last executing test programs: 4m34.56692848s ago: executing program 3 (id=1063): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfeff}) creat(&(0x7f0000002040)='./file0\x00', 0x0) 4m31.430694758s ago: executing program 2 (id=1072): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c080, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f00000002c0)={0x0, 0x1}) syz_io_uring_setup(0x37bf, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) pselect6(0x49, &(0x7f0000000900), 0x0, &(0x7f0000000680)={0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffff84, &(0x7f0000000080)=0x6) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000280)={[{@nodiscard}, {@nombcache}, {@init_itable}, {@noload}, {@minixdf}, {@usrjquota}]}, 0xfe, 0x457, &(0x7f0000001100)="$eJzs3M9vFFUcAPDv7G7Lb1sRf4AgVTQSf7S0/JCDF40mHjQx0QPGeKhtIchCDa2JEKLoAY+GxLvxaOJf4EkvRj2ZeNW7ISGmF9DTmtmdKdtlt3TbbQfZzycZeG9mtu99Z+btvHlvdwPoWyPpP0nE9oj4IyKGGtmlO4w0/ru5cGnqn4VLU0nUam/9ndT3u7FwaSrfNX/dtkamVsvym9qUe+XdiMlqdeZ8lh+bP/vh2NyFi8+fPjt5aubUzLmJ48ePHN43eGziaNcxldqsS+O6seeT2b27X3vn6htTJ66+/8t3aX23Z9ub4+iVkcbRbeupXhdWsB1N6aRSYEXoSjki0tM1UG//Q1GOLYvbhuLVzwutHLCuarVard39OXO5BtzDkii6BkAx8ht9+vybLxvU9bgrXH+p8QCUxn0zWxpbKovjCAMtz7e9NBIRJy7/+3W6RIdxiKR1TAYAYA1+SPs/z7Xr/5Xioab97svmUIYj4v6I2BkRD0TEroh4MKK+78MR8UiX5bfOkNze/yldW1VgK5T2/17M5raW9v8WZ5GGy1luRz3+geTk6erMoeyYHIyBTWl+fJkyfnzl9y87bWvu/6VLWn7eF8zqca3SMkA3PTk/uZaYm13/LGJPpV38SeTTOGnfc3dE7FllGaef+XZvp21t439v28r+cA/mmWrfRDzdOP+XoyX+XNJxfnL8hWMTR8c2R3Xm0Fh+Vdzu19+uvNmp/Duf//WVnv+tba//xfiHk80RcxcunqnP1851X8aVP7/o+Ey52ut/MHm7nh7M1n08OT9/fjxiMHm93laXrJ+49do8n++fxn/wQPv2vzNuHYlHIyK9iPdFxGMRsT+r++MR8UREHFgm/p9ffvKD7uNfZlS+h9L4p+90/qP5/HefKJ/56fvu48+l5/9IPXUwW7OS97+VVnAtxw4AAAD+L0r1z8AnpdHFdKk0Otr4DP+u2Fqqzs7NP3ty9qNz043Pyg/HQCkf6RpqGg8dz8aG8/xES/5wNm78VXlLPT86NVudLjp46HPbOrT/1F/lomsHrDvf14L+pf1D/9L+oX9p/9C/tH/oX+3a/6cF1APYeO7/0L8q+4uuAVAU93/oX9o/9KWO340vrekr/xL3fCJKxZSe/7LHXXEQNiJRWfGPWawysantpoLfmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHrkvwAAAP//4JrfjQ==") syz_open_procfs(0x0, 0x0) 3m52.601930027s ago: executing program 3 (id=1063): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfeff}) creat(&(0x7f0000002040)='./file0\x00', 0x0) 3m52.051353602s ago: executing program 2 (id=1072): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c080, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f00000002c0)={0x0, 0x1}) syz_io_uring_setup(0x37bf, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) pselect6(0x49, &(0x7f0000000900), 0x0, &(0x7f0000000680)={0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffff84, &(0x7f0000000080)=0x6) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000280)={[{@nodiscard}, {@nombcache}, {@init_itable}, {@noload}, {@minixdf}, {@usrjquota}]}, 0xfe, 0x457, &(0x7f0000001100)="$eJzs3M9vFFUcAPDv7G7Lb1sRf4AgVTQSf7S0/JCDF40mHjQx0QPGeKhtIchCDa2JEKLoAY+GxLvxaOJf4EkvRj2ZeNW7ISGmF9DTmtmdKdtlt3TbbQfZzycZeG9mtu99Z+btvHlvdwPoWyPpP0nE9oj4IyKGGtmlO4w0/ru5cGnqn4VLU0nUam/9ndT3u7FwaSrfNX/dtkamVsvym9qUe+XdiMlqdeZ8lh+bP/vh2NyFi8+fPjt5aubUzLmJ48ePHN43eGziaNcxldqsS+O6seeT2b27X3vn6htTJ66+/8t3aX23Z9ub4+iVkcbRbeupXhdWsB1N6aRSYEXoSjki0tM1UG//Q1GOLYvbhuLVzwutHLCuarVard39OXO5BtzDkii6BkAx8ht9+vybLxvU9bgrXH+p8QCUxn0zWxpbKovjCAMtz7e9NBIRJy7/+3W6RIdxiKR1TAYAYA1+SPs/z7Xr/5Xioab97svmUIYj4v6I2BkRD0TEroh4MKK+78MR8UiX5bfOkNze/yldW1VgK5T2/17M5raW9v8WZ5GGy1luRz3+geTk6erMoeyYHIyBTWl+fJkyfnzl9y87bWvu/6VLWn7eF8zqca3SMkA3PTk/uZaYm13/LGJPpV38SeTTOGnfc3dE7FllGaef+XZvp21t439v28r+cA/mmWrfRDzdOP+XoyX+XNJxfnL8hWMTR8c2R3Xm0Fh+Vdzu19+uvNmp/Duf//WVnv+tba//xfiHk80RcxcunqnP1851X8aVP7/o+Ey52ut/MHm7nh7M1n08OT9/fjxiMHm93laXrJ+49do8n++fxn/wQPv2vzNuHYlHIyK9iPdFxGMRsT+r++MR8UREHFgm/p9ffvKD7uNfZlS+h9L4p+90/qP5/HefKJ/56fvu48+l5/9IPXUwW7OS97+VVnAtxw4AAAD+L0r1z8AnpdHFdKk0Otr4DP+u2Fqqzs7NP3ty9qNz043Pyg/HQCkf6RpqGg8dz8aG8/xES/5wNm78VXlLPT86NVudLjp46HPbOrT/1F/lomsHrDvf14L+pf1D/9L+oX9p/9C/tH/oX+3a/6cF1APYeO7/0L8q+4uuAVAU93/oX9o/9KWO340vrekr/xL3fCJKxZSe/7LHXXEQNiJRWfGPWawysantpoLfmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHrkvwAAAP//4JrfjQ==") syz_open_procfs(0x0, 0x0) 3m16.356518571s ago: executing program 3 (id=1063): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfeff}) creat(&(0x7f0000002040)='./file0\x00', 0x0) 3m12.284515921s ago: executing program 2 (id=1072): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c080, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f00000002c0)={0x0, 0x1}) syz_io_uring_setup(0x37bf, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) pselect6(0x49, &(0x7f0000000900), 0x0, &(0x7f0000000680)={0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffff84, &(0x7f0000000080)=0x6) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000280)={[{@nodiscard}, {@nombcache}, {@init_itable}, {@noload}, {@minixdf}, {@usrjquota}]}, 0xfe, 0x457, &(0x7f0000001100)="$eJzs3M9vFFUcAPDv7G7Lb1sRf4AgVTQSf7S0/JCDF40mHjQx0QPGeKhtIchCDa2JEKLoAY+GxLvxaOJf4EkvRj2ZeNW7ISGmF9DTmtmdKdtlt3TbbQfZzycZeG9mtu99Z+btvHlvdwPoWyPpP0nE9oj4IyKGGtmlO4w0/ru5cGnqn4VLU0nUam/9ndT3u7FwaSrfNX/dtkamVsvym9qUe+XdiMlqdeZ8lh+bP/vh2NyFi8+fPjt5aubUzLmJ48ePHN43eGziaNcxldqsS+O6seeT2b27X3vn6htTJ66+/8t3aX23Z9ub4+iVkcbRbeupXhdWsB1N6aRSYEXoSjki0tM1UG//Q1GOLYvbhuLVzwutHLCuarVard39OXO5BtzDkii6BkAx8ht9+vybLxvU9bgrXH+p8QCUxn0zWxpbKovjCAMtz7e9NBIRJy7/+3W6RIdxiKR1TAYAYA1+SPs/z7Xr/5Xioab97svmUIYj4v6I2BkRD0TEroh4MKK+78MR8UiX5bfOkNze/yldW1VgK5T2/17M5raW9v8WZ5GGy1luRz3+geTk6erMoeyYHIyBTWl+fJkyfnzl9y87bWvu/6VLWn7eF8zqca3SMkA3PTk/uZaYm13/LGJPpV38SeTTOGnfc3dE7FllGaef+XZvp21t439v28r+cA/mmWrfRDzdOP+XoyX+XNJxfnL8hWMTR8c2R3Xm0Fh+Vdzu19+uvNmp/Duf//WVnv+tba//xfiHk80RcxcunqnP1851X8aVP7/o+Ey52ut/MHm7nh7M1n08OT9/fjxiMHm93laXrJ+49do8n++fxn/wQPv2vzNuHYlHIyK9iPdFxGMRsT+r++MR8UREHFgm/p9ffvKD7uNfZlS+h9L4p+90/qP5/HefKJ/56fvu48+l5/9IPXUwW7OS97+VVnAtxw4AAAD+L0r1z8AnpdHFdKk0Otr4DP+u2Fqqzs7NP3ty9qNz043Pyg/HQCkf6RpqGg8dz8aG8/xES/5wNm78VXlLPT86NVudLjp46HPbOrT/1F/lomsHrDvf14L+pf1D/9L+oX9p/9C/tH/oX+3a/6cF1APYeO7/0L8q+4uuAVAU93/oX9o/9KWO340vrekr/xL3fCJKxZSe/7LHXXEQNiJRWfGPWawysantpoLfmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHrkvwAAAP//4JrfjQ==") syz_open_procfs(0x0, 0x0) 2m34.235850223s ago: executing program 3 (id=1063): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfeff}) creat(&(0x7f0000002040)='./file0\x00', 0x0) 2m33.629942868s ago: executing program 2 (id=1072): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c080, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f00000002c0)={0x0, 0x1}) syz_io_uring_setup(0x37bf, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) pselect6(0x49, &(0x7f0000000900), 0x0, &(0x7f0000000680)={0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffff84, &(0x7f0000000080)=0x6) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000280)={[{@nodiscard}, {@nombcache}, {@init_itable}, {@noload}, {@minixdf}, {@usrjquota}]}, 0xfe, 0x457, &(0x7f0000001100)="$eJzs3M9vFFUcAPDv7G7Lb1sRf4AgVTQSf7S0/JCDF40mHjQx0QPGeKhtIchCDa2JEKLoAY+GxLvxaOJf4EkvRj2ZeNW7ISGmF9DTmtmdKdtlt3TbbQfZzycZeG9mtu99Z+btvHlvdwPoWyPpP0nE9oj4IyKGGtmlO4w0/ru5cGnqn4VLU0nUam/9ndT3u7FwaSrfNX/dtkamVsvym9qUe+XdiMlqdeZ8lh+bP/vh2NyFi8+fPjt5aubUzLmJ48ePHN43eGziaNcxldqsS+O6seeT2b27X3vn6htTJ66+/8t3aX23Z9ub4+iVkcbRbeupXhdWsB1N6aRSYEXoSjki0tM1UG//Q1GOLYvbhuLVzwutHLCuarVard39OXO5BtzDkii6BkAx8ht9+vybLxvU9bgrXH+p8QCUxn0zWxpbKovjCAMtz7e9NBIRJy7/+3W6RIdxiKR1TAYAYA1+SPs/z7Xr/5Xioab97svmUIYj4v6I2BkRD0TEroh4MKK+78MR8UiX5bfOkNze/yldW1VgK5T2/17M5raW9v8WZ5GGy1luRz3+geTk6erMoeyYHIyBTWl+fJkyfnzl9y87bWvu/6VLWn7eF8zqca3SMkA3PTk/uZaYm13/LGJPpV38SeTTOGnfc3dE7FllGaef+XZvp21t439v28r+cA/mmWrfRDzdOP+XoyX+XNJxfnL8hWMTR8c2R3Xm0Fh+Vdzu19+uvNmp/Duf//WVnv+tba//xfiHk80RcxcunqnP1851X8aVP7/o+Ey52ut/MHm7nh7M1n08OT9/fjxiMHm93laXrJ+49do8n++fxn/wQPv2vzNuHYlHIyK9iPdFxGMRsT+r++MR8UREHFgm/p9ffvKD7uNfZlS+h9L4p+90/qP5/HefKJ/56fvu48+l5/9IPXUwW7OS97+VVnAtxw4AAAD+L0r1z8AnpdHFdKk0Otr4DP+u2Fqqzs7NP3ty9qNz043Pyg/HQCkf6RpqGg8dz8aG8/xES/5wNm78VXlLPT86NVudLjp46HPbOrT/1F/lomsHrDvf14L+pf1D/9L+oX9p/9C/tH/oX+3a/6cF1APYeO7/0L8q+4uuAVAU93/oX9o/9KWO340vrekr/xL3fCJKxZSe/7LHXXEQNiJRWfGPWawysantpoLfmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHrkvwAAAP//4JrfjQ==") syz_open_procfs(0x0, 0x0) 1m49.400301437s ago: executing program 3 (id=1063): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfeff}) creat(&(0x7f0000002040)='./file0\x00', 0x0) 1m43.16554732s ago: executing program 2 (id=1072): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c080, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f00000002c0)={0x0, 0x1}) syz_io_uring_setup(0x37bf, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) pselect6(0x49, &(0x7f0000000900), 0x0, &(0x7f0000000680)={0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffff84, &(0x7f0000000080)=0x6) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000280)={[{@nodiscard}, {@nombcache}, {@init_itable}, {@noload}, {@minixdf}, {@usrjquota}]}, 0xfe, 0x457, &(0x7f0000001100)="$eJzs3M9vFFUcAPDv7G7Lb1sRf4AgVTQSf7S0/JCDF40mHjQx0QPGeKhtIchCDa2JEKLoAY+GxLvxaOJf4EkvRj2ZeNW7ISGmF9DTmtmdKdtlt3TbbQfZzycZeG9mtu99Z+btvHlvdwPoWyPpP0nE9oj4IyKGGtmlO4w0/ru5cGnqn4VLU0nUam/9ndT3u7FwaSrfNX/dtkamVsvym9qUe+XdiMlqdeZ8lh+bP/vh2NyFi8+fPjt5aubUzLmJ48ePHN43eGziaNcxldqsS+O6seeT2b27X3vn6htTJ66+/8t3aX23Z9ub4+iVkcbRbeupXhdWsB1N6aRSYEXoSjki0tM1UG//Q1GOLYvbhuLVzwutHLCuarVard39OXO5BtzDkii6BkAx8ht9+vybLxvU9bgrXH+p8QCUxn0zWxpbKovjCAMtz7e9NBIRJy7/+3W6RIdxiKR1TAYAYA1+SPs/z7Xr/5Xioab97svmUIYj4v6I2BkRD0TEroh4MKK+78MR8UiX5bfOkNze/yldW1VgK5T2/17M5raW9v8WZ5GGy1luRz3+geTk6erMoeyYHIyBTWl+fJkyfnzl9y87bWvu/6VLWn7eF8zqca3SMkA3PTk/uZaYm13/LGJPpV38SeTTOGnfc3dE7FllGaef+XZvp21t439v28r+cA/mmWrfRDzdOP+XoyX+XNJxfnL8hWMTR8c2R3Xm0Fh+Vdzu19+uvNmp/Duf//WVnv+tba//xfiHk80RcxcunqnP1851X8aVP7/o+Ey52ut/MHm7nh7M1n08OT9/fjxiMHm93laXrJ+49do8n++fxn/wQPv2vzNuHYlHIyK9iPdFxGMRsT+r++MR8UREHFgm/p9ffvKD7uNfZlS+h9L4p+90/qP5/HefKJ/56fvu48+l5/9IPXUwW7OS97+VVnAtxw4AAAD+L0r1z8AnpdHFdKk0Otr4DP+u2Fqqzs7NP3ty9qNz043Pyg/HQCkf6RpqGg8dz8aG8/xES/5wNm78VXlLPT86NVudLjp46HPbOrT/1F/lomsHrDvf14L+pf1D/9L+oX9p/9C/tH/oX+3a/6cF1APYeO7/0L8q+4uuAVAU93/oX9o/9KWO340vrekr/xL3fCJKxZSe/7LHXXEQNiJRWfGPWawysantpoLfmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHrkvwAAAP//4JrfjQ==") syz_open_procfs(0x0, 0x0) 1m13.6954293s ago: executing program 3 (id=1063): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfeff}) creat(&(0x7f0000002040)='./file0\x00', 0x0) 1m8.687347515s ago: executing program 2 (id=1072): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c080, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f00000002c0)={0x0, 0x1}) syz_io_uring_setup(0x37bf, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) pselect6(0x49, &(0x7f0000000900), 0x0, &(0x7f0000000680)={0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0) sched_setaffinity(0x0, 0xffffffffffffff84, &(0x7f0000000080)=0x6) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000280)={[{@nodiscard}, {@nombcache}, {@init_itable}, {@noload}, {@minixdf}, {@usrjquota}]}, 0xfe, 0x457, &(0x7f0000001100)="$eJzs3M9vFFUcAPDv7G7Lb1sRf4AgVTQSf7S0/JCDF40mHjQx0QPGeKhtIchCDa2JEKLoAY+GxLvxaOJf4EkvRj2ZeNW7ISGmF9DTmtmdKdtlt3TbbQfZzycZeG9mtu99Z+btvHlvdwPoWyPpP0nE9oj4IyKGGtmlO4w0/ru5cGnqn4VLU0nUam/9ndT3u7FwaSrfNX/dtkamVsvym9qUe+XdiMlqdeZ8lh+bP/vh2NyFi8+fPjt5aubUzLmJ48ePHN43eGziaNcxldqsS+O6seeT2b27X3vn6htTJ66+/8t3aX23Z9ub4+iVkcbRbeupXhdWsB1N6aRSYEXoSjki0tM1UG//Q1GOLYvbhuLVzwutHLCuarVard39OXO5BtzDkii6BkAx8ht9+vybLxvU9bgrXH+p8QCUxn0zWxpbKovjCAMtz7e9NBIRJy7/+3W6RIdxiKR1TAYAYA1+SPs/z7Xr/5Xioab97svmUIYj4v6I2BkRD0TEroh4MKK+78MR8UiX5bfOkNze/yldW1VgK5T2/17M5raW9v8WZ5GGy1luRz3+geTk6erMoeyYHIyBTWl+fJkyfnzl9y87bWvu/6VLWn7eF8zqca3SMkA3PTk/uZaYm13/LGJPpV38SeTTOGnfc3dE7FllGaef+XZvp21t439v28r+cA/mmWrfRDzdOP+XoyX+XNJxfnL8hWMTR8c2R3Xm0Fh+Vdzu19+uvNmp/Duf//WVnv+tba//xfiHk80RcxcunqnP1851X8aVP7/o+Ey52ut/MHm7nh7M1n08OT9/fjxiMHm93laXrJ+49do8n++fxn/wQPv2vzNuHYlHIyK9iPdFxGMRsT+r++MR8UREHFgm/p9ffvKD7uNfZlS+h9L4p+90/qP5/HefKJ/56fvu48+l5/9IPXUwW7OS97+VVnAtxw4AAAD+L0r1z8AnpdHFdKk0Otr4DP+u2Fqqzs7NP3ty9qNz043Pyg/HQCkf6RpqGg8dz8aG8/xES/5wNm78VXlLPT86NVudLjp46HPbOrT/1F/lomsHrDvf14L+pf1D/9L+oX9p/9C/tH/oX+3a/6cF1APYeO7/0L8q+4uuAVAU93/oX9o/9KWO340vrekr/xL3fCJKxZSe/7LHXXEQNiJRWfGPWawysantpoLfmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHrkvwAAAP//4JrfjQ==") syz_open_procfs(0x0, 0x0) 56.319955902s ago: executing program 0 (id=1494): r0 = io_uring_setup(0x1de0, &(0x7f0000000440)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000740)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}]}, 0x8}, 0x1) io_uring_register$IORING_UNREGISTER_PBUF_RING(r0, 0x1a, &(0x7f0000000300)={0x0}, 0x1) 55.521139405s ago: executing program 0 (id=1498): r0 = openat$cuse(0xffffff9c, &(0x7f0000000280), 0x2, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r2 = dup3(r1, r0, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, 0x0, 0x0) 55.276917669s ago: executing program 0 (id=1500): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000180000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3d, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 55.135756469s ago: executing program 0 (id=1501): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$key(0xf, 0x3, 0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, 0x0, 0x0}, 0x90) ioperm(0x0, 0x0, 0x0) getpid() r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000040)={0x0, 0x8, 0x0, 'queue1\x00'}) write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f00000004c0)={0x0, 0x3938700}, &(0x7f0000000500)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@const={0x0, 0x0, 0x0, 0x9}, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @restrict={0x0, 0x0, 0x0, 0xb, 0x3}]}}, 0x0, 0x42}, 0x20) 54.616490596s ago: executing program 0 (id=1502): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='smaps_rollup\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000003a00)={0x1, &(0x7f00000039c0)=[{0x6}]}) socket$inet_mptcp(0x2, 0x1, 0x106) preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/28, 0x1c}], 0x1, 0x0, 0x0) 54.110996423s ago: executing program 4 (id=1506): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3}) syz_io_uring_setup(0x0, &(0x7f0000000280), &(0x7f0000c57000), 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}}) 53.92703316s ago: executing program 1 (id=1507): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) mq_unlink(0x0) 53.826384134s ago: executing program 1 (id=1508): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="050100000000000069113e000000000043797acc6d1d0f9bb585100000020000008500000005000092a7a9cd36230f1d29a3fc3f6b43b01b1fbd3f1840"], &(0x7f0000000580)='GPL\x00', 0x5, 0xc0, &(0x7f000000cf3d)=""/192, 0x0, 0xa, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x6}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="3800000003010103000000000000000002000000180001801400018008000100ac1414aa08000200ac1414aa0c0019800800010086090000edb234e85f0bac83b39f61dc0292442b77477de122a11f46b4dc4bcda439da3307f68618"], 0x38}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='sched_switch\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000c40)=ANY=[@ANYRES64=0x0, @ANYRESHEX=r1, @ANYRESHEX=r3, @ANYBLOB="1a412d3ff2838733fe289b041eee1ea393a1c2a4e8615b49442d8e2549f5154b567aaf5160636e9dd9d77570f7615e8c25df5c9f21433d30b2ccac36e1a7b6c0d8f8f9fbab336768e3e0830189fb31f1b0e85a1a8dfd958df175b05d3dbc21f4fcf9813283383c98ed66a58fbb320258a05562a657f436aa1b8c9658144a90a6dc5f17c17f04fc181fa515e7ff72e2cba68dd70364b0a5ac24a3f57ddb7d295e19b54aa98245666e426e275962b33369697a5714e616902c721b55338e13340c2551b4130a4d24b65cf15c90b882", @ANYRES64=0x0], 0x0, 0x0, 0xfffffffffffffe25, 0x0, 0x0, 0x2, '\x00', 0x0, 0x24}, 0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[], 0x0, 0x26}, 0x20) syz_emit_ethernet(0x66, &(0x7f0000000780)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @private}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x806}}}}}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) sendto$inet6(r3, &(0x7f0000001340)=',', 0x1, 0x0, &(0x7f0000000640)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) 53.682869715s ago: executing program 0 (id=1509): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030029000b12d25a80648c2594f90124fc60100c03c000000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 53.222679032s ago: executing program 4 (id=1510): r0 = openat$cuse(0xffffff9c, &(0x7f0000000280), 0x2, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r2 = dup3(r1, r0, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, 0x0, 0x0) 53.088564951s ago: executing program 4 (id=1511): bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ff6000/0x2000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000703ac020580406709169000000010902120001000000000904"], 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) io_setup(0x4, &(0x7f00000014c0)=0x0) syz_usb_control_io$hid(r1, &(0x7f0000000140)={0x24, &(0x7f0000000000)={0x40, 0x1, 0x4, {0x4, 0xf5584a4a203ad372, "13ee"}}, &(0x7f0000000300)={0x0, 0x3, 0xc4, @string={0xc4, 0x3, "f8659faa5c946271a84158832489934f07b3d3de30a4c9aa2d1e794c33d3ec86c84c2909c75d1995d67eb4a15f97ae53171d9fbd99402655dc0ee6d84041bfdfeff8ece44d3b2aa5a310d1d9ceb10dff835e06e18af56a87cb28782e79c910cf7fb48f1457a5a0c410dfaa43c2ff0d1bb29fbda5b3f87e16cea7c62538ad05863eea5ab953ef9ec40e4699c70e3f5966c3e098b9ee7bcd39c4620ed4542c7bf752a1ffc2bf9a983c2e17596890cf9f1930b30f452cc0d39dda1ffc2431ad3bac35f6"}}, &(0x7f0000000040)={0x0, 0x22, 0x2, {[@global=@item_012={0x1, 0x1, 0x1, "9d"}]}}, &(0x7f0000000080)={0x0, 0x21, 0x9, {0x9, 0x21, 0x9, 0x8, 0x1, {0x22, 0x22b}}}}, &(0x7f0000000580)={0x2c, &(0x7f00000001c0)={0x0, 0x18, 0x7e, "d0697bc233439f07df57b2adeff4f2a922d96c19ddd27ea9829e629ad812c3ce723b057b43be39133e1aafe97309aea235a88465fad2747c4a21a27134e9be5db6f117d69527caf835a5918eb72124db4098920dd2254fefe4cdbfca1a39f433607651cde99952a31247853e40b0c3e583eddf1aabdfe859df886e3ec14d"}, &(0x7f0000000400)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000480)={0x20, 0x1, 0xa1, "b0fb1578a6197892b456b95fa7c714537b871879d4fe8afdfd08b067188c531f81940eb2ef1d151c432d1b15ac658e6489cfb6c049447729e829e16647b422e15b1bd5a4b57ab12f62de0cae08ea79f369063b2fd3f558d3481f383e8d507c81b7225561c0383e29fc50d036178affdb82a9b141e5cc2ee596a1b98e58f9b9f8a5c68af96295e7f0066d4e2b2cece8fc87b1079b0b3f2278aa172ae2e406614802"}, &(0x7f0000000540)={0x20, 0x3, 0x1, 0xa}}) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00') io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) umount2(&(0x7f0000000180)='./file0\x00', 0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c710016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa73d897e3896d863081b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbd744e517e65ddab19e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f200004304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188541c300f5c1bf56705ba12d198e897186b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710f7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47cbb0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9ea410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be0a33c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06a6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c6062368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c5bed4b0d73dffb17a88aaad5921aee7dae6a2f3009d9cb434898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a64d903b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e7ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000000000000000006a728258ca3d846a000e80d5f43109a48ddc54cec5d7f78c80e010ed02ffc0846577cafcd9e0ad83149bfb08ba7b5b431311041deb5e5d65610ad6e8d6ed55e900071b4d37d9fadb17a0407e7251866b63faccfe936980f59ceaa9d6b6863024b482023799a4f30a225b560f320e89ed44130e78f8cf000ac3c743b08d4256f282fc36162ac4b59527a3b67560313914ff6ac4ac43cd0e79d6372da631de3fde6c29de3b43d3046df23019ecadd57f175a2443928b1bcb9be16f54936796c3b928dc07c70771622cef2fafeb239a3ca4"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x92020007) 51.064823879s ago: executing program 4 (id=1512): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$key(0xf, 0x3, 0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, 0x0, 0x0}, 0x90) ioperm(0x0, 0x0, 0x0) getpid() r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000040)={0x0, 0x8, 0x0, 'queue1\x00'}) write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f00000004c0)={0x0, 0x3938700}, &(0x7f0000000500)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@const={0x0, 0x0, 0x0, 0x9}, @int={0x0, 0x0, 0x0, 0x1, 0x5}, @restrict={0x0, 0x0, 0x0, 0xb, 0x3}]}}, 0x0, 0x42}, 0x20) 50.740843451s ago: executing program 4 (id=1513): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000180)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) getpid() 49.698881016s ago: executing program 4 (id=1514): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000baef000000b702009f14000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000300"/98], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) r5 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) r6 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r6, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4) sendto$inet6(r6, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @local}, 0x1c) sendto$inet6(r6, &(0x7f0000000000)="17", 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f0000000100), &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0) recvfrom(r5, &(0x7f0000000040)=""/180, 0xb4, 0x0, 0x0, 0x0) r7 = socket(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) r10 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r10) getsockname$packet(r10, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r11, @ANYBLOB="00000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x24, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0x0, 0xfffb}, {0x7}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_FLAGS={0x8}]}}]}, 0x44}}, 0x0) 2.912245251s ago: executing program 1 (id=1515): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000d00)={0x14}, 0x14}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="300000003b0007010000000010000000047c00000800000037425d555d280f1cd1f25ac67833b2884442bb894264c471578778e6eb76cd07293e0622b5ebb4d1d3315bb0e4ece57c5e7878d17dd90e04a9d91568a3320165e5c581e20b2d370ae88534293a1a493632ca0315afc40d6728c7daa509759cb8af4f3f91b24356154dc941a5", @ANYRES32=0x0, @ANYBLOB], 0x30}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000004c0)=0xe) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, 0x0) ioctl$USBDEVFS_GETDRIVER(r3, 0x41045508, 0x0) socket$inet6(0xa, 0x0, 0x1) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r4, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) socket$igmp(0x2, 0x3, 0x2) r5 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000023000b03d25a806f8c6394f96b24fc60", 0x14}], 0x1}, 0x0) 1.9064791s ago: executing program 1 (id=1518): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = epoll_create1(0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x8a, 0x8, 0x2}, 0x48) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f00000000c0)=0x7f, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004880)=[{{&(0x7f0000000380)={0xa, 0x4e22, 0x0, @mcast2={0xff, 0x2, '\x00', 0xa}, 0x9}, 0x1c, 0x0}}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000061100c0000000000bd000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3}, 0x2f) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000ac0)) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000006c0)={'bridge_slave_0\x00'}) dup(0xffffffffffffffff) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000002d40), 0xfea7) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1, 0x10012, r4, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r3, 0xc004ae02, 0x0) r5 = fsopen(&(0x7f0000000080)='binder\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) lseek(0xffffffffffffffff, 0x0, 0x3) 904.22416ms ago: executing program 1 (id=1519): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='smaps_rollup\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000003a00)={0x1, &(0x7f00000039c0)=[{0x6}]}) socket$inet_mptcp(0x2, 0x1, 0x106) preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/28, 0x1c}], 0x1, 0x0, 0x0) 0s ago: executing program 1 (id=1520): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3}) syz_io_uring_setup(0x0, &(0x7f0000000280), &(0x7f0000c57000), 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}}) kernel console output (not intermixed with test programs): ][ C1] ? process_scheduled_works+0x945/0x1830 [ 605.973284][ C1] addrconf_verify_work+0x19/0x30 [ 605.978357][ C1] process_scheduled_works+0xa2c/0x1830 [ 605.984015][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 605.990049][ C1] ? assign_work+0x364/0x3d0 [ 605.994723][ C1] worker_thread+0x86d/0xd40 [ 605.999381][ C1] ? __kthread_parkme+0x169/0x1d0 [ 606.004507][ C1] ? __pfx_worker_thread+0x10/0x10 [ 606.009670][ C1] kthread+0x2f0/0x390 [ 606.013804][ C1] ? __pfx_worker_thread+0x10/0x10 [ 606.018960][ C1] ? __pfx_kthread+0x10/0x10 [ 606.024056][ C1] ret_from_fork+0x4b/0x80 [ 606.028522][ C1] ? __pfx_kthread+0x10/0x10 [ 606.033186][ C1] ret_from_fork_asm+0x1a/0x30 [ 606.038027][ C1] [ 606.041079][ C1] DEBUG: waiting rtnl_mutex for 845 jiffies. [ 606.047112][ C1] task:syz-executor state:D stack:21728 pid:10557 tgid:10557 ppid:10544 flags:0x00004000 [ 606.057357][ C1] Call Trace: [ 606.060667][ C1] [ 606.063664][ C1] __schedule+0x1800/0x4a60 [ 606.068245][ C1] ? __pfx___schedule+0x10/0x10 [ 606.073171][ C1] ? __pfx_lock_release+0x10/0x10 [ 606.078240][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 606.083786][ C1] ? schedule+0x90/0x320 [ 606.088074][ C1] schedule+0x14b/0x320 [ 606.092303][ C1] schedule_preempt_disabled+0x13/0x30 [ 606.097800][ C1] __mutex_lock+0x6a4/0xd70 [ 606.102381][ C1] ? __mutex_lock+0x527/0xd70 [ 606.107117][ C1] ? rtnetlink_rcv_msg+0x6eb/0xd00 [ 606.112310][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 606.117392][ C1] ? get_rtnl_holder+0x144/0x190 [ 606.122412][ C1] rtnetlink_rcv_msg+0x6eb/0xd00 [ 606.127397][ C1] ? rtnetlink_rcv_msg+0x1a7/0xd00 [ 606.132593][ C1] ? __lock_acquire+0x1384/0x2050 [ 606.137659][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 606.143239][ C1] netlink_rcv_skb+0x1e3/0x430 [ 606.148140][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 606.153687][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 606.159044][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 606.164321][ C1] netlink_unicast+0x7f6/0x990 [ 606.169138][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 606.174490][ C1] ? __virt_addr_valid+0x183/0x530 [ 606.179731][ C1] ? __check_object_size+0x49c/0x900 [ 606.185085][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 606.190243][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 606.195085][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 606.200416][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 606.205426][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 606.210747][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 606.216291][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 606.221632][ C1] __sock_sendmsg+0x221/0x270 [ 606.226356][ C1] __sys_sendto+0x3a4/0x4f0 [ 606.230907][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 606.236043][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 606.241367][ C1] ? blkcg_maybe_throttle_current+0x1ab/0xb80 [ 606.247526][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 606.253581][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 606.259957][ C1] __x64_sys_sendto+0xde/0x100 [ 606.264791][ C1] do_syscall_64+0xf3/0x230 [ 606.269343][ C1] ? clear_bhb_loop+0x35/0x90 [ 606.274091][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.280191][ C1] RIP: 0033:0x7f4ba0d778ec [ 606.284668][ C1] RSP: 002b:00007fffbb3392b0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 606.293232][ C1] RAX: ffffffffffffffda RBX: 00007f4ba1a34620 RCX: 00007f4ba0d778ec [ 606.301234][ C1] RDX: 000000000000003c RSI: 00007f4ba1a34670 RDI: 0000000000000003 [ 606.309350][ C1] RBP: 0000000000000000 R08: 00007fffbb339304 R09: 000000000000000c [ 606.317482][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 606.325519][ C1] R13: 0000000000000000 R14: 00007f4ba1a34670 R15: 0000000000000000 [ 606.333570][ C1] [ 606.336612][ C1] DEBUG: holding rtnl_mutex for 864 jiffies. [ 606.342661][ C1] task:kworker/u8:7 state:R running task stack:20144 pid:2465 tgid:2465 ppid:2 flags:0x00004008 [ 606.354476][ C1] Workqueue: netns cleanup_net [ 606.359285][ C1] Call Trace: [ 606.362618][ C1] [ 606.365484][ C1] sched_show_task+0x506/0x6d0 [ 606.370284][ C1] ? report_rtnl_holders+0x2a5/0x400 [ 606.375645][ C1] ? __pfx__printk+0x10/0x10 [ 606.380281][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 606.385632][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 606.391597][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 606.397966][ C1] report_rtnl_holders+0x327/0x400 [ 606.403157][ C1] call_timer_fn+0x18e/0x650 [ 606.407788][ C1] ? call_timer_fn+0xc0/0x650 [ 606.412523][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 606.418203][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 606.423397][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 606.429076][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 606.434779][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 606.440478][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 606.445788][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 606.451039][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 606.456768][ C1] __run_timer_base+0x66a/0x8e0 [ 606.461709][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 606.467150][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 606.473593][ C1] run_timer_softirq+0xb7/0x170 [ 606.478502][ C1] handle_softirqs+0x2c4/0x970 [ 606.483355][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 606.488175][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 606.493540][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 606.498822][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 606.503503][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 606.508760][ C1] irq_exit_rcu+0x9/0x30 [ 606.513071][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 606.518766][ C1] [ 606.521783][ C1] [ 606.524744][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 606.530773][ C1] RIP: 0010:preempt_schedule_irq+0xf6/0x1c0 [ 606.536867][ C1] Code: 89 f5 49 c1 ed 03 eb 0d 48 f7 03 08 00 00 00 0f 84 8b 00 00 00 bf 01 00 00 00 e8 05 03 c6 f5 e8 60 ae fe f5 fb bf 01 00 00 00 55 ad ff ff 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 65 6b 5e f6 48 [ 606.556569][ C1] RSP: 0018:ffffc9000917f460 EFLAGS: 00000286 [ 606.562722][ C1] RAX: 9a417fb5bef74300 RBX: 1ffff9200122fe94 RCX: ffffffff817023ea [ 606.570736][ C1] RDX: dffffc0000000000 RSI: ffffffff8bcad5c0 RDI: 0000000000000001 [ 606.578777][ C1] RBP: ffffc9000917f510 R08: ffffffff9300f80f R09: 1ffffffff2601f01 [ 606.586816][ C1] R10: dffffc0000000000 R11: fffffbfff2601f02 R12: 1ffff9200122fe8c [ 606.594880][ C1] R13: 1ffff9200122fe90 R14: ffffc9000917f480 R15: dffffc0000000000 [ 606.602945][ C1] ? mark_lock+0x9a/0x360 [ 606.607345][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 606.613153][ C1] irqentry_exit+0x5e/0x90 [ 606.617616][ C1] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 606.623153][ C1] RIP: 0010:synchronize_rcu+0x0/0x360 [ 606.628571][ C1] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 05 20 81 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 606.648341][ C1] RSP: 0018:ffffc9000917f5d8 EFLAGS: 00000206 [ 606.654483][ C1] RAX: dffffc0000000000 RBX: 1ffff9200122fec4 RCX: ffffffff94807903 [ 606.662562][ C1] RDX: 0000000000000001 RSI: ffffffff8bcae2a0 RDI: ffffffff8c20a760 [ 606.670568][ C1] RBP: ffffc9000917f6b8 R08: ffffffff947fdae7 R09: 1ffffffff28ffb5c [ 606.678627][ C1] R10: dffffc0000000000 R11: fffffbfff28ffb5d R12: ffffffff947faec8 [ 606.686680][ C1] R13: 1ffff9200122fec0 R14: 0000000000000206 R15: ffffc9000917f620 [ 606.694845][ C1] lockdep_unregister_key+0x4b7/0x540 [ 606.700279][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 606.706257][ C1] ? rcu_is_watching+0x15/0xb0 [ 606.711055][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 606.715725][ C1] __qdisc_destroy+0x165/0x410 [ 606.720536][ C1] dev_shutdown+0x9b/0x450 [ 606.725055][ C1] unregister_netdevice_many_notify+0x97b/0x1c40 [ 606.731464][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 606.738358][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 606.744344][ C1] ? batadv_softif_destroy_netlink+0x1e3/0x270 [ 606.750554][ C1] default_device_exit_batch+0xa0f/0xa90 [ 606.756283][ C1] ? __pfx___might_resched+0x10/0x10 [ 606.761627][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 606.767851][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 606.773213][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 606.779417][ C1] cleanup_net+0x89d/0xcc0 [ 606.783909][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 606.788898][ C1] ? process_scheduled_works+0x945/0x1830 [ 606.794711][ C1] process_scheduled_works+0xa2c/0x1830 [ 606.800372][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 606.806447][ C1] ? assign_work+0x364/0x3d0 [ 606.811092][ C1] worker_thread+0x86d/0xd40 [ 606.815774][ C1] ? __kthread_parkme+0x169/0x1d0 [ 606.820846][ C1] ? __pfx_worker_thread+0x10/0x10 [ 606.826043][ C1] kthread+0x2f0/0x390 [ 606.830150][ C1] ? __pfx_worker_thread+0x10/0x10 [ 606.835334][ C1] ? __pfx_kthread+0x10/0x10 [ 606.839959][ C1] ret_from_fork+0x4b/0x80 [ 606.844450][ C1] ? __pfx_kthread+0x10/0x10 [ 606.849077][ C1] ret_from_fork_asm+0x1a/0x30 [ 606.853942][ C1] [ 606.856989][ C1] DEBUG: waiting rtnl_mutex for 916 jiffies. [ 606.863021][ C1] task:syz-executor state:D stack:21728 pid:10525 tgid:10525 ppid:10512 flags:0x00000000 [ 606.873257][ C1] Call Trace: [ 606.876559][ C1] [ 606.879511][ C1] __schedule+0x1800/0x4a60 [ 606.884220][ C1] ? __pfx___schedule+0x10/0x10 [ 606.889145][ C1] ? __pfx_lock_release+0x10/0x10 [ 606.894269][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 606.899795][ C1] ? schedule+0x90/0x320 [ 606.904118][ C1] schedule+0x14b/0x320 [ 606.908344][ C1] schedule_preempt_disabled+0x13/0x30 [ 606.913882][ C1] __mutex_lock+0x6a4/0xd70 [ 606.918438][ C1] ? __mutex_lock+0x527/0xd70 [ 606.923194][ C1] ? rtnetlink_rcv_msg+0x6eb/0xd00 [ 606.928366][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 606.933579][ C1] ? get_rtnl_holder+0x144/0x190 [ 606.938563][ C1] rtnetlink_rcv_msg+0x6eb/0xd00 [ 606.943578][ C1] ? rtnetlink_rcv_msg+0x1a7/0xd00 [ 606.948735][ C1] ? __lock_acquire+0x1384/0x2050 [ 606.953835][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 606.959360][ C1] netlink_rcv_skb+0x1e3/0x430 [ 606.964213][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 606.969719][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 606.975110][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 606.980360][ C1] netlink_unicast+0x7f6/0x990 [ 606.985211][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 606.990537][ C1] ? __virt_addr_valid+0x183/0x530 [ 606.995705][ C1] ? __check_object_size+0x49c/0x900 [ 607.001022][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 607.006219][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 607.011063][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 607.016410][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 607.022469][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 607.027453][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 607.032847][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 607.038363][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 607.043721][ C1] __sock_sendmsg+0x221/0x270 [ 607.048712][ C1] __sys_sendto+0x3a4/0x4f0 [ 607.053371][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 607.058463][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 607.064532][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 607.070908][ C1] __x64_sys_sendto+0xde/0x100 [ 607.075740][ C1] do_syscall_64+0xf3/0x230 [ 607.080289][ C1] ? clear_bhb_loop+0x35/0x90 [ 607.085036][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.090968][ C1] RIP: 0033:0x7f6a70d778ec [ 607.095439][ C1] RSP: 002b:00007ffe57fa3bb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 607.103923][ C1] RAX: ffffffffffffffda RBX: 00007f6a71a34620 RCX: 00007f6a70d778ec [ 607.111959][ C1] RDX: 0000000000000028 RSI: 00007f6a71a34670 RDI: 0000000000000003 [ 607.119964][ C1] RBP: 0000000000000000 R08: 00007ffe57fa3c04 R09: 000000000000000c [ 607.127999][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 607.136047][ C1] R13: 0000000000000000 R14: 00007f6a71a34670 R15: 0000000000000000 [ 607.144106][ C1] [ 607.147150][ C1] DEBUG: waiting rtnl_mutex for 929 jiffies. [ 607.153176][ C1] task:kworker/1:6 state:D stack:22384 pid:7720 tgid:7720 ppid:2 flags:0x00004000 [ 607.163412][ C1] Workqueue: events linkwatch_event [ 607.168653][ C1] Call Trace: [ 607.171988][ C1] [ 607.174948][ C1] __schedule+0x1800/0x4a60 [ 607.179521][ C1] ? __pfx___schedule+0x10/0x10 [ 607.184442][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 607.190467][ C1] ? __pfx_lock_release+0x10/0x10 [ 607.195577][ C1] ? kick_pool+0x1bd/0x620 [ 607.200039][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 607.205329][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 607.210568][ C1] ? schedule+0x90/0x320 [ 607.214871][ C1] schedule+0x14b/0x320 [ 607.219065][ C1] schedule_preempt_disabled+0x13/0x30 [ 607.224592][ C1] __mutex_lock+0x6a4/0xd70 [ 607.229145][ C1] ? __mutex_lock+0x527/0xd70 [ 607.233901][ C1] ? linkwatch_event+0xe/0x60 [ 607.238616][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 607.243727][ C1] ? get_rtnl_holder+0x144/0x190 [ 607.248697][ C1] ? process_scheduled_works+0x945/0x1830 [ 607.254484][ C1] linkwatch_event+0xe/0x60 [ 607.259026][ C1] process_scheduled_works+0xa2c/0x1830 [ 607.264677][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 607.270713][ C1] ? assign_work+0x364/0x3d0 [ 607.275375][ C1] worker_thread+0x86d/0xd40 [ 607.280018][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 607.285982][ C1] ? __kthread_parkme+0x169/0x1d0 [ 607.291052][ C1] ? __pfx_worker_thread+0x10/0x10 [ 607.296231][ C1] kthread+0x2f0/0x390 [ 607.300333][ C1] ? __pfx_worker_thread+0x10/0x10 [ 607.305521][ C1] ? __pfx_kthread+0x10/0x10 [ 607.310145][ C1] ret_from_fork+0x4b/0x80 [ 607.314643][ C1] ? __pfx_kthread+0x10/0x10 [ 607.319267][ C1] ret_from_fork_asm+0x1a/0x30 [ 607.324123][ C1] [ 607.327167][ C1] DEBUG: waiting rtnl_mutex for 921 jiffies. [ 607.333197][ C1] task:syz.1.1508 state:D stack:23800 pid:10649 tgid:10648 ppid:9623 flags:0x00004004 [ 607.343445][ C1] Call Trace: [ 607.346755][ C1] [ 607.349716][ C1] __schedule+0x1800/0x4a60 [ 607.354335][ C1] ? __pfx___schedule+0x10/0x10 [ 607.359228][ C1] ? __pfx_lock_release+0x10/0x10 [ 607.364432][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 607.369947][ C1] ? schedule+0x90/0x320 [ 607.374255][ C1] schedule+0x14b/0x320 [ 607.378453][ C1] schedule_preempt_disabled+0x13/0x30 [ 607.383984][ C1] __mutex_lock+0x6a4/0xd70 [ 607.388540][ C1] ? __mutex_lock+0x527/0xd70 [ 607.393286][ C1] ? nl80211_pre_doit+0x5f/0x8b0 [ 607.398265][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 607.403367][ C1] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 607.409659][ C1] ? get_rtnl_holder+0x144/0x190 [ 607.414663][ C1] nl80211_pre_doit+0x5f/0x8b0 [ 607.419477][ C1] genl_rcv_msg+0xaaa/0xec0 [ 607.424049][ C1] ? mark_lock+0x9a/0x360 [ 607.428440][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 607.433576][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 607.438648][ C1] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 607.444094][ C1] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 607.449421][ C1] ? __pfx_nl80211_post_doit+0x10/0x10 [ 607.454957][ C1] ? __pfx___might_resched+0x10/0x10 [ 607.460295][ C1] netlink_rcv_skb+0x1e3/0x430 [ 607.465135][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 607.470199][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 607.475569][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 607.481074][ C1] genl_rcv+0x28/0x40 [ 607.485120][ C1] netlink_unicast+0x7f6/0x990 [ 607.489940][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 607.495319][ C1] ? __virt_addr_valid+0x183/0x530 [ 607.500494][ C1] ? __check_object_size+0x49c/0x900 [ 607.505868][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 607.511032][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 607.515915][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 607.521241][ C1] ? __import_iovec+0x536/0x820 [ 607.526159][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 607.531164][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 607.536522][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 607.542083][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 607.547415][ C1] __sock_sendmsg+0x221/0x270 [ 607.552193][ C1] ____sys_sendmsg+0x525/0x7d0 [ 607.557023][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 607.562436][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 607.567073][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 607.572337][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 607.578723][ C1] ? do_syscall_64+0x100/0x230 [ 607.583568][ C1] ? do_syscall_64+0xb6/0x230 [ 607.588292][ C1] do_syscall_64+0xf3/0x230 [ 607.592869][ C1] ? clear_bhb_loop+0x35/0x90 [ 607.597587][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.603558][ C1] RIP: 0033:0x7f34e9f75b59 [ 607.608003][ C1] RSP: 002b:00007f34e99ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 607.616482][ C1] RAX: ffffffffffffffda RBX: 00007f34ea105f60 RCX: 00007f34e9f75b59 [ 607.624536][ C1] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000009 [ 607.632561][ C1] RBP: 00007f34e9fe4e5d R08: 0000000000000000 R09: 0000000000000000 [ 607.640558][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 607.648622][ C1] R13: 000000000000000b R14: 00007f34ea105f60 R15: 00007ffe228de248 [ 607.656680][ C1] [ 607.659727][ C1] DEBUG: waiting rtnl_mutex for 940 jiffies. [ 607.665775][ C1] task:syz.0.1509 state:D stack:25744 pid:10652 tgid:10650 ppid:8488 flags:0x00004004 [ 607.676030][ C1] Call Trace: [ 607.679332][ C1] [ 607.682331][ C1] __schedule+0x1800/0x4a60 [ 607.686906][ C1] ? __pfx___schedule+0x10/0x10 [ 607.691843][ C1] ? __pfx_lock_release+0x10/0x10 [ 607.696909][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 607.702444][ C1] ? schedule+0x90/0x320 [ 607.706728][ C1] schedule+0x14b/0x320 [ 607.710951][ C1] schedule_preempt_disabled+0x13/0x30 [ 607.716481][ C1] __mutex_lock+0x6a4/0xd70 [ 607.721033][ C1] ? __mutex_lock+0x527/0xd70 [ 607.725780][ C1] ? team_nl_options_set_doit+0x9b/0x1090 [ 607.731538][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 607.736627][ C1] ? __nla_validate_parse+0x27eb/0x3090 [ 607.742256][ C1] ? get_rtnl_holder+0x144/0x190 [ 607.747260][ C1] team_nl_options_set_doit+0x9b/0x1090 [ 607.752879][ C1] ? __pfx___nla_validate_parse+0x10/0x10 [ 607.758664][ C1] ? __pfx_team_nl_options_set_doit+0x10/0x10 [ 607.764812][ C1] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 607.771094][ C1] ? __nla_parse+0x40/0x60 [ 607.775587][ C1] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 607.781995][ C1] genl_rcv_msg+0xb14/0xec0 [ 607.786537][ C1] ? mark_lock+0x9a/0x360 [ 607.790920][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 607.796075][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 607.801143][ C1] ? __pfx_team_nl_options_set_doit+0x10/0x10 [ 607.807288][ C1] ? __pfx___might_resched+0x10/0x10 [ 607.812661][ C1] netlink_rcv_skb+0x1e3/0x430 [ 607.817485][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 607.822581][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 607.827928][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 607.833469][ C1] genl_rcv+0x28/0x40 [ 607.837493][ C1] netlink_unicast+0x7f6/0x990 [ 607.842343][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 607.847675][ C1] ? __virt_addr_valid+0x183/0x530 [ 607.852867][ C1] ? __check_object_size+0x49c/0x900 [ 607.858187][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 607.863378][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 607.868193][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 607.873798][ C1] ? __import_iovec+0x536/0x820 [ 607.878685][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 607.883701][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 607.889020][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 607.894558][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 607.899874][ C1] __sock_sendmsg+0x221/0x270 [ 607.904633][ C1] ____sys_sendmsg+0x525/0x7d0 [ 607.909451][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 607.914832][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 607.919467][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 607.924792][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 607.931186][ C1] ? do_syscall_64+0x100/0x230 [ 607.936029][ C1] ? do_syscall_64+0xb6/0x230 [ 607.940767][ C1] do_syscall_64+0xf3/0x230 [ 607.945348][ C1] ? clear_bhb_loop+0x35/0x90 [ 607.950076][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.956047][ C1] RIP: 0033:0x7fec12975b59 [ 607.960496][ C1] RSP: 002b:00007fec137d9048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 607.968983][ C1] RAX: ffffffffffffffda RBX: 00007fec12b05f60 RCX: 00007fec12975b59 [ 607.977038][ C1] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 607.985100][ C1] RBP: 00007fec129e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 607.993148][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 608.001162][ C1] R13: 000000000000000b R14: 00007fec12b05f60 R15: 00007ffec54d0da8 [ 608.009218][ C1] [ 608.012297][ C1] [ 608.012297][ C1] Showing all locks held in the system: [ 608.020146][ C1] 6 locks held by kworker/u8:7/2465: [ 608.025487][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 608.036497][ C1] #1: ffffc9000917fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 608.047151][ C1] #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 608.056669][ C1] #3: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 608.066803][ C1] #4: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 608.077013][ C1] #5: ffffffff8e337aa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 608.086977][ C1] 2 locks held by getty/4856: [ 608.091709][ C1] #0: ffff88802a6670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 608.101647][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 608.111866][ C1] 3 locks held by kworker/1:6/7720: [ 608.117083][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 608.128161][ C1] #1: ffffc9000938fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 608.139236][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 608.148333][ C1] 3 locks held by kworker/u8:13/10135: [ 608.153844][ C1] #0: ffff88802983d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 608.165535][ C1] #1: ffffc900092f7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 608.179400][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 608.189021][ C1] 1 lock held by syz-executor/10525: [ 608.194366][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 608.204251][ C1] 1 lock held by syz-executor/10557: [ 608.209555][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 608.219085][ C1] 2 locks held by syz.1.1508/10649: [ 608.224340][ C1] #0: ffffffff8f66f490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 608.232643][ C1] #1: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 608.241980][ C1] 3 locks held by syz.0.1509/10652: [ 608.247202][ C1] #0: ffffffff8f66f490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 608.255498][ C1] #1: ffffffff8f66f348 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 608.264598][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: team_nl_options_set_doit+0x9b/0x1090 [ 608.274722][ C1] 1 lock held by syz.4.1514/10667: [ 608.279941][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 608.289464][ C1] 1 lock held by syz.4.1514/10668: [ 608.294637][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 608.304245][ C1] 1 lock held by syz.4.1514/10669: [ 608.309380][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 608.318916][ C1] [ 608.321262][ C1] ============================================= [ 608.321262][ C1] [ 608.899590][ T9172] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 608.910966][ T9172] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 608.932384][ T9172] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 608.944329][ T9172] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 608.954233][ T9172] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 608.966074][ T9172] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 609.194321][ T9172] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 609.205777][ T9172] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 609.230604][ T9172] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 609.257371][ T9172] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 609.266792][ T9172] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 609.285289][ T9172] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 609.363440][ C1] DEBUG: waiting rtnl_mutex for 1031 jiffies. [ 609.369665][ C1] task:kworker/u8:13 state:D stack:24080 pid:10135 tgid:10135 ppid:2 flags:0x00004000 [ 609.379911][ C1] Workqueue: ipv6_addrconf addrconf_verify_work [ 609.386253][ C1] Call Trace: [ 609.389585][ C1] [ 609.392583][ C1] __schedule+0x1800/0x4a60 [ 609.397162][ C1] ? __pfx___schedule+0x10/0x10 [ 609.402090][ C1] ? __pfx_lock_release+0x10/0x10 [ 609.407164][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 609.412693][ C1] ? kthread_data+0x52/0xd0 [ 609.417239][ C1] ? schedule+0x90/0x320 [ 609.421519][ C1] ? wq_worker_sleeping+0x66/0x240 [ 609.426705][ C1] ? schedule+0x90/0x320 [ 609.430973][ C1] schedule+0x14b/0x320 [ 609.435249][ C1] schedule_preempt_disabled+0x13/0x30 [ 609.440750][ C1] __mutex_lock+0x6a4/0xd70 [ 609.445340][ C1] ? __mutex_lock+0x527/0xd70 [ 609.450078][ C1] ? addrconf_verify_work+0x19/0x30 [ 609.455370][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 609.460455][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 609.466516][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 609.472932][ C1] ? get_rtnl_holder+0x144/0x190 [ 609.477915][ C1] ? process_scheduled_works+0x945/0x1830 [ 609.483708][ C1] addrconf_verify_work+0x19/0x30 [ 609.488781][ C1] process_scheduled_works+0xa2c/0x1830 [ 609.494434][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 609.500466][ C1] ? assign_work+0x364/0x3d0 [ 609.505135][ C1] worker_thread+0x86d/0xd40 [ 609.509784][ C1] ? __kthread_parkme+0x169/0x1d0 [ 609.514894][ C1] ? __pfx_worker_thread+0x10/0x10 [ 609.520043][ C1] kthread+0x2f0/0x390 [ 609.524180][ C1] ? __pfx_worker_thread+0x10/0x10 [ 609.529331][ C1] ? __pfx_kthread+0x10/0x10 [ 609.533993][ C1] ret_from_fork+0x4b/0x80 [ 609.538453][ C1] ? __pfx_kthread+0x10/0x10 [ 609.543144][ C1] ret_from_fork_asm+0x1a/0x30 [ 609.547968][ C1] [ 609.551021][ C1] DEBUG: waiting rtnl_mutex for 722 jiffies. [ 609.557067][ C1] task:syz.4.1514 state:D stack:24504 pid:10667 tgid:10664 ppid:9610 flags:0x00004004 [ 609.567317][ C1] Call Trace: [ 609.570622][ C1] [ 609.573614][ C1] __schedule+0x1800/0x4a60 [ 609.578198][ C1] ? __pfx___schedule+0x10/0x10 [ 609.583122][ C1] ? __pfx_lock_release+0x10/0x10 [ 609.588193][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 609.593738][ C1] ? schedule+0x90/0x320 [ 609.598035][ C1] schedule+0x14b/0x320 [ 609.602270][ C1] schedule_preempt_disabled+0x13/0x30 [ 609.607773][ C1] __mutex_lock+0x6a4/0xd70 [ 609.612355][ C1] ? rcu_is_watching+0x15/0xb0 [ 609.617165][ C1] ? __mutex_lock+0x527/0xd70 [ 609.621914][ C1] ? rtnetlink_rcv_msg+0x6eb/0xd00 [ 609.627071][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 609.632173][ C1] ? get_rtnl_holder+0x144/0x190 [ 609.637229][ C1] rtnetlink_rcv_msg+0x6eb/0xd00 [ 609.642240][ C1] ? rtnetlink_rcv_msg+0x1a7/0xd00 [ 609.647396][ C1] ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70 [ 609.654059][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 609.659585][ C1] netlink_rcv_skb+0x1e3/0x430 [ 609.664431][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 609.669953][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 609.675537][ C1] ? __rcu_read_unlock+0xa1/0x110 [ 609.680625][ C1] netlink_unicast+0x7f6/0x990 [ 609.685592][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 609.690931][ C1] ? __virt_addr_valid+0x183/0x530 [ 609.696129][ C1] ? __check_object_size+0x49c/0x900 [ 609.701454][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 609.706650][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 609.711481][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 609.716877][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 609.721898][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 609.727312][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 609.732852][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 609.738168][ C1] __sock_sendmsg+0x221/0x270 [ 609.742924][ C1] __sys_sendto+0x3a4/0x4f0 [ 609.747473][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 609.752594][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 609.758622][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 609.765025][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 609.771400][ C1] __x64_sys_sendto+0xde/0x100 [ 609.776238][ C1] do_syscall_64+0xf3/0x230 [ 609.780801][ C1] ? clear_bhb_loop+0x35/0x90 [ 609.785551][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 609.791483][ C1] RIP: 0033:0x7f278df778ec [ 609.795968][ C1] RSP: 002b:00007f278ed6fed0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 609.804457][ C1] RAX: ffffffffffffffda RBX: 00007f278ed6ffd0 RCX: 00007f278df778ec [ 609.812510][ C1] RDX: 0000000000000020 RSI: 00007f278ed70020 RDI: 000000000000000c [ 609.820599][ C1] RBP: 0000000000000000 R08: 00007f278ed6ff24 R09: 000000000000000c [ 609.828635][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000c [ 609.836672][ C1] R13: 00007f278ed6ff78 R14: 00007f278ed70020 R15: 0000000000000000 [ 609.844728][ C1] [ 609.847772][ C1] DEBUG: waiting rtnl_mutex for 746 jiffies. [ 609.853795][ C1] task:syz.4.1514 state:D stack:26192 pid:10668 tgid:10664 ppid:9610 flags:0x00004004 [ 609.864024][ C1] Call Trace: [ 609.867325][ C1] [ 609.870287][ C1] __schedule+0x1800/0x4a60 [ 609.874890][ C1] ? __pfx___schedule+0x10/0x10 [ 609.879780][ C1] ? __pfx_lock_release+0x10/0x10 [ 609.884898][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 609.890400][ C1] ? schedule+0x90/0x320 [ 609.894705][ C1] schedule+0x14b/0x320 [ 609.898908][ C1] schedule_preempt_disabled+0x13/0x30 [ 609.904440][ C1] __mutex_lock+0x6a4/0xd70 [ 609.908987][ C1] ? __mutex_lock+0x527/0xd70 [ 609.913742][ C1] ? rtnetlink_rcv_msg+0x6eb/0xd00 [ 609.918902][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 609.924018][ C1] ? get_rtnl_holder+0x144/0x190 [ 609.928997][ C1] rtnetlink_rcv_msg+0x6eb/0xd00 [ 609.934012][ C1] ? rtnetlink_rcv_msg+0x1a7/0xd00 [ 609.939175][ C1] ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70 [ 609.945834][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 609.951351][ C1] netlink_rcv_skb+0x1e3/0x430 [ 609.956188][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 609.961723][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 609.967076][ C1] ? __rcu_read_unlock+0xa1/0x110 [ 609.972170][ C1] netlink_unicast+0x7f6/0x990 [ 609.976988][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 609.982391][ C1] ? __check_object_size+0x49c/0x900 [ 609.987724][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 609.992918][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 609.997737][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.003097][ C1] ? tomoyo_socket_sendmsg_permission+0x12e/0x420 [ 610.009564][ C1] ? __sanitizer_cov_trace_pc+0x18/0x70 [ 610.015201][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 610.020522][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 610.026055][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.031368][ C1] __sock_sendmsg+0x221/0x270 [ 610.036130][ C1] ____sys_sendmsg+0x525/0x7d0 [ 610.040961][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 610.046335][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 610.050962][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 610.056134][ C1] ? __schedule+0x1808/0x4a60 [ 610.060893][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 610.067301][ C1] ? do_syscall_64+0x100/0x230 [ 610.072144][ C1] ? do_syscall_64+0xb6/0x230 [ 610.076867][ C1] do_syscall_64+0xf3/0x230 [ 610.081414][ C1] ? clear_bhb_loop+0x35/0x90 [ 610.086161][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.092121][ C1] RIP: 0033:0x7f278df75b59 [ 610.096563][ C1] RSP: 002b:00007f278ed50048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 610.105056][ C1] RAX: ffffffffffffffda RBX: 00007f278e1061e8 RCX: 00007f278df75b59 [ 610.113095][ C1] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 000000000000000a [ 610.121094][ C1] RBP: 00007f278dfe4e5d R08: 0000000000000000 R09: 0000000000000000 [ 610.129146][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.137176][ C1] R13: 000000000000006e R14: 00007f278e1061e8 R15: 00007ffd5121f448 [ 610.145241][ C1] [ 610.148285][ C1] DEBUG: waiting rtnl_mutex for 770 jiffies. [ 610.154315][ C1] task:syz.4.1514 state:D stack:26496 pid:10669 tgid:10664 ppid:9610 flags:0x00000004 [ 610.164639][ C1] Call Trace: [ 610.167941][ C1] [ 610.170896][ C1] __schedule+0x1800/0x4a60 [ 610.175500][ C1] ? __pfx___schedule+0x10/0x10 [ 610.180420][ C1] ? __pfx_lock_release+0x10/0x10 [ 610.185517][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 610.191024][ C1] ? schedule+0x90/0x320 [ 610.195332][ C1] schedule+0x14b/0x320 [ 610.199526][ C1] schedule_preempt_disabled+0x13/0x30 [ 610.205069][ C1] __mutex_lock+0x6a4/0xd70 [ 610.209638][ C1] ? __mutex_lock+0x527/0xd70 [ 610.214396][ C1] ? rtnetlink_rcv_msg+0x6eb/0xd00 [ 610.219552][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 610.224766][ C1] ? get_rtnl_holder+0x144/0x190 [ 610.229758][ C1] rtnetlink_rcv_msg+0x6eb/0xd00 [ 610.234765][ C1] ? rtnetlink_rcv_msg+0x1a7/0xd00 [ 610.239925][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 610.245469][ C1] ? ref_tracker_free+0x643/0x7e0 [ 610.250618][ C1] netlink_rcv_skb+0x1e3/0x430 [ 610.255543][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 610.261049][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 610.266440][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 610.271716][ C1] netlink_unicast+0x7f6/0x990 [ 610.276534][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 610.281879][ C1] ? __virt_addr_valid+0x183/0x530 [ 610.287113][ C1] ? __check_object_size+0x49c/0x900 [ 610.292463][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 610.297709][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 610.302564][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.307891][ C1] ? __import_iovec+0x536/0x820 [ 610.312830][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 610.317808][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 610.323162][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 610.328767][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.334113][ C1] __sock_sendmsg+0x221/0x270 [ 610.338941][ C1] ____sys_sendmsg+0x525/0x7d0 [ 610.343790][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 610.349227][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 610.353893][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 610.359093][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 610.365171][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 610.371589][ C1] ? exc_page_fault+0x590/0x8c0 [ 610.376487][ C1] ? do_syscall_64+0xb6/0x230 [ 610.381216][ C1] do_syscall_64+0xf3/0x230 [ 610.385882][ C1] ? clear_bhb_loop+0x35/0x90 [ 610.390600][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.396556][ C1] RIP: 0033:0x7f278df75b59 [ 610.401002][ C1] RSP: 002b:00007f278ed2f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 610.409491][ C1] RAX: ffffffffffffffda RBX: 00007f278e1062c0 RCX: 00007f278df75b59 [ 610.417616][ C1] RDX: 0000000000000000 RSI: 0000000020005840 RDI: 0000000000000009 [ 610.425650][ C1] RBP: 00007f278dfe4e5d R08: 0000000000000000 R09: 0000000000000000 [ 610.433683][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.441711][ C1] R13: 000000000000006e R14: 00007f278e1062c0 R15: 00007ffd5121f448 [ 610.449828][ C1] [ 610.452909][ C1] DEBUG: waiting rtnl_mutex for 1287 jiffies. [ 610.458996][ C1] task:syz-executor state:D stack:21728 pid:10557 tgid:10557 ppid:10544 flags:0x00004000 [ 610.469325][ C1] Call Trace: [ 610.472668][ C1] [ 610.475632][ C1] __schedule+0x1800/0x4a60 [ 610.480211][ C1] ? __pfx___schedule+0x10/0x10 [ 610.485141][ C1] ? __pfx_lock_release+0x10/0x10 [ 610.490233][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 610.495771][ C1] ? schedule+0x90/0x320 [ 610.500055][ C1] schedule+0x14b/0x320 [ 610.504289][ C1] schedule_preempt_disabled+0x13/0x30 [ 610.509796][ C1] __mutex_lock+0x6a4/0xd70 [ 610.514384][ C1] ? __mutex_lock+0x527/0xd70 [ 610.519106][ C1] ? rtnetlink_rcv_msg+0x6eb/0xd00 [ 610.524293][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 610.529408][ C1] ? get_rtnl_holder+0x144/0x190 [ 610.534413][ C1] rtnetlink_rcv_msg+0x6eb/0xd00 [ 610.539400][ C1] ? rtnetlink_rcv_msg+0x1a7/0xd00 [ 610.544606][ C1] ? __lock_acquire+0x1384/0x2050 [ 610.549698][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 610.555426][ C1] netlink_rcv_skb+0x1e3/0x430 [ 610.560244][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 610.565800][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 610.571252][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 610.576532][ C1] netlink_unicast+0x7f6/0x990 [ 610.581347][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 610.586722][ C1] ? __virt_addr_valid+0x183/0x530 [ 610.591910][ C1] ? __check_object_size+0x49c/0x900 [ 610.597581][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 610.602770][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 610.607589][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.613118][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 610.618202][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 610.623551][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 610.629061][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.634493][ C1] __sock_sendmsg+0x221/0x270 [ 610.639225][ C1] __sys_sendto+0x3a4/0x4f0 [ 610.643809][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 610.648886][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 610.654174][ C1] ? blkcg_maybe_throttle_current+0x1ab/0xb80 [ 610.660307][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 610.666364][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 610.672775][ C1] __x64_sys_sendto+0xde/0x100 [ 610.677586][ C1] do_syscall_64+0xf3/0x230 [ 610.682262][ C1] ? clear_bhb_loop+0x35/0x90 [ 610.686985][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.693035][ C1] RIP: 0033:0x7f4ba0d778ec [ 610.697480][ C1] RSP: 002b:00007fffbb3392b0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 610.705968][ C1] RAX: ffffffffffffffda RBX: 00007f4ba1a34620 RCX: 00007f4ba0d778ec [ 610.714005][ C1] RDX: 000000000000003c RSI: 00007f4ba1a34670 RDI: 0000000000000003 [ 610.722031][ C1] RBP: 0000000000000000 R08: 00007fffbb339304 R09: 000000000000000c [ 610.730122][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 610.738154][ C1] R13: 0000000000000000 R14: 00007f4ba1a34670 R15: 0000000000000000 [ 610.746219][ C1] [ 610.749266][ C1] DEBUG: holding rtnl_mutex for 1305 jiffies. [ 610.755381][ C1] task:kworker/u8:7 state:R running task stack:20144 pid:2465 tgid:2465 ppid:2 flags:0x00004008 [ 610.767231][ C1] Workqueue: netns cleanup_net [ 610.772109][ C1] Call Trace: [ 610.775499][ C1] [ 610.778369][ C1] sched_show_task+0x506/0x6d0 [ 610.783209][ C1] ? report_rtnl_holders+0x2a5/0x400 [ 610.788537][ C1] ? __pfx__printk+0x10/0x10 [ 610.793213][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 610.798534][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 610.804493][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 610.810881][ C1] report_rtnl_holders+0x327/0x400 [ 610.816077][ C1] call_timer_fn+0x18e/0x650 [ 610.820709][ C1] ? call_timer_fn+0xc0/0x650 [ 610.825474][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 610.831152][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 610.836343][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 610.842135][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 610.847813][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 610.853521][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 610.858756][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 610.864021][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 610.869692][ C1] __run_timer_base+0x66a/0x8e0 [ 610.874635][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 610.880062][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 610.886564][ C1] run_timer_softirq+0xb7/0x170 [ 610.891588][ C1] handle_softirqs+0x2c4/0x970 [ 610.896396][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 610.901204][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 610.906567][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 610.911843][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 610.916470][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 610.921749][ C1] irq_exit_rcu+0x9/0x30 [ 610.926032][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 610.931741][ C1] [ 610.934694][ C1] [ 610.937650][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 610.943699][ C1] RIP: 0010:preempt_schedule_irq+0xf6/0x1c0 [ 610.949632][ C1] Code: 89 f5 49 c1 ed 03 eb 0d 48 f7 03 08 00 00 00 0f 84 8b 00 00 00 bf 01 00 00 00 e8 05 03 c6 f5 e8 60 ae fe f5 fb bf 01 00 00 00 55 ad ff ff 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 65 6b 5e f6 48 [ 610.969315][ C1] RSP: 0018:ffffc9000917f460 EFLAGS: 00000286 [ 610.975459][ C1] RAX: 9a417fb5bef74300 RBX: 1ffff9200122fe94 RCX: ffffffff817023ea [ 610.983497][ C1] RDX: dffffc0000000000 RSI: ffffffff8bcad5c0 RDI: 0000000000000001 [ 610.991498][ C1] RBP: ffffc9000917f510 R08: ffffffff9300f80f R09: 1ffffffff2601f01 [ 610.999537][ C1] R10: dffffc0000000000 R11: fffffbfff2601f02 R12: 1ffff9200122fe8c [ 611.007584][ C1] R13: 1ffff9200122fe90 R14: ffffc9000917f480 R15: dffffc0000000000 [ 611.015626][ C1] ? mark_lock+0x9a/0x360 [ 611.020012][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 611.025823][ C1] irqentry_exit+0x5e/0x90 [ 611.030283][ C1] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 611.035811][ C1] RIP: 0010:synchronize_rcu+0x0/0x360 [ 611.041239][ C1] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 05 20 81 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 611.042386][ T4497] Bluetooth: hci7: command tx timeout [ 611.060899][ C1] RSP: 0018:ffffc9000917f5d8 EFLAGS: 00000206 [ 611.060934][ C1] RAX: dffffc0000000000 RBX: 1ffff9200122fec4 RCX: ffffffff94807903 [ 611.060957][ C1] RDX: 0000000000000001 RSI: ffffffff8bcae2a0 RDI: ffffffff8c20a760 [ 611.088975][ C1] RBP: ffffc9000917f6b8 R08: ffffffff947fdae7 R09: 1ffffffff28ffb5c [ 611.097014][ C1] R10: dffffc0000000000 R11: fffffbfff28ffb5d R12: ffffffff947faec8 [ 611.105050][ C1] R13: 1ffff9200122fec0 R14: 0000000000000206 R15: ffffc9000917f620 [ 611.113104][ C1] lockdep_unregister_key+0x4b7/0x540 [ 611.118531][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 611.124506][ C1] ? rcu_is_watching+0x15/0xb0 [ 611.129302][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 611.133959][ C1] __qdisc_destroy+0x165/0x410 [ 611.138757][ C1] dev_shutdown+0x357/0x450 [ 611.143341][ C1] unregister_netdevice_many_notify+0x97b/0x1c40 [ 611.149737][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 611.156590][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 611.162564][ C1] ? batadv_softif_destroy_netlink+0x1e3/0x270 [ 611.168849][ C1] default_device_exit_batch+0xa0f/0xa90 [ 611.174566][ C1] ? __pfx___might_resched+0x10/0x10 [ 611.179892][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 611.186128][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 611.191457][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 611.197693][ C1] cleanup_net+0x89d/0xcc0 [ 611.202205][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 611.207208][ C1] ? process_scheduled_works+0x945/0x1830 [ 611.213005][ C1] process_scheduled_works+0xa2c/0x1830 [ 611.218626][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 611.224690][ C1] ? assign_work+0x364/0x3d0 [ 611.229337][ C1] worker_thread+0x86d/0xd40 [ 611.234024][ C1] ? __kthread_parkme+0x169/0x1d0 [ 611.239097][ C1] ? __pfx_worker_thread+0x10/0x10 [ 611.244283][ C1] kthread+0x2f0/0x390 [ 611.248384][ C1] ? __pfx_worker_thread+0x10/0x10 [ 611.253565][ C1] ? __pfx_kthread+0x10/0x10 [ 611.258191][ C1] ret_from_fork+0x4b/0x80 [ 611.262687][ C1] ? __pfx_kthread+0x10/0x10 [ 611.267305][ C1] ret_from_fork_asm+0x1a/0x30 [ 611.272166][ C1] [ 611.275206][ C1] DEBUG: waiting rtnl_mutex for 1358 jiffies. [ 611.281303][ C1] task:syz-executor state:D stack:21728 pid:10525 tgid:10525 ppid:10512 flags:0x00000000 [ 611.292159][ C1] Call Trace: [ 611.295484][ C1] [ 611.298443][ C1] __schedule+0x1800/0x4a60 [ 611.303041][ C1] ? __pfx___schedule+0x10/0x10 [ 611.307930][ C1] ? __pfx_lock_release+0x10/0x10 [ 611.313030][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 611.318535][ C1] ? schedule+0x90/0x320 [ 611.322850][ C1] schedule+0x14b/0x320 [ 611.327046][ C1] schedule_preempt_disabled+0x13/0x30 [ 611.332601][ C1] __mutex_lock+0x6a4/0xd70 [ 611.337172][ C1] ? __mutex_lock+0x527/0xd70 [ 611.342011][ C1] ? rtnetlink_rcv_msg+0x6eb/0xd00 [ 611.347167][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 611.352272][ C1] ? get_rtnl_holder+0x144/0x190 [ 611.357246][ C1] rtnetlink_rcv_msg+0x6eb/0xd00 [ 611.362260][ C1] ? rtnetlink_rcv_msg+0x1a7/0xd00 [ 611.367424][ C1] ? __lock_acquire+0x1384/0x2050 [ 611.372531][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 611.372968][ T4497] Bluetooth: hci8: command tx timeout [ 611.378035][ C1] netlink_rcv_skb+0x1e3/0x430 [ 611.388711][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 611.394269][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 611.399627][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 611.404906][ C1] netlink_unicast+0x7f6/0x990 [ 611.409733][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 611.415088][ C1] ? __virt_addr_valid+0x183/0x530 [ 611.420243][ C1] ? __check_object_size+0x49c/0x900 [ 611.425594][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 611.430748][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 611.435594][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 611.440911][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 611.446975][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 611.451981][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 611.457294][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 611.462840][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 611.468188][ C1] __sock_sendmsg+0x221/0x270 [ 611.472963][ C1] __sys_sendto+0x3a4/0x4f0 [ 611.477531][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 611.482692][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 611.488733][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 611.495153][ C1] __x64_sys_sendto+0xde/0x100 [ 611.499969][ C1] do_syscall_64+0xf3/0x230 [ 611.504563][ C1] ? clear_bhb_loop+0x35/0x90 [ 611.509287][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.515249][ C1] RIP: 0033:0x7f6a70d778ec [ 611.519692][ C1] RSP: 002b:00007ffe57fa3bb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 611.528195][ C1] RAX: ffffffffffffffda RBX: 00007f6a71a34620 RCX: 00007f6a70d778ec [ 611.536249][ C1] RDX: 0000000000000028 RSI: 00007f6a71a34670 RDI: 0000000000000003 [ 611.544300][ C1] RBP: 0000000000000000 R08: 00007ffe57fa3c04 R09: 000000000000000c [ 611.552333][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 611.560865][ C1] R13: 0000000000000000 R14: 00007f6a71a34670 R15: 0000000000000000 [ 611.568919][ C1] [ 611.571995][ C1] DEBUG: waiting rtnl_mutex for 1372 jiffies. [ 611.578085][ C1] task:kworker/1:6 state:D stack:22384 pid:7720 tgid:7720 ppid:2 flags:0x00004000 [ 611.588421][ C1] Workqueue: events linkwatch_event [ 611.593693][ C1] Call Trace: [ 611.596997][ C1] [ 611.599957][ C1] __schedule+0x1800/0x4a60 [ 611.604570][ C1] ? __pfx___schedule+0x10/0x10 [ 611.609470][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 611.615529][ C1] ? __pfx_lock_release+0x10/0x10 [ 611.620596][ C1] ? kick_pool+0x1bd/0x620 [ 611.625094][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 611.630327][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 611.635594][ C1] ? schedule+0x90/0x320 [ 611.639874][ C1] schedule+0x14b/0x320 [ 611.644103][ C1] schedule_preempt_disabled+0x13/0x30 [ 611.649606][ C1] __mutex_lock+0x6a4/0xd70 [ 611.654185][ C1] ? __mutex_lock+0x527/0xd70 [ 611.658907][ C1] ? linkwatch_event+0xe/0x60 [ 611.663649][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 611.668725][ C1] ? get_rtnl_holder+0x144/0x190 [ 611.673727][ C1] ? process_scheduled_works+0x945/0x1830 [ 611.679490][ C1] linkwatch_event+0xe/0x60 [ 611.684058][ C1] process_scheduled_works+0xa2c/0x1830 [ 611.689680][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 611.695739][ C1] ? assign_work+0x364/0x3d0 [ 611.700379][ C1] worker_thread+0x86d/0xd40 [ 611.705069][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 611.711005][ C1] ? __kthread_parkme+0x169/0x1d0 [ 611.716271][ C1] ? __pfx_worker_thread+0x10/0x10 [ 611.721602][ C1] kthread+0x2f0/0x390 [ 611.725714][ C1] ? __pfx_worker_thread+0x10/0x10 [ 611.730883][ C1] ? __pfx_kthread+0x10/0x10 [ 611.735547][ C1] ret_from_fork+0x4b/0x80 [ 611.740013][ C1] ? __pfx_kthread+0x10/0x10 [ 611.744679][ C1] ret_from_fork_asm+0x1a/0x30 [ 611.749514][ C1] [ 611.752595][ C1] DEBUG: waiting rtnl_mutex for 1364 jiffies. [ 611.758683][ C1] task:syz.1.1508 state:D stack:23800 pid:10649 tgid:10648 ppid:9623 flags:0x00004004 [ 611.768934][ C1] Call Trace: [ 611.772275][ C1] [ 611.775254][ C1] __schedule+0x1800/0x4a60 [ 611.779830][ C1] ? __pfx___schedule+0x10/0x10 [ 611.784771][ C1] ? __pfx_lock_release+0x10/0x10 [ 611.789841][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 611.795379][ C1] ? schedule+0x90/0x320 [ 611.799658][ C1] schedule+0x14b/0x320 [ 611.803886][ C1] schedule_preempt_disabled+0x13/0x30 [ 611.809401][ C1] __mutex_lock+0x6a4/0xd70 [ 611.813980][ C1] ? __mutex_lock+0x527/0xd70 [ 611.818706][ C1] ? nl80211_pre_doit+0x5f/0x8b0 [ 611.823722][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 611.828797][ C1] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 611.835294][ C1] ? get_rtnl_holder+0x144/0x190 [ 611.840301][ C1] nl80211_pre_doit+0x5f/0x8b0 [ 611.845160][ C1] genl_rcv_msg+0xaaa/0xec0 [ 611.849709][ C1] ? mark_lock+0x9a/0x360 [ 611.854119][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 611.859214][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 611.864309][ C1] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 611.869720][ C1] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 611.875081][ C1] ? __pfx_nl80211_post_doit+0x10/0x10 [ 611.880589][ C1] ? __pfx___might_resched+0x10/0x10 [ 611.885960][ C1] netlink_rcv_skb+0x1e3/0x430 [ 611.890784][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 611.895890][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 611.901258][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 611.906802][ C1] genl_rcv+0x28/0x40 [ 611.910825][ C1] netlink_unicast+0x7f6/0x990 [ 611.915680][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 611.921006][ C1] ? __virt_addr_valid+0x183/0x530 [ 611.926191][ C1] ? __check_object_size+0x49c/0x900 [ 611.931518][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 611.936710][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 611.941524][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 611.946891][ C1] ? __import_iovec+0x536/0x820 [ 611.951818][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 611.956801][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 611.962143][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 611.967649][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 611.972999][ C1] __sock_sendmsg+0x221/0x270 [ 611.977747][ C1] ____sys_sendmsg+0x525/0x7d0 [ 611.982601][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 611.987956][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 611.992666][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 611.997872][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 612.004277][ C1] ? do_syscall_64+0x100/0x230 [ 612.009097][ C1] ? do_syscall_64+0xb6/0x230 [ 612.013855][ C1] do_syscall_64+0xf3/0x230 [ 612.018409][ C1] ? clear_bhb_loop+0x35/0x90 [ 612.023158][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.029088][ C1] RIP: 0033:0x7f34e9f75b59 [ 612.033563][ C1] RSP: 002b:00007f34e99ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 612.042057][ C1] RAX: ffffffffffffffda RBX: 00007f34ea105f60 RCX: 00007f34e9f75b59 [ 612.050063][ C1] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000009 [ 612.058100][ C1] RBP: 00007f34e9fe4e5d R08: 0000000000000000 R09: 0000000000000000 [ 612.066479][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.074685][ C1] R13: 000000000000000b R14: 00007f34ea105f60 R15: 00007ffe228de248 [ 612.082758][ C1] [ 612.085805][ C1] DEBUG: waiting rtnl_mutex for 1383 jiffies. [ 612.091941][ C1] task:syz.0.1509 state:D stack:25744 pid:10652 tgid:10650 ppid:8488 flags:0x00004004 [ 612.102193][ C1] Call Trace: [ 612.105497][ C1] [ 612.108459][ C1] __schedule+0x1800/0x4a60 [ 612.113064][ C1] ? __pfx___schedule+0x10/0x10 [ 612.117963][ C1] ? __pfx_lock_release+0x10/0x10 [ 612.123072][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 612.128578][ C1] ? schedule+0x90/0x320 [ 612.132969][ C1] schedule+0x14b/0x320 [ 612.137172][ C1] schedule_preempt_disabled+0x13/0x30 [ 612.142694][ C1] __mutex_lock+0x6a4/0xd70 [ 612.147247][ C1] ? __mutex_lock+0x527/0xd70 [ 612.152007][ C1] ? team_nl_options_set_doit+0x9b/0x1090 [ 612.157770][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 612.162871][ C1] ? __nla_validate_parse+0x27eb/0x3090 [ 612.168465][ C1] ? get_rtnl_holder+0x144/0x190 [ 612.173480][ C1] team_nl_options_set_doit+0x9b/0x1090 [ 612.179069][ C1] ? __pfx___nla_validate_parse+0x10/0x10 [ 612.184879][ C1] ? __pfx_team_nl_options_set_doit+0x10/0x10 [ 612.191011][ C1] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 612.197327][ C1] ? __nla_parse+0x40/0x60 [ 612.201833][ C1] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 612.208213][ C1] genl_rcv_msg+0xb14/0xec0 [ 612.212792][ C1] ? mark_lock+0x9a/0x360 [ 612.217205][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 612.222338][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 612.227417][ C1] ? __pfx_team_nl_options_set_doit+0x10/0x10 [ 612.233553][ C1] ? __pfx___might_resched+0x10/0x10 [ 612.238906][ C1] netlink_rcv_skb+0x1e3/0x430 [ 612.243752][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 612.248831][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 612.254212][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 612.259723][ C1] genl_rcv+0x28/0x40 [ 612.263769][ C1] netlink_unicast+0x7f6/0x990 [ 612.268589][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 612.273946][ C1] ? __virt_addr_valid+0x183/0x530 [ 612.279102][ C1] ? __check_object_size+0x49c/0x900 [ 612.284465][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 612.289647][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 612.294594][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 612.300013][ C1] ? __import_iovec+0x536/0x820 [ 612.304932][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 612.310017][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 612.315371][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 612.320881][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 612.326253][ C1] __sock_sendmsg+0x221/0x270 [ 612.331129][ C1] ____sys_sendmsg+0x525/0x7d0 [ 612.336003][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 612.341348][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 612.346009][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 612.351228][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 612.357638][ C1] ? do_syscall_64+0x100/0x230 [ 612.362486][ C1] ? do_syscall_64+0xb6/0x230 [ 612.367231][ C1] do_syscall_64+0xf3/0x230 [ 612.371810][ C1] ? clear_bhb_loop+0x35/0x90 [ 612.376535][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.382519][ C1] RIP: 0033:0x7fec12975b59 [ 612.386962][ C1] RSP: 002b:00007fec137d9048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 612.395463][ C1] RAX: ffffffffffffffda RBX: 00007fec12b05f60 RCX: 00007fec12975b59 [ 612.403514][ C1] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 612.411513][ C1] RBP: 00007fec129e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 612.419563][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.427633][ C1] R13: 000000000000000b R14: 00007fec12b05f60 R15: 00007ffec54d0da8 [ 612.435701][ C1] [ 612.438840][ C1] [ 612.438840][ C1] Showing all locks held in the system: [ 612.446620][ C1] 3 locks held by kworker/u8:4/63: [ 612.451786][ C1] #0: ffff8880b943ea18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 612.461916][ C1] #1: ffff8880b9428948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770 [ 612.473436][ C1] #2: ffffffff8e337aa0 (rcu_read_lock){....}-{1:2}, at: batadv_nc_worker+0xcb/0x610 [ 612.483068][ C1] 6 locks held by kworker/u8:7/2465: [ 612.488381][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 612.499372][ C1] #1: ffffc9000917fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 612.510036][ C1] #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 612.519572][ C1] #3: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 612.529701][ C1] #4: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 612.539927][ C1] #5: ffffffff8e337aa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 612.549919][ C1] 2 locks held by getty/4856: [ 612.554665][ C1] #0: ffff88802a6670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 612.564559][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 612.574882][ C1] 3 locks held by syz-executor/5090: [ 612.580200][ C1] #0: ffff88801f742220 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 [ 612.590588][ C1] #1: ffff88802f39e518 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x1f0/0xdf0 [ 612.600369][ C1] #2: ffff88802a41a958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1e94/0x2110 [ 612.610167][ C1] 3 locks held by kworker/1:6/7720: [ 612.615453][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 612.626557][ C1] #1: ffffc9000938fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 612.637689][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 612.646832][ C1] 1 lock held by syz.0.737/7785: [ 612.651846][ C1] 3 locks held by kworker/u8:13/10135: [ 612.657332][ C1] #0: ffff88802983d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 612.669035][ C1] #1: ffffc900092f7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 612.682836][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 612.692473][ C1] 1 lock held by syz-executor/10525: [ 612.697794][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 612.707321][ C1] 1 lock held by syz-executor/10557: [ 612.712676][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 612.722215][ C1] 2 locks held by syz.1.1508/10649: [ 612.727440][ C1] #0: ffffffff8f66f490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 612.735742][ C1] #1: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 612.745122][ C1] 3 locks held by syz.0.1509/10652: [ 612.750344][ C1] #0: ffffffff8f66f490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 612.758638][ C1] #1: ffffffff8f66f348 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 612.767733][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: team_nl_options_set_doit+0x9b/0x1090 [ 612.777898][ C1] 1 lock held by syz.4.1514/10667: [ 612.783069][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 612.792593][ C1] 1 lock held by syz.4.1514/10668: [ 612.797738][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 612.807255][ C1] 1 lock held by syz.4.1514/10669: [ 612.812418][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 612.821938][ C1] 1 lock held by syz-executor/10673: [ 612.827247][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 612.836774][ C1] 1 lock held by syz-executor/10675: [ 612.842115][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 612.852241][ C1] [ 612.854588][ C1] ============================================= [ 612.854588][ C1] [ 612.968364][T10525] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 612.991724][T10525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.081705][T10525] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 613.104625][T10525] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 613.121833][T10525] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.122390][ T4497] Bluetooth: hci7: command tx timeout [ 613.174383][T10525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 613.246659][T10668] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1514'. [ 613.450904][ T4497] Bluetooth: hci8: command tx timeout [ 613.667564][T10675] ip6gretap0 speed is unknown, defaulting to 1000 [ 613.946282][ T9172] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 613.979390][ T9172] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 613.984169][T10673] ip6gretap0 speed is unknown, defaulting to 1000 [ 613.997305][ T9172] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 614.013782][ T9172] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 614.031120][ T9172] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 614.041915][ T9172] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 614.204208][T10525] hsr_slave_0: entered promiscuous mode [ 614.227835][T10525] hsr_slave_1: entered promiscuous mode [ 614.258574][T10525] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 614.278759][T10525] Cannot create hsr debugfs directory [ 614.563658][T10557] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.570925][T10557] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.585450][T10557] bridge_slave_0: entered allmulticast mode [ 614.593307][T10557] bridge_slave_0: entered promiscuous mode [ 614.627439][T10679] ip6gretap0 speed is unknown, defaulting to 1000 [ 614.635320][T10557] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.649924][T10557] bridge0: port 2(bridge_slave_1) entered disabled state [ 614.657342][T10557] bridge_slave_1: entered allmulticast mode [ 614.665278][T10557] bridge_slave_1: entered promiscuous mode [ 614.918926][T10557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 614.939556][T10557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 615.142144][T10557] team0: Port device team_slave_0 added [ 615.202382][ T9172] Bluetooth: hci7: command tx timeout [ 615.280617][T10557] team0: Port device team_slave_1 added [ 615.522711][ T9172] Bluetooth: hci8: command tx timeout [ 615.606992][T10557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 615.614756][T10557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.641632][T10557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.657271][T10557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 615.664343][T10557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 615.691142][T10557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 615.873279][T10673] chnl_net:caif_netlink_parms(): no params data found [ 616.063532][T10675] chnl_net:caif_netlink_parms(): no params data found [ 616.081897][ T9172] Bluetooth: hci3: command tx timeout [ 616.127768][T10557] hsr_slave_0: entered promiscuous mode [ 616.151362][T10557] hsr_slave_1: entered promiscuous mode [ 616.175540][T10557] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 616.183343][T10557] Cannot create hsr debugfs directory [ 616.308055][ T2465] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.549947][ T2465] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.660750][T10673] bridge0: port 1(bridge_slave_0) entered blocking state [ 616.669343][T10673] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.681944][T10673] bridge_slave_0: entered allmulticast mode [ 616.689657][T10673] bridge_slave_0: entered promiscuous mode [ 616.839217][ T2465] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.862921][T10673] bridge0: port 2(bridge_slave_1) entered blocking state [ 616.882148][T10673] bridge0: port 2(bridge_slave_1) entered disabled state [ 616.889482][T10673] bridge_slave_1: entered allmulticast mode [ 616.898786][T10673] bridge_slave_1: entered promiscuous mode [ 616.984961][T10679] chnl_net:caif_netlink_parms(): no params data found [ 617.115391][ T2465] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.247515][T10673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 617.257351][T10675] bridge0: port 1(bridge_slave_0) entered blocking state [ 617.265708][T10675] bridge0: port 1(bridge_slave_0) entered disabled state [ 617.276044][T10675] bridge_slave_0: entered allmulticast mode [ 617.282052][ T9172] Bluetooth: hci7: command tx timeout [ 617.292864][T10675] bridge_slave_0: entered promiscuous mode [ 617.303618][T10675] bridge0: port 2(bridge_slave_1) entered blocking state [ 617.322074][T10675] bridge0: port 2(bridge_slave_1) entered disabled state [ 617.329485][T10675] bridge_slave_1: entered allmulticast mode [ 617.353244][T10675] bridge_slave_1: entered promiscuous mode [ 617.448904][T10673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 617.609846][ T9172] Bluetooth: hci8: command tx timeout [ 617.721049][T10675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 617.911301][T10673] team0: Port device team_slave_0 added [ 617.925175][T10675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 618.024869][T10679] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.041716][T10679] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.049067][T10679] bridge_slave_0: entered allmulticast mode [ 618.073052][T10679] bridge_slave_0: entered promiscuous mode [ 618.092237][T10679] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.099431][T10679] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.127510][T10679] bridge_slave_1: entered allmulticast mode [ 618.135584][T10679] bridge_slave_1: entered promiscuous mode [ 618.162777][ T9172] Bluetooth: hci3: command tx timeout [ 618.164014][T10673] team0: Port device team_slave_1 added [ 618.273913][T10675] team0: Port device team_slave_0 added [ 618.280943][T10525] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 618.308941][T10525] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 618.412085][T10557] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.537472][T10673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 618.544624][T10673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.571078][T10673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 618.585300][T10675] team0: Port device team_slave_1 added [ 618.592289][T10525] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 618.635220][T10679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 618.653803][T10679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 618.745494][T10557] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 618.814017][T10673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 618.821028][T10673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.847323][T10673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 618.933776][T10525] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 619.044927][ T2465] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 619.107967][T10557] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 619.158906][T10675] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 619.170104][T10675] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.196684][T10675] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 619.216095][T10675] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 619.240735][T10675] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.287668][T10675] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 619.322705][T10679] team0: Port device team_slave_0 added [ 619.384097][ T2465] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 