last executing test programs: 38.245534865s ago: executing program 3 (id=1658): mlockall(0x3) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0xffffffffffffff66, 0x0, 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) 35.189050771s ago: executing program 3 (id=1666): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r1, &(0x7f0000000200)={'#! ', '', [{0x20, '#!2'}, {0x20, '#! '}, {0x20, '/proc/sys/net/ipv4/tcp_congestion_control\x00'}, {}], 0xa, "8855d1bef46f70e481dbdabbfc3bcc3f005c1079e7344e4392717247b88b05708cd1663511237737ac00004c03fa9d00005380"}, 0xfffffe59) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f00000002c0)={{}, {0x0, 0x989680}}, 0x0) syz_read_part_table(0x4019, &(0x7f0000000000)="$eJzszzEOAUEAheE3G1FwA5fQqInSUbbRSTQaV1E5hkTjIC7gBBqSJRNBu99XzUtm/mTG1+MySZlu1u02L5rOedEkJcnssUv65/3Pl2R+SjL6JTLsjvZWvTP4WNjta6lvPdurw+T8z3sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLMDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQwAAACAMH/rPNoPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALwUAAD//xe4ClM=") r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 34.875800683s ago: executing program 1 (id=1668): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) gettid() ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x4058534c, &(0x7f00000000c0)={0x80}) tkill(0x0, 0x7) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0, r0) sendmsg$IPVS_CMD_DEL_SERVICE(r0, 0x0, 0x11) socket$nl_route(0x10, 0x3, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) eventfd2(0x0, 0x800) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000001200)=ANY=[], 0x0, 0x0, 0x1008, &(0x7f0000001a00)=""/4104, 0x0, 0x0, '\x00', 0x0, 0x15}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000001780)={0x3, 0x1f, 0x1df, 0x0, 0x9, "e0a1ae0511df40bdd9bca911473b5c506552a7"}) 34.681853482s ago: executing program 3 (id=1670): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) sched_setscheduler(0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x0, 0x0, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x41, 0x3, 0x380, 0x218, 0x0, 0x0, 0x0, 0x0, 0x2e8, 0x1f0, 0x1f0, 0x2e8, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @local, 0x0, 0x0, 'wlan1\x00', 'wg1\x00'}, 0x0, 0x1f8, 0x218, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@quota={{0x38}}, @common=@inet=@hashlimit2={{0x150}, {'nicvf0\x00', {0x0, 0x0, 0x20, 0x0, 0x0, 0x3, 0x7bfd}}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3e0) epoll_create1(0x0) socket$inet_udplite(0x2, 0x2, 0x88) 34.68141412s ago: executing program 1 (id=1671): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() socket(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setrlimit(0x9, &(0x7f00000000c0)={0x5, 0x5}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000040)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfc, 0x0, 0x0, 0x0, 0xfd, 0x1ff}, {0x0, 0x0, 0x81}]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 34.663294529s ago: executing program 0 (id=1562): r0 = socket(0x1d, 0x2, 0x6) sendmsg$NL80211_CMD_STOP_NAN(r0, 0x0, 0x0) 34.462009478s ago: executing program 0 (id=1673): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') unshare(0x20040600) unshare(0x22020400) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x8020000) 33.362680851s ago: executing program 0 (id=1674): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYBLOB, @ANYRESDEC=0x0]) mount$fuseblk(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280), 0x20020, &(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) shmctl$SHM_LOCK(0x0, 0xb) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) shmat(0x0, &(0x7f0000ffa000/0x4000)=nil, 0xc000) shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000000)) 33.356482584s ago: executing program 3 (id=1675): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000200)=0x3b) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000440), 0xffffffffffffffff) r5 = socket(0x1e, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2c, r4, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}]}, 0x2c}}, 0x0) 33.100093887s ago: executing program 0 (id=1677): syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x82, &(0x7f0000001900)=ANY=[], 0xfd, 0x22e, &(0x7f0000000c00)="$eJzs2k+LW1UYwOH3dkZap0wT8R8tiAfd6ObSZOXCRQdpQQwo2ggqSG+dGw3JJENuGIhIOzu3fgTX4tKdIP0Cs/ETdOFuNrPsQrzSptiZEsFabNQ8zyYvnPzgXE4IZ3EP3/xmZ9Cr8l4xjVNZFuuXYj/uZNGMU7EWc/vx+o03br/0wUcfv7PV6Vx+P6UrW1db7ZTSuZd/+uSr71+5NT374Q/nfjwdB81PD4/avxy8cHD+8LerX/Sr1K/SaDxNRbo+Hk+L68MybferQZ7Se8OyqMrUH1Xl5MR6bzje3Z2lYrS9ubE7KasqFaNZGpSzNB2n6WSWis+L/ijleZ42N4LH0f3uTl3HUf3Utajr+ulv4+yt2LwdjcieSdmzl7Lnr2Uv7mfnj+q6seyt8o9w/qvN+a8257/ajl3qzkTsfL3X3evOP+frW73oxzDKuBiN+DXu/kzum89X3u5cvpjuaUbauXm/v7nXXTvZt6IRzcV9a96nk/3p2Djet6MRzy3u2wv7M/Haq8f6PBrx82cxjmFsx932QX+jldJb73Ye6i/c+x4AwP9Nnv6w8P6W53+2Pu8f4X740P1qPS6sL/fZiahmXw6K4bCcGP7qkP2Nai3+JZs3rM5QZ4+TL/ufiSfhwaEveycAAAAAAAAAAAA8iifxNuKynxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+G/4PQAA//9R0vDu") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x4) r1 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r1, 0x107, 0x13, 0x0, &(0x7f0000000080)) 32.809902847s ago: executing program 0 (id=1678): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800714, &(0x7f00000003c0)={[{@dioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0x7}}, {@quota}, {@noinit_itable}, {@errors_continue}, {@errors_continue}, {@errors_remount}, {@delalloc}, {@auto_da_alloc}, {@norecovery}, {@errors_continue}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}]}, 0xee, 0x442, &(0x7f0000000d00)="$eJzs281vG0UbAPBn10n6vv1KKKW0oYVAQUR8JE1aoAcuIJA4gIQEh3IMSVqFug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSqIkFo4Ba29m9punObDrkP9+0nbznjHnnk8O97xTBxA1xrK/kkidkfErxHRX83WFxiq/ndjaWHy76WFySSWl9/4I6mUu760MFkULZ63K88MpxHpJ0leSb25i5fOTpTL0xfy/Oj8uXdH5y5eenrm3MSZ6TPT58dPnjxxfOy5Z8efaUmcWVzXBz+YPXzolbeuvDZ56srbP36dtffAker52jhaZSgL/M/lisZzj7W6sg7bU5NOejrYEDakFBFZd/VWxn9/lOJm5/XHyx93tHFAW2X3ph3NTy8uA3exJDrdAqAziht99v23OO7Q1GNbuPZC9QtQFveN/Kie6Yk0L9PbxvqHIuLU4j9fZEe0aR0CAKDWt9n856nV5n9pHKgptzffQxmIiHsiYl9E3BsR+yPivohK2fsj4uAG62/cGrp1/pNe3VRg65TN/57P97bq53/F7C8GSnluTyX+3uT0THn6WP6eDEfvjiw/tkYd3730y2fNztXO/7Ijq7+YC+btuNrTsEA3NTE/0apJ6bWPIgZ7Vos/WdkJSCLiUEQMbuyl9xaJmSe+Otys0O3jX0ML9pmWv4x4vNr/i9EQfyFZe39y9H9Rnj42WlwVt/rp58uvN6t/S/G3QNb/O+uv/4YS/X8ltfu1cxuv4/Jvnzb9TrPZ678vebOyZ92XP/b+xPz8hbGIvuTVSr7u8fGbzy3yRfks/uGjq4//fflzsvgfiIjsIj4SEQ9GxEN52x+OiEci4uga8f/w4qPvbD7+9srin1r182/l+h+o7/+NJ0pnv/+mWf3r6/8TldRw/kjl8+821tvArbx3AAAA8F+RRsTuSNKRlXSajoxU/4Z/f+xMy7Nz80+enn3v/FT1NwID0ZsWK139NeuhY8li/orV/Hi+VlycP56vG39e+n8lPzI5W57qcOzQ7XY1Gf+Z30udbh3Qdn6vBd2rcfynHWoHcOe5/0P3Mv6hexn/0L1WG/8fNuTtBcDdyf0fupfxD93L+IfuZfxDV9rK7/olujkR6bZoRrsScXBbNKNziU5/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALTGvwEAAP//KivtwQ==") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x26e1, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000140)='2', 0x1, 0x8000c61) fallocate(r0, 0x3, 0x20003, 0x20003) 31.647591054s ago: executing program 0 (id=1681): socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x36, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000240)='./file1\x00', 0x80, &(0x7f0000002100)=ANY=[], 0x1, 0x1a4, &(0x7f0000000000)="$eJzs0E1rE0Ecx/Hvf2byUKHKqnioYAMW1y3VPFQ9CELwlEIWvAoGXdLYFBM13RxsUehFCpLa1+CpHlXQk4iC5+JB8KArQm/SHIIH8SCRTVbB19D5wO5vf3/Yndlphp0wA/we3K9TZkRzkA8IBpiW8Uypcb5K+vckt8bB5aT3hGycT5M+Fa6u3QparcZK7mIO578B8COH841/o/A5xxR9oYx8Guh6IDd8hmXaatHHqTK7ia7R8R4zZSY5eh3N0O2xoOiIW4VD+W77bj5cXTuz3A6WGkuN26XS/IXCuULhfCl/c7nVKLxEvEeiTLLtjM+E94BUjYc75gBzgnhNFWmZ7ZOusbWjT5+c66O8PYYIb90+mS+mmVNwiuy1+IcqHBGeoH1mqkwoDKOFKsgV9UKK5qP5mVJk17U+W7/TWty4qvSv9HZZ9rJS3CXlFgkWNi/Nx0fDYd6xETETUYnYjszuV6bldbxKLzlPsx7fnyXtOCcgzb2g210ppuG9uD6l+HJgcvQ5NdqXA2+Sd5Lg898Hy7Isy7Isy7Isax/4EwAA//97t2OR") r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x240) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fanotify_init(0x0, 0x0) syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800, &(0x7f0000004140)=ANY=[@ANYBLOB="00a3d9feb86e02e3b0bd5e574a822aa033060829d9f570706daaf7e64385f4c757c8c1509cbd06003c6d03000000ffdde116534a3e539068b679d93c646500b71c53966a788a93af70a9e8378a4dff15e4a14b5a4b6c14d2feff8ec15164ffffba586557115ae1b2470a06d956cae4ea3b76e646ef7b00f8bcbad4030fa2f87bae1c91858fdee78fd19866212b8aedf818fea039932b8d5f454cf4fa9f9c1c0bd1c3f8c02f1bc702d7359eb8be446f88b77ce92c3d943828ece9eef54e10c2b4d66fb887ed9e56e2fbf982ea3443c9c30d40c4dd067682187e224173e49a3d0700efeb8fc6570ce5feb7d4c9ab5c4cc09ba9ae6276845ff55c7fdaab25776edddef50000000064dadb122182564d38cae5597ef4d5a2bf63415fdfe0867dee339da4a49e99fcf977e3be588fb6a8e4ee0d5395982f374f3802e1cf12c5849a07af1ad1e9f1f52725eab00af283cbfbd18fdc8e1951ba26508eb3781117b3a5263e3671d0b9e5aedd4e9261654e7cd5213600a77f55f0ab706a787ac204fff298dc72be1e80389d8f55f42c3b92acaee0df6b6bea8459d98d7bdc8e99b33022a2474d5527b68ba085ce52bf894f86c0f0f2f76c1ffe1e7ecbf2f1d7f8de553ebd38a1ad1f67e43da56f853f594b16be3822b97389b248dd3079e41ce185206267e9f174fd6ba01f9cc52c465608000048d0ad524a70f1688d1f30ca729963f14d140bf06f606065187fef9b44e884699a5bda981b07000000000000009a74a84388dc82ed1ba29aba106b9f6e11ea249e4870494ede40f7bc48dc2a14669c1b94b32209f16b423a9274740b8f4e641d46a6f14f44e26c4b7d5422322a2f8d967532b133014da9c571ffc2664e0838391e0242bcacaa0c00358bdefaf2bc51dcf4a7673703b89cf213c3325c64493f3ed9866c4994c119363dec364813d2a1f3732323d6fde44b8178d35f936200a96118889bc34d1800779c82b877ba24d7aadec4abe72a3b5e9280cc12d3f3b60fa0163fc3ccdce18ced9a8ccf33122055f8870f804fb91d9f91ba8db505d020c01f532c9307117f34693dd535e1df52ccc94ba178aaf524117c214fa858d6da2f91c14ab5ea3080500366075694cf317cdad3e61d17bfa4490124e3616a0d581cf05cf2cecc0a9b83fe000000000000000000000000ed9111e3396fea123d15ff825b66e25945cb3fd6d31773af0634a155fe85159a643b064fba1135ff23d713431f3cf8587d8778f7eb1a02d155fb6185d105d26844d111c85fd6321fc4a9a368c04cd3f29a8badfb8a0152e7bb8b10a8e680292eb9ab00d3efd86111ca430dcfbf1910b235e636e99b615163989a3779e520b59d2e7db309a3710d5b11ae9c21ad7e4c7d000000000000000000000024aafb0479e8ea1ab8bfd97c2186a3a784ce996d63c42c31e3a211c284f7c0187429d7f01748d6f04519921b9d81a510de2ff2f21e7423328036d45adf7df57a0572a6dfba1e0e7dbed9aeebb7cd806f3685459be46dc69d314fd3ea633b1539f466c8d32a2e9392d1620656958900ffbf0c3f5139c03580f83516f02c1adbb6e16040f273456e982741fe40b3f6a3e9c8237f9da13572c209968b40dd6bf4fbb056d303698c74cdbd4c38c54e945e8e93ff946aa2a1fc940646fc7dbcb3455221cf6192c986eb7a087af45e68868f8495"], 0x1, 0x1d2, &(0x7f0000000980)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUXFlVXZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT89LykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE4YjdbYNriAnpjQwpCmEMSapsYm1bTkzJ4SZn81tgUJL8gmm0KMcS2dKWBwQqjr501LzrUOi24xtTx3YzvAcPs6zpqBP0Oi4BIPTQsH/MgwVt5gZGhrKNNYyLbVd8KVI46+E12pjpwwGd3vGZbAAZWkAkSuhPFmQ1QkJySs8dDQ1jVKSExo2SSQkubExMDBs3cO5WqCBASnaVBgYGLYzwuIWAq7BGKNgFIyCUTAKRsEoGAWjYBSMglEwCkYEAAQAAP//zeCXTA==") open(&(0x7f0000000100)='./file1\x00', 0x0, 0x0) 31.129819963s ago: executing program 1 (id=1686): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x0, 0x8, 0x8}, 0x48) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x10) lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB], 0x5c, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') sendmsg$NFT_BATCH(r7, &(0x7f0000000600)={&(0x7f00000003c0), 0xc, &(0x7f00000005c0)={0x0}}, 0x20000000) read$FUSE(r7, &(0x7f0000002d80)={0x2020}, 0x2025) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r8 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchmodat(r8, &(0x7f00000000c0)='./bus\x00', 0x0) 28.906766982s ago: executing program 1 (id=1689): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 28.657910753s ago: executing program 1 (id=1693): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46) dup3(r2, r1, 0x0) sendmsg$netlink(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=ANY=[], 0x10}], 0x1}, 0x0) close(r1) socket$inet_udp(0x2, 0x2, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @local}, 0x80, 0x0}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e24, @multicast2}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c) setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000000)={0xc, 0x8000006}, 0x8) listen(r4, 0x0) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0) connect$inet(r3, &(0x7f00000001c0)={0x2, 0x2, @remote}, 0x20) dup3(r4, r3, 0x0) 28.586665838s ago: executing program 3 (id=1694): r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) mlockall(0x1) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) 28.328659611s ago: executing program 1 (id=1698): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xb81, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) 26.632029107s ago: executing program 3 (id=1705): timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x1c, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x4, {[@window={0xf, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 20.121084689s ago: executing program 2 (id=1729): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4, 0xe7, &(0x7f0000000340)=""/231}, 0x90) socket$inet6(0xa, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180), 0x4) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0x1, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 18.764371773s ago: executing program 2 (id=1730): gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000000)) fcntl$lock(r0, 0x7, &(0x7f00000006c0)={0x1}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = dup(r1) dup3(r2, r0, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x64) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) rt_sigreturn() futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) mlockall(0x1) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r3, 0x8902, 0x0) 18.764065946s ago: executing program 2 (id=1731): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) gettid() write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '-&)(\'-$$])\x15%&\xbf'}, {0x20, '#! '}, {}, {0x20, '#!\''}, {0x20, '#! '}, {0x20, 'Z'}, {0x20, '#! '}, {0x20, '+'}, {0x20, '#! '}, {0x20, '#! '}], 0xa, "0c8519f42938049d9c29736ff995ff0fbffd994b7ec21412338c0f349ffdca6d3fd044393e6772934a54930d5f455b6d8d9fdc25495ae70deb95aeb4c6efc4824fb922534384155538a352cb28de00c2fd1e"}, 0x89) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0, r0) sendmsg$IPVS_CMD_DEL_SERVICE(r0, 0x0, 0x11) socket$nl_route(0x10, 0x3, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) eventfd2(0x0, 0x800) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000001200)=ANY=[], 0x0, 0x0, 0x1008, &(0x7f0000001a00)=""/4104, 0x0, 0x0, '\x00', 0x0, 0x15}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000001780)={0x3, 0x1f, 0x1df, 0x0, 0x9, "e0a1ae0511df40bdd9bca911473b5c506552a7"}) 18.368016945s ago: executing program 2 (id=1732): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) poll(0x0, 0x0, 0x8002) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r1) socket(0xa, 0x1, 0x0) ioctl$TUNSETLINK(r1, 0x8946, 0x20000000) 18.36773806s ago: executing program 2 (id=1733): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) 17.205456109s ago: executing program 2 (id=1736): r0 = semget$private(0x0, 0x4, 0x0) semop(r0, &(0x7f00000000c0)=[{0x0, 0x5}, {}], 0x2) openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x64) dup2(0xffffffffffffffff, 0xffffffffffffffff) rt_sigreturn() timer_settime(0x0, 0x0, 0x0, 0x0) mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$TUNGETFEATURES(r1, 0x400454ca, 0x0) dup(0xffffffffffffffff) semctl$IPC_RMID(r0, 0x0, 0x0) 13.156981327s ago: executing program 4 (id=1743): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x0, 0x8, 0x8}, 0x48) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x10) lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="0200", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB], 0x5c, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') sendmsg$NFT_BATCH(r7, &(0x7f0000000600)={&(0x7f00000003c0), 0xc, &(0x7f00000005c0)={0x0}}, 0x20000000) read$FUSE(r7, &(0x7f0000002d80)={0x2020}, 0x2025) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r8 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchmodat(r8, &(0x7f00000000c0)='./bus\x00', 0x0) 9.195697068s ago: executing program 4 (id=1744): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='vegas\x00', 0x6) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200), 0xfffffd9d) 9.112176684s ago: executing program 4 (id=1745): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0xb, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0) 6.295334527s ago: executing program 4 (id=1747): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r1, 0x107, 0x13, 0x0, &(0x7f0000000080)) 1.687336008s ago: executing program 4 (id=1748): syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec02010902"], 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001"], 0x0) r0 = syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x0) ioctl$HIDIOCGRDESC(r0, 0x4030582a, &(0x7f0000000040)) 0s ago: executing program 4 (id=1749): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0xc}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000900000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{}, {}, {0x6}]}, 0x10) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x3c, 0x4, 0x8, 0x0, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L4PROTO={0x5}]}, 0x3c}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000070200"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) mmap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x1000005, 0x6031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4003, &(0x7f0000000000)=0x4, 0x5, 0x2) kernel console output (not intermixed with test programs): 254][ C0] R13: 0000000000000000 R14: 00007faad7c34670 R15: 0000000000000000 [ 590.652301][ C0] [ 590.652313][ C0] DEBUG: waiting rtnl_mutex for 2497 jiffies. [ 590.652329][ C0] task:syz.2.1736 state:D stack:23472 pid:11566 tgid:11566 ppid:11087 flags:0x00004002 [ 590.652373][ C0] Call Trace: [ 590.652384][ C0] [ 590.652405][ C0] __schedule+0x1800/0x4a60 [ 590.652471][ C0] ? __pfx___schedule+0x10/0x10 [ 590.652507][ C0] ? __pfx_lock_release+0x10/0x10 [ 590.652544][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 590.652605][ C0] ? schedule+0x90/0x320 [ 590.652635][ C0] schedule+0x14b/0x320 [ 590.652672][ C0] schedule_preempt_disabled+0x13/0x30 [ 590.652703][ C0] __mutex_lock+0x6a4/0xd70 [ 590.652744][ C0] ? __mutex_lock+0x527/0xd70 [ 590.652782][ C0] ? tun_chr_close+0x3e/0x1b0 [ 590.652824][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 590.652879][ C0] ? get_rtnl_holder+0x144/0x190 [ 590.652914][ C0] tun_chr_close+0x3e/0x1b0 [ 590.652950][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 590.652990][ C0] __fput+0x24a/0x8a0 [ 590.653049][ C0] task_work_run+0x24f/0x310 [ 590.653088][ C0] ? __pfx_task_work_run+0x10/0x10 [ 590.653124][ C0] ? switch_task_namespaces+0xe1/0x110 [ 590.653161][ C0] do_exit+0xa2f/0x27f0 [ 590.653205][ C0] ? preempt_schedule_common+0x84/0xd0 [ 590.653252][ C0] ? __pfx_do_exit+0x10/0x10 [ 590.653285][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 590.653326][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 590.653368][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 590.653410][ C0] do_group_exit+0x207/0x2c0 [ 590.653458][ C0] __x64_sys_exit_group+0x3f/0x40 [ 590.653495][ C0] x64_sys_call+0x26e0/0x26e0 [ 590.653530][ C0] do_syscall_64+0xf3/0x230 [ 590.653568][ C0] ? clear_bhb_loop+0x35/0x90 [ 590.653603][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.653631][ C0] RIP: 0033:0x7f3038975f19 [ 590.653659][ C0] RSP: 002b:00007ffd2f39ddb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 590.653689][ C0] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f3038975f19 [ 590.653708][ C0] RDX: 0000001b2f420000 RSI: 0000000000000000 RDI: 000000000000000b [ 590.653727][ C0] RBP: 000000000008a157 R08: 0000000000000006 R09: 000000000000000b [ 590.653745][ C0] R10: 00000000003ffd40 R11: 0000000000000246 R12: 00007f3038b04038 [ 590.653763][ C0] R13: 0000000000000032 R14: 00007f3038b03f60 R15: 00007f3038b04038 [ 590.653827][ C0] [ 590.653840][ C0] DEBUG: waiting rtnl_mutex for 2479 jiffies. [ 590.653855][ C0] task:syz-executor state:D stack:24992 pid:11568 tgid:11568 ppid:11562 flags:0x00000000 [ 590.653900][ C0] Call Trace: [ 590.653911][ C0] [ 590.653932][ C0] __schedule+0x1800/0x4a60 [ 590.654002][ C0] ? __pfx___schedule+0x10/0x10 [ 590.654040][ C0] ? __pfx_lock_release+0x10/0x10 [ 590.654076][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 590.654136][ C0] ? schedule+0x90/0x320 [ 590.654165][ C0] schedule+0x14b/0x320 [ 590.654200][ C0] schedule_preempt_disabled+0x13/0x30 [ 590.654235][ C0] __mutex_lock+0x6a4/0xd70 [ 590.654276][ C0] ? __mutex_lock+0x527/0xd70 [ 590.654313][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 590.654353][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 590.654407][ C0] ? get_rtnl_holder+0x144/0x190 [ 590.654439][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 590.654483][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 590.654525][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 590.654559][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 590.654608][ C0] ? __pfx_validate_chain+0x10/0x10 [ 590.654647][ C0] ? __pfx_validate_chain+0x10/0x10 [ 590.654688][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 590.654734][ C0] ? mark_lock+0x9a/0x360 [ 590.654766][ C0] ? __pfx_validate_chain+0x10/0x10 [ 590.654809][ C0] ? __lock_acquire+0x1359/0x2000 [ 590.654870][ C0] ? mark_lock+0x9a/0x360 [ 590.654913][ C0] ? __lock_acquire+0x1359/0x2000 [ 590.654984][ C0] netlink_rcv_skb+0x1e3/0x430 [ 590.655025][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 590.655067][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 590.655147][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 590.655191][ C0] netlink_unicast+0x7f0/0x990 [ 590.655248][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 590.655280][ C0] ? __virt_addr_valid+0x183/0x530 [ 590.655323][ C0] ? __check_object_size+0x49c/0x900 [ 590.655355][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 590.655394][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 590.655455][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.655499][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 590.655532][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 590.655565][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 590.655605][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.655640][ C0] __sock_sendmsg+0x221/0x270 [ 590.655684][ C0] __sys_sendto+0x3a4/0x4f0 [ 590.655724][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 590.655799][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 590.655838][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 590.655874][ C0] ? exc_page_fault+0x590/0x8c0 [ 590.655913][ C0] __x64_sys_sendto+0xde/0x100 [ 590.655949][ C0] do_syscall_64+0xf3/0x230 [ 590.655987][ C0] ? clear_bhb_loop+0x35/0x90 [ 590.656023][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.656050][ C0] RIP: 0033:0x7f17c9b77cac [ 590.656076][ C0] RSP: 002b:00007ffd986f2480 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 590.656104][ C0] RAX: ffffffffffffffda RBX: 00007f17ca834620 RCX: 00007f17c9b77cac [ 590.656125][ C0] RDX: 0000000000000028 RSI: 00007f17ca834670 RDI: 0000000000000003 [ 590.656144][ C0] RBP: 0000000000000000 R08: 00007ffd986f24d4 R09: 000000000000000c [ 590.656162][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 590.656179][ C0] R13: 0000000000000000 R14: 00007f17ca834670 R15: 0000000000000000 [ 590.656232][ C0] [ 590.656244][ C0] DEBUG: waiting rtnl_mutex for 2353 jiffies. [ 590.656258][ C0] task:syz-executor state:D stack:24992 pid:11578 tgid:11578 ppid:11572 flags:0x00000000 [ 590.656300][ C0] Call Trace: [ 590.656312][ C0] [ 590.656331][ C0] __schedule+0x1800/0x4a60 [ 590.656401][ C0] ? __pfx___schedule+0x10/0x10 [ 590.656438][ C0] ? __pfx_lock_release+0x10/0x10 [ 590.656474][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 590.656533][ C0] ? schedule+0x90/0x320 [ 590.656562][ C0] schedule+0x14b/0x320 [ 590.656597][ C0] schedule_preempt_disabled+0x13/0x30 [ 590.656625][ C0] __mutex_lock+0x6a4/0xd70 [ 590.656666][ C0] ? __mutex_lock+0x527/0xd70 [ 590.656704][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 590.656743][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 590.656798][ C0] ? get_rtnl_holder+0x144/0x190 [ 590.656829][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 590.656873][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 590.656915][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 590.656949][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 590.656998][ C0] ? __pfx_validate_chain+0x10/0x10 [ 590.657037][ C0] ? __pfx_validate_chain+0x10/0x10 [ 590.657077][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 590.657123][ C0] ? mark_lock+0x9a/0x360 [ 590.657156][ C0] ? __pfx_validate_chain+0x10/0x10 [ 590.657199][ C0] ? __lock_acquire+0x1359/0x2000 [ 590.657266][ C0] ? mark_lock+0x9a/0x360 [ 590.657310][ C0] ? __lock_acquire+0x1359/0x2000 [ 590.657381][ C0] netlink_rcv_skb+0x1e3/0x430 [ 590.657421][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 590.657463][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 590.657544][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 590.657587][ C0] netlink_unicast+0x7f0/0x990 [ 590.657639][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 590.657670][ C0] ? __virt_addr_valid+0x183/0x530 [ 590.657712][ C0] ? __check_object_size+0x49c/0x900 [ 590.657744][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 590.657784][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 590.657844][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.657888][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 590.657920][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 590.657953][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 590.657993][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.658028][ C0] __sock_sendmsg+0x221/0x270 [ 590.658072][ C0] __sys_sendto+0x3a4/0x4f0 [ 590.658111][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 590.658187][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 590.658231][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 590.658266][ C0] ? exc_page_fault+0x590/0x8c0 [ 590.658307][ C0] __x64_sys_sendto+0xde/0x100 [ 590.658343][ C0] do_syscall_64+0xf3/0x230 [ 590.658382][ C0] ? clear_bhb_loop+0x35/0x90 [ 590.658417][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.658446][ C0] RIP: 0033:0x7fee46377cac [ 590.658471][ C0] RSP: 002b:00007ffedee40fa0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 590.658500][ C0] RAX: ffffffffffffffda RBX: 00007fee47034620 RCX: 00007fee46377cac [ 590.658520][ C0] RDX: 0000000000000028 RSI: 00007fee47034670 RDI: 0000000000000003 [ 590.658539][ C0] RBP: 0000000000000000 R08: 00007ffedee40ff4 R09: 000000000000000c [ 590.658557][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 590.658575][ C0] R13: 0000000000000000 R14: 00007fee47034670 R15: 0000000000000000 [ 590.658623][ C0] [ 590.658634][ C0] DEBUG: waiting rtnl_mutex for 1387 jiffies. [ 590.658649][ C0] task:syz-executor state:D stack:24992 pid:11598 tgid:11598 ppid:11597 flags:0x00000000 [ 590.658693][ C0] Call Trace: [ 590.658703][ C0] [ 590.658723][ C0] __schedule+0x1800/0x4a60 [ 590.658794][ C0] ? __pfx___schedule+0x10/0x10 [ 590.658830][ C0] ? __pfx_lock_release+0x10/0x10 [ 590.658866][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 590.658925][ C0] ? schedule+0x90/0x320 [ 590.658954][ C0] schedule+0x14b/0x320 [ 590.658989][ C0] schedule_preempt_disabled+0x13/0x30 [ 590.659018][ C0] __mutex_lock+0x6a4/0xd70 [ 590.659059][ C0] ? __mutex_lock+0x527/0xd70 [ 590.659096][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 590.659136][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 590.659190][ C0] ? get_rtnl_holder+0x144/0x190 [ 590.659229][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 590.659285][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 590.659326][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 590.659360][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 590.659406][ C0] ? __pfx_validate_chain+0x10/0x10 [ 590.659445][ C0] ? __pfx_validate_chain+0x10/0x10 [ 590.659484][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 590.659528][ C0] ? mark_lock+0x9a/0x360 [ 590.659560][ C0] ? __pfx_validate_chain+0x10/0x10 [ 590.659602][ C0] ? __lock_acquire+0x1359/0x2000 [ 590.659662][ C0] ? mark_lock+0x9a/0x360 [ 590.659703][ C0] ? __lock_acquire+0x1359/0x2000 [ 590.659772][ C0] netlink_rcv_skb+0x1e3/0x430 [ 590.659811][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 590.659851][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 590.659929][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 590.659971][ C0] netlink_unicast+0x7f0/0x990 [ 590.660021][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 590.660051][ C0] ? __virt_addr_valid+0x183/0x530 [ 590.660093][ C0] ? __check_object_size+0x49c/0x900 [ 590.660124][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 590.660161][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 590.660225][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.660268][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 590.660299][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 590.660331][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 590.660369][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.660403][ C0] __sock_sendmsg+0x221/0x270 [ 590.660445][ C0] __sys_sendto+0x3a4/0x4f0 [ 590.660484][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 590.660558][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 590.660597][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 590.660631][ C0] ? exc_page_fault+0x590/0x8c0 [ 590.660670][ C0] __x64_sys_sendto+0xde/0x100 [ 590.660705][ C0] do_syscall_64+0xf3/0x230 [ 590.660742][ C0] ? clear_bhb_loop+0x35/0x90 [ 590.660776][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.660804][ C0] RIP: 0033:0x7f14c1577cac [ 590.660828][ C0] RSP: 002b:00007ffde20c71e0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 590.660856][ C0] RAX: ffffffffffffffda RBX: 00007f14c2234620 RCX: 00007f14c1577cac [ 590.660876][ C0] RDX: 0000000000000028 RSI: 00007f14c2234670 RDI: 0000000000000003 [ 590.660893][ C0] RBP: 0000000000000000 R08: 00007ffde20c7234 R09: 000000000000000c [ 590.660910][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 590.660927][ C0] R13: 0000000000000000 R14: 00007f14c2234670 R15: 0000000000000000 [ 590.660970][ C0] [ 590.660982][ C0] DEBUG: waiting rtnl_mutex for 1208 jiffies. [ 590.660997][ C0] task:kworker/u8:1 state:D stack:21008 pid:12 tgid:12 ppid:2 flags:0x00004000 [ 590.661038][ C0] Workqueue: ipv6_addrconf addrconf_verify_work [ 590.661073][ C0] Call Trace: [ 590.661084][ C0] [ 590.661102][ C0] __schedule+0x1800/0x4a60 [ 590.661164][ C0] ? __pfx___schedule+0x10/0x10 [ 590.661201][ C0] ? __pfx_lock_release+0x10/0x10 [ 590.661245][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 590.661287][ C0] ? kthread_data+0x52/0xd0 [ 590.661320][ C0] ? schedule+0x90/0x320 [ 590.661349][ C0] ? wq_worker_sleeping+0x66/0x240 [ 590.661387][ C0] ? schedule+0x90/0x320 [ 590.661416][ C0] schedule+0x14b/0x320 [ 590.661451][ C0] schedule_preempt_disabled+0x13/0x30 [ 590.661481][ C0] __mutex_lock+0x6a4/0xd70 [ 590.661521][ C0] ? __mutex_lock+0x527/0xd70 [ 590.661558][ C0] ? addrconf_verify_work+0x19/0x30 [ 590.661596][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 590.661627][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 590.661666][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 590.661711][ C0] ? get_rtnl_holder+0x144/0x190 [ 590.661742][ C0] ? process_scheduled_works+0x945/0x1830 [ 590.661773][ C0] addrconf_verify_work+0x19/0x30 [ 590.661806][ C0] process_scheduled_works+0xa2c/0x1830 [ 590.661886][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 590.661935][ C0] ? assign_work+0x364/0x3d0 [ 590.661977][ C0] worker_thread+0x86d/0xd40 [ 590.662079][ C0] ? __kthread_parkme+0x169/0x1d0 [ 590.662122][ C0] ? __pfx_worker_thread+0x10/0x10 [ 590.662156][ C0] kthread+0x2f0/0x390 [ 590.662192][ C0] ? __pfx_worker_thread+0x10/0x10 [ 590.662229][ C0] ? __pfx_kthread+0x10/0x10 [ 590.662266][ C0] ret_from_fork+0x4b/0x80 [ 590.662300][ C0] ? __pfx_kthread+0x10/0x10 [ 590.662336][ C0] ret_from_fork_asm+0x1a/0x30 [ 590.662398][ C0] [ 590.662408][ C0] DEBUG: waiting rtnl_mutex for 894 jiffies. [ 590.662423][ C0] task:syz-executor state:D stack:20784 pid:11087 tgid:11087 ppid:1 flags:0x00004006 [ 590.662467][ C0] Call Trace: [ 590.662479][ C0] [ 590.662498][ C0] __schedule+0x1800/0x4a60 [ 590.662567][ C0] ? __pfx___schedule+0x10/0x10 [ 590.662604][ C0] ? __pfx_lock_release+0x10/0x10 [ 590.662639][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 590.662694][ C0] ? schedule+0x90/0x320 [ 590.662723][ C0] schedule+0x14b/0x320 [ 590.662756][ C0] schedule_preempt_disabled+0x13/0x30 [ 590.662785][ C0] __mutex_lock+0x6a4/0xd70 [ 590.662825][ C0] ? __mutex_lock+0x527/0xd70 [ 590.662882][ C0] ? tun_chr_close+0x3e/0x1b0 [ 590.662924][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 590.662980][ C0] ? get_rtnl_holder+0x144/0x190 [ 590.663016][ C0] tun_chr_close+0x3e/0x1b0 [ 590.663053][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 590.663093][ C0] __fput+0x24a/0x8a0 [ 590.663152][ C0] task_work_run+0x24f/0x310 [ 590.663191][ C0] ? __pfx_task_work_run+0x10/0x10 [ 590.663231][ C0] ? do_exit+0xa2a/0x27f0 [ 590.663266][ C0] ? kmem_cache_free+0x145/0x350 [ 590.663313][ C0] do_exit+0xa2f/0x27f0 [ 590.663369][ C0] ? __pfx_do_exit+0x10/0x10 [ 590.663408][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 590.663447][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 590.663488][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 590.663520][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 590.663559][ C0] do_group_exit+0x207/0x2c0 [ 590.663595][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 590.663624][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 590.663666][ C0] get_signal+0x16a1/0x1740 [ 590.663725][ C0] ? __pfx_get_signal+0x10/0x10 [ 590.663773][ C0] arch_do_signal_or_restart+0x96/0x830 [ 590.663814][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 590.663846][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 590.663905][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 590.663949][ C0] syscall_exit_to_user_mode+0xc9/0x370 [ 590.663994][ C0] do_syscall_64+0x100/0x230 [ 590.664032][ C0] ? clear_bhb_loop+0x35/0x90 [ 590.664069][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.664099][ C0] RIP: 0033:0x7f303896c217 [ 590.664130][ C0] RSP: 002b:00007ffd2f39e5f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 590.664160][ C0] RAX: fffffffffffffe00 RBX: 0000000000000056 RCX: 00007f303896c217 [ 590.664181][ C0] RDX: 0000000040000000 RSI: 00007ffd2f39e67c RDI: 00000000ffffffff [ 590.664202][ C0] RBP: 00007ffd2f39e67c R08: 0000000000000000 R09: 7fffffffffffffff [ 590.664228][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 000055559241d5eb [ 590.664248][ C0] R13: 000055559241d590 R14: 00007f30389d5418 R15: 0000000000000008 [ 590.664298][ C0] [ 590.664313][ C0] [ 590.664313][ C0] Showing all locks held in the system: [ 590.664329][ C0] 3 locks held by kworker/u8:1/12: [ 590.664347][ C0] #0: ffff88802a193148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 590.664430][ C0] #1: ffffc90000117d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 590.664509][ C0] #2: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 590.664596][ C0] 2 locks held by kworker/u8:3/53: [ 590.664613][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 590.664690][ C0] #1: ffffc90000bd7d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 590.664800][ C0] 2 locks held by getty/4848: [ 590.664818][ C0] #0: ffff88802ad4c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 590.664895][ C0] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 590.664969][ C0] 7 locks held by kworker/0:3/5143: [ 590.664985][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 590.665060][ C0] #1: ffffc90003aefd00 ((work_completion)(&uhid->worker)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 590.665135][ C0] #2: ffff88802d7e5a20 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 590.665208][ C0] #3: ffffffff8e2110a0 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0x4ed/0x900 [ 590.665283][ C0] #4: ffffffff8e210cb0 (console_srcu){....}-{0:0}, at: console_flush_all+0x147/0xf50 [ 590.665353][ C0] #5: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 590.665422][ C0] #6: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 590.665506][ C0] 1 lock held by syz.2.1279/10357: [ 590.665523][ C0] #0: ffff88802d1cc068 (&uhid->devlock){+.+.}-{3:3}, at: uhid_char_write+0x78/0xb50 [ 590.665606][ C0] 1 lock held by syz-executor/11087: [ 590.665623][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 590.665706][ C0] 2 locks held by syz.0.1681/11407: [ 590.665723][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 590.665803][ C0] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 590.665887][ C0] 2 locks held by syz.1.1698/11452: [ 590.665916][ C0] #0: ffffffff8f5f2190 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 590.665990][ C0] #1: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 590.666060][ C0] 1 lock held by syz.3.1705/11478: [ 590.666076][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 590.666145][ C0] 1 lock held by syz-executor/11546: [ 590.666161][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 590.666246][ C0] 1 lock held by syz.2.1736/11566: [ 590.666262][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 590.666340][ C0] 1 lock held by syz-executor/11568: [ 590.666356][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 590.666434][ C0] 1 lock held by syz-executor/11578: [ 590.666450][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 590.666528][ C0] 1 lock held by syz-executor/11598: [ 590.666545][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 590.666621][ C0] 1 lock held by syz.4.1749/11606: [ 590.666637][ C0] #0: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 590.666719][ C0] [ 590.666727][ C0] ============================================= [ 590.666727][ C0] [ 591.691060][ C0] DEBUG: holding rtnl_mutex for 3776 jiffies. [ 591.691082][ C0] task:syz.0.1681 state:D stack:24672 pid:11407 tgid:11407 ppid:11075 flags:0x00004006 [ 591.691117][ C0] Call Trace: [ 591.691125][ C0] [ 591.691141][ C0] __schedule+0x1800/0x4a60 [ 591.691192][ C0] ? __pfx___schedule+0x10/0x10 [ 591.691217][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.691242][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.691282][ C0] ? schedule+0x90/0x320 [ 591.691301][ C0] schedule+0x14b/0x320 [ 591.691325][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.691345][ C0] __mutex_lock+0x6a4/0xd70 [ 591.691372][ C0] ? __mutex_lock+0x527/0xd70 [ 591.691397][ C0] ? synchronize_rcu_expedited+0x451/0x830 [ 591.691427][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.691456][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 591.691486][ C0] synchronize_rcu_expedited+0x451/0x830 [ 591.691517][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 591.691566][ C0] ? __pfx___might_resched+0x10/0x10 [ 591.691586][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 591.691613][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 591.691648][ C0] synchronize_rcu+0x11b/0x360 [ 591.691674][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 591.691716][ C0] lockdep_unregister_key+0x556/0x610 [ 591.691744][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 591.691767][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 591.691797][ C0] ? __qdisc_destroy+0x150/0x410 [ 591.691815][ C0] ? kfree+0x149/0x360 [ 591.691839][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 591.691872][ C0] __qdisc_destroy+0x165/0x410 [ 591.691894][ C0] dev_shutdown+0x9b/0x440 [ 591.691918][ C0] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 591.691941][ C0] ? __lock_acquire+0x1359/0x2000 [ 591.692038][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 591.692071][ C0] ? __asan_memset+0x23/0x50 [ 591.692097][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 591.692151][ C0] ? __asan_memset+0x23/0x50 [ 591.692177][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 591.692229][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 591.692265][ C0] unregister_netdevice_queue+0x303/0x370 [ 591.692301][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 591.692351][ C0] __tun_detach+0x6b6/0x1600 [ 591.692399][ C0] tun_chr_close+0x108/0x1b0 [ 591.692433][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 591.692471][ C0] __fput+0x24a/0x8a0 [ 591.692551][ C0] task_work_run+0x24f/0x310 [ 591.692604][ C0] ? __pfx_task_work_run+0x10/0x10 [ 591.692640][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 591.692683][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 591.692722][ C0] do_syscall_64+0x100/0x230 [ 591.692754][ C0] ? clear_bhb_loop+0x35/0x90 [ 591.692787][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.692831][ C0] RIP: 0033:0x7f6c5bf75f19 [ 591.692862][ C0] RSP: 002b:00007fff6f471208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 591.692901][ C0] RAX: 0000000000000000 RBX: 00007f6c5c105a60 RCX: 00007f6c5bf75f19 [ 591.692920][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 591.692938][ C0] RBP: 00007f6c5c105a60 R08: 0000000000000006 R09: 000000116f47153f [ 591.692955][ C0] R10: 00000000003ffcac R11: 0000000000000246 R12: 00000000000873a2 [ 591.692973][ C0] R13: 0000000000000032 R14: 00007f6c5c105a60 R15: 00007fff6f4712f0 [ 591.693020][ C0] [ 591.693032][ C0] DEBUG: waiting rtnl_mutex for 3710 jiffies. [ 591.693046][ C0] task:syz.1.1698 state:D stack:23800 pid:11452 tgid:11451 ppid:10549 flags:0x00004004 [ 591.693089][ C0] Call Trace: [ 591.693100][ C0] [ 591.693118][ C0] __schedule+0x1800/0x4a60 [ 591.693187][ C0] ? __pfx___schedule+0x10/0x10 [ 591.693223][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.693257][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.693311][ C0] ? schedule+0x90/0x320 [ 591.693337][ C0] schedule+0x14b/0x320 [ 591.693371][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.693398][ C0] __mutex_lock+0x6a4/0xd70 [ 591.693437][ C0] ? __mutex_lock+0x527/0xd70 [ 591.693473][ C0] ? register_nexthop_notifier+0x84/0x290 [ 591.693504][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.693554][ C0] ? get_rtnl_holder+0x144/0x190 [ 591.693588][ C0] register_nexthop_notifier+0x84/0x290 [ 591.693617][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 591.693662][ C0] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 591.693719][ C0] ? __asan_memset+0x23/0x50 [ 591.693754][ C0] ops_init+0x359/0x610 [ 591.693796][ C0] setup_net+0x515/0xca0 [ 591.693834][ C0] ? __pfx_down_read_killable+0x10/0x10 [ 591.693881][ C0] ? __pfx_setup_net+0x10/0x10 [ 591.693927][ C0] ? read_word_at_a_time+0xe/0x20 [ 591.693971][ C0] copy_net_ns+0x4e2/0x7b0 [ 591.694019][ C0] create_new_namespaces+0x425/0x7b0 [ 591.694057][ C0] ? bpf_lsm_capable+0x9/0x10 [ 591.694096][ C0] ? copy_namespaces+0x5c/0x490 [ 591.694124][ C0] copy_namespaces+0x41a/0x490 [ 591.694161][ C0] copy_process+0x1934/0x3d70 [ 591.694221][ C0] ? copy_process+0x9fa/0x3d70 [ 591.694254][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 591.694291][ C0] ? __pfx_copy_process+0x10/0x10 [ 591.694326][ C0] ? futex_wake+0x523/0x5c0 [ 591.694381][ C0] kernel_clone+0x226/0x8f0 [ 591.694426][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 591.694494][ C0] __x64_sys_clone+0x258/0x2a0 [ 591.694536][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 591.694596][ C0] ? do_syscall_64+0x100/0x230 [ 591.694638][ C0] ? do_syscall_64+0xb6/0x230 [ 591.694681][ C0] do_syscall_64+0xf3/0x230 [ 591.694719][ C0] ? clear_bhb_loop+0x35/0x90 [ 591.694755][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.694784][ C0] RIP: 0033:0x7f42e1975f19 [ 591.694814][ C0] RSP: 002b:00007f42e26cbff8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 591.694844][ C0] RAX: ffffffffffffffda RBX: 00007f42e1b03f60 RCX: 00007f42e1975f19 [ 591.694872][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 591.694891][ C0] RBP: 00007f42e19e4bcd R08: 0000000000000000 R09: 0000000000000000 [ 591.694909][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 591.694926][ C0] R13: 000000000000000b R14: 00007f42e1b03f60 R15: 00007ffd05635f58 [ 591.694975][ C0] [ 591.694987][ C0] DEBUG: waiting rtnl_mutex for 3542 jiffies. [ 591.695003][ C0] task:syz.3.1705 state:D stack:26848 pid:11478 tgid:11475 ppid:9073 flags:0x00000004 [ 591.695049][ C0] Call Trace: [ 591.695060][ C0] [ 591.695080][ C0] __schedule+0x1800/0x4a60 [ 591.695151][ C0] ? __pfx___schedule+0x10/0x10 [ 591.695189][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.695225][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.695284][ C0] ? schedule+0x90/0x320 [ 591.695313][ C0] schedule+0x14b/0x320 [ 591.695348][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.695377][ C0] __mutex_lock+0x6a4/0xd70 [ 591.695419][ C0] ? __mutex_lock+0x527/0xd70 [ 591.695456][ C0] ? __tun_chr_ioctl+0x48f/0x2400 [ 591.695488][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.695540][ C0] ? get_rtnl_holder+0x144/0x190 [ 591.695574][ C0] __tun_chr_ioctl+0x48f/0x2400 [ 591.695625][ C0] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 591.695666][ C0] ? __fget_files+0x3f6/0x470 [ 591.695693][ C0] ? __fget_files+0x29/0x470 [ 591.695733][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 591.695758][ C0] ? security_file_ioctl+0x87/0xb0 [ 591.695794][ C0] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 591.695837][ C0] __se_sys_ioctl+0xfc/0x170 [ 591.695888][ C0] do_syscall_64+0xf3/0x230 [ 591.695926][ C0] ? clear_bhb_loop+0x35/0x90 [ 591.695962][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.695990][ C0] RIP: 0033:0x7fbef7175f19 [ 591.696016][ C0] RSP: 002b:00007fbef6bff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 591.696045][ C0] RAX: ffffffffffffffda RBX: 00007fbef7303f60 RCX: 00007fbef7175f19 [ 591.696065][ C0] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 591.696083][ C0] RBP: 00007fbef71e4bcd