last executing test programs: 2m40.368452456s ago: executing program 2 (id=120): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x2, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x80000) openat2$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file4\x00', &(0x7f0000000380)={0x40440, 0x15c, 0x12}, 0x18) unshare(0x26020480) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000300)='1', 0xfffffd46) socket$alg(0x26, 0x5, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000740)='vxcan1\x00', 0x10) connect$inet(r3, &(0x7f0000000440)={0x2, 0x4e22, @broadcast}, 0x10) r4 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2de, 0x0, 0xffffffff}, &(0x7f00000003c0)=0x0, &(0x7f00000005c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r2, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r4, 0x47f5, 0x0, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) 2m38.697696085s ago: executing program 2 (id=126): sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) semget$private(0x0, 0x207, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0xc40, 0x0) r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x7aa0, 0x10, 0xfffffffc, 0x24d}, &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd=r3, 0x0, &(0x7f0000000140)=[{&(0x7f00000006c0)=""/206, 0xce}], 0x1}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_enter(r4, 0x100847c0, 0x0, 0x1, 0x0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) 2m38.164601311s ago: executing program 2 (id=128): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)="32780f643983", 0x6, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x84a}, 0x1c) r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io(r1, &(0x7f0000000200)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='cubic\x00', 0x6) shutdown(r0, 0x1) 2m34.040991766s ago: executing program 2 (id=138): sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0xc048aec8, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x101040) write$sndseq(r1, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f0000000280)=0x1) epoll_create(0x10000e9) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r5 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000000)=""/9) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000100)={r5, 0x0, 0x0, 0x1000}) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) syz_open_procfs(0xffffffffffffffff, 0x0) 2m33.681790311s ago: executing program 0 (id=139): sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) semget$private(0x0, 0x207, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0xc40, 0x0) r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x7aa0, 0x10, 0xfffffffc, 0x24d}, &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd=r3, 0x0, &(0x7f0000000140)=[{&(0x7f00000006c0)=""/206, 0xce}], 0x1}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_enter(r4, 0x100847c0, 0x0, 0x1, 0x0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) 2m32.847181592s ago: executing program 0 (id=142): syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000406a0519000000000000010902240001000040b10904000002030001"], 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b700000000000000950000000000000053bc2f344158f25a1d3344b0e040f5bc6680b964a6e9a8a69b7adc28f75a151a160cd270e5aa8b4c41e3591e3279c79b7cd581cb776514a56fd84325b41d7b0fd1965825f24d923f39a47ab333706e04b095a03730536a725a2f5a1a81ae50f5d6b36285df2d01a625231bc2"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) sendmsg$NL80211_CMD_TESTMODE(0xffffffffffffffff, 0x0, 0x4000000) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c) 2m30.333660951s ago: executing program 3 (id=148): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)="32780f643983", 0x6, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x84a}, 0x1c) r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010002a69bbc104f959941760f0102030109022400010400"], 0x0) syz_usb_control_io(r1, &(0x7f0000000200)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='cubic\x00', 0x6) shutdown(r0, 0x1) 2m29.742853107s ago: executing program 1 (id=151): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), 0x0}, 0x20) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x8, {{0xa, 0x0, 0x6, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000040)={0x7, {{0xa, 0x4e24, 0x2, @mcast1, 0x1}}}, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) syz_emit_ethernet(0x42, &(0x7f0000000380)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00fa40", @ANYRES16=0x0, @ANYBLOB="000000000000000000004c0000000c00a6000000000000000000080001"], 0x3c}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000000100)="b9ffddc1ddcccdde75537d5326a4dfff70bf2dfe443b1b5e2a9080f3", 0x0, 0x600, 0x60000009, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c) 2m28.818085244s ago: executing program 0 (id=152): r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) close(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r4) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) r5 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r5) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) 2m28.724541883s ago: executing program 4 (id=153): sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) semget$private(0x0, 0x207, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0xc40, 0x0) r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x7aa0, 0x10, 0xfffffffc, 0x24d}, &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd=r3, 0x0, &(0x7f0000000140)=[{&(0x7f00000006c0)=""/206, 0xce}], 0x1}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_enter(r4, 0x100847c0, 0x0, 0x1, 0x0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) 2m28.187028507s ago: executing program 4 (id=154): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000021000000000000000000000085"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) 2m27.375562606s ago: executing program 0 (id=155): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x0) sched_setscheduler(0x0, 0x5, &(0x7f000000d380)) ioprio_set$pid(0x3, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r2, {0x7, 0x21, 0x0, 0x1120081, 0x1, 0x0, 0xfffffffd}}, 0x50) 2m27.211347018s ago: executing program 1 (id=156): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, 0x0, 0x0) 2m27.051266365s ago: executing program 4 (id=157): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@ipv6_newroute={0x3c, 0x18, 0x300, 0x70bd29, 0x25dfdbfe, {0xa, 0x20, 0x14, 0x80, 0xff, 0x1, 0x0, 0x8, 0x2800}, [@RTA_GATEWAY={0x14, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}}, @RTA_MULTIPATH={0xc, 0x9, {0x4, 0x4, 0x6}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40004}, 0x0) 2m26.893917803s ago: executing program 2 (id=158): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), r2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2m26.852088584s ago: executing program 3 (id=159): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000003000085"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x2a602c43fbfb34e8) 2m26.844833034s ago: executing program 1 (id=160): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001500010000000000000000"], 0xb8}}, 0x0) (fail_nth: 3) 2m26.563519956s ago: executing program 4 (id=161): openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0) socket(0x15, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000fb07006fde0000000000970000"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000840)) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x68e, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x80, 0x1d4, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x2ded, 0xef92, 0x0, 0x0, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmsg(r7, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x122) 2m26.531929649s ago: executing program 1 (id=162): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) r2 = accept4$vsock_stream(r0, &(0x7f0000000340)={0x28, 0x0, 0x2711, @my=0x1}, 0x10, 0x80c00) getsockopt$sock_int(r2, 0x1, 0x2, &(0x7f0000000380), &(0x7f00000003c0)=0x4) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r1, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r1, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000500)={0x28, 0x4, r1, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000200)={0x8, r3}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f00000002c0)) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_newneigh={0x1c, 0x1c, 0x1, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, r6, 0x80, 0x7e, 0xa}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4040000) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4101}, 0x0) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$IOMMU_VFIO_IOAS$SET(r8, 0x3b88, &(0x7f00000000c0)={0xc}) r9 = open$dir(&(0x7f0000000240)='./file0\x00', 0x202, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(r7, 0xc0189377, &(0x7f0000000280)={{0x1, 0x1, 0x18, r9, {0x80000000, 0x6}}, './file0\x00'}) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0) 2m26.507364605s ago: executing program 3 (id=163): r0 = socket(0x10, 0x803, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0xf4, 0x12000) openat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x161100, 0x16a) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$key(0xf, 0x3, 0x2) syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close(0xffffffffffffffff) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 2m26.243999555s ago: executing program 0 (id=164): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) semget$private(0x0, 0x207, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0xc40, 0x0) r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x7aa0, 0x10, 0xfffffffc, 0x24d}, &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd=r3, 0x0, &(0x7f0000000140)=[{&(0x7f00000006c0)=""/206, 0xce}], 0x1}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_enter(r4, 0x100847c0, 0x0, 0x1, 0x0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) 2m26.010281442s ago: executing program 3 (id=165): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000600)={@in={{0x2, 0x4e23, @loopback}}, 0x0, 0x0, 0x3b, 0x0, "9ded9d61b06d011d103e0f6900b695edeff80e01663328c082467cf0b42433fa4d47dd6a7ee2e008dcaaa4cb434f09f79be4052eb940143e88471c090e7c9ac0a409000000000000007acf6eb249f175"}, 0xd8) ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000040)={0x0, 0x3}) bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r4, 0x2000009) sendfile(r3, r4, 0x0, 0x7ffff004) 2m25.852163753s ago: executing program 1 (id=166): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000f40)={0x18, 0x1, &(0x7f0000000000)=@raw=[@exit], &(0x7f00000003c0)='GPL\x00', 0x8, 0x1017, &(0x7f0000002e80)=""/4119, 0x0, 0xd}, 0xd3) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 2m24.787413027s ago: executing program 3 (id=167): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000021000000000000000000000085"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) 2m24.695199664s ago: executing program 4 (id=168): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_TUNER(r0, 0x4054561e, &(0x7f0000000100)={0x3, "40cade58cbfad9f751911b4ede708544a465ebbbec5e1431835527db34e9e2e2", 0x1, 0x400, 0x4, 0x3, 0x1, 0x4, 0x8, 0xc1}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001500010000000000000000"], 0xb8}}, 0x0) 2m24.677686371s ago: executing program 0 (id=169): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)="32780f643983", 0x6, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x84a}, 0x1c) r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010002a69bbc104f95994176"], 0x0) syz_usb_control_io(r1, &(0x7f0000000200)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='cubic\x00', 0x6) shutdown(r0, 0x1) 2m21.376481412s ago: executing program 2 (id=170): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r3, &(0x7f0000000040)="050000000100", 0x6) 2m15.150449978s ago: executing program 1 (id=171): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000440)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB='h\x00\x00', @ANYRES16=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00Pwsrh_e', @ANYRES32=r3, @ANYBLOB], 0x68}, 0x1, 0x0, 0x0, 0x14}, 0x4008000) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000005c0)={{0x1, 0x1, 0x18, r5, {0x80000001}}, './file0\x00'}) pipe2(0x0, 0x800) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000cab000)=0xc) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)) socket(0x10, 0x3, 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r7, 0x0, 0xffffffffffffffff}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r6, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, r8, 0x0, 0x0, 0xffca, &(0x7f0000000040)='?', 0x5}) 2m8.373049546s ago: executing program 3 (id=172): unshare(0x62040200) (async) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) accept4$netrom(0xffffffffffffffff, 0x0, 0x0, 0x80c00) r0 = openat2(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000480)={0x10000, 0x7e, 0x14}, 0x18) write$smackfs_change_rule(r0, &(0x7f00000004c0)={':].\\)\\E.O:+[/p(!', 0x20, '&-\xf7^', 0x20, 'rb', 0x20, 'xatl'}, 0x1e) (async) write$smackfs_change_rule(r0, &(0x7f00000004c0)={':].