619.474660][T10557] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 619.543868][T10673] hsr_slave_0: entered promiscuous mode [ 619.553627][T10673] hsr_slave_1: entered promiscuous mode [ 619.572031][T10673] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 619.579671][T10673] Cannot create hsr debugfs directory [ 619.644662][T10679] team0: Port device team_slave_1 added [ 619.745504][ T2465] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 619.869329][T10679] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 619.893836][T10679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.920355][T10679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 619.943817][T10679] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 619.950825][T10679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.046746][T10679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 620.084545][ T2465] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.241836][ T9172] Bluetooth: hci3: command tx timeout [ 620.265927][T10675] hsr_slave_0: entered promiscuous mode [ 620.272997][T10675] hsr_slave_1: entered promiscuous mode [ 620.279475][T10675] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 620.287504][T10675] Cannot create hsr debugfs directory [ 620.470326][T10679] hsr_slave_0: entered promiscuous mode [ 620.482079][T10679] hsr_slave_1: entered promiscuous mode [ 620.488940][T10679] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 620.512066][T10679] Cannot create hsr debugfs directory [ 620.776755][T10557] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 620.802373][T10557] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 620.957848][T10557] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 621.001838][T10557] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 621.270381][ T2465] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.456749][ T2465] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.747280][ T2465] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.943529][ T2465] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 621.983754][T10525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 622.058954][T10525] 8021q: adding VLAN 0 to HW filter on device team0 [ 622.173403][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 622.180656][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 622.299567][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 622.306844][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 622.321791][ T9172] Bluetooth: hci3: command tx timeout [ 622.419114][T10557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 622.569021][ T2465] bridge_slave_1: left allmulticast mode [ 622.582092][ T2465] bridge_slave_1: left promiscuous mode [ 622.587930][ T2465] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.630366][ T2465] bridge_slave_0: left allmulticast mode [ 622.653644][ T2465] bridge_slave_0: left promiscuous mode [ 622.659537][ T2465] bridge0: port 1(bridge_slave_0) entered disabled state [ 622.682907][ T2465] bridge_slave_1: left allmulticast mode [ 622.688660][ T2465] bridge_slave_1: left promiscuous mode [ 622.696518][ T2465] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.713990][ T2465] bridge_slave_0: left allmulticast mode [ 622.719709][ T2465] bridge_slave_0: left promiscuous mode [ 622.728588][ T2465] bridge0: port 1(bridge_slave_0) entered disabled state [ 622.745101][ T2465] bridge_slave_1: left allmulticast mode [ 622.750788][ T2465] bridge_slave_1: left promiscuous mode [ 622.773295][ T2465] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.794673][ T2465] bridge_slave_0: left allmulticast mode [ 622.802952][ T2465] bridge_slave_0: left promiscuous mode [ 622.808766][ T2465] bridge0: port 1(bridge_slave_0) entered disabled state [ 622.833796][ T2465] bridge_slave_1: left allmulticast mode [ 622.839519][ T2465] bridge_slave_1: left promiscuous mode [ 622.847574][ T2465] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.864906][ T2465] bridge_slave_0: left allmulticast mode [ 622.870774][ T2465] bridge_slave_0: left promiscuous mode [ 622.877914][ T2465] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.652420][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.658779][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.723565][ T2465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 625.745655][ T2465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 625.771908][ T2465] bond0 (unregistering): Released all slaves [ 625.804742][ T2465] bond1 (unregistering): Released all slaves [ 626.127403][ T2465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.151897][ T2465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 626.175448][ T2465] bond0 (unregistering): Released all slaves [ 626.452676][ T2465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.480150][ T2465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 626.526145][ T2465] bond0 (unregistering): Released all slaves [ 626.835951][ T2465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.848479][ T2465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 626.875139][ T2465] bond0 (unregistering): Released all slaves [ 627.109427][ T9732] ip6gretap0 speed is unknown, defaulting to 1000 [ 627.143122][T10557] 8021q: adding VLAN 0 to HW filter on device team0 [ 627.217889][T10673] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 627.238798][T10673] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 627.323385][T10673] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 627.361394][T10673] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 627.390432][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 627.397761][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 627.515776][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 627.523062][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 628.406218][T10525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 628.608023][T10673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 628.655381][T10673] 8021q: adding VLAN 0 to HW filter on device team0 [ 628.771147][T10557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 628.795630][ T929] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.802871][ T929] bridge0: port 1(bridge_slave_0) entered forwarding state [ 628.825116][ T929] bridge0: port 2(bridge_slave_1) entered blocking state [ 628.832449][ T929] bridge0: port 2(bridge_slave_1) entered forwarding state [ 629.039087][T10525] veth0_vlan: entered promiscuous mode [ 629.185913][T10675] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 629.232344][T10525] veth1_vlan: entered promiscuous mode [ 629.240299][T10675] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 629.422142][T10675] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 629.439759][T10675] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 629.534171][ T2465] hsr_slave_0: left promiscuous mode [ 629.552164][ T2465] hsr_slave_1: left promiscuous mode [ 629.563197][ T2465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 629.570687][ T2465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 629.591911][ T2465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 629.599501][ T2465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 629.614904][ T2465] hsr_slave_0: left promiscuous mode [ 629.621169][ T2465] hsr_slave_1: left promiscuous mode [ 629.627843][ T2465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 629.636576][ T2465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 629.656450][ T2465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 629.671968][ T2465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 629.707714][ T2465] hsr_slave_0: left promiscuous mode [ 629.714577][ T2465] hsr_slave_1: left promiscuous mode [ 629.733994][ T2465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 629.741496][ T2465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 629.772240][ T2465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 629.779772][ T2465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 629.816060][ T2465] hsr_slave_0: left promiscuous mode [ 629.822748][ T2465] hsr_slave_1: left promiscuous mode [ 629.828959][ T2465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 629.836816][ T2465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 629.847325][ T2465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 629.855722][ T2465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 630.006193][ T2465] veth1_macvtap: left promiscuous mode [ 630.021660][ T2465] veth0_macvtap: left promiscuous mode [ 630.027370][ T2465] veth1_vlan: left promiscuous mode [ 630.033059][ T2465] veth0_vlan: left promiscuous mode [ 630.042414][ T2465] veth1_macvtap: left promiscuous mode [ 630.048045][ T2465] veth0_macvtap: left promiscuous mode [ 630.054004][ T2465] veth1_vlan: left promiscuous mode [ 630.059390][ T2465] @ÿ: left promiscuous mode [ 630.073524][ T2465] veth1_macvtap: left promiscuous mode [ 630.079119][ T2465] veth0_macvtap: left promiscuous mode [ 630.084907][ T2465] veth1_vlan: left promiscuous mode [ 630.090308][ T2465] veth0_vlan: left promiscuous mode [ 630.103876][ T2465] veth1_macvtap: left promiscuous mode [ 630.109464][ T2465] veth0_macvtap: left promiscuous mode [ 630.115288][ T2465] veth1_vlan: left promiscuous mode [ 630.120654][ T2465] veth0_vlan: left promiscuous mode [ 631.862051][ T2465] team0 (unregistering): Port device team_slave_1 removed [ 632.001382][ T2465] team0 (unregistering): Port device team_slave_0 removed [ 634.007391][ T2465] team0 (unregistering): Port device team_slave_1 removed [ 634.098934][ T2465] team0 (unregistering): Port device team_slave_0 removed [ 635.771867][ C1] DEBUG: waiting rtnl_mutex for 574 jiffies. [ 635.777924][ C1] task:kworker/0:6 state:D stack:23680 pid:9732 tgid:9732 ppid:2 flags:0x00004000 [ 635.788256][ C1] Workqueue: events linkwatch_event [ 635.793534][ C1] Call Trace: [ 635.796841][ C1] [ 635.799803][ C1] __schedule+0x1800/0x4a60 [ 635.804407][ C1] ? __pfx___schedule+0x10/0x10 [ 635.809480][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 635.815562][ C1] ? __pfx_lock_release+0x10/0x10 [ 635.820636][ C1] ? kick_pool+0x1bd/0x620 [ 635.825123][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 635.830372][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 635.835636][ C1] ? schedule+0x90/0x320 [ 635.839914][ C1] schedule+0x14b/0x320 [ 635.844396][ C1] schedule_preempt_disabled+0x13/0x30 [ 635.849890][ C1] __mutex_lock+0x6a4/0xd70 [ 635.854462][ C1] ? __mutex_lock+0x527/0xd70 [ 635.859178][ C1] ? linkwatch_event+0xe/0x60 [ 635.864021][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 635.869177][ C1] ? get_rtnl_holder+0x144/0x190 [ 635.874185][ C1] ? process_scheduled_works+0x945/0x1830 [ 635.880040][ C1] linkwatch_event+0xe/0x60 [ 635.884664][ C1] process_scheduled_works+0xa2c/0x1830 [ 635.890287][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 635.896344][ C1] ? assign_work+0x364/0x3d0 [ 635.900978][ C1] worker_thread+0x86d/0xd40 [ 635.905665][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 635.911644][ C1] ? __kthread_parkme+0x169/0x1d0 [ 635.916712][ C1] ? __pfx_worker_thread+0x10/0x10 [ 635.921895][ C1] kthread+0x2f0/0x390 [ 635.925995][ C1] ? __pfx_worker_thread+0x10/0x10 [ 635.931144][ C1] ? __pfx_kthread+0x10/0x10 [ 635.935796][ C1] ret_from_fork+0x4b/0x80 [ 635.940253][ C1] ? __pfx_kthread+0x10/0x10 [ 635.944919][ C1] ret_from_fork_asm+0x1a/0x30 [ 635.949748][ C1] [ 635.952826][ C1] [ 635.952826][ C1] Showing all locks held in the system: [ 635.960571][ C1] 3 locks held by kworker/u8:1/12: [ 635.965739][ C1] #0: ffff88802983d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 635.977438][ C1] #1: ffffc90000117d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 635.990342][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 635.999881][ C1] 7 locks held by kworker/u8:7/2465: [ 636.005220][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 636.016215][ C1] #1: ffffc9000917fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 636.026849][ C1] #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 636.036435][ C1] #3: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 636.046553][ C1] #4: ffffffff8f6dba10 ((inetaddr_chain).rwsem){++++}-{3:3}, at: blocking_notifier_call_chain+0x53/0x90 [ 636.059563][ C1] #5: ffffc90000a18ca0 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 636.069771][ C1] #6: ffffffff8e337aa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 636.079724][ C1] 2 locks held by getty/4856: [ 636.084460][ C1] #0: ffff88802a6670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 636.094322][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 636.104550][ C1] 3 locks held by kworker/0:6/9732: [ 636.109793][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 636.120915][ C1] #1: ffffc90002db7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 636.131997][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 636.141040][ C1] 1 lock held by syz-executor/10525: [ 636.146380][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 636.155893][ C1] 1 lock held by syz-executor/10557: [ 636.161213][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 636.170817][ C1] 1 lock held by syz-executor/10673: [ 636.176159][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 636.185678][ C1] 3 locks held by syz-executor/10675: [ 636.191070][ C1] #0: ffffffff8f66f490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 636.199362][ C1] #1: ffffffff8f66f348 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 636.208520][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: wg_set_device+0x102/0x2160 [ 636.217794][ C1] 7 locks held by syz-executor/10679: [ 636.223222][ C1] #0: ffff88802a526420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 636.232312][ C1] #1: ffff888069250c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 636.242189][ C1] #2: ffff888022f233c8 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 636.252406][ C1] #3: ffffffff8ef0b548 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 [ 636.262879][ C1] #4: ffff88807cdad0e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 636.272229][ C1] #5: ffff88807cdaf250 (&devlink->lock_key#37){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80 [ 636.282362][ C1] #6: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: fib_seq_sum+0x31/0x290 [ 636.291238][ C1] [ 636.293621][ C1] ============================================= [ 636.293621][ C1] [ 637.029323][ T2465] team0 (unregistering): Port device team_slave_1 removed [ 637.172820][ T2465] team0 (unregistering): Port device team_slave_0 removed [ 637.362257][ C1] DEBUG: waiting rtnl_mutex for 733 jiffies. [ 637.368320][ C1] task:kworker/0:6 state:D stack:23680 pid:9732 tgid:9732 ppid:2 flags:0x00004000 [ 637.378610][ C1] Workqueue: events linkwatch_event [ 637.383964][ C1] Call Trace: [ 637.387270][ C1] [ 637.390230][ C1] __schedule+0x1800/0x4a60 [ 637.394868][ C1] ? __pfx___schedule+0x10/0x10 [ 637.399763][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 637.405836][ C1] ? __pfx_lock_release+0x10/0x10 [ 637.410909][ C1] ? kick_pool+0x1bd/0x620 [ 637.415434][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 637.420692][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 637.425976][ C1] ? schedule+0x90/0x320 [ 637.430266][ C1] schedule+0x14b/0x320 [ 637.434534][ C1] schedule_preempt_disabled+0x13/0x30 [ 637.440053][ C1] __mutex_lock+0x6a4/0xd70 [ 637.444731][ C1] ? __mutex_lock+0x527/0xd70 [ 637.449466][ C1] ? linkwatch_event+0xe/0x60 [ 637.454221][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 637.459322][ C1] ? get_rtnl_holder+0x144/0x190 [ 637.464365][ C1] ? process_scheduled_works+0x945/0x1830 [ 637.470136][ C1] linkwatch_event+0xe/0x60 [ 637.474717][ C1] process_scheduled_works+0xa2c/0x1830 [ 637.480334][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 637.486494][ C1] ? assign_work+0x364/0x3d0 [ 637.491121][ C1] worker_thread+0x86d/0xd40 [ 637.495793][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 637.501771][ C1] ? __kthread_parkme+0x169/0x1d0 [ 637.506871][ C1] ? __pfx_worker_thread+0x10/0x10 [ 637.512075][ C1] kthread+0x2f0/0x390 [ 637.516188][ C1] ? __pfx_worker_thread+0x10/0x10 [ 637.521509][ C1] ? __pfx_kthread+0x10/0x10 [ 637.526178][ C1] ret_from_fork+0x4b/0x80 [ 637.530631][ C1] ? __pfx_kthread+0x10/0x10 [ 637.535276][ C1] ret_from_fork_asm+0x1a/0x30 [ 637.540088][ C1] [ 637.543163][ C1] [ 637.543163][ C1] Showing all locks held in the system: [ 637.550900][ C1] 3 locks held by kworker/u8:1/12: [ 637.556068][ C1] #0: ffff88802983d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 637.567792][ C1] #1: ffffc90000117d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 637.580702][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 637.590279][ C1] 3 locks held by kworker/u8:6/2435: [ 637.595625][ C1] 5 locks held by kworker/u8:7/2465: [ 637.600937][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 637.611884][ C1] #1: ffffc9000917fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 637.622532][ C1] #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 637.632207][ C1] #3: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 637.642369][ C1] #4: ffffffff8e33ce78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 637.653364][ C1] 2 locks held by getty/4856: [ 637.658056][ C1] #0: ffff88802a6670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 637.667878][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 637.678099][ C1] 3 locks held by syz.0.737/7785: [ 637.683184][ C1] #0: ffff888078b480a8 (&ctx->uring_lock){+.+.