last executing test programs: 46.801607651s ago: executing program 0 (id=2554): r0 = gettid() prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) tkill(r0, 0x0) 45.348051193s ago: executing program 0 (id=2560): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e25, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) recvmmsg(r1, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=""/23, 0x17}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)="2bd1598df75c98a6936444aa68d948213365771a20eb8b0338634fc5b0ef9432584af949108856571424758106273e2a06a088a30c2b700286f933c1b5a338e8f15fff2559eb545e1e8cfcb73d18c15dfaf04550bbd479aca9d59f408a7f8647ee014f5c0325ae447fc915d6a5ba5ddd204b1d4f3c83fc3a8b2e79726653e96d", 0x80}], 0x1}}], 0x1, 0x0) 45.173509268s ago: executing program 0 (id=2563): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) inotify_init1(0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0), 0x18) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14) 44.200916597s ago: executing program 0 (id=2564): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket(0x0, 0x0, 0x0) syz_mount_image$cramfs(&(0x7f0000000440), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[], 0xfc, 0x15e, &(0x7f0000000480)="$eJzs0U1rE0Ecx/Hv7E4ewIQoRggeTG5Gg5AH9CYhKwYDxgVFEE+BuKKQEDGgPTb02kOg1xz6cC19C0nbQ2lJLn0VveRW6HHL7CYs7Wv4f27zm+H3n519/3ZRVETeDfp//nrDofej8NltN79cTacNk8eB5J398PysAb/QzDQsR2Di0zT8/N3zrO6gZ9bLBiQA58Eqp59Zz3OympGGCr69zk4SwTlrNTLMnsA3el6NWLB+qsHJhH1lYL4Hz/FxHoVZBbgGbFDKXN5PhEWtUv6xgo1J6ejw4tP8vPXqZd3brjbHL1I5uwTs46jkmRU9yWLe/ui23UWtWn2TLFcsXl+aQjbH6A+pf/BdgTZ9FkFfnNwz/RW2FOwEs5bHKm0+YvfG7Yf3qJuC/3YBVH7S7eRiB53sQwu7qM2uzz3mFwU70YsIIYQQQgghhBBCCCGEEEIIIYQQkdsAAAD//7ILTbU=") ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r1, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000540)=""/2, 0x2}}, 0x120) readv(r1, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2) write$UHID_DESTROY(r1, &(0x7f0000000200), 0x4) sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4810) r3 = syz_usb_connect$uac1(0x4, 0x0, 0x0, &(0x7f0000000440)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x0, 0xff, 0x0, 0x2, 0x40, 0x2b}, 0xf, &(0x7f0000000280)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x0, 0x1f}]}, 0x4, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x42b}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x436}}, {0x2, &(0x7f0000000340)=@string={0x2}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x41b}}]}) syz_usb_control_io$uac1(r3, &(0x7f0000000540)={0x14, &(0x7f00000004c0)={0x0, 0xe, 0x28, {0x28, 0x4, "11ce9dc158b9963d6bf5bce79c21679e60712760e76dfef1dd2d8c30a77f5ee869aa92c83788"}}, 0x0}, &(0x7f0000000880)={0x44, &(0x7f0000000580)={0x20, 0xc, 0xf8, "142fdc249efa604904e62e2143b5c10b37d8ef988e1581f5070783429789dc93403366f1f8fa9a289c56df0a4779452a4eb17ccbe3c86cd9c26bc8a55956238bf80028b81e2519b53f8f5e8fe2c9631717807df541b4a5dff4f0917ef78c4e85433162ee65db65848d76df7f69060eca487d1c9b6c4a1523527a4531edff99c09beb126faf9eed68e963e114ebcf560836978a9f314a5ef7f75759ded299ca627c78ca08a210f904e5d1064617aaffc7f8a005138d20e376816a1ff55f832286a74c7cb3df033cdc4893fada823bcf8a1aecabdbd2174d6c3f1c9880d489692e168ffc173fc264d23e6029d4675d0fa6d04cb51958fff5e2"}, &(0x7f00000006c0)={0x0, 0xa, 0x1}, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="208101000000fa1243be0b7f1587644042f3f7cbeae6ef43c600227d62c7582dde4358d8b731d770d4c70d034052c1d7a87079f3ed48fe5eacb6fb08516f9c308d0cfe4ca91635a518aa94508790844fcac85c6f37febaf7a7d187840d182d00002a403e354753b56288f4a090204575db66a6fa656161f1740580d1599b"], 0x0, &(0x7f00000007c0)={0x20, 0x83, 0x1, "dd"}, &(0x7f0000000800)={0x20, 0x84, 0x2, "44b4"}, &(0x7f0000000840)={0x20, 0x85, 0x3, "5fb34c"}}) 41.061161016s ago: executing program 0 (id=2578): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@bloom_filter, 0x48) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) 40.043340131s ago: executing program 0 (id=2582): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r0) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'ip6gre0\x00', 0x400}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 20.01677428s ago: executing program 1 (id=2693): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f00000003c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x27}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f0000000200)=ANY=[@ANYBLOB="636865636b3d72656c617865642c696f636861727365743d69736f383835392d312c6f76657272696465726f636b7065726d2c646d6f64653d3078303030303030300030303030303030392c686964652c6f76657272696465726f636b7065726d2c636865636b3d7374726963742c6d61703d6f66662c6d6f64653d3078303030303030303030303030303030312c696f636861727365743d63703933322c6e6f726f636b2c646d6f64653d3078666666666666666666666666666366612c6d61703d6e6f72bf616c2c6d61703d61636f726e2c6d6f1c113d3078302330303030303030303030303030352c686964652c657569643e9bffbbc8dc0831f1f71752c0ec6370d60ec0e169761a3a8f175112119b57f387cea723b9c1ceb05c28c44fa818248d2baadc1b5d05f2db2b872312abba57baab497f38ff34f39d07", @ANYRESDEC=0x0, @ANYBLOB=',obj_user=&#@,euid=', @ANYRESDEC=0xee01, @ANYBLOB=',func=FILE_CHECK,\x00'], 0x2, 0x9e8, &(0x7f0000000440)="$eJzs3c1vHOd9B/Dv8EWiaUOSbdV1BdtayZVM2yxFUrVUwYdWIlcSXb4UJAVY6MFyLaoQxNat3QK2UaAyUPRUowVa9JDcjJxyMuBLfAl8S27JKYcAgf8FIyflxGBml9SSXHJJhW+WPx9id+flN8/zm53Zebi7s/OE75alo6vGlpaq2yOO3/jxHmTMAXZl/JvPv/isvH16P4fSnTeKnyR9SWpJT5Lnk96x8dmZqQ4F3UtuJfk6KZIcTuNxS26l+O889XD86xQ/LOvd0KGtlkwnS3yv7ff+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1ExNj48PFIcysT0jbdrDUltnbHx2ZkiS0vr5ywv0/BV1et38VXHepOivKWvb7mr7+ePP5z9XJLa6bzQGHuh6pA8ffnkyeeOvflsT9fy8htl8wc5vPViP/z4k3vvLi4ufLAriRx81+rTE3MzE1OXr9VrE3MztUsXLgyfu351rnZ1YrI+d3Nuvj5VG5utX56fma0NjL1aG7l06XytPnRz5sb0tfGhyfryxIt/Njo8fKH21tDf1C/Pzs1Mn3traG7s+sTk5MT0tSqmnF3GXCx3xL+emK/N1y9P1Wp37i4unF+TU3fW7L9l0EinNSmDRjsFjQ6Pjo6MjI6OfNrsPXtlwoU3Lr1xcXi4Z3iNrIvYpZ2Wg+WJjTfzzh/E4RF1Ndr/ZDITmc6NvJ1a27+xjGc2M5naYH7Tcvt/5lx903pb2/9mK9/TMvtEeXc6LzVH+zZo/zfIZe/+PszH+ST38m4Ws5iFfLDvGe3t37XUM52JzGUmE5nK5WpKrTmllku5kAsZzju5npOZSy1XM5HJ1DOXm5nLfOrVHjWW2dRzOfOZyWxqGchYXk0tI7mUSzmfWuoZys3M5Eamcy3juVyVcid3q+f9/CY5rgSNbCVodJOgdY35ttv/+tp/Tvje2fmDODyipWb7f6hz6MDYXiQEAAAA7Lg/+XmOHH/mZ79JirxYfS5/dWKyPrzfaQEAAAA7qDpd74XyobccejGF9/8AAADwuCmq39gVSfpzsjG0/EsoHwIAAADAY6L6/v+lFCcfTvD+HwAAAB4zna+x3zGiGFy+/G/tduPxdjOiMVb0X52YrA+NzUy+OZKz1VUGql8arCutOyl6q58fvJZTjahT/Y3H/ocllnX2lVEjQ2+O5LWcbq7IwMvlw8sDbSJHG5GvNCJfaY3szqrI82UkADzuTm/SHm+1/X8tg42IwRNVk99zok0bPKxlBYCDYqWPnd81uzRr0/43I17aqP3/803e/5cRz+TOycYpBUN5L+9nMbczmOYZByfblbrcG0HjNITBDp8G9DdPWfjlxa4Mrvs8oG9lXVtjFzKawbafCLSUWyzncL4R17072wAA9trpTdvhrbX/gx3e//c7pRAADpSVHux3cWC/1xEAWE0rDQAAAAAAAAAAAAAAAAAAAAAAAAAAADtvSxfw/8XZZHFxIdmDzgJWBvq2k+HmA13Zo5z3faA7yX7V/pfZ9lLlNj4oT52B1QP7fGACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgTxRJd7vpXcnhJMNJzu19Vrvn/n4nsFNqj7ZY8SAP8lGO7HQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfd83r/3el8fhkY1J6upIzSW4l+dv9znEnPdjvBPbNP1T3Ldf/70p6s1Skp7HZU/SOjc/OTJWbvzhczv/m8y8+K2+dy17fq0JZQFnDqs4lmjW0TOldvdTT1VL94wsf3vuX9/+pNn6l2jGvzF+dHJ+6NvtXDwOfK75sdIHQ2g3Ccr7/duan/9My+VCz8i/LNW1vbb1Xq3rH19f7x+2W3qDeLbi7uDBa1jRff3v+X//x7kcts57JqeTlgWRgdU1/X942qOnU2udzteLb4j+LI/n/3Kq2f/lsFEtFuYmOVuv/xJ27iwtD772/eHslp39fldOxnExyO+nbek4nq+NJW9Ve19Vb1jpcBZV3xzuUt6mWEkc2eF6frnaZ/m2tQ23jdah0eN6bGZ1vm9H//vOzObvtLX22Q41tFd8Wvy6u51f5j5b+P7rK7X8mbV+dbYqoIlv2lNZ5q15eXY3Ias1HW2e8s7bMDV+V7IL/yt/lL1a2f1fL8b+5rfbmeNRSY/vXRbL918WPjq5rUR6qWqTja1qk5tFno2WaeR5vRG2Q5x/l9aTnxLaOKK93OKLs1uv/B8VAfpv7+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOviLpbje9KzmT5FiSo+V4LVlaG3P/Eerr6i8eJc0d8yg5f/cUG65o8SAP8lGO7HVGAAAAAAAAAOyOK+PffP7FZ+Wt+j6+O3/a1ZxTS3qSHCv+r3dsfHZmqkNBvcmt5a/0+7aXw63y7qmH41+XY893WGh/Tx8AgO+03wcAAP//BZNu0Q==") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r3, &(0x7f0000002740)=""/196, 0xc4) socket$inet(0x2, 0x1, 0xf0000000) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/../file0\x00', &(0x7f00000000c0), 0x88001, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000240), 0x24, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)={0x40, r5, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_KEY={0x24, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "cabee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DEFAULT={0x4}]}]}, 0x40}}, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) llistxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)=""/2, 0x2) r8 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000740)=r8) preadv(r8, &(0x7f0000000b80)=[{&(0x7f0000000680)=""/178, 0xb2}, {&(0x7f0000000780)=""/252, 0xfc}, {&(0x7f0000000500)}, {&(0x7f0000000880)=""/84, 