Extracting prog: 1h58m14.697988586s
Minimizing prog: 1h22m27.988004481s
Simplifying prog options: 6m49.012717425s
Extracting C: 4m23.398191123s
Simplifying C: 0s


extracting reproducer from 42 programs
testing a last program of every proc
single: executing 12 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mprotect-socket$packet-setsockopt$packet_int
detailed listing:
executing program 0:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-setsockopt$sock_attach_bpf-sendmsg$kcm
detailed listing:
executing program 0:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@qipcrtr={0x2a, 0x3, 0x7fff}, 0x80, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000400)="f03d07bd2b9caa8fa56d", 0xa}], 0x2}, 0x8881)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-prctl$PR_SET_THP_DISABLE
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_GET_IRQCHIP
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mprotect-socket$packet-setsockopt$packet_int
detailed listing:
executing program 0:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a91010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6070000004e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af555f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f52766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000000900010073797a30000000000900020073797a32"], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-setsockopt$sock_attach_bpf-sendmsg$kcm
detailed listing:
executing program 0:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@qipcrtr={0x2a, 0x3, 0x7fff}, 0x80, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000400)="f03d07bd2b9caa8fa56d", 0xa}], 0x2}, 0x8881)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-prctl$PR_SET_THP_DISABLE
detailed listing:
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_GET_IRQCHIP
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a91010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6070000004e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af555f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f52766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000000900010073797a30000000000900020073797a32"], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-fcntl$dupfd-bind$nfc_llcp
detailed listing:
executing program 0:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = fcntl$dupfd(r0, 0x406, r0)
bind$nfc_llcp(r1, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x5, 0x48, 0xf9, "10c06c7a6773b5b7eced6f42597ac9e8fcc3f43a5294974b46ec1fb9809043a828fc5a44c7a506274edfafc3503628e8dffff27af3f84e5502e1cb7915de48", 0x1f}, 0x60)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_j1939-fcntl$dupfd-bind$nfc_llcp
detailed listing:
executing program 0:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = fcntl$dupfd(r0, 0x406, r0)
bind$nfc_llcp(r1, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x5, 0x48, 0xf9, "10c06c7a6773b5b7eced6f42597ac9e8fcc3f43a5294974b46ec1fb9809043a828fc5a44c7a506274edfafc3503628e8dffff27af3f84e5502e1cb7915de48", 0x1f}, 0x60)

program did not crash
single: failed to extract reproducer
bisect: bisecting 42 programs with base timeout 6m0s
testing program (duration=6m10s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1b, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x800}}, 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x50, &(0x7f0000000100), 0x48)
executing program 3:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x1, @empty, 'hsr0\x00'}}, 0x1e)
sendmmsg$sock(r0, &(0x7f0000001dc0), 0x213, 0x0)
executing program 3:
memfd_secret(0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x0)
sendfile(r0, r0, 0x0, 0xc)
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20)
executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000340)={0x2, 0x4e20, 0x0, @dev}, 0x1c)
sendmmsg$inet(r0, &(0x7f0000002ac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x0)
executing program 3:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = fcntl$dupfd(r0, 0x406, r0)
bind$nfc_llcp(r1, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x5, 0x48, 0xf9, "10c06c7a6773b5b7eced6f42597ac9e8fcc3f43a5294974b46ec1fb9809043a828fc5a44c7a506274edfafc3503628e8dffff27af3f84e5502e1cb7915de48", 0x1f}, 0x60)
executing program 32:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = fcntl$dupfd(r0, 0x406, r0)
bind$nfc_llcp(r1, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x5, 0x48, 0xf9, "10c06c7a6773b5b7eced6f42597ac9e8fcc3f43a5294974b46ec1fb9809043a828fc5a44c7a506274edfafc3503628e8dffff27af3f84e5502e1cb7915de48", 0x1f}, 0x60)
executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a300000000034000480300001800a0001006d617463680000002000028005000300000000000b000100736f636b657400000800024000000003"], 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0)
executing program 5:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
writev(r0, &(0x7f0000001540)=[{&(0x7f0000000040)="634f7f", 0x3}], 0x1)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x5011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xfffe, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x6}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x3, "4cc0688d"}]}}, 0x0}, 0x0)
executing program 1:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0)
executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000440), 0x23, r0}, 0x38)
executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0xc800)
recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)
executing program 1:
r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r0, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980282100f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
executing program 5:
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000080)=""/43, 0x2b)
getdents(r0, 0x0, 0xbb)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a91010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6070000004e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af555f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f52766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000000900010073797a30000000000900020073797a32"], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
executing program 5:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001180)={&(0x7f00000000c0)='sys_exit\x00', r0}, 0x18)
mount_setattr(0xffffffffffffffff, 0x0, 0x1000, 0x0, 0x0)
executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x639)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x6, 0xff00, 0x0, 'syz0\x00', 0xfffffffd}, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
executing program 0:
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0xc0, 0x7ff00003}]})
fsopen(0x0, 0x0)
executing program 4:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@hci={0x1f, 0x8, 0x4}, 0x80, &(0x7f0000000580)=[{&(0x7f00000000c0)="270502001a0014000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e5700001028", 0x41}], 0x1}, 0x8050)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000000014000580080001"], 0x5c}}, 0x0)
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x6}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0017"], 0x44}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x4008084}, 0x24040010)
executing program 0:
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000280)=0x1)
ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000fc0)={0x0, 0x0, '\x00', @raw_data=[0x6, 0x9, 0x7, 0x1, 0x6, 0xf909, 0x341f, 0x0, 0x400, 0x2, 0x8, 0x248, 0x9, 0xffff, 0x6, 0x80000001, 0x9, 0x80, 0x5, 0xff, 0x6, 0x7fffffff, 0xffff7fff, 0x9, 0x8, 0x9, 0xe, 0x1, 0xcda, 0x5, 0x8, 0x4]})
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, 0x0)
executing program 5:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
executing program 4:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000040)={0x6, 'ip6_vti0\x00', {}, 0x1})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x0, 'bridge_slave_1\x00', {0x2}, 0x5})
executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
writev(r0, &(0x7f0000001540)=[{&(0x7f0000000040)="634f7f", 0x3}], 0x1)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="8db42640452d591175c9d623b515c6d2d075d57080200000ea0001000000dae5", 0x20)
executing program 4:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@qipcrtr={0x2a, 0x3, 0x7fff}, 0x80, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000400)="f03d07bd2b9caa8fa56d", 0xa}], 0x2}, 0x8881)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000003c0)={0x44, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x2}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
executing program 2:
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x6)
executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000281c0040000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe00000000b6090000002000a80700000050000058bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff550000000800000018220000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000005d9800000000000056000000a80000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x11, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002740)=""/4071, 0xfe7}], 0x1}}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/96, 0x60}, {&(0x7f0000001740)=""/4082, 0xff2}, {&(0x7f0000000380)=""/4092, 0xffc}], 0x3}, 0x9}], 0x3, 0x2, 0x0)
executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x30, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x48004)