}-{3:3}, at: __se_sys_io_uring_enter+0x1b6a/0x2670 [ 637.693907][ C1] #1: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 637.704129][ C1] #2: ffffffff8e337aa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 637.714152][ C1] 3 locks held by kworker/0:6/9732: [ 637.719829][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 637.730876][ C1] #1: ffffc90002db7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 637.741951][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 637.751096][ C1] 7 locks held by kworker/u8:13/10135: [ 637.756621][ C1] 1 lock held by syz-executor/10525: [ 637.761965][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 637.771458][ C1] 1 lock held by syz-executor/10557: [ 637.776816][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 637.786354][ C1] 1 lock held by syz-executor/10673: [ 637.791877][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 637.801520][ C1] 3 locks held by syz-executor/10675: [ 637.806958][ C1] #0: ffffffff8f66f490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 637.815347][ C1] #1: ffffffff8f66f348 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 637.824440][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: wg_set_device+0x102/0x2160 [ 637.833700][ C1] 7 locks held by syz-executor/10679: [ 637.839261][ C1] #0: ffff88802a526420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 637.848228][ C1] #1: ffff888069250c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 637.858118][ C1] #2: ffff888022f233c8 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 637.868341][ C1] #3: ffffffff8ef0b548 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 [ 637.878995][ C1] #4: ffff88807cdad0e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 637.888541][ C1] #5: ffff88807cdaf250 (&devlink->lock_key#37){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80 [ 637.898696][ C1] #6: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: fib_seq_sum+0x31/0x290 [ 637.907593][ C1] [ 637.909915][ C1] ============================================= [ 637.909915][ C1] [ 638.972019][ C1] DEBUG: waiting rtnl_mutex for 894 jiffies. [ 638.978092][ C1] task:kworker/0:6 state:D stack:23680 pid:9732 tgid:9732 ppid:2 flags:0x00004000 [ 638.988350][ C1] Workqueue: events linkwatch_event [ 638.993627][ C1] Call Trace: [ 638.996932][ C1] [ 638.999895][ C1] __schedule+0x1800/0x4a60 [ 639.004488][ C1] ? __pfx___schedule+0x10/0x10 [ 639.009379][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 639.015434][ C1] ? __pfx_lock_release+0x10/0x10 [ 639.020493][ C1] ? kick_pool+0x1bd/0x620 [ 639.024984][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 639.030217][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 639.035483][ C1] ? schedule+0x90/0x320 [ 639.039756][ C1] schedule+0x14b/0x320 [ 639.043977][ C1] schedule_preempt_disabled+0x13/0x30 [ 639.049482][ C1] __mutex_lock+0x6a4/0xd70 [ 639.054055][ C1] ? __mutex_lock+0x527/0xd70 [ 639.058808][ C1] ? linkwatch_event+0xe/0x60 [ 639.063550][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 639.068635][ C1] ? get_rtnl_holder+0x144/0x190 [ 639.073655][ C1] ? process_scheduled_works+0x945/0x1830 [ 639.079422][ C1] linkwatch_event+0xe/0x60 [ 639.083994][ C1] process_scheduled_works+0xa2c/0x1830 [ 639.089630][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 639.095701][ C1] ? assign_work+0x364/0x3d0 [ 639.100337][ C1] worker_thread+0x86d/0xd40 [ 639.105009][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 639.110944][ C1] ? __kthread_parkme+0x169/0x1d0 [ 639.116044][ C1] ? __pfx_worker_thread+0x10/0x10 [ 639.121200][ C1] kthread+0x2f0/0x390 [ 639.125342][ C1] ? __pfx_worker_thread+0x10/0x10 [ 639.130493][ C1] ? __pfx_kthread+0x10/0x10 [ 639.135137][ C1] ret_from_fork+0x4b/0x80 [ 639.139601][ C1] ? __pfx_kthread+0x10/0x10 [ 639.144255][ C1] ret_from_fork_asm+0x1a/0x30 [ 639.149078][ C1] [ 639.152148][ C1] [ 639.152148][ C1] Showing all locks held in the system: [ 639.159875][ C1] 3 locks held by kworker/u8:1/12: [ 639.165035][ C1] #0: ffff88802983d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 639.176709][ C1] #1: ffffc90000117d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 639.189631][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 639.199154][ C1] 4 locks held by kworker/u8:4/63: [ 639.204319][ C1] #0: ffff88802aa47948 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 639.215734][ C1] #1: ffffc900015e7d00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 639.228971][ C1] #2: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 639.239166][ C1] #3: ffffffff8e337aa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 639.249140][ C1] 5 locks held by kworker/u8:7/2465: [ 639.254479][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 639.265466][ C1] #1: ffffc9000917fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 639.276099][ C1] #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 639.285610][ C1] #3: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 639.295739][ C1] #4: ffffffff8e33ce78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 639.306751][ C1] 2 locks held by getty/4856: [ 639.311445][ C1] #0: ffff88802a6670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 639.321304][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 639.331518][ C1] 3 locks held by kworker/0:6/9732: [ 639.336770][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 639.347845][ C1] #1: ffffc90002db7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 639.358920][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 639.368007][ C1] 1 lock held by syz-executor/10525: [ 639.373349][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 639.382867][ C1] 1 lock held by syz-executor/10557: [ 639.388179][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 639.397708][ C1] 1 lock held by syz-executor/10673: [ 639.403051][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 639.412569][ C1] 3 locks held by syz-executor/10675: [ 639.417959][ C1] #0: ffffffff8f66f490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 639.426248][ C1] #1: ffffffff8f66f348 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 639.435389][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: wg_set_device+0x102/0x2160 [ 639.444636][ C1] 7 locks held by syz-executor/10679: [ 639.450026][ C1] #0: ffff88802a526420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 639.459031][ C1] #1: ffff888069250c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 639.469063][ C1] #2: ffff888022f233c8 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 639.479197][ C1] #3: ffffffff8ef0b548 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 [ 639.489671][ C1] #4: ffff88807cdad0e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 639.499010][ C1] #5: ffff88807cdaf250 (&devlink->lock_key#37){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80 [ 639.509230][ C1] #6: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: fib_seq_sum+0x31/0x290 [ 639.518150][ C1] [ 639.520505][ C1] ============================================= [ 639.520505][ C1] [ 640.491993][ T2465] team0 (unregistering): Port device team_slave_1 removed [ 640.562612][ C1] DEBUG: waiting rtnl_mutex for 1053 jiffies. [ 640.568851][ C1] task:kworker/0:6 state:D stack:23680 pid:9732 tgid:9732 ppid:2 flags:0x00004000 [ 640.579121][ C1] Workqueue: events linkwatch_event [ 640.584419][ C1] Call Trace: [ 640.587724][ C1] [ 640.590694][ C1] __schedule+0x1800/0x4a60 [ 640.595311][ C1] ? __pfx___schedule+0x10/0x10 [ 640.600223][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 640.606321][ C1] ? __pfx_lock_release+0x10/0x10 [ 640.611444][ C1] ? kick_pool+0x1bd/0x620 [ 640.615950][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 640.621223][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 640.626495][ C1] ? schedule+0x90/0x320 [ 640.630764][ C1] schedule+0x14b/0x320 [ 640.634983][ C1] schedule_preempt_disabled+0x13/0x30 [ 640.640472][ C1] __mutex_lock+0x6a4/0xd70 [ 640.645054][ C1] ? __mutex_lock+0x527/0xd70 [ 640.649785][ C1] ? linkwatch_event+0xe/0x60 [ 640.654535][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 640.659619][ C1] ? get_rtnl_holder+0x144/0x190 [ 640.664622][ C1] ? process_scheduled_works+0x945/0x1830 [ 640.670383][ C1] linkwatch_event+0xe/0x60 [ 640.674956][ C1] process_scheduled_works+0xa2c/0x1830 [ 640.680552][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 640.686595][ C1] ? assign_work+0x364/0x3d0 [ 640.691229][ C1] worker_thread+0x86d/0xd40 [ 640.695915][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 640.701894][ C1] ? __kthread_parkme+0x169/0x1d0 [ 640.706982][ C1] ? __pfx_worker_thread+0x10/0x10 [ 640.712197][ C1] kthread+0x2f0/0x390 [ 640.716311][ C1] ? __pfx_worker_thread+0x10/0x10 [ 640.721478][ C1] ? __pfx_kthread+0x10/0x10 [ 640.726163][ C1] ret_from_fork+0x4b/0x80 [ 640.730628][ C1] ? __pfx_kthread+0x10/0x10 [ 640.735299][ C1] ret_from_fork_asm+0x1a/0x30 [ 640.740135][ C1] [ 640.743228][ C1] [ 640.743228][ C1] Showing all locks held in the system: [ 640.750956][ C1] 3 locks held by kworker/u8:1/12: [ 640.756123][ C1] #0: ffff88802983d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 640.767852][ C1] #1: ffffc90000117d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 640.780761][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 640.790280][ C1] 5 locks held by kworker/u8:7/2465: [ 640.795680][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 640.806692][ C1] #1: ffffc9000917fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 640.817352][ C1] #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 640.826889][ C1] #3: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 640.837080][ C1] #4: ffffffff8e33ce78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 640.848192][ C1] 2 locks held by getty/4856: [ 640.852997][ C1] #0: ffff88802a6670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 640.862897][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 640.873197][ C1] 3 locks held by syz.0.737/7785: [ 640.878253][ C1] #0: ffff888078b480a8 (&ctx->uring_lock){+.+.}-{3:3}, at: __se_sys_io_uring_enter+0x1b6a/0x2670 [ 640.888989][ C1] #1: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 640.899188][ C1] #2: ffffffff8e337aa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 640.909151][ C1] 3 locks held by kworker/0:6/9732: [ 640.914409][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 640.925503][ C1] #1: ffffc90002db7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 640.936593][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 640.945709][ C1] 1 lock held by syz-executor/10525: [ 640.951019][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 640.960554][ C1] 1 lock held by syz-executor/10557: [ 640.965897][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 640.975430][ C1] 1 lock held by syz-executor/10673: [ 640.980750][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 640.990256][ C1] 3 locks held by syz-executor/10675: [ 640.995678][ C1] #0: ffffffff8f66f490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 641.004004][ C1] #1: ffffffff8f66f348 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 641.013084][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: wg_set_device+0x102/0x2160 [ 641.022508][ C1] 7 locks held by syz-executor/10679: [ 641.027997][ C1] #0: ffff88802a526420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 641.037032][ C1] #1: ffff888069250c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 641.046918][ C1] #2: ffff888022f233c8 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 641.057082][ C1] #3: ffffffff8ef0b548 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 [ 641.067586][ C1] #4: ffff88807cdad0e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 641.076979][ C1] #5: ffff88807cdaf250 (&devlink->lock_key#37){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80 [ 641.087224][ C1] #6: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: fib_seq_sum+0x31/0x290 [ 641.096209][ C1] [ 641.098560][ C1] ============================================= [ 641.098560][ C1] [ 641.185131][ T2465] team0 (unregistering): Port device team_slave_0 removed [ 642.165135][ C1] DEBUG: waiting rtnl_mutex for 1213 jiffies. [ 642.171280][ C1] task:kworker/0:6 state:D stack:23680 pid:9732 tgid:9732 ppid:2 flags:0x00004000 [ 642.181573][ C1] Workqueue: events linkwatch_event [ 642.186832][ C1] Call Trace: [ 642.190155][ C1] [ 642.193167][ C1] __schedule+0x1800/0x4a60 [ 642.197750][ C1] ? __pfx___schedule+0x10/0x10 [ 642.202693][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 642.208732][ C1] ? __pfx_lock_release+0x10/0x10 [ 642.213871][ C1] ? kick_pool+0x1bd/0x620 [ 642.218338][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 642.223610][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 642.228862][ C1] ? schedule+0x90/0x320 [ 642.233193][ C1] schedule+0x14b/0x320 [ 642.237402][ C1] schedule_preempt_disabled+0x13/0x30 [ 642.242930][ C1] __mutex_lock+0x6a4/0xd70 [ 642.247481][ C1] ? __mutex_lock+0x527/0xd70 [ 642.252258][ C1] ? linkwatch_event+0xe/0x60 [ 642.256995][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 642.262112][ C1] ? get_rtnl_holder+0x144/0x190 [ 642.267098][ C1] ? process_scheduled_works+0x945/0x1830 [ 642.273086][ C1] linkwatch_event+0xe/0x60 [ 642.277718][ C1] process_scheduled_works+0xa2c/0x1830 [ 642.283377][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 642.289421][ C1] ? assign_work+0x364/0x3d0 [ 642.294279][ C1] worker_thread+0x86d/0xd40 [ 642.298924][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 642.304900][ C1] ? __kthread_parkme+0x169/0x1d0 [ 642.309972][ C1] ? __pfx_worker_thread+0x10/0x10 [ 642.315169][ C1] kthread+0x2f0/0x390 [ 642.319278][ C1] ? __pfx_worker_thread+0x10/0x10 [ 642.324467][ C1] ? __pfx_kthread+0x10/0x10 [ 642.329100][ C1] ret_from_fork+0x4b/0x80 [ 642.333594][ C1] ? __pfx_kthread+0x10/0x10 [ 642.338222][ C1] ret_from_fork_asm+0x1a/0x30 [ 642.343089][ C1] [ 642.346138][ C1] [ 642.346138][ C1] Showing all locks held in the system: [ 642.353934][ C1] 3 locks held by kworker/u8:1/12: [ 642.359076][ C1] #0: ffff88802983d948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 642.370783][ C1] #1: ffffc90000117d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 642.383694][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 642.393248][ C1] 2 locks held by kworker/u8:6/2435: [ 642.398557][ C1] 6 locks held by kworker/u8:7/2465: [ 642.403894][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 642.414888][ C1] #1: ffffc9000917fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 642.425538][ C1] #2: ffffffff8f5fced0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 642.435047][ C1] #3: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 642.445184][ C1] #4: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 642.455381][ C1] #5: ffffffff8e337aa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 642.465343][ C1] 2 locks held by getty/4856: [ 642.470044][ C1] #0: ffff88802a6670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 642.479937][ C1] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 642.490191][ C1] 3 locks held by kworker/u9:0/9172: [ 642.495538][ C1] #0: ffff888063ce9148 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 642.506470][ C1] #1: ffffc90003927d00 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 642.518710][ C1] #2: ffff88801e298d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_power_on+0x1bf/0x6b0 [ 642.528262][ C1] 3 locks held by kworker/0:6/9732: [ 642.533546][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 642.544642][ C1] #1: ffffc90002db7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 642.555725][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 642.564819][ C1] 1 lock held by syz-executor/10525: [ 642.570132][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 642.579690][ C1] 1 lock held by syz-executor/10557: [ 642.585068][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 642.594599][ C1] 1 lock held by syz-executor/10673: [ 642.599923][ C1] #0: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6eb/0xd00 [ 642.609486][ C1] 3 locks held by syz-executor/10675: [ 642.614923][ C1] #0: ffffffff8f66f490 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 642.623219][ C1] #1: ffffffff8f66f348 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 642.632306][ C1] #2: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: wg_set_device+0x102/0x2160 [ 642.641529][ C1] 7 locks held by syz-executor/10679: [ 642.646961][ C1] #0: ffff88802a526420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 642.655968][ C1] #1: ffff888069250c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 642.665850][ C1] #2: ffff888022f233c8 (kn->active#50){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 642.675995][ C1] #3: ffffffff8ef0b548 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 [ 642.686471][ C1] #4: ffff88807cdad0e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 642.695854][ C1] #5: ffff88807cdaf250 (&devlink->lock_key#37){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80 [ 642.706111][ C1] #6: ffffffff8f609a48 (rtnl_mutex){+.+.}-{3:3}, at: fib_seq_sum+0x31/0x290 [ 642.715061][ C1] [ 642.717411][ C1] ============================================= [ 642.717411][ C1] [ 642.745357][ T4497] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 642.772101][ T4497] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 642.781813][ T4497] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 642.799496][ T4497] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 642.807915][ T4497] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 642.828011][ T4497] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 643.030188][T10557] veth0_vlan: entered promiscuous mode [ 643.315052][T10557] veth1_vlan: entered promiscuous mode [ 643.361925][T10679] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 643.374838][T10679] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 643.535953][T10679] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 643.560338][T10679] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 643.937261][T10673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 644.003293][T10557] veth0_macvtap: entered promiscuous mode [ 644.085575][T10557] veth1_macvtap: entered promiscuous mode [ 644.262473][T10675] 8021q: adding VLAN 0 to HW filter on device bond0 [ 644.378135][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.389725][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.400396][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.411997][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.422164][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.432789][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.443901][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.454458][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.466451][T10557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 644.479927][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.490766][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.500735][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.512330][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.531666][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.542300][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.553321][T10557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.564254][T10557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.589793][T10557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 644.625531][T10675] 8021q: adding VLAN 0 to HW filter on device team0 [ 644.685054][T10557] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.696925][T10557] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.705836][T10557] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.716879][T10557] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.843624][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 644.850817][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 644.882145][ T4497] Bluetooth: hci1: command tx timeout [ 644.922422][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.929713][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 644.949382][T10715] chnl_net:caif_netlink_parms(): no params data found [ 645.133632][T10673] veth0_vlan: entered promiscuous mode [ 645.158991][T10679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 645.246752][T10673] veth1_vlan: entered promiscuous mode [ 645.483472][T10679] 8021q: adding VLAN 0 to HW filter on device team0 [ 645.545095][T10715] bridge0: port 1(bridge_slave_0) entered blocking state [ 645.562024][T10715] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.569372][T10715] bridge_slave_0: entered allmulticast mode [ 645.607956][T10715] bridge_slave_0: entered promiscuous mode [ 645.624267][ T2435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.632956][ T2435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.724932][T10715] bridge0: port 2(bridge_slave_1) entered blocking state [ 645.751924][T10715] bridge0: port 2(bridge_slave_1) entered disabled state [ 645.759270][T10715] bridge_slave_1: entered allmulticast mode [ 645.814435][T10715] bridge_slave_1: entered promiscuous mode [ 645.906364][T10673] veth0_macvtap: entered promiscuous mode [ 645.960687][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 645.968250][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 646.097806][T10673] veth1_macvtap: entered promiscuous mode [ 646.117239][T10715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.155759][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state [ 646.163030][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 646.316092][T10715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 646.498121][T10715] team0: Port device team_slave_0 added [ 646.526417][T10715] team0: Port device team_slave_1 added [ 646.555394][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 646.585431][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.611709][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 646.631617][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.641498][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 646.673795][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.692600][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 646.711597][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.741774][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 646.755575][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 646.781167][T10673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 646.790850][ T9172] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 646.811981][ T9172] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 646.821180][ T9172] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 646.833659][ T9172] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 646.846305][ T9172] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 646.858591][ T9172] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 646.903313][T10675] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 646.972026][ T9172] Bluetooth: hci1: command tx timeout [ 646.988077][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 647.011720][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 647.031948][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 647.059545][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 647.071962][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 647.095890][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 647.114041][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 647.135677][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 647.145975][T10673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 647.169151][T10673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 647.193096][T10673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 647.257820][T10715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 647.264986][T10715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.292599][T10715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 647.307275][T10715] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 647.314493][T10715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.341900][T10715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 647.357080][T10673] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.367369][T10673] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.384584][T10673] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.405326][T10673] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.511313][ T2465] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.743568][ T2465] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.897681][ T2465] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.917657][T10715] hsr_slave_0: entered promiscuous mode [ 647.926515][T10715] hsr_slave_1: entered promiscuous mode [ 647.933684][T10715] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 647.941284][T10715] Cannot create hsr debugfs directory [ 648.028489][ T2465] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.381874][ T7424] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 648.389853][ T7424] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 648.575776][T10135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 648.602128][T10135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 648.644301][T10675] veth0_vlan: entered promiscuous mode [ 648.956338][T10743] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1515'. [ 648.968454][ T9172] Bluetooth: hci2: command tx timeout [ 648.979107][T10679] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 649.006497][T10675] veth1_vlan: entered promiscuous mode [ 649.012198][T10743] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 649.041811][T10733] chnl_net:caif_netlink_parms(): no params data found [ 649.048678][ T9172] Bluetooth: hci1: command tx timeout [ 649.875482][T10733] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.892158][T10733] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.912097][T10733] bridge_slave_0: entered allmulticast mode [ 649.919786][T10733] bridge_slave_0: entered promiscuous mode [ 649.956115][T10733] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.972479][T10733] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.990243][T10733] bridge_slave_1: entered allmulticast mode [ 650.024667][T10733] bridge_slave_1: entered promiscuous mode [ 650.755980][T10733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 650.847041][T10675] veth0_macvtap: entered promiscuous mode [ 650.868723][T10675] veth1_macvtap: entered promiscuous mode [ 650.886238][T10733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 650.945016][T10679] veth0_vlan: entered promiscuous mode [ 650.953593][ T29] audit: type=1326 audit(1721344380.613:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10763 comm="syz.1.1519" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd486975b59 code=0x0 [ 651.053293][ T9172] Bluetooth: hci2: command tx timeout [ 651.056569][T10733] team0: Port device team_slave_0 added [ 651.132181][ T9172] Bluetooth: hci1: command tx timeout [ 651.138144][T10733] team0: Port device team_slave_1 added [ 651.195958][T10679] veth1_vlan: entered promiscuous mode [ 651.313843][ T2465] bridge_slave_1: left allmulticast mode [ 651.326757][ T2465] bridge_slave_1: left promiscuous mode [ 651.332813][ T2465] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.344070][ T2465] bridge_slave_0: left allmulticast mode [ 651.349778][ T2465] bridge_slave_0: left promiscuous mode [ 651.366115][ T2465] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.393472][ T2465] bridge_slave_1: left allmulticast mode [ 651.399272][ T2465] bridge_slave_1: left promiscuous mode [ 651.406054][ T2465] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.416747][ T2465] bridge_slave_0: left allmulticast mode [ 651.425213][ T2465] bridge_slave_0: left promiscuous mode [ 651.431090][ T2465] bridge0: port 1(bridge_slave_0) entered disabled state [ 652.721756][T10767] ================================================================== [ 652.729919][T10767] BUG: KASAN: slab-use-after-free in handle_mm_fault+0x14f0/0x19a0 [ 652.738055][T10767] Read of size 8 at addr ffff88804cc2a5f0 by task syz.1.1520/10767 [ 652.745992][T10767] [ 652.748344][T10767] CPU: 1 UID: 0 PID: 10767 Comm: syz.1.1520 Not tainted 6.10.0-next-20240718-syzkaller #0 [ 652.758781][T10767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 652.768861][T10767] Call Trace: [ 652.772172][T10767] [ 652.775125][T10767] dump_stack_lvl+0x241/0x360 [ 652.779859][T10767] ? __pfx_dump_stack_lvl+0x10/0x10 [ 652.785110][T10767] ? __pfx__printk+0x10/0x10 [ 652.789738][T10767] ? _printk+0xd5/0x120 [ 652.793947][T10767] ? __virt_addr_valid+0x183/0x530 [ 652.799080][T10767] ? __virt_addr_valid+0x183/0x530 [ 652.804227][T10767] print_report+0x169/0x550 [ 652.808765][T10767] ? __virt_addr_valid+0x183/0x530 [ 652.813910][T10767] ? __virt_addr_valid+0x183/0x530 [ 652.819055][T10767] ? __virt_addr_valid+0x45f/0x530 [ 652.824198][T10767] ? __phys_addr+0xba/0x170 [ 652.828730][T10767] ? handle_mm_fault+0x14f0/0x19a0 [ 652.833894][T10767] kasan_report+0x143/0x180 [ 652.838443][T10767] ? handle_mm_fault+0x14f0/0x19a0 [ 652.843605][T10767] handle_mm_fault+0x14f0/0x19a0 [ 652.848604][T10767] ? __pfx_handle_mm_fault+0x10/0x10 [ 652.853934][T10767] ? lock_vma_under_rcu+0x592/0x6e0 [ 652.859178][T10767] ? exc_page_fault+0x113/0x8c0 [ 652.864075][T10767] exc_page_fault+0x459/0x8c0 [ 652.868794][T10767] asm_exc_page_fault+0x26/0x30 [ 652.873680][T10767] RIP: 0033:0x7fd48683941a [ 652.878122][T10767] Code: 90 8b 45 04 ba 03 00 00 00 c1 e0 04 03 45 64 39 c6 48 0f 42 f0 45 31 c9 31 ff e8 71 c7 13 00 8b 75 00 ba 03 00 00 00 45 89 e0 <49> 89 45 00 41 b9 00 00 00 10 b9 01 80 00 00 31 ff c1 e6 06 e8 4d [ 652.897763][T10767] RSP: 002b:00007fd48781cfe0 EFLAGS: 00010217 [ 652.903872][T10767] RAX: ffffffffffffffff RBX: 00007fd486b05f60 RCX: 00007fd486975b93 [ 652.911878][T10767] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 652.919877][T10767] RBP: 0000000020000280 R08: 00000000ffffffff R09: 0000000000000000 [ 652.927876][T10767] R10: 0000000000008001 R11: 0000000000000246 R12: ffffffffffffffff [ 652.935883][T10767] R13: 0000000020c57000 R14: 0000000000000000 R15: 0000000000000000 [ 652.944593][T10767] [ 652.947632][T10767] [ 652.949965][T10767] Allocated by task 10673: [ 652.954392][T10767] kasan_save_track+0x3f/0x80 [ 652.959119][T10767] __kasan_slab_alloc+0x66/0x80 [ 652.963993][T10767] kmem_cache_alloc_noprof+0x135/0x2a0 [ 652.969738][T10767] vm_area_dup+0x27/0x290 [ 652.974100][T10767] copy_mm+0xc7b/0x1f30 [ 652.978287][T10767] copy_process+0x186b/0x3d90 [ 652.983085][T10767] kernel_clone+0x226/0x8f0 [ 652.987617][T10767] __x64_sys_clone+0x258/0x2a0 [ 652.992414][T10767] do_syscall_64+0xf3/0x230 [ 652.996954][T10767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.002874][T10767] [ 653.005212][T10767] Freed by task 7785: [ 653.009206][T10767] kasan_save_track+0x3f/0x80 [ 653.013923][T10767] kasan_save_free_info+0x40/0x50 [ 653.018981][T10767] poison_slab_object+0xe0/0x150 [ 653.023946][T10767] __kasan_slab_free+0x37/0x60 [ 653.028729][T10767] kmem_cache_free+0x145/0x350 [ 653.033523][T10767] rcu_core+0xafd/0x1830 [ 653.037796][T10767] handle_softirqs+0x2c4/0x970 [ 653.042590][T10767] __irq_exit_rcu+0xf4/0x1c0 [ 653.047207][T10767] irq_exit_rcu+0x9/0x30 [ 653.051495][T10767] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 653.057173][T10767] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 653.063193][T10767] [ 653.065539][T10767] Last potentially related work creation: [ 653.071610][T10767] kasan_save_stack+0x3f/0x60 [ 653.076328][T10767] __kasan_record_aux_stack+0xac/0xc0 [ 653.081733][T10767] call_rcu+0x167/0xa70 [ 653.085921][T10767] vma_complete+0x98a/0xb60 [ 653.090450][T10767] vma_merge+0x1d9b/0x2690 [ 653.094892][T10767] vma_modify+0xb8/0x350 [ 653.099163][T10767] userfaultfd_release+0x413/0x900 [ 653.104304][T10767] __fput+0x24a/0x8a0 [ 653.108350][T10767] task_work_run+0x24f/0x310 [ 653.112972][T10767] syscall_exit_to_user_mode+0x168/0x370 [ 653.118647][T10767] do_syscall_64+0x100/0x230 [ 653.123273][T10767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.129195][T10767] [ 653.131532][T10767] The buggy address belongs to the object at ffff88804cc2a5d0 [ 653.131532][T10767] which belongs to the cache vm_area_struct of size 184 [ 653.145961][T10767] The buggy address is located 32 bytes inside of [ 653.145961][T10767] freed 184-byte region [ffff88804cc2a5d0, ffff88804cc2a688) [ 653.159700][T10767] [ 653.162043][T10767] The buggy address belongs to the physical page: [ 653.168483][T10767] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cc2a [ 653.177268][T10767] memcg:ffff888017ff5901 [ 653.181561][T10767] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 653.188690][T10767] page_type: 0xfdffffff(slab) [ 653.193390][T10767] raw: 00fff00000000000 ffff888015eefb40 dead000000000122 0000000000000000 [ 653.201997][T10767] raw: 0000000000000000 0000000000100010 00000001fdffffff ffff888017ff5901 [ 653.210600][T10767] page dumped because: kasan: bad access detected [ 653.217042][T10767] page_owner tracks the page as allocated [ 653.222948][T10767] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 10760, tgid 10760 (modprobe), ts 650517201225, free_ts 650468351674 [ 653.242172][T10767] post_alloc_hook+0x1f3/0x230 [ 653.246976][T10767] get_page_from_freelist+0x2ccb/0x2d80 [ 653.252546][T10767] __alloc_pages_noprof+0x256/0x6c0 [ 653.257769][T10767] alloc_slab_page+0x5f/0x120 [ 653.262481][T10767] allocate_slab+0x5a/0x2f0 [ 653.267017][T10767] ___slab_alloc+0xcd1/0x14b0 [ 653.271720][T10767] __slab_alloc+0x58/0xa0 [ 653.276080][T10767] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 653.281563][T10767] vm_area_dup+0x27/0x290 [ 653.285922][T10767] __split_vma+0x1a9/0xc30 [ 653.290455][T10767] vma_modify+0x268/0x350 [ 653.294815][T10767] mprotect_fixup+0x3ea/0xa90 [ 653.299523][T10767] do_mprotect_pkey+0x908/0xe00 [ 653.304403][T10767] __x64_sys_mprotect+0x80/0x90 [ 653.309284][T10767] do_syscall_64+0xf3/0x230 [ 653.313825][T10767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.319755][T10767] page last free pid 10760 tgid 10760 stack trace: [ 653.326275][T10767] free_unref_page+0xd22/0xea0 [ 653.331070][T10767] __slab_free+0x31b/0x3d0 [ 653.335523][T10767] qlist_free_all+0x9e/0x140 [ 653.340191][T10767] kasan_quarantine_reduce+0x14f/0x170 [ 653.345688][T10767] __kasan_slab_alloc+0x23/0x80 [ 653.350566][T10767] kmem_cache_alloc_noprof+0x135/0x2a0 [ 653.356059][T10767] getname_flags+0xb7/0x540 [ 653.360589][T10767] do_sys_openat2+0xd2/0x1d0 [ 653.365216][T10767] __x64_sys_openat+0x247/0x2a0 [ 653.370097][T10767] do_syscall_64+0xf3/0x230 [ 653.374639][T10767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.380559][T10767] [ 653.382899][T10767] Memory state around the buggy address: [ 653.388620][T10767] ffff88804cc2a480: fb fb fb fc fc fc fc fc fc fc fc 00 00 00 00 00 [ 653.396706][T10767] ffff88804cc2a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 653.404801][T10767] >ffff88804cc2a580: 00 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 653.412888][T10767] ^ [ 653.420630][T10767] ffff88804cc2a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 653.428716][T10767] ffff88804cc2a680: fb fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 [ 653.436800][T10767] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 653.482082][T10767] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 653.489348][T10767] CPU: 0 UID: 0 PID: 10767 Comm: syz.1.1520 Not tainted 6.10.0-next-20240718-syzkaller #0 [ 653.499276][T10767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 653.509365][T10767] Call Trace: [ 653.512674][T10767] [ 653.515672][T10767] dump_stack_lvl+0x241/0x360 [ 653.520412][T10767] ? __pfx_dump_stack_lvl+0x10/0x10 [ 653.525663][T10767] ? __pfx__printk+0x10/0x10 [ 653.530293][T10767] ? preempt_schedule+0xe1/0xf0 [ 653.535182][T10767] ? vscnprintf+0x5d/0x90 [ 653.539548][T10767] panic+0x349/0x870 [ 653.543486][T10767] ? check_panic_on_warn+0x21/0xb0 [ 653.548632][T10767] ? __pfx_panic+0x10/0x10 [ 653.553102][T10767] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 653.559132][T10767] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 653.565497][T10767] ? print_report+0x502/0x550 [ 653.570207][T10767] check_panic_on_warn+0x86/0xb0 [ 653.575177][T10767] ? handle_mm_fault+0x14f0/0x19a0 [ 653.580338][T10767] end_report+0x77/0x160 [ 653.584614][T10767] kasan_report+0x154/0x180 [ 653.589153][T10767] ? handle_mm_fault+0x14f0/0x19a0 [ 653.594316][T10767] handle_mm_fault+0x14f0/0x19a0 [ 653.599316][T10767] ? __pfx_handle_mm_fault+0x10/0x10 [ 653.604647][T10767] ? lock_vma_under_rcu+0x592/0x6e0 [ 653.609888][T10767] ? exc_page_fault+0x113/0x8c0 [ 653.614876][T10767] exc_page_fault+0x459/0x8c0 [ 653.619605][T10767] asm_exc_page_fault+0x26/0x30 [ 653.624495][T10767] RIP: 0033:0x7fd48683941a [ 653.628939][T10767] Code: 90 8b 45 04 ba 03 00 00 00 c1 e0 04 03 45 64 39 c6 48 0f 42 f0 45 31 c9 31 ff e8 71 c7 13 00 8b 75 00 ba 03 00 00 00 45 89 e0 <49> 89 45 00 41 b9 00 00 00 10 b9 01 80 00 00 31 ff c1 e6 06 e8 4d [ 653.648576][T10767] RSP: 002b:00007fd48781cfe0 EFLAGS: 00010217 [ 653.654678][T10767] RAX: ffffffffffffffff RBX: 00007fd486b05f60 RCX: 00007fd486975b93 [ 653.662671][T10767] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 653.670659][T10767] RBP: 0000000020000280 R08: 00000000ffffffff R09: 0000000000000000 [ 653.678652][T10767] R10: 0000000000008001 R11: 0000000000000246 R12: ffffffffffffffff [ 653.686645][T10767] R13: 0000000020c57000 R14: 0000000000000000 R15: 0000000000000000 [ 653.694652][T10767] [ 653.698250][T10767] Kernel Offset: disabled [ 653.702586][T10767] Rebooting in 86400 seconds..