\\)\\E.O:+[/p(!', 0x20, '&-\xf7^', 0x20, 'rb', 0x20, 'xatl'}, 0x1e) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_add_memb(r1, 0x107, 0x1, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) (async) r2 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000000)={'raw\x00', 0x7003, [0x0, 0x5]}, &(0x7f0000000100)=0x54) (async) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000000)={'raw\x00', 0x7003, [0x0, 0x5]}, &(0x7f0000000100)=0x54) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) (async) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000005dc0)=[{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001d40)="d8750288189987d0fabb09b23867772c615b8004f5071a7715f73be32aea3bb1ecc3e0814fb9b752a6d48b1d4d68a4282f76c2c6535ec3ec0fe9843311a22b58a46ed495465703756e040dd9002584b5f9ae54dd851daed0c915d40f3a3fb324415ea188556f05a94c5a063dcf7be1743c393ed5fd0563366b67048a89f49375cd26cdbbe7f4b9f7d02fb8c26996da27d63c84e31f1b8a8b942e2b7b25354a25c9b79d6dfbd7f7d9ee7c0767dc1e21f382382ac9a01aa1fb75a182d9d410079b15e59a58c12e44ea45aaf6021bf0179b6a99c4b47d", 0xd5}], 0x1}], 0x1, 0x0) (async) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000005dc0)=[{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001d40)="d8750288189987d0fabb09b23867772c615b8004f5071a7715f73be32aea3bb1ecc3e0814fb9b752a6d48b1d4d68a4282f76c2c6535ec3ec0fe9843311a22b58a46ed495465703756e040dd9002584b5f9ae54dd851daed0c915d40f3a3fb324415ea188556f05a94c5a063dcf7be1743c393ed5fd0563366b67048a89f49375cd26cdbbe7f4b9f7d02fb8c26996da27d63c84e31f1b8a8b942e2b7b25354a25c9b79d6dfbd7f7d9ee7c0767dc1e21f382382ac9a01aa1fb75a182d9d410079b15e59a58c12e44ea45aaf6021bf0179b6a99c4b47d", 0xd5}], 0x1}], 0x1, 0x0) quotactl$Q_QUOTAON(0xffffffff80000102, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0xd8, 0x8, 0x0, 0x0}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0xd8, 0x8, 0x0, 0x0}}, 0x10) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="8510000004000000950000000000000000950000000000000085100000fcffffff9500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffec3}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r6, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 2m8.166389458s ago: executing program 4 (id=173): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x2a602c43fbfb34e8) 2m2.214982222s ago: executing program 32 (id=169): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)="32780f643983", 0x6, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x84a}, 0x1c) r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010002a69bbc104f95994176"], 0x0) syz_usb_control_io(r1, &(0x7f0000000200)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='cubic\x00', 0x6) shutdown(r0, 0x1) 1m38.558016959s ago: executing program 33 (id=171): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000440)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_PROBE_MESH_LINK(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB='h\x00\x00', @ANYRES16=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00Pwsrh_e', @ANYRES32=r3, @ANYBLOB], 0x68}, 0x1, 0x0, 0x0, 0x14}, 0x4008000) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000005c0)={{0x1, 0x1, 0x18, r5, {0x80000001}}, './file0\x00'}) pipe2(0x0, 0x800) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000cab000)=0xc) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)) socket(0x10, 0x3, 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r7, 0x0, 0xffffffffffffffff}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r6, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, r8, 0x0, 0x0, 0xffca, &(0x7f0000000040)='?', 0x5}) 1m31.048397738s ago: executing program 34 (id=170): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r3, &(0x7f0000000040)="050000000100", 0x6) 21.297512794s ago: executing program 35 (id=172): unshare(0x62040200) (async) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) accept4$netrom(0xffffffffffffffff, 0x0, 0x0, 0x80c00) r0 = openat2(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000480)={0x10000, 0x7e, 0x14}, 0x18) write$smackfs_change_rule(r0, &(0x7f00000004c0)={':].\\)\\E.O:+[/p(!', 0x20, '&-\xf7^', 0x20, 'rb', 0x20, 'xatl'}, 0x1e) (async) write$smackfs_change_rule(r0, &(0x7f00000004c0)={':].\\)\\E.O:+[/p(!', 0x20, '&-\xf7^', 0x20, 'rb', 0x20, 'xatl'}, 0x1e) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_add_memb(r1, 0x107, 0x1, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) (async) r2 = socket$inet_tcp(0x2, 0x1, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000000)={'raw\x00', 0x7003, [0x0, 0x5]}, &(0x7f0000000100)=0x54) (async) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000000)={'raw\x00', 0x7003, [0x0, 0x5]}, &(0x7f0000000100)=0x54) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) (async) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000005dc0)=[{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001d40)="d8750288189987d0fabb09b23867772c615b8004f5071a7715f73be32aea3bb1ecc3e0814fb9b752a6d48b1d4d68a4282f76c2c6535ec3ec0fe9843311a22b58a46ed495465703756e040dd9002584b5f9ae54dd851daed0c915d40f3a3fb324415ea188556f05a94c5a063dcf7be1743c393ed5fd0563366b67048a89f49375cd26cdbbe7f4b9f7d02fb8c26996da27d63c84e31f1b8a8b942e2b7b25354a25c9b79d6dfbd7f7d9ee7c0767dc1e21f382382ac9a01aa1fb75a182d9d410079b15e59a58c12e44ea45aaf6021bf0179b6a99c4b47d", 0xd5}], 0x1}], 0x1, 0x0) (async) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000005dc0)=[{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001d40)="d8750288189987d0fabb09b23867772c615b8004f5071a7715f73be32aea3bb1ecc3e0814fb9b752a6d48b1d4d68a4282f76c2c6535ec3ec0fe9843311a22b58a46ed495465703756e040dd9002584b5f9ae54dd851daed0c915d40f3a3fb324415ea188556f05a94c5a063dcf7be1743c393ed5fd0563366b67048a89f49375cd26cdbbe7f4b9f7d02fb8c26996da27d63c84e31f1b8a8b942e2b7b25354a25c9b79d6dfbd7f7d9ee7c0767dc1e21f382382ac9a01aa1fb75a182d9d410079b15e59a58c12e44ea45aaf6021bf0179b6a99c4b47d", 0xd5}], 0x1}], 0x1, 0x0) quotactl$Q_QUOTAON(0xffffffff80000102, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0xd8, 0x8, 0x0, 0x0}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0xd8, 0x8, 0x0, 0x0}}, 0x10) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="8510000004000000950000000000000000950000000000000085100000fcffffff9500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffec3}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r6, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 0s ago: executing program 36 (id=173): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x2a602c43fbfb34e8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts. [ 85.973170][ T5823] cgroup: Unknown subsys name 'net' [ 86.225273][ T5823] cgroup: Unknown subsys name 'cpuset' [ 86.299678][ T5823] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.201963][ T9] cfg80211: failed to load regulatory.db [ 88.464393][ T5823] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.363891][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.393027][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.394346][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.395876][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.396760][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.452059][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.460838][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.472347][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.490132][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.498077][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.544668][ T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.548719][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.568506][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.577990][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.609561][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.611955][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.612717][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.614058][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.615967][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.627087][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.630869][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.633823][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.634278][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.635874][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.636308][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.546121][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 92.675689][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 92.862990][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 92.887142][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 93.115236][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 93.435020][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.436029][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.436394][ T5834] bridge_slave_0: entered allmulticast mode [ 93.438277][ T5834] bridge_slave_0: entered promiscuous mode [ 93.440925][ T5836] Bluetooth: hci0: command tx timeout [ 93.575093][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.575181][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.575317][ T5834] bridge_slave_1: entered allmulticast mode [ 93.577153][ T5834] bridge_slave_1: entered promiscuous mode [ 93.599934][ T5836] Bluetooth: hci1: command tx timeout [ 93.679176][ T5836] Bluetooth: hci2: command tx timeout [ 93.679369][ T5836] Bluetooth: hci3: command tx timeout [ 93.715727][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.715846][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.715971][ T5838] bridge_slave_0: entered allmulticast mode [ 93.717670][ T5838] bridge_slave_0: entered promiscuous mode [ 93.770381][ T5849] Bluetooth: hci4: command tx timeout [ 93.970689][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.970847][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.971025][ T5838] bridge_slave_1: entered allmulticast mode [ 93.974207][ T5838] bridge_slave_1: entered promiscuous mode [ 94.317168][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.341329][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.341487][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.341613][ T5842] bridge_slave_0: entered allmulticast mode [ 94.343341][ T5842] bridge_slave_0: entered promiscuous mode [ 94.345228][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.345383][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.345588][ T5841] bridge_slave_0: entered allmulticast mode [ 94.347660][ T5841] bridge_slave_0: entered promiscuous mode [ 94.433025][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.501103][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.501381][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.501590][ T5842] bridge_slave_1: entered allmulticast mode [ 94.504979][ T5842] bridge_slave_1: entered promiscuous mode [ 94.506762][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.506929][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.507513][ T5841] bridge_slave_1: entered allmulticast mode [ 94.516679][ T5841] bridge_slave_1: entered promiscuous mode [ 94.525178][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.864266][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.032847][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.033019][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.033243][ T5848] bridge_slave_0: entered allmulticast mode [ 95.036566][ T5848] bridge_slave_0: entered promiscuous mode [ 95.262519][ T5834] team0: Port device team_slave_0 added [ 95.263299][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.263554][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.263770][ T5848] bridge_slave_1: entered allmulticast mode [ 95.266038][ T5848] bridge_slave_1: entered promiscuous mode [ 95.297980][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.387555][ T5834] team0: Port device team_slave_1 added [ 95.397983][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.504679][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.506681][ T5838] team0: Port device team_slave_0 added [ 95.519183][ T5849] Bluetooth: hci0: command tx timeout [ 95.602554][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.679165][ T5849] Bluetooth: hci1: command tx timeout [ 95.759124][ T5849] Bluetooth: hci3: command tx timeout [ 95.759162][ T5849] Bluetooth: hci2: command tx timeout [ 95.761647][ T5838] team0: Port device team_slave_1 added [ 95.839275][ T5836] Bluetooth: hci4: command tx timeout [ 95.905831][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.042239][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.042258][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.042285][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.196701][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.462934][ T5842] team0: Port device team_slave_0 added [ 96.543460][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.543479][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.543506][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.546904][ T5841] team0: Port device team_slave_0 added [ 96.663282][ T5842] team0: Port device team_slave_1 added [ 96.664929][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.664942][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.664970][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.693780][ T5841] team0: Port device team_slave_1 added [ 96.762801][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.762820][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.762847][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.971569][ T5848] team0: Port device team_slave_0 added [ 97.153176][ T5848] team0: Port device team_slave_1 added [ 97.155640][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.155656][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.155679][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.282217][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.282230][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.282247][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.373817][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.373836][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.373864][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.520978][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.520996][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.521022][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.600451][ T5836] Bluetooth: hci0: command tx timeout [ 97.747445][ T5834] hsr_slave_0: entered promiscuous mode [ 97.748514][ T5834] hsr_slave_1: entered promiscuous mode [ 97.759234][ T5836] Bluetooth: hci1: command tx timeout [ 