0x54}, {&(0x7f0000000900)=""/51, 0x33}, {&(0x7f0000000980)=""/100, 0x64}, {&(0x7f0000000a00)=""/252, 0xfc}, {&(0x7f0000000b00)=""/86, 0x56}], 0x8, 0x400, 0xfffffff8) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000940)={0x1, 0x0, [{0x0, 0xe4, &(0x7f0000000580)=""/228}]}) 18.91467575s ago: executing program 4 (id=2696): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xa, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x7d}}, &(0x7f0000000480)='GPL\x00'}, 0x80) 18.839418606s ago: executing program 4 (id=2697): creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x24) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000040), 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x10}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc) sendmmsg$inet6(r1, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000440), 0xc) writev(r1, &(0x7f0000000580), 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x3, &(0x7f0000000280)) open(0x0, 0x149442, 0x0) ftruncate(0xffffffffffffffff, 0x200002) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="03030000000000000000150000000c00018008000300"], 0x20}}, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @dev}, 0x10) connect$pppl2tp(0xffffffffffffffff, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x32) pipe2(0x0, 0x0) 18.222993794s ago: executing program 1 (id=2700): r0 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x80002101}) io_uring_enter(r0, 0xd81, 0x0, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000200)='~', 0x1) 17.843153638s ago: executing program 1 (id=2702): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xae0e}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 17.748444264s ago: executing program 4 (id=2703): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0xa}}, 0x26}}, 0x0) recvmmsg(r0, &(0x7f0000001a00)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000680)=""/4096, 0xe88}, {0x0}, {&(0x7f0000000440)=""/135, 0x87}], 0x3}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000005580)=[{&(0x7f0000003380)=""/4096, 0x1000}, {&(0x7f00000044c0)=""/4096, 0x1000}], 0x2}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0xa, 0x0, 0x0) 17.655995646s ago: executing program 1 (id=2705): ioperm(0x0, 0x4, 0x1) rt_sigqueueinfo(0x0, 0x0, 0x0) 17.525166915s ago: executing program 1 (id=2707): r0 = socket(0x11, 0x800000003, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f00)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}}}}]}, 0x88}}, 0x0) 17.516821s ago: executing program 4 (id=2708): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001980), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x8) 17.371865365s ago: executing program 4 (id=2710): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) r2 = dup2(r1, r0) ioctl$TIOCVHANGUP(r2, 0x89ed, 0x1000000000000) 17.258355346s ago: executing program 1 (id=2711): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r0) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'ip6gre0\x00', 0x400}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 17.228648183s ago: executing program 4 (id=2712): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYRES64], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd36, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='ext4_es_find_extent_range_exit\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x2}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000001000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r5}, 0xc) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x9, 0x3f, 0x80, 0x9, 0x100, r1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x3}, 0x48) r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7902}) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001180)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000ffdd18110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r9}, &(0x7f0000000800), &(0x7f0000000840)=r10}, 0x20) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000002c0)='net_dev_xmit\x00', r11}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac14141607089f034d2f87e544026aab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) write$cgroup_devices(r7, &(0x7f0000000100)=ANY=[@ANYRES32], 0xffdd) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000070200a8f8ffffffb7030000001000000000000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="b4000000000000006910810000000000040000000000000095000000000000007220abb1b364768c328613d20a4d2451a69f9642"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x8000000a, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x13, 0x5, 0x2}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0x1, 0x58, &(0x7f0000000280)}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x16, 0x0, 0xb161, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 14.789495766s ago: executing program 2 (id=2727): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x2, &(0x7f0000000000), 0x4) 13.436902288s ago: executing program 2 (id=2729): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001980), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x8) 13.370647218s ago: executing program 2 (id=2730): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000680)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c6af84367a759af8044a11e2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff0040aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069d842749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d935d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3e7d0fabec274a02d5af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b27549a4bd92052188bd1f285f653b621491d7aaaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f578a2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e170000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d8025656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429aa639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cdd3f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b2d855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1010000000000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da269ee285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881d19a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5f6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbd38adf03cac975157cecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d13614db9bda8bf518f64ee50f562b5fdb1f76d4a7fe147016a55d66a6efea3e449e6b4783d66661a92f174a81e0f726bf1956ae1200014c22f69bf0f2a899a28012a75844af4215a38ca1198c8f0a1c2eff5729a3e81fb9900c07bb3148d138ab58a149e8fa976f06fcef76337b8ac73c1a3aa35e0187ec0df7da5c4c67b91a79676a5e9f7deeafad0f50290b458b9cd1ac511c698e2565688dfe7c25fba53279f900b0711484fe38fa5b947463baa8bafdcf17bda7258281cc2d6922839da61bf0f1aa8b4030524b65d38fb879ba252f37ee284c078296a595d46dc5d49811665bd955554fb1716af7a0bdc9ee67e79f3684b8b4c3119cc1b62554294ed51698ff9c1415727f98ca419a4dfa9ff3f5fa0927ae99eb40319a2214e4cbd48f499a2f6f28976c3156a6f574c44eb9c3c4924b3fdbe7a1d20adfdc95ec967367306a6e010251c4a7bbde1c7e4541cb378a736f546fb5cc484e89203ff17350fbe5810c581e71f24100550f10d15a92d8cada96ec77c8465459f574f8bead654795b54827dd5be7feca1c3319b4576d64800000053b766afe56c6746438427de3758f1edb7c260ab2c6148895e2346735452756c39c4d8eea926745b8d39798dce30ffc9ca6dceb066ea9590ceea7d23197b39537dc68c8c3f33a9c15842d217b6ecd6f8e780faa56e599a3c72419a0e0ca40d344fba45e3a1d708fd18e42b9c10dee53488602438d101e67c3e83a1a27626ecdea9814355dd9815002ff25e54540e436bd2fa71a64356419e0506bbe81bef1e3406e3179470a00b3a175e68293a721449a78226af229ef5017b142cd4584e1b0043700ea60b56129ae4406f3296b7916c30fd932c57a6df"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000015c0)="b9ff03076844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 13.309141734s ago: executing program 2 (id=2731): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7ffffff7}]}) futex(&(0x7f00000002c0), 0x8c, 0x1, 0x0, &(0x7f00000000c0), 0x0) 13.26212871s ago: executing program 2 (id=2732): r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xa) setresgid(0x0, r1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000140)={0x0, 0x0}) r5 = syz_open_procfs(r4, &(0x7f0000000040)='io\x00') pread64(r5, &(0x7f00000004c0)=""/251, 0xfb, 0x0) 13.19623198s ago: executing program 2 (id=2733): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x50, 0x30, 0x1, 0x0, 0x0, {}, [{0x3c, 0x1, [@m_mpls={0x38, 0x1, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_MPLS_PROTO={0x6, 0x8002}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x50}}, 0x0) 4.565967285s