executing program 33:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a91010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6070000004e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af555f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f52766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000000900010073797a30000000000900020073797a32"], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
executing program 2:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
executing program 34:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, 0x0)
executing program 35:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
executing program 36:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@qipcrtr={0x2a, 0x3, 0x7fff}, 0x80, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000400)="f03d07bd2b9caa8fa56d", 0xa}], 0x2}, 0x8881)
executing program 37:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)

program crashed: no output from test machine
bisect: bisecting 42 programs
bisect: split chunks (needed=false): <42>
bisect: split chunk #0 of len 42 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=6m7s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 1:
r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r0, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980282100f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
executing program 5:
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000080)=""/43, 0x2b)
getdents(r0, 0x0, 0xbb)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a91010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6070000004e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af555f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f52766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000000900010073797a30000000000900020073797a32"], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
executing program 5:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001180)={&(0x7f00000000c0)='sys_exit\x00', r0}, 0x18)
mount_setattr(0xffffffffffffffff, 0x0, 0x1000, 0x0, 0x0)
executing program 4:
r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x639)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x6, 0xff00, 0x0, 'syz0\x00', 0xfffffffd}, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
executing program 0:
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0xc0, 0x7ff00003}]})
fsopen(0x0, 0x0)
executing program 4:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@hci={0x1f, 0x8, 0x4}, 0x80, &(0x7f0000000580)=[{&(0x7f00000000c0)="270502001a0014000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e5700001028", 0x41}], 0x1}, 0x8050)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000000014000580080001"], 0x5c}}, 0x0)
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x6}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0017"], 0x44}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x4008084}, 0x24040010)
executing program 0:
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000280)=0x1)
ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000fc0)={0x0, 0x0, '\x00', @raw_data=[0x6, 0x9, 0x7, 0x1, 0x6, 0xf909, 0x341f, 0x0, 0x400, 0x2, 0x8, 0x248, 0x9, 0xffff, 0x6, 0x80000001, 0x9, 0x80, 0x5, 0xff, 0x6, 0x7fffffff, 0xffff7fff, 0x9, 0x8, 0x9, 0xe, 0x1, 0xcda, 0x5, 0x8, 0x4]})
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, 0x0)
executing program 5:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
executing program 4:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000040)={0x6, 'ip6_vti0\x00', {}, 0x1})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x0, 'bridge_slave_1\x00', {0x2}, 0x5})
executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
writev(r0, &(0x7f0000001540)=[{&(0x7f0000000040)="634f7f", 0x3}], 0x1)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="8db42640452d591175c9d623b515c6d2d075d57080200000ea0001000000dae5", 0x20)
executing program 4:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@qipcrtr={0x2a, 0x3, 0x7fff}, 0x80, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000400)="f03d07bd2b9caa8fa56d", 0xa}], 0x2}, 0x8881)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000003c0)={0x44, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x2}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
executing program 2:
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x6)
executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000281c0040000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe00000000b6090000002000a80700000050000058bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff550000000800000018220000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000005d9800000000000056000000a80000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x11, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002740)=""/4071, 0xfe7}], 0x1}}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/96, 0x60}, {&(0x7f0000001740)=""/4082, 0xff2}, {&(0x7f0000000380)=""/4092, 0xffc}], 0x3}, 0x9}], 0x3, 0x2, 0x0)
executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x30, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x48004)
executing program 33:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a91010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6070000004e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af555f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f52766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000000900010073797a30000000000900020073797a32"], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
executing program 2:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
executing program 34:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, 0x0)
executing program 35:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
executing program 36:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@qipcrtr={0x2a, 0x3, 0x7fff}, 0x80, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000400)="f03d07bd2b9caa8fa56d", 0xa}], 0x2}, 0x8881)
executing program 37:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)

program did not crash
bisect: testing without sub-chunk 2/3
testing program (duration=6m7s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1b, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x800}}, 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x50, &(0x7f0000000100), 0x48)
executing program 3:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x1, @empty, 'hsr0\x00'}}, 0x1e)
sendmmsg$sock(r0, &(0x7f0000001dc0), 0x213, 0x0)
executing program 3:
memfd_secret(0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x0)
sendfile(r0, r0, 0x0, 0xc)
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20)
executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000340)={0x2, 0x4e20, 0x0, @dev}, 0x1c)
sendmmsg$inet(r0, &(0x7f0000002ac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x0)
executing program 3:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = fcntl$dupfd(r0, 0x406, r0)
bind$nfc_llcp(r1, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x5, 0x48, 0xf9, "10c06c7a6773b5b7eced6f42597ac9e8fcc3f43a5294974b46ec1fb9809043a828fc5a44c7a506274edfafc3503628e8dffff27af3f84e5502e1cb7915de48", 0x1f}, 0x60)
executing program 32:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = fcntl$dupfd(r0, 0x406, r0)
bind$nfc_llcp(r1, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x5, 0x48, 0xf9, "10c06c7a6773b5b7eced6f42597ac9e8fcc3f43a5294974b46ec1fb9809043a828fc5a44c7a506274edfafc3503628e8dffff27af3f84e5502e1cb7915de48", 0x1f}, 0x60)
executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a300000000034000480300001800a0001006d617463680000002000028005000300000000000b000100736f636b657400000800024000000003"], 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0)
executing program 5:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
writev(r0, &(0x7f0000001540)=[{&(0x7f0000000040)="634f7f", 0x3}], 0x1)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x5011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xfffe, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x6}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x3, "4cc0688d"}]}}, 0x0}, 0x0)
executing program 1:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0)
executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000440), 0x23, r0}, 0x38)
executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0xc800)
recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)
executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
writev(r0, &(0x7f0000001540)=[{&(0x7f0000000040)="634f7f", 0x3}], 0x1)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="8db42640452d591175c9d623b515c6d2d075d57080200000ea0001000000dae5", 0x20)
executing program 4:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@qipcrtr={0x2a, 0x3, 0x7fff}, 0x80, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000400)="f03d07bd2b9caa8fa56d", 0xa}], 0x2}, 0x8881)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000003c0)={0x44, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x2}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
executing program 2:
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x6)
executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000281c0040000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe00000000b6090000002000a80700000050000058bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffff550000000800000018220000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000005d9800000000000056000000a80000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x11, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000002740)=""/4071, 0xfe7}], 0x1}}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/96, 0x60}, {&(0x7f0000001740)=""/4082, 0xff2}, {&(0x7f0000000380)=""/4092, 0xffc}], 0x3}, 0x9}], 0x3, 0x2, 0x0)
executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x30, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x48004)
executing program 33:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a91010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6070000004e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af555f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f52766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000000900010073797a30000000000900020073797a32"], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
executing program 2:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
executing program 34:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, 0x0)
executing program 35:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
executing program 36:
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000001640)=@qipcrtr={0x2a, 0x3, 0x7fff}, 0x80, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000400)="f03d07bd2b9caa8fa56d", 0xa}], 0x2}, 0x8881)
executing program 37:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)

program crashed: INFO: task hung in netdev_run_todo
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
testing program (duration=6m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1b, 0x3, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x800}}, 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x50, &(0x7f0000000100), 0x48)
executing program 3:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x1, @empty, 'hsr0\x00'}}, 0x1e)
sendmmsg$sock(r0, &(0x7f0000001dc0), 0x213, 0x0)
executing program 3:
memfd_secret(0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x0)
sendfile(r0, r0, 0x0, 0xc)
executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20)
executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000340)={0x2, 0x4e20, 0x0, @dev}, 0x1c)
sendmmsg$inet(r0, &(0x7f0000002ac0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x0)
executing program 3:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = fcntl$dupfd(r0, 0x406, r0)
bind$nfc_llcp(r1, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x5, 0x48, 0xf9, "10c06c7a6773b5b7eced6f42597ac9e8fcc3f43a5294974b46ec1fb9809043a828fc5a44c7a506274edfafc3503628e8dffff27af3f84e5502e1cb7915de48", 0x1f}, 0x60)
executing program 32:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = fcntl$dupfd(r0, 0x406, r0)
bind$nfc_llcp(r1, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x5, 0x48, 0xf9, "10c06c7a6773b5b7eced6f42597ac9e8fcc3f43a5294974b46ec1fb9809043a828fc5a44c7a506274edfafc3503628e8dffff27af3f84e5502e1cb7915de48", 0x1f}, 0x60)
executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a300000000034000480300001800a0001006d617463680000002000028005000300000000000b000100736f636b657400000800024000000003"], 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0)
executing program 5:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
writev(r0, &(0x7f0000001540)=[{&(0x7f0000000040)="634f7f", 0x3}], 0x1)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x5011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xfffe, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x6}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x3, "4cc0688d"}]}}, 0x0}, 0x0)
executing program 1:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0)
executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000440), 0x23, r0}, 0x38)
executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0xc800)
recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program crashed: INFO: task hung in netdev_run_todo
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <14>
bisect: split chunk #0 of len 14 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3, 3, 3, 3, 3]
detailed listing:
executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a300000000034000480300001800a0001006d617463680000002000028005000300000000000b000100736f636b657400000800024000000003"], 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0)
executing program 5:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
writev(r0, &(0x7f0000001540)=[{&(0x7f0000000040)="634f7f", 0x3}], 0x1)
ioctl$SNAPSHOT_FREE(r0, 0x3305)
executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x5011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xfffe, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x6}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x3, "4cc0688d"}]}}, 0x0}, 0x0)
executing program 1:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000000180), 0x32bc45944b084a6, 0x0)
executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000440), 0x23, r0}, 0x38)
executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0xc800)
recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program crashed: INFO: task hung in netdev_run_todo
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <7>
bisect: split chunk #0 of len 7 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 3]
detailed listing:
executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000440), 0x23, r0}, 0x38)
executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0xc800)
recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program crashed: INFO: task hung in free_mem_alloc_deferred
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program crashed: INFO: task hung in inet_rtm_newaddr
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program crashed: INFO: task hung in inet_rtm_newaddr
bisect: concatenation succeeded
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-syz_emit_ethernet
detailed listing:
executing program 0:
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB], 0xcc}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in addrconf_dad_work
extracting C reproducer
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
program crashed: INFO: task hung in linkwatch_event
a never seen crash title: INFO: task hung in linkwatch_event, ignore
simplifying guilty program options
testing program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: rcu detected stall in corrupted
a never seen crash title: INFO: rcu detected stall in corrupted, ignore
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in fqdir_free_fn
a never seen crash title: INFO: task hung in fqdir_free_fn, ignore
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in addrconf_dad_work
validation run: crashed=true
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in addrconf_dad_work
validation run: crashed=true
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

program crashed: INFO: task hung in addrconf_dad_work
validation run: crashed=true
reproducing took 3h47m27.157779447s
repro crashed as (corrupted=false):
INFO: task kworker/u8:2:43 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2    state:D stack:20408 pid:43    tgid:43    ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 addrconf_dad_work+0x119/0x15a0 net/ipv6/addrconf.c:4194
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/1:2:993 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:2     state:D stack:20744 pid:993   tgid:993   ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events_power_efficient reg_check_chans_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 reg_leave_invalid_chans net/wireless/reg.c:2471 [inline]
 reg_check_chans_work+0x164/0xf30 net/wireless/reg.c:2486
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/u9:3:5994 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:3    state:D stack:22344 pid:5994  tgid:5994  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: hci9 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
 le_conn_complete_evt+0xcd3/0x1220 net/bluetooth/hci_event.c:5771
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5797
 hci_event_func net/bluetooth/hci_event.c:7542 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7599
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4071
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz-executor:6131 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:23176 pid:6131  tgid:6131  ppid:1      task_flags:0x400140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f47e6e70a3c
RSP: 002b:00007ffebe31a000 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f47e7be4620 RCX: 00007f47e6e70a3c
RDX: 0000000000000028 RSI: 00007f47e7be4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffebe31a054 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f47e7be4670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:6139 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:23176 pid:6139  tgid:6139  ppid:1      task_flags:0x400140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff856b20a3c
RSP: 002b:00007fff8199cee0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ff857894620 RCX: 00007ff856b20a3c
