last executing test programs: 5m8.549397998s ago: executing program 0 (id=886): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x8001) ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x40044160, 0x3) 4m43.358163587s ago: executing program 0 (id=887): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040}, 0x20008014) 4m9.646708104s ago: executing program 0 (id=889): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=@known='user.incfs.metadata\x00') 3m39.680821897s ago: executing program 0 (id=891): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff024}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6, 0xfc, 0x0, 0x7}]}, 0x10) sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840) 3m27.146618277s ago: executing program 1 (id=892): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000001880)=0x40, 0x4) sendmmsg$inet6(r0, &(0x7f0000000900)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @loopback, 0x210}, 0x1c, 0x0}}], 0x1, 0x0) 2m55.311477372s ago: executing program 0 (id=893): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x30, r1, 0x8d61ddcfedb48df, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040800}, 0x0) 2m47.041491403s ago: executing program 1 (id=894): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f0000000080)={0x0, 0x1, 0x6, 0x1fd}) 2m14.863085609s ago: executing program 1 (id=895): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x86, &(0x7f00000010c0)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x4, 0x2, 0x0, @broadcast=0x1000000, {0x17, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x11, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x15}, {[@timestamp_addr={0x44, 0xc, 0x0, 0x1, 0x5, [{@private=0xa010102, 0x4e20ffff}]}, @timestamp_addr={0x44, 0x3c, 0xed, 0x1, 0x0, [{@multicast1, 0x4}, {}, {@loopback}, {@initdev={0xac, 0x1e, 0x1, 0x0}}, {@rand_addr=0x64010101, 0x800}, {@dev={0xac, 0x14, 0x14, 0x3b}}, {@local, 0x4}]}]}}}}}}}, 0x0) 2m13.594037753s ago: executing program 0 (id=896): r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) read$usbfs(r0, &(0x7f0000001980)=""/249, 0xf9) 1m55.488741138s ago: executing program 1 (id=897): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="07000000040000008000000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f0000000c40)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000007000000850000001b000000b700000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 1m28.689015453s ago: executing program 32 (id=896): r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) read$usbfs(r0, &(0x7f0000001980)=""/249, 0xf9) 1m26.708802253s ago: executing program 1 (id=899): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB='|']) 53.273760872s ago: executing program 1 (id=900): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000008"], 0x0, 0x10000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x94, 0x0, 0x0, 0x0, 0x11, 0x0, 0x63, 0x0, &(0x7f00000000c0)='\x00', 0x0}, 0x48) 0s ago: executing program 33 (id=900): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000008"], 0x0, 0x10000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x94, 0x0, 0x0, 0x0, 0x11, 0x0, 0x63, 0x0, &(0x7f00000000c0)='\x00', 0x0}, 0x48) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:7855' (ED25519) to the list of known hosts. syzkaller login: [ 601.564118][ T3223] cgroup: Unknown subsys name 'net' [ 602.827929][ T3223] cgroup: Unknown subsys name 'cpuset' [ 603.013005][ T3223] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 686.146236][ T3223] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 837.929924][ T3230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 838.191330][ T3230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 844.391861][ T3233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 844.602868][ T3233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 856.182204][ T3230] hsr_slave_0: entered promiscuous mode [ 856.341937][ T3230] hsr_slave_1: entered promiscuous mode [ 862.413607][ T3233] hsr_slave_0: entered promiscuous mode [ 862.453272][ T3233] hsr_slave_1: entered promiscuous mode [ 862.479402][ T3233] debugfs: 'hsr0' already exists in 'hsr' [ 862.482117][ T3233] Cannot create hsr debugfs directory [ 872.029504][ T3230] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 872.314441][ T3230] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 872.453271][ T3230] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 872.981291][ T3230] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 874.637708][ T3233] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 874.864144][ T3233] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 875.234679][ T3233] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 875.458671][ T3233] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 897.550709][ T3233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 900.051268][ T3230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 983.648579][ T3233] veth0_vlan: entered promiscuous mode [ 984.099968][ T3233] veth1_vlan: entered promiscuous mode [ 985.564458][ T3230] veth0_vlan: entered promiscuous mode [ 986.437196][ T3230] veth1_vlan: entered promiscuous mode [ 987.931222][ T3233] veth0_macvtap: entered promiscuous mode [ 989.434018][ T3233] veth1_macvtap: entered promiscuous mode [ 991.631918][ T3230] veth0_macvtap: entered promiscuous mode [ 992.640018][ T3230] veth1_macvtap: entered promiscuous mode [ 993.609240][ T3215] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 993.780657][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 993.784484][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 993.912300][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 997.250338][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 997.252031][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 997.253439][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 997.314078][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1001.024004][ T3233] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1012.046455][ T31] audit: type=1800 audit(1010.580:2): pid=3848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1016.774506][ T3850] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2'. [ 1020.772489][ T3852] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3'. [ 1044.239207][ T3861] process 'syz.0.7' launched './file2' with NULL argv: empty string added [ 1114.353414][ T3898] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19'. [ 1122.190167][ T3903] capability: warning: `syz.1.21' uses deprecated v2 capabilities in a way that may be insecure [ 1136.847474][ T3911] netlink: 12 bytes leftover after parsing attributes in process `syz.0.24'. [ 1137.318492][ T3911] netlink: 12 bytes leftover after parsing attributes in process `syz.0.24'. [ 1142.722894][ T3914] pim6reg9: entered allmulticast mode [ 1172.452027][ T3933] netlink: 16 bytes leftover after parsing attributes in process `syz.1.32'. [ 1172.497955][ T3933] netlink: 16 bytes leftover after parsing attributes in process `syz.1.32'. [ 1182.159472][ T3941] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 1182.159472][ T3941] The task syz.0.36 (3941) triggered the difference, watch for misbehavior. [ 1266.569685][ T3988] hugetlbfs: Bad value '' for mount option 'size' [ 1266.569685][ T3988] [ 1281.419966][ T3997] netlink: 48 bytes leftover after parsing attributes in process `syz.1.61'. [ 1283.983066][ T3997] Zero length message leads to an empty skb [ 1290.304538][ T4011] netlink: 'syz.0.63': attribute type 1 has an invalid length. [ 1290.342305][ T4011] netlink: 8 bytes leftover after parsing attributes in process `syz.0.63'. [ 1303.433862][ T4020] trusted_key: encrypted_key: keylen parameter is missing [ 1379.550955][ T4062] ======================================================= [ 1379.550955][ T4062] WARNING: The mand mount option has been deprecated and [ 1379.550955][ T4062] and is ignored by this kernel. Remove the mand [ 1379.550955][ T4062] option from the mount to silence this warning. [ 1379.550955][ T4062] ======================================================= [ 1454.882766][ T4098] netlink: 20 bytes leftover after parsing attributes in process `syz.1.105'. [ 1459.538671][ T4100] Illegal XDP return value 4294967282 on prog (id 6) dev N/A, expect packet loss! [ 1703.677991][ T4234] netlink: 8 bytes leftover after parsing attributes in process `syz.0.165'. [ 1711.321673][ T4115] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1712.132626][ T4115] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1712.142966][ T4115] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1712.161341][ T4115] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1712.164020][ T4115] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1712.500310][ T4115] usb 1-1: config 0 descriptor?? [ 1714.939248][ T4115] kovaplus 0003:1E7D:2D50.0001: item fetching failed at offset 1/5 [ 1715.093160][ T4115] kovaplus 0003:1E7D:2D50.0001: parse failed [ 1715.100485][ T4115] kovaplus 0003:1E7D:2D50.0001: probe with driver kovaplus failed with error -22 [ 1715.652978][ T4115] usb 1-1: USB disconnect, device number 2 [ 1730.644655][ T4259] loop1: detected capacity change from 0 to 7 [ 1739.062391][ T3930] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1739.398738][ T3930] usb 2-1: Using ep0 maxpacket: 8 [ 1739.587490][ T3930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1739.589596][ T3930] usb 2-1: New USB device found, idVendor=044e, idProduct=121e, bcdDevice= 0.00 [ 1739.591430][ T3930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1739.772003][ T3930] usb 2-1: config 0 descriptor?? [ 1742.342699][ T3930] usbhid 2-1:0.0: can't add hid device: -71 [ 1742.411758][ T3930] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1742.869242][ T3930] usb 2-1: USB disconnect, device number 2 [ 1760.280265][ T4288] netlink: 16 bytes leftover after parsing attributes in process `syz.0.174'. [ 1868.089586][ T3844] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 1868.803716][ T3844] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 1868.808028][ T3844] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 1868.810297][ T3844] usb 1-1: config 0 has no interface number 0 [ 1868.847960][ T3844] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 1868.850805][ T3844] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1868.853781][ T3844] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 1868.877517][ T3844] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1869.381066][ T3844] usb 1-1: config 0 descriptor?? [ 1872.113870][ T3844] usb 1-1: USB disconnect, device number 3 [ 1890.848847][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1891.418049][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 1891.801332][ T10] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 1891.803710][ T10] usb 2-1: config 0 has no interface number 0 [ 1892.050709][ T10] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1892.088915][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1892.091576][ T10] usb 2-1: Product: syz [ 1892.094174][ T10] usb 2-1: Manufacturer: syz [ 1892.127843][ T10] usb 2-1: SerialNumber: syz [ 1892.568171][ T10] usb 2-1: config 0 descriptor?? [ 1893.497505][ T10] smsc95xx v2.0.0 [ 1897.548752][ T10] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61 [ 1897.551682][ T10] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1898.142922][ T10] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 1898.272879][ T10] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 1898.811991][ T10] usb 2-1: USB disconnect, device number 3 [ 1978.772045][ T4426] netlink: 32 bytes leftover after parsing attributes in process `syz.0.226'. [ 2015.207755][ T4448] netlink: 76 bytes leftover after parsing attributes in process `syz.0.234'. [ 2015.210281][ T4448] nbd: illegal input index -28 [ 2096.240345][ T4495] netlink: 24 bytes leftover after parsing attributes in process `syz.0.254'. [ 2142.977426][ T4519] bond0: option arp_interval: invalid value (18446744073709551615) [ 2142.981146][ T4519] bond0: option arp_interval: allowed values 0 - 2147483647 [ 2149.784625][ T4523] netlink: 16 bytes leftover after parsing attributes in process `syz.1.267'. [ 2156.763276][ T4527] netlink: 19 bytes leftover after parsing attributes in process `syz.1.269'. [ 2196.097916][ T4546] netlink: 'syz.0.277': attribute type 1 has an invalid length. [ 2196.101489][ T4546] nbd: error processing sock list [ 2213.600041][ T4559] devpts: Bad value for 'max' [ 2229.848270][ T4566] binder: 4565:4566 ioctl c00c620f 200000000980 returned -22 [ 2273.710959][ T4587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.292'. [ 2273.713633][ T4587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.292'. [ 2329.063040][ T4619] netlink: 36 bytes leftover after parsing attributes in process `syz.0.303'. [ 2356.310786][ T4636] netlink: 32 bytes leftover after parsing attributes in process `syz.0.312'. [ 2374.760390][ T4645] netlink: 12 bytes leftover after parsing attributes in process `syz.0.316'. [ 2396.871944][ T4664] random: crng reseeded on system resumption [ 2455.163078][ T31] audit: type=1326 audit(2453.720:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4692 