ago: executing program 3 (id=2746): r0 = socket$l2tp(0x2, 0x2, 0x73) unshare(0x20400) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10) 4.50351746s ago: executing program 3 (id=2747): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000c80)="390000001300090468fe0700000000000000ff3f04000000c10100100000000018002b000a00030014a45868b3fe79a10d6500000000007200", 0x39}], 0x1) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000001c80)=ANY=[@ANYBLOB="f16e68270426bd7000ffdbdf250a003800077df30b704dc6630000000000000000000051dc07e91edfad4d963c4d0aa0e45b209b8e8dea23cd737132c220a395bf1b157bdcbd94a64d5e1c6d636443215d2dbc00000000", @ANYRES32=0x0, @ANYRESOCT=r0], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0) r1 = socket(0x10, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x8, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000001400), 0xffffffffffffffff) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000005980)=[{{&(0x7f00000002c0), 0x6e, &(0x7f0000000340)=[{&(0x7f0000001680)=""/140, 0x8c}], 0x1, &(0x7f0000001740)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xa0}}, {{&(0x7f0000001800), 0x6e, &(0x7f0000001100)=[{&(0x7f0000001880)=""/116, 0x74}, {&(0x7f0000001900)=""/159, 0x9f}, {&(0x7f00000019c0)=""/255, 0xff}, {&(0x7f0000001ac0)=""/110, 0x6e}, {&(0x7f0000001280)=""/41, 0x29}, {&(0x7f0000001b40)=""/110, 0x6e}, {&(0x7f0000001300)=""/28, 0x1c}, {&(0x7f0000001bc0)=""/147, 0x93}], 0x8, &(0x7f0000001d00)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}}, {{&(0x7f0000001d80)=@abs, 0x6e, &(0x7f0000001ec0)=[{&(0x7f0000001e00)=""/189, 0xbd}], 0x1, &(0x7f0000001f00)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x70}}, {{&(0x7f0000001f80), 0x6e, &(0x7f0000002640)=[{&(0x7f0000002000)=""/184, 0xb8}, {&(0x7f00000020c0)=""/64, 0x40}, {&(0x7f0000002100)=""/140, 0x8c}, {&(0x7f00000021c0)=""/117, 0x75}, {&(0x7f0000002240)=""/80, 0x50}, {&(0x7f00000022c0)=""/150, 0x96}, {&(0x7f0000002380)=""/223, 0xdf}, {&(0x7f0000002480)=""/165, 0xa5}, {&(0x7f0000002540)=""/238, 0xee}], 0x9, &(0x7f0000005d00)=[@rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights], 0x90}}, {{&(0x7f00000027c0), 0x6e, &(0x7f0000000200)=[{&(0x7f0000002840)=""/120, 0x78}, {&(0x7f00000028c0)=""/138, 0x8a}], 0x2, &(0x7f00000029c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90}}, {{&(0x7f0000002a80)=@abs, 0x6e, &(0x7f0000002c00)=[{&(0x7f0000002b00)=""/191, 0xbf}, {&(0x7f0000002bc0)=""/28, 0x1c}], 0x2, &(0x7f0000002c40)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f0000002c80)=@abs, 0x6e, &(0x7f0000002e40)=[{&(0x7f0000002d00)=""/106, 0x6a}, {&(0x7f0000002d80)=""/136, 0x88}], 0x2, &(0x7f0000002e80)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90}}, {{&(0x7f0000002f40), 0x6e, &(0x7f0000003340)=[{&(0x7f0000002fc0)=""/249, 0xf9}, {&(0x7f00000030c0)=""/133, 0x85}, {&(0x7f00000035c0)=""/4096, 0x1000}, {&(0x7f0000003180)=""/64, 0x40}, {&(0x7f00000031c0)=""/13, 0xd}, {&(0x7f0000003200)=""/244, 0xf4}, {&(0x7f0000003300)=""/34, 0x22}], 0x7, &(0x7f00000033c0)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}, {{0x0, 0x0, &(0x7f00000057c0)=[{&(0x7f0000003400)=""/121, 0x79}, {&(0x7f0000003480)=""/97, 0x61}, {&(0x7f00000045c0)=""/127, 0x7f}, {&(0x7f0000004640)=""/135, 0x87}, {&(0x7f0000004700)=""/4096, 0x1000}, {&(0x7f0000003500)=""/35, 0x23}, {&(0x7f0000005700)=""/164, 0xa4}], 0x7, &(0x7f0000005840)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x130}}], 0x9, 0x2121, &(0x7f0000005bc0)={0x77359400}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001480)={&(0x7f0000001500)=ANY=[@ANYBLOB="24000000f243ac342c41897157196cbce4365e15fd45346f61e5d4d555d3bc90f807a36187f7a63b171e2e23b54efff7a6478951e59a7e9cbaaf958211aab8716411934f9d4144f45802046b4b300e908c849e0b39bc57d15416cc34475927e5f0264e2c91658d4d60a2a5967b2edcdf19459437c66bb818410f84ca3664077b535b6e35f42aab246515261a5ee1f8d5a136561e8a72ff2b14ac0f2b0aae80efd04dd6ac", @ANYRES16=r2, @ANYBLOB="000426bd7000fbdbdf250e00000005002900010000000500290000000000"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x1, 0x25, @private1, @mcast2={0xff, 0x5}}}) r3 = socket$packet(0x11, 0x2, 0x300) lseek(r3, 0xbe, 0x3) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="bf16000000000000b7070000ff030000487000000000000050000000000000009500000000000000e83d24a394a293b3bd23212fb56fa54f0b71d0e6adfefc41d86b60717142fa9ea4318123741c0a0f168c1886bf0fccf8d56ccb659427cf8593dbe3a2a3ad358061011fbc5ba1f07318988e6e01a41cc0990d0dc800974a0000503ceb9fc474c2a10000000077beee1cebf45fab73962fa8f6296b32a8343881dcc7b1b85f3c3da4cd36414e90a61965c3de4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d0054ce21fa41181a9580cfca031e5388ee5c9a7ddd04201f5200001fcadf95e5a4725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f588cb211624f40401691721715f46e0080000074943c3ba663739a190a4e825c908c0abc85d457ec5a57cb706eef32a3ed12d63c9c4c508530e173650a8a8f2a9c81bcffe437bccbe158024d8d4939e6fd9adc43f0f4b049218db92bf466e934330ed79bc9f626d68b0000600057d14854eef851bc8c30f5d0df6b94ea0b852d495085ff4eabaac9606f0497958c2c357a7124a69f6770ea6702bc53896a15fad5e55c64efd217450a975221b20d78e445e3da74a3c1e59bae44546bde4ac6de55a480f3ad5dc0f2d1818b696492285f60d914283f8d687b0bdb46261277671bba2c550bfef679bddf38ab35eaaf0268c4efa45b56a188a9195044a222ec06bb49784d5608d87c4832e4305bf8889e5db2a70f6a83d4b3cdc13e46d276856de6d895704ba3e8ee12c8121ffc4f5d2ae03f0227dcc4f38699d3db16f69ed45e918b07ce58bf576e253364fe0000000084f897400d4f5503a6e9ea4a480e3221f3c247ee8c55e487eaa25a7689689c9c305da4b0181f0f653fec399fcc0cc800e82bde039cc29c19b538c76e65642875bddbef61e5985751d9ebd37d2f32375357b5d2b4dc24baa6a7010038380f7029a292f1ad05000000e4e801a819aef69d081e2cacaa8ad1b4ca6df5dc37962ebc5337379e00645b6d2bec249c0612510000000000a7060d8d9b9ad109b62d1dab0eec6beabc76d765b9caf70900000399772ddfe89be4338e70d0ecfed537780a31fcaf4acaf9bd3711a4359d68ec71b0693ede07e7d18e797697901fbae4a9d9966b68eadae75ef1b8931b0818a57e5136fb8c61d73b17d8fd55c2b8d321a6cba8743114fcff01e5c10200c5121cdc82429a021d377e477ea807cc00919ee8bfbd090034f67609cfde8877b5bb072572b421d6b1fdae83e5e250190628d02d01f978323fe36685e652ceb218a9cc9e125a4880faccaf5ac2345f20b1ee403885796e91d0bc75c7e95d23904dc446e0201aafea0d3f4cc0cf285ccd000000000100005aee4199a34686905441c1fa62ed20328a10690432f59a4d3e05bd00997ea2b6f5213cb883d05b620f31869f6cce80f1ae09009ed7e3c5f3aa61bfd240cb9726bc512ba0eb1f68579c76144feb0100809f12bcf79c4d57f66703c2aee08e52de3eff160623e1af555dc7481128ed0bab22dcb6e5b6ac5e4010eaf2510fa440aabfdc80c77108c769ed2d666c555c6c38b30899a688d96a6c6dc0dd4309f6548765d3f53261b4890aa004e7f667a230b22bc6e248bf56b219d9a547b6e1c5077c9ba463329323b53910e7358b4d0c6882c590cf25e4d044a6afb10a070f285e3c94ed405a2048a8dc41718dd3f4bf474868538aad9a23f85a707e325c10a9f22e37c4213d0ca2910726de8e62d2e3ae7f64e40c7af3dc00bab70cf607869c5a11a03bce8aa43fa010348bc249420ba5e344fcdcb302548e571157d323f5fd535800284d32ffff000088ccd685f07309101a3196b705479897f4c9d97c4c7b77db7b1596b4305d5e954a34385418e66528bc94b70300000066dab8c4e63debff054621a0ac7dd85b14cb7616ca23f044bd0ccd1c79292c3aa8f6e4a1c27315ef8d55781edbe368d72aeb2f48256131aaab707451c14747dfa3bb5f8725a98f6d3c797573f18810bf378e38107ece5cb7cf3b98975e9254248af60de2f04e2429d9b6eba525fd1b1b665f77710fa49426eb32e775acd535fc78697ac980573c35e9916f0000000000002c8ee5ec55faffffffffffffffcd59cc0600000053d0a1f4ea4477022c9f376b3191efeb46be3c174fb24009379bbc949fd2923715540556450f12d1645177ce3eca0d65d17deff51a024f0180000000000000499e829bda469048c70e5968375feb39e6918e591a38d228304c79ad9c376bdaf0650e212eb4185cbbb6c0dc0e699afc34ca3b9a307cd2519cd9b192d678492ea2228ff0817d68f97b18402d271036067c14fd901c4e0207e2c9d37ac203f440e1a065a2d227c6ec860c6bc85fb3a48348c1fe7144ec680c0dac7b5906a6197c8173080c9ab3ecb72820f0ee36d744b20fae962c4a42e4a43ee3f325f93edb3a204b9c9dc895337578878714fa6a6a5b4190e37c83876f248d91f166676b54781c6855c5e067ab2c2c6d22b20a703d68d773123356eff80883cb5a25c738f4e7cbb075e10f5c36396156abb221adebb9303342bfa2b7db847e4810270ed1c5bbb1548ec3184ff9b8ed1687333d0e0412d452ba6b390199bd684ff458d6c8114833efde87215e5f9569d92d24579f3ef473bce24e61eb21336ad441eea93cbcb69d2156b9b6e3000000000000000000fc411d2eadcadc7c0a2c12410e4b9d634807f2a6f1c3a13508e274ecef5cfccb707a164097397360138d326bf7a4b627cb3e63cdacfb099b7a778827fd07fbd093a0ba779dcd32556613e1fac161825da91acde7fa964c689b1f0ea96047a98260270c3a3ccb2142b074db79aa88614663ff33f9966502a2361e49aabe58eb086c5827dd9d92fa4ff0c0e8b949d585f2cbc111de478905cb37f3cbfb019c6daace508b926718506a577234468f9279a52360d1a80b88b4eb1cda949ca77b6ec43bdf5f5a400989705746b86b400947891b33d591ec5ea9ae45983273f62027998d72f83625021a72e27e0449fa154ade55071546d4000000000000000000000000000000002f907c5db9c967a1f86c57bb5062fed7c37ec16a7e62b6e370c3c5a32adee9032367814394a7a7fd12c44b81fb5ac2ad92220a72aa3355e894cbefe344a6b5eb4c25128d5427a640faae401eccf3aca4294410461e946010c50f9ee556b38eae0b252ef288397672bbbd17e5306589f93dc134b6be5b19dfb2462348355ef24762509cf29becacf8515abe299b8a7dfd585f5dbf7578bfdbfa37deeb872c3291b59349238add315cd18e6f4196b4045e0f9d97d649583190c78015aaf4db05aa2a6cc9d00084ce958406e09fe508a0ee5feb2d34f48dbe5a2dd1ad907dfb1108780004ec696f618c20771a7ae436d733f603f20c9189567b63d47fae002e616969d888a418d139a25b11c0da7aecb8c14f1a879f7b985ab634b0f5cdb2090ad2c336e95be0e42b40d4a52861e9a28289247ef4f3cfcafa393927d27711ed0543a5e8ec6c1c62082549791f75fccd54582f990234496954e6e54bcbb90f2756912ab7e511a55a9e0512e5c1c10bcd76ee4799af611179a39bd0c0323cae1aaaaaa8dafb55bca104ada3252c5d9de5b9cdb6217c35ca3d28b1d8b9d2fa79376c13167a9ef1b1f4b7509debbeacc153ca8bea4a0a65ee1d1d20a9106499f0bf7f416b051e835d790ac978b90143d9125224f74b6167f7a967c7e33eb5f43570b9f3c91371968a30e528968b233d0396db424e5fd73d399e23e1676d074dd5ce552a222e250f9f6d0bdd9e46e7f22d9abfd4573b57e3b52d407b464b0146ea15560a2ce034b1623fecc84842928223d17ce4ab31ef4c2a9f9caebf65341fa3da1bbae7972097e24603b9db8edc25a152bd39af179eab23ed555023c2bbb89ea22c08b97264b3616a41abfad0ab12a79574c60cf1841ea45f10e9438e55e1e0eb645200993b08833bb14517b0d0e5ba72bdacd92d57b6029129c95ab0a93857c7205e8450b27aee5e684ece77f53112873f40247a998cc896ab4d55573c425cab46cd4fdd1452ea8429c63c74d5673f5e4d47d1b001d0d3a9e1d5c840ab37a69cb30d17ff7591f01549e552dc43b672e0feff94408171d682565dc2d84476297c692120715ccb9f7f2eb690d7a032c09f0a3d48663fe5ece30f592d71755dd6cbfac96016a2ecd4e499ce9adce6e59db0494fa25117a2bc13275c9a94a3532c1b8417e9ed5e6cd5f51f8ccc878ba73305ad1bb0cf05625439cdf688d33c8fd6cf52c5c5685444b65eb918884727d3a780bdac17d447745e4accd85d3aca4d63127bb3a5807fcffa08a6cecae329dd5f47552c40b560b05e962363e99300d61931ddd97444c2bae02edb26383cb96ee7d2742d24dc7e9b6dac831674ae09b7d180ebb30b9221480ad78706dadf7ca3540eb6c6c43dc7e31b2c8d188f28d6ab10d3c0c97b9f6b5feb9af7e6a801975c0bbab0b1fed7485f2fca1730906a6dc1914386118646da3261858265f355a92685"], &(0x7f0000000140)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x80) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000003540)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6, 0x9, 0x2}, @IFLA_BR_PRIORITY={0x6}]}}}]}, 0x44}, 0x1, 0xba01}, 0x0) sendmsg$nl_route(r5, &(0x7f00000011c0)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001180)={&(0x7f0000005c00)=ANY=[@ANYBLOB="480000001500000429bd7000fbdbdf250a402000", @ANYRES32, @ANYBLOB="140002002001000e00000000000000000000000214000200fe8000000009000000000000000000aa08000800150300006a5119bf1536a9cf60b474c3dddc85dfa1790cab210236d9cd2e21b9423474e1bc6911af0c377c34eca585883b0f30a9df0545335946719b1a45bfc00ce0cda2d1d4f76a13f64137cec344ffecfa04cae1c5f4693f8ca027ec927e24739e420c1ffdb2b5d687f374d492afe4993885eec2f06be5d7ae69d8a5b1b34b04f270a5ac664bb1ef61867549eda9c3b4030050ac417e7464be50bdfb72a19152e8ffb1b0459955259b43a1bd87c9c9ed25d13d992e675616ab"], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x88) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000000)=r4, 0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r6, 0x0, 0x486, &(0x7f0000000180), &(0x7f0000001240)=0xc) getsockname$packet(r3, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000003c0)=0x14) socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x5, &(0x7f00000003c0)=ANY=[@ANYRESHEX], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000001440)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000240)={0x20000000, 0x1}, 0x10}, 0x80) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000780), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x30, r9, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}]}]}, 0x30}}, 0x0) lseek(r7, 0x8000, 0x0) getdents64(r7, 0x0, 0x0) 1.436893777s ago: executing program 3 (id=2749): r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) write$sndseq(r0, &(0x7f00000005c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"272be5806cd46d7b9ff797a0"}}, {}], 0x70) 1.325848059s ago: executing program 3 (id=2750): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) sendto$inet(r5, 0x0, 0x0, 0x24048081, 0x0, 0x0) connect$inet(r5, &(0x7f0000000140)={0x2, 0x0, @empty}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) chdir(0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, 0x0, 0x0) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x14, r7, 0xa4fbfd4840e03a43}, 0x14}}, 0x0) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_emit_ethernet(0xf87, &(0x7f0000001180)={@local, @random="e130aeaaba30", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0xf51, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, {[@routing={0x84}], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386cfcb927dd1a935fa717fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc293fb77b02d5aab6bd8cd179b7e425126b7f78c0d004bc6470ecc2bbc422bd06a6bd8f717009509e6a88b01347b7a62b9dea6f7a7446a371f422499a6e66eeb6a7b0beb4a86a61f875a9bfe0f5d5f0d0e4c85852afaea97d74ebc80d6491a8a1c998c4b5bc34b3edaeba2df902cd5e14e016720e6c3c8b15287b2471c34251e26dc442720cd5d984e30b110b7370f233f865b9ac129fdf49ff02b303d7d4f91039d3bb58a9d64d7a72d8b8eba6b45a000370d4f0e9c0d411768441372e7112e5d4e7d70a9d6b428b8b85ee6209d6f73e7b024740c052166deeb843e4ab78d1d354d75a5827ff0d49d8964e75785f3594c7299c0917b48f3b2efb81a4c3a7d6e0f1cf50efe0360963c2e3ee390ed2a4c39f42e856eced0f2ee7beacd2ecbece493e911ca0460584323ea6d4a0c00864693c979cae38f0c5841bfaeebf609d1075163c120fea0bd0207d2dd07e5e2e0a5afe3efee0ee6bb9a926a8dba7a27a82c5421a5b20bfb5dbdef532a12435fcd899f15603209831711e0dcfaaf2104b2016f087fce44848c70b65a34b9be83df2064391fc5a8d169dc1943d226e57ab5ba06c656273d4efba73a8a61aae19df4d2445f3ce7e649af1b4ffc86106c9092ddd0aafeb45653d181cb32b06a1dd41573495f15c3b8c0019ba72a2eb163dfcbdbb235322ae27d7116af506f295c2424ab9191aa8ce0e4617b212af21983f8d2b19d7fdeec881f6fa448acc7c3e133b6f281583fad4467c05801e69f6ffc1ae2e1f54655534d884c2f8f60303da33ccbe47a293643edb61c7d9fad4e3e54028bc64be8e5b1da53446869b136660b8e96ff96c48641ece275967b27b291c5c240b3399b5b901b699227735f821938bc88ded45bada2b257b1a4bcab7ed6647f2027e5680c87329e9cfdba6bde2f2a9b676be016001702bebbabb2eae3eba01d6f49ab70245a4c5ef0e136b531e1843487b3f69c5b811217d6d2f5e71b47f40c28117bd09a88bb21887a06e2cc164d4281d0df47cbd5781f1524098d89ccae32f24c5f9d86469106685fdc683ad5e873030b621dc00354e0621106da90aca69bb53848dd57251a45bc1898aca9bc84c9a8d2f8aabeed888560771c8cb03aab02620430fec8e9740880790060ccbffd5b8edaa219ca61587eff1b1b03ae8af53059f121efdec8b3ee8aba06f494a5b4575bc848d5a9773d2346f75811cb82a078fc960c9bd374555d78b1b4ba0b438ef00e8aa75810ca5efc5c70936e2cb0e515912cb7f625a2130a9ad58f29e58ae6eac5c3f15f22f0163ee6dead6947c4390b92c8dfb146fec7bfc0b37e8ff2c9de90c30f2d8b5e334107f9835bc47fbc193c60ebd5ac4e677c7fd5b6261ff96e97c185c726ec02941bc2336946f181fd2aff43f0e95f06105a049fcb8e4e3738407d6356856f533f17fae281a3be9f2050ae3d19d1b8350d424087ac9b7875824a9b7e098775b53d6ec960fc052ecd165d17a7897de75f15316a072bb9ccf6ce1ec085bb5356c271b985a437a32f12308fc927410fd444bcded9859e7b8a3cfaaf29ebfb92cc7cbfad2559bbe4f90e189e8708e93827b221869cc78fa41fd5bcb6577b7dfe4c3927dc25a58aa84419f76e71d1f3c10cbb5e52ab2bebe0d39bdffda0fa1b55fe3a03683f882a82dd58498d62b101acd710fd436aa7409fe3cf5352dffb399d560323e14d564bdb3121b89c1f43fc9a892b799cd32f7ce2ededb868920b4547735ef0bf3e148251a4f65dddb7f96b2f33734522a8cffdc51520ac98926b3406e96618cf15a042a67239e755afc70ec6a9c99f8e08ec2946e5901364d85223a63d49572519137d93b6b0798e72acf9da120e706ee73367dec1450a68def886c149bcd734469e10b933899501011cd548e99d638821d5709fde050ab382d4896ecfd7999d40ea9c690c26d396545224c8f9e19705593df2688eb592e2476a0193f7054ab6f703d41c545a80bf285bbc7cc735bd306c9ea5eb64f40752fd4c741d9b6e03cd41b636ef8f5e810047a21c0b24c6fde1f2e98f2f27730c90d93af9e7564e4e209a61ff626b666fcc4f75f7d560da688169ff0af5e674a0b89a99fb54bb438a65f953c2db0faec2ce09cec33b6d25620b5a0393ac473fed48a38beaca5223997419876d571ce969b83b5b3ae54de83dd89fd92ed2a93c087828bef49a24ed1a97778c47fdc691a94fd5b437dfe494b5c6fadf499d9d15583b0439d3d5ecb61a32a2508a6960be6009accfd1d5d75a16dbc4121c6ef07bda12646792449c18a56e7aa3893f3f0e55a8e09ca64193dd29ea24ed8614ee8e717f046dd99a8e3750506655331125a502aa89c0d7e8e30c36a4be22cd911322695144d3bf034f38ef32d49431d50da583d08a3e4c5862483cdd52d031b12c89fdaafc3334e877e464134baece883d301193a9c27311a987d4dae82a061f48182cc747cd64441e88b68e26e4975f0fdde3129a9e6af80009962581d5349676df9c73b81514b175709d9193749660f480bd4009b528c1db4f76f42b6a175126603c39a374e890f871c97b2eebb4500451d827cc15497dc5ae89edc6f47f25db7efa4b4b2afbbb2ee543e3db8d20fe93faf300247f59075921e8b2f2a025af8a1d46f274e0c6cb4be0293c7c16c88e98d7d189e9733e4c0e3b96be4aa3fa6ecf42732e0b1432d38aeaf2330d92713cd5580ce42bfe47fb98fea64783de23f456300dd193008211a5ba408d32dedbf12aa8237a6e1a2c9890a2c1011855241fea186906a5139d1c300be57dc7ff493de80010520d10fc3eda0ee9cd413e075d3dc02258fdab567a16e43edbeecc366a69d8d75512f43a2b79cbb9132cdcd00c531730d05f1eabf66613d6e7ebb8c4c3f4f7efd415d41049786352808b22a3bde40121968af39c8f00296001662adc72b7963c8bafab4a496b50f3237a29d19ad4a51a62b1c77a04c14004734189cf7ec49e3d041a1e5658d080f09df77f39782e7133968c1f39ab3ae2a5f24a60073288f3c5825dafd614a379b8b905aaf961caa14ffa38de0d632918d31e4a9291b0f0789248e232e4276840a1ed0257300e522d83111dffd424b1b33148981e3794b2b649ba9174e6697bcc96049f4f3dcc7cf4ca97e2006ec8a146014bb49184632e4fb159a34b6530e959e60a6b4e0427cc697f14cfe6bb7a662a6f5012744f3cf2307abc19c58449864d98fcfebc5d598cd32a1c38c207896468fe8da75eb1edb1d6e7cb1eab671e4e92f139c81d79f15df2a2dc075acc982dec769e2f49aad0fdf594cb590e054616e4f4582b6c4a149ae45d844903ef68d211df2a180178e178b7c7a5012ccf8a1e677586588620365e6111f5192ecfdbd97e2284128de02e08ebc13d4bb4d114faa1e6c16c51c12da2c52d68f73640ce866ce4e794b9fafdc392c91c1f824bc301b3069a02b9c86d2ffac3ed63ddee130cbc248d6a3345d3f9553db78077072d569a6633f8bdbdb1a209a8be9b6830225994f9021b57ddd6a44e8ea40b205c6cf437f45bffaef053a5916dcc6de62ee02bdb8ce3acec8ad97fc95dab1307d254790c71f32e4678957cf0121dccabe73a03c6cacbcbdaad8801b04d9836555a982c357a06e2db7e9bf62aed8cdebbb7a71a2410b929015b61f16e54bffd038996a717b9c7cc3696d8a1205e8266bf782c3a45b0e31461d6a3ed62396088833f69248b24fbf6f81dcc08b98826c3bd2325ade54f614f2d4a153e3e3527d93978483f2bfeada6b64bc43f2a725c30e843d13e6ab34cfc38d488b3ef50cd04318fac1f89905f017644cfa2de058ad399871d1316264813c2289d0b6cfeddfbca36ce93fd4a1bfc93bb74453cfbb9c6ca22320ffc9cb0a3fff046a5678c066e617cd3ac024dfead04b99877f448b78208938585c7563efe815ff0cc47da5fff521d9730ddc89f4aeceadd06f2ea6b9ae72c9407aa550a0155db3b4bc6aaa382a30552f699cb6a1af9972a8ccc483f98952dfbde3d712ea8673eacdbb77490d833fc90f0f02e7c073d2917db70831496a88defc10667dc4c1b7399191bdc7857eb090e79c332bf9f71bb5377178e6232800c93d22318dc5ab8d5dfa2f074a6c23acb61c89f2f078ec91e9817e11a4c8295c19634b5ca2df74"}}}}}, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r8, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x93}, 0xe) sendto$inet6(r8, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r8, 0x1) 76.418275ms ago: executing program 3 (id=2751): r0 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r0, 0x0, 0x0}) io_uring_enter(r0, 0x54, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=2752): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x80000c, &(0x7f0000000100)={[{}, {@gid}, {@nobarrier}, {@barrier}, {@force}, {}, {@nls={'nls', 0x3d, 'iso8859-13'}}, {@nobarrier}, {@type={'type', 0x3d, "666b6e99"}}]}, 0x1, 0x6dd, &(0x7f0000000240)="$eJzs3U1oHOfdAPD/rFarXb3gyIk/wksgSwxpqagtWSiteqlbStEhlJAeel5sORZey0FSimxKo/Tj3kNOPaUH3UIPJb0b2nNDoOSqY6CQS066qczszGqlnf2QLUty+vuJmXlmno955j87M/uBeAL4n7U8G9UnkcTy7Ntb6fruzkJ7YmdhKs9uR0QtIioR1XSRptciy72VT3EpIpK8fDJoPx+vLr375Te7X3XWqvmUla8Mq1ei1r9pO5+iGRET+bLf5IAWPzu6+0Pt3R7Y3riS7hGmAbtWBC7+/EytwjPb77Pdzfv039l8WPXjXLfAOZV0npt9ZiKmI6Ie0Xnq53eHkmfwi2X7rDsAAAAAx9U4fpWX9mIvtuLC8+gOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfFvl4/8n+VQp0s1IivH/a/m2OL/j//cNhPjk6IYvpgZkAAAAAAAAAMAL6PW92IutuFCs7yfZb/5v9PzG/3/xQWzESqzH9diKVmzGZqzHfETM9DRU22ptbq7PZzUjLg2peTM+L6l5c3Afb53wMQMAAAAAAADAOVcfkX9/sn/b72L54Pd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4D5KIic4imy4V6ZmoVCOiHhG1tNx2xOdF+gWRlG18cvr9AAAAgGdSP7ya1Meo89KHsRdbcaFY30+yz/xXss/L9fgg1mIzVmMz2rESd/LP0Omn/sruzkJ7d2fhQTr1t/uTr4/V9azF6Hz3UL7nV7MSjbgbq9mW63E7ktjPVPJWXt3dWUiXD8r79VHap+THuSG9mehJ30lnVz/L0n86/C1C9ViH+JQqA3NmstzJbkTm8r6lNS4WESiPxMizUx26p/modL/5uTR8T+Ux/2j43qePlCr95uZMHI3Ezah0z9CV4ZGI+M7fP/3Vvfba/Xt3N2bPzyGV+nBkiaORWOiJxNVvUSRGm8sicbm7vhw/j1/GbHw99U6sx2r8OlqxGSvNIr+Vv57T+czwSH0x3bv2zqiepNdks3v/KutTM7I+1fI+RTN+lqVa8UZ2Ti/EaiTxMCJW4q3s72bMd+8GB2f48hhXfWWMO22Pa9/NFt0wRWNw2b+O1+RJSeN6sSeuvffcmSyvd8tBlF4ujVLxrBv/edSj+v95Im3h90OfD6ftaCTmeyLxyqDXSyekf9lP5xvttfvr91rvj7m/N/Nleh398Vw9JdIz/HLU84O7mM2T7Jqay/Je6T5hD8erlv/i0lHpy7vcrde5Un8RD+POoSv1B7EYi7GUlb6SlZ7se2KleVe7LR2+h6d56TutaveHnd73Ww+j3Xk/BMD5Nv296VrjP41/NT5p/KFxr/F2/adTP5x6rRaT/5z8UXVu4s3Ka8nf4pP47cHnfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OltPHp8v9Vur6yXJyrlWcnwWq32fjGQ2JAyhxJJPlTOGIWTjUeP90c2ODwxlXfvKaufZKIYrXF04eZz7EayffR81Uefi2KUpzF2kfQFPK381H0u9nywZfIcnMqjiebJNVi8YHuyjv/qbZSdr4mIKCs84sYxcRJ3H+As3dh88P6NjUePv7/6oPXeynsra5OLi0tzS4tvLdy4u9pemevMeyqcyuC3wGnofTvRVYuI10fXHTJQKwAAAAAAAAAAAPAcncb/Qpz1MQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvtuXZqD6JJObnrs+l67s7C+10KtIHJasRUYmI5DcRyT8ibkVnipme5pJB+/l4dendL7/Z/eqgrWpRvhKxPbDeeLbzKZoRMZEvT6q926Pbqx0kp0qyk25k0oBdKwIHZ+2/AQAA//9r0u1f") kernel console output (not intermixed with test programs): mainder of the config [ 547.567109][T12724] loop0: detected capacity change from 0 to 16 [ 547.573824][ T5131] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 547.626474][ T5131] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 547.641693][T12724] erofs: (device loop0): mounted with root inode @ nid 36. [ 547.664059][ T5131] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.714409][ T5131] usb 3-1: Product: syz [ 547.730996][ T5131] usb 3-1: Manufacturer: syz [ 547.745463][ T5131] usb 3-1: SerialNumber: syz [ 548.100148][T12732] loop1: detected capacity change from 0 to 1024 [ 548.116394][T12732] hfsplus: unable to parse mount options [ 548.136602][ T4489] Bluetooth: hci0: Dropping invalid advertising data [ 548.147036][ T4489] Bluetooth: hci0: unknown advertising packet type: 0x6b [ 548.147083][ T4489] Bluetooth: hci0: unknown advertising packet type: 0x07 [ 548.154341][ T4489] Bluetooth: hci0: unknown advertising packet type: 0x05 [ 548.161821][ T4489] Bluetooth: hci0: Malformed LE Event: 0x02 [ 548.205044][ T5131] usb 3-1: 0:2 : does not exist [ 548.221497][ T5131] usb 3-1: USB disconnect, device number 11 [ 548.322236][T12736] loop0: detected capacity change from 0 to 164 [ 548.845348][ T29] audit: type=1800 audit(1719520727.990:315): pid=12732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2471" name="bus" dev="sda1" ino=2105 res=0 errno=0 [ 549.474100][ T29] audit: type=1326 audit(1719520728.640:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12743 comm="syz.4.2480" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x0 [ 549.570995][T12732] loop1: detected capacity change from 0 to 256 [ 550.551044][ T29] audit: type=1326 audit(1719520729.720:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12763 comm="syz.4.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 550.962376][ T29] audit: type=1326 audit(1719520730.120:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12763 comm="syz.4.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 551.043580][ T29] audit: type=1326 audit(1719520730.120:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12763 comm="syz.4.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 551.104630][ T29] audit: type=1326 audit(1719520730.120:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12763 comm="syz.4.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 551.149492][ T29] audit: type=1326 audit(1719520730.120:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12763 comm="syz.4.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 551.186622][ T29] audit: type=1326 audit(1719520730.120:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12763 comm="syz.4.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 551.238996][ T29] audit: type=1326 audit(1719520730.120:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12763 comm="syz.4.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 551.295337][ T29] audit: type=1326 audit(1719520730.120:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12763 comm="syz.4.2485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 553.067468][T12806] 9pnet: p9_errstr2errno: server reported unknown error œæçæÿÎsŧ‘̼§6µ‡ [ 554.099734][ T4489] Bluetooth: hci0: SCO packet for unknown connection handle 3528 [ 554.099973][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 554.099990][ T29] audit: type=1326 audit(1719520733.270:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12812 comm="syz.4.2499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 554.275206][T12828] dvmrp0: entered allmulticast mode [ 554.778659][ T29] audit: type=1326 audit(1719520733.950:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12812 comm="syz.4.2499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff185d75b29 code=0x7fc00000 [ 554.851127][T12842] loop3: detected capacity change from 0 to 1024 [ 554.897312][T12842] hfsplus: unable to parse mount options [ 555.042731][ T29] audit: type=1800 audit(1719520734.200:339): pid=12842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2508" name="bus" dev="sda1" ino=2098 res=0 errno=0 [ 555.240133][T12859] loop3: detected capacity change from 0 to 256 [ 555.322578][T12861] dvmrp0: entered allmulticast mode [ 557.221450][ T29] audit: type=1326 audit(1719520736.390:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12876 comm="syz.0.2522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe277d75b29 code=0x7fc00000 [ 557.653162][T12890] loop4: detected capacity change from 0 to 4096 [ 557.814473][ T29] audit: type=1326 audit(1719520736.980:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12876 comm="syz.0.2522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe277d75b29 code=0x7fc00000 [ 557.846920][T12895] Process accounting resumed [ 557.944069][T12899] dvmrp0: entered allmulticast mode [ 558.028641][T12880] loop2: detected capacity change from 0 to 40427 [ 558.087261][T12880] F2FS-fs (loop2): invalid crc value [ 558.108657][T12880] F2FS-fs (loop2): Found nat_bits in checkpoint [ 558.987783][T12880] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 559.309323][ T29] audit: type=1326 audit(1719520738.480:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12917 comm="syz.4.2538" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff185d75b29 code=0x0 [ 559.461768][T12924] syz.2.2523: attempt to access beyond end of device [ 559.461768][T12924] loop2: rw=2049, sector=77824, nr_sectors = 544 limit=40427 [ 559.803948][T12928] loop3: detected capacity change from 0 to 8 [ 560.585748][T11558] syz-executor: attempt to access beyond end of device [ 560.585748][T11558] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 560.608524][T12905] loop0: detected capacity change from 0 to 32768 [ 560.618877][T11558] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 560.625765][T12932] loop4: detected capacity change from 0 to 64 [ 560.730460][T12905] XFS (loop0): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 560.944083][T12905] XFS (loop0): Ending clean mount [ 560.997984][T12948] loop3: detected capacity change from 0 to 1024 [ 561.030349][T12948] hfsplus: unable to parse mount options [ 561.148622][ T29] audit: type=1800 audit(1719520740.320:343): pid=12948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2545" name="bus" dev="sda1" ino=2048 res=0 errno=0 [ 561.330297][T12955] loop3: detected capacity change from 0 to 256 [ 561.412275][T11988] XFS (loop0): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 561.614443][ T5183] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 561.834826][ T5183] usb 5-1: Using ep0 maxpacket: 8 [ 561.843884][ T5183] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 561.865268][ T5183] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 561.897998][ T5183] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 561.935666][ T5183] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 561.959955][ T5183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.973557][T12962] loop2: detected capacity change from 0 to 4096 [ 561.980282][ T5183] usb 5-1: Product: syz [ 561.984486][ T5183] usb 5-1: Manufacturer: syz [ 562.002691][ T5183] usb 5-1: SerialNumber: syz [ 562.218123][T12962] Process accounting resumed [ 562.266165][ T5183] usb 5-1: 0:2 : does not exist [ 562.305179][ T5183] usb 5-1: USB disconnect, device number 25 [ 562.874603][T12959] loop1: detected capacity change from 0 to 32768 [ 562.902106][T12959] XFS: attr2 mount option is deprecated. [ 562.964949][T12959] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 563.183670][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.200540][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.204223][T12988] loop4: detected capacity change from 0 to 64 [ 563.214904][T12959] XFS (loop1): Ending clean mount [ 563.235128][T12959] XFS (loop1): Quotacheck needed: Please wait. [ 563.357638][T12959] XFS (loop1): Quotacheck: Done. [ 563.620811][T11651] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 563.803676][T12993] netlink: 292 bytes leftover after parsing attributes in process `syz.2.2559'. [ 565.227365][T13013] loop0: detected capacity change from 0 to 16 [ 565.262188][T13013] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 565.435080][ T5183] hid-generic 0000:0000:0000.0010: hidraw0: HID v0.00 Device [syz0] on syz1 [ 565.984003][T13023] syz.3.2567 (pid 13023) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 566.385943][ T4489] Bluetooth: hci4: command tx timeout [ 568.002270][T13038] syz.4.2574[13038] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 568.002631][T13038] syz.4.2574[13038] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 568.115354][T13038] hub 6-0:1.0: USB hub found [ 568.152570][T13038] hub 6-0:1.0: 1 port detected [ 568.717959][T13038] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2574'. [ 569.283328][T13065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2584'. [ 569.426254][T13064] syzkaller0: entered promiscuous mode [ 569.431826][T13064] syzkaller0: entered allmulticast mode [ 569.692642][T13081] loop2: detected capacity change from 0 to 16 [ 569.711323][T13081] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 569.864072][ T5815] hid-generic 0000:0000:0000.0011: hidraw0: HID v0.00 Device [syz0] on syz1 [ 571.088738][ T4489] Bluetooth: hci1: command tx timeout [ 572.741549][ T29] audit: type=1326 audit(1719520751.910:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7b775b29 code=0x7ffc0000 [ 572.793740][ T29] audit: type=1326 audit(1719520751.910:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7b775b29 code=0x7ffc0000 [ 572.821159][ T29] audit: type=1326 audit(1719520751.910:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd7b775b29 code=0x7ffc0000 [ 572.891479][ T29] audit: type=1326 audit(1719520751.910:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7b775b29 code=0x7ffc0000 [ 572.936533][ T29] audit: type=1326 audit(1719520751.910:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7b775b29 code=0x7ffc0000 [ 572.961047][ T29] audit: type=1326 audit(1719520751.910:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd7b775b29 code=0x7ffc0000 [ 572.998250][ T29] audit: type=1326 audit(1719520751.960:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd7b775b29 code=0x7ffc0000 [ 573.021184][ T29] audit: type=1326 audit(1719520751.960:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efd7b76cba7 code=0x7ffc0000 [ 573.109575][ T29] audit: type=1326 audit(1719520751.960:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efd7b711559 code=0x7ffc0000 [ 573.200419][ T29] audit: type=1326 audit(1719520751.960:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13099 comm="syz.1.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7efd7b775b29 code=0x7ffc0000 [ 573.664787][ T930] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 573.864777][ T930] usb 3-1: Using ep0 maxpacket: 16 [ 573.873547][ T930] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 573.890397][ T930] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 573.916069][ T930] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 573.934861][ T930] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.966616][ T930] usb 3-1: config 0 descriptor?? [ 574.490164][T13120] raw-gadget.0 gadget.2: fail, usb_ep_set_wedge returned -11 [ 574.864247][ C1] DEBUG: holding rtnl_mutex for 536 jiffies. [ 574.871189][ C1] task:syz.0.2582 state:R running task stack:24672 pid:13063 tgid:13063 ppid:11988 flags:0x00004006 [ 574.883030][ C1] Call Trace: [ 574.886386][ C1] [ 574.889263][ C1] sched_show_task+0x506/0x6d0 [ 574.894074][ C1] ? report_rtnl_holders+0x183/0x2d0 [ 574.899408][ C1] ? __pfx__printk+0x10/0x10 [ 574.904054][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 574.909418][ C1] report_rtnl_holders+0x1ba/0x2d0 [ 574.914568][ C1] ? report_rtnl_holders+0x20/0x2d0 [ 574.919847][ C1] call_timer_fn+0x18e/0x650 [ 574.924454][ C1] ? call_timer_fn+0xc0/0x650 [ 574.929198][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 574.934890][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 574.940036][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 574.945735][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 