97.785431][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.785449][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.785476][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.839377][ T5849] Bluetooth: hci3: command tx timeout [ 97.839674][ T5836] Bluetooth: hci2: command tx timeout [ 97.898062][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.898081][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.898107][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.919364][ T5836] Bluetooth: hci4: command tx timeout [ 97.957359][ T5838] hsr_slave_0: entered promiscuous mode [ 97.958265][ T5838] hsr_slave_1: entered promiscuous mode [ 97.965640][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 97.965764][ T5838] Cannot create hsr debugfs directory [ 98.471854][ T5842] hsr_slave_0: entered promiscuous mode [ 98.473503][ T5842] hsr_slave_1: entered promiscuous mode [ 98.474703][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 98.474722][ T5842] Cannot create hsr debugfs directory [ 98.570138][ T5841] hsr_slave_0: entered promiscuous mode [ 98.571754][ T5841] hsr_slave_1: entered promiscuous mode [ 98.572823][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 98.572849][ T5841] Cannot create hsr debugfs directory [ 98.943149][ T5848] hsr_slave_0: entered promiscuous mode [ 98.944053][ T5848] hsr_slave_1: entered promiscuous mode [ 98.944660][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 98.944681][ T5848] Cannot create hsr debugfs directory [ 99.679290][ T5836] Bluetooth: hci0: command tx timeout [ 99.849146][ T5836] Bluetooth: hci1: command tx timeout [ 99.929074][ T5836] Bluetooth: hci2: command tx timeout [ 99.929109][ T5836] Bluetooth: hci3: command tx timeout [ 99.999232][ T5849] Bluetooth: hci4: command tx timeout [ 100.504646][ T5834] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 100.537087][ T5834] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 100.578136][ T5834] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 100.637240][ T5834] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 100.783667][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.828009][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.866813][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.923331][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.106447][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 101.152893][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 101.209684][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 101.277269][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 101.468495][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 101.518064][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 101.556433][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 101.627213][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 101.767681][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.837430][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 101.885496][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 101.926985][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 101.976228][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 102.038760][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.114597][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.115159][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.172692][ T72] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.172838][ T72] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.185369][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.324280][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.358418][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.415809][ T72] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.416076][ T72] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.495544][ T1495] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.495658][ T1495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.547655][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.586709][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.631209][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.631669][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.703582][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.703927][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.821701][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.921729][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.944002][ T1495] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.944245][ T1495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.007060][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.007236][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.142280][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.215046][ T72] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.215290][ T72] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.255323][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.283298][ T72] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.283903][ T72] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.733129][ T5834] veth0_vlan: entered promiscuous mode [ 103.823623][ T5834] veth1_vlan: entered promiscuous mode [ 103.942714][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.946505][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.209594][ T5834] veth0_macvtap: entered promiscuous mode [ 104.260857][ T5834] veth1_macvtap: entered promiscuous mode [ 104.313706][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.447502][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.455274][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.456867][ T5838] veth0_vlan: entered promiscuous mode [ 104.525817][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.562424][ T5838] veth1_vlan: entered promiscuous mode [ 104.591659][ T1095] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.602159][ T1095] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.612353][ T1095] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.626518][ T1095] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.902146][ T5848] veth0_vlan: entered promiscuous mode [ 105.005099][ T5838] veth0_macvtap: entered promiscuous mode [ 105.007412][ T5841] veth0_vlan: entered promiscuous mode [ 105.022183][ T5848] veth1_vlan: entered promiscuous mode [ 105.089322][ T5838] veth1_macvtap: entered promiscuous mode [ 105.138522][ T3716] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.142569][ T3716] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.149726][ T5841] veth1_vlan: entered promiscuous mode [ 105.220238][ T5842] veth0_vlan: entered promiscuous mode [ 105.292207][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.317534][ T1495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.317557][ T1495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.321287][ T5842] veth1_vlan: entered promiscuous mode [ 105.332124][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.424828][ T1495] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.430122][ T5848] veth0_macvtap: entered promiscuous mode [ 105.447129][ T1495] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.470505][ T1495] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.507864][ T1495] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.514971][ T5848] veth1_macvtap: entered promiscuous mode [ 105.524742][ T5841] veth0_macvtap: entered promiscuous mode [ 105.600938][ T5841] veth1_macvtap: entered promiscuous mode [ 105.818935][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.828921][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.838945][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.848912][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.858931][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.859057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.868898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.928908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.938904][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.948907][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.834874][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.845331][ T5842] veth0_macvtap: entered promiscuous mode [ 106.906555][ T5955] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'. [ 107.036811][ T5842] veth1_macvtap: entered promiscuous mode [ 107.047981][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.070551][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.070573][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.103523][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.180107][ T4881] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.236236][ T3505] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.258587][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.274868][ T3505] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.349187][ T3505] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.374356][ T3505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.374377][ T3505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.397629][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.397737][ T72] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.491578][ T72] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.498690][ T72] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.524879][ T72] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.557908][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.643144][ T5960] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 107.643171][ T5960] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 107.675956][ T5960] vhci_hcd vhci_hcd.0: Device attached [ 107.849235][ T3555] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.859945][ T5844] vhci_hcd: vhci_device speed not set [ 107.862478][ T3716] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.871922][ T3716] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.954647][ T3716] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.968117][ T5844] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 108.007845][ T989] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 108.441321][ T989] usb 3-1: config 0 has no interfaces? [ 108.441366][ T989] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 108.441399][ T989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.469948][ T989] usb 3-1: config 0 descriptor?? [ 108.530653][ T5967] capability: warning: `syz.0.1' uses deprecated v2 capabilities in a way that may be insecure [ 109.085091][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.085114][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.134164][ T5961] vhci_hcd: connection reset by peer [ 110.152218][ T3555] vhci_hcd: stop threads [ 110.153298][ T3555] vhci_hcd: release socket [ 110.168926][ T3555] vhci_hcd: disconnect device [ 110.233868][ T5846] usb 3-1: USB disconnect, device number 2 [ 110.307920][ T5844] vhci_hcd: vhci_device speed not set [ 110.602280][ T3555] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.602302][ T3555] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.678325][ T3555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.678343][ T3555] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.829288][ T5846] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 110.831297][ T4881] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.831317][ T4881] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.921176][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.921198][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.979080][ T5846] usb 1-1: Using ep0 maxpacket: 32 [ 110.983781][ T5846] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 110.983809][ T5846] usb 1-1: config 0 has no interface number 0 [ 110.988770][ T5846] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 110.988798][ T5846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.988817][ T5846] usb 1-1: Product: syz [ 110.988831][ T5846] usb 1-1: Manufacturer: syz [ 110.989972][ T5846] usb 1-1: SerialNumber: syz [ 111.024796][ T5846] usb 1-1: config 0 descriptor?? [ 111.181460][ T5846] smsc95xx v2.0.0 [ 111.418372][ T3555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.418395][ T3555] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.957394][ T5989] FAULT_INJECTION: forcing a failure. [ 111.957394][ T5989] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 111.957491][ T5989] CPU: 0 UID: 0 PID: 5989 Comm: syz.1.12 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 111.957514][ T5989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 111.957525][ T5989] Call Trace: [ 111.957532][ T5989] [ 111.957541][ T5989] dump_stack_lvl+0x189/0x250 [ 111.957573][ T5989] ? __pfx____ratelimit+0x10/0x10 [ 111.957597][ T5989] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.957623][ T5989] ? __pfx__printk+0x10/0x10 [ 111.957644][ T5989] ? __might_fault+0xb0/0x130 [ 111.957683][ T5989] should_fail_ex+0x46c/0x600 [ 111.957714][ T5989] _copy_from_user+0x2d/0xb0 [ 111.957735][ T5989] dev_ifconf+0xd3/0x2f0 [ 111.957759][ T5989] ? __lock_acquire+0xab9/0xd20 [ 111.957785][ T5989] ? __pfx_dev_ifconf+0x10/0x10 [ 111.957807][ T5989] ? __asan_memset+0x22/0x50 [ 111.957827][ T5989] ? smack_file_ioctl+0x24d/0x340 [ 111.957854][ T5989] sock_ioctl+0x1d8/0x790 [ 111.957875][ T5989] ? __pfx_sock_ioctl+0x10/0x10 [ 111.957894][ T5989] ? __fget_files+0x2a/0x420 [ 111.957919][ T5989] ? __fget_files+0x3a6/0x420 [ 111.957944][ T5989] ? __fget_files+0x2a/0x420 [ 111.957974][ T5989] ? bpf_lsm_file_ioctl+0x9/0x20 [ 111.957997][ T5989] ? __pfx_sock_ioctl+0x10/0x10 [ 111.958016][ T5989] __se_sys_ioctl+0xfc/0x170 [ 111.958042][ T5989] do_syscall_64+0xfa/0x3b0 [ 111.958066][ T5989] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.958091][ T5989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.958112][ T5989] ? clear_bhb_loop+0x60/0xb0 [ 111.958137][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.958156][ T5989] RIP: 0033:0x7f04a0b9ebe9 [ 111.958174][ T5989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.958191][ T5989] RSP: 002b:00007f049edfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 111.958213][ T5989] RAX: ffffffffffffffda RBX: 00007f04a0dc5fa0 RCX: 00007f04a0b9ebe9 [ 111.958228][ T5989] RDX: 0000200000000000 RSI: 0000000000008912 RDI: 0000000000000004 [ 111.958240][ T5989] RBP: 00007f049edfe090 R08: 0000000000000000 R09: 0000000000000000 [ 111.958253][ T5989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.958265][ T5989] R13: 00007f04a0dc6038 R14: 00007f04a0dc5fa0 R15: 00007ffccaec5318 [ 111.958298][ T5989] [ 112.076309][ T5990] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 112.544474][ T5846] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 112.544508][ T5846] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 112.545168][ T5846] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 112.545851][ T5846] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 112.568444][ T5844] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 112.597560][ T5846] usb 1-1: USB disconnect, device number 2 [ 112.826419][ T5844] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 112.826474][ T5844] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.826500][ T5844] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.826523][ T5844] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 112.828344][ T5844] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 112.828371][ T5844] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 112.828404][ T5844] usb 3-1: Manufacturer: syz [ 113.066939][ T5844] usb 3-1: config 0 descriptor?? [ 113.199839][ T6001] 9pnet_fd: Insufficient options for proto=fd [ 113.947575][ T5844] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 114.981347][ T6009] FAULT_INJECTION: forcing a failure. [ 114.981347][ T6009] name failslab, interval 1, probability 0, space 0, times 1 [ 114.981383][ T6009] CPU: 0 UID: 0 PID: 6009 Comm: syz.3.16 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 114.981406][ T6009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 114.981418][ T6009] Call Trace: [ 114.981426][ T6009] [ 114.981435][ T6009] dump_stack_lvl+0x189/0x250 [ 114.981470][ T6009] ? __pfx____ratelimit+0x10/0x10 [ 114.981496][ T6009] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.981523][ T6009] ? __pfx__printk+0x10/0x10 [ 114.981550][ T6009] ? __pfx___might_resched+0x10/0x10 [ 114.981582][ T6009] ? fs_reclaim_acquire+0x7d/0x100 [ 114.981606][ T6009] should_fail_ex+0x46c/0x600 [ 114.981638][ T6009] should_failslab+0xa8/0x100 [ 114.981666][ T6009] __kmalloc_cache_noprof+0x6e/0x320 [ 114.981693][ T6009] ? __se_sys_mount+0x165/0x410 [ 114.981718][ T6009] ? memdup_user+0x99/0xd0 [ 114.981745][ T6009] __se_sys_mount+0x165/0x410 [ 114.981780][ T6009] ? __pfx___se_sys_mount+0x10/0x10 [ 114.981806][ T6009] ? rcu_is_watching+0x15/0xb0 [ 114.981838][ T6009] ? do_syscall_64+0xbe/0x3b0 [ 114.981860][ T6009] ? __x64_sys_mount+0x20/0xc0 [ 114.981889][ T6009] do_syscall_64+0xfa/0x3b0 [ 114.981912][ T6009] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.981936][ T6009] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.981955][ T6009] ? clear_bhb_loop+0x60/0xb0 [ 114.981978][ T6009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.981997][ T6009] RIP: 0033:0x7f10af65ebe9 [ 114.982015][ T6009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.982031][ T6009] RSP: 002b:00007f10ad8be038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 114.982053][ T6009] RAX: ffffffffffffffda RBX: 00007f10af885fa0 RCX: 00007f10af65ebe9 [ 114.982069][ T6009] RDX: 0000200000004380 RSI: 0000200000000180 RDI: 0000000000000000 [ 114.982081][ T6009] RBP: 00007f10ad8be090 R08: 0000200000000080 R09: 0000000000000000 [ 114.982095][ T6009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.982107][ T6009] R13: 00007f10af886038 R14: 00007f10af885fa0 R15: 00007ffcbd9660d8 [ 114.982141][ T6009] [ 115.019009][ T5844] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 115.780151][ T6013] netlink: 'syz.0.17': attribute type 7 has an invalid length. [ 116.150898][ T6029] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.209991][ T31] usb 3-1: USB disconnect, device number 3 [ 118.897527][ T6025] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 119.170314][ T6047] 9pnet_fd: Insufficient options for proto=fd [ 119.296880][ T6017] syz.4.20 (6017): drop_caches: 2 [ 119.678616][ T6051] 9pnet_fd: Insufficient options for proto=fd [ 121.032501][ T6055] fido_id[6055]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 121.318986][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.319003][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.321277][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.321291][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.321403][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.321412][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.321520][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.321529][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.321642][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.321651][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.321758][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.321767][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.321879][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.321888][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.322000][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.322009][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.322118][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.322127][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.322244][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.322253][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.322375][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.322384][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.322495][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.322504][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.322612][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.322621][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.322734][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.322742][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.322855][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.322863][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.322973][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.322981][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.323088][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.323107][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.323237][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.323246][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.323358][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.323366][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.323474][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.323482][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.323592][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.323601][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.323716][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.323725][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.323843][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.323852][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.323968][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.323976][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.324085][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.324093][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.324228][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.324237][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.324345][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.324354][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.324463][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.324471][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.324581][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.324590][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.324698][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.324707][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.324829][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.324837][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.324945][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.324953][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.325077][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.325086][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.325193][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.325201][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.325320][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.325329][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.325440][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.325448][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.325554][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.325563][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.325672][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.325681][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.325794][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.325803][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.325911][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.325919][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.326028][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.326036][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.326180][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.326189][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.326305][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.326313][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.326420][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.326429][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.326535][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.326542][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.326683][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.326692][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.326799][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.326808][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.326916][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.326924][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.327029][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.327038][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.327181][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.327190][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.327412][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.327422][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.327528][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.327536][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.327643][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.327651][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.327795][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.327803][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.327909][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.327918][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.328024][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.328033][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.328153][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.328162][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.328312][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.328321][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.328429][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.328437][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.328541][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.328550][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.328657][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.328666][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.328810][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.328818][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.328991][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.329001][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.329109][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.329117][ T6069] binder: 6068:6069 ioctl 4018620d 2000000000c0 returned -16 [ 121.470820][ T6069] binder: BINDER_SET_CONTEXT_MGR already set [ 121.470836][ T6069] binder: 6068:6069 ioctl 4018620d 200000000040 returned -16 [ 123.039453][ T6087] Zero length message leads to an empty skb [ 123.187903][ T6089] FAULT_INJECTION: forcing a failure. [ 123.187903][ T6089] name failslab, interval 1, probability 0, space 0, times 0 [ 123.187940][ T6089] CPU: 1 UID: 0 PID: 6089 Comm: syz.3.36 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 123.187963][ T6089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 123.187976][ T6089] Call Trace: [ 123.187984][ T6089] [ 123.187992][ T6089] dump_stack_lvl+0x189/0x250 [ 123.188027][ T6089] ? __pfx____ratelimit+0x10/0x10 [ 123.188053][ T6089] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.188083][ T6089] ? __pfx__printk+0x10/0x10 [ 123.188112][ T6089] ? __pfx___might_resched+0x10/0x10 [ 123.188135][ T6089] ? fs_reclaim_acquire+0x7d/0x100 [ 123.188159][ T6089] should_fail_ex+0x46c/0x600 [ 123.188193][ T6089] should_failslab+0xa8/0x100 [ 123.188222][ T6089] __kmalloc_node_noprof+0xd5/0x460 [ 123.188258][ T6089] ? alloc_slab_obj_exts+0x39/0xa0 [ 123.188289][ T6089] alloc_slab_obj_exts+0x39/0xa0 [ 123.188315][ T6089] __memcg_slab_post_alloc_hook+0x33c/0x820 [ 123.188358][ T6089] ? __alloc_skb+0x112/0x2d0 [ 123.188383][ T6089] kmem_cache_alloc_node_noprof+0x1d8/0x330 [ 123.188419][ T6089] __alloc_skb+0x112/0x2d0 [ 123.188449][ T6089] alloc_skb_with_frags+0xca/0x890 [ 123.188475][ T6089] ? try_to_take_rt_mutex+0x840/0xb00 [ 