comm="syz.1.337" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb5d31542 code=0x7fc00000 [ 2469.063789][ T4703] netlink: 24 bytes leftover after parsing attributes in process `syz.0.341'. [ 2500.304747][ T4715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.347'. [ 2523.217557][ T4729] netlink: 8 bytes leftover after parsing attributes in process `syz.0.354'. [ 2533.530383][ T4734] xt_l2tp: unknown flags: 51 [ 2563.881391][ T4501] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 2564.298972][ T4501] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30 [ 2564.302548][ T4501] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2564.353400][ T4501] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 2564.368769][ T4501] usb 2-1: config 0 interface 0 has no altsetting 0 [ 2564.371492][ T4501] usb 2-1: New USB device found, idVendor=056a, idProduct=00b2, bcdDevice= 0.00 [ 2564.373737][ T4501] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2564.630673][ T4501] usb 2-1: config 0 descriptor?? [ 2567.649447][ T4501] hid (null): invalid report_size 23980 [ 2567.652806][ T4501] hid (null): invalid report_count -402758876 [ 2568.144036][ T4501] wacom 0003:056A:00B2.0002: invalid report_size 23980 [ 2568.177835][ T4501] wacom 0003:056A:00B2.0002: item 0 2 1 7 parsing failed [ 2568.323788][ T4501] wacom 0003:056A:00B2.0002: parse failed [ 2568.344296][ T4501] wacom 0003:056A:00B2.0002: probe with driver wacom failed with error -22 [ 2569.028621][ T4501] usb 2-1: USB disconnect, device number 4 [ 2605.148609][ T4787] netlink: 12 bytes leftover after parsing attributes in process `syz.0.372'. [ 2750.919267][ T4878] netlink: 12 bytes leftover after parsing attributes in process `syz.1.406'. [ 2801.260096][ T3930] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 2802.362205][ T3930] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 2802.372559][ T3930] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 2802.794314][ T3930] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 2802.809499][ T3930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2802.811144][ T3930] usb 2-1: Product: syz [ 2802.812896][ T3930] usb 2-1: Manufacturer: syz [ 2802.816134][ T3930] usb 2-1: SerialNumber: syz [ 2802.979175][ T3930] usb 2-1: config 0 descriptor?? [ 2803.031600][ T4904] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2803.141690][ T4904] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2804.908332][ T4904] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2804.947941][ T4904] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2805.408927][ T4904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2805.562245][ T4904] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2805.738289][ T3930] Error reading MAC address [ 2805.968355][ T3930] usb 2-1: USB disconnect, device number 5 [ 2870.991375][ T4945] netlink: 40 bytes leftover after parsing attributes in process `syz.0.429'. [ 2877.550266][ T4947] netlink: 6 bytes leftover after parsing attributes in process `syz.1.431'. [ 2994.332509][ T4999] netlink: 20 bytes leftover after parsing attributes in process `syz.1.455'. [ 3042.218143][ T5015] netlink: 16 bytes leftover after parsing attributes in process `syz.0.462'. [ 3068.742069][ T5027] tmpfs: Cannot change global quota limit on remount [ 3080.909561][ T5034] netlink: 64 bytes leftover after parsing attributes in process `syz.1.471'. [ 3161.581772][ T5077] ubi31: attaching mtd0 [ 3161.584480][ T5077] ubi31 error: ubi_attach_mtd_dev: bad VID header (2) or data offsets (66) [ 3168.671830][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 3223.764373][ T5112] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 3242.813770][ T5123] netlink: 8 bytes leftover after parsing attributes in process `syz.1.511'. [ 3242.831240][ T5123] netlink: 4 bytes leftover after parsing attributes in process `syz.1.511'. [ 3242.858142][ T5123] netlink: 'syz.1.511': attribute type 14 has an invalid length. [ 3429.761310][ T5226] usb usb1: usbfs: process 5226 (syz.1.552) did not claim interface 0 before use [ 3475.160819][ T4742] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 3475.518186][ T4742] usb 2-1: Using ep0 maxpacket: 32 [ 3475.693774][ T4742] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 3475.699250][ T4742] usb 2-1: config 0 has no interface number 0 [ 3475.701463][ T4742] usb 2-1: config 0 interface 184 has no altsetting 0 [ 3475.971246][ T4742] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 3475.973788][ T4742] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3475.980381][ T4742] usb 2-1: Product: syz [ 3475.982094][ T4742] usb 2-1: Manufacturer: syz [ 3475.983681][ T4742] usb 2-1: SerialNumber: syz [ 3476.217116][ T4742] usb 2-1: config 0 descriptor?? [ 3476.466961][ T4742] smsc75xx v1.0.0 [ 3478.869209][ T4742] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 3478.873996][ T4742] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 3478.877385][ T4742] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 3478.910748][ T4742] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 3479.231346][ T4742] usb 2-1: USB disconnect, device number 6 [ 3505.217309][ T5267] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 3536.243881][ T5285] devpts: Bad value for 'max' [ 3556.564322][ T5298] batadv_slave_0: entered allmulticast mode [ 3585.877067][ T5314] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 3675.758927][ T5372] mmap: syz.1.601 (5372) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 3730.160641][ T5395] netlink: 28 bytes leftover after parsing attributes in process `syz.0.612'. [ 3764.548158][ T5410] sock: sock_timestamping_bind_phc: sock not bind to device [ 3773.000715][ T5415] xt_hashlimit: max too large, truncated to 1048576 [ 3821.890692][ T27] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3871.162465][ T31] audit: type=1804 audit(3869.740:4): pid=5472 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.642" name="/newroot/329/file1" dev="tmpfs" ino=1687 res=1 errno=0 [ 3950.577129][ T5519] capability: warning: `syz.1.662' uses 32-bit capabilities (legacy support in use) [ 4027.110113][ T5555] netlink: 12 bytes leftover after parsing attributes in process `syz.1.678'. [ 4047.113798][ T5568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.682'. [ 4047.131447][ T5568] netlink: 32 bytes leftover after parsing attributes in process `syz.1.682'. [ 4106.592881][ T5595] gretap0: entered promiscuous mode [ 4180.957517][ T5635] pimreg3: entered allmulticast mode [ 4204.280429][ T31] audit: type=1326 audit(4202.830:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5648 comm="syz.1.710" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb5d31542 code=0x0 [ 4257.438262][ T5674] random: crng reseeded on system resumption [ 4259.411760][ T5674] Restarting kernel threads ... [ 4259.442775][ T5674] Done restarting kernel threads. [ 4267.151353][ T5679] netlink: 16 bytes leftover after parsing attributes in process `syz.0.722'. [ 4421.629580][ T5663] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 4422.388460][ T5663] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 4422.393628][ T5663] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 4422.418680][ T5663] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 4422.421745][ T5663] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4422.824327][ T5663] usb 2-1: config 0 descriptor?? [ 4425.312160][ T5663] usbhid 2-1:0.0: can't add hid device: -71 [ 4425.362280][ T5663] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 4425.676863][ T5663] usb 2-1: USB disconnect, device number 7 [ 4517.769747][ T5811] netlink: 104 bytes leftover after parsing attributes in process `syz.0.770'. [ 4637.298981][ T5868] xt_time: unknown flags 0xc [ 4744.159356][ T5926] netlink: 16 bytes leftover after parsing attributes in process `syz.0.815'. [ 4750.210187][ T5928] netlink: 8 bytes leftover after parsing attributes in process `syz.1.816'. [ 4776.404237][ T5941] [U]  [ 4776.510738][ T5941] [U] K{ [ 4776.513395][ T5941] [U] t 1ŠFfˊ`GJgo/mC [ 4776.539584][ T5941] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 4776.560526][ T5941] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 4776.564415][ T5941] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 4776.581260][ T5941] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 4776.610492][ T5941] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 4776.626418][ T5941] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 4776.629564][ T5941] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 4776.779194][ T5941] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 4776.784117][ T5941] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 4776.807036][ T5941] [U] 22Ʃx?0;3u [ 4776.811948][ T5941] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 4776.842949][ T5941] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 4776.901231][ T5941] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 4776.903615][ T5941] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 4776.931154][ T5941] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 4776.933180][ T5941] [U] ec [ 4776.934066][ T5941] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 4777.262479][ T5940] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 4868.770349][ T5986] devpts: Bad value for 'max' [ 4880.871140][ T5990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.841'. [ 5173.712359][ T6090] veth0: entered promiscuous mode [ 5173.828889][ T6088] veth0: left promiscuous mode [ 5503.356077][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 5640.742923][ T6143] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5713.321230][ T6143] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5775.703593][ T6135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5777.070121][ T6135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5847.542587][ T6143] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 5849.342927][ T6157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 5851.944503][ T6157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 5868.469975][ T6135] hsr_slave_0: entered promiscuous mode [ 5868.807681][ T6135] hsr_slave_1: entered promiscuous mode [ 5868.999952][ T6135] debugfs: 'hsr0' already exists in 'hsr' [ 5869.002108][ T6135] Cannot create hsr debugfs directory [ 5909.678497][ T6135] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 5913.042381][ T6135] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 5914.764629][ T6157] hsr_slave_0: entered promiscuous mode [ 5914.843457][ T6157] hsr_slave_1: entered promiscuous mode [ 5914.918227][ T6157] debugfs: 'hsr0' already exists in 'hsr' [ 5914.919569][ T6157] Cannot create hsr debugfs directory [ 5926.371532][ T6135] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 5931.459997][ T6135] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 5989.448902][ T6157] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 5990.850415][ T6157] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 5992.323670][ T6157] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 5994.277342][ T6157] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 6092.578756][ T6143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 6094.451714][ T6143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 6095.783452][ T6143] bond0 (unregistering): Released all slaves [ 6164.209332][ T6143] hsr_slave_0: left promiscuous mode [ 6165.056993][ T6143] hsr_slave_1: left promiscuous mode [ 6169.586512][ T6143] veth1_macvtap: left promiscuous mode [ 6169.683135][ T6143] veth0_macvtap: left promiscuous mode [ 6169.754504][ T6143] veth1_vlan: left promiscuous mode [ 6169.841821][ T6143] veth0_vlan: left promiscuous mode [ 6236.090750][ T6143] pimreg3 (unregistering): left allmulticast mode [ 6375.704858][ T33] INFO: task kworker/1:1:6608 blocked for more than 430 seconds. [ 6375.778531][ T33] Tainted: G L syzkaller #0 [ 6375.780906][ T33] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 6375.782977][ T33] task:kworker/1:1 state:D stack:0 pid:6608 tgid:6608 ppid:2 task_flags:0x4208060 flags:0x00000000 [ 6375.858910][ T33] Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker [ 6375.862324][ T33] Call Trace: [ 6375.863968][ T33] [] __schedule+0xf14/0x4220 [ 6375.926966][ T33] [] schedule+0xb4/0x334 [ 6375.929354][ T33] [] schedule_preempt_disabled+0x16/0x28 [ 6375.932019][ T33] [] rwsem_down_read_slowpath+0x4ca/0x954 [ 6375.934283][ T33] [] down_read+0xe0/0x454 [ 6376.002225][ T33] [] wg_noise_handshake_consume_initiation+0x4bc/0x8f8 [ 6376.066500][ T33] [] wg_receive_handshake_packet+0x692/0xa70 [ 6376.069164][ T33] [] wg_packet_handshake_receive_worker+0x116/0x30c [ 6376.071367][ T33] [] process_one_work+0x930/0x1e14 [ 6376.073610][ T33] [] worker_thread+0x540/0xcbc [ 6376.157975][ T33] [] kthread+0x37c/0x778 [ 6376.178229][ T33] [] ret_from_fork_kernel+0x2a/0xbbc [ 6376.180746][ T33] [] ret_from_fork_kernel_asm+0x16/0x18 [ 6376.184493][ T33] [ 6376.184493][ T33] Showing all locks held in the system: [ 6376.274235][ T33] 1 lock held by khungtaskd/33: [ 6376.381189][ T33] #0: ffffffff885ec0a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2a/0x1a8 [ 6376.480903][ T33] 1 lock held by klogd/3016: [ 6376.482742][ T33] 1 lock held by dhcpcd/3060: [ 6376.484418][ T33] #0: ffffffff89b56ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2c SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 6376.717295][ T33] 2 locks held by getty/3182: [ 6376.719750][ T33] #0: ffffaf801d8830a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x48 [ 6376.828994][ T33] #1: ffff8f800008e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x3be/0x1324 [ 6376.947830][ T33] 2 locks held by syz-executor/3223: [ 6376.949884][ T33] 2 locks held by kworker/0:3/3797: [ 6376.951411][ T33] 3 locks held by kworker/1:5/3930: [ 6376.952952][ T33] 2 locks held by kworker/0:8/3956: [ 6376.954470][ T33] 3 locks held by kworker/u8:7/5437: [ 6377.009920][ T33] 2 locks held by kworker/0:1/5558: [ 6377.011786][ T33] 2 locks held by kworker/0:2H/6078: [ 6377.013455][ T33] #0: ffffffff885ec0a0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x516/0x1be0 [ 6377.163010][ T33] #1: ffffffff885ec0a0 (rcu_read_lock){....}-{1:3}, at: ip_local_deliver+0x1ec/0x55c [ 6377.182427][ T33] 3 locks held by kworker/u8:5/6096: [ 6377.183682][ T33] #0: ffffaf801f2af148 ((wq_completion)wg-kex-wg0#3){+.+.}-{0:0}, at: process_one_work+0x814/0x1e14 [ 6377.230846][ T33] #1: ffff8f8002ff7b70 ((work_completion)(&peer->clear_peer_work)){+.+.}-{0:0}, at: process_one_work+0x83c/0x1e14 [ 6377.234702][ T33] #2: ffffaf8030778d20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_clear+0x26/0xb8 [ 6377.358154][ T33] 2 locks held by kworker/0:7/6111: [ 6377.359235][ T33] 2 locks held by kworker/0:9/6115: [ 6377.360281][ T33] 2 locks held by kworker/0:12/6130: [ 6377.361252][ T33] 4 locks held by kworker/0:13/6131: [ 6377.362280][ T33] 1 lock held by syz-executor/6135: [ 6377.363255][ T33] #0: ffffffff89b56ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2c [ 6377.417749][ T33] 3 locks held by kworker/u8:6/6138: [ 6377.418911][ T33] #0: ffffaf8014b2a148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x814/0x1e14 [ 6377.422457][ T33] #1: ffff8f8002307b70 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x83c/0x1e14 [ 6377.499185][ T33] #2: ffffffff89b56ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2c [ 6377.504672][ T33] 5 locks held by kworker/u8:2/6143: [ 6377.647972][ T33] 1 lock held by syz-executor/6157: [ 6377.649647][ T33] #0: ffffffff89b56ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2c [ 6377.654747][ T33] 2 locks held by kworker/0:15/6178: [ 6377.729621][ T33] 4 locks held by kworker/1:1/6608: [ 6377.731233][ T33] #0: ffffaf801a40b948 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_one_work+0x814/0x1e14 [ 6377.849231][ T33] #1: ffff8f8000e37b70 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __asm__ ("" : "=r"(__ptr) : "0"((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x83c/0x1e14 [ 6377.911119][ T33] #2: ffffaf801f245308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x138/0x8f8 [ 6378.027769][ T33] #3: ffffaf8030778d20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4bc/0x8f8 [ 6378.031617][ T33] 4 locks held by kworker/u8:10/6676: [ 6378.032647][ T33] #0: ffffaf801f2af148 ((wq_completion)wg-kex-wg0#3){+.+.}-{0:0}, at: process_one_work+0x814/0x1e14 [ 6378.092283][ T33] #1: ffff8f8000d17b70 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x83c/0x1e14 [ 6378.139414][ T33] #2: ffffaf801f245308 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0xe4/0x5e4 [ 6378.143016][ T33] #3: ffffaf8030778d20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0xee/0x5e4 [ 6378.266064][ T33] 3 locks held by kworker/u8:11/6715: [ 6378.267387][ T33] #0: ffffaf8011e89948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x814/0x1e14 [ 6378.271465][ T33] #1: ffff8f8000d47b70 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x83c/0x1e14 [ 6378.327630][ T33] #2: ffffffff89b56ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2c [ 6378.331723][ T33] 1 lock held by syz-executor/6723: [ 6378.332687][ T33] #0: ffffffff89b56ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2c [ 6378.418260][ T33] 1 lock held by syz-executor/6733: [ 6378.419560][ T33] #0: ffffffff89b56ee8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2c [ 6378.423270][ T33] [ 6378.424055][ T33] ============================================= [ 6378.424055][ T33] [ 6378.491081][ T33] NMI backtrace for cpu 1 [ 6378.491986][ T33] CPU: 1 UID: 0 PID: 33 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT [ 6378.492687][ T33] Tainted: [L]=SOFTLOCKUP [ 6378.492854][ T33] Hardware name: riscv-virtio,qemu (DT) [ 6378.493040][ T33] Call Trace: [ 6378.493205][ T33] [] dump_backtrace+0x2e/0x3c [ 6378.493757][ T33] [] show_stack+0x30/0x3c [ 6378.494075][ T33] [] dump_stack_lvl+0x114/0x1ac [ 6378.494665][ T33] [] dump_stack+0x1c/0x28 [ 6378.495235][ T33] [] nmi_cpu_backtrace+0x25e/0x3b0 [ 6378.495856][ T33] [] nmi_trigger_cpumask_backtrace+0x29e/0x460 [ 6378.496353][ T33] [] arch_trigger_cpumask_backtrace+0x2c/0x3c [ 6378.496911][ T33] [] sys_info+0x20c/0x254 [ 6378.497250][ T33] [] watchdog+0xb44/0x1184 [ 6378.497614][ T33] [] kthread+0x37c/0x778 [ 6378.498019][ T33] [] ret_from_fork_kernel+0x2a/0xbbc [ 6378.498384][ T33] [] ret_from_fork_kernel_asm+0x16/0x18 [ 6378.513473][ T33] Sending NMI from CPU 1 to CPUs 0: [ 6378.516763][ C0] NMI backtrace for cpu 0 [ 6378.517493][ C0] CPU: 0 UID: 0 PID: 6078 Comm: kworker/0:2H Tainted: G L syzkaller #0 PREEMPT [ 6378.518320][ C0] Tainted: [L]=SOFTLOCKUP [ 6378.518578][ C0] Hardware name: riscv-virtio,qemu (DT) [ 6378.519189][ C0] Workqueue: 0x0 (kblockd) [ 6378.520163][ C0] epc : __local_bh_enable_ip+0x222/0x588 [ 6378.521524][ C0] ra : __local_bh_enable_ip+0x21e/0x588 [ 6378.522646][ C0] epc : ffffffff80165826 ra : ffffffff80165822 sp : ffff8f8000006b40 [ 6378.523124][ C0] gp : ffffffff89f9af80 tp : ffffaf801afc1a80 t0 : ffff8f8000006ee8 [ 6378.523589][ C0] t1 : ffffffff8007a304 t2 : ffffffff802664d8 s0 : ffff8f8000006b90 [ 6378.524037][ C0] s1 : 0000000000000102 a0 : 0000000000000000 a1 : ffffffff87ef7658 [ 6378.524511][ C0] a2 : 0000000000000003 a3 : 0000000000000001 a4 : 0000000000001000 [ 6378.525059][ C0] a5 : 0000000000132f44 a6 : 0000000000000000 a7 : 0000000041b58ab3 [ 6378.525547][ C0] s2 : ffffaf801afc1a80 s3 : ffffffff85a70f4c s4 : 0000000000000001 [ 6378.525994][ C0] s5 : ffffffff913696a0 s6 : 1ffff5f0035f8351 s7 : 0000000000000001 [ 6378.526421][ C0] s8 : ffffaf803043d0d8 s9 : ffffaf803b9c0700 s10: ffff8f8000006dc0 [ 6378.526874][ C0] s11: ffffffff877a9180 t3 : ffffffff87d88058 t4 : 0000000000001fff [ 6378.527281][ C0] t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000 [ 6378.527668][ C0] status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000001 [ 6378.528111][ C0] [] __local_bh_enable_ip+0x222/0x588 [ 6378.529044][ C0] [] ipt_do_table+0xda0/0x1b5c [ 6378.529850][ C0] [] nf_hook_slow+0xac/0x208 [ 6378.530532][ C0] [] __ip_local_out+0x47e/0xb5c [ 6378.531269][ C0] [] ip_local_out+0x28/0x17c [ 6378.532407][ C0] [] synproxy_send_tcp.isra.0+0x3f8/0x5dc [ 6378.533729][ C0] [] synproxy_send_client_synack+0x604/0x868 [ 6378.534371][ C0] [] nft_synproxy_do_eval+0x84e/0xa5c [ 6378.535216][ C0] [] nft_synproxy_eval+0x28/0x50 [ 6378.535829][ C0] [] nft_do_chain+0x30a/0x149c [ 6378.536413][ C0] [] nft_do_chain_inet+0xfe/0x328 [ 6378.537000][ C0] [] nf_hook_slow+0xac/0x208 [ 6378.537618][ C0] [] ip_local_deliver+0x2d2/0x55c [ 6378.538250][ C0] [] ip_rcv_finish+0x1ac/0x2a4 [ 6378.538908][ C0] [] ip_rcv+0xd2/0x458 [ 6378.539508][ C0] [] __netif_receive_skb_one_core+0x106/0x170 [ 6378.540387][ C0] [] __netif_receive_skb+0x28/0x12c [ 6378.541227][ C0] [] process_backlog+0x58e/0x1be0 [ 6378.542018][ C0] [] __napi_poll.constprop.0+0x9e/0x4a8 [ 6378.542826][ C0] [] net_rx_action+0x9ea/0xde4 [ 6378.543596][ C0] [] handle_softirqs+0x442/0x1198 [ 6378.544438][ C0] [] __irq_exit_rcu+0x2de/0x534 [ 6378.545926][ C0] [] irq_exit_rcu+0x10/0xf4 [ 6378.546941][ C0] [] handle_riscv_irq+0x40/0x4c [ 6378.547733][ C0] [] call_on_irq_stack+0x32/0x40 [ 6379.007157][ T33] Kernel panic - not syncing: hung_task: blocked tasks [ 6379.009329][ T33] CPU: 1 UID: 0 PID: 33 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT [ 6379.011147][ T33] Tainted: [L]=SOFTLOCKUP [ 6379.011829][ T33] Hardware name: riscv-virtio,qemu (DT) [ 6379.012788][ T33] Call Trace: [ 6379.013440][ T33] [] dump_backtrace+0x2e/0x3c [ 6379.014527][ T33] [] show_stack+0x30/0x3c [ 6379.015451][ T33] [] dump_stack_lvl+0x114/0x1ac [ 6379.017064][ T33] [] dump_stack+0x1c/0x28 [ 6379.018726][ T33] [] vpanic+0x274/0x684 [ 6379.019854][ T33] [] panic+0xa0/0xa4 [ 6379.020727][ T33] [] watchdog+0xb74/0x1184 [ 6379.021532][ T33] [] kthread+0x37c/0x778 [ 6379.022667][ T33] [] ret_from_fork_kernel+0x2a/0xbbc [ 6379.024277][ T33] [] ret_from_fork_kernel_asm+0x16/0x18 [ 6379.026866][ T33] SMP: stopping secondary CPUs [ 6379.030520][ T33] Rebooting in 86400 seconds..