RDX: 0000000000000028 RSI: 00007ff857894670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff8199cf34 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007ff857894670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:6141 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:19592 pid:6141  tgid:6141  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6e54a90a3c
RSP: 002b:00007ffca98bd380 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f6e55804620 RCX: 00007f6e54a90a3c
RDX: 0000000000000028 RSI: 00007f6e55804670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffca98bd3d4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f6e55804670 R15: 0000000000000000
 </TASK>
INFO: task kworker/u9:4:6144 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:4    state:D stack:25704 pid:6144  tgid:6144  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: hci8 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
 le_conn_complete_evt+0xcd3/0x1220 net/bluetooth/hci_event.c:5771
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5797
 hci_event_func net/bluetooth/hci_event.c:7542 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7599
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4071
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/u9:5:6145 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:5    state:D stack:26936 pid:6145  tgid:6145  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: hci6 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
 le_conn_complete_evt+0xcd3/0x1220 net/bluetooth/hci_event.c:5771
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5797
 hci_event_func net/bluetooth/hci_event.c:7542 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7599
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4071
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz-executor:6146 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:23176 pid:6146  tgid:6146  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_lock net/core/rtnetlink.c:80 [inline]
 rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9e05340a3c
RSP: 002b:00007ffeb184cd20 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f9e060b4620 RCX: 00007f9e05340a3c
RDX: 000000000000002c RSI: 00007f9e060b4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffeb184cd74 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f9e060b4670 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
4 locks held by kworker/0:1/10:
 #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900000f7bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900000f7bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by kworker/u8:0/12:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000117bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000117bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #2: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 net/wireless/core.c:421
 #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
7 locks held by kworker/u8:1/13:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000127bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000127bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888142721300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff88802ffa7920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff88802ffa7920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff88802ffa7920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
2 locks held by ksoftirqd/0/15:
6 locks held by ktimers/0/16:
4 locks held by pr/legacy/17:
2 locks held by rcuc/0/20:
 #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
2 locks held by rcuc/1/28:
 #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
7 locks held by ktimers/1/29:
2 locks held by ksoftirqd/1/30:
 #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by khungtaskd/38:
 #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:2/43:
 #0: ffff88814d234138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88814d234138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000b47bc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000b47bc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 net/ipv6/addrconf.c:4194
5 locks held by kworker/u8:3/57:
4 locks held by kworker/u9:0/59:
 #0: ffff888034cf5938 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888034cf5938 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000125fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000125fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880593d00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
7 locks held by kworker/u8:4/67:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000153fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000153fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805a1c0300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888033c75d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888033c75d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888033c75d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u8:5/87:
 #0: ffff888030d16138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030d16138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000159fbc0 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000159fbc0 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
7 locks held by kworker/u8:6/155:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003acfbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003acfbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880326bc300 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888035c55920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888035c55920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888035c55920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/1:2/993:
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900047d7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900047d7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 net/wireless/reg.c:2483
 #3: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #3: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2471 [inline]
 #3: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x164/0xf30 net/wireless/reg.c:2486
2 locks held by kworker/u8:10/3530:
5 locks held by kworker/u8:11/4366:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000f02fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000f02fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888057f80898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #2: ffff888057f80898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 net/wireless/core.c:421
 #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u9:1/5154:
 #0: ffff888027f43938 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888027f43938 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900103a7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900103a7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888065fc80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/0:2/5165:
2 locks held by klogd/5195:
2 locks held by udevd/5206:
2 locks held by getty/5597:
 #0: ffff88823bf5a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003e762e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 drivers/tty/n_tty.c:2222
4 locks held by kworker/u9:2/5928:
 #0: ffff888028a1d938 ((wq_completion)hci7#3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888028a1d938 ((wq_completion)hci7#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004cb7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004cb7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805fd040a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/0:4/5977:
 #0: ffff88803765b538 ((wq_completion)wg-kex-wg1#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803765b538 ((wq_completion)wg-kex-wg1#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900040ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900040ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by syz-executor/5987:
 #0: ffff8880397d4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff8880397d4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff8880397d40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
 #3: ffff88802f0bd358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 net/bluetooth/l2cap_core.c:1762
3 locks held by syz-executor/5989:
 #0: ffff88805495ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff88805495ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff88805495c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
3 locks held by syz-executor/5991:
 #0: ffff888038460e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888038460e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff8880384600a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
2 locks held by syz-executor/5990:
 #0: ffff88803648ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff88803648ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff88803648c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
4 locks held by kworker/u9:3/5994:
 #0: ffff888057af5938 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888057af5938 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000408fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000408fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888028dbc0a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 net/bluetooth/hci_event.c:5630
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
6 locks held by kworker/1:5/6095:
 #0: ffff88802ffb0538 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802ffb0538 ((wq_completion)mld){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003f6fbc0 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003f6fbc0 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880387f4628 (&idev->mc_lock){+.+.}-{4:4}, at: mld_ifc_work+0x2d/0xd60 net/ipv6/mcast.c:2697
 #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: mld_sendpack+0x1de/0xd80 net/ipv6/mcast.c:1832
 #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
3 locks held by syz.0.22/6122:
 #0: ffff888027a4ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888027a4ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff888027a4c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
4 locks held by kworker/1:6/6130:
 #0: ffff88803765a138 ((wq_completion)wg-kex-wg0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803765a138 ((wq_completion)wg-kex-wg0#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003f7fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003f7fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by syz-executor/6131:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6139:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6141:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:4/6144:
 #0: ffff888026968938 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888026968938 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003bdfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003bdfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805d51c0a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 net/bluetooth/hci_event.c:5630
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
4 locks held by kworker/u9:5/6145:
 #0: ffff888028166938 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888028166938 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003aafbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003aafbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805d0840a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 net/bluetooth/hci_event.c:5630
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
1 lock held by syz-executor/6146:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
1 lock held by syz-executor/6155:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:6/6157:
 #0: ffff88803247e138 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803247e138 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900015dfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900015dfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805b0480a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/0:8/6159:
 #0: ffff88803765a538 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803765a538 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000413fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000413fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by syz-executor/6163:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
5 locks held by kworker/u9:7/6168:
 #0: ffff888027ad4938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888027ad4938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900045afbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900045afbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888028914e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff8880289140a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
 #4: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #4: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 net/bluetooth/hci_conn.c:1313
4 locks held by kworker/u9:8/6173:
 #0: ffff888027de4138 ((wq_completion)hci11#3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888027de4138 ((wq_completion)hci11#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004d67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004d67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88806c0240a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by syz-executor/6176:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:9/6180:
 #0: ffff88803d0cc938 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803d0cc938 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004797bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004797bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880676c80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/u9:10/6181:
 #0: ffff88802f0be938 ((wq_completion)hci13#4){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802f0be938 ((wq_completion)hci13#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900047a7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900047a7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88806cb840a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
6 locks held by kworker/u8:13/6183:
 #0: ffff8880316d3138 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff8880316d3138 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900045cfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900045cfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88803a4f15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 drivers/net/wireguard/noise.c:529
 #3: ffff888029c49928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 drivers/net/wireguard/noise.c:530
 #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by dhcpcd/6186:
 #0: ffff88803060ee78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:870 [inline]
 #0: ffff88803060ee78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: __sock_release net/socket.c:648 [inline]
 #0: ffff88803060ee78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 net/socket.c:1439
1 lock held by syz-executor/6189:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6190:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6196:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6199:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6203:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:11/6204:
 #0: ffff88803d4c0138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803d4c0138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004987bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004987bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88803850c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/u9:13/6210:
 #0: ffff8880355ed938 ((wq_completion)hci19#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff8880355ed938 ((wq_completion)hci19#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900049c7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900049c7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880732680a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/u9:14/6211:
 #0: ffff888026f80938 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888026f80938 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900049d7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900049d7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880572800a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by syz-executor/6214:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6215:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:15/6216:
 #0: ffff888030b36138 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030b36138 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900049e7bc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900049e7bc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u9:16/6219:
 #0: ffff888030b37138 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030b37138 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004967bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004967bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880639100a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by dhcpcd/6220:
 #0: ffff888032c4e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff888032c4e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by dhcpcd/6222:
 #0: ffff88802ba9e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff88802ba9e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by syz-executor/6224:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by dhcpcd/6225:
 #0: ffff88801ab92350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff88801ab92350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
4 locks held by kworker/u9:18/6228:
 #0: ffff88805b4ca938 ((wq_completion)hci20#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88805b4ca938 ((wq_completion)hci20#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004ac7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004ac7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888060c5c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by dhcpcd/6229:
 #0: ffff888030bd6350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff888030bd6350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by dhcpcd/6230:
 #0: ffff88802ff8e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff88802ff8e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by syz-executor/6233:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
7 locks held by kworker/u8:14/6236:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004c27bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004c27bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880351c5300 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888038be4d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888038be4d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888038be4d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by syz-executor/6237:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x80 kernel/kcov.c:216