R08: 0000000000000000 R09: 0000000000000000 [ 591.696101][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 591.696119][ C0] R13: 000000000000000b R14: 00007fbef7303f60 R15: 00007ffc0a273958 [ 591.696167][ C0] [ 591.696178][ C0] DEBUG: waiting rtnl_mutex for 2885 jiffies. [ 591.696193][ C0] task:syz-executor state:D stack:24992 pid:11546 tgid:11546 ppid:11534 flags:0x00000000 [ 591.696237][ C0] Call Trace: [ 591.696248][ C0] [ 591.696268][ C0] __schedule+0x1800/0x4a60 [ 591.696338][ C0] ? __pfx___schedule+0x10/0x10 [ 591.696374][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.696410][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.696469][ C0] ? schedule+0x90/0x320 [ 591.696497][ C0] schedule+0x14b/0x320 [ 591.696543][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.696571][ C0] __mutex_lock+0x6a4/0xd70 [ 591.696610][ C0] ? __mutex_lock+0x527/0xd70 [ 591.696646][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 591.696685][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.696737][ C0] ? get_rtnl_holder+0x144/0x190 [ 591.696768][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 591.696811][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 591.696852][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 591.696891][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 591.696939][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.696977][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.697015][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 591.697060][ C0] ? mark_lock+0x9a/0x360 [ 591.697091][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.697134][ C0] ? __lock_acquire+0x1359/0x2000 [ 591.697193][ C0] ? mark_lock+0x9a/0x360 [ 591.697234][ C0] ? __lock_acquire+0x1359/0x2000 [ 591.697302][ C0] netlink_rcv_skb+0x1e3/0x430 [ 591.697342][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 591.697381][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 591.697459][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 591.697500][ C0] netlink_unicast+0x7f0/0x990 [ 591.697550][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 591.697580][ C0] ? __virt_addr_valid+0x183/0x530 [ 591.697622][ C0] ? __check_object_size+0x49c/0x900 [ 591.697653][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 591.697691][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 591.697750][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.697793][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 591.697825][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 591.697857][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 591.697901][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.697935][ C0] __sock_sendmsg+0x221/0x270 [ 591.697979][ C0] __sys_sendto+0x3a4/0x4f0 [ 591.698018][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 591.698092][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 591.698130][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 591.698164][ C0] ? exc_page_fault+0x590/0x8c0 [ 591.698203][ C0] __x64_sys_sendto+0xde/0x100 [ 591.698238][ C0] do_syscall_64+0xf3/0x230 [ 591.698274][ C0] ? clear_bhb_loop+0x35/0x90 [ 591.698308][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.698335][ C0] RIP: 0033:0x7faad6f77cac [ 591.698360][ C0] RSP: 002b:00007ffdee280880 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 591.698387][ C0] RAX: ffffffffffffffda RBX: 00007faad7c34620 RCX: 00007faad6f77cac [ 591.698406][ C0] RDX: 0000000000000028 RSI: 00007faad7c34670 RDI: 0000000000000003 [ 591.698424][ C0] RBP: 0000000000000000 R08: 00007ffdee2808d4 R09: 000000000000000c [ 591.698441][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 591.698458][ C0] R13: 0000000000000000 R14: 00007faad7c34670 R15: 0000000000000000 [ 591.698503][ C0] [ 591.698514][ C0] DEBUG: waiting rtnl_mutex for 2601 jiffies. [ 591.698529][ C0] task:syz.2.1736 state:D stack:23472 pid:11566 tgid:11566 ppid:11087 flags:0x00004002 [ 591.698570][ C0] Call Trace: [ 591.698581][ C0] [ 591.698599][ C0] __schedule+0x1800/0x4a60 [ 591.698666][ C0] ? __pfx___schedule+0x10/0x10 [ 591.698702][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.698736][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.698792][ C0] ? schedule+0x90/0x320 [ 591.698820][ C0] schedule+0x14b/0x320 [ 591.698854][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.698888][ C0] __mutex_lock+0x6a4/0xd70 [ 591.698928][ C0] ? __mutex_lock+0x527/0xd70 [ 591.698964][ C0] ? tun_chr_close+0x3e/0x1b0 [ 591.699003][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.699056][ C0] ? get_rtnl_holder+0x144/0x190 [ 591.699089][ C0] tun_chr_close+0x3e/0x1b0 [ 591.699123][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 591.699161][ C0] __fput+0x24a/0x8a0 [ 591.699216][ C0] task_work_run+0x24f/0x310 [ 591.699267][ C0] ? __pfx_task_work_run+0x10/0x10 [ 591.699302][ C0] ? switch_task_namespaces+0xe1/0x110 [ 591.699338][ C0] do_exit+0xa2f/0x27f0 [ 591.699380][ C0] ? preempt_schedule_common+0x84/0xd0 [ 591.699416][ C0] ? __pfx_do_exit+0x10/0x10 [ 591.699448][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 591.699486][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 591.699527][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 591.699567][ C0] do_group_exit+0x207/0x2c0 [ 591.699613][ C0] __x64_sys_exit_group+0x3f/0x40 [ 591.699650][ C0] x64_sys_call+0x26e0/0x26e0 [ 591.699683][ C0] do_syscall_64+0xf3/0x230 [ 591.699719][ C0] ? clear_bhb_loop+0x35/0x90 [ 591.699753][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.699780][ C0] RIP: 0033:0x7f3038975f19 [ 591.699805][ C0] RSP: 002b:00007ffd2f39ddb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 591.699832][ C0] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f3038975f19 [ 591.699850][ C0] RDX: 0000001b2f420000 RSI: 0000000000000000 RDI: 000000000000000b [ 591.699874][ C0] RBP: 000000000008a157 R08: 0000000000000006 R09: 000000000000000b [ 591.699891][ C0] R10: 00000000003ffd40 R11: 0000000000000246 R12: 00007f3038b04038 [ 591.699909][ C0] R13: 0000000000000032 R14: 00007f3038b03f60 R15: 00007f3038b04038 [ 591.699957][ C0] [ 591.699967][ C0] DEBUG: waiting rtnl_mutex for 2583 jiffies. [ 591.699982][ C0] task:syz-executor state:D stack:24992 pid:11568 tgid:11568 ppid:11562 flags:0x00000000 [ 591.700025][ C0] Call Trace: [ 591.700035][ C0] [ 591.700054][ C0] __schedule+0x1800/0x4a60 [ 591.700121][ C0] ? __pfx___schedule+0x10/0x10 [ 591.700158][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.700193][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.700249][ C0] ? schedule+0x90/0x320 [ 591.700278][ C0] schedule+0x14b/0x320 [ 591.700311][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.700340][ C0] __mutex_lock+0x6a4/0xd70 [ 591.700379][ C0] ? __mutex_lock+0x527/0xd70 [ 591.700415][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 591.700454][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.700506][ C0] ? get_rtnl_holder+0x144/0x190 [ 591.700537][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 591.700580][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 591.700620][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 591.700653][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 591.700700][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.700738][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.700777][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 591.700822][ C0] ? mark_lock+0x9a/0x360 [ 591.700854][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.700901][ C0] ? __lock_acquire+0x1359/0x2000 [ 591.700960][ C0] ? mark_lock+0x9a/0x360 [ 591.701001][ C0] ? __lock_acquire+0x1359/0x2000 [ 591.701071][ C0] netlink_rcv_skb+0x1e3/0x430 [ 591.701110][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 591.701151][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 591.701229][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 591.701271][ C0] netlink_unicast+0x7f0/0x990 [ 591.701321][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 591.701350][ C0] ? __virt_addr_valid+0x183/0x530 [ 591.701392][ C0] ? __check_object_size+0x49c/0x900 [ 591.701423][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 591.701461][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 591.701538][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.701583][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 591.701615][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 591.701649][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 591.701688][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.701724][ C0] __sock_sendmsg+0x221/0x270 [ 591.701768][ C0] __sys_sendto+0x3a4/0x4f0 [ 591.701807][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 591.701889][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 591.701929][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 591.701965][ C0] ? exc_page_fault+0x590/0x8c0 [ 591.702051][ C0] __x64_sys_sendto+0xde/0x100 [ 591.702088][ C0] do_syscall_64+0xf3/0x230 [ 591.702124][ C0] ? clear_bhb_loop+0x35/0x90 [ 591.702154][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.702182][ C0] RIP: 0033:0x7f17c9b77cac [ 591.702209][ C0] RSP: 002b:00007ffd986f2480 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 591.702239][ C0] RAX: ffffffffffffffda RBX: 00007f17ca834620 RCX: 00007f17c9b77cac [ 591.702260][ C0] RDX: 0000000000000028 RSI: 00007f17ca834670 RDI: 0000000000000003 [ 591.702279][ C0] RBP: 0000000000000000 R08: 00007ffd986f24d4 R09: 000000000000000c [ 591.702297][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 591.702314][ C0] R13: 0000000000000000 R14: 00007f17ca834670 R15: 0000000000000000 [ 591.702363][ C0] [ 591.702375][ C0] DEBUG: waiting rtnl_mutex for 2458 jiffies. [ 591.702391][ C0] task:syz-executor state:D stack:24992 pid:11578 tgid:11578 ppid:11572 flags:0x00000000 [ 591.702438][ C0] Call Trace: [ 591.702449][ C0] [ 591.702469][ C0] __schedule+0x1800/0x4a60 [ 591.702541][ C0] ? __pfx___schedule+0x10/0x10 [ 591.702580][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.702617][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.702677][ C0] ? schedule+0x90/0x320 [ 591.702706][ C0] schedule+0x14b/0x320 [ 591.702740][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.702769][ C0] __mutex_lock+0x6a4/0xd70 [ 591.702807][ C0] ? __mutex_lock+0x527/0xd70 [ 591.702845][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 591.702896][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.702952][ C0] ? get_rtnl_holder+0x144/0x190 [ 591.702986][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 591.703031][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 591.703075][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 591.703110][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 591.703160][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.703202][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.703244][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 591.703291][ C0] ? mark_lock+0x9a/0x360 [ 591.703326][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.703371][ C0] ? __lock_acquire+0x1359/0x2000 [ 591.703433][ C0] ? mark_lock+0x9a/0x360 [ 591.703478][ C0] ? __lock_acquire+0x1359/0x2000 [ 591.703549][ C0] netlink_rcv_skb+0x1e3/0x430 [ 591.703592][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 591.703634][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 591.703713][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 591.703759][ C0] netlink_unicast+0x7f0/0x990 [ 591.703812][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 591.703845][ C0] ? __virt_addr_valid+0x183/0x530 [ 591.703897][ C0] ? __check_object_size+0x49c/0x900 [ 591.703931][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 591.703972][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 591.704034][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.704079][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 591.704114][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 591.704149][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 591.704190][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.704226][ C0] __sock_sendmsg+0x221/0x270 [ 591.704271][ C0] __sys_sendto+0x3a4/0x4f0 [ 591.704311][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 591.704389][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 591.704430][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 591.704467][ C0] ? exc_page_fault+0x590/0x8c0 [ 591.704508][ C0] __x64_sys_sendto+0xde/0x100 [ 591.704546][ C0] do_syscall_64+0xf3/0x230 [ 591.704585][ C0] ? clear_bhb_loop+0x35/0x90 [ 591.704621][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.704651][ C0] RIP: 0033:0x7fee46377cac [ 591.704680][ C0] RSP: 002b:00007ffedee40fa0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 591.704712][ C0] RAX: ffffffffffffffda RBX: 00007fee47034620 RCX: 00007fee46377cac [ 591.704733][ C0] RDX: 0000000000000028 RSI: 00007fee47034670 RDI: 0000000000000003 [ 591.704753][ C0] RBP: 0000000000000000 R08: 00007ffedee40ff4 R09: 000000000000000c [ 591.704771][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 591.704787][ C0] R13: 0000000000000000 R14: 00007fee47034670 R15: 0000000000000000 [ 591.704834][ C0] [ 591.704845][ C0] DEBUG: waiting rtnl_mutex for 1492 jiffies. [ 591.704861][ C0] task:syz-executor state:D stack:24992 pid:11598 tgid:11598 ppid:11597 flags:0x00000000 [ 591.704911][ C0] Call Trace: [ 591.704923][ C0] [ 591.704943][ C0] __schedule+0x1800/0x4a60 [ 591.705016][ C0] ? __pfx___schedule+0x10/0x10 [ 591.705055][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.705092][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.705152][ C0] ? schedule+0x90/0x320 [ 591.705182][ C0] schedule+0x14b/0x320 [ 591.705218][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.705248][ C0] __mutex_lock+0x6a4/0xd70 [ 591.705291][ C0] ? __mutex_lock+0x527/0xd70 [ 591.705329][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 591.705370][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.705425][ C0] ? get_rtnl_holder+0x144/0x190 [ 591.705459][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 591.705515][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 591.705558][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 591.705592][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 591.705640][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.705679][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.705718][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 591.705764][ C0] ? mark_lock+0x9a/0x360 [ 591.705796][ C0] ? __pfx_validate_chain+0x10/0x10 [ 591.705839][ C0] ? __lock_acquire+0x1359/0x2000 [ 591.705907][ C0] ? mark_lock+0x9a/0x360 [ 591.705950][ C0] ? __lock_acquire+0x1359/0x2000 [ 591.706019][ C0] netlink_rcv_skb+0x1e3/0x430 [ 591.706061][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 591.706103][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 591.706181][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 591.706225][ C0] netlink_unicast+0x7f0/0x990 [ 591.706277][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 591.706309][ C0] ? __virt_addr_valid+0x183/0x530 [ 591.706351][ C0] ? __check_object_size+0x49c/0x900 [ 591.706383][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 591.706422][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 591.706483][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.706528][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 591.706559][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 591.706593][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 591.706632][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.706667][ C0] __sock_sendmsg+0x221/0x270 [ 591.706710][ C0] __sys_sendto+0x3a4/0x4f0 [ 591.706750][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 591.706824][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 591.706863][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 591.706905][ C0] ? exc_page_fault+0x590/0x8c0 [ 591.706944][ C0] __x64_sys_sendto+0xde/0x100 [ 591.706980][ C0] do_syscall_64+0xf3/0x230 [ 591.707018][ C0] ? clear_bhb_loop+0x35/0x90 [ 591.707052][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.707081][ C0] RIP: 0033:0x7f14c1577cac [ 591.707109][ C0] RSP: 002b:00007ffde20c71e0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 591.707140][ C0] RAX: ffffffffffffffda RBX: 00007f14c2234620 RCX: 00007f14c1577cac [ 591.707161][ C0] RDX: 0000000000000028 RSI: 00007f14c2234670 RDI: 0000000000000003 [ 591.707179][ C0] RBP: 0000000000000000 R08: 00007ffde20c7234 R09: 000000000000000c [ 591.707197][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 591.707214][ C0] R13: 0000000000000000 R14: 00007f14c2234670 R15: 0000000000000000 [ 591.707261][ C0] [ 591.707273][ C0] DEBUG: waiting rtnl_mutex for 1313 jiffies. [ 591.707289][ C0] task:kworker/u8:1 state:D stack:21008 pid:12 tgid:12 ppid:2 flags:0x00004000 [ 591.707334][ C0] Workqueue: ipv6_addrconf addrconf_verify_work [ 591.707372][ C0] Call Trace: [ 591.707384][ C0] [ 591.707403][ C0] __schedule+0x1800/0x4a60 [ 591.707471][ C0] ? __pfx___schedule+0x10/0x10 [ 591.707509][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.707546][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.707588][ C0] ? kthread_data+0x52/0xd0 [ 591.707620][ C0] ? schedule+0x90/0x320 [ 591.707649][ C0] ? wq_worker_sleeping+0x66/0x240 [ 591.707686][ C0] ? schedule+0x90/0x320 [ 591.707714][ C0] schedule+0x14b/0x320 [ 591.707749][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.707778][ C0] __mutex_lock+0x6a4/0xd70 [ 591.707818][ C0] ? __mutex_lock+0x527/0xd70 [ 591.707855][ C0] ? addrconf_verify_work+0x19/0x30 [ 591.707900][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.707931][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 591.707969][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 591.708013][ C0] ? get_rtnl_holder+0x144/0x190 [ 591.708044][ C0] ? process_scheduled_works+0x945/0x1830 [ 591.708074][ C0] addrconf_verify_work+0x19/0x30 [ 591.708127][ C0] process_scheduled_works+0xa2c/0x1830 [ 591.708211][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 591.708261][ C0] ? assign_work+0x364/0x3d0 [ 591.708304][ C0] worker_thread+0x86d/0xd40 [ 591.708364][ C0] ? __kthread_parkme+0x169/0x1d0 [ 591.708408][ C0] ? __pfx_worker_thread+0x10/0x10 [ 591.708473][ C0] kthread+0x2f0/0x390 [ 591.708510][ C0] ? __pfx_worker_thread+0x10/0x10 [ 591.708543][ C0] ? __pfx_kthread+0x10/0x10 [ 591.708583][ C0] ret_from_fork+0x4b/0x80 [ 591.708617][ C0] ? __pfx_kthread+0x10/0x10 [ 591.708655][ C0] ret_from_fork_asm+0x1a/0x30 [ 591.708721][ C0] [ 591.708733][ C0] DEBUG: waiting rtnl_mutex for 998 jiffies. [ 591.708761][ C0] task:syz-executor state:D stack:20784 pid:11087 tgid:11087 ppid:1 flags:0x00004006 [ 591.708806][ C0] Call Trace: [ 591.708817][ C0] [ 591.708837][ C0] __schedule+0x1800/0x4a60 [ 591.708912][ C0] ? __pfx___schedule+0x10/0x10 [ 591.708950][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.708987][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 591.709044][ C0] ? schedule+0x90/0x320 [ 591.709073][ C0] schedule+0x14b/0x320 [ 591.709109][ C0] schedule_preempt_disabled+0x13/0x30 [ 591.709138][ C0] __mutex_lock+0x6a4/0xd70 [ 591.709178][ C0] ? __mutex_lock+0x527/0xd70 [ 591.709216][ C0] ? tun_chr_close+0x3e/0x1b0 [ 591.709257][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 591.709311][ C0] ? get_rtnl_holder+0x144/0x190 [ 591.709345][ C0] tun_chr_close+0x3e/0x1b0 [ 591.709381][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 591.709418][ C0] __fput+0x24a/0x8a0 [ 591.709475][ C0] task_work_run+0x24f/0x310 [ 591.709512][ C0] ? __pfx_task_work_run+0x10/0x10 [ 591.709544][ C0] ? do_exit+0xa2a/0x27f0 [ 591.709578][ C0] ? kmem_cache_free+0x145/0x350 [ 591.709624][ C0] do_exit+0xa2f/0x27f0 [ 591.709677][ C0] ? __pfx_do_exit+0x10/0x10 [ 591.709758][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 591.709798][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 591.709839][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 591.709877][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 591.709917][ C0] do_group_exit+0x207/0x2c0 [ 591.709955][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 591.709983][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 591.710025][ C0] get_signal+0x16a1/0x1740 [ 591.710083][ C0] ? __pfx_get_signal+0x10/0x10 [ 591.710131][ C0] arch_do_signal_or_restart+0x96/0x830 [ 591.710173][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 591.710204][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 591.710264][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 591.710308][ C0] syscall_exit_to_user_mode+0xc9/0x370 [ 591.710352][ C0] do_syscall_64+0x100/0x230 [ 591.710392][ C0] ? clear_bhb_loop+0x35/0x90 [ 591.710429][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.710458][ C0] RIP: 0033:0x7f303896c217 [ 591.710488][ C0] RSP: 002b:00007ffd2f39e5f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 591.710519][ C0] RAX: fffffffffffffe00 RBX: 0000000000000056 RCX: 00007f303896c217 [ 591.710540][ C0] RDX: 0000000040000000 RSI: 00007ffd2f39e67c RDI: 00000000ffffffff [ 591.710560][ C0] RBP: 00007ffd2f39e67c R08: 0000000000000000 R09: 7fffffffffffffff [ 591.710580][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 000055559241d5eb [ 591.710599][ C0] R13: 000055559241d590 R14: 00007f30389d5418 R15: 0000000000000008 [ 591.710649][ C0] [ 591.710664][ C0] [ 591.710664][ C0] Showing all locks held in the system: [ 591.710679][ C0] 3 locks held by kworker/u8:1/12: [ 591.710698][ C0] #0: ffff88802a193148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 591.710780][ C0] #1: ffffc90000117d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 591.710856][ C0] #2: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 591.710963][ C0] 2 locks held by kworker/u8:3/53: [ 591.710979][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 591.711051][ C0] #1: ffffc90000bd7d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 591.711148][ C0] 2 locks held by kworker/u8:7/2467: [ 591.711167][ C0] 1 lock held by syslogd/4527: [ 591.711184][ C0] 2 locks held by getty/4848: [ 591.711199][ C0] #0: ffff88802ad4c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 591.711281][ C0] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 591.711353][ C0] 7 locks held by kworker/0:3/5143: [ 591.711368][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 591.711439][ C0] #1: ffffc90003aefd00 ((work_completion)(&uhid->worker)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 591.711509][ C0] #2: ffff88802d7e5a20 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 591.711578][ C0] #3: ffffffff8e2110a0 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0x4ed/0x900 [ 591.711644][ C0] #4: ffffffff8e210cb0 (console_srcu){....}-{0:0}, at: console_flush_all+0x147/0xf50 [ 591.711731][ C0] #5: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 591.711799][ C0] #6: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 591.711892][ C0] 1 lock held by syz.2.1279/10357: [ 591.711909][ C0] #0: ffff88802d1cc068 (&uhid->devlock){+.+.