last executing test programs: 4.738121877s ago: executing program 1: openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x80801, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_names\x00') prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x200000094}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x0, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = syz_open_dev$dri(&(0x7f00000005c0), 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000380)={0x0, 0x3, 0x0, 0x0, 0x3, [], [0x2, 0x2, 0x7], [0x3], [0x0, 0x6]}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = fsopen(&(0x7f0000000040)='omfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) ioctl$KDENABIO(r5, 0x4b36) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x2, &(0x7f0000000240)=[{0x3c}, {0x6}]}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r7, 0x8982, &(0x7f00000000c0)={0x6, 'wg0\x00', {0x10000}, 0x8}) recvmsg$can_j1939(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000380)=""/92, 0x5c}, 0x2000) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="84b372563966e8fa0e9cf87deac016db0cc9f3e24b2fcc512985b84578fd5f6b7c326632fcaed5f9b0a1ee432e1257ab3bd88bb0e1ec9dfc10cfcede215b3e222e70f97935784513eaadfc11f671e1679c31d767d1ef0bb19c85cf29a630d432ecc4a1f15afa4a36597a927b34bcc5dc1f847c6391f86fae06ab000774bea3c35a1828121b71e456be4ea12aa22d4e45460cbf9b8a3d48b31bbfa1f9a5f4d9"], 0x58}, 0x1, 0x0, 0x0, 0x100008a4}, 0x45) socket$nl_route(0x10, 0x3, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) connect(r0, &(0x7f0000000500)=@un=@file={0x0, './file0/file0\x00'}, 0x80) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r8, 0x40186f40, 0x20000502) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000900)={0x32, &(0x7f0000000180)=[{0x3, 0x4f, 0x0, 0x8}, {0x1ff, 0xfc, 0x0, 0x2}, {0xd5d, 0x8, 0x20, 0xf7f8}, {0x8001, 0x4, 0x5, 0x81}, {0x9, 0x3f, 0x0, 0x7}]}) msgget$private(0x0, 0x27b) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0300050000000000"], 0x8, 0x0) 2.861233076s ago: executing program 1: r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000080)={0x40042}, 0x10) bind$tipc(r1, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.816877772s ago: executing program 3: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000440)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/140, 0x8c}], 0x1, 0x0, 0x0) 2.743995877s ago: executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000140), 0x84, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000180)={'IDLETIMER\x00'}, &(0x7f00000001c0)=0x1e) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x5c, @local, 0x0, 0x0, 'nq\x00'}, 0x2c) writev(r0, &(0x7f0000000200), 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f0000000200)=@v2={0x2, @aes128, 0x0, '\x00', @a}) openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00') r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000140)=@add_del={0x2, &(0x7f0000000100)='macvtap0\x00'}) creat(&(0x7f0000001040)='./file0\x00', 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000002780)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={r8, 0x3, r6, 0x5}) syz_emit_ethernet(0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00000003c0)="7c55fcf5db8d2d1d1f833b44708c329f680c8c4a7c826172b3f2e00571faee7bcccab88609af17746fce2886e54cd5e563abe6c3cd7f62ab76ca6e2ace1e35308141496893e81ff954ea5a68aac0d66d7802ee6ceb32fae4c60dcd3efe1d585656b109034f5f57d570c59bcb6c7811810b25cd49ea8c56cb469f5672c20f69d6dbca48c9718d5a88b4ebe3c61ac8af29a53b1d20c04a98f73e75357f347ca0218c2137752094f2220e4efbc6bbd0dba0c34f777b11168fdf92ce96e6ac4aba5a47da2a92f8727cce76dea4b7ff771a09993978b10d38f895d23f134ecdd5be1b57", 0xe1) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="d80000001c0081044e81f782db44b904021d080201000000040000a118000c000600142603600e1208000f0100810401a80016002000014003", 0x39}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r9 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r9, &(0x7f0000000040)=ANY=[@ANYBLOB="1303000054009155090893b31b71a54a07"], 0xfe33) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0xc0096616, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet(r2, &(0x7f00000000c0)=[{{&(0x7f0000000040)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000100)="10e60000000000000000000000b73b1a1c27bf9537e193ef3ad4a101a0591f8cff027a11523818e854272c943b2c94485f", 0x31}], 0x1}}], 0x1, 0x400d0) 2.718097834s ago: executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) close(0xffffffffffffffff) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xfff}, 0x10) 2.462267678s ago: executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/99, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000640)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) ioctl$VHOST_VDPA_GET_VRING_NUM(r0, 0x4008af14, &(0x7f00000001c0)) 2.356079291s ago: executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000900)='net/rpc\x00') mkdirat(r0, &(0x7f0000002340)='./file0\x00', 0x0) 2.295247786s ago: executing program 0: socket$inet6_sctp(0xa, 0x1, 0x84) r0 = syz_io_uring_setup(0x27f3, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0}) io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0) 2.224524503s ago: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000410007010000000000000000017c0000080004"], 0x1c}}, 0x0) 2.165576904s ago: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000200)=""/128, 0x80) write$char_usb(r2, 0x0, 0x0) read$char_usb(r2, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_disconnect(r1) 2.021898097s ago: executing program 4: r0 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) 1.98375446s ago: executing program 4: r0 = openat$incfs(0xffffffffffffff9c, 0x0, 0x1056c0, 0x0) open_by_handle_at(r0, &(0x7f0000000080)=@isofs_parent={0x14, 0x2, {0x112}}, 0x0) 1.956841266s ago: executing program 4: mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000040)='./control\x00', 0x5000410) inotify_add_watch(r0, &(0x7f0000000080)='./control\x00', 0xa4000940) 1.934352232s ago: executing program 4: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/99, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000640)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) ioctl$VHOST_VDPA_GET_VRING_NUM(r0, 0x4008af14, &(0x7f00000001c0)) 1.894475341s ago: executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @tipc={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast1, @multicast1, {[@noop]}}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa}}}}}}, 0x0) 1.889123881s ago: executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) 1.827123898s ago: executing program 2: r0 = io_uring_setup(0x5856, &(0x7f0000000080)={0x0, 0x0, 0x3bc0}) poll(&(0x7f0000000200)=[{r0}], 0x1, 0x5) 1.808999327s ago: executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDENABIO(r0, 0x4b36) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000340)='.\x00', 0xa50003d1) 1.782263949s ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_KEY={0x8}, @NFTA_RT_DREG={0x8}]}}}, {0x5d, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_SREG={0x8}, @NFTA_EXTHDR_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe4}}, 0x0) 1.755058714s ago: executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket(0x2, 0x80805, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7ff00000}]}) socketpair$unix(0x1, 0x0, 0x0, 0x0) r3 = memfd_create(&(0x7f0000000040)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o8\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8n\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HOA\xc8\x80kR\xfc\xcb%u3\xec\xde%\x00]\xd8\xebD\x82S\x17?\xd6As\xba[\xc7%\x88 \xeeQR\x9f\x81\x8b\xdc`\xb4\xe7m\xbe\x7f2\x11)W\x9c\x82\x91\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\x9c\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\x9d\xb8\x89\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3\xb8\xc4\xa7\x19zsa\xcf1\xf7\xe6\xc5\xa4\xfa9D\x82`\xea\x16\xc6\xce\x83\xab\x05\x19-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6\xff\xed\r\xd2\xb3\xaa\x9b\x7fnfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xab\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3\x04\x00\x00\x00\x00\x00\x00\x00\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x8d\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94 2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[', 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100001e, 0x11, r3, 0x0) fallocate(r3, 0x0, 0x0, 0x8000004) pipe2$watch_queue(&(0x7f0000000040), 0xb82e336200000000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000007fc0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10) r4 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x300, 0x0, 0x0, {0xd, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x0, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x0, 0x2, 'syz1\x00'}]}], {0x14}}, 0xfffffffffffffdbe}}, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r4]) dup2(r1, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000200)={r5}, &(0x7f0000000180)=0x8) r6 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r6, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffa, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}], 0x1c) sendto$inet6(r1, &(0x7f0000000180)='\x00', 0x1, 0x40008d0, &(0x7f0000000200)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r7, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0909f91b5e071887f70e09d038e7ff7fc6e5539b0d430a8b089b3f363563030890e0879b0af8c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 1.709276558s ago: executing program 3: r0 = fsopen(&(0x7f0000000200)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fspick(r1, &(0x7f0000000000)='./file0\x00', 0x0) 1.63875436s ago: executing program 2: r0 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) 1.595701146s ago: executing program 1: r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000080)=@isofs_parent={0x14, 0x2, {0x112}}, 0x0) 1.565896615s ago: executing program 3: ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={'netdevsim0\x00', &(0x7f0000000180)=@ethtool_drvinfo={0x3, "548a849791a6c2cd031d5e0bac875ee3cee1067a7920f3f8add598f2cb765f8d", "99d021ef7e1c27b2ed8780c88a9cd5726633478165772093165f37988bef0408", "fc7727ad93663ae759f5709acdeb0b2eb7de8715d8c65baec61db9723a5a11e6", "71a70031508ef6deec26a1be1412e1bb3038ac04cf978d1692813dd10c9b2ebe", "047ec990a49da6a616df1b75d41ff03e93df1f57759db8d89f627376065b11aa", "ff07d5400000e5ffffff00"}}) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6}]}) io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, 0x0, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x401c2103, &(0x7f00000001c0)) 1.491277148s ago: executing program 1: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) r0 = memfd_create(&(0x7f00000002c0)='D\xa3\xd5Wj\x00\x00\x8b\x14\xc2\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x9b\x12\x0eW\xcf\t\xb0\xa9 +H/\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2y\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xde\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4\x86\xd4\xc9\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg(\x03\xa7\x92\xe5\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xf8A\xaf\\\xaa\xf5u\xde\xfa\xa1\xc0\xf9&gR\x81.\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b\x00'/244, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 1.377697647s ago: executing program 2: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/99, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000640)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) ioctl$VHOST_VDPA_GET_VRING_NUM(r0, 0x4008af14, &(0x7f00000001c0)) 1.263161757s ago: executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_dccp(0x8, 0x6, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000000)={0x2, 0x0, @dev}, 0x10) sendmsg$rds(r3, &(0x7f0000000100)={&(0x7f0000000140)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f00000014c0)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}], 0x30}, 0x0) syz_open_procfs(0x0, &(0x7f0000001880)='numa_maps\x00') syz_open_procfs(0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) 124.02867ms ago: executing program 3: openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x20000005) r0 = socket$inet6(0xa, 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c) 755.553µs ago: executing program 2: r0 = socket$igmp6(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000080)={{0xa, 0x0, 0x101, @rand_addr=' \x01\x00'}, {0xa, 0x0, 0x0, @dev}}, 0x9e) syz_io_uring_setup(0x26c6, 0x0, &(0x7f0000000100), 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, 0x0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8}, @void}}}, 0x28}}, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) 0s ago: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r5, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) kernel console output (not intermixed with test programs): e fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.735700][ T5109] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.750331][ T5119] team0: Port device team_slave_1 added [ 54.786641][ T5110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.800115][ T5114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.819885][ T5109] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.827247][ T5109] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.853316][ T5109] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.886059][ T5115] team0: Port device team_slave_0 added [ 54.894509][ T5110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.931445][ T5119] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.938533][ T5119] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.964714][ T5119] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.979183][ T5119] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.986367][ T5119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.012663][ T5119] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.025698][ T5115] team0: Port device team_slave_1 added [ 55.044016][ T5114] team0: Port device team_slave_0 added [ 55.089743][ T5110] team0: Port device team_slave_0 added [ 55.097666][ T5114] team0: Port device team_slave_1 added [ 55.129325][ T5109] hsr_slave_0: entered promiscuous mode [ 55.135888][ T5109] hsr_slave_1: entered promiscuous mode [ 55.143617][ T5125] Bluetooth: hci1: command tx timeout [ 55.150874][ T5115] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.157869][ T5115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.184073][ T5115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.197046][ T5110] team0: Port device team_slave_1 added [ 55.222876][ T5125] Bluetooth: hci3: command tx timeout [ 55.222902][ T4491] Bluetooth: hci2: command tx timeout [ 55.223090][ T4491] Bluetooth: hci4: command tx timeout [ 55.228504][ T5125] Bluetooth: hci0: command tx timeout [ 55.269623][ T5115] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.276681][ T5115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.303182][ T5115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.325712][ T5114] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.333937][ T5114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.360444][ T5114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.388711][ T5119] hsr_slave_0: entered promiscuous mode [ 55.395493][ T5119] hsr_slave_1: entered promiscuous mode [ 55.401501][ T5119] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.409321][ T5119] Cannot create hsr debugfs directory [ 55.422515][ T5110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.430128][ T5110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.456499][ T5110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.468445][ T5114] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.475820][ T5114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.502015][ T5114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.531067][ T5110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.538311][ T5110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.564435][ T5110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.651248][ T5115] hsr_slave_0: entered promiscuous mode [ 55.658286][ T5115] hsr_slave_1: entered promiscuous mode [ 55.665215][ T5115] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.673522][ T5115] Cannot create hsr debugfs directory [ 55.750596][ T5114] hsr_slave_0: entered promiscuous mode [ 55.757645][ T5114] hsr_slave_1: entered promiscuous mode [ 55.764352][ T5114] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.771916][ T5114] Cannot create hsr debugfs directory [ 55.824952][ T5110] hsr_slave_0: entered promiscuous mode [ 55.832052][ T5110] hsr_slave_1: entered promiscuous mode [ 55.838703][ T5110] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.846376][ T5110] Cannot create hsr debugfs directory [ 56.179978][ T5119] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 56.197592][ T5119] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 56.208100][ T5119] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 56.231561][ T5119] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 56.284875][ T5109] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 56.294959][ T5109] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 56.308446][ T5109] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 56.317773][ T5109] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 56.376904][ T5114] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 56.397974][ T5114] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 56.411531][ T5114] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 56.430762][ T5114] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 56.507140][ T5115] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.519331][ T5115] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.538193][ T5115] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.555754][ T5115] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.644875][ T5110] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 56.664232][ T5110] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 56.674498][ T5110] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 56.690127][ T5110] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 56.766143][ T5119] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.837794][ T5119] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.860647][ T5109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.901049][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.908288][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.931700][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.938912][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.959856][ T5109] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.971998][ T5114] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.009513][ T5166] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.016624][ T5166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.041481][ T5166] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.048583][ T5166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.098697][ T5114] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.118378][ T5115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.156997][ T5161] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.164167][ T5161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.182092][ T5110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.197656][ T5161] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.204804][ T5161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.222932][ T5125] Bluetooth: hci1: command tx timeout [ 57.241137][ T5115] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.285110][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.292264][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.305829][ T5125] Bluetooth: hci4: command tx timeout [ 57.311262][ T5125] Bluetooth: hci3: command tx timeout [ 57.321223][ T4491] Bluetooth: hci2: command tx timeout [ 57.323602][ T5127] Bluetooth: hci0: command tx timeout [ 57.360795][ T5110] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.372299][ T5162] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.379446][ T5162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.434180][ T5164] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.441340][ T5164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.521810][ T5162] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.529004][ T5162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.621647][ T5119] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.818076][ T5109] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.838638][ T5119] veth0_vlan: entered promiscuous mode [ 57.924429][ T5119] veth1_vlan: entered promiscuous mode [ 58.000686][ T5114] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.065304][ T5115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.108049][ T5119] veth0_macvtap: entered promiscuous mode [ 58.141420][ T5119] veth1_macvtap: entered promiscuous mode [ 58.216565][ T5119] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.247205][ T5119] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.272303][ T5110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.281074][ T5114] veth0_vlan: entered promiscuous mode [ 58.291559][ T5119] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.300908][ T5119] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.311551][ T5119] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.320338][ T5119] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.377366][ T5114] veth1_vlan: entered promiscuous mode [ 58.400069][ T5109] veth0_vlan: entered promiscuous mode [ 58.406188][ T5115] veth0_vlan: entered promiscuous mode [ 58.444706][ T5115] veth1_vlan: entered promiscuous mode [ 58.507434][ T5109] veth1_vlan: entered promiscuous mode [ 58.534029][ T2470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.549769][ T2470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.580416][ T5110] veth0_vlan: entered promiscuous mode [ 58.599153][ T5114] veth0_macvtap: entered promiscuous mode [ 58.622527][ T5114] veth1_macvtap: entered promiscuous mode [ 58.634169][ T5110] veth1_vlan: entered promiscuous mode [ 58.648493][ T2856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.657193][ T2856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.693150][ T5115] veth0_macvtap: entered promiscuous mode [ 58.715556][ T5109] veth0_macvtap: entered promiscuous mode [ 58.728345][ T5115] veth1_macvtap: entered promiscuous mode [ 58.752395][ T5109] veth1_macvtap: entered promiscuous mode [ 58.769059][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.799102][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.811303][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.834345][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.862634][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.875812][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.902215][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.923961][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.940633][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.958389][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.970784][ T5115] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.016651][ T5114] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.029875][ T5114] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.039685][ T5114] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.048692][ T5114] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.081119][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.119782][ T5196] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 59.242048][ T5197] loop3: detected capacity change from 0 to 1024 [ 59.423006][ T5125] Bluetooth: hci1: command tx timeout [ 59.428499][ T5127] Bluetooth: hci2: command tx timeout [ 59.434229][ T5125] Bluetooth: hci4: command tx timeout [ 59.439722][ T5125] Bluetooth: hci3: command tx timeout [ 59.445439][ T5127] Bluetooth: hci0: command tx timeout [ 59.586839][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.732426][ T5115] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.743277][ T5115] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.759780][ T5115] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.812062][ T5115] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.822282][ T5115] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.831958][ T5115] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.840834][ T5115] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.858338][ T5110] veth0_macvtap: entered promiscuous mode [ 59.881272][ T5109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.897855][ T5109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.908854][ T5109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.929266][ T5109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.942078][ T5109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.953508][ T5109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.967226][ T5109] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.009572][ T5110] veth1_macvtap: entered promiscuous mode [ 60.062441][ T5109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.085526][ T5109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.103326][ T5109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.132590][ T5109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.142427][ T5109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.172634][ T5109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.197009][ T5109] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.216762][ T5109] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.232815][ T5109] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.241535][ T5109] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.272447][ T5109] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.285320][ T4491] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 60.294437][ T4491] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 60.313462][ T4491] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 60.329512][ T4491] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 60.339748][ T4491] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 60.349046][ T4491] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 60.431989][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.443036][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.452926][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.463921][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.474553][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.485042][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.495123][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.507199][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.518489][ T5110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.565208][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.578267][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.588952][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.599497][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.609851][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.620341][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.630206][ T5110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.640674][ T5110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.652137][ T5110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.671649][ T2856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.680400][ T2856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.731623][ T5110] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.741517][ T5110] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.751062][ T5110] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.762409][ T5110] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.787290][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.823972][ T2856] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.831795][ T2856] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.884350][ T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.918381][ T2493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.926334][ T2493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.007075][ T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.063291][ T2847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.079218][ T2847] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.096730][ T2856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.108745][ T2856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.122054][ T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.213074][ T5207] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.490668][ T4491] Bluetooth: hci3: command tx timeout [ 61.497232][ T4491] Bluetooth: hci0: command tx timeout [ 61.502947][ T4491] Bluetooth: hci2: command tx timeout [ 61.512427][ T4491] Bluetooth: hci1: command tx timeout [ 61.722285][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.858468][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.153692][ T2856] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.188463][ T2856] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.436046][ T5125] Bluetooth: hci5: command tx timeout [ 62.631229][ T5218] loop0: detected capacity change from 0 to 1024 [ 63.160760][ T5220] loop2: detected capacity change from 0 to 1024 [ 65.641235][ T5125] Bluetooth: hci5: command tx timeout [ 65.909846][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.920963][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.123516][ T5227] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 67.039313][ T5201] chnl_net:caif_netlink_parms(): no params data found [ 67.217381][ T52] bridge_slave_1: left allmulticast mode [ 67.227582][ T52] bridge_slave_1: left promiscuous mode [ 67.235417][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.265658][ T52] bridge_slave_0: left allmulticast mode [ 67.285322][ T52] bridge_slave_0: left promiscuous mode [ 67.319486][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.530186][ T5245] loop4: detected capacity change from 0 to 256 [ 67.547757][ T5245] FAT-fs (loop4): Unrecognized mount option "uni_xlatf=1shortname=win95" or missing value [ 67.702943][ T5125] Bluetooth: hci5: command tx timeout [ 68.338630][ T5130] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 68.425946][ T5240] loop2: detected capacity change from 0 to 1764 [ 68.666087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 68.859573][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 68.879235][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 68.902779][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.917337][ T52] bond0 (unregistering): Released all slaves [ 69.175350][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 69.184628][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 69.852399][ T5125] Bluetooth: hci5: command tx timeout [ 69.983676][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.070320][ T5253] input: syz0 as /devices/virtual/input/input5 [ 70.381581][ T5201] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.405313][ T5201] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.414575][ T5268] input: syz0 as /devices/virtual/input/input6 [ 70.454656][ T5201] bridge_slave_0: entered allmulticast mode [ 70.530009][ T5201] bridge_slave_0: entered promiscuous mode [ 70.917564][ T5276] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 71.933996][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.941823][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.038748][ T5279] loop0: detected capacity change from 0 to 1024 [ 72.543035][ T5201] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.564027][ T5201] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.571252][ T5201] bridge_slave_1: entered allmulticast mode [ 72.623993][ T5201] bridge_slave_1: entered promiscuous mode [ 73.118655][ T5201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.128392][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.364327][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.477515][ T5201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.665733][ T5302] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 74.782575][ C1] sched: RT throttling activated [ 74.805593][ T5290] loop1: detected capacity change from 0 to 1764 [ 74.920936][ T52] hsr_slave_0: left promiscuous mode [ 75.957371][ T52] hsr_slave_1: left promiscuous mode [ 76.099964][ T5317] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 76.919925][ T1146] cfg80211: failed to load regulatory.db [ 76.934147][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.959856][ T5309] loop0: detected capacity change from 0 to 512 [ 77.031714][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.118532][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.206938][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.246253][ T5309] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.288293][ T5309] ext4 filesystem being mounted at /root/syzkaller-testdir3290076627/syzkaller.mxEE3U/6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.389090][ T52] veth1_macvtap: left promiscuous mode [ 77.413419][ T52] veth0_macvtap: left promiscuous mode [ 77.439486][ T52] veth1_vlan: left promiscuous mode [ 77.477594][ T52] veth0_vlan: left promiscuous mode [ 77.493422][ T5333] overlay: Unknown parameter 'dont_appraise' [ 77.527845][ T5332] input: syz0 as /devices/virtual/input/input7 [ 78.047054][ T5115] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.742581][ C0] DEBUG: waiting rtnl_mutex for 523 jiffies. [ 78.748901][ C0] task:syz-executor.3 state:D stack:21024 pid:5201 tgid:5201 ppid:5200 flags:0x00004002 [ 78.759104][ C0] Call Trace: [ 78.762382][ C0] [ 78.765332][ C0] __schedule+0x17e8/0x4a20 [ 78.769857][ C0] ? __pfx___schedule+0x10/0x10 [ 78.774756][ C0] ? __pfx_lock_release+0x10/0x10 [ 78.779817][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 78.785735][ C0] ? schedule+0x90/0x320 [ 78.790001][ C0] schedule+0x14b/0x320 [ 78.794223][ C0] schedule_preempt_disabled+0x13/0x30 [ 78.799678][ C0] __mutex_lock+0x6a4/0xd70 [ 78.804198][ C0] ? __mutex_lock+0x527/0xd70 [ 78.808869][ C0] ? rtnetlink_rcv_msg+0x839/0x1170 [ 78.814083][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 78.819100][ C0] ? kasan_check_range+0x1ba/0x290 [ 78.824221][ C0] ? rtnl_lock+0xe7/0x130 [ 78.828544][ C0] rtnetlink_rcv_msg+0x839/0x1170 [ 78.833582][ C0] ? rtnetlink_rcv_msg+0x208/0x1170 [ 78.838777][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 78.844255][ C0] ? __pfx_validate_chain+0x10/0x10 [ 78.849465][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 78.855479][ C0] ? __pfx_validate_chain+0x10/0x10 [ 78.860720][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.867098][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 78.872296][ C0] ? finish_task_switch+0x1e5/0x870 [ 78.877532][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 78.882757][ C0] ? finish_task_switch+0x1e5/0x870 [ 78.887948][ C0] ? __schedule+0x17f0/0x4a20 [ 78.892667][ C0] ? mark_lock+0x9a/0x360 [ 78.897013][ C0] ? __lock_acquire+0x1359/0x2000 [ 78.902056][ C0] netlink_rcv_skb+0x1e3/0x430 [ 78.906838][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 78.912293][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 78.917622][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 78.922831][ C0] netlink_unicast+0x7ea/0x980 [ 78.927589][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 78.932880][ C0] ? __virt_addr_valid+0x183/0x520 [ 78.937984][ C0] ? __check_object_size+0x49c/0x900 [ 78.943303][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 78.948418][ C0] netlink_sendmsg+0x8db/0xcb0 [ 78.953209][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 78.958489][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 78.963445][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 78.968721][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 78.974192][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 78.979467][ C0] __sock_sendmsg+0x221/0x270 [ 78.984167][ C0] __sys_sendto+0x3a4/0x4f0 [ 78.988714][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 78.993763][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 78.998983][ C0] __x64_sys_sendto+0xde/0x100 [ 79.003759][ C0] do_syscall_64+0xf3/0x230 [ 79.008255][ C0] ? clear_bhb_loop+0x35/0x90 [ 79.012945][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.018826][ C0] RIP: 0033:0x7fc80247eb9c [ 79.023260][ C0] RSP: 002b:00007ffc30d4a8c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 79.031661][ C0] RAX: ffffffffffffffda RBX: 00007fc8030e4620 RCX: 00007fc80247eb9c [ 79.039640][ C0] RDX: 0000000000000068 RSI: 00007fc8030e4670 RDI: 0000000000000003 [ 79.047633][ C0] RBP: 0000000000000000 R08: 00007ffc30d4a914 R09: 000000000000000c [ 79.055614][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 79.063591][ C0] R13: 0000000000000000 R14: 00007fc8030e4670 R15: 0000000000000000 [ 79.071574][ C0] [ 79.074614][ C0] [ 79.074614][ C0] Showing all locks held in the system: [ 79.082319][ C0] 3 locks held by kworker/u8:0/11: [ 79.087639][ C0] 2 locks held by kworker/u8:1/12: [ 79.092845][ C0] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 79.104519][ C0] #1: ffffc90000117d00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 79.115273][ C0] 4 locks held by kworker/u8:3/52: [ 79.120390][ C0] 3 locks held by kworker/0:2/784: [ 79.125509][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 79.136506][ C0] #1: ffffc90003b87d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 79.147534][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 79.156516][ C0] 3 locks held by kworker/1:2/1146: [ 79.161692][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 79.172663][ C0] #1: ffffc90004cbfd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 79.184693][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: regdb_fw_cb+0x82/0x1c0 [ 79.193499][ C0] 3 locks held by kworker/u8:9/2847: [ 79.198763][ C0] #0: ffff888029e21948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 79.210358][ C0] #1: ffffc9000a09fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 79.223210][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 79.232647][ C0] 1 lock held by klogd/4535: [ 79.237234][ C0] 2 locks held by dhcpcd/4760: [ 79.241976][ C0] #0: ffff88801e6c8678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: netlink_dump+0xcb/0xd80 [ 79.251555][ C0] #1: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x1bd/0x300 [ 79.260449][ C0] 2 locks held by getty/4847: [ 79.265126][ C0] #0: ffff88802a8060a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 79.274885][ C0] #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 79.285005][ C0] 2 locks held by udevd/5130: [ 79.289667][ C0] 1 lock held by syz-executor.3/5201: [ 79.295036][ C0] #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 79.304535][ C0] 5 locks held by kworker/u8:11/5280: [ 79.309891][ C0] 4 locks held by syz-executor.1/5342: [ 79.315356][ C0] 5 locks held by syz-executor.4/5344: [ 79.320883][ C0] #0: ffff88801e6a4418 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x32/0x2f0 [ 79.330810][ C0] #1: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: count_memcg_event_mm+0x94/0x420 [ 79.340648][ C0] #2: ffffc90000007c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 79.350754][ C0] #3: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 79.360596][ C0] #4: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 79.370611][ C0] 4 locks held by kvm-nx-lpage-re/5341: [ 79.376154][ C0] #0: ffffffff8e3635e8 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_attach_task_all+0x27/0xe0 [ 79.386077][ C0] #1: ffffffff8e1cf750 (cpu_hotplug_lock){++++}-{0:0}, at: cgroup_attach_lock+0x11/0x40 [ 79.395912][ C0] #2: ffffffff8e3637d0 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: cgroup_attach_task_all+0x31/0xe0 [ 79.406795][ C0] #3: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 79.417719][ C0] [ 79.420031][ C0] ============================================= [ 79.420031][ C0] [ 79.720415][ T5346] loop0: detected capacity change from 0 to 1764 [ 80.502600][ C0] DEBUG: waiting rtnl_mutex for 565 jiffies. [ 80.508660][ C0] task:dhcpcd state:D stack:20600 pid:4760 tgid:4760 ppid:4759 flags:0x00000002 [ 80.518905][ C0] Call Trace: [ 80.522202][ C0] [ 80.525182][ C0] __schedule+0x17e8/0x4a20 [ 80.529738][ C0] ? __pfx___schedule+0x10/0x10 [ 80.534647][ C0] ? __pfx_lock_release+0x10/0x10 [ 80.539698][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 80.545233][ C0] ? schedule+0x90/0x320 [ 80.549503][ C0] schedule+0x14b/0x320 [ 80.553720][ C0] schedule_preempt_disabled+0x13/0x30 [ 80.559202][ C0] __mutex_lock+0x6a4/0xd70 [ 80.563774][ C0] ? __mutex_lock+0x527/0xd70 [ 80.568483][ C0] ? rtnl_dumpit+0x1bd/0x300 [ 80.573128][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 80.578188][ C0] ? __alloc_skb+0x28f/0x440 [ 80.582828][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 80.587939][ C0] rtnl_dumpit+0x1bd/0x300 [ 80.592365][ C0] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 80.597771][ C0] netlink_dump+0x645/0xd80 [ 80.602270][ C0] ? __pfx_netlink_dump+0x10/0x10 [ 80.607301][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 80.613407][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 80.618607][ C0] ? netlink_recvmsg+0x60a/0x11d0 [ 80.623643][ C0] ? kmem_cache_free+0x145/0x350 [ 80.628575][ C0] netlink_recvmsg+0x6bb/0x11d0 [ 80.633440][ C0] ? __pfx_netlink_recvmsg+0x10/0x10 [ 80.638718][ C0] ? __pfx_aa_sk_perm+0x10/0x10 [ 80.643623][ C0] ? __pfx___might_resched+0x10/0x10 [ 80.648971][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 80.653965][ C0] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 80.659264][ C0] ? security_socket_recvmsg+0x90/0xb0 [ 80.664738][ C0] ? __pfx_netlink_recvmsg+0x10/0x10 [ 80.670017][ C0] sock_recvmsg+0x22f/0x280 [ 80.674562][ C0] ____sys_recvmsg+0x1db/0x470 [ 80.679357][ C0] ? __pfx_____sys_recvmsg+0x10/0x10 [ 80.684683][ C0] __sys_recvmsg+0x2f0/0x3e0 [ 80.689280][ C0] ? __pfx_lock_release+0x10/0x10 [ 80.694342][ C0] ? __pfx___sys_recvmsg+0x10/0x10 [ 80.699459][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 80.705796][ C0] ? do_syscall_64+0x100/0x230 [ 80.710566][ C0] ? do_syscall_64+0xb6/0x230 [ 80.715278][ C0] do_syscall_64+0xf3/0x230 [ 80.719781][ C0] ? clear_bhb_loop+0x35/0x90 [ 80.724475][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.730379][ C0] RIP: 0033:0x7ffa689e191e [ 80.734809][ C0] RSP: 002b:00007ffd72ec6788 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 80.743235][ C0] RAX: ffffffffffffffda RBX: 00007ffd72ec78b0 RCX: 00007ffa689e191e [ 80.751209][ C0] RDX: 0000000000000000 RSI: 00007ffd72ec77d0 RDI: 000000000000000c [ 80.759205][ C0] RBP: 00007ffd72ec7840 R08: 0000000000000000 R09: 0000000000080000 [ 80.767186][ C0] R10: 00000000000000cf R11: 0000000000000246 R12: 0000000000000be0 [ 80.775163][ C0] R13: 00007ffd72ec77b4 R14: 00007ffd72ec77d0 R15: 00007ffd72ec77c0 [ 80.783150][ C0] [ 80.786156][ C0] DEBUG: holding rtnl_mutex for 591 jiffies. [ 80.792135][ C0] task:kworker/u8:3 state:D stack:22712 pid:52 tgid:52 ppid:2 flags:0x00004000 [ 80.802306][ C0] Workqueue: netns cleanup_net [ 80.807087][ C0] Call Trace: [ 80.810369][ C0] [ 80.813307][ C0] __schedule+0x17e8/0x4a20 [ 80.817817][ C0] ? __pfx___schedule+0x10/0x10 [ 80.822675][ C0] ? __pfx_lock_release+0x10/0x10 [ 80.827686][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 80.833591][ C0] ? kthread_data+0x52/0xd0 [ 80.838081][ C0] ? wq_worker_sleeping+0x66/0x240 [ 80.843204][ C0] ? schedule+0x90/0x320 [ 80.847432][ C0] schedule+0x14b/0x320 [ 80.851597][ C0] synchronize_rcu_expedited+0x684/0x830 [ 80.857266][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 80.863623][ C0] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 80.868936][ C0] ? __pfx_up_write+0x10/0x10 [ 80.873631][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 80.879705][ C0] ? kernfs_put+0x352/0x370 [ 80.884225][ C0] _cfg80211_unregister_wdev+0x22b/0x560 [ 80.889849][ C0] cfg80211_netdev_notifier_call+0x865/0x1490 [ 80.895951][ C0] ? __pfx_cfg80211_netdev_notifier_call+0x10/0x10 [ 80.902439][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 80.908446][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 80.914808][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 80.920167][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 80.925373][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 80.930728][ C0] ? rt_flush_dev+0x465/0x4b0 [ 80.935411][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 80.941121][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 80.946330][ C0] ? rt_flush_dev+0x480/0x4b0 [ 80.951010][ C0] ? igmp_netdev_event+0x7c/0x770 [ 80.956076][ C0] notifier_call_chain+0x19f/0x3e0 [ 80.961180][ C0] unregister_netdevice_many_notify+0xd75/0x16b0 [ 80.967524][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 80.974301][ C0] ? unregister_netdevice_queue+0x26b/0x370 [ 80.980214][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 80.986466][ C0] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 80.992643][ C0] default_device_exit_batch+0xa0f/0xa90 [ 80.998276][ C0] ? __pfx___might_resched+0x10/0x10 [ 81.003574][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 81.009722][ C0] ? cfg802154_pernet_exit+0xc3/0xe0 [ 81.015017][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 81.021174][ C0] cleanup_net+0x89d/0xcc0 [ 81.025611][ C0] ? __pfx_cleanup_net+0x10/0x10 [ 81.030541][ C0] ? process_scheduled_works+0x945/0x1830 [ 81.036268][ C0] process_scheduled_works+0xa2c/0x1830 [ 81.041819][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 81.047808][ C0] ? assign_work+0x364/0x3d0 [ 81.052385][ C0] worker_thread+0x86d/0xd50 [ 81.056992][ C0] ? __kthread_parkme+0x169/0x1d0 [ 81.062025][ C0] ? __pfx_worker_thread+0x10/0x10 [ 81.067181][ C0] kthread+0x2f0/0x390 [ 81.071239][ C0] ? __pfx_worker_thread+0x10/0x10 [ 81.076359][ C0] ? __pfx_kthread+0x10/0x10 [ 81.080936][ C0] ret_from_fork+0x4b/0x80 [ 81.085355][ C0] ? __pfx_kthread+0x10/0x10 [ 81.089951][ C0] ret_from_fork_asm+0x1a/0x30 [ 81.094732][ C0] [ 81.097737][ C0] DEBUG: waiting rtnl_mutex for 626 jiffies. [ 81.103716][ C0] task:kworker/u8:9 state:D stack:21352 pid:2847 tgid:2847 ppid:2 flags:0x00004000 [ 81.113884][ C0] Workqueue: ipv6_addrconf addrconf_dad_work [ 81.119859][ C0] Call Trace: [ 81.123141][ C0] [ 81.126068][ C0] __schedule+0x17e8/0x4a20 [ 81.130593][ C0] ? __pfx___schedule+0x10/0x10 [ 81.135451][ C0] ? __pfx_lock_release+0x10/0x10 [ 81.140465][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 81.145932][ C0] ? kthread_data+0x52/0xd0 [ 81.150439][ C0] ? schedule+0x90/0x320 [ 81.154688][ C0] ? wq_worker_sleeping+0x66/0x240 [ 81.159797][ C0] ? schedule+0x90/0x320 [ 81.164052][ C0] schedule+0x14b/0x320 [ 81.168197][ C0] schedule_preempt_disabled+0x13/0x30 [ 81.173657][ C0] __mutex_lock+0x6a4/0xd70 [ 81.178157][ C0] ? mark_lock+0x9a/0x360 [ 81.182474][ C0] ? __mutex_lock+0x527/0xd70 [ 81.187161][ C0] ? addrconf_dad_work+0xd0/0x16f0 [ 81.192264][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 81.197311][ C0] ? rtnl_lock+0xe7/0x130 [ 81.201626][ C0] addrconf_dad_work+0xd0/0x16f0 [ 81.206574][ C0] ? __pfx_addrconf_dad_work+0x10/0x10 [ 81.212035][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 81.218377][ C0] ? process_scheduled_works+0x945/0x1830 [ 81.224119][ C0] process_scheduled_works+0xa2c/0x1830 [ 81.229689][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 81.235683][ C0] ? assign_work+0x364/0x3d0 [ 81.240288][ C0] worker_thread+0x86d/0xd50 [ 81.244893][ C0] ? __kthread_parkme+0x169/0x1d0 [ 81.249908][ C0] ? __pfx_worker_thread+0x10/0x10 [ 81.255026][ C0] kthread+0x2f0/0x390 [ 81.259090][ C0] ? __pfx_worker_thread+0x10/0x10 [ 81.264209][ C0] ? __pfx_kthread+0x10/0x10 [ 81.268877][ C0] ret_from_fork+0x4b/0x80 [ 81.273321][ C0] ? __pfx_kthread+0x10/0x10 [ 81.277896][ C0] ret_from_fork_asm+0x1a/0x30 [ 81.282702][ C0] [ 81.285706][ C0] DEBUG: waiting rtnl_mutex for 777 jiffies. [ 81.291668][ C0] task:syz-executor.3 state:D stack:21024 pid:5201 tgid:5201 ppid:5200 flags:0x00004002 [ 81.301924][ C0] Call Trace: [ 81.305226][ C0] [ 81.308145][ C0] __schedule+0x17e8/0x4a20 [ 81.312675][ C0] ? __pfx___schedule+0x10/0x10 [ 81.317513][ C0] ? __pfx_lock_release+0x10/0x10 [ 81.322525][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 81.328024][ C0] ? schedule+0x90/0x320 [ 81.332253][ C0] schedule+0x14b/0x320 [ 81.336457][ C0] schedule_preempt_disabled+0x13/0x30 [ 81.341903][ C0] __mutex_lock+0x6a4/0xd70 [ 81.346415][ C0] ? __mutex_lock+0x527/0xd70 [ 81.351083][ C0] ? rtnetlink_rcv_msg+0x839/0x1170 [ 81.356294][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 81.361312][ C0] ? kasan_check_range+0x1ba/0x290 [ 81.366432][ C0] ? rtnl_lock+0xe7/0x130 [ 81.370750][ C0] rtnetlink_rcv_msg+0x839/0x1170 [ 81.375786][ C0] ? rtnetlink_rcv_msg+0x208/0x1170 [ 81.381005][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 81.386476][ C0] ? __pfx_validate_chain+0x10/0x10 [ 81.391664][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 81.397650][ C0] ? __pfx_validate_chain+0x10/0x10 [ 81.402855][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 81.409165][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 81.414398][ C0] ? finish_task_switch+0x1e5/0x870 [ 81.419589][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 81.424800][ C0] ? finish_task_switch+0x1e5/0x870 [ 81.429992][ C0] ? __schedule+0x17f0/0x4a20 [ 81.434691][ C0] ? mark_lock+0x9a/0x360 [ 81.439010][ C0] ? __lock_acquire+0x1359/0x2000 [ 81.444065][ C0] netlink_rcv_skb+0x1e3/0x430 [ 81.448820][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 81.454292][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 81.459598][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 81.464851][ C0] netlink_unicast+0x7ea/0x980 [ 81.469633][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 81.474923][ C0] ? __virt_addr_valid+0x183/0x520 [ 81.480026][ C0] ? __check_object_size+0x49c/0x900 [ 81.485319][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 81.490418][ C0] netlink_sendmsg+0x8db/0xcb0 [ 81.495198][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 81.500489][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 81.505450][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 81.510733][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 81.516208][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 81.521488][ C0] __sock_sendmsg+0x221/0x270 [ 81.526192][ C0] __sys_sendto+0x3a4/0x4f0 [ 81.530731][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 81.535794][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 81.541132][ C0] __x64_sys_sendto+0xde/0x100 [ 81.545914][ C0] do_syscall_64+0xf3/0x230 [ 81.550424][ C0] ? clear_bhb_loop+0x35/0x90 [ 81.555230][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.561113][ C0] RIP: 0033:0x7fc80247eb9c [ 81.565552][ C0] RSP: 002b:00007ffc30d4a8c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 81.574011][ C0] RAX: ffffffffffffffda RBX: 00007fc8030e4620 RCX: 00007fc80247eb9c [ 81.581980][ C0] RDX: 0000000000000068 RSI: 00007fc8030e4670 RDI: 0000000000000003 [ 81.589969][ C0] RBP: 0000000000000000 R08: 00007ffc30d4a914 R09: 000000000000000c [ 81.597963][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 81.605961][ C0] R13: 0000000000000000 R14: 00007fc8030e4670 R15: 0000000000000000 [ 81.613961][ C0] [ 81.616983][ C0] DEBUG: waiting rtnl_mutex for 720 jiffies. [ 81.622958][ C0] task:kworker/0:2 state:D stack:22128 pid:784 tgid:784 ppid:2 flags:0x00004000 [ 81.633132][ C0] Workqueue: events linkwatch_event [ 81.638324][ C0] Call Trace: [ 81.641587][ C0] [ 81.644530][ C0] __schedule+0x17e8/0x4a20 [ 81.649136][ C0] ? __pfx___schedule+0x10/0x10 [ 81.654012][ C0] ? __pfx_lock_release+0x10/0x10 [ 81.659036][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 81.664579][ C0] ? schedule+0x90/0x320 [ 81.668821][ C0] schedule+0x14b/0x320 [ 81.672995][ C0] schedule_preempt_disabled+0x13/0x30 [ 81.678444][ C0] __mutex_lock+0x6a4/0xd70 [ 81.682961][ C0] ? __mutex_lock+0x527/0xd70 [ 81.687632][ C0] ? linkwatch_event+0xe/0x60 [ 81.692295][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 81.697337][ C0] ? rtnl_lock+0xe7/0x130 [ 81.701653][ C0] ? process_scheduled_works+0x945/0x1830 [ 81.707382][ C0] linkwatch_event+0xe/0x60 [ 81.711882][ C0] process_scheduled_works+0xa2c/0x1830 [ 81.717455][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 81.723443][ C0] ? assign_work+0x364/0x3d0 [ 81.728023][ C0] worker_thread+0x86d/0xd50 [ 81.732799][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 81.738680][ C0] ? __kthread_parkme+0x169/0x1d0 [ 81.743708][ C0] ? __pfx_worker_thread+0x10/0x10 [ 81.748803][ C0] kthread+0x2f0/0x390 [ 81.752874][ C0] ? __pfx_worker_thread+0x10/0x10 [ 81.757968][ C0] ? __pfx_kthread+0x10/0x10 [ 81.762586][ C0] ret_from_fork+0x4b/0x80 [ 81.767005][ C0] ? __pfx_kthread+0x10/0x10 [ 81.771616][ C0] ret_from_fork_asm+0x1a/0x30 [ 81.776402][ C0] [ 81.779406][ C0] [ 81.779406][ C0] Showing all locks held in the system: [ 81.787122][ C0] 6 locks held by kworker/u8:3/52: [ 81.792226][ C0] #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 81.803110][ C0] #1: ffffc90000bc7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 81.813638][ C0] #2: ffffffff8f5e2c90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 81.823038][ C0] #3: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 81.833061][ C0] #4: ffff888023130768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_netdev_notifier_call+0x859/0x1490 [ 81.844110][ C0] #5: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 81.855097][ C0] 3 locks held by kworker/0:2/784: [ 81.860184][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 81.871143][ C0] #1: ffffc90003b87d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 81.882111][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 81.891084][ C0] 3 locks held by kworker/1:2/1146: [ 81.896279][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 81.907240][ C0] #1: ffffc90004cbfd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 81.919243][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: regdb_fw_cb+0x82/0x1c0 [ 81.928044][ C0] 3 locks held by kworker/u8:9/2847: [ 81.933333][ C0] #0: ffff888029e21948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 81.944903][ C0] #1: ffffc9000a09fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 81.957698][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 81.967189][ C0] 2 locks held by kworker/u8:10/2856: [ 81.972564][ C0] 2 locks held by dhcpcd/4760: [ 81.977325][ C0] #0: ffff88801e6c8678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: netlink_dump+0xcb/0xd80 [ 81.986906][ C0] #1: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x1bd/0x300 [ 81.995794][ C0] 2 locks held by getty/4847: [ 82.000448][ C0] #0: ffff88802a8060a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 82.010199][ C0] #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 82.020300][ C0] 1 lock held by syz-executor.3/5201: [ 82.025669][ C0] #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 82.035166][ C0] 5 locks held by kworker/u8:11/5280: [ 82.040515][ C0] 1 lock held by syz-executor.1/5337: [ 82.045882][ C0] #0: ffffffff8e33a740 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530 [ 82.055825][ C0] 1 lock held by syz-executor.4/5350: [ 82.061175][ C0] #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tcx_link_attach+0xed/0x950 [ 82.070331][ C0] [ 82.072657][ C0] ============================================= [ 82.072657][ C0] [ 83.142781][ C0] DEBUG: waiting rtnl_mutex for 829 jiffies. [ 83.148817][ C0] task:dhcpcd state:D stack:20600 pid:4760 tgid:4760 ppid:4759 flags:0x00000002 [ 83.159074][ C0] Call Trace: [ 83.162370][ C0] [ 83.165365][ C0] __schedule+0x17e8/0x4a20 [ 83.169919][ C0] ? __pfx___schedule+0x10/0x10 [ 83.174831][ C0] ? __pfx_lock_release+0x10/0x10 [ 83.179888][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 83.185450][ C0] ? schedule+0x90/0x320 [ 83.189718][ C0] schedule+0x14b/0x320 [ 83.193944][ C0] schedule_preempt_disabled+0x13/0x30 [ 83.199427][ C0] __mutex_lock+0x6a4/0xd70 [ 83.203992][ C0] ? __mutex_lock+0x527/0xd70 [ 83.208698][ C0] ? rtnl_dumpit+0x1bd/0x300 [ 83.213363][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 83.218422][ C0] ? __alloc_skb+0x28f/0x440 [ 83.223067][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 83.228133][ C0] rtnl_dumpit+0x1bd/0x300 [ 83.232613][ C0] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 83.238010][ C0] netlink_dump+0x645/0xd80 [ 83.242586][ C0] ? __pfx_netlink_dump+0x10/0x10 [ 83.247632][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 83.253681][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 83.258914][ C0] ? netlink_recvmsg+0x60a/0x11d0 [ 83.263995][ C0] ? kmem_cache_free+0x145/0x350 [ 83.268963][ C0] netlink_recvmsg+0x6bb/0x11d0 [ 83.273904][ C0] ? __pfx_netlink_recvmsg+0x10/0x10 [ 83.279233][ C0] ? __pfx_aa_sk_perm+0x10/0x10 [ 83.284150][ C0] ? __pfx___might_resched+0x10/0x10 [ 83.289457][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 83.294464][ C0] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 83.299774][ C0] ? security_socket_recvmsg+0x90/0xb0 [ 83.305294][ C0] ? __pfx_netlink_recvmsg+0x10/0x10 [ 83.310616][ C0] sock_recvmsg+0x22f/0x280 [ 83.315200][ C0] ____sys_recvmsg+0x1db/0x470 [ 83.320011][ C0] ? __pfx_____sys_recvmsg+0x10/0x10 [ 83.325382][ C0] __sys_recvmsg+0x2f0/0x3e0 [ 83.330000][ C0] ? __pfx_lock_release+0x10/0x10 [ 83.335174][ C0] ? __pfx___sys_recvmsg+0x10/0x10 [ 83.340364][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 83.346774][ C0] ? do_syscall_64+0x100/0x230 [ 83.351564][ C0] ? do_syscall_64+0xb6/0x230 [ 83.356303][ C0] do_syscall_64+0xf3/0x230 [ 83.360843][ C0] ? clear_bhb_loop+0x35/0x90 [ 83.365581][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.371495][ C0] RIP: 0033:0x7ffa689e191e [ 83.375960][ C0] RSP: 002b:00007ffd72ec6788 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 83.384435][ C0] RAX: ffffffffffffffda RBX: 00007ffd72ec78b0 RCX: 00007ffa689e191e [ 83.392423][ C0] RDX: 0000000000000000 RSI: 00007ffd72ec77d0 RDI: 000000000000000c [ 83.400452][ C0] RBP: 00007ffd72ec7840 R08: 0000000000000000 R09: 0000000000080000 [ 83.408528][ C0] R10: 00000000000000cf R11: 0000000000000246 R12: 0000000000000be0 [ 83.416555][ C0] R13: 00007ffd72ec77b4 R14: 00007ffd72ec77d0 R15: 00007ffd72ec77c0 [ 83.424602][ C0] [ 83.427659][ C0] DEBUG: holding rtnl_mutex for 855 jiffies. [ 83.433675][ C0] task:kworker/u8:3 state:R running task stack:22712 pid:52 tgid:52 ppid:2 flags:0x00004000 [ 83.445513][ C0] Workqueue: netns cleanup_net [ 83.450346][ C0] Call Trace: [ 83.453668][ C0] [ 83.456623][ C0] __schedule+0x17e8/0x4a20 [ 83.461168][ C0] ? __lock_acquire+0x1359/0x2000 [ 83.466267][ C0] ? __pfx___schedule+0x10/0x10 [ 83.471153][ C0] ? irqentry_exit+0x63/0x90 [ 83.475810][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 83.481069][ C0] ? preempt_schedule+0xe1/0xf0 [ 83.485988][ C0] preempt_schedule_common+0x84/0xd0 [ 83.491317][ C0] preempt_schedule+0xe1/0xf0 [ 83.496052][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 83.501450][ C0] ? __pfx_lock_release+0x10/0x10 [ 83.506625][ C0] preempt_schedule_thunk+0x1a/0x30 [ 83.511860][ C0] _raw_spin_unlock+0x3e/0x50 [ 83.516595][ C0] kernfs_put+0x1c6/0x370 [ 83.520959][ C0] kernfs_remove_by_name_ns+0xe4/0x160 [ 83.526479][ C0] sysfs_remove_group+0xfe/0x2c0 [ 83.531448][ C0] sysfs_remove_groups+0x54/0xb0 [ 83.536448][ C0] device_remove_attrs+0x23a/0x290 [ 83.541595][ C0] ? __pfx_device_remove_attrs+0x10/0x10 [ 83.547291][ C0] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 83.553066][ C0] device_del+0x572/0x9b0 [ 83.557432][ C0] ? __pfx_device_del+0x10/0x10 [ 83.562311][ C0] ? netdev_unregister_kobject+0x178/0x250 [ 83.568185][ C0] unregister_netdevice_many_notify+0x11b7/0x16b0 [ 83.574668][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 83.581514][ C0] ? unregister_netdevice_queue+0x26b/0x370 [ 83.587478][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 83.593781][ C0] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 83.600030][ C0] default_device_exit_batch+0xa0f/0xa90 [ 83.605711][ C0] ? __pfx___might_resched+0x10/0x10 [ 83.610984][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 83.617161][ C0] ? cfg802154_pernet_exit+0xc3/0xe0 [ 83.622438][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 83.628602][ C0] cleanup_net+0x89d/0xcc0 [ 83.633028][ C0] ? __pfx_cleanup_net+0x10/0x10 [ 83.637955][ C0] ? process_scheduled_works+0x945/0x1830 [ 83.643686][ C0] process_scheduled_works+0xa2c/0x1830 [ 83.649238][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 83.655235][ C0] ? assign_work+0x364/0x3d0 [ 83.659816][ C0] worker_thread+0x86d/0xd50 [ 83.664431][ C0] ? __kthread_parkme+0x169/0x1d0 [ 83.669445][ C0] ? __pfx_worker_thread+0x10/0x10 [ 83.674565][ C0] kthread+0x2f0/0x390 [ 83.678621][ C0] ? __pfx_worker_thread+0x10/0x10 [ 83.683737][ C0] ? __pfx_kthread+0x10/0x10 [ 83.688341][ C0] ret_from_fork+0x4b/0x80 [ 83.692784][ C0] ? __pfx_kthread+0x10/0x10 [ 83.697360][ C0] ret_from_fork_asm+0x1a/0x30 [ 83.702119][ C0] [ 83.705148][ C0] DEBUG: waiting rtnl_mutex for 887 jiffies. [ 83.711108][ C0] task:kworker/u8:9 state:D stack:21352 pid:2847 tgid:2847 ppid:2 flags:0x00004000 [ 83.721308][ C0] Workqueue: ipv6_addrconf addrconf_dad_work [ 83.727308][ C0] Call Trace: [ 83.730571][ C0] [ 83.733511][ C0] __schedule+0x17e8/0x4a20 [ 83.738013][ C0] ? __pfx___schedule+0x10/0x10 [ 83.742872][ C0] ? __pfx_lock_release+0x10/0x10 [ 83.747883][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 83.753351][ C0] ? kthread_data+0x52/0xd0 [ 83.757838][ C0] ? schedule+0x90/0x320 [ 83.762070][ C0] ? wq_worker_sleeping+0x66/0x240 [ 83.767281][ C0] ? schedule+0x90/0x320 [ 83.771510][ C0] schedule+0x14b/0x320 [ 83.775675][ C0] schedule_preempt_disabled+0x13/0x30 [ 83.781116][ C0] __mutex_lock+0x6a4/0xd70 [ 83.785627][ C0] ? mark_lock+0x9a/0x360 [ 83.789965][ C0] ? __mutex_lock+0x527/0xd70 [ 83.794665][ C0] ? addrconf_dad_work+0xd0/0x16f0 [ 83.799763][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 83.804799][ C0] ? rtnl_lock+0xe7/0x130 [ 83.809117][ C0] addrconf_dad_work+0xd0/0x16f0 [ 83.814069][ C0] ? __pfx_addrconf_dad_work+0x10/0x10 [ 83.819519][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 83.825864][ C0] ? process_scheduled_works+0x945/0x1830 [ 83.831568][ C0] process_scheduled_works+0xa2c/0x1830 [ 83.837135][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 83.843124][ C0] ? assign_work+0x364/0x3d0 [ 83.847700][ C0] worker_thread+0x86d/0xd50 [ 83.852285][ C0] ? __kthread_parkme+0x169/0x1d0 [ 83.857335][ C0] ? __pfx_worker_thread+0x10/0x10 [ 83.862453][ C0] kthread+0x2f0/0x390 [ 83.866528][ C0] ? __pfx_worker_thread+0x10/0x10 [ 83.871621][ C0] ? __pfx_kthread+0x10/0x10 [ 83.876220][ C0] ret_from_fork+0x4b/0x80 [ 83.880632][ C0] ? __pfx_kthread+0x10/0x10 [ 83.885235][ C0] ret_from_fork_asm+0x1a/0x30 [ 83.889993][ C0] [ 83.893014][ C0] DEBUG: waiting rtnl_mutex for 1038 jiffies. [ 83.899078][ C0] task:syz-executor.3 state:D stack:21024 pid:5201 tgid:5201 ppid:5200 flags:0x00004002 [ 83.909241][ C0] Call Trace: [ 83.912502][ C0] [ 83.915445][ C0] __schedule+0x17e8/0x4a20 [ 83.919945][ C0] ? __pfx___schedule+0x10/0x10 [ 83.924812][ C0] ? __pfx_lock_release+0x10/0x10 [ 83.929824][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 83.935297][ C0] ? schedule+0x90/0x320 [ 83.939524][ C0] schedule+0x14b/0x320 [ 83.943688][ C0] schedule_preempt_disabled+0x13/0x30 [ 83.949130][ C0] __mutex_lock+0x6a4/0xd70 [ 83.953659][ C0] ? __mutex_lock+0x527/0xd70 [ 83.958322][ C0] ? rtnetlink_rcv_msg+0x839/0x1170 [ 83.963616][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 83.968647][ C0] ? kasan_check_range+0x1ba/0x290 [ 83.973781][ C0] ? rtnl_lock+0xe7/0x130 [ 83.978103][ C0] rtnetlink_rcv_msg+0x839/0x1170 [ 83.983135][ C0] ? rtnetlink_rcv_msg+0x208/0x1170 [ 83.988408][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 83.993876][ C0] ? __pfx_validate_chain+0x10/0x10 [ 83.999146][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 84.005128][ C0] ? __pfx_validate_chain+0x10/0x10 [ 84.010333][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 84.016808][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 84.022078][ C0] ? finish_task_switch+0x1e5/0x870 [ 84.027318][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 84.032583][ C0] ? finish_task_switch+0x1e5/0x870 [ 84.037813][ C0] ? __schedule+0x17f0/0x4a20 [ 84.042480][ C0] ? mark_lock+0x9a/0x360 [ 84.046822][ C0] ? __lock_acquire+0x1359/0x2000 [ 84.051869][ C0] netlink_rcv_skb+0x1e3/0x430 [ 84.056652][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 84.062185][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 84.067488][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 84.072693][ C0] netlink_unicast+0x7ea/0x980 [ 84.077446][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 84.082754][ C0] ? __virt_addr_valid+0x183/0x520 [ 84.087851][ C0] ? __check_object_size+0x49c/0x900 [ 84.093139][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 84.098255][ C0] netlink_sendmsg+0x8db/0xcb0 [ 84.103037][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.108311][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 84.113252][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 84.118520][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 84.124014][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.129287][ C0] __sock_sendmsg+0x221/0x270 [ 84.133986][ C0] __sys_sendto+0x3a4/0x4f0 [ 84.138476][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 84.143516][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 84.148707][ C0] __x64_sys_sendto+0xde/0x100 [ 84.153509][ C0] do_syscall_64+0xf3/0x230 [ 84.157997][ C0] ? clear_bhb_loop+0x35/0x90 [ 84.162683][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.168559][ C0] RIP: 0033:0x7fc80247eb9c [ 84.172974][ C0] RSP: 002b:00007ffc30d4a8c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 84.181370][ C0] RAX: ffffffffffffffda RBX: 00007fc8030e4620 RCX: 00007fc80247eb9c [ 84.189345][ C0] RDX: 0000000000000068 RSI: 00007fc8030e4670 RDI: 0000000000000003 [ 84.197513][ C0] RBP: 0000000000000000 R08: 00007ffc30d4a914 R09: 000000000000000c [ 84.205487][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 84.213458][ C0] R13: 0000000000000000 R14: 00007fc8030e4670 R15: 0000000000000000 [ 84.221439][ C0] [ 84.224513][ C0] DEBUG: waiting rtnl_mutex for 981 jiffies. [ 84.230496][ C0] task:kworker/0:2 state:D stack:22128 pid:784 tgid:784 ppid:2 flags:0x00004000 [ 84.240679][ C0] Workqueue: events linkwatch_event [ 84.245892][ C0] Call Trace: [ 84.249169][ C0] [ 84.252107][ C0] __schedule+0x17e8/0x4a20 [ 84.256646][ C0] ? __pfx___schedule+0x10/0x10 [ 84.261484][ C0] ? __pfx_lock_release+0x10/0x10 [ 84.266518][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 84.271876][ C0] ? schedule+0x90/0x320 [ 84.276121][ C0] schedule+0x14b/0x320 [ 84.280260][ C0] schedule_preempt_disabled+0x13/0x30 [ 84.285721][ C0] __mutex_lock+0x6a4/0xd70 [ 84.290212][ C0] ? __mutex_lock+0x527/0xd70 [ 84.294893][ C0] ? linkwatch_event+0xe/0x60 [ 84.299553][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 84.304590][ C0] ? rtnl_lock+0xe7/0x130 [ 84.308903][ C0] ? process_scheduled_works+0x945/0x1830 [ 84.314641][ C0] linkwatch_event+0xe/0x60 [ 84.319149][ C0] process_scheduled_works+0xa2c/0x1830 [ 84.324717][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 84.330745][ C0] ? assign_work+0x364/0x3d0 [ 84.335388][ C0] worker_thread+0x86d/0xd50 [ 84.339977][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 84.345886][ C0] ? __kthread_parkme+0x169/0x1d0 [ 84.350916][ C0] ? __pfx_worker_thread+0x10/0x10 [ 84.356054][ C0] kthread+0x2f0/0x390 [ 84.360114][ C0] ? __pfx_worker_thread+0x10/0x10 [ 84.365238][ C0] ? __pfx_kthread+0x10/0x10 [ 84.369828][ C0] ret_from_fork+0x4b/0x80 [ 84.374279][ C0] ? __pfx_kthread+0x10/0x10 [ 84.378862][ C0] ret_from_fork_asm+0x1a/0x30 [ 84.383648][ C0] [ 84.386649][ C0] DEBUG: waiting rtnl_mutex for 738 jiffies. [ 84.392630][ C0] task:kworker/1:2 state:D stack:25168 pid:1146 tgid:1146 ppid:2 flags:0x00004000 [ 84.402811][ C0] Workqueue: events request_firmware_work_func [ 84.408959][ C0] Call Trace: [ 84.412221][ C0] [ 84.415161][ C0] __schedule+0x17e8/0x4a20 [ 84.419740][ C0] ? __pfx___schedule+0x10/0x10 [ 84.424615][ C0] ? __pfx_lock_release+0x10/0x10 [ 84.429631][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 84.435109][ C0] ? kthread_data+0x52/0xd0 [ 84.439600][ C0] ? schedule+0x90/0x320 [ 84.443849][ C0] ? wq_worker_sleeping+0x66/0x240 [ 84.448945][ C0] ? schedule+0x90/0x320 [ 84.453277][ C0] schedule+0x14b/0x320 [ 84.457420][ C0] schedule_preempt_disabled+0x13/0x30 [ 84.462886][ C0] __mutex_lock+0x6a4/0xd70 [ 84.467382][ C0] ? __mutex_lock+0x527/0xd70 [ 84.472043][ C0] ? regdb_fw_cb+0x82/0x1c0 [ 84.476571][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 84.481586][ C0] ? __pfx_regdb_fw_cb+0x10/0x10 [ 84.486532][ C0] ? rtnl_lock+0xe7/0x130 [ 84.490846][ C0] ? __pfx_regdb_fw_cb+0x10/0x10 [ 84.495836][ C0] regdb_fw_cb+0x82/0x1c0 [ 84.500150][ C0] ? __pfx_regdb_fw_cb+0x10/0x10 [ 84.505096][ C0] request_firmware_work_func+0x1a4/0x280 [ 84.510808][ C0] ? __pfx_request_firmware_work_func+0x10/0x10 [ 84.517062][ C0] ? process_scheduled_works+0x945/0x1830 [ 84.522793][ C0] process_scheduled_works+0xa2c/0x1830 [ 84.528336][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 84.534323][ C0] ? assign_work+0x364/0x3d0 [ 84.539030][ C0] worker_thread+0x86d/0xd50 [ 84.543635][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 84.549516][ C0] ? __kthread_parkme+0x169/0x1d0 [ 84.554575][ C0] ? __pfx_worker_thread+0x10/0x10 [ 84.559680][ C0] kthread+0x2f0/0x390 [ 84.563767][ C0] ? __pfx_worker_thread+0x10/0x10 [ 84.568864][ C0] ? __pfx_kthread+0x10/0x10 [ 84.573458][ C0] ret_from_fork+0x4b/0x80 [ 84.577862][ C0] ? __pfx_kthread+0x10/0x10 [ 84.582523][ C0] ret_from_fork_asm+0x1a/0x30 [ 84.587345][ C0] [ 84.590352][ C0] [ 84.590352][ C0] Showing all locks held in the system: [ 84.598097][ C0] 3 locks held by kworker/u8:2/35: [ 84.603229][ C0] 5 locks held by kworker/u8:3/52: [ 84.608326][ C0] 3 locks held by kworker/0:2/784: [ 84.613437][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 84.624411][ C0] #1: ffffc90003b87d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 84.635383][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 84.644366][ C0] 3 locks held by kworker/1:2/1146: [ 84.649563][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 84.660543][ C0] #1: ffffc90004cbfd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 84.672683][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: regdb_fw_cb+0x82/0x1c0 [ 84.681487][ C0] 3 locks held by kworker/u8:9/2847: [ 84.686775][ C0] #0: ffff888029e21948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 84.698350][ C0] #1: ffffc9000a09fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 84.711170][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 84.720671][ C0] 2 locks held by dhcpcd/4760: [ 84.725445][ C0] #0: ffff88801e6c8678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: netlink_dump+0xcb/0xd80 [ 84.735043][ C0] #1: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x1bd/0x300 [ 84.743938][ C0] 2 locks held by getty/4847: [ 84.748600][ C0] #0: ffff88802a8060a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 84.758358][ C0] #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 84.768465][ C0] 1 lock held by syz-executor.3/5201: [ 84.773840][ C0] #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 84.783333][ C0] 1 lock held by syz-executor.4/5350: [ 84.788679][ C0] #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tcx_link_attach+0xed/0x950 [ 84.797833][ C0] 3 locks held by syz-executor.2/5357: [ 84.803291][ C0] #0: ffffc90000007c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 84.813389][ C0] #1: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 84.823138][ C0] #2: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 84.832981][ C0] [ 84.835328][ C0] ============================================= [ 84.835328][ C0] [ 84.892829][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.012839][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.021675][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.225586][ T5366] loop1: detected capacity change from 0 to 1764 [ 85.263053][ T52] team0 (unregistering): Port device team_slave_1 removed [ 85.350128][ T5369] kvm: emulating exchange as write [ 85.442425][ T52] team0 (unregistering): Port device team_slave_0 removed [ 85.862778][ C0] DEBUG: waiting rtnl_mutex for 1101 jiffies. [ 85.868924][ C0] task:dhcpcd state:D stack:20600 pid:4760 tgid:4760 ppid:4759 flags:0x00000002 [ 85.879138][ C0] Call Trace: [ 85.882423][ C0] [ 85.885361][ C0] __schedule+0x17e8/0x4a20 [ 85.889865][ C0] ? __pfx___schedule+0x10/0x10 [ 85.894722][ C0] ? __pfx_lock_release+0x10/0x10 [ 85.899733][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 85.905204][ C0] ? schedule+0x90/0x320 [ 85.909429][ C0] schedule+0x14b/0x320 [ 85.913587][ C0] schedule_preempt_disabled+0x13/0x30 [ 85.919031][ C0] __mutex_lock+0x6a4/0xd70 [ 85.923544][ C0] ? __mutex_lock+0x527/0xd70 [ 85.928206][ C0] ? rtnl_dumpit+0x1bd/0x300 [ 85.932802][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 85.937817][ C0] ? __alloc_skb+0x28f/0x440 [ 85.942672][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 85.947687][ C0] rtnl_dumpit+0x1bd/0x300 [ 85.952086][ C0] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 85.957478][ C0] netlink_dump+0x645/0xd80 [ 85.961973][ C0] ? __pfx_netlink_dump+0x10/0x10 [ 85.967002][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 85.972996][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 85.978184][ C0] ? netlink_recvmsg+0x60a/0x11d0 [ 85.983216][ C0] ? kmem_cache_free+0x145/0x350 [ 85.988143][ C0] netlink_recvmsg+0x6bb/0x11d0 [ 85.993001][ C0] ? __pfx_netlink_recvmsg+0x10/0x10 [ 85.998274][ C0] ? __pfx_aa_sk_perm+0x10/0x10 [ 86.003127][ C0] ? __pfx___might_resched+0x10/0x10 [ 86.008392][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 86.013354][ C0] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 86.018622][ C0] ? security_socket_recvmsg+0x90/0xb0 [ 86.024100][ C0] ? __pfx_netlink_recvmsg+0x10/0x10 [ 86.029372][ C0] sock_recvmsg+0x22f/0x280 [ 86.033889][ C0] ____sys_recvmsg+0x1db/0x470 [ 86.038666][ C0] ? __pfx_____sys_recvmsg+0x10/0x10 [ 86.043968][ C0] __sys_recvmsg+0x2f0/0x3e0 [ 86.048541][ C0] ? __pfx_lock_release+0x10/0x10 [ 86.053566][ C0] ? __pfx___sys_recvmsg+0x10/0x10 [ 86.058677][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 86.065011][ C0] ? do_syscall_64+0x100/0x230 [ 86.069761][ C0] ? do_syscall_64+0xb6/0x230 [ 86.074455][ C0] do_syscall_64+0xf3/0x230 [ 86.078943][ C0] ? clear_bhb_loop+0x35/0x90 [ 86.083621][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.089499][ C0] RIP: 0033:0x7ffa689e191e [ 86.093935][ C0] RSP: 002b:00007ffd72ec6788 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 86.102337][ C0] RAX: ffffffffffffffda RBX: 00007ffd72ec78b0 RCX: 00007ffa689e191e [ 86.110312][ C0] RDX: 0000000000000000 RSI: 00007ffd72ec77d0 RDI: 000000000000000c [ 86.118285][ C0] RBP: 00007ffd72ec7840 R08: 0000000000000000 R09: 0000000000080000 [ 86.126258][ C0] R10: 00000000000000cf R11: 0000000000000246 R12: 0000000000000be0 [ 86.134230][ C0] R13: 00007ffd72ec77b4 R14: 00007ffd72ec77d0 R15: 00007ffd72ec77c0 [ 86.142193][ C0] [ 86.145216][ C0] DEBUG: holding rtnl_mutex for 1127 jiffies. [ 86.151258][ C0] task:kworker/u8:3 state:R running task stack:22712 pid:52 tgid:52 ppid:2 flags:0x00004000 [ 86.162994][ C0] Workqueue: netns cleanup_net [ 86.167747][ C0] Call Trace: [ 86.171009][ C0] [ 86.173951][ C0] __schedule+0x17e8/0x4a20 [ 86.178455][ C0] ? __pfx___schedule+0x10/0x10 [ 86.183315][ C0] ? preempt_schedule+0xe1/0xf0 [ 86.188150][ C0] preempt_schedule_common+0x84/0xd0 [ 86.193458][ C0] preempt_schedule+0xe1/0xf0 [ 86.198117][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 86.203491][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 86.209456][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 86.215786][ C0] preempt_schedule_thunk+0x1a/0x30 [ 86.220971][ C0] _raw_spin_unlock_irqrestore+0x130/0x140 [ 86.226777][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.233136][ C0] kthread_queue_work+0x110/0x180 [ 86.238146][ C0] synchronize_rcu_expedited+0x5ad/0x830 [ 86.243785][ C0] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 86.249945][ C0] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 86.255232][ C0] ? __pfx___might_resched+0x10/0x10 [ 86.260500][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 86.266483][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 86.272816][ C0] synchronize_rcu+0x11b/0x360 [ 86.277581][ C0] ? __pfx_synchronize_rcu+0x10/0x10 [ 86.282881][ C0] lockdep_unregister_key+0x4b7/0x540 [ 86.288239][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 86.294134][ C0] ? rcu_is_watching+0x15/0xb0 [ 86.298884][ C0] ? qdisc_reset+0x3bb/0x5a0 [ 86.303480][ C0] __qdisc_destroy+0x165/0x410 [ 86.308229][ C0] dev_shutdown+0x9b/0x440 [ 86.312656][ C0] unregister_netdevice_many_notify+0x977/0x16b0 [ 86.318992][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 86.325757][ C0] ? unregister_netdevice_queue+0x26b/0x370 [ 86.331637][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 86.337878][ C0] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 86.344037][ C0] default_device_exit_batch+0xa0f/0xa90 [ 86.349675][ C0] ? __pfx___might_resched+0x10/0x10 [ 86.354969][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 86.361114][ C0] ? cfg802154_pernet_exit+0xc3/0xe0 [ 86.366403][ C0] ? __pfx_default_device_exit_batch+0x10/0x10 [ 86.372598][ C0] cleanup_net+0x89d/0xcc0 [ 86.377017][ C0] ? __pfx_cleanup_net+0x10/0x10 [ 86.381946][ C0] ? process_scheduled_works+0x945/0x1830 [ 86.387670][ C0] process_scheduled_works+0xa2c/0x1830 [ 86.393232][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.399210][ C0] ? assign_work+0x364/0x3d0 [ 86.403806][ C0] worker_thread+0x86d/0xd50 [ 86.408388][ C0] ? __kthread_parkme+0x169/0x1d0 [ 86.413412][ C0] ? __pfx_worker_thread+0x10/0x10 [ 86.418504][ C0] kthread+0x2f0/0x390 [ 86.422595][ C0] ? __pfx_worker_thread+0x10/0x10 [ 86.427703][ C0] ? __pfx_kthread+0x10/0x10 [ 86.432273][ C0] ret_from_fork+0x4b/0x80 [ 86.436694][ C0] ? __pfx_kthread+0x10/0x10 [ 86.441300][ C0] ret_from_fork_asm+0x1a/0x30 [ 86.446079][ C0] [ 86.449082][ C0] DEBUG: waiting rtnl_mutex for 1161 jiffies. [ 86.455141][ C0] task:kworker/u8:9 state:D stack:21352 pid:2847 tgid:2847 ppid:2 flags:0x00004000 [ 86.465331][ C0] Workqueue: ipv6_addrconf addrconf_dad_work [ 86.471301][ C0] Call Trace: [ 86.474582][ C0] [ 86.477530][ C0] __schedule+0x17e8/0x4a20 [ 86.482034][ C0] ? __pfx___schedule+0x10/0x10 [ 86.486898][ C0] ? __pfx_lock_release+0x10/0x10 [ 86.491928][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 86.497390][ C0] ? kthread_data+0x52/0xd0 [ 86.501963][ C0] ? schedule+0x90/0x320 [ 86.506206][ C0] ? wq_worker_sleeping+0x66/0x240 [ 86.511300][ C0] ? schedule+0x90/0x320 [ 86.515543][ C0] schedule+0x14b/0x320 [ 86.519683][ C0] schedule_preempt_disabled+0x13/0x30 [ 86.525144][ C0] __mutex_lock+0x6a4/0xd70 [ 86.529633][ C0] ? mark_lock+0x9a/0x360 [ 86.533966][ C0] ? __mutex_lock+0x527/0xd70 [ 86.538639][ C0] ? addrconf_dad_work+0xd0/0x16f0 [ 86.543755][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 86.548771][ C0] ? rtnl_lock+0xe7/0x130 [ 86.553102][ C0] addrconf_dad_work+0xd0/0x16f0 [ 86.558029][ C0] ? __pfx_addrconf_dad_work+0x10/0x10 [ 86.563491][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 86.569805][ C0] ? process_scheduled_works+0x945/0x1830 [ 86.575523][ C0] process_scheduled_works+0xa2c/0x1830 [ 86.581066][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.587052][ C0] ? assign_work+0x364/0x3d0 [ 86.591629][ C0] worker_thread+0x86d/0xd50 [ 86.596227][ C0] ? __kthread_parkme+0x169/0x1d0 [ 86.601233][ C0] ? __pfx_worker_thread+0x10/0x10 [ 86.606344][ C0] kthread+0x2f0/0x390 [ 86.610395][ C0] ? __pfx_worker_thread+0x10/0x10 [ 86.615503][ C0] ? __pfx_kthread+0x10/0x10 [ 86.620076][ C0] ret_from_fork+0x4b/0x80 [ 86.624493][ C0] ? __pfx_kthread+0x10/0x10 [ 86.629069][ C0] ret_from_fork_asm+0x1a/0x30 [ 86.633844][ C0] [ 86.636844][ C0] DEBUG: waiting rtnl_mutex for 1312 jiffies. [ 86.642899][ C0] task:syz-executor.3 state:D stack:21024 pid:5201 tgid:5201 ppid:5200 flags:0x00004002 [ 86.653059][ C0] Call Trace: [ 86.656318][ C0] [ 86.659232][ C0] __schedule+0x17e8/0x4a20 [ 86.663747][ C0] ? __pfx___schedule+0x10/0x10 [ 86.668580][ C0] ? __pfx_lock_release+0x10/0x10 [ 86.673609][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 86.679058][ C0] ? schedule+0x90/0x320 [ 86.683299][ C0] schedule+0x14b/0x320 [ 86.687444][ C0] schedule_preempt_disabled+0x13/0x30 [ 86.692907][ C0] __mutex_lock+0x6a4/0xd70 [ 86.697397][ C0] ? __mutex_lock+0x527/0xd70 [ 86.702054][ C0] ? rtnetlink_rcv_msg+0x839/0x1170 [ 86.707257][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 86.712264][ C0] ? kasan_check_range+0x1ba/0x290 [ 86.717375][ C0] ? rtnl_lock+0xe7/0x130 [ 86.721686][ C0] rtnetlink_rcv_msg+0x839/0x1170 [ 86.726729][ C0] ? rtnetlink_rcv_msg+0x208/0x1170 [ 86.731913][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 86.737376][ C0] ? __pfx_validate_chain+0x10/0x10 [ 86.742611][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 86.748589][ C0] ? __pfx_validate_chain+0x10/0x10 [ 86.753792][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 86.760098][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 86.765296][ C0] ? finish_task_switch+0x1e5/0x870 [ 86.770477][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 86.775680][ C0] ? finish_task_switch+0x1e5/0x870 [ 86.780863][ C0] ? __schedule+0x17f0/0x4a20 [ 86.785545][ C0] ? mark_lock+0x9a/0x360 [ 86.789864][ C0] ? __lock_acquire+0x1359/0x2000 [ 86.794904][ C0] netlink_rcv_skb+0x1e3/0x430 [ 86.799653][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 86.805114][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 86.810395][ C0] ? netlink_deliver_tap+0x2e/0x1b0 [ 86.815599][ C0] netlink_unicast+0x7ea/0x980 [ 86.820348][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 86.825632][ C0] ? __virt_addr_valid+0x183/0x520 [ 86.830728][ C0] ? __check_object_size+0x49c/0x900 [ 86.836011][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 86.841121][ C0] netlink_sendmsg+0x8db/0xcb0 [ 86.845891][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.851161][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 86.856098][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 86.861364][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 86.866823][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.872086][ C0] __sock_sendmsg+0x221/0x270 [ 86.876767][ C0] __sys_sendto+0x3a4/0x4f0 [ 86.881254][ C0] ? __pfx___sys_sendto+0x10/0x10 [ 86.886292][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 86.891488][ C0] __x64_sys_sendto+0xde/0x100 [ 86.896260][ C0] do_syscall_64+0xf3/0x230 [ 86.900743][ C0] ? clear_bhb_loop+0x35/0x90 [ 86.905423][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.911296][ C0] RIP: 0033:0x7fc80247eb9c [ 86.915711][ C0] RSP: 002b:00007ffc30d4a8c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 86.924126][ C0] RAX: ffffffffffffffda RBX: 00007fc8030e4620 RCX: 00007fc80247eb9c [ 86.932079][ C0] RDX: 0000000000000068 RSI: 00007fc8030e4670 RDI: 0000000000000003 [ 86.940048][ C0] RBP: 0000000000000000 R08: 00007ffc30d4a914 R09: 000000000000000c [ 86.948017][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 86.955990][ C0] R13: 0000000000000000 R14: 00007fc8030e4670 R15: 0000000000000000 [ 86.963969][ C0] [ 86.966976][ C0] DEBUG: waiting rtnl_mutex for 1255 jiffies. [ 86.973031][ C0] task:kworker/0:2 state:D stack:22128 pid:784 tgid:784 ppid:2 flags:0x00004000 [ 86.983189][ C0] Workqueue: events linkwatch_event [ 86.988374][ C0] Call Trace: [ 86.991631][ C0] [ 86.994577][ C0] __schedule+0x17e8/0x4a20 [ 86.999078][ C0] ? __pfx___schedule+0x10/0x10 [ 87.003931][ C0] ? __pfx_lock_release+0x10/0x10 [ 87.008942][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 87.014338][ C0] ? schedule+0x90/0x320 [ 87.018562][ C0] schedule+0x14b/0x320 [ 87.022724][ C0] schedule_preempt_disabled+0x13/0x30 [ 87.028171][ C0] __mutex_lock+0x6a4/0xd70 [ 87.032676][ C0] ? __mutex_lock+0x527/0xd70 [ 87.037338][ C0] ? linkwatch_event+0xe/0x60 [ 87.041996][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 87.047039][ C0] ? rtnl_lock+0xe7/0x130 [ 87.051347][ C0] ? process_scheduled_works+0x945/0x1830 [ 87.057064][ C0] linkwatch_event+0xe/0x60 [ 87.061556][ C0] process_scheduled_works+0xa2c/0x1830 [ 87.067134][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 87.073118][ C0] ? assign_work+0x364/0x3d0 [ 87.077690][ C0] worker_thread+0x86d/0xd50 [ 87.082266][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 87.088159][ C0] ? __kthread_parkme+0x169/0x1d0 [ 87.093220][ C0] ? __pfx_worker_thread+0x10/0x10 [ 87.098325][ C0] kthread+0x2f0/0x390 [ 87.102381][ C0] ? __pfx_worker_thread+0x10/0x10 [ 87.107501][ C0] ? __pfx_kthread+0x10/0x10 [ 87.112076][ C0] ret_from_fork+0x4b/0x80 [ 87.116516][ C0] ? __pfx_kthread+0x10/0x10 [ 87.121092][ C0] ret_from_fork_asm+0x1a/0x30 [ 87.125867][ C0] [ 87.128868][ C0] DEBUG: waiting rtnl_mutex for 1012 jiffies. [ 87.134947][ C0] task:kworker/1:2 state:D stack:25168 pid:1146 tgid:1146 ppid:2 flags:0x00004000 [ 87.145133][ C0] Workqueue: events request_firmware_work_func [ 87.151278][ C0] Call Trace: [ 87.154565][ C0] [ 87.157482][ C0] __schedule+0x17e8/0x4a20 [ 87.161983][ C0] ? __pfx___schedule+0x10/0x10 [ 87.166838][ C0] ? __pfx_lock_release+0x10/0x10 [ 87.171846][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 87.177309][ C0] ? kthread_data+0x52/0xd0 [ 87.181795][ C0] ? schedule+0x90/0x320 [ 87.186039][ C0] ? wq_worker_sleeping+0x66/0x240 [ 87.191132][ C0] ? schedule+0x90/0x320 [ 87.195377][ C0] schedule+0x14b/0x320 [ 87.199522][ C0] schedule_preempt_disabled+0x13/0x30 [ 87.204990][ C0] __mutex_lock+0x6a4/0xd70 [ 87.209482][ C0] ? __mutex_lock+0x527/0xd70 [ 87.214161][ C0] ? regdb_fw_cb+0x82/0x1c0 [ 87.218646][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 87.223673][ C0] ? __pfx_regdb_fw_cb+0x10/0x10 [ 87.228596][ C0] ? rtnl_lock+0xe7/0x130 [ 87.232927][ C0] ? __pfx_regdb_fw_cb+0x10/0x10 [ 87.237849][ C0] regdb_fw_cb+0x82/0x1c0 [ 87.242162][ C0] ? __pfx_regdb_fw_cb+0x10/0x10 [ 87.247101][ C0] request_firmware_work_func+0x1a4/0x280 [ 87.252827][ C0] ? __pfx_request_firmware_work_func+0x10/0x10 [ 87.259058][ C0] ? process_scheduled_works+0x945/0x1830 [ 87.264778][ C0] process_scheduled_works+0xa2c/0x1830 [ 87.270322][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 87.276305][ C0] ? assign_work+0x364/0x3d0 [ 87.280878][ C0] worker_thread+0x86d/0xd50 [ 87.285473][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 87.291353][ C0] ? __kthread_parkme+0x169/0x1d0 [ 87.296380][ C0] ? __pfx_worker_thread+0x10/0x10 [ 87.301491][ C0] kthread+0x2f0/0x390 [ 87.305603][ C0] ? __pfx_worker_thread+0x10/0x10 [ 87.310699][ C0] ? __pfx_kthread+0x10/0x10 [ 87.315300][ C0] ret_from_fork+0x4b/0x80 [ 87.319703][ C0] ? __pfx_kthread+0x10/0x10 [ 87.324294][ C0] ret_from_fork_asm+0x1a/0x30 [ 87.329049][ C0] [ 87.332048][ C0] DEBUG: waiting rtnl_mutex for 759 jiffies. [ 87.338024][ C0] task:syz-executor.4 state:D stack:23192 pid:5350 tgid:5349 ppid:5109 flags:0x00000006 [ 87.348184][ C0] Call Trace: [ 87.351446][ C0] [ 87.354396][ C0] __schedule+0x17e8/0x4a20 [ 87.358909][ C0] ? __pfx___schedule+0x10/0x10 [ 87.363764][ C0] ? __pfx_lock_release+0x10/0x10 [ 87.368773][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 87.374256][ C0] ? schedule+0x90/0x320 [ 87.378482][ C0] schedule+0x14b/0x320 [ 87.382638][ C0] schedule_preempt_disabled+0x13/0x30 [ 87.388080][ C0] __mutex_lock+0x6a4/0xd70 [ 87.392611][ C0] ? __mutex_lock+0x527/0xd70 [ 87.397276][ C0] ? tcx_link_attach+0xed/0x950 [ 87.402126][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 87.407186][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 87.412199][ C0] ? rtnl_lock+0xe7/0x130 [ 87.416532][ C0] tcx_link_attach+0xed/0x950 [ 87.421203][ C0] ? __pfx_tcx_link_attach+0x10/0x10 [ 87.426497][ C0] ? bpf_prog_attach_check_attach_type+0x1d6/0x4b0 [ 87.433012][ C0] link_create+0x3a0/0x8b0 [ 87.437418][ C0] ? bpf_lsm_bpf+0x9/0x10 [ 87.441737][ C0] __sys_bpf+0x4bc/0x810 [ 87.445986][ C0] ? __pfx___sys_bpf+0x10/0x10 [ 87.450732][ C0] ? __rseq_handle_notify_resume+0x353/0x14e0 [ 87.456812][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 87.462798][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 87.469114][ C0] ? do_syscall_64+0x100/0x230 [ 87.473889][ C0] __x64_sys_bpf+0x7c/0x90 [ 87.478295][ C0] do_syscall_64+0xf3/0x230 [ 87.482803][ C0] ? clear_bhb_loop+0x35/0x90 [ 87.487464][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.493381][ C0] RIP: 0033:0x7f1d6647cea9 [ 87.497780][ C0] RSP: 002b:00007f1d671840c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 87.506204][ C0] RAX: ffffffffffffffda RBX: 00007f1d665b3f80 RCX: 00007f1d6647cea9 [ 87.514179][ C0] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 000000000000001c [ 87.522130][ C0] RBP: 00007f1d664ebff4 R08: 0000000000000000 R09: 0000000000000000 [ 87.530103][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.538109][ C0] R13: 000000000000000b R14: 00007f1d665b3f80 R15: 00007ffd91cc3768 [ 87.546112][ C0] [ 87.549134][ C0] [ 87.549134][ C0] Showing all locks held in the system: [ 87.556868][ C0] 5 locks held by kworker/u8:3/52: [ 87.561965][ C0] 3 locks held by kworker/0:2/784: [ 87.567074][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 87.578044][ C0] #1: ffffc90003b87d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 87.589007][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 87.598000][ C0] 3 locks held by kworker/1:2/1146: [ 87.603197][ C0] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 87.614175][ C0] #1: ffffc90004cbfd00 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 87.626188][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: regdb_fw_cb+0x82/0x1c0 [ 87.635005][ C0] 3 locks held by kworker/u8:9/2847: [ 87.640270][ C0] #0: ffff888029e21948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 87.651863][ C0] #1: ffffc9000a09fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 87.664660][ C0] #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 87.674084][ C0] 2 locks held by dhcpcd/4760: [ 87.678826][ C0] #0: ffff88801e6c8678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: netlink_dump+0xcb/0xd80 [ 87.688405][ C0] #1: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x1bd/0x300 [ 87.697288][ C0] 2 locks held by getty/4847: [ 87.701941][ C0] #0: ffff88802a8060a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 87.711699][ C0] #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 87.721811][ C0] 1 lock held by syz-executor.3/5201: [ 87.727185][ C0] #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 87.736704][ C0] 1 lock held by syz-executor.4/5350: [ 87.742066][ C0] #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tcx_link_attach+0xed/0x950 [ 87.751210][ C0] 1 lock held by syz-executor.1/5358: [ 87.756585][ C0] 4 locks held by syz-executor.2/5365: [ 87.762024][ C0] [ 87.764365][ C0] ============================================= [ 87.764365][ C0] [ 88.170318][ T5372] loop0: detected capacity change from 0 to 512 [ 88.306062][ T5372] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.326179][ T5372] ext4 filesystem being mounted at /root/syzkaller-testdir3290076627/syzkaller.mxEE3U/8/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.444970][ T5372] overlay: Unknown parameter 'dont_appraise' [ 88.684332][ T5201] team0: Port device team_slave_0 added [ 88.730086][ T5201] team0: Port device team_slave_1 added [ 89.101805][ T5201] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.121588][ T5201] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.333898][ T5389] loop4: detected capacity change from 0 to 1024 [ 89.970279][ T5201] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.992183][ T5201] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.044059][ T5201] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.073798][ T5115] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.086544][ T5382] loop1: detected capacity change from 0 to 1764 [ 90.154309][ T5201] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.017669][ T5405] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 92.427533][ T5201] hsr_slave_0: entered promiscuous mode [ 92.445433][ T5201] hsr_slave_1: entered promiscuous mode [ 92.457657][ T5201] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.504435][ T5201] Cannot create hsr debugfs directory [ 92.908978][ T5430] loop4: detected capacity change from 0 to 512 [ 93.065517][ T5430] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.079764][ T5430] ext4 filesystem being mounted at /root/syzkaller-testdir59779044/syzkaller.PVCw8T/14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.277076][ T5430] overlay: Unknown parameter 'dont_appraise' [ 93.465475][ T5443] input: syz1 as /devices/virtual/input/input10 [ 93.674793][ T5109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.829795][ T5450] usb usb3: usbfs: process 5450 (syz-executor.1) did not claim interface 0 before use [ 95.447354][ T5201] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.526710][ T5201] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.539009][ T5201] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.598898][ T5201] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.618661][ T5466] loop1: detected capacity change from 0 to 1764 [ 97.123779][ T5484] input: syz0 as /devices/virtual/input/input11 [ 97.370839][ T5201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.649290][ T5201] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.041466][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.048731][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.730898][ T5514] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 99.703275][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.703405][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.718938][ T5523] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.720591][ T5523] x_tables: duplicate underflow at hook 2 [ 102.947185][ T5564] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 103.953820][ T5574] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 104.895841][ T5201] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.082639][ T5581] loop1: detected capacity change from 0 to 1764 [ 105.116470][ T5587] x_tables: duplicate underflow at hook 2 [ 105.307649][ T5591] loop0: detected capacity change from 0 to 1024 [ 105.892095][ T5590] loop2: detected capacity change from 0 to 1764 [ 106.094189][ T5201] veth0_vlan: entered promiscuous mode [ 106.106443][ T5280] hfsplus: b-tree write err: -5, ino 4 [ 106.144359][ T5201] veth1_vlan: entered promiscuous mode [ 106.550369][ T5201] veth0_macvtap: entered promiscuous mode [ 106.592055][ T5201] veth1_macvtap: entered promiscuous mode [ 106.741014][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.778421][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.790403][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.803805][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.815666][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.831904][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.850627][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 106.971729][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 106.985103][ T5201] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.006237][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.275665][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.286845][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.297927][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.308896][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.320698][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.331006][ T5201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.355443][ T5201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.372473][ T5201] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.420097][ T5201] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.445095][ T5201] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.454615][ T5201] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.466523][ T5201] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.858483][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.692680][ T5619] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure [ 108.762879][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.525579][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.565123][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.271453][ T5640] usb usb3: usbfs: process 5640 (syz-executor.4) did not claim interface 0 before use [ 112.266084][ T5642] loop3: detected capacity change from 0 to 1764 [ 112.403089][ T5652] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 113.278317][ T5654] x_tables: duplicate underflow at hook 2 [ 118.269162][ T5679] loop0: detected capacity change from 0 to 1764 [ 118.445286][ T5694] usb usb3: usbfs: process 5694 (syz-executor.4) did not claim interface 0 before use [ 119.313845][ T5692] loop1: detected capacity change from 0 to 1764 [ 122.505158][ T5726] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 124.401905][ T5763] netlink: 830 bytes leftover after parsing attributes in process `syz-executor.0'. [ 124.422846][ T5763] bridge: RTM_NEWNEIGH with invalid state 0x1 [ 125.795859][ T29] audit: type=1326 audit(1718459795.642:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5795 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fea11a7cea9 code=0x0 [ 126.968175][ T5824] netlink: 1010 bytes leftover after parsing attributes in process `syz-executor.0'. [ 128.058360][ T5851] syz-executor.3 uses obsolete (PF_INET,SOCK_PACKET) [ 128.082315][ T5854] tipc: Trying to set illegal importance in message [ 128.632731][ T29] audit: type=1800 audit(1718459798.472:3): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1954 res=0 errno=0 [ 129.427654][ T5280] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.724573][ T5280] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.946734][ T5909] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use) [ 129.946768][ T5280] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.163007][ T5280] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.195577][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 130.617310][ T4491] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 130.633064][ T4491] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 130.640942][ T4491] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 130.657938][ T4491] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 130.667409][ T4491] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 130.674877][ T4491] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 130.738580][ T5280] bridge_slave_1: left allmulticast mode [ 130.760908][ T5280] bridge_slave_1: left promiscuous mode [ 130.783005][ T5280] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.811370][ T5280] bridge_slave_0: left allmulticast mode [ 130.824829][ T5280] bridge_slave_0: left promiscuous mode [ 130.830663][ T5280] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.743250][ T4491] Bluetooth: hci1: command tx timeout [ 133.105583][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.111940][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.131046][ T29] audit: type=1326 audit(1718459802.852:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5990 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1d6647cea9 code=0x0 [ 133.293093][ T46] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 133.377805][ T5280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 133.394972][ T6000] loop3: detected capacity change from 0 to 128 [ 133.411477][ T6000] ======================================================= [ 133.411477][ T6000] WARNING: The mand mount option has been deprecated and [ 133.411477][ T6000] and is ignored by this kernel. Remove the mand [ 133.411477][ T6000] option from the mount to silence this warning. [ 133.411477][ T6000] ======================================================= [ 133.446529][ C0] vkms_vblank_simulate: vblank timer overrun [ 133.461713][ T5280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 133.498708][ T5280] bond0 (unregistering): Released all slaves [ 133.511166][ T6000] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 133.547143][ T6000] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 133.596594][ T46] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 133.614513][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.625987][ T46] usb 1-1: Product: syz [ 133.630310][ T46] usb 1-1: Manufacturer: syz [ 133.656390][ T46] usb 1-1: SerialNumber: syz [ 133.716590][ T46] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 133.746988][ T5998] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 133.833913][ T5164] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 134.123002][ T5163] usb 1-1: USB disconnect, device number 2 [ 134.451136][ T5280] hsr_slave_0: left promiscuous mode [ 134.536655][ T5280] hsr_slave_1: left promiscuous mode [ 134.546018][ T5280] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.574772][ T5280] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 134.629621][ T5280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.656045][ T5280] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 134.737752][ T5280] veth1_macvtap: left promiscuous mode [ 134.776197][ T5280] veth0_macvtap: left promiscuous mode [ 134.782011][ T5280] veth1_vlan: left promiscuous mode [ 134.807411][ T5280] veth0_vlan: left promiscuous mode [ 134.822779][ T4491] Bluetooth: hci1: command tx timeout [ 135.662637][ T5164] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 135.699697][ T5164] ath9k_htc: Failed to initialize the device [ 135.715757][ T5163] usb 1-1: ath9k_htc: USB layer deinitialized [ 136.419987][ T5280] team0 (unregistering): Port device team_slave_1 removed [ 136.451245][ T5280] team0 (unregistering): Port device team_slave_0 removed [ 136.903815][ T4491] Bluetooth: hci1: command tx timeout [ 137.104928][ T6072] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 137.756983][ T5937] chnl_net:caif_netlink_parms(): no params data found [ 138.430912][ T6109] trusted_key: syz-executor.4 sent an empty control message without MSG_MORE. [ 138.982682][ T4491] Bluetooth: hci1: command tx timeout [ 139.398836][ T6124] net veth1_virt_wifi : renamed from virt_wifi0 [ 139.461519][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.504400][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.511653][ T5937] bridge_slave_0: entered allmulticast mode [ 139.561097][ T5937] bridge_slave_0: entered promiscuous mode [ 139.605527][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.623122][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.643452][ T5937] bridge_slave_1: entered allmulticast mode [ 139.661880][ T5937] bridge_slave_1: entered promiscuous mode [ 139.854991][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.869732][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.880024][ T6149] input: syz1 as /devices/virtual/input/input14 [ 140.225184][ T5937] team0: Port device team_slave_0 added [ 140.375151][ T5937] team0: Port device team_slave_1 added [ 140.992045][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 141.032899][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.147634][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 141.193669][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 141.208194][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.237640][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 141.289167][ T6179] IPVS: Error connecting to the multicast addr [ 141.500774][ T5937] hsr_slave_0: entered promiscuous mode [ 141.535971][ T5937] hsr_slave_1: entered promiscuous mode [ 141.562486][ T5937] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 141.585212][ T5937] Cannot create hsr debugfs directory [ 142.360792][ T29] audit: type=1804 audit(1718459812.202:5): pid=6232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2287906366/syzkaller.OhskP2/68/bus" dev="sda1" ino=1959 res=1 errno=0 [ 142.417159][ T29] audit: type=1800 audit(1718459812.242:6): pid=6232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1959 res=0 errno=0 [ 142.788901][ T5120] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 142.853265][ T5937] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 142.881403][ T5937] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 142.912130][ T5937] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 142.931839][ T5937] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 143.008688][ T5120] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 143.034105][ T5120] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.066569][ T5120] usb 5-1: Product: syz [ 143.070760][ T5120] usb 5-1: Manufacturer: syz [ 143.080922][ T5120] usb 5-1: SerialNumber: syz [ 143.115998][ T5120] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 143.151109][ T5164] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 143.309689][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.461080][ T5937] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.611180][ T5120] usb 5-1: USB disconnect, device number 2 [ 143.655992][ T5166] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.663181][ T5166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.764364][ T5166] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.771566][ T5166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.155656][ T6284] kvm_intel: kvm [6283]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x1ed76656411 [ 144.191751][ T5164] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 144.212250][ T5164] ath9k_htc: Failed to initialize the device [ 144.220467][ T5120] usb 5-1: ath9k_htc: USB layer deinitialized [ 144.919477][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.231671][ T6352] Trying to write to read-only block-device nullb0 [ 145.461406][ T5937] veth0_vlan: entered promiscuous mode [ 145.502452][ T6366] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 145.768234][ T5937] veth1_vlan: entered promiscuous mode [ 146.557794][ T5937] veth0_macvtap: entered promiscuous mode [ 146.642978][ T5937] veth1_macvtap: entered promiscuous mode [ 146.775713][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.807151][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.842981][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.890505][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.911720][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.942698][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.987170][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 147.021130][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.053663][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 147.096388][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.127102][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.177598][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.196306][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.211917][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.232452][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.243457][ T5937] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.254171][ T5937] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.266480][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.354216][ T5937] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.379995][ T5937] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.395887][ T5937] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.409582][ T5937] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.633615][ T6431] input: syz0 as /devices/virtual/input/input15 [ 148.076742][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.244296][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.587511][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.596217][ T6441] binder: transaction release 5 bad handle 1, ret = -22 [ 148.607564][ T6441] binder: 6439:6441 ioctl c0306201 20002300 returned -14 [ 148.611022][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.013600][ T5164] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 149.050475][ T6461] netlink: 'syz-executor.2': attribute type 9 has an invalid length. [ 149.066544][ T6461] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.2'. [ 149.169425][ T6463] netlink: 'syz-executor.2': attribute type 9 has an invalid length. [ 149.184584][ T6456] kvm_intel: kvm [6455]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x1ed76656411 [ 149.208027][ T6463] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.2'. [ 149.242672][ T5164] usb 2-1: Using ep0 maxpacket: 8 [ 149.261277][ T5164] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 149.290632][ T5164] usb 2-1: config 0 has no interface number 0 [ 149.314470][ T5164] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0xD6 has an invalid bInterval 0, changing to 7 [ 149.337627][ T5164] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 149.351614][ T5164] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.370327][ T5164] usb 2-1: config 0 descriptor?? [ 149.406430][ T5164] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 149.599254][ C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1 [ 149.637011][ T46] usb 2-1: USB disconnect, device number 2 [ 149.667347][ T46] iowarrior 2-1:0.1: I/O-Warror #0 now disconnected [ 150.428410][ T6517] netlink: 'syz-executor.2': attribute type 9 has an invalid length. [ 150.448596][ T6517] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.2'. [ 150.531637][ T6523] netlink: 'syz-executor.2': attribute type 9 has an invalid length. [ 150.547123][ T6523] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.2'. [ 150.646244][ T6520] kvm_intel: kvm [6518]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x1ed76656411 [ 150.793749][ T46] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 151.002727][ T46] usb 5-1: Using ep0 maxpacket: 8 [ 151.017789][ T46] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 151.032773][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 151.051666][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 151.083529][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 151.109926][ T46] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 151.124310][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 151.156965][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 151.193694][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 151.207859][ T46] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 151.220248][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 151.231850][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 151.249445][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 151.281777][ T46] usb 5-1: string descriptor 0 read error: -22 [ 151.288216][ T46] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 151.310979][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.342726][ T46] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 151.447022][ T5163] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 151.580535][ T6542] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3601339734 (3601339734 ns) > initial count (50835375 ns). Using initial count to start timer. [ 151.643627][ T5163] usb 4-1: Using ep0 maxpacket: 8 [ 151.673738][ T6546] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 151.674091][ T5163] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 151.711859][ T5163] usb 4-1: config 0 has no interface number 0 [ 151.721070][ T5509] usb 5-1: USB disconnect, device number 3 [ 151.732673][ T5163] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0xD6 has an invalid bInterval 0, changing to 7 [ 151.772692][ T5163] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 151.781750][ T5163] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.845990][ T5163] usb 4-1: config 0 descriptor?? [ 151.858309][ T5163] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 151.964840][ T6556] netlink: 'syz-executor.1': attribute type 9 has an invalid length. [ 151.980966][ T6556] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.1'. [ 152.094800][ T6561] dlm: plock device version mismatch: kernel (1.2.0), user (131072.0.0) [ 152.306389][ T6559] netlink: 'syz-executor.1': attribute type 9 has an invalid length. [ 152.566540][ T46] usb 4-1: USB disconnect, device number 2 [ 152.697172][ T6559] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.1'. [ 152.856877][ T46] iowarrior 4-1:0.1: I/O-Warror #0 now disconnected [ 153.529651][ T6572] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 154.211453][ T29] audit: type=1800 audit(1718459824.052:7): pid=6590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor.3" name="/root/syzkaller-testdir746306234/syzkaller.MvOJs3/79/bus" dev="sda1" ino=1965 res=0 errno=0 [ 154.942949][ T5164] libceph: connect (1)[c::]:6789 error -101 [ 154.949525][ T5164] libceph: mon0 (1)[c::]:6789 connect error [ 154.987058][ T5164] libceph: connect (1)[c::]:6789 error -101 [ 154.998945][ T5164] libceph: mon0 (1)[c::]:6789 connect error [ 155.023827][ T6613] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 155.071102][ T6618] netlink: 'syz-executor.0': attribute type 9 has an invalid length. [ 155.092619][ T6608] ceph: No mds server is up or the cluster is laggy [ 155.121246][ T6618] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.0'. [ 155.282666][ T29] audit: type=1804 audit(1718459825.112:8): pid=6624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir4289272222/syzkaller.diaddZ/9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="sda1" ino=1961 res=1 errno=0 [ 155.350108][ T6622] netlink: 'syz-executor.0': attribute type 9 has an invalid length. [ 155.366431][ T6622] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.0'. [ 155.859159][ T29] audit: type=1800 audit(1718459825.702:9): pid=6651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name=".log" dev="sda1" ino=1965 res=0 errno=0 [ 156.391620][ T6670] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 157.418613][ T6692] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3601339734 (3601339734 ns) > initial count (50835375 ns). Using initial count to start timer. [ 157.501892][ T6699] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 157.521552][ T29] audit: type=1326 audit(1718459827.362:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4111a7cea9 code=0x0 [ 157.543823][ T5166] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 157.732753][ T5166] usb 1-1: Using ep0 maxpacket: 8 [ 157.761771][ T5166] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 157.784550][ T5166] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 157.828157][ T5166] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 157.880081][ T5166] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 157.907069][ T5166] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 157.916540][ T5166] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 157.942645][ T5166] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 157.992944][ T5166] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 158.030156][ T5166] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 158.055419][ T5166] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 158.092508][ T5166] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 158.154151][ T5166] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 158.188688][ T5166] usb 1-1: string descriptor 0 read error: -22 [ 158.211350][ T5166] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 158.226443][ T5166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.247009][ T6721] loop0: detected capacity change from 0 to 7 [ 158.268453][ T6721] Dev loop0: unable to read RDB block 7 [ 158.278569][ T5166] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 158.280114][ T6721] loop0: unable to read partition table [ 158.322915][ T6721] loop0: partition table beyond EOD, truncated [ 158.342722][ T6721] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 158.342722][ T6721] ) failed (rc=-5) [ 158.532352][ T29] audit: type=1800 audit(1718459828.372:11): pid=6734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="memory.events" dev="sda1" ino=1947 res=0 errno=0 [ 158.596188][ T29] audit: type=1804 audit(1718459828.372:12): pid=6734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir746306234/syzkaller.MvOJs3/99/memory.events" dev="sda1" ino=1947 res=1 errno=0 [ 158.658204][ T29] audit: type=1804 audit(1718459828.372:13): pid=6734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir746306234/syzkaller.MvOJs3/99/memory.events" dev="sda1" ino=1947 res=1 errno=0 [ 158.702710][ T46] usb 1-1: USB disconnect, device number 3 [ 159.052907][ T5166] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 159.235696][ T5166] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 159.249925][ T5166] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 159.279990][ T5166] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 159.309390][ T5166] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 159.320418][ T6766] IPVS: set_ctl: invalid protocol: 92 172.20.20.170:0 [ 159.333549][ T5166] usb 3-1: Product: syz [ 159.337737][ T5166] usb 3-1: Manufacturer: syz [ 159.342344][ T5166] usb 3-1: SerialNumber: syz [ 159.357558][ T5166] usb 3-1: config 0 descriptor?? [ 159.380442][ T5166] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 159.399959][ T5166] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 159.597277][ T5166] usb 3-1: USB disconnect, device number 2 [ 159.615798][ T5166] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 159.759894][ T6788] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 159.837485][ T6792] netlink: 199836 bytes leftover after parsing attributes in process `syz-executor.4'. [ 160.174312][ T5509] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 160.384977][ T5509] usb 1-1: Using ep0 maxpacket: 8 [ 160.411854][ T5509] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 160.449800][ T5509] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 160.486924][ T5509] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 160.512761][ T29] audit: type=1326 audit(1718463273.359:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6825 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc80247cea9 code=0x0 [ 160.539246][ T5509] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 160.578409][ T5509] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 160.604857][ T5509] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 160.635389][ T5509] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 160.658073][ T5509] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 160.688929][ T5509] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 160.712384][ T5509] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 160.734568][ T5509] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 160.752415][ T5509] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 160.802065][ T5509] usb 1-1: string descriptor 0 read error: -22 [ 160.811052][ T5509] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 160.824500][ T5509] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.851473][ T5509] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 161.446039][ T5164] usb 1-1: USB disconnect, device number 4 [ 162.073244][ T6831] mmap: syz-executor.1 (6831) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 162.142751][ T6831] ================================================================== [ 162.150844][ T6831] BUG: KASAN: use-after-free in finish_fault+0xf87/0x1460 [ 162.157970][ T6831] Read of size 8 at addr ffff88806540d000 by task syz-executor.1/6831 [ 162.166124][ T6831] [ 162.168461][ T6831] CPU: 1 PID: 6831 Comm: syz-executor.1 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0 [ 162.178356][ T6831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 162.188414][ T6831] Call Trace: [ 162.191695][ T6831] [ 162.194627][ T6831] dump_stack_lvl+0x241/0x360 [ 162.199319][ T6831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.204524][ T6831] ? __pfx__printk+0x10/0x10 [ 162.209124][ T6831] ? _printk+0xd5/0x120 [ 162.213291][ T6831] ? __virt_addr_valid+0x183/0x520 [ 162.218412][ T6831] ? __virt_addr_valid+0x183/0x520 [ 162.223544][ T6831] print_report+0x169/0x550 [ 162.228051][ T6831] ? __virt_addr_valid+0x183/0x520 [ 162.233158][ T6831] ? __virt_addr_valid+0x183/0x520 [ 162.238258][ T6831] ? __virt_addr_valid+0x44e/0x520 [ 162.243363][ T6831] ? __phys_addr+0xba/0x170 [ 162.247853][ T6831] ? finish_fault+0xf87/0x1460 [ 162.252609][ T6831] kasan_report+0x143/0x180 [ 162.257101][ T6831] ? finish_fault+0xf87/0x1460 [ 162.261857][ T6831] finish_fault+0xf87/0x1460 [ 162.266445][ T6831] ? __pfx_finish_fault+0x10/0x10 [ 162.271457][ T6831] ? __pfx_lock_release+0x10/0x10 [ 162.276469][ T6831] ? pte_offset_map_nolock+0x137/0x1f0 [ 162.281917][ T6831] ? __lock_acquire+0x1359/0x2000 [ 162.286928][ T6831] ? __do_fault+0x258/0x460 [ 162.291427][ T6831] ? handle_pte_fault+0x2bf5/0x7130 [ 162.296624][ T6831] handle_pte_fault+0x3db5/0x7130 [ 162.301646][ T6831] ? __pfx_lock_acquire+0x10/0x10 [ 162.306664][ T6831] ? __pfx_handle_pte_fault+0x10/0x10 [ 162.312025][ T6831] ? do_raw_spin_lock+0x14f/0x370 [ 162.317040][ T6831] ? follow_page_pte+0x292/0x1d90 [ 162.322052][ T6831] ? follow_page_pte+0x859/0x1d90 [ 162.327064][ T6831] ? __pfx_lock_release+0x10/0x10 [ 162.332080][ T6831] ? do_raw_spin_unlock+0x13c/0x8b0 [ 162.337267][ T6831] handle_mm_fault+0x10df/0x1ba0 [ 162.342200][ T6831] ? __pfx_handle_mm_fault+0x10/0x10 [ 162.347478][ T6831] ? __pfx_find_vma+0x10/0x10 [ 162.352144][ T6831] ? vma_is_secretmem+0xd/0x50 [ 162.356895][ T6831] ? check_vma_flags+0x500/0x5a0 [ 162.361825][ T6831] __get_user_pages+0x6ef/0x1590 [ 162.366757][ T6831] ? mt_find+0x62d/0x850 [ 162.370987][ T6831] ? __pfx___get_user_pages+0x10/0x10 [ 162.376353][ T6831] populate_vma_page_range+0x264/0x330 [ 162.381801][ T6831] ? __pfx_populate_vma_page_range+0x10/0x10 [ 162.387767][ T6831] ? do_mmap+0x915/0xfa0 [ 162.391999][ T6831] __mm_populate+0x27a/0x460 [ 162.396581][ T6831] ? __pfx___mm_populate+0x10/0x10 [ 162.401680][ T6831] __se_sys_remap_file_pages+0x7a1/0x9a0 [ 162.407305][ T6831] ? __pfx___se_sys_remap_file_pages+0x10/0x10 [ 162.413448][ T6831] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 162.419416][ T6831] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 162.425731][ T6831] ? do_syscall_64+0x100/0x230 [ 162.430482][ T6831] ? __x64_sys_remap_file_pages+0x20/0xc0 [ 162.436192][ T6831] do_syscall_64+0xf3/0x230 [ 162.440679][ T6831] ? clear_bhb_loop+0x35/0x90 [ 162.445343][ T6831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.451223][ T6831] RIP: 0033:0x7f4111a7cea9 [ 162.455629][ T6831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 162.475233][ T6831] RSP: 002b:00007f41128980c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 162.483634][ T6831] RAX: ffffffffffffffda RBX: 00007f4111bb3f80 RCX: 00007f4111a7cea9 [ 162.491593][ T6831] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 00000000202ec000 [ 162.499548][ T6831] RBP: 00007f4111aebff4 R08: 0000000000000000 R09: 0000000000000000 [ 162.507508][ T6831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.515467][ T6831] R13: 000000000000000b R14: 00007f4111bb3f80 R15: 00007ffe34c3a3a8 [ 162.523429][ T6831] [ 162.526431][ T6831] [ 162.528735][ T6831] The buggy address belongs to the physical page: [ 162.535128][ T6831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6540d [ 162.543871][ T6831] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 162.550966][ T6831] page_type: 0xbfffffff(buddy) [ 162.555711][ T6831] raw: 00fff00000000000 ffffea0000b608c8 ffffea0001699688 0000000000000000 [ 162.564277][ T6831] raw: 0000000000000000 0000000000000000 00000000bfffffff 0000000000000000 [ 162.572846][ T6831] page dumped because: kasan: bad access detected [ 162.579248][ T6831] page_owner tracks the page as freed [ 162.584599][ T6831] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x540dc0(GFP_USER|__GFP_COMP|__GFP_ZERO|__GFP_ACCOUNT), pid 5114, tgid 5114 (syz-executor.2), ts 160806692986, free_ts 161941740111 [ 162.603944][ T6831] post_alloc_hook+0x1f3/0x230 [ 162.608695][ T6831] get_page_from_freelist+0x2cbd/0x2d70 [ 162.614226][ T6831] __alloc_pages_noprof+0x256/0x6c0 [ 162.619409][ T6831] alloc_pages_mpol_noprof+0x3e8/0x680 [ 162.624853][ T6831] __pmd_alloc+0x91/0x630 [ 162.629166][ T6831] copy_pmd_range+0x8049/0x8500 [ 162.634003][ T6831] copy_page_range+0x99f/0xe90 [ 162.638747][ T6831] copy_mm+0x11ea/0x1f30 [ 162.642976][ T6831] copy_process+0x187a/0x3dc0 [ 162.647639][ T6831] kernel_clone+0x226/0x8f0 [ 162.652126][ T6831] __x64_sys_clone+0x258/0x2a0 [ 162.656873][ T6831] do_syscall_64+0xf3/0x230 [ 162.661363][ T6831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.667243][ T6831] page last free pid 6836 tgid 6834 stack trace: [ 162.673553][ T6831] free_unref_folios+0x103a/0x1b00 [ 162.678654][ T6831] folios_put_refs+0x76e/0x860 [ 162.683406][ T6831] free_pages_and_swap_cache+0x5c8/0x690 [ 162.689026][ T6831] tlb_flush_mmu+0x3a3/0x680 [ 162.693598][ T6831] tlb_finish_mmu+0xd4/0x200 [ 162.698173][ T6831] exit_mmap+0x44f/0xc80 [ 162.702403][ T6831] __mmput+0x115/0x390 [ 162.706457][ T6831] exit_mm+0x220/0x310 [ 162.710514][ T6831] do_exit+0x9aa/0x28e0 [ 162.714655][ T6831] do_group_exit+0x207/0x2c0 [ 162.719231][ T6831] get_signal+0x16a1/0x1740 [ 162.723718][ T6831] arch_do_signal_or_restart+0x96/0x830 [ 162.729250][ T6831] syscall_exit_to_user_mode+0xc9/0x370 [ 162.734784][ T6831] do_syscall_64+0x100/0x230 [ 162.739358][ T6831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.745239][ T6831] [ 162.747545][ T6831] Memory state around the buggy address: [ 162.753158][ T6831] ffff88806540cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.761207][ T6831] ffff88806540cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.769249][ T6831] >ffff88806540d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 162.777290][ T6831] ^ [ 162.781334][ T6831] ffff88806540d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 162.789376][ T6831] ffff88806540d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 162.797416][ T6831] ================================================================== [ 162.806723][ T6831] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 162.813926][ T6831] CPU: 1 PID: 6831 Comm: syz-executor.1 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0 [ 162.823821][ T6831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 162.833880][ T6831] Call Trace: [ 162.837159][ T6831] [ 162.840097][ T6831] dump_stack_lvl+0x241/0x360 [ 162.844784][ T6831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.849994][ T6831] ? __pfx__printk+0x10/0x10 [ 162.854605][ T6831] ? vscnprintf+0x5d/0x90 [ 162.859299][ T6831] panic+0x349/0x870 [ 162.863211][ T6831] ? check_panic_on_warn+0x21/0xb0 [ 162.868336][ T6831] ? __pfx_panic+0x10/0x10 [ 162.872767][ T6831] ? mark_lock+0x9a/0x360 [ 162.877108][ T6831] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 162.883009][ T6831] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 162.888910][ T6831] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 162.895244][ T6831] ? print_report+0x502/0x550 [ 162.899936][ T6831] check_panic_on_warn+0x86/0xb0 [ 162.904887][ T6831] ? finish_fault+0xf87/0x1460 [ 162.909659][ T6831] end_report+0x77/0x160 [ 162.913909][ T6831] kasan_report+0x154/0x180 [ 162.918420][ T6831] ? finish_fault+0xf87/0x1460 [ 162.923196][ T6831] finish_fault+0xf87/0x1460 [ 162.927801][ T6831] ? __pfx_finish_fault+0x10/0x10 [ 162.932833][ T6831] ? __pfx_lock_release+0x10/0x10 [ 162.937864][ T6831] ? pte_offset_map_nolock+0x137/0x1f0 [ 162.943335][ T6831] ? __lock_acquire+0x1359/0x2000 [ 162.948371][ T6831] ? __do_fault+0x258/0x460 [ 162.952886][ T6831] ? handle_pte_fault+0x2bf5/0x7130 [ 162.958097][ T6831] handle_pte_fault+0x3db5/0x7130 [ 162.963149][ T6831] ? __pfx_lock_acquire+0x10/0x10 [ 162.968189][ T6831] ? __pfx_handle_pte_fault+0x10/0x10 [ 162.973585][ T6831] ? do_raw_spin_lock+0x14f/0x370 [ 162.978639][ T6831] ? follow_page_pte+0x292/0x1d90 [ 162.983684][ T6831] ? follow_page_pte+0x859/0x1d90 [ 162.988723][ T6831] ? __pfx_lock_release+0x10/0x10 [ 162.993764][ T6831] ? do_raw_spin_unlock+0x13c/0x8b0 [ 162.998976][ T6831] handle_mm_fault+0x10df/0x1ba0 [ 163.003936][ T6831] ? __pfx_handle_mm_fault+0x10/0x10 [ 163.009238][ T6831] ? __pfx_find_vma+0x10/0x10 [ 163.013922][ T6831] ? vma_is_secretmem+0xd/0x50 [ 163.018689][ T6831] ? check_vma_flags+0x500/0x5a0 [ 163.023625][ T6831] __get_user_pages+0x6ef/0x1590 [ 163.028557][ T6831] ? mt_find+0x62d/0x850 [ 163.032790][ T6831] ? __pfx___get_user_pages+0x10/0x10 [ 163.038155][ T6831] populate_vma_page_range+0x264/0x330 [ 163.043608][ T6831] ? __pfx_populate_vma_page_range+0x10/0x10 [ 163.049579][ T6831] ? do_mmap+0x915/0xfa0 [ 163.053818][ T6831] __mm_populate+0x27a/0x460 [ 163.058397][ T6831] ? __pfx___mm_populate+0x10/0x10 [ 163.063500][ T6831] __se_sys_remap_file_pages+0x7a1/0x9a0 [ 163.069126][ T6831] ? __pfx___se_sys_remap_file_pages+0x10/0x10 [ 163.075273][ T6831] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 163.081251][ T6831] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 163.087568][ T6831] ? do_syscall_64+0x100/0x230 [ 163.092322][ T6831] ? __x64_sys_remap_file_pages+0x20/0xc0 [ 163.098036][ T6831] do_syscall_64+0xf3/0x230 [ 163.102524][ T6831] ? clear_bhb_loop+0x35/0x90 [ 163.107195][ T6831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.113073][ T6831] RIP: 0033:0x7f4111a7cea9 [ 163.117473][ T6831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 163.137060][ T6831] RSP: 002b:00007f41128980c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 163.145466][ T6831] RAX: ffffffffffffffda RBX: 00007f4111bb3f80 RCX: 00007f4111a7cea9 [ 163.153429][ T6831] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 00000000202ec000 [ 163.161383][ T6831] RBP: 00007f4111aebff4 R08: 0000000000000000 R09: 0000000000000000 [ 163.169337][ T6831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.177293][ T6831] R13: 000000000000000b R14: 00007f4111bb3f80 R15: 00007ffe34c3a3a8 [ 163.185257][ T6831] [ 163.188466][ T6831] Kernel Offset: disabled [ 163.192771][ T6831] Rebooting in 86400 seconds..