff88803bd9a350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff88803bd9a350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by syz-executor/6189:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
4 locks held by kworker/u9:9/6191:
 #0: ffff888030b72938 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030b72938 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000155fbc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000155fbc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u9:10/6193:
 #0: ffff888058dce138 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888058dce138 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004d67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004d67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880590c00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by syz-executor/6194:
 #0: ffff8880421f1d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:869 [inline]
 #0: ffff8880421f1d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: __sock_release net/socket.c:648 [inline]
 #0: ffff8880421f1d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 net/socket.c:1439
 #1: ffff888035a05350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #1: ffff888035a05350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x5b/0x520 net/bluetooth/hci_sock.c:912
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by udevd/6196:
1 lock held by dhcpcd/6197:
 #0: ffff888032996350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff888032996350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
2 locks held by kworker/0:8/6198:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__orc_find arch/x86/kernel/unwind_orc.c:99 [inline]
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:227 [inline]
RIP: 0010:unwind_next_frame+0x1334/0x2390 arch/x86/kernel/unwind_orc.c:494
Code: 0f b6 04 08 84 c0 75 27 49 63 07 4c 01 f8 49 8d 4f 04 4c 39 e0 48 0f 46 e9 49 8d 47 fc 48 0f 47 d8 4d 0f 46 ef 48 39 dd 76 a2 <e9> 7b ef ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 7c cc 4c 89 ff 48
RSP: 0018:ffffc90000196438 EFLAGS: 00000202
RAX: ffffffff8f32c4e4 RBX: ffffffff8f32c4e8 RCX: ffffffff8f32c4ec
RDX: ffffffff8f32c4e8 RSI: ffffffff8faa4d24 RDI: ffffffff8b620da0
RBP: ffffffff8f32c4ec R08: 0000000000000001 R09: ffffffff8172b165
R10: ffffc90000196558 R11: ffffffff81aae030 R12: ffffffff81a6a163
R13: ffffffff8f32c4e8 R14: ffffc90000196508 R15: ffffffff8f32c4e8
FS:  0000000000000000(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564149111660 CR3: 000000002f056000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:330 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:356
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4180 [inline]
 slab_alloc_node mm/slub.c:4229 [inline]
 kmem_cache_alloc_noprof+0x143/0x310 mm/slub.c:4236
 kmem_alloc_batch lib/debugobjects.c:371 [inline]
 fill_pool+0x100/0x570 lib/debugobjects.c:403
 debug_objects_fill_pool+0x107/0x120 lib/debugobjects.c:725
 debug_object_activate+0x6c/0x3a0 lib/debugobjects.c:814
 debug_rcu_head_queue kernel/rcu/rcu.h:236 [inline]
 __call_rcu_common kernel/rcu/tree.c:3108 [inline]
 call_rcu+0xaa/0x9c0 kernel/rcu/tree.c:3243
 refdst_drop include/net/dst.h:263 [inline]
 skb_dst_drop include/net/dst.h:275 [inline]
 skb_release_head_state+0x71/0x250 net/core/skbuff.c:1135
 skb_release_all net/core/skbuff.c:1149 [inline]
 __kfree_skb net/core/skbuff.c:1165 [inline]
 consume_skb+0x60/0xf0 net/core/skbuff.c:1397
 nft_synproxy_eval_v4+0x376/0x560 net/netfilter/nft_synproxy.c:60
 nft_synproxy_do_eval+0x345/0x570 net/netfilter/nft_synproxy.c:141
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x409/0x1920 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x25d/0x340 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK+0x206/0x3a0 include/linux/netfilter.h:316
 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318
 __netif_receive_skb_one_core net/core/dev.c:5991 [inline]
 __netif_receive_skb+0x143/0x380 net/core/dev.c:6104
 process_backlog+0x31e/0x900 net/core/dev.c:6456
 __napi_poll+0xb6/0x540 net/core/dev.c:7506
 napi_poll net/core/dev.c:7569 [inline]
 net_rx_action+0x707/0xe00 net/core/dev.c:7696
 handle_softirqs+0x22c/0x710 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 __local_bh_enable_ip+0x179/0x270 kernel/softirq.c:259
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_cpu_kthread+0x12b4/0x1b50 kernel/rcu/tree.c:2950
 smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

final repro crashed as (corrupted=false):
INFO: task syz-executor:5951 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20488 pid:5951  tgid:5[  290.918110][   T38] task:syz-executor    state:D stack:20488 pid:5951  tgid:5951  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet6_rtm_newaddr+0x5b7/0xd20 net/ipv6/addrconf.c:5027
 rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6c30420a7c
RSP: 002b:00007ffefc46e050 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f6c31184620 RCX: 00007f6c30420a7c
RDX: 0000000000000040 RSI: 00007f6c31184670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffefc46e0a4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f6c31184670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:5959 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:20488 pid:5959  tgid:5959  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_lock net/core/rtnetlink.c:80 [inline]
 rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
 rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff3de110a7c
RSP: 002b:00007ffc509b9750 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ff3dee74620 RCX: 00007ff3de110a7c
RDX: 000000000000002c RSI: 00007ff3dee74670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffc509b97a4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007ff3dee74670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:5960 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:21672 pid:5960  tgid:5960  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_lock net/core/rtnetlink.c:80 [inline]
 rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
 rtnetlink_rcv_msg+0x7cc/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fde01990a7c
RSP: 002b:00007ffcfe2f0e60 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fde026f4620 RCX: 00007fde01990a7c
RDX: 000000000000002c RSI: 00007fde026f4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffcfe2f0eb4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fde026f4670 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:1/10:
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900000f7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900000f7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 net/wireless/reg.c:2483
4 locks held by kworker/u8:0/12:
 #0: ffff888030b77138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030b77138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000117bc0 ((work_completion)(&(&bat_priv->tt.work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000117bc0 ((work_completion)(&(&bat_priv->tt.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
2 locks held by ksoftirqd/0/15:
 #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by rcuc/0/20:
4 locks held by kworker/1:0/31:
 #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000a5fbc0 (reg_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000a5fbc0 (reg_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: reg_todo+0x1c/0x8c0 net/wireless/reg.c:3219
 #3: ffff88805b0b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #3: ffff88805b0b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_process_self_managed_hints+0xaf/0x1c0 net/wireless/reg.c:3209
1 lock held by khungtaskd/38:
 #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:3/57:
 #0: ffff8880302f0938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff8880302f0938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000123fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000123fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 net/ipv6/addrconf.c:4194
5 locks held by kworker/u9:0/59:
 #0: ffff88802995c138 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802995c138 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000125fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000125fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88803aa38e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff88803aa380a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 net/bluetooth/hci_conn.c:1313
7 locks held by kworker/u8:4/67:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000152fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000152fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880348eb300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888058df8d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888058df8d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888058df8d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by kworker/u8:5/150:
7 locks held by kworker/u8:6/1142:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004a87bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004a87bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888036797300 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888147bde120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888147bde120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888147bde120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by kworker/u8:7/1159:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004b47bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004b47bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805b0b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #2: ffff88805b0b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 net/wireless/core.c:421
 #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by kworker/u8:8/1174:
2 locks held by kworker/0:2/1231:
3 locks held by kworker/u8:9/1469:
4 locks held by kworker/u9:1/5155:
 #0: ffff888026a2d938 ((wq_completion)hci4){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888026a2d938 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000fe7fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000fe7fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888057d84e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff888057d840a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
3 locks held by udevd/5206:
 #0: ffff8880396a8350 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff8880396a8350 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: netlink_insert+0xd3/0x1370 net/netlink/af_netlink.c:557
 #1: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by dhcpcd/5501:
2 locks held by getty/5599:
 #0: ffff88823bf280a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003e762e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 drivers/tty/n_tty.c:2222
2 locks held by dhcpcd/5642:
 #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/0:3/5893:
 #0: ffff88803d4d2938 ((wq_completion)wg-crypt-wg1){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803d4d2938 ((wq_completion)wg-crypt-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004af7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004af7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u9:2/5894:
 #0: ffff888030547138 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030547138 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004c27bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004c27bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805f7480a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/0:4/5945:
 #0: ffff888056507538 ((wq_completion)wg-crypt-wg2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888056507538 ((wq_completion)wg-crypt-wg2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000411fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000411fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880338aa818 (&p->pi_lock){-...}-{2:2}, at: mark_wakeup_next_waiter kernel/locking/rtmutex.c:1319 [inline]
 #3: ffff8880338aa818 (&p->pi_lock){-...}-{2:2}, at: rt_mutex_slowunlock+0x181/0x8a0 kernel/locking/rtmutex.c:1466
3 locks held by kworker/1:3/5946:
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900040ffbc0 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900040ffbc0 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: crda_timeout_work+0x15/0x50 net/wireless/reg.c:541
1 lock held by syz-executor/5951:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x5b7/0xd20 net/ipv6/addrconf.c:5027
3 locks held by syz-executor/5957:
 #0: ffff8880297ace80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff8880297ace80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff8880297ac0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
1 lock held by syz-executor/5959:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
1 lock held by syz-executor/5960:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
4 locks held by kworker/u9:3/5962:
 #0: ffff888028170138 ((wq_completion)hci8#4){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888028170138 ((wq_completion)hci8#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004be7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004be7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880631f40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by syz.1.22/6127:
 #0: ffff888028da0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888028da0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff888028da00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
 #3: ffff888026a2b358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 net/bluetooth/l2cap_core.c:1762
1 lock held by syz-executor/6143:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by syz-executor/6149:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by syz-executor/6150:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