123.188512][ T6089] sock_alloc_send_pskb+0x863/0x9a0 [ 123.188565][ T6089] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 123.188604][ T6089] ? smack_socket_getpeersec_dgram+0x320/0x430 [ 123.188642][ T6089] unix_dgram_sendmsg+0x461/0x1850 [ 123.188673][ T6089] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 123.188718][ T6089] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 123.188738][ T6089] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 123.188779][ T6089] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 123.188799][ T6089] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 123.188823][ T6089] __sock_sendmsg+0x219/0x270 [ 123.188853][ T6089] ____sys_sendmsg+0x534/0x820 [ 123.188885][ T6089] ? __pfx_____sys_sendmsg+0x10/0x10 [ 123.188925][ T6089] ? import_iovec+0x74/0xa0 [ 123.188952][ T6089] ___sys_sendmsg+0x21f/0x2a0 [ 123.188984][ T6089] ? __pfx____sys_sendmsg+0x10/0x10 [ 123.189055][ T6089] ? __fget_files+0x2a/0x420 [ 123.189083][ T6089] ? __fget_files+0x3a6/0x420 [ 123.189123][ T6089] __sys_sendmmsg+0x22d/0x430 [ 123.189158][ T6089] ? __pfx___sys_sendmmsg+0x10/0x10 [ 123.189198][ T6089] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 123.189246][ T6089] ? ksys_write+0x230/0x260 [ 123.189274][ T6089] ? __pfx_ksys_write+0x10/0x10 [ 123.189296][ T6089] ? rcu_is_watching+0x15/0xb0 [ 123.189333][ T6089] __x64_sys_sendmmsg+0xa0/0xc0 [ 123.189365][ T6089] do_syscall_64+0xfa/0x3b0 [ 123.189390][ T6089] ? lockdep_hardirqs_on+0x9c/0x150 [ 123.189415][ T6089] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.189436][ T6089] ? clear_bhb_loop+0x60/0xb0 [ 123.189461][ T6089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.189479][ T6089] RIP: 0033:0x7f10af65ebe9 [ 123.189498][ T6089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.189514][ T6089] RSP: 002b:00007f10ad8be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 123.189537][ T6089] RAX: ffffffffffffffda RBX: 00007f10af885fa0 RCX: 00007f10af65ebe9 [ 123.189552][ T6089] RDX: 0000000000000651 RSI: 0000200000000000 RDI: 0000000000000004 [ 123.189565][ T6089] RBP: 00007f10ad8be090 R08: 0000000000000000 R09: 0000000000000000 [ 123.189577][ T6089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.189589][ T6089] R13: 00007f10af886038 R14: 00007f10af885fa0 R15: 00007ffcbd9660d8 [ 123.189623][ T6089] [ 123.297797][ T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 123.782986][ T10] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 123.783018][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.783037][ T10] usb 3-1: Product: syz [ 123.783050][ T10] usb 3-1: Manufacturer: syz [ 123.783064][ T10] usb 3-1: SerialNumber: syz [ 123.835246][ T10] usb 3-1: config 0 descriptor?? [ 124.211281][ T6095] 9pnet_fd: Insufficient options for proto=fd [ 124.531277][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 125.069583][ T6085] binder: 6084:6085 ioctl c0306201 2000000008c0 returned -14 [ 125.272161][ T10] gspca_sunplus: reg_r err -71 [ 125.272575][ T10] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 125.434957][ T10] usb 3-1: USB disconnect, device number 4 [ 128.363185][ T6129] netlink: 128 bytes leftover after parsing attributes in process `syz.0.49'. [ 128.549559][ T6122] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 128.699087][ T5977] usb 3-1: new low-speed USB device number 5 using dummy_hcd [ 129.005185][ T5977] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1024, setting to 8 [ 129.005209][ T5977] usb 3-1: config 0 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 129.005224][ T5977] usb 3-1: config 0 interface 0 has no altsetting 0 [ 129.005244][ T5977] usb 3-1: New USB device found, idVendor=05ac, idProduct=0225, bcdDevice= 0.00 [ 129.005265][ T5977] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.008723][ T5977] usb 3-1: config 0 descriptor?? [ 129.022440][ T6130] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 129.022635][ T6130] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 129.053727][ T6138] 9pnet_fd: Insufficient options for proto=fd [ 129.958211][ T5977] usb 3-1: string descriptor 0 read error: -71 [ 129.967716][ T5977] usbhid 3-1:0.0: can't add hid device: -71 [ 129.967806][ T5977] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 130.010341][ T5977] usb 3-1: USB disconnect, device number 5 [ 132.449124][ T5925] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 132.605079][ T5925] usb 4-1: Using ep0 maxpacket: 16 [ 132.618797][ T5925] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 132.618817][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.618833][ T5925] usb 4-1: Product: syz [ 132.643941][ T5925] usb 4-1: Manufacturer: syz [ 132.643955][ T5925] usb 4-1: SerialNumber: syz [ 132.759787][ T5925] usb 4-1: config 0 descriptor?? [ 132.823477][ T5925] visor 4-1:0.0: Sony Clie 3.5 converter detected [ 133.219039][ T6171] netlink: 128 bytes leftover after parsing attributes in process `syz.4.60'. [ 133.290184][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.290287][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.803860][ T6177] netlink: 9896 bytes leftover after parsing attributes in process `syz.1.62'. [ 133.863282][ T6177] netlink: del zone limit has 4 unknown bytes [ 134.857745][ T6182] 9pnet_fd: Insufficient options for proto=fd [ 136.103986][ T5925] usb 4-1: clie_3_5_startup: get interface number failed: -110 [ 136.104108][ T5925] visor 4-1:0.0: probe with driver visor failed with error -110 [ 136.329992][ T5925] usb 4-1: USB disconnect, device number 2 [ 136.402989][ T6187] netlink: 8 bytes leftover after parsing attributes in process `syz.1.64'. [ 137.162649][ T6184] bond_slave_0: entered promiscuous mode [ 137.162703][ T6184] bond_slave_1: entered promiscuous mode [ 137.162928][ T6184] macsec1: entered promiscuous mode [ 137.162935][ T6184] bond0: entered promiscuous mode [ 137.208163][ T6184] bond0: left promiscuous mode [ 137.208648][ T6184] bond_slave_0: left promiscuous mode [ 137.208695][ T6184] bond_slave_1: left promiscuous mode [ 139.125907][ T6217] netlink: 9896 bytes leftover after parsing attributes in process `syz.0.74'. [ 139.129734][ T6217] netlink: del zone limit has 4 unknown bytes [ 140.285031][ T6226] netlink: 128 bytes leftover after parsing attributes in process `syz.2.77'. [ 140.485811][ T6232] 9pnet_fd: Insufficient options for proto=fd [ 141.963915][ T6251] FAULT_INJECTION: forcing a failure. [ 141.963915][ T6251] name failslab, interval 1, probability 0, space 0, times 0 [ 141.963984][ T6251] CPU: 1 UID: 0 PID: 6251 Comm: syz.4.83 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 141.964008][ T6251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 141.964020][ T6251] Call Trace: [ 141.964028][ T6251] [ 141.964037][ T6251] dump_stack_lvl+0x189/0x250 [ 141.964071][ T6251] ? __pfx____ratelimit+0x10/0x10 [ 141.964099][ T6251] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.964129][ T6251] ? __pfx__printk+0x10/0x10 [ 141.964156][ T6251] ? fs_reclaim_acquire+0x7d/0x100 [ 141.964186][ T6251] should_fail_ex+0x46c/0x600 [ 141.964218][ T6251] ? security_inode_alloc+0x39/0x330 [ 141.964247][ T6251] should_failslab+0xa8/0x100 [ 141.964276][ T6251] ? security_inode_alloc+0x39/0x330 [ 141.964304][ T6251] kmem_cache_alloc_noprof+0x6e/0x310 [ 141.964346][ T6251] security_inode_alloc+0x39/0x330 [ 141.964379][ T6251] inode_init_always_gfp+0x9bf/0xd70 [ 141.964416][ T6251] ? __pfx_proc_alloc_inode+0x10/0x10 [ 141.964438][ T6251] alloc_inode+0x82/0x1b0 [ 141.964468][ T6251] new_inode+0x22/0x170 [ 141.964511][ T6251] proc_sys_make_inode+0x4c/0x500 [ 141.964535][ T6251] ? __init_waitqueue_head+0xae/0x160 [ 141.964567][ T6251] proc_sys_fill_cache+0x318/0x410 [ 141.964596][ T6251] ? __pfx_proc_sys_fill_cache+0x10/0x10 [ 141.964618][ T6251] ? rt_mutex_slowunlock+0x493/0x8a0 [ 141.964640][ T6251] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 141.964686][ T6251] ? __rcu_read_unlock+0x84/0xe0 [ 141.964727][ T6251] proc_sys_link_fill_cache+0x143/0x1e0 [ 141.964760][ T6251] proc_sys_readdir+0x828/0x9e0 [ 141.964795][ T6251] iterate_dir+0x3a2/0x580 [ 141.964826][ T6251] __se_sys_getdents+0xe4/0x250 [ 141.964849][ T6251] ? irqentry_exit+0x74/0x90 [ 141.964876][ T6251] ? __pfx___se_sys_getdents+0x10/0x10 [ 141.964899][ T6251] ? __pfx_filldir+0x10/0x10 [ 141.964945][ T6251] do_syscall_64+0xfa/0x3b0 [ 141.964973][ T6251] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.964993][ T6251] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 141.965012][ T6251] ? clear_bhb_loop+0x60/0xb0 [ 141.965038][ T6251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.965057][ T6251] RIP: 0033:0x7f873c3bebe9 [ 141.965076][ T6251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.965092][ T6251] RSP: 002b:00007f873a5dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 141.965115][ T6251] RAX: ffffffffffffffda RBX: 00007f873c5e6180 RCX: 00007f873c3bebe9 [ 141.965130][ T6251] RDX: 00000000000000ff RSI: 0000200000000080 RDI: 0000000000000006 [ 141.965143][ T6251] RBP: 00007f873a5dc090 R08: 0000000000000000 R09: 0000000000000000 [ 141.965156][ T6251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.965168][ T6251] R13: 00007f873c5e6218 R14: 00007f873c5e6180 R15: 00007ffd25235e88 [ 141.965204][ T6251] [ 142.779788][ T989] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 142.955290][ T989] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 142.955311][ T989] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.011630][ T989] usb 2-1: config 0 descriptor?? [ 144.098523][ T6263] netlink: del zone limit has 4 unknown bytes [ 144.952924][ T989] ath6kl: Failed to read usb control message: -71 [ 144.952986][ T989] ath6kl: Unable to read the bmi data from the device: -71 [ 144.953002][ T989] ath6kl: unable to read target info byte count: -71 [ 144.956392][ T989] ath6kl: Failed to init ath6kl core: -71 [ 144.957126][ T989] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 145.058429][ T989] usb 2-1: USB disconnect, device number 2 [ 146.736072][ C0] vkms_vblank_simulate: vblank timer overrun [ 146.884594][ C0] vkms_vblank_simulate: vblank timer overrun [ 147.214795][ C0] vkms_vblank_simulate: vblank timer overrun [ 147.273743][ T6283] process 'syz.4.93' launched './file1' with NULL argv: empty string added [ 147.535296][ T6290] 9pnet_fd: Insufficient options for proto=fd [ 147.658512][ T6283] netlink: 8 bytes leftover after parsing attributes in process `syz.4.93'. [ 148.288950][ C0] vkms_vblank_simulate: vblank timer overrun [ 149.753825][ C0] vkms_vblank_simulate: vblank timer overrun [ 150.313076][ T6301] netlink: del zone limit has 4 unknown bytes [ 150.356070][ T6274] syz.0.90 (6274): drop_caches: 2 [ 150.875059][ T6292] netlink: 36 bytes leftover after parsing attributes in process `syz.3.95'. [ 151.022755][ T6310] overlayfs: missing 'lowerdir' [ 151.044473][ T6312] syz.0.99 uses obsolete (PF_INET,SOCK_PACKET) [ 160.675432][ T6336] 9pnet_fd: Insufficient options for proto=fd [ 161.009222][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 161.529255][ T9] usb 3-1: device descriptor read/64, error -71 [ 161.616228][ T6342] netlink: del zone limit has 4 unknown bytes [ 161.709406][ T6343] overlayfs: missing 'lowerdir' [ 161.769182][ T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 161.899189][ T9] usb 3-1: device descriptor read/64, error -71 [ 161.965283][ T6345] FAULT_INJECTION: forcing a failure. [ 161.965283][ T6345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 161.965318][ T6345] CPU: 1 UID: 0 PID: 6345 Comm: syz.4.109 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 161.965341][ T6345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 161.965353][ T6345] Call Trace: [ 161.965361][ T6345] [ 161.965369][ T6345] dump_stack_lvl+0x189/0x250 [ 161.965404][ T6345] ? __pfx____ratelimit+0x10/0x10 [ 161.965431][ T6345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.965461][ T6345] ? __pfx__printk+0x10/0x10 [ 161.965484][ T6345] ? __might_fault+0xb0/0x130 [ 161.965527][ T6345] should_fail_ex+0x46c/0x600 [ 161.965560][ T6345] _copy_from_user+0x2d/0xb0 [ 161.965583][ T6345] proc_submiturb+0xb5/0x160 [ 161.965613][ T6345] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.965638][ T6345] ? __pfx_proc_submiturb+0x10/0x10 [ 161.965663][ T6345] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 161.965703][ T6345] ? mutex_lock_nested+0x154/0x1d0 [ 161.965721][ T6345] ? usbdev_ioctl+0x14b/0x2070 [ 161.965750][ T6345] usbdev_ioctl+0x10c7/0x2070 [ 161.965782][ T6345] ? __pfx_usbdev_ioctl+0x10/0x10 [ 161.965804][ T6345] ? __fget_files+0x2a/0x420 [ 161.965830][ T6345] ? __fget_files+0x3a6/0x420 [ 161.965855][ T6345] ? __fget_files+0x2a/0x420 [ 161.965887][ T6345] ? bpf_lsm_file_ioctl+0x9/0x20 [ 161.965910][ T6345] ? __pfx_usbdev_ioctl+0x10/0x10 [ 161.965935][ T6345] __se_sys_ioctl+0xfc/0x170 [ 161.965960][ T6345] do_syscall_64+0xfa/0x3b0 [ 161.965985][ T6345] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.966009][ T6345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.966028][ T6345] ? clear_bhb_loop+0x60/0xb0 [ 161.966052][ T6345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.966072][ T6345] RIP: 0033:0x7f873c3bebe9 [ 161.966097][ T6345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.966113][ T6345] RSP: 002b:00007f873a61e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.966134][ T6345] RAX: ffffffffffffffda RBX: 00007f873c5e5fa0 RCX: 00007f873c3bebe9 [ 161.966149][ T6345] RDX: 0000200000000200 RSI: 000000008038550a RDI: 0000000000000003 [ 161.966162][ T6345] RBP: 00007f873a61e090 R08: 0000000000000000 R09: 0000000000000000 [ 161.966175][ T6345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.966186][ T6345] R13: 00007f873c5e6038 R14: 00007f873c5e5fa0 R15: 00007ffd25235e88 [ 161.966221][ T6345] [ 162.099056][ T9] usb usb3-port1: attempt power cycle [ 162.112073][ T6347] usb usb1: usbfs: process 6347 (syz.3.110) did not claim interface 0 before use [ 162.479566][ T6358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.113'. [ 