}-{3:3}, at: uhid_char_write+0x78/0xb50 [ 591.712046][ C0] 1 lock held by syz-executor/11087: [ 591.712064][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 591.712146][ C0] 2 locks held by syz.0.1681/11407: [ 591.712163][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 591.712241][ C0] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 591.712321][ C0] 2 locks held by syz.1.1698/11452: [ 591.712337][ C0] #0: ffffffff8f5f2190 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 591.712416][ C0] #1: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 591.712486][ C0] 1 lock held by syz.3.1705/11478: [ 591.712502][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 591.712571][ C0] 1 lock held by syz-executor/11546: [ 591.712587][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 591.712667][ C0] 1 lock held by syz.2.1736/11566: [ 591.712684][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 591.712764][ C0] 1 lock held by syz-executor/11568: [ 591.712780][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 591.712861][ C0] 1 lock held by syz-executor/11578: [ 591.712884][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 591.712975][ C0] 1 lock held by syz-executor/11598: [ 591.712991][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 591.713084][ C0] 1 lock held by syz.4.1749/11606: [ 591.713101][ C0] #0: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 591.713185][ C0] [ 591.713194][ C0] ============================================= [ 591.713194][ C0] [ 592.724729][ C0] DEBUG: holding rtnl_mutex for 3880 jiffies. [ 592.724748][ C0] task:syz.0.1681 state:D stack:24672 pid:11407 tgid:11407 ppid:11075 flags:0x00004006 [ 592.724789][ C0] Call Trace: [ 592.724798][ C0] [ 592.724813][ C0] __schedule+0x1800/0x4a60 [ 592.724866][ C0] ? __pfx___schedule+0x10/0x10 [ 592.724892][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.724919][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.724960][ C0] ? schedule+0x90/0x320 [ 592.724980][ C0] schedule+0x14b/0x320 [ 592.725004][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.725025][ C0] __mutex_lock+0x6a4/0xd70 [ 592.725053][ C0] ? __mutex_lock+0x527/0xd70 [ 592.725079][ C0] ? synchronize_rcu_expedited+0x451/0x830 [ 592.725109][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.725140][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 592.725171][ C0] synchronize_rcu_expedited+0x451/0x830 [ 592.725203][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 592.725254][ C0] ? __pfx___might_resched+0x10/0x10 [ 592.725274][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.725302][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.725338][ C0] synchronize_rcu+0x11b/0x360 [ 592.725365][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 592.725408][ C0] lockdep_unregister_key+0x556/0x610 [ 592.725437][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 592.725460][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 592.725491][ C0] ? __qdisc_destroy+0x150/0x410 [ 592.725509][ C0] ? kfree+0x149/0x360 [ 592.725546][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 592.725575][ C0] __qdisc_destroy+0x165/0x410 [ 592.725597][ C0] dev_shutdown+0x9b/0x440 [ 592.725620][ C0] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 592.725644][ C0] ? __lock_acquire+0x1359/0x2000 [ 592.725686][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 592.725707][ C0] ? __asan_memset+0x23/0x50 [ 592.725726][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 592.725764][ C0] ? __asan_memset+0x23/0x50 [ 592.725781][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 592.725823][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 592.725847][ C0] unregister_netdevice_queue+0x303/0x370 [ 592.725873][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 592.725907][ C0] __tun_detach+0x6b6/0x1600 [ 592.725942][ C0] tun_chr_close+0x108/0x1b0 [ 592.725967][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 592.725993][ C0] __fput+0x24a/0x8a0 [ 592.726031][ C0] task_work_run+0x24f/0x310 [ 592.726056][ C0] ? __pfx_task_work_run+0x10/0x10 [ 592.726079][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 592.726108][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 592.726137][ C0] do_syscall_64+0x100/0x230 [ 592.726164][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.726188][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.726208][ C0] RIP: 0033:0x7f6c5bf75f19 [ 592.726242][ C0] RSP: 002b:00007fff6f471208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 592.726270][ C0] RAX: 0000000000000000 RBX: 00007f6c5c105a60 RCX: 00007f6c5bf75f19 [ 592.726289][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 592.726307][ C0] RBP: 00007f6c5c105a60 R08: 0000000000000006 R09: 000000116f47153f [ 592.726327][ C0] R10: 00000000003ffcac R11: 0000000000000246 R12: 00000000000873a2 [ 592.726347][ C0] R13: 0000000000000032 R14: 00007f6c5c105a60 R15: 00007fff6f4712f0 [ 592.726397][ C0] [ 592.726410][ C0] DEBUG: waiting rtnl_mutex for 3813 jiffies. [ 592.726426][ C0] task:syz.1.1698 state:D stack:23800 pid:11452 tgid:11451 ppid:10549 flags:0x00004004 [ 592.726473][ C0] Call Trace: [ 592.726485][ C0] [ 592.726504][ C0] __schedule+0x1800/0x4a60 [ 592.726562][ C0] ? __pfx___schedule+0x10/0x10 [ 592.726595][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.726628][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.726684][ C0] ? schedule+0x90/0x320 [ 592.726711][ C0] schedule+0x14b/0x320 [ 592.726764][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.726799][ C0] __mutex_lock+0x6a4/0xd70 [ 592.726839][ C0] ? __mutex_lock+0x527/0xd70 [ 592.726875][ C0] ? register_nexthop_notifier+0x84/0x290 [ 592.726906][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.726957][ C0] ? get_rtnl_holder+0x144/0x190 [ 592.726991][ C0] register_nexthop_notifier+0x84/0x290 [ 592.727018][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 592.727060][ C0] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 592.727101][ C0] ? __asan_memset+0x23/0x50 [ 592.727134][ C0] ops_init+0x359/0x610 [ 592.727177][ C0] setup_net+0x515/0xca0 [ 592.727215][ C0] ? __pfx_down_read_killable+0x10/0x10 [ 592.727260][ C0] ? __pfx_setup_net+0x10/0x10 [ 592.727308][ C0] ? read_word_at_a_time+0xe/0x20 [ 592.727356][ C0] copy_net_ns+0x4e2/0x7b0 [ 592.727406][ C0] create_new_namespaces+0x425/0x7b0 [ 592.727443][ C0] ? bpf_lsm_capable+0x9/0x10 [ 592.727485][ C0] ? copy_namespaces+0x5c/0x490 [ 592.727515][ C0] copy_namespaces+0x41a/0x490 [ 592.727555][ C0] copy_process+0x1934/0x3d70 [ 592.727617][ C0] ? copy_process+0x9fa/0x3d70 [ 592.727655][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 592.727692][ C0] ? __pfx_copy_process+0x10/0x10 [ 592.727728][ C0] ? futex_wake+0x523/0x5c0 [ 592.727793][ C0] kernel_clone+0x226/0x8f0 [ 592.727838][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 592.727904][ C0] __x64_sys_clone+0x258/0x2a0 [ 592.727954][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 592.728008][ C0] ? do_syscall_64+0x100/0x230 [ 592.728048][ C0] ? do_syscall_64+0xb6/0x230 [ 592.728086][ C0] do_syscall_64+0xf3/0x230 [ 592.728120][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.728153][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.728180][ C0] RIP: 0033:0x7f42e1975f19 [ 592.728209][ C0] RSP: 002b:00007f42e26cbff8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 592.728236][ C0] RAX: ffffffffffffffda RBX: 00007f42e1b03f60 RCX: 00007f42e1975f19 [ 592.728255][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 592.728272][ C0] RBP: 00007f42e19e4bcd R08: 0000000000000000 R09: 0000000000000000 [ 592.728289][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 592.728306][ C0] R13: 000000000000000b R14: 00007f42e1b03f60 R15: 00007ffd05635f58 [ 592.728351][ C0] [ 592.728362][ C0] DEBUG: waiting rtnl_mutex for 3645 jiffies. [ 592.728376][ C0] task:syz.3.1705 state:D stack:26848 pid:11478 tgid:11475 ppid:9073 flags:0x00000004 [ 592.728420][ C0] Call Trace: [ 592.728429][ C0] [ 592.728448][ C0] __schedule+0x1800/0x4a60 [ 592.728513][ C0] ? __pfx___schedule+0x10/0x10 [ 592.728549][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.728584][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.728637][ C0] ? schedule+0x90/0x320 [ 592.728664][ C0] schedule+0x14b/0x320 [ 592.728697][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.728724][ C0] __mutex_lock+0x6a4/0xd70 [ 592.728760][ C0] ? __mutex_lock+0x527/0xd70 [ 592.728800][ C0] ? __tun_chr_ioctl+0x48f/0x2400 [ 592.728829][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.728880][ C0] ? get_rtnl_holder+0x144/0x190 [ 592.728911][ C0] __tun_chr_ioctl+0x48f/0x2400 [ 592.728957][ C0] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 592.728994][ C0] ? __fget_files+0x3f6/0x470 [ 592.729019][ C0] ? __fget_files+0x29/0x470 [ 592.729058][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 592.729081][ C0] ? security_file_ioctl+0x87/0xb0 [ 592.729116][ C0] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 592.729156][ C0] __se_sys_ioctl+0xfc/0x170 [ 592.729196][ C0] do_syscall_64+0xf3/0x230 [ 592.729232][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.729265][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.729292][ C0] RIP: 0033:0x7fbef7175f19 [ 592.729318][ C0] RSP: 002b:00007fbef6bff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 592.729345][ C0] RAX: ffffffffffffffda RBX: 00007fbef7303f60 RCX: 00007fbef7175f19 [ 592.729365][ C0] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 592.729382][ C0] RBP: 00007fbef71e4bcd R08: 0000000000000000 R09: 0000000000000000 [ 592.729399][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.729414][ C0] R13: 000000000000000b R14: 00007fbef7303f60 R15: 00007ffc0a273958 [ 592.729455][ C0] [ 592.729465][ C0] DEBUG: waiting rtnl_mutex for 2988 jiffies. [ 592.729479][ C0] task:syz-executor state:D stack:24992 pid:11546 tgid:11546 ppid:11534 flags:0x00000000 [ 592.729518][ C0] Call Trace: [ 592.729527][ C0] [ 592.729545][ C0] __schedule+0x1800/0x4a60 [ 592.729609][ C0] ? __pfx___schedule+0x10/0x10 [ 592.729642][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.729676][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.729731][ C0] ? schedule+0x90/0x320 [ 592.729757][ C0] schedule+0x14b/0x320 [ 592.729799][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.729828][ C0] __mutex_lock+0x6a4/0xd70 [ 592.729866][ C0] ? __mutex_lock+0x527/0xd70 [ 592.729900][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 592.729936][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.729986][ C0] ? get_rtnl_holder+0x144/0x190 [ 592.730018][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 592.730062][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 592.730103][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 592.730137][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 592.730186][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.730226][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.730267][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 592.730312][ C0] ? mark_lock+0x9a/0x360 [ 592.730345][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.730389][ C0] ? __lock_acquire+0x1359/0x2000 [ 592.730449][ C0] ? mark_lock+0x9a/0x360 [ 592.730492][ C0] ? __lock_acquire+0x1359/0x2000 [ 592.730558][ C0] netlink_rcv_skb+0x1e3/0x430 [ 592.730600][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 592.730642][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 592.730720][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 592.730764][ C0] netlink_unicast+0x7f0/0x990 [ 592.730822][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 592.730854][ C0] ? __virt_addr_valid+0x183/0x530 [ 592.730897][ C0] ? __check_object_size+0x49c/0x900 [ 592.730930][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 592.730969][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 592.731030][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.731075][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 592.731108][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 592.731141][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 592.731181][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.731216][ C0] __sock_sendmsg+0x221/0x270 [ 592.731260][ C0] __sys_sendto+0x3a4/0x4f0 [ 592.731300][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 592.731374][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.731432][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.731469][ C0] ? exc_page_fault+0x590/0x8c0 [ 592.731510][ C0] __x64_sys_sendto+0xde/0x100 [ 592.731548][ C0] do_syscall_64+0xf3/0x230 [ 592.731588][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.731624][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.731654][ C0] RIP: 0033:0x7faad6f77cac [ 592.731685][ C0] RSP: 002b:00007ffdee280880 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 592.731716][ C0] RAX: ffffffffffffffda RBX: 00007faad7c34620 RCX: 00007faad6f77cac [ 592.731737][ C0] RDX: 0000000000000028 RSI: 00007faad7c34670 RDI: 0000000000000003 [ 592.731756][ C0] RBP: 0000000000000000 R08: 00007ffdee2808d4 R09: 000000000000000c [ 592.731775][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 592.731817][ C0] R13: 0000000000000000 R14: 00007faad7c34670 R15: 0000000000000000 [ 592.731866][ C0] [ 592.731879][ C0] DEBUG: waiting rtnl_mutex for 2704 jiffies. [ 592.731895][ C0] task:syz.2.1736 state:D stack:23472 pid:11566 tgid:11566 ppid:11087 flags:0x00004002 [ 592.731941][ C0] Call Trace: [ 592.731953][ C0] [ 592.731974][ C0] __schedule+0x1800/0x4a60 [ 592.732099][ C0] ? __pfx___schedule+0x10/0x10 [ 592.732137][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.732172][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.732230][ C0] ? schedule+0x90/0x320 [ 592.732258][ C0] schedule+0x14b/0x320 [ 592.732295][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.732325][ C0] __mutex_lock+0x6a4/0xd70 [ 592.732364][ C0] ? __mutex_lock+0x527/0xd70 [ 592.732402][ C0] ? tun_chr_close+0x3e/0x1b0 [ 592.732443][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.732496][ C0] ? get_rtnl_holder+0x144/0x190 [ 592.732531][ C0] tun_chr_close+0x3e/0x1b0 [ 592.732568][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 592.732606][ C0] __fput+0x24a/0x8a0 [ 592.732663][ C0] task_work_run+0x24f/0x310 [ 592.732702][ C0] ? __pfx_task_work_run+0x10/0x10 [ 592.732738][ C0] ? switch_task_namespaces+0xe1/0x110 [ 592.732775][ C0] do_exit+0xa2f/0x27f0 [ 592.732827][ C0] ? preempt_schedule_common+0x84/0xd0 [ 592.732864][ C0] ? __pfx_do_exit+0x10/0x10 [ 592.732898][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.732937][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.732980][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 592.733022][ C0] do_group_exit+0x207/0x2c0 [ 592.733071][ C0] __x64_sys_exit_group+0x3f/0x40 [ 592.733108][ C0] x64_sys_call+0x26e0/0x26e0 [ 592.733143][ C0] do_syscall_64+0xf3/0x230 [ 592.733181][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.733216][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.733244][ C0] RIP: 0033:0x7f3038975f19 [ 592.733272][ C0] RSP: 002b:00007ffd2f39ddb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 592.733313][ C0] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f3038975f19 [ 592.733332][ C0] RDX: 0000001b2f420000 RSI: 0000000000000000 RDI: 000000000000000b [ 592.733350][ C0] RBP: 000000000008a157 R08: 0000000000000006 R09: 000000000000000b [ 592.733367][ C0] R10: 00000000003ffd40 R11: 0000000000000246 R12: 00007f3038b04038 [ 592.733386][ C0] R13: 0000000000000032 R14: 00007f3038b03f60 R15: 00007f3038b04038 [ 592.733434][ C0] [ 592.733445][ C0] DEBUG: waiting rtnl_mutex for 2687 jiffies. [ 592.733460][ C0] task:syz-executor state:D stack:24992 pid:11568 tgid:11568 ppid:11562 flags:0x00000000 [ 592.733503][ C0] Call Trace: [ 592.733514][ C0] [ 592.733533][ C0] __schedule+0x1800/0x4a60 [ 592.733602][ C0] ? __pfx___schedule+0x10/0x10 [ 592.733654][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.733709][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.733768][ C0] ? schedule+0x90/0x320 [ 592.733802][ C0] schedule+0x14b/0x320 [ 592.733838][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.733867][ C0] __mutex_lock+0x6a4/0xd70 [ 592.733908][ C0] ? __mutex_lock+0x527/0xd70 [ 592.733945][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 592.733986][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.734040][ C0] ? get_rtnl_holder+0x144/0x190 [ 592.734072][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 592.734116][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 592.734158][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 592.734191][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 592.734241][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.734280][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.734320][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 592.734367][ C0] ? mark_lock+0x9a/0x360 [ 592.734400][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.734444][ C0] ? __lock_acquire+0x1359/0x2000 [ 592.734506][ C0] ? mark_lock+0x9a/0x360 [ 592.734548][ C0] ? __lock_acquire+0x1359/0x2000 [ 592.734620][ C0] netlink_rcv_skb+0x1e3/0x430 [ 592.734662][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 592.734703][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 592.734790][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 592.734834][ C0] netlink_unicast+0x7f0/0x990 [ 592.734885][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 592.734917][ C0] ? __virt_addr_valid+0x183/0x530 [ 592.734960][ C0] ? __check_object_size+0x49c/0x900 [ 592.734992][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 592.735031][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 592.735093][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.735137][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 592.735170][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 592.735204][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 592.735244][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.735279][ C0] __sock_sendmsg+0x221/0x270 [ 592.735324][ C0] __sys_sendto+0x3a4/0x4f0 [ 592.735364][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 592.735440][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.735479][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.735515][ C0] ? exc_page_fault+0x590/0x8c0 [ 592.735566][ C0] __x64_sys_sendto+0xde/0x100 [ 592.735601][ C0] do_syscall_64+0xf3/0x230 [ 592.735638][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.735672][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.735700][ C0] RIP: 0033:0x7f17c9b77cac [ 592.735725][ C0] RSP: 002b:00007ffd986f2480 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 592.735752][ C0] RAX: ffffffffffffffda RBX: 00007f17ca834620 RCX: 00007f17c9b77cac [ 592.735772][ C0] RDX: 0000000000000028 RSI: 00007f17ca834670 RDI: 0000000000000003 [ 592.735795][ C0] RBP: 0000000000000000 R08: 00007ffd986f24d4 R09: 000000000000000c [ 592.735813][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 592.735829][ C0] R13: 0000000000000000 R14: 00007f17ca834670 R15: 0000000000000000 [ 592.735876][ C0] [ 592.735887][ C0] DEBUG: waiting rtnl_mutex for 2561 jiffies. [ 592.735901][ C0] task:syz-executor state:D stack:24992 pid:11578 tgid:11578 ppid:11572 flags:0x00000000 [ 592.735944][ C0] Call Trace: [ 592.735955][ C0] [ 592.735974][ C0] __schedule+0x1800/0x4a60 [ 592.736042][ C0] ? __pfx___schedule+0x10/0x10 [ 592.736078][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.736113][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.736170][ C0] ? schedule+0x90/0x320 [ 592.736197][ C0] schedule+0x14b/0x320 [ 592.736231][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.736259][ C0] __mutex_lock+0x6a4/0xd70 [ 592.736299][ C0] ? __mutex_lock+0x527/0xd70 [ 592.736335][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 592.736373][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.736426][ C0] ? get_rtnl_holder+0x144/0x190 [ 592.736457][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 592.736499][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 592.736540][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 592.736573][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 592.736620][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.736658][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.736698][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 592.736742][ C0] ? mark_lock+0x9a/0x360 [ 592.736774][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.736822][ C0] ? __lock_acquire+0x1359/0x2000 [ 592.736882][ C0] ? mark_lock+0x9a/0x360 [ 592.736923][ C0] ? __lock_acquire+0x1359/0x2000 [ 592.736992][ C0] netlink_rcv_skb+0x1e3/0x430 [ 592.737031][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 592.737071][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 592.737149][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 592.737209][ C0] netlink_unicast+0x7f0/0x990 [ 592.737260][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 592.737292][ C0] ? __virt_addr_valid+0x183/0x530 [ 592.737334][ C0] ? __check_object_size+0x49c/0x900 [ 592.737366][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 592.737405][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 592.737466][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.737511][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 592.737543][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 592.737576][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 592.737615][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.737651][ C0] __sock_sendmsg+0x221/0x270 [ 592.737695][ C0] __sys_sendto+0x3a4/0x4f0 [ 592.737735][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 592.737818][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.737859][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.737894][ C0] ? exc_page_fault+0x590/0x8c0 [ 592.737946][ C0] __x64_sys_sendto+0xde/0x100 [ 592.737982][ C0] do_syscall_64+0xf3/0x230 [ 592.738018][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.738053][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.738080][ C0] RIP: 0033:0x7fee46377cac [ 592.738105][ C0] RSP: 002b:00007ffedee40fa0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 592.738132][ C0] RAX: ffffffffffffffda RBX: 00007fee47034620 RCX: 00007fee46377cac [ 592.738151][ C0] RDX: 0000000000000028 RSI: 00007fee47034670 RDI: 0000000000000003 [ 592.738169][ C0] RBP: 0000000000000000 R08: 00007ffedee40ff4 R09: 000000000000000c [ 592.738186][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 592.738203][ C0] R13: 0000000000000000 R14: 00007fee47034670 R15: 0000000000000000 [ 592.738249][ C0] [ 592.738260][ C0] DEBUG: waiting rtnl_mutex for 1595 jiffies. [ 592.738274][ C0] task:syz-executor state:D stack:24992 pid:11598 tgid:11598 ppid:11597 flags:0x00000000 [ 592.738316][ C0] Call Trace: [ 592.738327][ C0] [ 592.738346][ C0] __schedule+0x1800/0x4a60 [ 592.738414][ C0] ? __pfx___schedule+0x10/0x10 [ 592.738449][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.738484][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.738540][ C0] ? schedule+0x90/0x320 [ 592.738568][ C0] schedule+0x14b/0x320 [ 592.738602][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.738630][ C0] __mutex_lock+0x6a4/0xd70 [ 592.738669][ C0] ? __mutex_lock+0x527/0xd70 [ 592.738705][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 592.738743][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.738801][ C0] ? get_rtnl_holder+0x144/0x190 [ 592.738833][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 592.738876][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 592.738918][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 592.738951][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 592.738998][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.739037][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.739076][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 592.739121][ C0] ? mark_lock+0x9a/0x360 [ 592.739153][ C0] ? __pfx_validate_chain+0x10/0x10 [ 592.739195][ C0] ? __lock_acquire+0x1359/0x2000 [ 592.739254][ C0] ? mark_lock+0x9a/0x360 [ 592.739296][ C0] ? __lock_acquire+0x1359/0x2000 [ 592.739365][ C0] netlink_rcv_skb+0x1e3/0x430 [ 592.739404][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 592.739444][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 592.739521][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 592.739581][ C0] netlink_unicast+0x7f0/0x990 [ 592.739646][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 592.739676][ C0] ? __virt_addr_valid+0x183/0x530 [ 592.739717][ C0] ? __check_object_size+0x49c/0x900 [ 592.739747][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 592.739790][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 592.739849][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.739892][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 592.739922][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 592.739954][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 592.739992][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.740027][ C0] __sock_sendmsg+0x221/0x270 [ 592.740070][ C0] __sys_sendto+0x3a4/0x4f0 [ 592.740108][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 592.740182][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.740220][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.740255][ C0] ? exc_page_fault+0x590/0x8c0 [ 592.740293][ C0] __x64_sys_sendto+0xde/0x100 [ 592.740328][ C0] do_syscall_64+0xf3/0x230 [ 592.740362][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.740395][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.740422][ C0] RIP: 0033:0x7f14c1577cac [ 592.740446][ C0] RSP: 002b:00007ffde20c71e0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 592.740470][ C0] RAX: ffffffffffffffda RBX: 00007f14c2234620 RCX: 00007f14c1577cac [ 592.740488][ C0] RDX: 0000000000000028 RSI: 00007f14c2234670 RDI: 0000000000000003 [ 592.740505][ C0] RBP: 0000000000000000 R08: 00007ffde20c7234 R09: 000000000000000c [ 592.740522][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 592.740538][ C0] R13: 0000000000000000 R14: 00007f14c2234670 R15: 0000000000000000 [ 592.740580][ C0] [ 592.740591][ C0] DEBUG: waiting rtnl_mutex for 1416 jiffies. [ 592.740606][ C0] task:kworker/u8:1 state:D stack:21008 pid:12 tgid:12 ppid:2 flags:0x00004000 [ 592.740647][ C0] Workqueue: ipv6_addrconf addrconf_verify_work [ 592.740685][ C0] Call Trace: [ 592.740696][ C0] [ 592.740716][ C0] __schedule+0x1800/0x4a60 [ 592.740794][ C0] ? __pfx___schedule+0x10/0x10 [ 592.740831][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.740866][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.740926][ C0] ? kthread_data+0x52/0xd0 [ 592.740959][ C0] ? schedule+0x90/0x320 [ 592.740989][ C0] ? wq_worker_sleeping+0x66/0x240 [ 592.741028][ C0] ? schedule+0x90/0x320 [ 592.741057][ C0] schedule+0x14b/0x320 [ 592.741093][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.741124][ C0] __mutex_lock+0x6a4/0xd70 [ 592.741166][ C0] ? __mutex_lock+0x527/0xd70 [ 592.741216][ C0] ? addrconf_verify_work+0x19/0x30 [ 592.741255][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.741285][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.741324][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.741369][ C0] ? get_rtnl_holder+0x144/0x190 [ 592.741400][ C0] ? process_scheduled_works+0x945/0x1830 [ 592.741431][ C0] addrconf_verify_work+0x19/0x30 [ 592.741466][ C0] process_scheduled_works+0xa2c/0x1830 [ 592.741567][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 592.741619][ C0] ? assign_work+0x364/0x3d0 [ 592.741663][ C0] worker_thread+0x86d/0xd40 [ 592.741724][ C0] ? __kthread_parkme+0x169/0x1d0 [ 592.741767][ C0] ? __pfx_worker_thread+0x10/0x10 [ 592.741809][ C0] kthread+0x2f0/0x390 [ 592.741847][ C0] ? __pfx_worker_thread+0x10/0x10 [ 592.741879][ C0] ? __pfx_kthread+0x10/0x10 [ 592.741918][ C0] ret_from_fork+0x4b/0x80 [ 592.741953][ C0] ? __pfx_kthread+0x10/0x10 [ 592.742051][ C0] ret_from_fork_asm+0x1a/0x30 [ 592.742114][ C0] [ 592.742126][ C0] DEBUG: waiting rtnl_mutex for 1102 jiffies. [ 592.742142][ C0] task:syz-executor state:D stack:20784 pid:11087 tgid:11087 ppid:1 flags:0x00004006 [ 592.742188][ C0] Call Trace: [ 592.742199][ C0] [ 592.742219][ C0] __schedule+0x1800/0x4a60 [ 592.742290][ C0] ? __pfx___schedule+0x10/0x10 [ 592.742330][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.742367][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 592.742427][ C0] ? schedule+0x90/0x320 [ 592.742456][ C0] schedule+0x14b/0x320 [ 592.742492][ C0] schedule_preempt_disabled+0x13/0x30 [ 592.742522][ C0] __mutex_lock+0x6a4/0xd70 [ 592.742564][ C0] ? __mutex_lock+0x527/0xd70 [ 592.742603][ C0] ? tun_chr_close+0x3e/0x1b0 [ 592.742645][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 592.742700][ C0] ? get_rtnl_holder+0x144/0x190 [ 592.742746][ C0] tun_chr_close+0x3e/0x1b0 [ 592.742789][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 592.742827][ C0] __fput+0x24a/0x8a0 [ 592.742885][ C0] task_work_run+0x24f/0x310 [ 592.742922][ C0] ? __pfx_task_work_run+0x10/0x10 [ 592.742954][ C0] ? do_exit+0xa2a/0x27f0 [ 592.742987][ C0] ? kmem_cache_free+0x145/0x350 [ 592.743032][ C0] do_exit+0xa2f/0x27f0 [ 592.743085][ C0] ? __pfx_do_exit+0x10/0x10 [ 592.743123][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 592.743160][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.743200][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.743231][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 592.743269][ C0] do_group_exit+0x207/0x2c0 [ 592.743305][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 592.743333][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 592.743374][ C0] get_signal+0x16a1/0x1740 [ 592.743432][ C0] ? __pfx_get_signal+0x10/0x10 [ 592.743480][ C0] arch_do_signal_or_restart+0x96/0x830 [ 592.743521][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 592.743552][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.743609][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 592.743652][ C0] syscall_exit_to_user_mode+0xc9/0x370 [ 592.743695][ C0] do_syscall_64+0x100/0x230 [ 592.743733][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.743768][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.743804][ C0] RIP: 0033:0x7f303896c217 [ 592.743832][ C0] RSP: 002b:00007ffd2f39e5f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 592.743862][ C0] RAX: fffffffffffffe00 RBX: 0000000000000056 RCX: 00007f303896c217 [ 592.743882][ C0] RDX: 0000000040000000 RSI: 00007ffd2f39e67c RDI: 00000000ffffffff [ 592.743902][ C0] RBP: 00007ffd2f39e67c R08: 0000000000000000 R09: 7fffffffffffffff [ 592.743939][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 000055559241d5eb [ 592.743958][ C0] R13: 000055559241d590 R14: 00007f30389d5418 R15: 0000000000000008 [ 592.744007][ C0] [ 592.744022][ C0] [ 592.744022][ C0] Showing all locks held in the system: [ 592.744037][ C0] 3 locks held by kworker/u8:1/12: [ 592.744055][ C0] #0: ffff88802a193148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 592.744137][ C0] #1: ffffc90000117d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 592.744215][ C0] #2: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 592.744300][ C0] 2 locks held by kworker/u8:3/53: [ 592.744317][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 592.744391][ C0] #1: ffffc90000bd7d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 592.744501][ C0] 1 lock held by syslogd/4527: [ 592.744520][ C0] 2 locks held by getty/4848: [ 592.744536][ C0] #0: ffff88802ad4c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 592.744611][ C0] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 592.744681][ C0] 7 locks held by kworker/0:3/5143: [ 592.744697][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 592.744773][ C0] #1: ffffc90003aefd00 ((work_completion)(&uhid->worker)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 592.744857][ C0] #2: ffff88802d7e5a20 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 592.744931][ C0] #3: ffffffff8e2110a0 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0x4ed/0x900 [ 592.745000][ C0] #4: ffffffff8e210cb0 (console_srcu){....}-{0:0}, at: console_flush_all+0x147/0xf50 [ 592.745071][ C0] #5: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 592.745140][ C0] #6: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 592.745224][ C0] 1 lock held by syz.2.1279/10357: [ 592.745241][ C0] #0: ffff88802d1cc068 (&uhid->devlock){+.+.}-{3:3}, at: uhid_char_write+0x78/0xb50 [ 592.745323][ C0] 1 lock held by syz-executor/11087: [ 592.745340][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 592.745424][ C0] 2 locks held by syz.0.1681/11407: [ 592.745441][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 592.745521][ C0] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 592.745606][ C0] 2 locks held by syz.1.1698/11452: [ 592.745623][ C0] #0: ffffffff8f5f2190 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 592.745703][ C0] #1: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 592.745774][ C0] 1 lock held by syz.3.1705/11478: [ 592.745799][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 592.745870][ C0] 1 lock held by syz-executor/11546: [ 592.745886][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 592.745966][ C0] 1 lock held by syz.2.1736/11566: [ 592.745983][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 592.746063][ C0] 1 lock held by syz-executor/11568: [ 592.746080][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 592.746159][ C0] 1 lock held by syz-executor/11578: [ 592.746176][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 592.746257][ C0] 1 lock held by syz-executor/11598: [ 592.746273][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 592.746353][ C0] 1 lock held by syz.4.1749/11606: [ 592.746369][ C0] #0: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 592.746465][ C0] [ 592.746474][ C0] ============================================= [ 592.746474][ C0] [ 593.766128][ C0] DEBUG: holding rtnl_mutex for 3984 jiffies. [ 593.766154][ C0] task:syz.0.1681 state:D stack:24672 pid:11407 tgid:11407 ppid:11075 flags:0x00004006 [ 593.766201][ C0] Call Trace: [ 593.766212][ C0] [ 593.766234][ C0] __schedule+0x1800/0x4a60 [ 593.766304][ C0] ? __pfx___schedule+0x10/0x10 [ 593.766339][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.766372][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.766427][ C0] ? schedule+0x90/0x320 [ 593.766454][ C0] schedule+0x14b/0x320 [ 593.766486][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.766513][ C0] __mutex_lock+0x6a4/0xd70 [ 593.766551][ C0] ? __mutex_lock+0x527/0xd70 [ 593.766585][ C0] ? synchronize_rcu_expedited+0x451/0x830 [ 593.766624][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.766665][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 593.766713][ C0] synchronize_rcu_expedited+0x451/0x830 [ 593.766755][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 593.766823][ C0] ? __pfx___might_resched+0x10/0x10 [ 593.766850][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 593.766886][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.766934][ C0] synchronize_rcu+0x11b/0x360 [ 593.766969][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 593.767027][ C0] lockdep_unregister_key+0x556/0x610 [ 593.767064][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 593.767094][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 593.767135][ C0] ? __qdisc_destroy+0x150/0x410 [ 593.767176][ C0] ? kfree+0x149/0x360 [ 593.767210][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 593.767252][ C0] __qdisc_destroy+0x165/0x410 [ 593.767283][ C0] dev_shutdown+0x9b/0x440 [ 593.767317][ C0] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 593.767350][ C0] ? __lock_acquire+0x1359/0x2000 [ 593.767421][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 593.767450][ C0] ? __asan_memset+0x23/0x50 [ 593.767474][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 593.767526][ C0] ? __asan_memset+0x23/0x50 [ 593.767551][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 593.767600][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 593.767635][ C0] unregister_netdevice_queue+0x303/0x370 [ 593.767669][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 593.767723][ C0] __tun_detach+0x6b6/0x1600 [ 593.767772][ C0] tun_chr_close+0x108/0x1b0 [ 593.767805][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 593.767839][ C0] __fput+0x24a/0x8a0 [ 593.767891][ C0] task_work_run+0x24f/0x310 [ 593.767925][ C0] ? __pfx_task_work_run+0x10/0x10 [ 593.767957][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 593.767996][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 593.768035][ C0] do_syscall_64+0x100/0x230 [ 593.768070][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.768103][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.768130][ C0] RIP: 0033:0x7f6c5bf75f19 [ 593.768184][ C0] RSP: 002b:00007fff6f471208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 593.768210][ C0] RAX: 0000000000000000 RBX: 00007f6c5c105a60 RCX: 00007f6c5bf75f19 [ 593.768229][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 593.768246][ C0] RBP: 00007f6c5c105a60 R08: 0000000000000006 R09: 000000116f47153f [ 593.768264][ C0] R10: 00000000003ffcac R11: 0000000000000246 R12: 00000000000873a2 [ 593.768281][ C0] R13: 0000000000000032 R14: 00007f6c5c105a60 R15: 00007fff6f4712f0 [ 593.768326][ C0] [ 593.768337][ C0] DEBUG: waiting rtnl_mutex for 3917 jiffies. [ 593.768353][ C0] task:syz.1.1698 state:D stack:23800 pid:11452 tgid:11451 ppid:10549 flags:0x00004004 [ 593.768394][ C0] Call Trace: [ 593.768403][ C0] [ 593.768420][ C0] __schedule+0x1800/0x4a60 [ 593.768472][ C0] ? __pfx___schedule+0x10/0x10 [ 593.768505][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.768536][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.768585][ C0] ? schedule+0x90/0x320 [ 593.768609][ C0] schedule+0x14b/0x320 [ 593.768641][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.768666][ C0] __mutex_lock+0x6a4/0xd70 [ 593.768709][ C0] ? __mutex_lock+0x527/0xd70 [ 593.768742][ C0] ? register_nexthop_notifier+0x84/0x290 [ 593.768771][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.768819][ C0] ? get_rtnl_holder+0x144/0x190 [ 593.768851][ C0] register_nexthop_notifier+0x84/0x290 [ 593.768876][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 593.768915][ C0] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 593.768952][ C0] ? __asan_memset+0x23/0x50 [ 593.768983][ C0] ops_init+0x359/0x610 [ 593.769021][ C0] setup_net+0x515/0xca0 [ 593.769053][ C0] ? __pfx_down_read_killable+0x10/0x10 [ 593.769089][ C0] ? __pfx_setup_net+0x10/0x10 [ 593.769146][ C0] ? read_word_at_a_time+0xe/0x20 [ 593.769186][ C0] copy_net_ns+0x4e2/0x7b0 [ 593.769233][ C0] create_new_namespaces+0x425/0x7b0 [ 593.769268][ C0] ? bpf_lsm_capable+0x9/0x10 [ 593.769308][ C0] ? copy_namespaces+0x5c/0x490 [ 593.769336][ C0] copy_namespaces+0x41a/0x490 [ 593.769374][ C0] copy_process+0x1934/0x3d70 [ 593.769431][ C0] ? copy_process+0x9fa/0x3d70 [ 593.769467][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 593.769503][ C0] ? __pfx_copy_process+0x10/0x10 [ 593.769536][ C0] ? futex_wake+0x523/0x5c0 [ 593.769593][ C0] kernel_clone+0x226/0x8f0 [ 593.769638][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 593.769713][ C0] __x64_sys_clone+0x258/0x2a0 [ 593.769754][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 593.769811][ C0] ? do_syscall_64+0x100/0x230 [ 593.769852][ C0] ? do_syscall_64+0xb6/0x230 [ 593.769892][ C0] do_syscall_64+0xf3/0x230 [ 593.769926][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.769961][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.769987][ C0] RIP: 0033:0x7f42e1975f19 [ 593.770015][ C0] RSP: 002b:00007f42e26cbff8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 593.770044][ C0] RAX: ffffffffffffffda RBX: 00007f42e1b03f60 RCX: 00007f42e1975f19 [ 593.770064][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 593.770082][ C0] RBP: 00007f42e19e4bcd R08: 0000000000000000 R09: 0000000000000000 [ 593.770097][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 593.770114][ C0] R13: 000000000000000b R14: 00007f42e1b03f60 R15: 00007ffd05635f58 [ 593.770159][ C0] [ 593.770171][ C0] DEBUG: waiting rtnl_mutex for 3749 jiffies. [ 593.770196][ C0] task:syz.3.1705 state:D stack:26848 pid:11478 tgid:11475 ppid:9073 flags:0x00000004 [ 593.770255][ C0] Call Trace: [ 593.770265][ C0] [ 593.770283][ C0] __schedule+0x1800/0x4a60 [ 593.770346][ C0] ? __pfx___schedule+0x10/0x10 [ 593.770381][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.770414][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.770469][ C0] ? schedule+0x90/0x320 [ 593.770495][ C0] schedule+0x14b/0x320 [ 593.770539][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.770564][ C0] __mutex_lock+0x6a4/0xd70 [ 593.770598][ C0] ? __mutex_lock+0x527/0xd70 [ 593.770631][ C0] ? __tun_chr_ioctl+0x48f/0x2400 [ 593.770658][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.770710][ C0] ? get_rtnl_holder+0x144/0x190 [ 593.770739][ C0] __tun_chr_ioctl+0x48f/0x2400 [ 593.770782][ C0] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 593.770818][ C0] ? __fget_files+0x3f6/0x470 [ 593.770842][ C0] ? __fget_files+0x29/0x470 [ 593.770876][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 593.770897][ C0] ? security_file_ioctl+0x87/0xb0 [ 593.770928][ C0] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 593.770964][ C0] __se_sys_ioctl+0xfc/0x170 [ 593.771004][ C0] do_syscall_64+0xf3/0x230 [ 593.771039][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.771069][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.771094][ C0] RIP: 0033:0x7fbef7175f19 [ 593.771119][ C0] RSP: 002b:00007fbef6bff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 593.771145][ C0] RAX: ffffffffffffffda RBX: 00007fbef7303f60 RCX: 00007fbef7175f19 [ 593.771163][ C0] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 593.771179][ C0] RBP: 00007fbef71e4bcd R08: 0000000000000000 R09: 0000000000000000 [ 593.771214][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 593.771228][ C0] R13: 000000000000000b R14: 00007fbef7303f60 R15: 00007ffc0a273958 [ 593.771274][ C0] [ 593.771284][ C0] DEBUG: waiting rtnl_mutex for 3092 jiffies. [ 593.771298][ C0] task:syz-executor state:D stack:24992 pid:11546 tgid:11546 ppid:11534 flags:0x00000000 [ 593.771341][ C0] Call Trace: [ 593.771352][ C0] [ 593.771371][ C0] __schedule+0x1800/0x4a60 [ 593.771444][ C0] ? __pfx___schedule+0x10/0x10 [ 593.771478][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.771511][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.771564][ C0] ? schedule+0x90/0x320 [ 593.771609][ C0] schedule+0x14b/0x320 [ 593.771643][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.771678][ C0] __mutex_lock+0x6a4/0xd70 [ 593.771719][ C0] ? __mutex_lock+0x527/0xd70 [ 593.771756][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 593.771795][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.771848][ C0] ? get_rtnl_holder+0x144/0x190 [ 593.771879][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 593.771923][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 593.771973][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 593.772041][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 593.772088][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.772127][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.772166][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 593.772211][ C0] ? mark_lock+0x9a/0x360 [ 593.772243][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.772284][ C0] ? __lock_acquire+0x1359/0x2000 [ 593.772344][ C0] ? mark_lock+0x9a/0x360 [ 593.772385][ C0] ? __lock_acquire+0x1359/0x2000 [ 593.772454][ C0] netlink_rcv_skb+0x1e3/0x430 [ 593.772495][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 593.772545][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 593.772619][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 593.772658][ C0] netlink_unicast+0x7f0/0x990 [ 593.772710][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 593.772739][ C0] ? __virt_addr_valid+0x183/0x530 [ 593.772777][ C0] ? __check_object_size+0x49c/0x900 [ 593.772807][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 593.772842][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 593.772899][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.772938][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 593.772968][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 593.772999][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 593.773034][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.773066][ C0] __sock_sendmsg+0x221/0x270 [ 593.773125][ C0] __sys_sendto+0x3a4/0x4f0 [ 593.773164][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 593.773239][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 593.773278][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.773313][ C0] ? exc_page_fault+0x590/0x8c0 [ 593.773352][ C0] __x64_sys_sendto+0xde/0x100 [ 593.773387][ C0] do_syscall_64+0xf3/0x230 [ 593.773424][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.773458][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.773486][ C0] RIP: 0033:0x7faad6f77cac [ 593.773514][ C0] RSP: 002b:00007ffdee280880 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 593.773557][ C0] RAX: ffffffffffffffda RBX: 00007faad7c34620 RCX: 00007faad6f77cac [ 593.773594][ C0] RDX: 0000000000000028 RSI: 00007faad7c34670 RDI: 0000000000000003 [ 593.773613][ C0] RBP: 0000000000000000 R08: 00007ffdee2808d4 R09: 000000000000000c [ 593.773631][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 593.773648][ C0] R13: 0000000000000000 R14: 00007faad7c34670 R15: 0000000000000000 [ 593.773701][ C0] [ 593.773713][ C0] DEBUG: waiting rtnl_mutex for 2809 jiffies. [ 593.773729][ C0] task:syz.2.1736 state:D stack:23472 pid:11566 tgid:11566 ppid:11087 flags:0x00004002 [ 593.773773][ C0] Call Trace: [ 593.773785][ C0] [ 593.773804][ C0] __schedule+0x1800/0x4a60 [ 593.773875][ C0] ? __pfx___schedule+0x10/0x10 [ 593.773912][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.773948][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.774008][ C0] ? schedule+0x90/0x320 [ 593.774037][ C0] schedule+0x14b/0x320 [ 593.774072][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.774101][ C0] __mutex_lock+0x6a4/0xd70 [ 593.774142][ C0] ? __mutex_lock+0x527/0xd70 [ 593.774179][ C0] ? tun_chr_close+0x3e/0x1b0 [ 593.774220][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.774275][ C0] ? get_rtnl_holder+0x144/0x190 [ 593.774309][ C0] tun_chr_close+0x3e/0x1b0 [ 593.774345][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 593.774384][ C0] __fput+0x24a/0x8a0 [ 593.774442][ C0] task_work_run+0x24f/0x310 [ 593.774480][ C0] ? __pfx_task_work_run+0x10/0x10 [ 593.774517][ C0] ? switch_task_namespaces+0xe1/0x110 [ 593.774554][ C0] do_exit+0xa2f/0x27f0 [ 593.774599][ C0] ? preempt_schedule_common+0x84/0xd0 [ 593.774637][ C0] ? __pfx_do_exit+0x10/0x10 [ 593.774670][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 593.774717][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.774760][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 593.774802][ C0] do_group_exit+0x207/0x2c0 [ 593.774851][ C0] __x64_sys_exit_group+0x3f/0x40 [ 593.774888][ C0] x64_sys_call+0x26e0/0x26e0 [ 593.774922][ C0] do_syscall_64+0xf3/0x230 [ 593.774960][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.774996][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.775024][ C0] RIP: 0033:0x7f3038975f19 [ 593.775050][ C0] RSP: 002b:00007ffd2f39ddb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 593.775079][ C0] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f3038975f19 [ 593.775099][ C0] RDX: 0000001b2f420000 RSI: 0000000000000000 RDI: 000000000000000b [ 593.775125][ C0] RBP: 000000000008a157 R08: 0000000000000006 R09: 000000000000000b [ 593.775146][ C0] R10: 00000000003ffd40 R11: 0000000000000246 R12: 00007f3038b04038 [ 593.775165][ C0] R13: 0000000000000032 R14: 00007f3038b03f60 R15: 00007f3038b04038 [ 593.775214][ C0] [ 593.775226][ C0] DEBUG: waiting rtnl_mutex for 2791 jiffies. [ 593.775241][ C0] task:syz-executor state:D stack:24992 pid:11568 tgid:11568 ppid:11562 flags:0x00000000 [ 593.775285][ C0] Call Trace: [ 593.775295][ C0] [ 593.775315][ C0] __schedule+0x1800/0x4a60 [ 593.775386][ C0] ? __pfx___schedule+0x10/0x10 [ 593.775424][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.775460][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.775530][ C0] ? schedule+0x90/0x320 [ 593.775558][ C0] schedule+0x14b/0x320 [ 593.775592][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.775621][ C0] __mutex_lock+0x6a4/0xd70 [ 593.775660][ C0] ? __mutex_lock+0x527/0xd70 [ 593.775701][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 593.775740][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.775793][ C0] ? get_rtnl_holder+0x144/0x190 [ 593.775824][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 593.775867][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 593.775908][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 593.775943][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 593.775990][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.776027][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.776066][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 593.776110][ C0] ? mark_lock+0x9a/0x360 [ 593.776141][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.776183][ C0] ? __lock_acquire+0x1359/0x2000 [ 593.776242][ C0] ? mark_lock+0x9a/0x360 [ 593.776283][ C0] ? __lock_acquire+0x1359/0x2000 [ 593.776351][ C0] netlink_rcv_skb+0x1e3/0x430 [ 593.776389][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 593.776430][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 593.776509][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 593.776551][ C0] netlink_unicast+0x7f0/0x990 [ 593.776602][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 593.776633][ C0] ? __virt_addr_valid+0x183/0x530 [ 593.776681][ C0] ? __check_object_size+0x49c/0x900 [ 593.776712][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 593.776751][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 593.776811][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.776853][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 593.776885][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 593.776917][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 593.776953][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.776987][ C0] __sock_sendmsg+0x221/0x270 [ 593.777028][ C0] __sys_sendto+0x3a4/0x4f0 [ 593.777068][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 593.777142][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 593.777182][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.777217][ C0] ? exc_page_fault+0x590/0x8c0 [ 593.777255][ C0] __x64_sys_sendto+0xde/0x100 [ 593.777292][ C0] do_syscall_64+0xf3/0x230 [ 593.777329][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.777363][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.777392][ C0] RIP: 0033:0x7f17c9b77cac [ 593.777418][ C0] RSP: 002b:00007ffd986f2480 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 593.777448][ C0] RAX: ffffffffffffffda RBX: 00007f17ca834620 RCX: 00007f17c9b77cac [ 593.777477][ C0] RDX: 0000000000000028 RSI: 00007f17ca834670 RDI: 0000000000000003 [ 593.777496][ C0] RBP: 0000000000000000 R08: 00007ffd986f24d4 R09: 000000000000000c [ 593.777514][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 593.777531][ C0] R13: 0000000000000000 R14: 00007f17ca834670 R15: 0000000000000000 [ 593.777577][ C0] [ 593.777588][ C0] DEBUG: waiting rtnl_mutex for 2665 jiffies. [ 593.777602][ C0] task:syz-executor state:D stack:24992 pid:11578 tgid:11578 ppid:11572 flags:0x00000000 [ 593.777646][ C0] Call Trace: [ 593.777656][ C0] [ 593.777681][ C0] __schedule+0x1800/0x4a60 [ 593.777749][ C0] ? __pfx___schedule+0x10/0x10 [ 593.777786][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.777821][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.777878][ C0] ? schedule+0x90/0x320 [ 593.777906][ C0] schedule+0x14b/0x320 [ 593.777948][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.777973][ C0] __mutex_lock+0x6a4/0xd70 [ 593.778008][ C0] ? __mutex_lock+0x527/0xd70 [ 593.778036][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 593.778069][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.778116][ C0] ? get_rtnl_holder+0x144/0x190 [ 593.778142][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 593.778180][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 593.778219][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 593.778248][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 593.778291][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.778327][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.778363][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 593.778402][ C0] ? mark_lock+0x9a/0x360 [ 593.778431][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.778467][ C0] ? __lock_acquire+0x1359/0x2000 [ 593.778519][ C0] ? mark_lock+0x9a/0x360 [ 593.778558][ C0] ? __lock_acquire+0x1359/0x2000 [ 593.778623][ C0] netlink_rcv_skb+0x1e3/0x430 [ 593.778689][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 593.778731][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 593.778810][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 593.778862][ C0] netlink_unicast+0x7f0/0x990 [ 593.778929][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 593.778961][ C0] ? __virt_addr_valid+0x183/0x530 [ 593.779003][ C0] ? __check_object_size+0x49c/0x900 [ 593.779036][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 593.779075][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 593.779135][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.779180][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 593.779213][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 593.779247][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 593.779287][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.779322][ C0] __sock_sendmsg+0x221/0x270 [ 593.779366][ C0] __sys_sendto+0x3a4/0x4f0 [ 593.779406][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 593.779481][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 593.779521][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.779557][ C0] ? exc_page_fault+0x590/0x8c0 [ 593.779597][ C0] __x64_sys_sendto+0xde/0x100 [ 593.779634][ C0] do_syscall_64+0xf3/0x230 [ 593.779717][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.779754][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.779782][ C0] RIP: 0033:0x7fee46377cac [ 593.779812][ C0] RSP: 002b:00007ffedee40fa0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 593.779842][ C0] RAX: ffffffffffffffda RBX: 00007fee47034620 RCX: 00007fee46377cac [ 593.779863][ C0] RDX: 0000000000000028 RSI: 00007fee47034670 RDI: 0000000000000003 [ 593.779881][ C0] RBP: 0000000000000000 R08: 00007ffedee40ff4 R09: 000000000000000c [ 593.779900][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 593.779915][ C0] R13: 0000000000000000 R14: 00007fee47034670 R15: 0000000000000000 [ 593.779959][ C0] [ 593.779971][ C0] DEBUG: waiting rtnl_mutex for 1699 jiffies. [ 593.779987][ C0] task:syz-executor state:D stack:24992 pid:11598 tgid:11598 ppid:11597 flags:0x00000000 [ 593.780032][ C0] Call Trace: [ 593.780043][ C0] [ 593.780063][ C0] __schedule+0x1800/0x4a60 [ 593.780133][ C0] ? __pfx___schedule+0x10/0x10 [ 593.780170][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.780206][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.780263][ C0] ? schedule+0x90/0x320 [ 593.780292][ C0] schedule+0x14b/0x320 [ 593.780327][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.780356][ C0] __mutex_lock+0x6a4/0xd70 [ 593.780396][ C0] ? __mutex_lock+0x527/0xd70 [ 593.780433][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 593.780472][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.780525][ C0] ? get_rtnl_holder+0x144/0x190 [ 593.780557][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 593.780602][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 593.780644][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 593.780685][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 593.780734][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.780773][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.780812][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 593.780854][ C0] ? mark_lock+0x9a/0x360 [ 593.780883][ C0] ? __pfx_validate_chain+0x10/0x10 [ 593.780925][ C0] ? __lock_acquire+0x1359/0x2000 [ 593.780986][ C0] ? mark_lock+0x9a/0x360 [ 593.781029][ C0] ? __lock_acquire+0x1359/0x2000 [ 593.781099][ C0] netlink_rcv_skb+0x1e3/0x430 [ 593.781141][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 593.781182][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 593.781261][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 593.781305][ C0] netlink_unicast+0x7f0/0x990 [ 593.781357][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 593.781389][ C0] ? __virt_addr_valid+0x183/0x530 [ 593.781431][ C0] ? __check_object_size+0x49c/0x900 [ 593.781462][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 593.781501][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 593.781561][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.781605][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 593.781637][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 593.781677][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 593.781717][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.781753][ C0] __sock_sendmsg+0x221/0x270 [ 593.781797][ C0] __sys_sendto+0x3a4/0x4f0 [ 593.781837][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 593.781912][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 593.781952][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.782038][ C0] ? exc_page_fault+0x590/0x8c0 [ 593.782077][ C0] __x64_sys_sendto+0xde/0x100 [ 593.782111][ C0] do_syscall_64+0xf3/0x230 [ 593.782147][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.782179][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.782205][ C0] RIP: 0033:0x7f14c1577cac [ 593.782232][ C0] RSP: 002b:00007ffde20c71e0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 593.782262][ C0] RAX: ffffffffffffffda RBX: 00007f14c2234620 RCX: 00007f14c1577cac [ 593.782282][ C0] RDX: 0000000000000028 RSI: 00007f14c2234670 RDI: 0000000000000003 [ 593.782301][ C0] RBP: 0000000000000000 R08: 00007ffde20c7234 R09: 000000000000000c [ 593.782318][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 593.782336][ C0] R13: 0000000000000000 R14: 00007f14c2234670 R15: 0000000000000000 [ 593.782381][ C0] [ 593.782393][ C0] DEBUG: waiting rtnl_mutex for 1521 jiffies. [ 593.782408][ C0] task:kworker/u8:1 state:D stack:21008 pid:12 tgid:12 ppid:2 flags:0x00004000 [ 593.782453][ C0] Workqueue: ipv6_addrconf addrconf_verify_work [ 593.782490][ C0] Call Trace: [ 593.782501][ C0] [ 593.782520][ C0] __schedule+0x1800/0x4a60 [ 593.782588][ C0] ? __pfx___schedule+0x10/0x10 [ 593.782624][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.782660][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.782708][ C0] ? kthread_data+0x52/0xd0 [ 593.782740][ C0] ? schedule+0x90/0x320 [ 593.782767][ C0] ? wq_worker_sleeping+0x66/0x240 [ 593.782805][ C0] ? schedule+0x90/0x320 [ 593.782832][ C0] schedule+0x14b/0x320 [ 593.782866][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.782895][ C0] __mutex_lock+0x6a4/0xd70 [ 593.782934][ C0] ? __mutex_lock+0x527/0xd70 [ 593.782971][ C0] ? addrconf_verify_work+0x19/0x30 [ 593.783008][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.783038][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 593.783077][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.783120][ C0] ? get_rtnl_holder+0x144/0x190 [ 593.783150][ C0] ? process_scheduled_works+0x945/0x1830 [ 593.783180][ C0] addrconf_verify_work+0x19/0x30 [ 593.783214][ C0] process_scheduled_works+0xa2c/0x1830 [ 593.783294][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 593.783342][ C0] ? assign_work+0x364/0x3d0 [ 593.783384][ C0] worker_thread+0x86d/0xd40 [ 593.783441][ C0] ? __kthread_parkme+0x169/0x1d0 [ 593.783481][ C0] ? __pfx_worker_thread+0x10/0x10 [ 593.783513][ C0] kthread+0x2f0/0x390 [ 593.783548][ C0] ? __pfx_worker_thread+0x10/0x10 [ 593.783579][ C0] ? __pfx_kthread+0x10/0x10 [ 593.783616][ C0] ret_from_fork+0x4b/0x80 [ 593.783649][ C0] ? __pfx_kthread+0x10/0x10 [ 593.783692][ C0] ret_from_fork_asm+0x1a/0x30 [ 593.783753][ C0] [ 593.783765][ C0] DEBUG: waiting rtnl_mutex for 1206 jiffies. [ 593.783780][ C0] task:syz-executor state:D stack:20784 pid:11087 tgid:11087 ppid:1 flags:0x00004006 [ 593.783822][ C0] Call Trace: [ 593.783832][ C0] [ 593.783852][ C0] __schedule+0x1800/0x4a60 [ 593.783919][ C0] ? __pfx___schedule+0x10/0x10 [ 593.783955][ C0] ? __pfx_lock_release+0x10/0x10 [ 593.783990][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 593.784047][ C0] ? schedule+0x90/0x320 [ 593.784075][ C0] schedule+0x14b/0x320 [ 593.784108][ C0] schedule_preempt_disabled+0x13/0x30 [ 593.784136][ C0] __mutex_lock+0x6a4/0xd70 [ 593.784175][ C0] ? __mutex_lock+0x527/0xd70 [ 593.784212][ C0] ? tun_chr_close+0x3e/0x1b0 [ 593.784251][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 593.784304][ C0] ? get_rtnl_holder+0x144/0x190 [ 593.784337][ C0] tun_chr_close+0x3e/0x1b0 [ 593.784389][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 593.784428][ C0] __fput+0x24a/0x8a0 [ 593.784485][ C0] task_work_run+0x24f/0x310 [ 593.784523][ C0] ? __pfx_task_work_run+0x10/0x10 [ 593.784554][ C0] ? do_exit+0xa2a/0x27f0 [ 593.784588][ C0] ? kmem_cache_free+0x145/0x350 [ 593.784634][ C0] do_exit+0xa2f/0x27f0 [ 593.784693][ C0] ? __pfx_do_exit+0x10/0x10 [ 593.784731][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 593.784769][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 593.784808][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.784840][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 593.784878][ C0] do_group_exit+0x207/0x2c0 [ 593.784914][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 593.784942][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 593.784983][ C0] get_signal+0x16a1/0x1740 [ 593.785040][ C0] ? __pfx_get_signal+0x10/0x10 [ 593.785088][ C0] arch_do_signal_or_restart+0x96/0x830 [ 593.785127][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 593.785158][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 593.785215][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 593.785258][ C0] syscall_exit_to_user_mode+0xc9/0x370 [ 593.785301][ C0] do_syscall_64+0x100/0x230 [ 593.785339][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.785375][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.785403][ C0] RIP: 0033:0x7f303896c217 [ 593.785432][ C0] RSP: 002b:00007ffd2f39e5f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 593.785461][ C0] RAX: fffffffffffffe00 RBX: 0000000000000056 RCX: 00007f303896c217 [ 593.785481][ C0] RDX: 0000000040000000 RSI: 00007ffd2f39e67c RDI: 00000000ffffffff [ 593.785501][ C0] RBP: 00007ffd2f39e67c R08: 0000000000000000 R09: 7fffffffffffffff [ 593.785520][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 000055559241d5eb [ 593.785539][ C0] R13: 000055559241d590 R14: 00007f30389d5418 R15: 0000000000000008 [ 593.785598][ C0] [ 593.785612][ C0] [ 593.785612][ C0] Showing all locks held in the system: [ 593.785627][ C0] 3 locks held by kworker/u8:1/12: [ 593.785643][ C0] #0: ffff88802a193148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 593.785725][ C0] #1: ffffc90000117d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 593.785798][ C0] #2: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 593.785878][ C0] 2 locks held by kworker/u8:3/53: [ 593.785894][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 593.785966][ C0] #1: ffffc90000bd7d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 593.786066][ C0] 2 locks held by kworker/u8:8/3864: [ 593.786085][ C0] 2 locks held by getty/4848: [ 593.786100][ C0] #0: ffff88802ad4c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 593.786175][ C0] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 593.786246][ C0] 7 locks held by kworker/0:3/5143: [ 593.786261][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 593.786330][ C0] #1: ffffc90003aefd00 ((work_completion)(&uhid->worker)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 593.786401][ C0] #2: ffff88802d7e5a20 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 593.786470][ C0] #3: ffffffff8e2110a0 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0x4ed/0x900 [ 593.786534][ C0] #4: ffffffff8e210cb0 (console_srcu){....}-{0:0}, at: console_flush_all+0x147/0xf50 [ 593.786601][ C0] #5: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 593.786665][ C0] #6: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 593.786747][ C0] 3 locks held by syz-executor/8882: [ 593.786766][ C0] 1 lock held by syz.2.1279/10357: [ 593.786782][ C0] #0: ffff88802d1cc068 (&uhid->devlock){+.+.}-{3:3}, at: uhid_char_write+0x78/0xb50 [ 593.786859][ C0] 1 lock held by syz-executor/11087: [ 593.786875][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 593.786953][ C0] 2 locks held by syz.0.1681/11407: [ 593.786968][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 593.787053][ C0] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 593.787147][ C0] 2 locks held by syz.1.1698/11452: [ 593.787162][ C0] #0: ffffffff8f5f2190 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 593.787234][ C0] #1: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 593.787301][ C0] 1 lock held by syz.3.1705/11478: [ 593.787316][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 593.787382][ C0] 1 lock held by syz-executor/11546: [ 593.787398][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 593.787473][ C0] 1 lock held by syz.2.1736/11566: [ 593.787489][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 593.787564][ C0] 1 lock held by syz-executor/11568: [ 593.787579][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 593.787654][ C0] 1 lock held by syz-executor/11578: [ 593.787669][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 593.787751][ C0] 1 lock held by syz-executor/11598: [ 593.787767][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 593.787841][ C0] 1 lock held by syz.4.1749/11606: [ 593.787857][ C0] #0: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 593.787937][ C0] [ 593.787945][ C0] ============================================= [ 593.787945][ C0] [ 594.372450][T11571] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 594.405861][ T5143] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 594.482278][T11571] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 594.575100][ T5143] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 594.587446][T11571] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 594.637019][ T5143] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 594.642659][T11571] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 594.702280][ T5143] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 594.708174][T11571] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 594.759279][ T5143] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 594.761266][T11571] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 594.802110][ C0] DEBUG: holding rtnl_mutex for 4088 jiffies. [ 596.892311][T11571] Bluetooth: hci5: command tx timeout [ 596.895361][ C0] task:syz.0.1681 state:D [ 598.972247][T11571] Bluetooth: hci5: command tx timeout [ 598.972858][ C0] stack:24672 pid:11407 tgid:11407 ppid:11075 flags:0x00004006 [ 601.052330][T11571] Bluetooth: hci5: command tx timeout [ 601.060101][ C0] Call Trace: [ 601.060118][ C0] [ 601.060136][ C0] __schedule+0x1800/0x4a60 [ 601.060195][ C0] ? __pfx___schedule+0x10/0x10 [ 601.060227][ C0] ? __pfx_lock_release+0x10/0x10 [ 601.060259][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 601.060305][ C0] ? schedule+0x90/0x320 [ 601.060332][ C0] schedule+0x14b/0x320 [ 601.060364][ C0] synchronize_rcu_expedited+0x684/0x830 [ 601.060408][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 601.060466][ C0] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 601.060504][ C0] ? __pfx___might_resched+0x10/0x10 [ 601.060536][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 601.060569][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 601.060618][ C0] synchronize_rcu+0x11b/0x360 [ 601.060655][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 601.060709][ C0] lockdep_unregister_key+0x556/0x610 [ 601.060749][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 601.060781][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 601.060822][ C0] ? __qdisc_destroy+0x150/0x410 [ 601.060847][ C0] ? kfree+0x149/0x360 [ 601.060881][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 601.060922][ C0] __qdisc_destroy+0x165/0x410 [ 601.060951][ C0] dev_shutdown+0x9b/0x440 [ 601.060983][ C0] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 601.061018][ C0] ? __lock_acquire+0x1359/0x2000 [ 601.061070][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 601.061109][ C0] ? __asan_memset+0x23/0x50 [ 601.061135][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 