Code: 8b 3d e4 c6 66 0b 48 89 de 5b e9 63 a3 54 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 40 f6 91 65 8b 35 08 d2 37 10 81 e6 00 00 ff 00
RSP: 0018:ffffc90000156f08 EFLAGS: 00000246
RAX: ffffffff88e40016 RBX: ffff88807efc2b00 RCX: ffff88801ae85940
RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff88807efc2b00
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000100
R10: dffffc0000000000 R11: fffffbfff1e3ac07 R12: dffffc0000000000
R13: 1ffff1100fdf879b R14: ffff88807efc3cd8 R15: ffff88807efc2b00
FS:  0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa5d57ee020 CR3: 000000000d7a6000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 dst_release+0x16/0x1b0 net/core/dst.c:166
 refdst_drop include/net/dst.h:263 [inline]
 skb_dst_drop include/net/dst.h:275 [inline]
 skb_release_head_state+0x71/0x250 net/core/skbuff.c:1135
 skb_release_all net/core/skbuff.c:1149 [inline]
 __kfree_skb net/core/skbuff.c:1165 [inline]
 consume_skb+0x60/0xf0 net/core/skbuff.c:1397
 nft_synproxy_eval_v4+0x376/0x560 net/netfilter/nft_synproxy.c:60
 nft_synproxy_do_eval+0x345/0x570 net/netfilter/nft_synproxy.c:141
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x409/0x1920 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x25d/0x340 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK+0x206/0x3a0 include/linux/netfilter.h:316
 NF_HOOK+0x309/0x3a0 include/linux/netfilter.h:318
 __netif_receive_skb_one_core net/core/dev.c:5991 [inline]
 __netif_receive_skb+0x143/0x380 net/core/dev.c:6104
 process_backlog+0x31e/0x900 net/core/dev.c:6456
 __napi_poll+0xb3/0x540 net/core/dev.c:7506
 napi_poll net/core/dev.c:7569 [inline]
 net_rx_action+0x707/0xe00 net/core/dev.c:7696
 handle_softirqs+0x22f/0x710 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 run_ktimerd+0xcf/0x190 kernel/softirq.c:1043
 smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:160
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

final repro crashed as (corrupted=false):
INFO: task kworker/u8:2:43 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:2    state:D stack:20408 pid:43    tgid:43    ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 addrconf_dad_work+0x119/0x15a0 net/ipv6/addrconf.c:4194
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/1:2:993 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:2     state:D stack:20744 pid:993   tgid:993   ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: events_power_efficient reg_check_chans_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 reg_leave_invalid_chans net/wireless/reg.c:2471 [inline]
 reg_check_chans_work+0x164/0xf30 net/wireless/reg.c:2486
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/u9:3:5994 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:3    state:D stack:22344 pid:5994  tgid:5994  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: hci9 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
 le_conn_complete_evt+0xcd3/0x1220 net/bluetooth/hci_event.c:5771
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5797
 hci_event_func net/bluetooth/hci_event.c:7542 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7599
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4071
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz-executor:6131 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:23176 pid:6131  tgid:6131  ppid:1      task_flags:0x400140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f47e6e70a3c
RSP: 002b:00007ffebe31a000 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f47e7be4620 RCX: 00007f47e6e70a3c
RDX: 0000000000000028 RSI: 00007f47e7be4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffebe31a054 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f47e7be4670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:6139 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:23176 pid:6139  tgid:6139  ppid:1      task_flags:0x400140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff856b20a3c
RSP: 002b:00007fff8199cee0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ff857894620 RCX: 00007ff856b20a3c
RDX: 0000000000000028 RSI: 00007ff857894670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff8199cf34 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007ff857894670 R15: 0000000000000000
 </TASK>
INFO: task syz-executor:6141 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:19592 pid:6141  tgid:6141  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6e54a90a3c
RSP: 002b:00007ffca98bd380 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f6e55804620 RCX: 00007f6e54a90a3c
RDX: 0000000000000028 RSI: 00007f6e55804670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffca98bd3d4 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f6e55804670 R15: 0000000000000000
 </TASK>
INFO: task kworker/u9:4:6144 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:4    state:D stack:25704 pid:6144  tgid:6144  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: hci8 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
 le_conn_complete_evt+0xcd3/0x1220 net/bluetooth/hci_event.c:5771
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5797
 hci_event_func net/bluetooth/hci_event.c:7542 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7599
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4071
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task kworker/u9:5:6145 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u9:5    state:D stack:26936 pid:6145  tgid:6145  ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: hci6 hci_rx_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
 le_conn_complete_evt+0xcd3/0x1220 net/bluetooth/hci_event.c:5771
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5797
 hci_event_func net/bluetooth/hci_event.c:7542 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7599
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4071
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
INFO: task syz-executor:6146 blocked for more than 145 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:23176 pid:6146  tgid:6146  ppid:1      task_flags:0x400140 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x16f3/0x4c20 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 rt_mutex_schedule+0x77/0xf0 kernel/sched/core.c:7339
 rt_mutex_slowlock_block+0x5ba/0x6d0 kernel/locking/rtmutex.c:1647
 __rt_mutex_slowlock kernel/locking/rtmutex.c:1721 [inline]
 __rt_mutex_slowlock_locked kernel/locking/rtmutex.c:1760 [inline]
 rt_mutex_slowlock+0x2b1/0x6e0 kernel/locking/rtmutex.c:1800
 __rt_mutex_lock kernel/locking/rtmutex.c:1815 [inline]
 __mutex_lock_common kernel/locking/rtmutex_api.c:536 [inline]
 mutex_lock_nested+0x16a/0x1d0 kernel/locking/rtmutex_api.c:547
 rtnl_lock net/core/rtnetlink.c:80 [inline]
 rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
 rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x205/0x470 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x843/0xa10 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 __sys_sendto+0x3c7/0x520 net/socket.c:2228
 __do_sys_sendto net/socket.c:2235 [inline]
 __se_sys_sendto net/socket.c:2231 [inline]
 __x64_sys_sendto+0xde/0x100 net/socket.c:2231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9e05340a3c
RSP: 002b:00007ffeb184cd20 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f9e060b4620 RCX: 00007f9e05340a3c
RDX: 000000000000002c RSI: 00007f9e060b4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffeb184cd74 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f9e060b4670 R15: 0000000000000000
 </TASK>

Showing all locks held in the system:
4 locks held by kworker/0:1/10:
 #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900000f7bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900000f7bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by kworker/u8:0/12:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000117bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000117bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #2: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 net/wireless/core.c:421
 #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
7 locks held by kworker/u8:1/13:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000127bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000127bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888142721300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff88802ffa7920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff88802ffa7920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff88802ffa7920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
2 locks held by ksoftirqd/0/15:
6 locks held by ktimers/0/16:
4 locks held by pr/legacy/17:
2 locks held by rcuc/0/20:
 #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
2 locks held by rcuc/1/28:
 #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
7 locks held by ktimers/1/29:
2 locks held by ksoftirqd/1/30:
 #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by khungtaskd/38:
 #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
3 locks held by kworker/u8:2/43:
 #0: ffff88814d234138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88814d234138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90000b47bc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90000b47bc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 net/ipv6/addrconf.c:4194
5 locks held by kworker/u8:3/57:
4 locks held by kworker/u9:0/59:
 #0: ffff888034cf5938 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888034cf5938 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000125fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000125fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880593d00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
7 locks held by kworker/u8:4/67:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000153fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000153fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805a1c0300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888033c75d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888033c75d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888033c75d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u8:5/87:
 #0: ffff888030d16138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030d16138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000159fbc0 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000159fbc0 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
7 locks held by kworker/u8:6/155:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003acfbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003acfbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880326bc300 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888035c55920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888035c55920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888035c55920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/1:2/993:
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900047d7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900047d7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 net/wireless/reg.c:2483
 #3: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #3: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_leave_invalid_chans net/wireless/reg.c:2471 [inline]
 #3: ffff88805abb0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x164/0xf30 net/wireless/reg.c:2486
2 locks held by kworker/u8:10/3530:
5 locks held by kworker/u8:11/4366:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000f02fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000f02fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888057f80898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: class_wiphy_constructor include/net/cfg80211.h:6212 [inline]
 #2: ffff888057f80898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 net/wireless/core.c:421
 #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u9:1/5154:
 #0: ffff888027f43938 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888027f43938 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900103a7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900103a7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888065fc80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/0:2/5165:
2 locks held by klogd/5195:
2 locks held by udevd/5206:
2 locks held by getty/5597:
 #0: ffff88823bf5a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc90003e762e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 drivers/tty/n_tty.c:2222
4 locks held by kworker/u9:2/5928:
 #0: ffff888028a1d938 ((wq_completion)hci7#3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888028a1d938 ((wq_completion)hci7#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004cb7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004cb7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805fd040a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/0:4/5977:
 #0: ffff88803765b538 ((wq_completion)wg-kex-wg1#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803765b538 ((wq_completion)wg-kex-wg1#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900040ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900040ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by syz-executor/5987:
 #0: ffff8880397d4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff8880397d4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff8880397d40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
 #3: ffff88802f0bd358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 net/bluetooth/l2cap_core.c:1762
3 locks held by syz-executor/5989:
 #0: ffff88805495ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff88805495ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff88805495c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
3 locks held by syz-executor/5991:
 #0: ffff888038460e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888038460e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff8880384600a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
2 locks held by syz-executor/5990:
 #0: ffff88803648ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff88803648ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff88803648c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
4 locks held by kworker/u9:3/5994:
 #0: ffff888057af5938 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888057af5938 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000408fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000408fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888028dbc0a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 net/bluetooth/hci_event.c:5630
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
6 locks held by kworker/1:5/6095:
 #0: ffff88802ffb0538 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802ffb0538 ((wq_completion)mld){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003f6fbc0 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003f6fbc0 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880387f4628 (&idev->mc_lock){+.+.}-{4:4}, at: mld_ifc_work+0x2d/0xd60 net/ipv6/mcast.c:2697
 #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #3: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: mld_sendpack+0x1de/0xd80 net/ipv6/mcast.c:1832
 #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
3 locks held by syz.0.22/6122:
 #0: ffff888027a4ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close net/bluetooth/hci_core.c:499 [inline]
 #0: ffff888027a4ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 net/bluetooth/hci_core.c:2715
 #1: ffff888027a4c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 net/bluetooth/hci_sync.c:5282
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_disconn_cfm include/net/bluetooth/hci_core.h:2094 [inline]
 #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 net/bluetooth/hci_conn.c:2599
4 locks held by kworker/1:6/6130:
 #0: ffff88803765a138 ((wq_completion)wg-kex-wg0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803765a138 ((wq_completion)wg-kex-wg0#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003f7fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003f7fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by syz-executor/6131:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6139:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6141:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:4/6144:
 #0: ffff888026968938 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888026968938 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003bdfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003bdfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805d51c0a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 net/bluetooth/hci_event.c:5630
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
4 locks held by kworker/u9:5/6145:
 #0: ffff888028166938 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888028166938 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90003aafbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90003aafbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805d0840a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 net/bluetooth/hci_event.c:5630
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 include/net/bluetooth/hci_core.h:2079
1 lock held by syz-executor/6146:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 net/core/rtnetlink.c:4056
1 lock held by syz-executor/6155:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:6/6157:
 #0: ffff88803247e138 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803247e138 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900015dfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900015dfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88805b0480a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/0:8/6159:
 #0: ffff88803765a538 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803765a538 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc9000413fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc9000413fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by syz-executor/6163:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
5 locks held by kworker/u9:7/6168:
 #0: ffff888027ad4938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888027ad4938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900045afbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900045afbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888028914e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 net/bluetooth/hci_sync.c:331
 #3: ffff8880289140a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 net/bluetooth/hci_sync.c:5670
 #4: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #4: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 net/bluetooth/hci_conn.c:1313
4 locks held by kworker/u9:8/6173:
 #0: ffff888027de4138 ((wq_completion)hci11#3){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888027de4138 ((wq_completion)hci11#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004d67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004d67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88806c0240a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by syz-executor/6176:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:9/6180:
 #0: ffff88803d0cc938 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803d0cc938 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004797bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004797bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880676c80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/u9:10/6181:
 #0: ffff88802f0be938 ((wq_completion)hci13#4){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88802f0be938 ((wq_completion)hci13#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900047a7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900047a7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88806cb840a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
6 locks held by kworker/u8:13/6183:
 #0: ffff8880316d3138 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff8880316d3138 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900045cfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900045cfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88803a4f15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 drivers/net/wireguard/noise.c:529
 #3: ffff888029c49928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 drivers/net/wireguard/noise.c:530
 #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
1 lock held by dhcpcd/6186:
 #0: ffff88803060ee78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:870 [inline]
 #0: ffff88803060ee78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: __sock_release net/socket.c:648 [inline]
 #0: ffff88803060ee78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 net/socket.c:1439
1 lock held by syz-executor/6189:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6190:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6196:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6199:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6203:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:11/6204:
 #0: ffff88803d4c0138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88803d4c0138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004987bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004987bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff88803850c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/u9:13/6210:
 #0: ffff8880355ed938 ((wq_completion)hci19#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff8880355ed938 ((wq_completion)hci19#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900049c7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900049c7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880732680a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
4 locks held by kworker/u9:14/6211:
 #0: ffff888026f80938 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888026f80938 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900049d7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900049d7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880572800a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by syz-executor/6214:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by syz-executor/6215:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
4 locks held by kworker/u9:15/6216:
 #0: ffff888030b36138 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030b36138 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc900049e7bc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc900049e7bc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
4 locks held by kworker/u9:16/6219:
 #0: ffff888030b37138 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888030b37138 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004967bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004967bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880639100a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by dhcpcd/6220:
 #0: ffff888032c4e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff888032c4e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by dhcpcd/6222:
 #0: ffff88802ba9e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff88802ba9e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by syz-executor/6224:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
1 lock held by dhcpcd/6225:
 #0: ffff88801ab92350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff88801ab92350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
4 locks held by kworker/u9:18/6228:
 #0: ffff88805b4ca938 ((wq_completion)hci20#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff88805b4ca938 ((wq_completion)hci20#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004ac7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004ac7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff888060c5c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 net/bluetooth/hci_event.c:3684
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:2079 [inline]
 #3: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 net/bluetooth/hci_event.c:3718
1 lock held by dhcpcd/6229:
 #0: ffff888030bd6350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff888030bd6350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by dhcpcd/6230:
 #0: ffff88802ff8e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1669 [inline]
 #0: ffff88802ff8e350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3251
1 lock held by syz-executor/6233:
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 net/ipv4/devinet.c:978
7 locks held by kworker/u8:14/6236:
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004c27bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004c27bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880351c5300 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 drivers/net/netdevsim/dev.c:853
 #3: ffff888038be4d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #3: ffff888038be4d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:806 [inline]
 #3: ffff888038be4d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 drivers/net/netdevsim/dev.c:866
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: __rt_spin_lock kernel/locking/spinlock_rt.c:50 [inline]
 #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 kernel/locking/spinlock_rt.c:57
 #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 kernel/softirq.c:163
 #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:44 [inline]
 #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 kernel/softirq.c:168
5 locks held by syz-executor/6237:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:328 [inline]
 watchdog+0xf93/0xfe0 kernel/hung_task.c:491
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x80 kernel/kcov.c:216
Code: 8b 3d e4 c6 66 0b 48 89 de 5b e9 63 a3 54 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 40 f6 91 65 8b 35 08 d2 37 10 81 e6 00 00 ff 00
RSP: 0018:ffffc90000156f08 EFLAGS: 00000246
RAX: ffffffff88e40016 RBX: ffff88807efc2b00 RCX: ffff88801ae85940
RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffff88807efc2b00
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000100
R10: dffffc0000000000 R11: fffffbfff1e3ac07 R12: dffffc0000000000
R13: 1ffff1100fdf879b R14: ffff88807efc3cd8 R15: ffff88807efc2b00
FS:  0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa5d57ee020 CR3: 000000000d7a6000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 dst_release+0x16/0x1b0 net/core/dst.c:166
 refdst_drop include/net/dst.h:263 [inline]
 skb_dst_drop include/net/dst.h:275 [inline]
 skb_release_head_state+0x71/0x250 net/core/skbuff.c:1135
 skb_release_all net/core/skbuff.c:1149 [inline]
 __kfree_skb net/core/skbuff.c:1165 [inline]
 consume_skb+0x60/0xf0 net/core/skbuff.c:1397
 nft_synproxy_eval_v4+0x376/0x560 net/netfilter/nft_synproxy.c:60
 nft_synproxy_do_eval+0x345/0x570 net/netfilter/nft_synproxy.c:141
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x409/0x1920 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x25d/0x340 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK+0x206/0x3a0 include/linux/netfilter.h:316
 NF_HOOK+0x309/0x3a0 include/linux/netfilter.h:318
 __netif_receive_skb_one_core net/core/dev.c:5991 [inline]
 __netif_receive_skb+0x143/0x380 net/core/dev.c:6104
 process_backlog+0x31e/0x900 net/core/dev.c:6456
 __napi_poll+0xb3/0x540 net/core/dev.c:7506
 napi_poll net/core/dev.c:7569 [inline]
 net_rx_action+0x707/0xe00 net/core/dev.c:7696
 handle_softirqs+0x22f/0x710 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 run_ktimerd+0xcf/0x190 kernel/softirq.c:1043
 smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:160
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>