5 locks held by kworker/u9:5/6157:
 #0: ffff888026a2a938 ((wq_completion)hci3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888026a2a938 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003abfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003abfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880333b8e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff8880333b80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 net/bluetooth/hci_conn.c:1313
1 lock held by syz-executor/6164:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by syz-executor/6167:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
4 locks held by kworker/u9:6/6171:
 #0: ffff888039ed4938 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888039ed4938 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003a3fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003a3fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88806f8040a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
5 locks held by kworker/u9:7/6172:
 #0: ffff88802fb12938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802fb12938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003b0fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003b0fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88803df08e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff88803df080a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #4: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 net/bluetooth/hci_conn.c:1313
4 locks held by kworker/1:7/6173:
 #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004d27bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004d27bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by syz-executor/6176:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by syz-executor/6180:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
4 locks held by kworker/u9:8/6184:
 #0: ffff88803ddcc138 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803ddcc138 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000156fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000156fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88806acf40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by syz-executor/6185:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
1 lock held by dhcpcd/6188:
 #0: ffff88803bd9a350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff88803bd9a350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by syz-executor/6189:
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:979
4 locks held by kworker/u9:9/6191:
 #0: ffff888030b72938 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030b72938 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000155fbc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000155fbc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u9:10/6193:
 #0: ffff888058dce138 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888058dce138 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004d67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004d67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880590c00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by syz-executor/6194:
 #0: ffff8880421f1d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:869 [inline]
 #0: ffff8880421f1d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: __sock_release net/socket.c:648 [inline]
 #0: ffff8880421f1d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 net/socket.c:1439
 #1: ffff888035a05350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #1: ffff888035a05350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x5b/0x520 net/bluetooth/hci_sock.c:912
 #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by udevd/6196:
1 lock held by dhcpcd/6197:
 #0: ffff888032996350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1667 [inline]
 #0: ffff888032996350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
2 locks held by kworker/0:8/6198:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__orc_find arch/x86/kernel/unwind_orc.c:99 [inline]
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:227 [inline]
RIP: 0010:unwind_next_frame+0x1334/0x2390 arch/x86/kernel/unwind_orc.c:494
Code: 0f b6 04 08 84 c0 75 27 49 63 07 4c 01 f8 49 8d 4f 04 4c 39 e0 48 0f 46 e9 49 8d 47 fc 48 0f 47 d8 4d 0f 46 ef 48 39 dd 76 a2 <e9> 7b ef ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 7c cc 4c 89 ff 48
RSP: 0018:ffffc90000196438 EFLAGS: 00000202
RAX: ffffffff8f32c4e4 RBX: ffffffff8f32c4e8 RCX: ffffffff8f32c4ec
RDX: ffffffff8f32c4e8 RSI: ffffffff8faa4d24 RDI: ffffffff8b620da0
RBP: ffffffff8f32c4ec R08: 0000000000000001 R09: ffffffff8172b165
R10: ffffc90000196558 R11: ffffffff81aae030 R12: ffffffff81a6a163
R13: ffffffff8f32c4e8 R14: ffffc90000196508 R15: ffffffff8f32c4e8
FS:  0000000000000000(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564149111660 CR3: 000000002f056000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:330 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:356
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4180 [inline]
 slab_alloc_node mm/slub.c:4229 [inline]
 kmem_cache_alloc_noprof+0x143/0x310 mm/slub.c:4236
 kmem_alloc_batch lib/debugobjects.c:371 [inline]
 fill_pool+0x100/0x570 lib/debugobjects.c:403
 debug_objects_fill_pool+0x107/0x120 lib/debugobjects.c:725
 debug_object_activate+0x6c/0x3a0 lib/debugobjects.c:814
 debug_rcu_head_queue kernel/rcu/rcu.h:236 [inline]
 __call_rcu_common kernel/rcu/tree.c:3108 [inline]
 call_rcu+0xaa/0x9c0 kernel/rcu/tree.c:3243
 refdst_drop include/net/dst.h:263 [inline]
 skb_dst_drop include/net/dst.h:275 [inline]
 skb_release_head_state+0x71/0x250 net/core/skbuff.c:1135
 skb_release_all net/core/skbuff.c:1149 [inline]
 __kfree_skb net/core/skbuff.c:1165 [inline]
 consume_skb+0x60/0xf0 net/core/skbuff.c:1397
 nft_synproxy_eval_v4+0x376/0x560 net/netfilter/nft_synproxy.c:60
 nft_synproxy_do_eval+0x345/0x570 net/netfilter/nft_synproxy.c:141
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x409/0x1920 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x25d/0x340 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK+0x206/0x3a0 include/linux/netfilter.h:316
 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318
 __netif_receive_skb_one_core net/core/dev.c:5991 [inline]
 __netif_receive_skb+0x143/0x380 net/core/dev.c:6104
 process_backlog+0x31e/0x900 net/core/dev.c:6456
 __napi_poll+0xb6/0x540 net/core/dev.c:7506
 napi_poll net/core/dev.c:7569 [inline]
 net_rx_action+0x707/0xe00 net/core/dev.c:7696
 handle_softirqs+0x22c/0x710 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 __local_bh_enable_ip+0x179/0x270 kernel/softirq.c:259
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_cpu_kthread+0x12b4/0x1b50 kernel/rcu/tree.c:2950
 smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>