601.061185][ C0] ? __asan_memset+0x23/0x50 [ 601.061210][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 601.061257][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 601.061290][ C0] unregister_netdevice_queue+0x303/0x370 [ 601.061323][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 601.061363][ C0] __tun_detach+0x6b6/0x1600 [ 601.061405][ C0] tun_chr_close+0x108/0x1b0 [ 601.061440][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 601.061477][ C0] __fput+0x24a/0x8a0 [ 601.061526][ C0] task_work_run+0x24f/0x310 [ 601.061559][ C0] ? __pfx_task_work_run+0x10/0x10 [ 601.061590][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 601.061630][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 601.061670][ C0] do_syscall_64+0x100/0x230 [ 601.061708][ C0] ? clear_bhb_loop+0x35/0x90 [ 601.061742][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.061772][ C0] RIP: 0033:0x7f6c5bf75f19 [ 601.061795][ C0] RSP: 002b:00007fff6f471208 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 601.061825][ C0] RAX: 0000000000000000 RBX: 00007f6c5c105a60 RCX: 00007f6c5bf75f19 [ 601.061845][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 601.061862][ C0] RBP: 00007f6c5c105a60 R08: 0000000000000006 R09: 000000116f47153f [ 601.061881][ C0] R10: 00000000003ffcac R11: 0000000000000246 R12: 00000000000873a2 [ 601.061899][ C0] R13: 0000000000000032 R14: 00007f6c5c105a60 R15: 00007fff6f4712f0 [ 601.061938][ C0] [ 601.061950][ C0] DEBUG: waiting rtnl_mutex for 4646 jiffies. [ 601.061965][ C0] task:syz.1.1698 state:D stack:23800 pid:11452 tgid:11451 ppid:10549 flags:0x00004004 [ 601.062089][ C0] Call Trace: [ 601.062101][ C0] [ 601.062118][ C0] __schedule+0x1800/0x4a60 [ 601.062171][ C0] ? __pfx___schedule+0x10/0x10 [ 603.134014][T11571] Bluetooth: hci5: command tx timeout [ 603.137562][ C0] ? __pfx_lock_release+0x10/0x10 [ 621.462334][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2657 jiffies s: 28621 root: 0x1/. [ 621.462393][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 621.462416][ T19] Sending NMI from CPU 1 to CPUs 0: [ 621.462452][ C0] NMI backtrace for cpu 0 [ 621.462467][ C0] CPU: 0 UID: 0 PID: 11606 Comm: syz.4.1749 Not tainted 6.10.0-rc6-next-20240702-syzkaller #0 [ 621.462505][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 621.462523][ C0] RIP: 0010:io_serial_in+0x76/0xb0 [ 621.462551][ C0] Code: 00 f2 53 fc 89 e9 41 d3 e6 48 83 c3 40 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 e1 c2 ba fc 44 03 33 44 89 f2 ec <0f> b6 c0 5b 41 5e 41 5f 5d c3 cc cc cc cc 89 e9 80 e1 07 38 c1 7c [ 621.462567][ C0] RSP: 0018:ffffc90000007278 EFLAGS: 00000002 [ 621.462584][ C0] RAX: 1ffffffff2964500 RBX: ffffffff94b228c0 RCX: 0000000000000000 [ 621.462598][ C0] RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000020 [ 621.462611][ C0] RBP: 0000000000000000 R08: ffffffff853f90d6 R09: 1ffff11003f72046 [ 621.462625][ C0] R10: dffffc0000000000 R11: ffffffff853f9090 R12: dffffc0000000000 [ 621.462641][ C0] R13: ffffffff94836c20 R14: 00000000000003fd R15: dffffc0000000000 [ 621.462655][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 621.462671][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 621.462685][ C0] CR2: 0000000020000080 CR3: 000000000e132000 CR4: 00000000003506f0 [ 621.462702][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 621.462713][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 621.462726][ C0] Call Trace: [ 621.462734][ C0] [ 621.462743][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 621.462767][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 621.462794][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 621.462815][ C0] ? nmi_handle+0x2a/0x5a0 [ 621.462843][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 621.462866][ C0] ? nmi_handle+0x14f/0x5a0 [ 621.462883][ C0] ? nmi_handle+0x2a/0x5a0 [ 621.462902][ C0] ? io_serial_in+0x76/0xb0 [ 621.462919][ C0] ? default_do_nmi+0x63/0x160 [ 621.462942][ C0] ? exc_nmi+0x123/0x1f0 [ 621.462962][ C0] ? end_repeat_nmi+0xf/0x53 [ 621.462986][ C0] ? __pfx_io_serial_in+0x10/0x10 [ 621.463005][ C0] ? io_serial_in+0x46/0xb0 [ 621.463024][ C0] ? io_serial_in+0x76/0xb0 [ 621.463042][ C0] ? io_serial_in+0x76/0xb0 [ 621.463062][ C0] ? io_serial_in+0x76/0xb0 [ 621.463080][ C0] [ 621.463086][ C0] [ 621.463095][ C0] serial8250_console_write+0x1373/0x1ed0 [ 621.463137][ C0] ? __pfx_serial8250_console_write+0x10/0x10 [ 621.463167][ C0] ? __pfx_lock_release+0x10/0x10 [ 621.463191][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 621.463216][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 621.463239][ C0] ? __pfx_univ8250_console_write+0x10/0x10 [ 621.463265][ C0] console_flush_all+0x880/0xf50 [ 621.463289][ C0] ? mark_lock+0x9a/0x360 [ 621.463314][ C0] ? console_flush_all+0x147/0xf50 [ 621.463338][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 621.463370][ C0] console_unlock+0x13b/0x4d0 [ 621.463398][ C0] ? __pfx_console_unlock+0x10/0x10 [ 621.463420][ C0] ? vprintk_emit+0x470/0x900 [ 621.463440][ C0] ? vprintk_emit+0x761/0x900 [ 621.463461][ C0] vprintk_emit+0x7a1/0x900 [ 621.463483][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 621.463512][ C0] _printk+0xd5/0x120 [ 621.463539][ C0] ? __pfx_lock_release+0x10/0x10 [ 621.463562][ C0] ? wq_watchdog_touch+0xe5/0x180 [ 621.463583][ C0] ? __pfx__printk+0x10/0x10 [ 621.463607][ C0] ? 0xffffffffa00007d8 [ 621.463624][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 621.463652][ C0] ? is_bpf_text_address+0x26/0x2a0 [ 621.463683][ C0] ? wq_watchdog_touch+0xef/0x180 [ 621.463704][ C0] ? __pfx_lock_release+0x10/0x10 [ 621.463727][ C0] show_trace_log_lvl+0x43a/0x520 [ 621.463764][ C0] ? schedule+0x14b/0x320 [ 621.463789][ C0] sched_show_task+0x506/0x6d0 [ 621.463810][ C0] ? report_rtnl_holders+0x29e/0x3f0 [ 621.463837][ C0] ? __pfx__printk+0x10/0x10 [ 621.463863][ C0] ? __pfx_sched_show_task+0x10/0x10 [ 621.463882][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 621.463904][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 621.463930][ C0] report_rtnl_holders+0x320/0x3f0 [ 621.463961][ C0] call_timer_fn+0x18e/0x650 [ 621.463978][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 621.464003][ C0] ? call_timer_fn+0xc0/0x650 [ 621.464019][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 621.464045][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 621.464064][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 621.464090][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 621.464116][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 621.464140][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 621.464160][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 621.464185][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 621.464212][ C0] __run_timer_base+0x66a/0x8e0 [ 621.464247][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 621.464279][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 621.464314][ C0] run_timer_softirq+0xb7/0x170 [ 621.464341][ C0] handle_softirqs+0x2c4/0x970 [ 621.464368][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 621.464399][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 621.464425][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 621.464453][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 621.464476][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 621.464504][ C0] irq_exit_rcu+0x9/0x30 [ 621.464525][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 621.464551][ C0] [ 621.464558][ C0] [ 621.464565][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 621.464589][ C0] RIP: 0010:mod_memcg_page_state+0x6e/0x770 [ 621.464619][ C0] Code: 20 b3 8a b5 41 48 c7 44 24 28 03 4e b8 8d 48 c7 44 24 30 10 14 eb 81 4c 8d 64 24 20 49 c1 ec 03 48 b8 f1 f1 f1 f1 00 f2 f2 f2 <49> 89 04 0c 66 41 c7 44 0c 09 f3 f3 41 c6 44 0c 0b f3 e8 4b 6e a8 [ 621.464637][ C0] RSP: 0018:ffffc90009e27820 EFLAGS: 00000a02 [ 621.464652][ C0] RAX: f2f2f200f1f1f1f1 RBX: ffffea0001752800 RCX: dffffc0000000000 [ 621.464667][ C0] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffffea0001752800 [ 621.464680][ C0] RBP: ffffc90009e278e8 R08: ffff8880b94449c3 R09: 1ffff11017288938 [ 621.464695][ C0] R10: dffffc0000000000 R11: ffffed1017288939 R12: 1ffff920013c4f08 [ 621.464710][ C0] R13: 1ffff1100512e324 R14: 000000000000010f R15: ffff88802897192c [ 621.464736][ C0] ? __pfx___might_resched+0x10/0x10 [ 621.464760][ C0] ? __pfx_mod_memcg_page_state+0x10/0x10 [ 621.464790][ C0] ? free_unref_page+0x634/0xea0 [ 621.464822][ C0] vfree+0x17c/0x2e0 [ 621.464851][ C0] kcov_close+0x2b/0x50 [ 621.464877][ C0] ? __pfx_kcov_close+0x10/0x10 [ 621.464903][ C0] __fput+0x24a/0x8a0 [ 621.464937][ C0] task_work_run+0x24f/0x310 [ 621.464960][ C0] ? __pfx_task_work_run+0x10/0x10 [ 621.464979][ C0] ? do_exit+0xa2a/0x27f0 [ 621.465005][ C0] ? kmem_cache_free+0x145/0x350 [ 621.465036][ C0] do_exit+0xa2f/0x27f0 [ 621.465070][ C0] ? __pfx_do_exit+0x10/0x10 [ 621.465097][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 621.465121][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 621.465147][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 621.465171][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 621.465195][ C0] do_group_exit+0x207/0x2c0 [ 621.465222][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 621.465243][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 621.465271][ C0] get_signal+0x16a1/0x1740 [ 621.465302][ C0] ? __pfx_get_signal+0x10/0x10 [ 621.465329][ C0] arch_do_signal_or_restart+0x96/0x830 [ 621.465357][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 621.465385][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 621.465418][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 621.465447][ C0] syscall_exit_to_user_mode+0xc9/0x370 [ 621.465476][ C0] do_syscall_64+0x100/0x230 [ 621.465505][ C0] ? clear_bhb_loop+0x35/0x90 [ 621.465528][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 621.465549][ C0] RIP: 0033:0x7f06f2175f19 [ 621.465563][ C0] Code: Unable to access opcode bytes at 0x7f06f2175eef. [ 621.465572][ C0] RSP: 002b:00007f06f300b048 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 621.465591][ C0] RAX: 0000000000000000 RBX: 00007f06f2304038 RCX: 00007f06f2175f19 [ 621.465604][ C0] RDX: 0000000000004003 RSI: 0000000000003000 RDI: 0000000020ffb000 [ 621.465617][ C0] RBP: 00007f06f21e4bcd R08: 0000000000000005 R09: 0000000000000002 [ 621.465630][ C0] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000 [ 621.465643][ C0] R13: 000000000000006e R14: 00007f06f2304038 R15: 00007ffe345bb538 [ 621.465667][ C0] [ 621.558334][ T55] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 621.564498][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 621.564561][ C0] ? schedule+0x90/0x320 [ 621.564589][ C0] schedule+0x14b/0x320 [ 621.564621][ C0] schedule_preempt_disabled+0x13/0x30 [ 621.564651][ C0] __mutex_lock+0x6a4/0xd70 [ 621.564687][ C0] ? __mutex_lock+0x527/0xd70 [ 621.564724][ C0] ? register_nexthop_notifier+0x84/0x290 [ 621.582270][ T55] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 621.583373][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 621.596764][ T55] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 621.603085][ C0] ? get_rtnl_holder+0x144/0x190 [ 621.615973][ T55] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 621.618243][ C0] register_nexthop_notifier+0x84/0x290 [ 621.625858][ T55] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 621.632915][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 621.642408][ T55] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 621.647179][ C0] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 623.196383][ C0] ? __asan_memset+0x23/0x50 [ 623.200992][ C0] ops_init+0x359/0x610 [ 623.205238][ C0] setup_net+0x515/0xca0 [ 623.209536][ C0] ? __pfx_down_read_killable+0x10/0x10 [ 623.215188][ C0] ? __pfx_setup_net+0x10/0x10 [ 623.220004][ C0] ? read_word_at_a_time+0xe/0x20 [ 623.225117][ C0] copy_net_ns+0x4e2/0x7b0 [ 623.229586][ C0] create_new_namespaces+0x425/0x7b0 [ 623.234950][ C0] ? bpf_lsm_capable+0x9/0x10 [ 623.239703][ C0] ? copy_namespaces+0x5c/0x490 [ 623.244659][ C0] copy_namespaces+0x41a/0x490 [ 623.249486][ C0] copy_process+0x1934/0x3d70 [ 623.254300][ C0] ? copy_process+0x9fa/0x3d70 [ 623.259132][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 623.264453][ C0] ? __pfx_copy_process+0x10/0x10 [ 623.269533][ C0] ? futex_wake+0x523/0x5c0 [ 623.274175][ C0] kernel_clone+0x226/0x8f0 [ 623.278756][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 623.283978][ C0] __x64_sys_clone+0x258/0x2a0 [ 623.288802][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 623.294182][ C0] ? do_syscall_64+0x100/0x230 [ 623.298986][ C0] ? do_syscall_64+0xb6/0x230 [ 623.303760][ C0] do_syscall_64+0xf3/0x230 [ 623.308456][ C0] ? clear_bhb_loop+0x35/0x90 [ 623.313213][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.319142][ C0] RIP: 0033:0x7f42e1975f19 [ 623.323621][ C0] RSP: 002b:00007f42e26cbff8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 623.332123][ C0] RAX: ffffffffffffffda RBX: 00007f42e1b03f60 RCX: 00007f42e1975f19 [ 623.340119][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 623.348163][ C0] RBP: 00007f42e19e4bcd R08: 0000000000000000 R09: 0000000000000000 [ 623.356305][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 623.364525][ C0] R13: 000000000000000b R14: 00007f42e1b03f60 R15: 00007ffd05635f58 [ 623.372607][ C0] [ 623.375648][ C0] DEBUG: waiting rtnl_mutex for 6710 jiffies. [ 623.381806][ C0] task:syz.3.1705 state:D stack:26848 pid:11478 tgid:11475 ppid:9073 flags:0x00000004 [ 623.392129][ C0] Call Trace: [ 623.395444][ C0] [ 623.398385][ C0] __schedule+0x1800/0x4a60 [ 623.402998][ C0] ? __pfx___schedule+0x10/0x10 [ 623.407888][ C0] ? __pfx_lock_release+0x10/0x10 [ 623.413089][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 623.418614][ C0] ? schedule+0x90/0x320 [ 623.422923][ C0] schedule+0x14b/0x320 [ 623.427108][ C0] schedule_preempt_disabled+0x13/0x30 [ 623.432661][ C0] __mutex_lock+0x6a4/0xd70 [ 623.437219][ C0] ? __mutex_lock+0x527/0xd70 [ 623.441905][ C0] ? __tun_chr_ioctl+0x48f/0x2400 [ 623.446995][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 623.452121][ C0] ? get_rtnl_holder+0x144/0x190 [ 623.457099][ C0] __tun_chr_ioctl+0x48f/0x2400 [ 623.461961][ C0] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 623.467337][ C0] ? __fget_files+0x3f6/0x470 [ 623.472082][ C0] ? __fget_files+0x29/0x470 [ 623.476728][ C0] ? bpf_lsm_file_ioctl+0x9/0x10 [ 623.481675][ C0] ? security_file_ioctl+0x87/0xb0 [ 623.486963][ C0] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 623.492188][ C0] __se_sys_ioctl+0xfc/0x170 [ 623.496831][ C0] do_syscall_64+0xf3/0x230 [ 623.501367][ C0] ? clear_bhb_loop+0x35/0x90 [ 623.506130][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.512121][ C0] RIP: 0033:0x7fbef7175f19 [ 623.516571][ C0] RSP: 002b:00007fbef6bff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 623.525231][ C0] RAX: ffffffffffffffda RBX: 00007fbef7303f60 RCX: 00007fbef7175f19 [ 623.533294][ C0] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 623.541271][ C0] RBP: 00007fbef71e4bcd R08: 0000000000000000 R09: 0000000000000000 [ 623.549498][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 623.557540][ C0] R13: 000000000000000b R14: 00007fbef7303f60 R15: 00007ffc0a273958 [ 623.565608][ C0] [ 623.568656][ C0] DEBUG: waiting rtnl_mutex for 6072 jiffies. [ 623.574769][ C0] task:syz-executor state:D stack:24992 pid:11546 tgid:11546 ppid:1 flags:0x00000004 [ 623.585010][ C0] Call Trace: [ 623.588313][ C0] [ 623.591277][ C0] __schedule+0x1800/0x4a60 [ 623.595872][ C0] ? __pfx___schedule+0x10/0x10 [ 623.600775][ C0] ? __pfx_lock_release+0x10/0x10 [ 623.605871][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 623.611423][ C0] ? schedule+0x90/0x320 [ 623.615743][ C0] schedule+0x14b/0x320 [ 623.619942][ C0] schedule_preempt_disabled+0x13/0x30 [ 623.625660][ C0] __mutex_lock+0x6a4/0xd70 [ 623.630211][ C0] ? __mutex_lock+0x527/0xd70 [ 623.634979][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 623.640238][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 623.645349][ C0] ? get_rtnl_holder+0x144/0x190 [ 623.650322][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 623.655424][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 623.660666][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 623.666200][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 623.671527][ C0] ? __pfx_validate_chain+0x10/0x10 [ 623.676808][ C0] ? __pfx_validate_chain+0x10/0x10 [ 623.682099][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 623.682340][T11571] Bluetooth: hci10: command tx timeout [ 623.687068][ C0] ? mark_lock+0x9a/0x360 [ 623.697287][ C0] ? __pfx_validate_chain+0x10/0x10 [ 623.702595][ C0] ? __lock_acquire+0x1359/0x2000 [ 623.707678][ C0] ? mark_lock+0x9a/0x360 [ 623.712087][ C0] ? __lock_acquire+0x1359/0x2000 [ 623.717170][ C0] netlink_rcv_skb+0x1e3/0x430 [ 623.722115][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 623.727621][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 623.733025][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 623.738293][ C0] netlink_unicast+0x7f0/0x990 [ 623.743189][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 623.748526][ C0] ? __virt_addr_valid+0x183/0x530 [ 623.753731][ C0] ? __check_object_size+0x49c/0x900 [ 623.759070][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 623.764268][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 623.769089][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 623.774471][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 623.779449][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 623.784809][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 623.790342][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 623.795739][ C0] __sock_sendmsg+0x221/0x270 [ 623.800465][ C0] __sys_sendto+0x3a4/0x4f0 [ 623.805044][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 623.810120][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 623.816191][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 623.822699][ C0] ? exc_page_fault+0x590/0x8c0 [ 623.827605][ C0] __x64_sys_sendto+0xde/0x100 [ 623.832512][ C0] do_syscall_64+0xf3/0x230 [ 623.837083][ C0] ? clear_bhb_loop+0x35/0x90 [ 623.841781][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.847755][ C0] RIP: 0033:0x7faad6f77cac [ 623.852242][ C0] RSP: 002b:00007ffdee280880 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 623.860668][ C0] RAX: ffffffffffffffda RBX: 00007faad7c34620 RCX: 00007faad6f77cac [ 623.868798][ C0] RDX: 0000000000000028 RSI: 00007faad7c34670 RDI: 0000000000000003 [ 623.876860][ C0] RBP: 0000000000000000 R08: 00007ffdee2808d4 R09: 000000000000000c [ 623.884901][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 623.892956][ C0] R13: 0000000000000000 R14: 00007faad7c34670 R15: 0000000000000000 [ 623.900977][ C0] [ 623.904065][ C0] DEBUG: waiting rtnl_mutex for 5822 jiffies. [ 623.910151][ C0] task:syz.2.1736 state:D stack:23472 pid:11566 tgid:11566 ppid:11087 flags:0x00004002 [ 623.920382][ C0] Call Trace: [ 623.923744][ C0] [ 623.926695][ C0] __schedule+0x1800/0x4a60 [ 623.931227][ C0] ? __pfx___schedule+0x10/0x10 [ 623.936152][ C0] ? __pfx_lock_release+0x10/0x10 [ 623.941241][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 623.946819][ C0] ? schedule+0x90/0x320 [ 623.951193][ C0] schedule+0x14b/0x320 [ 623.955473][ C0] schedule_preempt_disabled+0x13/0x30 [ 623.960977][ C0] __mutex_lock+0x6a4/0xd70 [ 623.965573][ C0] ? __mutex_lock+0x527/0xd70 [ 623.970293][ C0] ? tun_chr_close+0x3e/0x1b0 [ 623.975085][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 623.980197][ C0] ? get_rtnl_holder+0x144/0x190 [ 623.985257][ C0] tun_chr_close+0x3e/0x1b0 [ 623.989806][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 623.994998][ C0] __fput+0x24a/0x8a0 [ 623.999031][ C0] task_work_run+0x24f/0x310 [ 624.003722][ C0] ? __pfx_task_work_run+0x10/0x10 [ 624.008888][ C0] ? switch_task_namespaces+0xe1/0x110 [ 624.014460][ C0] do_exit+0xa2f/0x27f0 [ 624.018675][ C0] ? preempt_schedule_common+0x84/0xd0 [ 624.024223][ C0] ? __pfx_do_exit+0x10/0x10 [ 624.028880][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 624.034950][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 624.041333][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 624.046801][ C0] do_group_exit+0x207/0x2c0 [ 624.051523][ C0] __x64_sys_exit_group+0x3f/0x40 [ 624.056619][ C0] x64_sys_call+0x26e0/0x26e0 [ 624.061344][ C0] do_syscall_64+0xf3/0x230 [ 624.065938][ C0] ? clear_bhb_loop+0x35/0x90 [ 624.070654][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.076605][ C0] RIP: 0033:0x7f3038975f19 [ 624.081055][ C0] RSP: 002b:00007ffd2f39ddb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 624.089551][ C0] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f3038975f19 [ 624.097616][ C0] RDX: 0000001b2f420000 RSI: 0000000000000000 RDI: 000000000000000b [ 624.105670][ C0] RBP: 000000000008a157 R08: 0000000000000006 R09: 000000000000000b [ 624.113704][ C0] R10: 00000000003ffd40 R11: 0000000000000246 R12: 00007f3038b04038 [ 624.121683][ C0] R13: 0000000000000032 R14: 00007f3038b03f60 R15: 00007f3038b04038 [ 624.129740][ C0] [ 624.132852][ C0] DEBUG: waiting rtnl_mutex for 5827 jiffies. [ 624.138915][ C0] task:syz-executor state:D stack:24992 pid:11568 tgid:11568 ppid:11562 flags:0x00000000 [ 624.149179][ C0] Call Trace: [ 624.152547][ C0] [ 624.155506][ C0] __schedule+0x1800/0x4a60 [ 624.160041][ C0] ? __pfx___schedule+0x10/0x10 [ 624.164957][ C0] ? __pfx_lock_release+0x10/0x10 [ 624.170035][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 624.175594][ C0] ? schedule+0x90/0x320 [ 624.179881][ C0] schedule+0x14b/0x320 [ 624.184104][ C0] schedule_preempt_disabled+0x13/0x30 [ 624.189596][ C0] __mutex_lock+0x6a4/0xd70 [ 624.194202][ C0] ? __mutex_lock+0x527/0xd70 [ 624.199012][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 624.204305][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 624.209389][ C0] ? get_rtnl_holder+0x144/0x190 [ 624.214397][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 624.219466][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 624.224735][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 624.230230][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 624.235628][ C0] ? __pfx_validate_chain+0x10/0x10 [ 624.240864][ C0] ? __pfx_validate_chain+0x10/0x10 [ 624.246371][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 624.251391][ C0] ? mark_lock+0x9a/0x360 [ 624.255833][ C0] ? __pfx_validate_chain+0x10/0x10 [ 624.261088][ C0] ? __lock_acquire+0x1359/0x2000 [ 624.266215][ C0] ? mark_lock+0x9a/0x360 [ 624.270668][ C0] ? __lock_acquire+0x1359/0x2000 [ 624.275791][ C0] netlink_rcv_skb+0x1e3/0x430 [ 624.280599][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 624.286187][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 624.291616][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 624.296927][ C0] netlink_unicast+0x7f0/0x990 [ 624.301775][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 624.307148][ C0] ? __virt_addr_valid+0x183/0x530 [ 624.312363][ C0] ? __check_object_size+0x49c/0x900 [ 624.317777][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 624.322982][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 624.327800][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 624.333162][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 624.338131][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 624.343478][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 624.348998][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 624.354355][ C0] __sock_sendmsg+0x221/0x270 [ 624.359075][ C0] __sys_sendto+0x3a4/0x4f0 [ 624.363682][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 624.368774][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 624.374840][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 624.381274][ C0] ? exc_page_fault+0x590/0x8c0 [ 624.386215][ C0] __x64_sys_sendto+0xde/0x100 [ 624.391035][ C0] do_syscall_64+0xf3/0x230 [ 624.395648][ C0] ? clear_bhb_loop+0x35/0x90 [ 624.400364][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.406338][ C0] RIP: 0033:0x7f17c9b77cac [ 624.410873][ C0] RSP: 002b:00007ffd986f2480 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 624.419364][ C0] RAX: ffffffffffffffda RBX: 00007f17ca834620 RCX: 00007f17c9b77cac [ 624.427500][ C0] RDX: 0000000000000028 RSI: 00007f17ca834670 RDI: 0000000000000003 [ 624.435539][ C0] RBP: 0000000000000000 R08: 00007ffd986f24d4 R09: 000000000000000c [ 624.443868][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 624.451952][ C0] R13: 0000000000000000 R14: 00007f17ca834670 R15: 0000000000000000 [ 624.460084][ C0] [ 624.463168][ C0] DEBUG: waiting rtnl_mutex for 5734 jiffies. [ 624.469252][ C0] task:syz-executor state:D stack:24992 pid:11578 tgid:11578 ppid:11572 flags:0x00000000 [ 624.479477][ C0] Call Trace: [ 624.482845][ C0] [ 624.485820][ C0] __schedule+0x1800/0x4a60 [ 624.490542][ C0] ? __pfx___schedule+0x10/0x10 [ 624.495463][ C0] ? __pfx_lock_release+0x10/0x10 [ 624.500535][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 624.506088][ C0] ? schedule+0x90/0x320 [ 624.510387][ C0] schedule+0x14b/0x320 [ 624.514627][ C0] schedule_preempt_disabled+0x13/0x30 [ 624.520121][ C0] __mutex_lock+0x6a4/0xd70 [ 624.524736][ C0] ? __mutex_lock+0x527/0xd70 [ 624.529449][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 624.534811][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 624.539886][ C0] ? get_rtnl_holder+0x144/0x190 [ 624.544892][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 624.549986][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 624.555261][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 624.560757][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 624.566128][ C0] ? __pfx_validate_chain+0x10/0x10 [ 624.571392][ C0] ? __pfx_validate_chain+0x10/0x10 [ 624.576669][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 624.581661][ C0] ? mark_lock+0x9a/0x360 [ 624.586078][ C0] ? __pfx_validate_chain+0x10/0x10 [ 624.591327][ C0] ? __lock_acquire+0x1359/0x2000 [ 624.596441][ C0] ? mark_lock+0x9a/0x360 [ 624.600816][ C0] ? __lock_acquire+0x1359/0x2000 [ 624.605938][ C0] netlink_rcv_skb+0x1e3/0x430 [ 624.610754][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 624.616323][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 624.621677][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 624.626958][ C0] netlink_unicast+0x7f0/0x990 [ 624.631772][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 624.637239][ C0] ? __virt_addr_valid+0x183/0x530 [ 624.642431][ C0] ? __check_object_size+0x49c/0x900 [ 624.647728][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 624.652948][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 624.657790][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 624.663172][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 624.668157][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 624.673512][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 624.679010][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 624.684494][ C0] __sock_sendmsg+0x221/0x270 [ 624.689218][ C0] __sys_sendto+0x3a4/0x4f0 [ 624.693803][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 624.698904][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 624.704961][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 624.711324][ C0] ? exc_page_fault+0x590/0x8c0 [ 624.716252][ C0] __x64_sys_sendto+0xde/0x100 [ 624.721053][ C0] do_syscall_64+0xf3/0x230 [ 624.725630][ C0] ? clear_bhb_loop+0x35/0x90 [ 624.730356][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 624.736312][ C0] RIP: 0033:0x7fee46377cac [ 624.740841][ C0] RSP: 002b:00007ffedee40fa0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 624.749360][ C0] RAX: ffffffffffffffda RBX: 00007fee47034620 RCX: 00007fee46377cac [ 624.757406][ C0] RDX: 0000000000000028 RSI: 00007fee47034670 RDI: 0000000000000003 [ 624.765437][ C0] RBP: 0000000000000000 R08: 00007ffedee40ff4 R09: 000000000000000c [ 624.773522][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 624.781523][ C0] R13: 0000000000000000 R14: 00007fee47034670 R15: 0000000000000000 [ 624.789578][ C0] [ 624.792648][ C0] DEBUG: waiting rtnl_mutex for 4801 jiffies. [ 624.798821][ C0] task:syz-executor state:D stack:24992 pid:11598 tgid:11598 ppid:11597 flags:0x00000000 [ 624.809054][ C0] Call Trace: [ 624.812388][ C0] [ 624.815343][ C0] __schedule+0x1800/0x4a60 [ 624.819899][ C0] ? __pfx___schedule+0x10/0x10 [ 624.824822][ C0] ? __pfx_lock_release+0x10/0x10 [ 624.829891][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 624.835443][ C0] ? schedule+0x90/0x320 [ 624.839744][ C0] schedule+0x14b/0x320 [ 624.843978][ C0] schedule_preempt_disabled+0x13/0x30 [ 624.849471][ C0] __mutex_lock+0x6a4/0xd70 [ 624.854053][ C0] ? __mutex_lock+0x527/0xd70 [ 624.858785][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 624.864063][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 624.869164][ C0] ? get_rtnl_holder+0x144/0x190 [ 624.874172][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 624.879236][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 624.884531][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 624.890033][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 624.895414][ C0] ? __pfx_validate_chain+0x10/0x10 [ 624.900655][ C0] ? __pfx_validate_chain+0x10/0x10 [ 624.905929][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 624.910919][ C0] ? mark_lock+0x9a/0x360 [ 624.915326][ C0] ? __pfx_validate_chain+0x10/0x10 [ 624.920601][ C0] ? __lock_acquire+0x1359/0x2000 [ 624.925721][ C0] ? mark_lock+0x9a/0x360 [ 624.930091][ C0] ? __lock_acquire+0x1359/0x2000 [ 624.935214][ C0] netlink_rcv_skb+0x1e3/0x430 [ 624.940028][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 624.945571][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 624.950929][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 624.956208][ C0] netlink_unicast+0x7f0/0x990 [ 624.961046][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 624.966436][ C0] ? __virt_addr_valid+0x183/0x530 [ 624.971595][ C0] ? __check_object_size+0x49c/0x900 [ 624.976958][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 624.982178][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 624.986997][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 624.992356][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 624.997326][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 625.002701][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 625.008204][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 625.013560][ C0] __sock_sendmsg+0x221/0x270 [ 625.018283][ C0] __sys_sendto+0x3a4/0x4f0 [ 625.022876][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 625.027954][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 625.034030][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 625.040410][ C0] ? exc_page_fault+0x590/0x8c0 [ 625.045332][ C0] __x64_sys_sendto+0xde/0x100 [ 625.050139][ C0] do_syscall_64+0xf3/0x230 [ 625.054771][ C0] ? clear_bhb_loop+0x35/0x90 [ 625.059481][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.065438][ C0] RIP: 0033:0x7f14c1577cac [ 625.069891][ C0] RSP: 002b:00007ffde20c71e0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 625.078369][ C0] RAX: ffffffffffffffda RBX: 00007f14c2234620 RCX: 00007f14c1577cac [ 625.086408][ C0] RDX: 0000000000000028 RSI: 00007f14c2234670 RDI: 0000000000000003 [ 625.094428][ C0] RBP: 0000000000000000 R08: 00007ffde20c7234 R09: 000000000000000c [ 625.102489][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 625.110513][ C0] R13: 0000000000000000 R14: 00007f14c2234670 R15: 0000000000000000 [ 625.118562][ C0] [ 625.121625][ C0] DEBUG: waiting rtnl_mutex for 4654 jiffies. [ 625.127770][ C0] task:kworker/u8:1 state:D stack:21008 pid:12 tgid:12 ppid:2 flags:0x00004000 [ 625.138013][ C0] Workqueue: ipv6_addrconf addrconf_verify_work [ 625.144342][ C0] Call Trace: [ 625.147659][ C0] [ 625.150593][ C0] __schedule+0x1800/0x4a60 [ 625.155201][ C0] ? __pfx___schedule+0x10/0x10 [ 625.160086][ C0] ? __pfx_lock_release+0x10/0x10 [ 625.165183][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 625.170684][ C0] ? kthread_data+0x52/0xd0 [ 625.175279][ C0] ? schedule+0x90/0x320 [ 625.179553][ C0] ? wq_worker_sleeping+0x66/0x240 [ 625.184744][ C0] ? schedule+0x90/0x320 [ 625.189023][ C0] schedule+0x14b/0x320 [ 625.193264][ C0] schedule_preempt_disabled+0x13/0x30 [ 625.198762][ C0] __mutex_lock+0x6a4/0xd70 [ 625.203460][ C0] ? __mutex_lock+0x527/0xd70 [ 625.208258][ C0] ? addrconf_verify_work+0x19/0x30 [ 625.213528][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 625.218587][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 625.224670][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 625.231240][ C0] ? get_rtnl_holder+0x144/0x190 [ 625.236262][ C0] ? process_scheduled_works+0x945/0x1830 [ 625.242070][ C0] addrconf_verify_work+0x19/0x30 [ 625.247129][ C0] process_scheduled_works+0xa2c/0x1830 [ 625.252769][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 625.258783][ C0] ? assign_work+0x364/0x3d0 [ 625.263440][ C0] worker_thread+0x86d/0xd40 [ 625.268101][ C0] ? __kthread_parkme+0x169/0x1d0 [ 625.273223][ C0] ? __pfx_worker_thread+0x10/0x10 [ 625.278375][ C0] kthread+0x2f0/0x390 [ 625.282516][ C0] ? __pfx_worker_thread+0x10/0x10 [ 625.287673][ C0] ? __pfx_kthread+0x10/0x10 [ 625.292379][ C0] ret_from_fork+0x4b/0x80 [ 625.296880][ C0] ? __pfx_kthread+0x10/0x10 [ 625.301526][ C0] ret_from_fork_asm+0x1a/0x30 [ 625.306419][ C0] [ 625.309478][ C0] DEBUG: waiting rtnl_mutex for 4358 jiffies. [ 625.315667][ C0] task:syz-executor state:D stack:20784 pid:11087 tgid:11087 ppid:1 flags:0x00004006 [ 625.325959][ C0] Call Trace: [ 625.329306][ C0] [ 625.332365][ C0] __schedule+0x1800/0x4a60 [ 625.336954][ C0] ? __pfx___schedule+0x10/0x10 [ 625.341889][ C0] ? __pfx_lock_release+0x10/0x10 [ 625.347053][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 625.352631][ C0] ? schedule+0x90/0x320 [ 625.356924][ C0] schedule+0x14b/0x320 [ 625.361154][ C0] schedule_preempt_disabled+0x13/0x30 [ 625.366755][ C0] __mutex_lock+0x6a4/0xd70 [ 625.371409][ C0] ? __mutex_lock+0x527/0xd70 [ 625.376319][ C0] ? tun_chr_close+0x3e/0x1b0 [ 625.381047][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 625.386195][ C0] ? get_rtnl_holder+0x144/0x190 [ 625.391196][ C0] tun_chr_close+0x3e/0x1b0 [ 625.395843][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 625.401023][ C0] __fput+0x24a/0x8a0 [ 625.405150][ C0] task_work_run+0x24f/0x310 [ 625.409800][ C0] ? __pfx_task_work_run+0x10/0x10 [ 625.415057][ C0] ? do_exit+0xa2a/0x27f0 [ 625.419444][ C0] ? kmem_cache_free+0x145/0x350 [ 625.424515][ C0] do_exit+0xa2f/0x27f0 [ 625.428734][ C0] ? __pfx_do_exit+0x10/0x10 [ 625.433458][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 625.438880][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 625.444994][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 625.451383][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 625.456636][ C0] do_group_exit+0x207/0x2c0 [ 625.461284][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 625.466621][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 625.471883][ C0] get_signal+0x16a1/0x1740 [ 625.476532][ C0] ? __pfx_get_signal+0x10/0x10 [ 625.481529][ C0] arch_do_signal_or_restart+0x96/0x830 [ 625.487217][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 625.493461][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 625.499514][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 625.505377][ C0] syscall_exit_to_user_mode+0xc9/0x370 [ 625.510989][ C0] do_syscall_64+0x100/0x230 [ 625.515710][ C0] ? clear_bhb_loop+0x35/0x90 [ 625.520443][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.526465][ C0] RIP: 0033:0x7f303896c217 [ 625.530921][ C0] RSP: 002b:00007ffd2f39e5f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 625.539471][ C0] RAX: fffffffffffffe00 RBX: 0000000000000056 RCX: 00007f303896c217 [ 625.547552][ C0] RDX: 0000000040000000 RSI: 00007ffd2f39e67c RDI: 00000000ffffffff [ 625.555647][ C0] RBP: 00007ffd2f39e67c R08: 0000000000000000 R09: 7fffffffffffffff [ 625.563711][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 000055559241d5eb [ 625.571734][ C0] R13: 000055559241d590 R14: 00007f30389d5418 R15: 0000000000000008 [ 625.579863][ C0] [ 625.582958][ C0] DEBUG: waiting rtnl_mutex for 3075 jiffies. [ 625.589053][ C0] task:syz-executor state:D stack:24160 pid:11608 tgid:11608 ppid:11607 flags:0x00000000 [ 625.599369][ C0] Call Trace: [ 625.602729][ C0] [ 625.605704][ C0] __schedule+0x1800/0x4a60 [ 625.610278][ C0] ? __pfx___schedule+0x10/0x10 [ 625.615258][ C0] ? __pfx_lock_release+0x10/0x10 [ 625.620354][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 625.625958][ C0] ? schedule+0x90/0x320 [ 625.630252][ C0] schedule+0x14b/0x320 [ 625.634508][ C0] schedule_preempt_disabled+0x13/0x30 [ 625.640020][ C0] __mutex_lock+0x6a4/0xd70 [ 625.644745][ C0] ? __mutex_lock+0x527/0xd70 [ 625.649484][ C0] ? rtnetlink_rcv_msg+0x847/0x1180 [ 625.654820][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 625.659919][ C0] ? get_rtnl_holder+0x144/0x190 [ 625.664957][ C0] rtnetlink_rcv_msg+0x847/0x1180 [ 625.670055][ C0] ? rtnetlink_rcv_msg+0x208/0x1180 [ 625.675365][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 625.680879][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 625.686274][ C0] ? __pfx_validate_chain+0x10/0x10 [ 625.691533][ C0] ? __pfx_validate_chain+0x10/0x10 [ 625.692838][ T55] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 625.696819][ C0] ? arch_stack_walk+0x16d/0x1b0 [ 625.708978][ T55] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 625.709038][ C0] ? mark_lock+0x9a/0x360 [ 625.719180][ T55] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 625.720417][ C0] ? __pfx_validate_chain+0x10/0x10 [ 625.730316][ T55] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 625.732710][ C0] ? __lock_acquire+0x1359/0x2000 [ 625.742873][ T55] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 625.744857][ C0] ? mark_lock+0x9a/0x360 [ 625.753595][ T55] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 625.756178][ C0] ? __lock_acquire+0x1359/0x2000 [ 625.763471][ T5098] Bluetooth: hci10: command tx timeout [ 625.768206][ C0] netlink_rcv_skb+0x1e3/0x430 [ 625.778649][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 625.784221][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 625.789610][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 625.794929][ C0] netlink_unicast+0x7f0/0x990 [ 625.799771][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 625.805171][ C0] ? __virt_addr_valid+0x183/0x530 [ 625.810345][ C0] ? __check_object_size+0x49c/0x900 [ 625.815684][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 625.820822][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 625.825659][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 625.830981][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 625.835985][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 625.841314][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 625.846889][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 625.852264][ C0] __sock_sendmsg+0x221/0x270 [ 625.857012][ C0] __sys_sendto+0x3a4/0x4f0 [ 625.861527][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 625.866642][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 625.872700][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 625.879081][ C0] ? exc_page_fault+0x590/0x8c0 [ 625.884124][ C0] __x64_sys_sendto+0xde/0x100 [ 625.888936][ C0] do_syscall_64+0xf3/0x230 [ 625.893533][ C0] ? clear_bhb_loop+0x35/0x90 [ 625.898249][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.904212][ C0] RIP: 0033:0x7f4f1b177cac [ 625.908653][ C0] RSP: 002b:00007ffe00102e60 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 625.917157][ C0] RAX: ffffffffffffffda RBX: 00007f4f1be34620 RCX: 00007f4f1b177cac [ 625.925211][ C0] RDX: 0000000000000028 RSI: 00007f4f1be34670 RDI: 0000000000000003 [ 625.933266][ C0] RBP: 0000000000000000 R08: 00007ffe00102eb4 R09: 000000000000000c [ 625.941272][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 625.949394][ C0] R13: 0000000000000000 R14: 00007f4f1be34670 R15: 0000000000000000 [ 625.957428][ C0] [ 625.960450][ C0] DEBUG: waiting rtnl_mutex for 1666 jiffies. [ 625.966566][ C0] task:kworker/1:8 state:D stack:19320 pid:5209 tgid:5209 ppid:2 flags:0x00004000 [ 625.976824][ C0] Workqueue: events_power_efficient reg_check_chans_work [ 625.983919][ C0] Call Trace: [ 625.987221][ C0] [ 625.990162][ C0] __schedule+0x1800/0x4a60 [ 625.994768][ C0] ? __pfx___schedule+0x10/0x10 [ 625.999650][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 626.005717][ C0] ? __pfx_lock_release+0x10/0x10 [ 626.010787][ C0] ? kick_pool+0x45c/0x620 [ 626.015287][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 626.020694][ C0] ? schedule+0x90/0x320 [ 626.025010][ C0] schedule+0x14b/0x320 [ 626.029206][ C0] schedule_preempt_disabled+0x13/0x30 [ 626.034735][ C0] __mutex_lock+0x6a4/0xd70 [ 626.039282][ C0] ? __mutex_lock+0x527/0xd70 [ 626.044053][ C0] ? reg_check_chans_work+0x99/0xfd0 [ 626.049378][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 626.054520][ C0] ? get_rtnl_holder+0x144/0x190 [ 626.059519][ C0] ? process_scheduled_works+0x945/0x1830 [ 626.065316][ C0] reg_check_chans_work+0x99/0xfd0 [ 626.070487][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 626.075597][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 626.081622][ C0] ? __pfx_reg_check_chans_work+0x10/0x10 [ 626.087450][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 626.093859][ C0] ? process_scheduled_works+0x945/0x1830 [ 626.099589][ C0] process_scheduled_works+0xa2c/0x1830 [ 626.105241][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 626.111265][ C0] ? assign_work+0x364/0x3d0 [ 626.115943][ C0] worker_thread+0x86d/0xd40 [ 626.120602][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 626.126587][ C0] ? __kthread_parkme+0x169/0x1d0 [ 626.131660][ C0] ? __pfx_worker_thread+0x10/0x10 [ 626.136906][ C0] kthread+0x2f0/0x390 [ 626.141045][ C0] ? __pfx_worker_thread+0x10/0x10 [ 626.146261][ C0] ? __pfx_kthread+0x10/0x10 [ 626.150902][ C0] ret_from_fork+0x4b/0x80 [ 626.155428][ C0] ? __pfx_kthread+0x10/0x10 [ 626.160076][ C0] ret_from_fork_asm+0x1a/0x30 [ 626.164965][ C0] [ 626.168019][ C0] [ 626.168019][ C0] Showing all locks held in the system: [ 626.175802][ C0] 3 locks held by kworker/u8:1/12: [ 626.180964][ C0] #0: ffff88802a193148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 626.192633][ C0] #1: ffffc90000117d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 626.206428][ C0] #2: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 626.216058][ C0] 2 locks held by getty/4848: [ 626.220792][ C0] #0: ffff88802ad4c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 626.230667][ C0] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 626.240932][ C0] 3 locks held by kworker/0:3/5143: [ 626.246227][ C0] 3 locks held by kworker/1:8/5209: [ 626.251478][ C0] #0: ffff888015081948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 626.264034][ C0] #1: ffffc90004027d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 626.275213][ C0] #2: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 626.284895][ C0] 1 lock held by syz.2.1279/10357: [ 626.290035][ C0] #0: ffff88802d1cc068 (&uhid->devlock){+.+.}-{3:3}, at: uhid_char_write+0x78/0xb50 [ 626.299632][ C0] 1 lock held by syz-executor/11087: [ 626.305002][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 626.314092][ C0] 2 locks held by syz.0.1681/11407: [ 626.319325][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 626.328459][ C0] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 626.339919][ C0] 2 locks held by syz.1.1698/11452: [ 626.345257][ C0] #0: ffffffff8f5f2190 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 626.354828][ C0] #1: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 626.365030][ C0] 1 lock held by syz.3.1705/11478: [ 626.370168][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 626.379590][ C0] 1 lock held by syz-executor/11546: [ 626.384935][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 626.394515][ C0] 1 lock held by syz.2.1736/11566: [ 626.399663][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 626.408788][ C0] 1 lock held by syz-executor/11568: [ 626.414155][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 626.423818][ C0] 1 lock held by syz-executor/11578: [ 626.429136][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 626.438786][ C0] 1 lock held by syz-executor/11598: [ 626.444167][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 626.453792][ C0] 2 locks held by syz.4.1749/11606: [ 626.459019][ C0] #0: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 626.469263][ C0] #1: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 626.479239][ C0] 1 lock held by syz-executor/11608: [ 626.484627][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 626.494261][ C0] 1 lock held by syz-executor/11611: [ 626.499586][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 626.509259][ C0] 2 locks held by dhcpcd/11613: [ 626.514183][ C0] #0: ffff88802c9d8258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 626.524012][ C0] #1: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 626.535038][ C0] 1 lock held by dhcpcd/11615: [ 626.539856][ C0] #0: ffff888022d50258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 626.549693][ C0] 1 lock held by syz-executor/11616: [ 626.555050][ C0] #0: ffffffff8f5fed08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 626.564700][ C0] 1 lock held by dhcpcd/11618: [ 626.569496][ C0] #0: ffff88801dd66258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 626.579416][ C0] [ 626.581784][ C0] ============================================= [ 626.581784][ C0] SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 626.635805][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 626.643799][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.672553][ T5143] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 626.680039][ T5143] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [