last executing test programs:

2m39.620042265s ago: executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff}, 0x2}}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000000)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @mcast2, 0x4}, r1}}, 0x30)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast1}, {0x2, 0x0, 0x4, @empty}, r1}}, 0x48)

2m34.920699703s ago: executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000bc0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000940)=[{&(0x7f0000000340)='A', 0x1}], 0x1}}, {{&(0x7f0000000400)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000440)=',', 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r0, 0x1)

2m30.502859386s ago: executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000100))
ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000280))

2m25.29317301s ago: executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000080)=0x10000)
read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r0, &(0x7f0000002080)="a5", 0x1)

2m17.680722746s ago: executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)

1m36.852391677s ago: executing program 0:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg$inet_sctp(r0, &(0x7f0000001900)={&(0x7f0000000400)=@in6={0x1c, 0x1c, 0x3}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYRES8], 0x78}, 0x0)

1m33.979032293s ago: executing program 0:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x6, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast1}, {0x2, 0x0, 0x0, @empty}}}, 0x48)

1m30.431603658s ago: executing program 0:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xffff7fffffffffff)

1m26.780466703s ago: executing program 0:
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000007500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'], 0x78}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000076c0)=ANY=[@ANYBLOB="1c00000000000000000000000800000049687b076eeaef202bb12c0903a5050e67"], 0x80}}], 0x2, 0x0)

1m23.724074925s ago: executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x3, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @call={0x85, 0x0, 0x0, 0x9e}]}, &(0x7f0000000200)='GPL\x00'}, 0x90)
socket$packet(0x11, 0x2, 0x300)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f00000006c0)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@jqfmt_vfsold}, {@resuid}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x648}}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
chdir(&(0x7f0000000040)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.stat\x00', 0x26e1, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6(0xa, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}})

56.728887295s ago: executing program 1:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000000)=0xac1, 0x4)

0s ago: executing program 0:
r0 = socket(0x1d, 0x2, 0x6)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r2, 0x2}, 0x18)
bind$can_j1939(r0, &(0x7f00000002c0)={0x1d, r2}, 0x18)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:35378' (ED25519) to the list of known hosts.
1970/01/01 00:08:27 fuzzer started
1970/01/01 00:08:35 dialing manager at localhost:30008
syzkaller login: [  525.781118][ T3042] cgroup: Unknown subsys name 'net'
[  527.593829][ T3042] cgroup: Unknown subsys name 'rlimit'
[  588.181061][ T3047] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
1970/01/01 00:09:47 starting 2 executor processes
[  639.107096][ T3063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  639.299479][ T3063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  641.619537][ T3065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  641.756859][ T3065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  652.644288][ T3063] hsr_slave_0: entered promiscuous mode
[  652.694224][ T3063] hsr_slave_1: entered promiscuous mode
[  655.492613][ T3065] hsr_slave_0: entered promiscuous mode
[  655.533652][ T3065] hsr_slave_1: entered promiscuous mode
[  655.596976][ T3065] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  655.601537][ T3065] Cannot create hsr debugfs directory
[  661.470610][ T3063] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  661.838688][ T3063] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  662.397522][ T3063] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  662.638967][ T3063] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  664.763632][ T3065] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  664.890140][ T3065] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  665.041310][ T3065] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  665.171269][ T3065] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  675.434293][ T3063] 8021q: adding VLAN 0 to HW filter on device bond0
[  679.011385][ T3065] 8021q: adding VLAN 0 to HW filter on device bond0
[  727.690156][ T3063] veth0_vlan: entered promiscuous mode
[  728.226162][ T3063] veth1_vlan: entered promiscuous mode
[  729.813093][ T3063] veth0_macvtap: entered promiscuous mode
[  730.298004][ T3063] veth1_macvtap: entered promiscuous mode
[  732.258542][ T3065] veth0_vlan: entered promiscuous mode
[  732.713700][ T3063] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  732.722115][ T3063] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  732.723787][ T3063] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  732.729050][ T3063] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  733.501609][ T3065] veth1_vlan: entered promiscuous mode
[  736.400238][ T3065] veth0_macvtap: entered promiscuous mode
[  736.832804][ T3065] veth1_macvtap: entered promiscuous mode
[  739.223235][ T3065] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  739.229351][ T3065] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  739.231895][ T3065] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  739.233986][ T3065] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  750.415870][ T3757] syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET)
[  773.861973][ T3782] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  787.152023][  T915] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  787.182638][    C1] hrtimer: interrupt took 8593300 ns
[  787.458966][  T915] usb 2-1: Using ep0 maxpacket: 16
[  787.688746][  T915] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  787.707783][  T915] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  787.710658][  T915] usb 2-1: config 1 has no interface number 1
[  787.713345][  T915] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  787.729070][  T915] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  787.870372][  T915] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  787.872940][  T915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.879306][  T915] usb 2-1: Product: syz
[  787.881053][  T915] usb 2-1: Manufacturer: syz
[  787.882779][  T915] usb 2-1: SerialNumber: syz
[  790.153985][  T915] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  790.167184][  T915] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  794.212296][  T915] usb 2-1: USB disconnect, device number 2
[  803.740772][ T3851] loop0: detected capacity change from 0 to 512
[  803.926687][ T3851] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  804.308905][ T3851] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  804.975856][ T3851] Quota error (device loop0): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  804.998268][ T3851] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  805.011463][ T3851] EXT4-fs error (device loop0): ext4_acquire_dquot:6858: comm syz-executor.0: Failed to acquire dquot type 0
[  807.383470][ T3063] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  812.096290][ T3868] netlink: 'syz-executor.0': attribute type 21 has an invalid length.
[  812.110450][ T3868] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'.
[  819.823843][ T3876] loop0: detected capacity change from 0 to 512
[  821.241263][ T3876] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  822.397850][ T3876] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  825.439053][ T3063] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  827.248247][ T3889] netlink: 'syz-executor.1': attribute type 21 has an invalid length.
[  827.259837][ T3889] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.1'.
[  832.438394][ T3897] loop1: detected capacity change from 0 to 512
[  832.789723][ T3897] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  833.287279][ T3897] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  834.510932][ T3897] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8
[  834.562802][ T3897] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  834.583673][ T3897] EXT4-fs error (device loop1): ext4_acquire_dquot:6858: comm syz-executor.1: Failed to acquire dquot type 0
[  844.001473][ T3065] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  898.502578][ T3960] loop0: detected capacity change from 0 to 512
[  898.657614][ T3960] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  898.660613][ T3960] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  899.620504][ T3960] EXT4-fs (loop0): 1 orphan inode deleted
[  899.623089][ T3960] EXT4-fs (loop0): 1 truncate cleaned up
[  899.742715][ T3960] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  901.218893][ T3063] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  947.182553][ T3994] loop0: detected capacity change from 0 to 1024
[  947.750515][ T3994] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  948.288485][ T3994] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1383.578241][   T35] INFO: task dhcpcd:2896 blocked for more than 430 seconds.
[ 1383.608318][   T35]       Not tainted 6.10.0-rc3-syzkaller-g83a7eefedc9b #0
[ 1383.610506][   T35] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1383.612729][   T35] task:dhcpcd          state:D stack:0     pid:2896  tgid:2896  ppid:2895   flags:0x00000000
[ 1383.633970][   T35] Call Trace:
[ 1383.658056][   T35] [<ffffffff85c8ba1a>] __schedule+0xd5c/0x3486
[ 1383.663563][   T35] [<ffffffff85c8e208>] schedule+0xc4/0x324
[ 1383.686235][   T35] [<ffffffff85c8f058>] schedule_preempt_disabled+0x16/0x28
[ 1383.688840][   T35] [<ffffffff85c923ae>] __mutex_lock+0x86a/0x1022
[ 1383.690989][   T35] [<ffffffff85c92b7a>] mutex_lock_nested+0x14/0x1c
[ 1383.693144][   T35] [<ffffffff84a55582>] rtnetlink_rcv_msg+0x3e2/0xdb2
[ 1383.728258][   T35] [<ffffffff84d86358>] netlink_rcv_skb+0x216/0x3dc
[ 1383.730745][   T35] [<ffffffff84a4761a>] rtnetlink_rcv+0x26/0x30
[ 1383.732660][   T35] [<ffffffff84d845f2>] netlink_unicast+0x508/0x862
[ 1383.758434][   T35] [<ffffffff84d851b0>] netlink_sendmsg+0x864/0xdc2
[ 1383.761019][   T35] [<ffffffff8494a408>] __sock_sendmsg+0xcc/0x162
[ 1383.762991][   T35] [<ffffffff8494b016>] ____sys_sendmsg+0x5ce/0x79e
[ 1383.798514][   T35] [<ffffffff84952366>] ___sys_sendmsg+0x144/0x1e6
[ 1383.801345][   T35] [<ffffffff84952e3e>] __sys_sendmsg+0x130/0x1f0
[ 1383.803361][   T35] [<ffffffff84952f6e>] __riscv_sys_sendmsg+0x70/0xa2
[ 1383.833795][   T35] [<ffffffff8000e200>] syscall_handler+0x94/0x118
[ 1383.860444][   T35] [<ffffffff85c81410>] do_trap_ecall_u+0x14c/0x214
[ 1383.862516][   T35] [<ffffffff85ca3d18>] ret_from_exception+0x0/0x64
[ 1383.917802][   T35] INFO: task syz-executor.0:3998 blocked for more than 430 seconds.
[ 1383.921245][   T35]       Not tainted 6.10.0-rc3-syzkaller-g83a7eefedc9b #0
[ 1383.922992][   T35] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1383.996376][   T35] task:syz-executor.0  state:D stack:0     pid:3998  tgid:3993  ppid:3063   flags:0x00000004
[ 1384.000363][   T35] Call Trace:
[ 1384.002389][   T35] [<ffffffff85c8ba1a>] __schedule+0xd5c/0x3486
1970/01/01 00:23:03 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[ 1384.056064][   T35] [<ffffffff85c8e208>] schedule+0xc4/0x324
[ 1384.058594][   T35] [<ffffffff85c8f058>] schedule_preempt_disabled+0x16/0x28
[ 1384.060898][   T35] [<ffffffff85c923ae>] __mutex_lock+0x86a/0x1022
[ 1384.063025][   T35] [<ffffffff85c92b7a>] mutex_lock_nested+0x14/0x1c
[ 1384.095855][   T35] [<ffffffff84a41adc>] rtnl_lock+0x22/0x2a
[ 1384.098618][   T35] [<ffffffff84db0046>] dev_ethtool+0x17c/0x346
[ 1384.100555][   T35] [<ffffffff84ad4f72>] dev_ioctl+0x4e4/0xf9e
[ 1384.102762][   T35] [<ffffffff84948ff0>] sock_do_ioctl+0x180/0x24a
[ 1384.136656][   T35] [<ffffffff8494dde4>] sock_ioctl+0x294/0x61a
[ 1384.139273][   T35] [<ffffffff80a0ef20>] __riscv_sys_ioctl+0x186/0x1d6
[ 1384.141398][   T35] [<ffffffff8000e200>] syscall_handler+0x94/0x118
[ 1384.143532][   T35] [<ffffffff85c81410>] do_trap_ecall_u+0x14c/0x214
[ 1384.179037][   T35] [<ffffffff85ca3d18>] ret_from_exception+0x0/0x64
[ 1384.182496][   T35] 
[ 1384.182496][   T35] Showing all locks held in the system:
[ 1384.202245][   T35] 1 lock held by khungtaskd/35:
[ 1384.204463][   T35]  #0: ffffffff87bc3f00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x68/0x2d6
[ 1384.243356][   T35] 2 locks held by kworker/u9:3/60:
[ 1384.289157][   T35]  #0: ff6000000b871148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x824/0x1d5c
[ 1384.337563][   T35]  #1: ff200000002b3c90 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x850/0x1d5c
[ 1384.376575][   T35] 1 lock held by klogd/2851:
[ 1384.378924][   T35] 1 lock held by dhcpcd/2896:
[ 1384.380517][   T35]  #0: ffffffff88e43968 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e2/0xdb2
[ 1384.416305][   T35] 2 locks held by getty/3001:
[ 1384.418305][   T35]  #0: ff60000015e6a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46
[ 1384.423053][   T35]  #1: ff20000000e032f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xd6a/0x1288
[ 1384.460116][   T35] 2 locks held by syz-fuzzer/3033:
[ 1384.461686][   T35] 3 locks held by kworker/u8:1/3658:
[ 1384.463253][   T35]  #0: ff60000017554948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x824/0x1d5c
[ 1384.500353][   T35]  #1: ff20000007fa3c90 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x850/0x1d5c
[ 1384.546583][   T35]  #2: ffffffff88e43968 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x22/0x2a
[ 1384.551332][   T35] 5 locks held by kworker/0:4/3702:
[ 1384.552825][   T35] 2 locks held by syz-executor.1/3955:
[ 1384.586218][   T35] 1 lock held by syz-executor.0/3998:
[ 1384.588249][   T35]  #0: ffffffff88e43968 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock+0x22/0x2a
[ 1384.593130][   T35] 1 lock held by syz-executor.1/4002:
[ 1384.626187][   T35]  #0: ffffffff88e43968 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e2/0xdb2
[ 1384.631713][   T35] 1 lock held by syz-executor.0/4006:
[ 1384.633343][   T35]  #0: ffffffff88e43968 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e2/0xdb2
[ 1384.671098][   T35] 1 lock held by syz-executor.1/4010:
[ 1384.672227][   T35]  #0: ffffffff88e43968 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e2/0xdb2
[ 1384.695271][   T35] 1 lock held by syz-executor.0/4015:
[ 1384.696917][   T35]  #0: ffffffff88e43968 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3e2/0xdb2
[ 1384.699602][   T35] 1 lock held by syz-executor.1/4019:
[ 1384.700504][   T35] 1 lock held by modprobe/4022:
[ 1384.701697][   T35] 
[ 1384.702457][   T35] =============================================
[ 1384.702457][   T35] 
[ 1384.703802][   T35] Kernel panic - not syncing: hung_task: blocked tasks
[ 1384.705405][   T35] CPU: 1 PID: 35 Comm: khungtaskd Not tainted 6.10.0-rc3-syzkaller-g83a7eefedc9b #0
[ 1384.706467][   T35] Hardware name: riscv-virtio,qemu (DT)
[ 1384.707467][   T35] Call Trace:
[ 1384.708439][   T35] [<ffffffff8000f6f8>] dump_backtrace+0x2e/0x3c
[ 1384.709513][   T35] [<ffffffff85c253c4>] show_stack+0x34/0x40
[ 1384.710766][   T35] [<ffffffff85c7f13c>] dump_stack_lvl+0x108/0x196
[ 1384.711871][   T35] [<ffffffff85c7f1e6>] dump_stack+0x1c/0x24
[ 1384.713089][   T35] [<ffffffff85c25f8a>] panic+0x382/0x800
[ 1384.714278][   T35] [<ffffffff80411ab0>] watchdog+0xa56/0x113c
[ 1384.715435][   T35] [<ffffffff8014d7e4>] kthread+0x28c/0x3a6
[ 1384.716859][   T35] [<ffffffff85ca3e22>] ret_from_fork+0xe/0x1c
[ 1384.718205][   T35] SMP: stopping secondary CPUs
[ 1384.720819][   T35] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:34:43  Registers:
info registers vcpu 0

CPU#0
 V      =   0
 pc       ffffffff8509067e
 mhartid  0000000000000000
 mstatus  0000000a000001a2
 hstatus  0000000200000000
 vsstatus 0000000a00000000
 mip      0000000000000000
 mie      000000000000022a
 mideleg  0000000000001666
 hideleg  0000000000000000
 medeleg  0000000000f0b509
 hedeleg  0000000000000000
 mtvec    0000000080000428
 stvec    ffffffff85ca3c44
 vstvec   0000000000000000
 mepc     ffffffff85c81c5a
 sepc     ffffffff8024d964
 vsepc    0000000000000000
 mcause   8000000000000003
 scause   8000000000000009
 vscause  0000000000000000
 mtval    0000000000000000
 stval    0000000000000000
 htval    0000000000000000
 mtval2   0000000000000000
 mscratch 0000000080029000
 sscratch 0000000000000000
 satp     a01f5000000aa15b
 x0/zero  0000000000000000 x1/ra    ffffffff8023416c x2/sp    ff200000000026a0 x3/gp    ffffffff89240400
 x4/tp    ff6000000e6d8000 x5/t0    0000000000000000 x6/t1    ff6000000e6d8bc0 x7/t2    ff6000000e6d8b20
 x8/s0    ff200000000026a0 x9/s1    0000000000000009 x10/a0   0000000000000000 x11/a1   0000000000000001
 x12/a2   0000000000000001 x13/a3   ffffffff8495f408 x14/a4   0000000000000000 x15/a5   0000000000000103
 x16/a6   0000000000ff0100 x17/a7   0000000000000007 x18/s2   0000000000000001 x19/s3   ff60000019282640
 x20/s4   0000000000000001 x21/s5   ff600000154e9240 x22/s6   1fec0000032505be x23/s7   0000000000000024
 x24/s8   1fec0000032505be x25/s9   0000000000000007 x26/s10  ff600000192824c0 x27/s11  1fec0000052117c6
 x28/t3   f0e75846c1fbcc8b x29/t4   1fec000001cdb160 x30/t5   ffffffff8933dd40 x31/t6   1fec000001cdb17c
 f0/ft0   0000000000000000 f1/ft1   0000000000000000 f2/ft2   0000000000000000 f3/ft3   0000000000000000
 f4/ft4   0000000000000000 f5/ft5   0000000000000000 f6/ft6   0000000000000000 f7/ft7   0000000000000000
 f8/fs0   0000000000000000 f9/fs1   0000000000000000 f10/fa0  0000000000000000 f11/fa1  0000000000000000
 f12/fa2  0000000000000000 f13/fa3  0000000000000000 f14/fa4  0000000000000000 f15/fa5  0000000000000000
 f16/fa6  0000000000000000 f17/fa7  0000000000000000 f18/fs2  0000000000000000 f19/fs3  0000000000000000
 f20/fs4  0000000000000000 f21/fs5  0000000000000000 f22/fs6  0000000000000000 f23/fs7  0000000000000000
 f24/fs8  0000000000000000 f25/fs9  0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8  0000000000000000 f29/ft9  0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1