162.609126][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 162.739572][ T9] usb 3-1: device descriptor read/8, error -71 [ 163.011112][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 163.030356][ T9] usb 3-1: device descriptor read/8, error -71 [ 163.150998][ T9] usb usb3-port1: unable to enumerate USB device [ 163.659021][ T5977] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 163.821855][ T5977] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 163.821884][ T5977] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 163.821923][ T5977] usb 4-1: New USB device found, idVendor=056a, idProduct=0019, bcdDevice= 0.00 [ 163.821947][ T5977] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.838576][ T5977] usb 4-1: config 0 descriptor?? [ 164.115263][ T6377] 9pnet_fd: Insufficient options for proto=fd [ 165.317737][ T5977] usb 4-1: USB disconnect, device number 3 [ 166.451473][ T6390] netlink: zone id is out of range [ 166.571659][ T6392] netlink: del zone limit has 4 unknown bytes [ 166.607590][ T6390] netlink: set zone limit has 4 unknown bytes [ 166.813219][ T6395] Smack: duplicate mount options [ 168.145967][ T6412] usb usb1: usbfs: process 6412 (syz.4.127) did not claim interface 0 before use [ 168.519038][ T5221] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 168.662017][ T5221] usb 3-1: device descriptor read/64, error -71 [ 168.909404][ T5221] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 169.053939][ T5221] usb 3-1: device descriptor read/64, error -71 [ 169.162106][ T5221] usb usb3-port1: attempt power cycle [ 169.539485][ T5221] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 169.581081][ T5221] usb 3-1: device descriptor read/8, error -71 [ 169.876133][ T5221] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 169.891161][ T5221] usb 3-1: device descriptor read/8, error -71 [ 169.999778][ T5221] usb usb3-port1: unable to enumerate USB device [ 173.628997][ T5929] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 173.739055][ T9] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 173.802145][ T5929] usb 5-1: Using ep0 maxpacket: 32 [ 173.804365][ T5929] usb 5-1: unable to get BOS descriptor or descriptor too short [ 173.805361][ T5929] usb 5-1: config 7 has an invalid interface number: 187 but max is 0 [ 173.805376][ T5929] usb 5-1: config 7 has no interface number 0 [ 173.805406][ T5929] usb 5-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16 [ 173.805419][ T5929] usb 5-1: config 7 interface 187 has no altsetting 0 [ 173.855068][ T5929] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 173.855087][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.855098][ T5929] usb 5-1: Product: syz [ 173.855106][ T5929] usb 5-1: Manufacturer: syz [ 173.855114][ T5929] usb 5-1: SerialNumber: syz [ 173.870217][ T6453] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 173.911487][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 173.925220][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 173.925269][ T9] usb 1-1: New USB device found, idVendor=056a, idProduct=0019, bcdDevice= 0.00 [ 173.925290][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.974803][ T9] usb 1-1: config 0 descriptor?? [ 174.040247][ T9] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 174.077762][ T5929] usb 5-1: Limiting number of CPorts to U8_MAX [ 174.116157][ T5929] usb 5-1: Unknown endpoint type found, address 0x07 [ 174.116175][ T5929] usb 5-1: Not enough endpoints found in device, aborting! [ 174.518699][ T5929] usb 5-1: USB disconnect, device number 2 [ 176.549230][ T6475] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 176.710242][ T6475] usb 4-1: Using ep0 maxpacket: 16 [ 176.712525][ T6475] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 176.712542][ T6475] usb 4-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 176.715096][ T6475] usb 4-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76 [ 176.715113][ T6475] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.715124][ T6475] usb 4-1: Product: syz [ 176.715132][ T6475] usb 4-1: Manufacturer: syz [ 176.715140][ T6475] usb 4-1: SerialNumber: syz [ 177.114353][ T5929] usb 1-1: USB disconnect, device number 3 [ 179.096969][ T6451] syz.2.138 (6451): drop_caches: 2 [ 179.152908][ T6006] usb 4-1: USB disconnect, device number 4 [ 179.863273][ T6517] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 181.630890][ T6533] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 181.720012][ T6537] netlink: 104 bytes leftover after parsing attributes in process `syz.4.168'. [ 182.119174][ T6006] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 182.284123][ T6006] usb 1-1: Using ep0 maxpacket: 16 [ 182.285486][ T6006] usb 1-1: no configurations [ 182.285503][ T6006] usb 1-1: can't read configurations, error -22 [ 182.419170][ T6006] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 182.599083][ T6006] usb 1-1: Using ep0 maxpacket: 16 [ 182.600001][ T6006] usb 1-1: no configurations [ 182.600016][ T6006] usb 1-1: can't read configurations, error -22 [ 182.606710][ T6006] usb usb1-port1: attempt power cycle [ 185.967843][ T6006] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 189.836006][ T6006] usb 1-1: device descriptor read/8, error -71 [ 197.799446][ T57] sched: DL replenish lagged too much [ 202.318112][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 205.997995][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 218.847728][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 218.847774][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 221.301958][ T5850] Bluetooth: hci0: command tx timeout [ 221.938394][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 265.342221][ T6588] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 265.349895][ T6588] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 266.414586][ T6590] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 266.418279][ T6590] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 266.811391][ T6590] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 267.304837][ T5845] Bluetooth: hci4: command tx timeout [ 271.796246][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 271.796979][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 271.797448][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 271.799877][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 271.800843][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 273.627147][ T6590] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 275.084380][ T6590] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 275.109298][ T6590] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 275.222057][ T6590] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 275.223014][ T6590] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 282.583093][ T6588] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 282.746554][ T6588] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 282.917259][ T6588] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 283.377304][ T6588] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 283.382721][ T6588] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 286.523636][ T6588] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 288.776972][ T6588] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 288.779644][ T6588] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 288.781085][ T6588] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 288.781998][ T6588] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 292.979044][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 292.990512][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 300.814988][ T6588] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 302.212424][ T6588] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 303.185083][ T6588] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 306.913804][ T6588] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 307.259963][ T6588] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 317.135775][ T6608] Bluetooth: hci7: Opcode 0x0c1a failed: -110 [ 317.982202][ T6590] Bluetooth: hci7: command 0x0c1a tx timeout [ 344.742992][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 344.753445][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 347.340419][ T6590] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 347.344490][ T6590] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 347.345654][ T6590] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 348.457179][ T6590] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 348.836251][ T6590] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 353.166013][ T38] INFO: task kworker/0:0:9 blocked for more than 144 seconds. [ 353.166048][ T38] Not tainted syzkaller #0 [ 353.166058][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 353.166068][ T38] task:kworker/0:0 state:D stack:20872 pid:9 tgid:9 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 353.166129][ T38] Workqueue: events_power_efficient reg_check_chans_work [ 353.166162][ T38] Call Trace: [ 353.166170][ T38] [ 353.166186][ T38] __schedule+0x16f3/0x4c20 [ 353.166228][ T38] ? __lock_acquire+0xab9/0xd20 [ 353.166270][ T38] ? __pfx___schedule+0x10/[ 353.166270][ T38] ? __pfx___schedule+0x10/0x10 [ 353.166324][ T38] rt_mutex_schedule+0x77/0xf0 [ 353.166345][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 353.166381][ T38] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 353.166407][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 353.166431][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 353.166453][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 353.166472][ T38] ? __lock_acquire+0xab9/0xd20 [ 353.166513][ T38] ? reg_check_chans_work+0x164/0xf30 [ 353.166542][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 353.166569][ T38] ? __lock_acquire+0xab9/0xd20 [ 353.166602][ T38] ? reg_check_chans_work+0x164/0xf30 [ 353.166626][ T38] mutex_lock_nested+0x16a/0x1d0 [ 353.166646][ T38] ? reg_check_chans_work+0x95/0xf30 [ 353.166677][ T38] reg_check_chans_work+0x164/0xf30 [ 353.166711][ T38] ? __lock_acquire+0xab9/0xd20 [ 353.166746][ T38] ? __pfx_reg_check_chans_work+0x10/0x10 [ 353.166772][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 353.166805][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 353.166829][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 353.166853][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 353.166881][ T38] process_scheduled_works+0xade/0x17b0 [ 353.166941][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 353.166988][ T38] worker_thread+0x8a0/0xda0 [ 353.167054][ T38] kthread+0x70e/0x8a0 [ 353.167089][ T38] ? __pfx_worker_thread+0x10/0x10 [ 353.167115][ T38] ? __pfx_kthread+0x10/0x10 [ 353.167152][ T38] ? __pfx_kthread+0x10/0x10 [ 353.167184][ T38] ret_from_fork+0x3fc/0x770 [ 353.167226][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 353.167260][ T38] ? __switch_to_asm+0x39/0x70 [ 353.167280][ T38] ? __switch_to_asm+0x33/0x70 [ 353.167298][ T38] ? __pfx_kthread+0x10/0x10 [ 353.167329][ T38] ret_from_fork_asm+0x1a/0x30 [ 353.167369][ T38] [ 353.167518][ T38] [ 353.167518][ T38] Showing all locks held in the system: [ 353.167528][ T38] 4 locks held by kworker/0:0/9: [ 353.167539][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.167596][ T38] #1: ffffc900000e7bc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.167647][ T38] #2: ffffffff8ecd1e78 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 [ 353.167698][ T38] #3: ffff888049290898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x164/0xf30 [ 353.167751][ T38] 4 locks held by kworker/0:1/10: [ 353.167762][ T38] #0: ffff88805c5f6d38 ((wq_completion)wg-kex-wg1#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.167818][ T38] #1: ffffc900000f7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.167883][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.167934][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.167985][ T38] 10 locks held by kworker/u8:0/12: [ 353.167997][ T38] 5 locks held by kworker/u8:1/13: [ 353.168008][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.168067][ T38] #1: ffffc90000127bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.168118][ T38] #2: ffff88804c440898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 353.168168][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.168219][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.168270][ T38] 2 locks held by ksoftirqd/0/15: [ 353.168281][ T38] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.168330][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.168382][ T38] 2 locks held by rcuc/0/20: [ 353.168394][ T38] 2 locks held by rcuc/1/28: [ 353.168404][ T38] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.168454][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.168505][ T38] 2 locks held by ksoftirqd/1/30: [ 353.168516][ T38] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.168566][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.168617][ T38] 4 locks held by kworker/1:0/31: [ 353.168627][ T38] #0: ffff88805c1d9538 ((wq_completion)wg-kex-wg1#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.168683][ T38] #1: ffffc90000a5fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.168801][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.168847][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.168899][ T38] 1 lock held by khungtaskd/38: [ 353.168910][ T38] #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 353.168959][ T38] 5 locks held by kworker/u8:3/57: [ 353.168970][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.169029][ T38] #1: ffffc9000123fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.169080][ T38] #2: ffff88805f980898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 353.169128][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.169177][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.169228][ T38] 6 locks held by kworker/u9:0/59: [ 353.169239][ T38] #0: ffff888030843938 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.169289][ T38] #1: ffffc9000125fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.169341][ T38] #2: ffff888058db4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 353.169397][ T38] #3: ffff888058db40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 353.169448][ T38] #4: ffffffff8ee39778 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 353.169500][ T38] #5: ffff888027a5ab58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 353.169558][ T38] 2 locks held by kworker/u8:4/72: [ 353.169575][ T38] 4 locks held by kworker/0:2/989: [ 353.169586][ T38] #0: ffff88805ca68538 ((wq_completion)wg-kex-wg2#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.169643][ T38] #1: ffffc900048efbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.169708][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.169758][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.169809][ T38] 7 locks held by kworker/u8:5/1095: [ 353.169820][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.169871][ T38] #1: ffffc90004b5fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.169924][ T38] #2: ffff88803707b300 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 353.169979][ T38] #3: ffff88805dbcb120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 353.170049][ T38] #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 353.170095][ T38] #5: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.170145][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.170196][ T38] 5 locks held by kworker/u8:6/1122: [ 353.170207][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.170258][ T38] #1: ffffc90004bbfbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.170309][ T38] #2: ffff88804c4a0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 353.170358][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.170408][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.170460][ T38] 5 locks held by kworker/u8:7/1447: [ 353.170471][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.170522][ T38] #1: ffffc9000543fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.170573][ T38] #2: ffff88805f850898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 353.170639][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.170689][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.170741][ T38] 5 locks held by kworker/u8:8/1495: [ 353.170752][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.170801][ T38] #1: ffffc9000535fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.170851][ T38] #2: ffff888049040898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 353.170900][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.170950][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.171013][ T38] 6 locks held by kworker/u8:9/3505: [ 353.171032][ T38] #0: ffff888035e0a938 ((wq_completion)wg-kex-wg1#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.171088][ T38] #1: ffffc9000d0cfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.171141][ T38] #2: ffff8880359b15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 353.171202][ T38] #3: ffff888020f6c388 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 353.171261][ T38] #4: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.171311][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.171364][ T38] 5 locks held by kworker/u8:11/3555: [ 353.171375][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.171427][ T38] #1: ffffc9000d21fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.171478][ T38] #2: ffff888060340898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 353.171526][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.171576][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.171627][ T38] 7 locks held by kworker/u8:13/4881: [ 353.171639][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.171691][ T38] #1: ffffc9000f13fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.171745][ T38] #2: ffff88805e30f300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 353.171802][ T38] #3: ffff88805e47f520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 353.171856][ T38] #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 353.171902][ T38] #5: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.171952][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.172004][ T38] 5 locks held by kworker/u9:1/5154: [ 353.172015][ T38] #0: ffff888027e16938 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.172073][ T38] #1: ffffc9000f6b7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.172124][ T38] #2: ffff888026f48e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 353.172179][ T38] #3: ffff888026f480a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 353.172230][ T38] #4: ffffffff8ee39778 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 353.172281][ T38] 3 locks held by udevd/5205: [ 353.172291][ T38] #0: ffff888034e4c350 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: netlink_insert+0xd3/0x1370 [ 353.172341][ T38] #1: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.172391][ T38] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.172443][ T38] 2 locks held by getty/5599: [ 353.172454][ T38] #0: ffff88823bf6a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 353.172508][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 353.172556][ T38] 2 locks held by dhcpcd/5643: [ 353.172567][ T38] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.172617][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.172667][ T38] 1 lock held by syz-executor/5823: [ 353.172678][ T38] 5 locks held by kworker/u9:2/5836: [ 353.172689][ T38] #0: ffff888027e10138 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.172740][ T38] #1: ffffc9000506fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.172791][ T38] #2: ffff888058dace80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 353.172847][ T38] #3: ffff888058dac0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 353.172897][ T38] #4: ffffffff8ee39778 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 353.172948][ T38] 4 locks held by kworker/u9:3/5845: [ 353.172960][ T38] #0: ffff888038588938 ((wq_completion)hci5#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.173015][ T38] #1: ffffc9000514fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.173074][ T38] #2: ffff8880287fc0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 353.173120][ T38] #3: ffffffff8ee39778 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 353.173166][ T38] 4 locks held by kworker/1:4/5846: [ 353.173177][ T38] #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.173228][ T38] #1: ffffc9000515fbc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.173282][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.173332][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.173383][ T38] 4 locks held by kworker/u9:4/5849: [ 353.173394][ T38] #0: ffff888027e13138 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.173444][ T38] #1: ffffc9000517fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.173495][ T38] #2: ffff888058db0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 353.173549][ T38] #3: ffff888058db00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 353.173599][ T38] 4 locks held by kworker/u9:5/5850: [ 353.173610][ T38] #0: ffff88803ae2d938 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.173665][ T38] #1: ffffc9000518fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.173716][ T38] #2: ffff8880661580a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 353.173762][ T38] #3: ffffffff8ee39778 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 353.173811][ T38] 2 locks held by napi/wg2-0/5904: [ 353.173822][ T38] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.173871][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.173923][ T38] 2 locks held by napi/wg1-0/5914: [ 353.173934][ T38] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.173983][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.174043][ T38] 3 locks held by kworker/0:4/5915: [ 353.174055][ T38] 4 locks held by kworker/1:5/5924: [ 353.174066][ T38] #0: ffff888026739938 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.174122][ T38] #1: ffffc9000597fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.174188][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.174238][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.174288][ T38] 5 locks held by kworker/1:6/5925: [ 353.174299][ T38] #0: ffff88805c139938 ((wq_completion)wg-kex-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.174355][ T38] #1: ffffc9000598fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.174421][ T38] #2: ffff888036af95f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 353.174469][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.174519][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.174569][ T38] 4 locks held by kworker/0:5/5929: [ 353.174581][ T38] #0: ffff88805c139d38 ((wq_completion)wg-crypt-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.174636][ T38] #1: ffffc900059afbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.174688][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.174738][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.174787][ T38] 4 locks held by kworker/1:8/6006: [ 353.174798][ T38] #0: ffff88805c5ded38 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.174854][ T38] #1: ffffc90005bc7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.174920][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.174970][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.175027][ T38] 3 locks held by kworker/u8:14/6043: [ 353.175040][ T38] 7 locks held by kworker/u8:15/6277: [ 353.175051][ T38] 5 locks held by kworker/u8:17/6319: [ 353.175063][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.175114][ T38] #1: ffffc9000ba67bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.175167][ T38] #2: ffff88804ba30898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 353.175217][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.175267][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.175319][ T38] 4 locks held by kworker/0:7/6475: [ 353.175330][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.175382][ T38] #1: ffffc9000cc6fbc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.175435][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.175487][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.175539][ T38] 5 locks held by kworker/0:8/6547: [ 353.175550][ T38] #0: ffff88805c139938 ((wq_completion)wg-kex-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.175606][ T38] #1: ffffc9000ceffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.175672][ T38] #2: ffff888020f6ce20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 353.175720][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.175770][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.175820][ T38] 3 locks held by kworker/u8:20/6551: [ 353.175831][ T38] #0: ffff88814d109138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.175882][ T38] #1: ffffc9000cdbfbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.175934][ T38] #2: ffffffff8ecd1e78 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 353.175979][ T38] 4 locks held by kworker/0:10/6552: [ 353.175990][ T38] #0: ffff88805c1d2538 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.176053][ T38] #1: ffffc90004fefbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.176118][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.176169][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.176219][ T38] 1 lock held by dhcpcd/6553: [ 353.176229][ T38] #0: ffff88805d33c5f8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 353.176280][ T38] 4 locks held by kworker/1:10/6554: [ 353.176291][ T38] #0: ffff88805c138538 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.176346][ T38] #1: ffffc9000cf4fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.176412][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.176462][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.176513][ T38] 2 locks held by syz.3.172/6556: [ 353.176524][ T38] #0: ffffffff8ecc4f80 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 353.176573][ T38] #1: ffffffff8ecd1e78 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 353.176625][ T38] 5 locks held by kworker/u9:6/6562: [ 353.176636][ T38] #0: ffff88803237a138 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.176686][ T38] #1: ffffc9000cc7fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.176737][ T38] #2: ffff888058dc0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 353.176789][ T38] #3: ffff888058dc00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 353.176840][ T38] #4: ffffffff8ee39778 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 353.176890][ T38] 4 locks held by kworker/0:11/6563: [ 353.176901][ T38] #0: ffff8880397bf138 ((wq_completion)wg-crypt-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.176957][ T38] #1: ffffc90005b6fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.177030][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.177081][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.177131][ T38] 3 locks held by kworker/1:11/6564: [ 353.177144][ T38] 4 locks held by kworker/0:12/6568: [ 353.177155][ T38] 4 locks held by kworker/0:14/6570: [ 353.177166][ T38] #0: ffff88805c5ded38 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.177222][ T38] #1: ffffc9000cf7fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.177287][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.177337][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.177388][ T38] 6 locks held by kworker/u8:22/6571: [ 353.177399][ T38] #0: ffff88805c818938 ((wq_completion)wg-kex-wg1#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.177455][ T38] #1: ffffc9000cfdfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.177506][ T38] #2: ffff88805c8215f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 353.177564][ T38] #3: ffff888035a458b8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 353.177623][ T38] #4: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.177672][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.177723][ T38] 3 locks held by kworker/0:15/6572: [ 353.177735][ T38] 1 lock held by dhcpcd/6573: [ 353.177745][ T38] #0: ffff88803dad60f8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 353.177795][ T38] 4 locks held by kworker/u8:23/6576: [ 353.177806][ T38] #0: ffff888035d59938 ((wq_completion)wg-kex-wg2#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.177861][ T38] #1: ffffc9000d01fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.177913][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.177963][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.178014][ T38] 5 locks held by kworker/1:13/6577: [ 353.178033][ T38] #0: ffff8880320d1938 ((wq_completion)wg-kex-wg1#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.178090][ T38] #1: ffffc9000d02fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.178156][ T38] #2: ffff8880361b95f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 353.178204][ T38] #3: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 353.178254][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 353.178306][ T38] 2 locks held by kworker/1:15/6582: [ 353.178317][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.178368][ T38] #1: ffffc9000d06fbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.178419][ T38] 1 lock held by dhcpcd/6584: [ 353.178430][ T38] #0: ffff888032872350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 353.178479][ T38] 1 lock held by syz-executor/6585: [ 353.178490][ T38] #0: ffffffff8ecd1e78 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 353.178545][ T38] 7 locks held by kworker/u8:25/6587: [ 353.178556][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 353.178607][ T38] #1: ffffc9000d0afbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 353.178659][ T38] #2: ffff888037c77300 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 353.178717][ T38] #3: ffff88805e282d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 354.465985][ T38] #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 354.466036][ T38] #5: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.466088][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.466142][ T38] 4 locks held by kworker/u9:7/6588: [ 354.466154][ T38] #0: ffff88814d5a3138 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.466206][ T38] #1: ffffc9000d0bfbc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.466258][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.466310][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.466363][ T38] 1 lock held by syz-executor/6600: [ 354.466375][ T38] #0: ffffffff8ecd1e78 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 354.466432][ T38] 4 locks held by kworker/0:22/6603: [ 354.466443][ T38] #0: ffff88805c139138 ((wq_completion)wg-crypt-wg1#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.466499][ T38] #1: ffffc9000d1bfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.466565][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.466615][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.466666][ T38] 1 lock held by dhcpcd/6605: [ 354.466677][ T38] #0: ffff8880355f8350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 354.466725][ T38] 4 locks held by kworker/0:23/6606: [ 354.466736][ T38] #0: ffff88805c138538 ((wq_completion)wg-kex-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.466799][ T38] #1: ffffc9000d1efbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.466865][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.466916][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.466967][ T38] 4 locks held by kworker/0:24/6607: [ 354.466978][ T38] #0: ffff88805c138d38 ((wq_completion)wg-kex-wg1#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.467033][ T38] #1: ffffc9000d1ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.467099][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.467149][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.467201][ T38] 4 locks held by kworker/0:25/6609: [ 354.467212][ T38] #0: ffff8880320d1938 ((wq_completion)wg-kex-wg1#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.467268][ T38] #1: ffffc9000d62fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.467333][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.467383][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.467435][ T38] 7 locks held by kworker/u8:33/6612: [ 354.467446][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.467497][ T38] #1: ffffc9000cd0fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.467549][ T38] #2: ffff88805e051300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 354.467607][ T38] #3: ffff88805dec3d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 354.467661][ T38] #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 354.467707][ T38] #5: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.467765][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.467817][ T38] 4 locks held by kworker/1:19/6616: [ 354.467827][ T38] #0: ffff88805c1d2538 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.467883][ T38] #1: ffffc9000d68fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.467949][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.467998][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.468049][ T38] 6 locks held by kworker/u8:34/6623: [ 354.468060][ T38] #0: ffff88805c633938 ((wq_completion)wg-kex-wg0#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.468112][ T38] #1: ffffc9000d19fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.468163][ T38] #2: ffff888036afd5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 354.468222][ T38] #3: ffff888039c8a3c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 354.468281][ T38] #4: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.468330][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.468381][ T38] 7 locks held by kworker/u8:35/6625: [ 354.468393][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 354.468443][ T38] #1: ffffc9000d6ffbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 354.468496][ T38] #2: ffff88801df5e300 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 354.468554][ T38] #3: ffff88805e0e7920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 354.468607][ T38] #4: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 354.468652][ T38] #5: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.468702][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.468812][ T38] 3 locks held by syz-executor/6629: [ 354.468826][ T38] #0: ffff88802fb83350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_ioctl+0x247/0x910 [ 354.468880][ T38] #1: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 354.468930][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 354.468984][ T38] [ 354.468989][ T38] ============================================= [ 354.468989][ T38] [ 354.468998][ T38] NMI backtrace for cpu 1 [ 354.469013][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 354.469035][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 354.469046][ T38] Call Trace: [ 354.469054][ T38] [ 354.469063][ T38] dump_stack_lvl+0x189/0x250 [ 354.469098][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 354.469127][ T38] ? __pfx__printk+0x10/0x10 [ 354.469162][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 354.469188][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 354.469212][ T38] ? __pfx__printk+0x10/0x10 [ 354.469239][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 354.469276][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 354.469301][ T38] watchdog+0xf93/0xfe0 [ 354.469334][ T38] ? watchdog+0x1de/0xfe0 [ 354.469365][ T38] kthread+0x70e/0x8a0 [ 354.469399][ T38] ? __pfx_watchdog+0x10/0x10 [ 354.469423][ T38] ? __pfx_kthread+0x10/0x10 [ 354.469458][ T38] ? __pfx_kthread+0x10/0x10 [ 354.469488][ T38] ret_from_fork+0x3fc/0x770 [ 354.469517][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 354.469549][ T38] ? __switch_to_asm+0x39/0x70 [ 354.469567][ T38] ? __switch_to_asm+0x33/0x70 [ 354.469584][ T38] ? __pfx_kthread+0x10/0x10 [ 354.469614][ T38] ret_from_fork_asm+0x1a/0x30 [ 354.469650][ T38] [ 354.469657][ T38] Sending NMI from CPU 1 to CPUs 0: [ 354.469684][ C0] NMI backtrace for cpu 0 [ 354.469700][ C0] CPU: 0 UID: 0 PID: 6547 Comm: kworker/0:8 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 354.469718][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 354.469728][ C0] Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker [ 354.469751][ C0] RIP: 0010:lockdep_hardirqs_on_prepare+0x129/0x2a0 [ 354.469773][ C0] Code: 31 73 2d 41 8b 44 24 20 a9 00 00 04 00 74 db 25 00 00 03 00 83 f8 01 ba 03 00 00 00 83 da 00 48 89 df 4c 89 e6 e8 17 46 00 00 <85> c0 75 bc eb 79 48 c7 c7 70 91 87 8d 4c 89 fe e8 12 f3 52 03 eb [ 354.469786][ C0] RSP: 0018:ffffc9000ceff020 EFLAGS: 00000002 [ 354.469799][ C0] RAX: 0000000000000001 RBX: ffff88802b6c3b80 RCX: ffffffff92a59f40 [ 354.469811][ C0] RDX: 0000000000000002 RSI: ffff88802b6c4768 RDI: ffff88802b6c3b80 [ 354.469821][ C0] RBP: ffffc9000ceff0f0 R08: ffffffff8f1d4437 R09: 1ffffffff1e3a886 [ 354.469832][ C0] R10: dffffc0000000000 R11: fffffbfff1e3a887 R12: ffff88802b6c4768 [ 354.469843][ C0] R13: ffffc9000ceff148 R14: ffff88802b6c46a0 R15: 0000000000000005 [ 354.469854][ C0] FS: 0000000000000000(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000 [ 354.469867][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 354.469878][ C0] CR2: 00007f9444b485c0 CR3: 0000000035670000 CR4: 00000000003526f0 [ 354.469894][ C0] Call Trace: [ 354.469900][ C0] [ 354.469908][ C0] trace_hardirqs_on+0x28/0x40 [ 354.469927][ C0] _raw_spin_unlock_irqrestore+0x85/0x110 [ 354.469946][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 354.469969][ C0] rt_spin_lock+0x167/0x2c0 [ 354.469984][ C0] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 354.469999][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 354.470022][ C0] ? rt_spin_unlock+0x65/0x80 [ 354.470039][ C0] process_backlog+0x50f/0x900 [ 354.470061][ C0] __napi_poll+0xb6/0x540 [ 354.470078][ C0] net_rx_action+0x707/0xe00 [ 354.470101][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 354.470119][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 354.470139][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 354.470167][ C0] handle_softirqs+0x22c/0x710 [ 354.470189][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 354.470210][ C0] __local_bh_enable_ip+0x179/0x270 [ 354.470228][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 354.470247][ C0] ? mod_peer_timer+0x21/0x260 [ 354.470263][ C0] ? mod_peer_timer+0x21/0x260 [ 354.470278][ C0] ? mod_peer_timer+0x20c/0x260 [ 354.470294][ C0] wg_packet_send_handshake_response+0x136/0x2d0 [ 354.470313][ C0] ? __pfx_wg_packet_send_handshake_response+0x10/0x10 [ 354.470331][ C0] ? wg_socket_set_peer_endpoint_from_skb+0xc8/0x120 [ 354.470357][ C0] wg_packet_handshake_receive_worker+0x6bb/0xfa0 [ 354.470378][ C0] ? wg_packet_handshake_receive_worker+0x14c/0xfa0 [ 354.470399][ C0] ? __pfx_wg_packet_handshake_receive_worker+0x10/0x10 [ 354.470418][ C0] ? register_lock_class+0x51/0x320 [ 354.470439][ C0] ? __lock_acquire+0xab9/0xd20 [ 354.470493][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 354.470513][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 354.470531][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 354.470548][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 354.470566][ C0] process_scheduled_works+0xade/0x17b0 [ 354.470593][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 354.470642][ C0] worker_thread+0x8a0/0xda0 [ 354.470670][ C0] kthread+0x70e/0x8a0 [ 354.470692][ C0] ? __pfx_worker_thread+0x10/0x10 [ 354.470709][ C0] ? __pfx_kthread+0x10/0x10 [ 354.470732][ C0] ? __pfx_kthread+0x10/0x10 [ 354.470752][ C0] ret_from_fork+0x3fc/0x770 [ 354.470772][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 354.470792][ C0] ? __switch_to_asm+0x39/0x70 [ 354.470806][ C0] ? __switch_to_asm+0x33/0x70 [ 354.470819][ C0] ? __pfx_kthread+0x10/0x10 [ 354.470840][ C0] ret_from_fork_asm+0x1a/0x30 [ 354.470860][ C0] [ 354.471681][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 354.471697][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 354.471719][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 354.471730][ T38] Call Trace: [ 354.471738][ T38] [ 354.471746][ T38] dump_stack_lvl+0x99/0x250 [ 354.471787][ T38] ? __asan_memcpy+0x40/0x70 [ 354.471809][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 354.471838][ T38] ? __pfx__printk+0x10/0x10 [ 354.471873][ T38] vpanic+0x281/0x750 [ 354.471906][ T38] ? __pfx_vpanic+0x10/0x10 [ 354.471932][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 354.471954][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 354.471990][ T38] panic+0xb9/0xc0 [ 354.472016][ T38] ? __pfx_panic+0x10/0x10 [ 354.472048][ T38] ? irq_work_queue+0xc3/0x140 [ 354.472078][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 354.472102][ T38] watchdog+0xfd2/0xfe0 [ 354.472133][ T38] ? watchdog+0x1de/0xfe0 [ 354.472165][ T38] kthread+0x70e/0x8a0 [ 354.472197][ T38] ? __pfx_watchdog+0x10/0x10 [ 354.472222][ T38] ? __pfx_kthread+0x10/0x10 [ 354.472257][ T38] ? __pfx_kthread+0x10/0x10 [ 354.472288][ T38] ret_from_fork+0x3fc/0x770 [ 354.472317][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 354.472349][ T38] ? __switch_to_asm+0x39/0x70 [ 354.472365][ T38] ? __switch_to_asm+0x33/0x70 [ 354.472383][ T38] ? __pfx_kthread+0x10/0x10 [ 354.472413][ T38] ret_from_fork_asm+0x1a/0x30 [ 354.472449][ T38] [ 354.472603][ T38] Kernel Offset: disabled