CPU#1
 V      =   0
 pc       ffffffff801b9f08
 mhartid  0000000000000001
 mstatus  0000000a000001a0
 hstatus  0000000200000000
 vsstatus 0000000a00000000
 mip      0000000000000000
 mie      000000000000022a
 mideleg  0000000000001666
 hideleg  0000000000000000
 medeleg  0000000000f0b509
 hedeleg  0000000000000000
 mtvec    0000000080000428
 stvec    ffffffff85ca3c44
 vstvec   0000000000000000
 mepc     ffffffff8040fcda
 sepc     ffffffff8040fcda
 vsepc    0000000000000000
 mcause   8000000000000003
 scause   8000000000000001
 vscause  0000000000000000
 mtval    0000000000000000
 stval    0000000000000000
 htval    0000000000000000
 mtval2   0000000000000000
 mscratch 0000000080027000
 sscratch 0000000000000000
 satp     a021c000000bb557
 x0/zero  0000000000000000 x1/ra    ffffffff802a3b92 x2/sp    ff2000000000ba50 x3/gp    ffffffff89240400
 x4/tp    ff6000000ca8cec0 x5/t0    ff6000007ab71680 x6/t1    ff6000000ca8da30 x7/t2    0000000000000090
 x8/s0    ff2000000000ba50 x9/s1    0000000000000001 x10/a0   0000000000000001 x11/a1   ffffffff8623dbe0
 x12/a2   0000000000000009 x13/a3   0000000000000001 x14/a4   0000000000000000 x15/a5   0000000000000000
 x16/a6   0000000000000003 x17/a7   0000000000000000 x18/s2   ffffffff87ab1ac0 x19/s3   ffffffff8b1a6b48
 x20/s4   dfffffff00000000 x21/s5   0000000000000001 x22/s6   ffffffff8b1a6b48 x23/s7   fffffffef1634d69
 x24/s8   000000000047917c x25/s9   1fec0000019519f5 x26/s10  000000000016e360 x27/s11  ffffffffffffffb0
 x28/t3   9bcd8cf8069a56ef x29/t4   1fec000001951b38 x30/t5   ffffffff8b1a6b48 x31/t6   1fec000001951b4a
 f0/ft0   0000000000000000 f1/ft1   0000000000000000 f2/ft2   0000000000000000 f3/ft3   0000000000000000
 f4/ft4   0000000000000000 f5/ft5   0000000000000000 f6/ft6   0000000000000000 f7/ft7   0000000000000000
 f8/fs0   0000000000000000 f9/fs1   0000000000000000 f10/fa0  0000000000000000 f11/fa1  0000000000000000
 f12/fa2  0000000000000000 f13/fa3  0000000000000000 f14/fa4  0000000000000000 f15/fa5  0000000000000000
 f16/fa6  0000000000000000 f17/fa7  0000000000000000 f18/fs2  0000000000000000 f19/fs3  0000000000000000
 f20/fs4  0000000000000000 f21/fs5  0000000000000000 f22/fs6  0000000000000000 f23/fs7  0000000000000000
 f24/fs8  0000000000000000 f25/fs9  0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8  0000000000000000 f29/ft9  0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000