574.951407][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 574.957110][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 574.962357][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 574.967638][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 574.973318][ C1] __run_timer_base+0x66a/0x8e0 [ 574.978245][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 574.983673][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 574.990076][ C1] run_timer_softirq+0xb7/0x170 [ 574.995017][ C1] handle_softirqs+0x2c4/0x970 [ 574.999830][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 575.004683][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 575.010023][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 575.015300][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 575.019937][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 575.025216][ C1] irq_exit_rcu+0x9/0x30 [ 575.029511][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 575.035220][ C1] [ 575.038179][ C1] [ 575.041130][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 575.047184][ C1] RIP: 0010:lockdep_unregister_key+0x56d/0x610 [ 575.053389][ C1] Code: ff 92 48 c7 c6 90 b6 6f 81 e8 7f 04 0a 00 e8 ea 18 0a 00 e9 e5 fb ff ff e8 00 18 20 0a 41 f7 c7 00 02 00 00 74 d0 fb 45 84 f6 <75> cf eb e0 90 0f 0b 90 45 31 f6 e9 62 ff ff ff 90 0f 0b 90 e9 a1 [ 575.073065][ C1] RSP: 0018:ffffc90003d178e0 EFLAGS: 00000246 [ 575.079210][ C1] RAX: dffffc0000000000 RBX: 1ffff920007a2f24 RCX: ffffffff947eb803 [ 575.087359][ C1] RDX: 0000000000000001 RSI: ffffffff8bcad5e0 RDI: ffffffff8c206fe0 [ 575.095412][ C1] RBP: ffffc90003d179b8 R08: ffffffff92ffe4c7 R09: 1ffffffff25ffc98 [ 575.103434][ C1] R10: dffffc0000000000 R11: fffffbfff25ffc99 R12: ffffc90003d17920 [ 575.111491][ C1] R13: 1ffff920007a2f20 R14: 0000000000000000 R15: 0000000000000a06 [ 575.119554][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 575.125541][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 575.130790][ C1] ? __qdisc_destroy+0x150/0x410 [ 575.135807][ C1] ? kfree+0x149/0x360 [ 575.139921][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 575.145571][ C1] __qdisc_destroy+0x165/0x410 [ 575.150387][ C1] dev_shutdown+0x9b/0x440 [ 575.154890][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 575.161284][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 575.168114][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 575.174170][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 575.180606][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 575.185897][ C1] unregister_netdevice_queue+0x303/0x370 [ 575.191672][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 575.198014][ C1] __tun_detach+0x6b6/0x1600 [ 575.202660][ C1] tun_chr_close+0x108/0x1b0 [ 575.207339][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 575.212504][ C1] __fput+0x24a/0x8a0 [ 575.216586][ C1] task_work_run+0x24f/0x310 [ 575.221218][ C1] ? __pfx_task_work_run+0x10/0x10 [ 575.226411][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 575.232197][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 575.237930][ C1] do_syscall_64+0x100/0x230 [ 575.242559][ C1] ? clear_bhb_loop+0x35/0x90 [ 575.247330][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.253271][ C1] RIP: 0033:0x7fe277d75b29 [ 575.257740][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.277448][ C1] RSP: 002b:00007ffe88391938 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 575.285971][ C1] RAX: 0000000000000000 RBX: 00007fe277f059a0 RCX: 00007fe277d75b29 [ 575.293995][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 575.302045][ C1] RBP: 00007fe277f059a0 R08: 0000000000000008 R09: 0000000988391c4f [ 575.310102][ C1] R10: 00000000003f8e88 R11: 0000000000000246 R12: 000000000008b2c8 [ 575.318158][ C1] R13: 0000000000000032 R14: 00007fe277f059a0 R15: 00007ffe88391a20 [ 575.326223][ C1] [ 575.329277][ C1] [ 575.329277][ C1] Showing all locks held in the system: [ 575.337066][ C1] 5 locks held by kworker/u8:4/81: [ 575.342860][ C1] 5 locks held by kworker/0:2/930: [ 575.348046][ C1] #0: ffff88801929e148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 575.359505][ C1] #1: ffffc90003af7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 575.371454][ C1] #2: ffff888023e73190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 575.380423][ C1] #3: ffff88802f1c0190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 575.389771][ C1] #4: ffff88802f1c5160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 575.399163][ C1] 2 locks held by getty/4848: [ 575.403866][ C1] #0: ffff88802ad2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 575.413710][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 575.423930][ C1] 2 locks held by kworker/0:3/5090: [ 575.429201][ C1] 3 locks held by kworker/1:7/5815: [ 575.434431][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 575.445530][ C1] #1: ffffc9000323fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 575.456624][ C1] #2: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 575.465721][ C1] 4 locks held by syz.0.2582/13063: [ 575.470947][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 575.480032][ C1] #1: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 575.490248][ C1] #2: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 575.500190][ C1] #3: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 575.510155][ C1] 2 locks held by syz.4.2596/13103: [ 575.515430][ C1] #0: ffffffff8f6650f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 575.523708][ C1] #1: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0x38f/0x900 [ 575.533678][ C1] 1 lock held by syz.3.2602/13119: [ 575.538855][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 575.548475][ C1] [ 575.550829][ C1] ============================================= [ 575.550829][ C1] [ 576.090339][ T930] usbhid 3-1:0.0: can't add hid device: -71 [ 576.096703][ T930] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 576.127627][ T930] usb 3-1: USB disconnect, device number 12 [ 576.623413][ C1] DEBUG: holding rtnl_mutex for 712 jiffies. [ 576.629514][ C1] task:syz.0.2582 state:D stack:24672 pid:13063 tgid:13063 ppid:11988 flags:0x00004006 [ 576.639774][ C1] Call Trace: [ 576.643080][ C1] [ 576.646079][ C1] __schedule+0x17e8/0x4a20 [ 576.650642][ C1] ? __pfx___schedule+0x10/0x10 [ 576.655582][ C1] ? __pfx_lock_release+0x10/0x10 [ 576.660666][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 576.666651][ C1] ? schedule+0x90/0x320 [ 576.670935][ C1] schedule+0x14b/0x320 [ 576.675162][ C1] synchronize_rcu_expedited+0x684/0x830 [ 576.680847][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 576.687096][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 576.692428][ C1] ? __pfx___might_resched+0x10/0x10 [ 576.697757][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 576.703760][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 576.709877][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 576.716270][ C1] synchronize_rcu+0x11b/0x360 [ 576.721086][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 576.726485][ C1] lockdep_unregister_key+0x556/0x610 [ 576.731902][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 576.737866][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 576.743117][ C1] ? __qdisc_destroy+0x150/0x410 [ 576.748130][ C1] ? kfree+0x149/0x360 [ 576.752239][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 576.757835][ C1] __qdisc_destroy+0x165/0x410 [ 576.762621][ C1] dev_shutdown+0x9b/0x440 [ 576.767116][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 576.773622][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 576.780472][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 576.786555][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 576.792945][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 576.798209][ C1] unregister_netdevice_queue+0x303/0x370 [ 576.803971][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 576.810318][ C1] __tun_detach+0x6b6/0x1600 [ 576.814999][ C1] tun_chr_close+0x108/0x1b0 [ 576.819628][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 576.824807][ C1] __fput+0x24a/0x8a0 [ 576.828852][ C1] task_work_run+0x24f/0x310 [ 576.833482][ C1] ? __pfx_task_work_run+0x10/0x10 [ 576.838638][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 576.844387][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 576.850104][ C1] do_syscall_64+0x100/0x230 [ 576.854782][ C1] ? clear_bhb_loop+0x35/0x90 [ 576.859527][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.865513][ C1] RIP: 0033:0x7fe277d75b29 [ 576.869967][ C1] RSP: 002b:00007ffe88391938 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 576.878442][ C1] RAX: 0000000000000000 RBX: 00007fe277f059a0 RCX: 00007fe277d75b29 [ 576.886477][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 576.894474][ C1] RBP: 00007fe277f059a0 R08: 0000000000000008 R09: 0000000988391c4f [ 576.902485][ C1] R10: 00000000003f8e88 R11: 0000000000000246 R12: 000000000008b2c8 [ 576.910502][ C1] R13: 0000000000000032 R14: 00007fe277f059a0 R15: 00007ffe88391a20 [ 576.918535][ C1] [ 576.921567][ C1] [ 576.921567][ C1] Showing all locks held in the system: [ 576.929353][ C1] 3 locks held by kworker/u8:4/81: [ 576.934505][ C1] #0: ffff8880b943e958 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 576.944529][ C1] #1: ffff8880b9428948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770 [ 576.956024][ C1] #2: ffff88807b8e0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0xd9/0x490 [ 576.966210][ C1] 2 locks held by kworker/u8:7/2481: [ 576.971528][ C1] #0: ffff8880b943e958 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 576.981544][ C1] #1: ffff8880b9428948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x3a7/0x770 [ 576.993021][ C1] 2 locks held by getty/4848: [ 576.997739][ C1] #0: ffff88802ad2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 577.007578][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 577.017789][ C1] 3 locks held by kworker/1:7/5815: [ 577.023000][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 577.034053][ C1] #1: ffffc9000323fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 577.045137][ C1] #2: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 577.054207][ C1] 2 locks held by syz.0.2582/13063: [ 577.059482][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 577.068571][ C1] #1: ffffffff8e33abb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 577.079583][ C1] 2 locks held by syz.4.2596/13103: [ 577.084834][ C1] #0: ffffffff8f6650f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 577.093156][ C1] #1: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0x38f/0x900 [ 577.103064][ C1] 1 lock held by syz.3.2602/13119: [ 577.108232][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 577.117839][ C1] 1 lock held by syz.2.2604/13123: [ 577.122953][ C1] #0: ffffffff8e33abb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 577.133917][ C1] 1 lock held by syz.2.2604/13124: [ 577.139078][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 577.148492][ C1] 7 locks held by syz.1.2606/13129: [ 577.153716][ C1] #0: ffff888073625248 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x310 [ 577.163003][ C1] #1: ffff88802afa0420 (sb_writers#33){.+.+}-{0:0}, at: vfs_writev+0x2d4/0xbb0 [ 577.172128][ C1] #2: ffff888063d907b8 (&sb->s_type->i_mutex_key#40){++++}-{3:3}, at: netfs_start_io_direct+0x1d4/0x210 [ 577.183429][ C1] #3: ffff8880b953d530 (lock){+.+.}-{2:2}, at: __radix_tree_preload+0x80/0x860 [ 577.192570][ C1] #4: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 577.202781][ C1] #5: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 577.212603][ C1] #6: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 577.222518][ C1] [ 577.224897][ C1] ============================================= [ 577.224897][ C1] [ 578.304757][ C1] DEBUG: waiting rtnl_mutex for 622 jiffies. [ 578.310856][ C1] task:kworker/1:7 state:D stack:22352 pid:5815 tgid:5815 ppid:2 flags:0x00004000 [ 578.321145][ C1] Workqueue: events linkwatch_event [ 578.326413][ C1] Call Trace: [ 578.329712][ C1] [ 578.332680][ C1] __schedule+0x17e8/0x4a20 [ 578.337264][ C1] ? __pfx___schedule+0x10/0x10 [ 578.342227][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 578.348264][ C1] ? __pfx_lock_release+0x10/0x10 [ 578.353336][ C1] ? kick_pool+0x45c/0x620 [ 578.357806][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 578.363024][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 578.368293][ C1] ? schedule+0x90/0x320 [ 578.372563][ C1] schedule+0x14b/0x320 [ 578.376789][ C1] schedule_preempt_disabled+0x13/0x30 [ 578.382386][ C1] __mutex_lock+0x6a4/0xd70 [ 578.386959][ C1] ? __mutex_lock+0x527/0xd70 [ 578.391683][ C1] ? linkwatch_event+0xe/0x60 [ 578.396407][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 578.401464][ C1] ? process_scheduled_works+0x945/0x1830 [ 578.407255][ C1] ? rtnl_lock+0xe7/0x130 [ 578.411708][ C1] ? process_scheduled_works+0x945/0x1830 [ 578.417509][ C1] linkwatch_event+0xe/0x60 [ 578.422052][ C1] process_scheduled_works+0xa2c/0x1830 [ 578.427677][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 578.433681][ C1] ? assign_work+0x364/0x3d0 [ 578.438317][ C1] worker_thread+0x86d/0xd40 [ 578.442947][ C1] ? __kthread_parkme+0x169/0x1d0 [ 578.448015][ C1] ? __pfx_worker_thread+0x10/0x10 [ 578.453144][ C1] kthread+0x2f0/0x390 [ 578.457273][ C1] ? __pfx_worker_thread+0x10/0x10 [ 578.462405][ C1] ? __pfx_kthread+0x10/0x10 [ 578.467047][ C1] ret_from_fork+0x4b/0x80 [ 578.471483][ C1] ? __pfx_kthread+0x10/0x10 [ 578.476124][ C1] ret_from_fork_asm+0x1a/0x30 [ 578.480929][ C1] [ 578.483956][ C1] DEBUG: holding rtnl_mutex for 898 jiffies. [ 578.489966][ C1] task:syz.0.2582 state:D stack:24672 pid:13063 tgid:13063 ppid:11988 flags:0x00004006 [ 578.500176][ C1] Call Trace: [ 578.503476][ C1] [ 578.506458][ C1] __schedule+0x17e8/0x4a20 [ 578.510995][ C1] ? __pfx___schedule+0x10/0x10 [ 578.515888][ C1] ? __pfx_lock_release+0x10/0x10 [ 578.520934][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 578.526935][ C1] ? schedule+0x90/0x320 [ 578.531221][ C1] schedule+0x14b/0x320 [ 578.535443][ C1] synchronize_rcu_expedited+0x684/0x830 [ 578.541139][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 578.547379][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 578.552685][ C1] ? __pfx___might_resched+0x10/0x10 [ 578.558030][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 578.564075][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 578.570273][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 578.576771][ C1] synchronize_rcu+0x11b/0x360 [ 578.581571][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 578.586961][ C1] lockdep_unregister_key+0x556/0x610 [ 578.592438][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 578.598410][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 578.603668][ C1] ? __qdisc_destroy+0x150/0x410 [ 578.608681][ C1] ? kfree+0x149/0x360 [ 578.612799][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 578.618396][ C1] __qdisc_destroy+0x165/0x410 [ 578.623185][ C1] dev_shutdown+0x9b/0x440 [ 578.627650][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 578.634013][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 578.640853][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 578.646940][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 578.653318][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 578.658616][ C1] unregister_netdevice_queue+0x303/0x370 [ 578.664398][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 578.670706][ C1] __tun_detach+0x6b6/0x1600 [ 578.675393][ C1] tun_chr_close+0x108/0x1b0 [ 578.680042][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 578.685252][ C1] __fput+0x24a/0x8a0 [ 578.689316][ C1] task_work_run+0x24f/0x310 [ 578.693945][ C1] ? __pfx_task_work_run+0x10/0x10 [ 578.699108][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 578.704969][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 578.710677][ C1] do_syscall_64+0x100/0x230 [ 578.715335][ C1] ? clear_bhb_loop+0x35/0x90 [ 578.720062][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.726047][ C1] RIP: 0033:0x7fe277d75b29 [ 578.730473][ C1] RSP: 002b:00007ffe88391938 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 578.738937][ C1] RAX: 0000000000000000 RBX: 00007fe277f059a0 RCX: 00007fe277d75b29 [ 578.746985][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 578.755023][ C1] RBP: 00007fe277f059a0 R08: 0000000000000008 R09: 0000000988391c4f [ 578.763014][ C1] R10: 00000000003f8e88 R11: 0000000000000246 R12: 000000000008b2c8 [ 578.771130][ C1] R13: 0000000000000032 R14: 00007fe277f059a0 R15: 00007ffe88391a20 [ 578.779350][ C1] [ 578.782385][ C1] DEBUG: waiting rtnl_mutex for 590 jiffies. [ 578.788406][ C1] task:syz.4.2596 state:D stack:25984 pid:13103 tgid:13102 ppid:7080 flags:0x00000004 [ 578.798682][ C1] Call Trace: [ 578.801986][ C1] [ 578.804979][ C1] __schedule+0x17e8/0x4a20 [ 578.809543][ C1] ? __pfx___schedule+0x10/0x10 [ 578.814416][ C1] ? __pfx_lock_release+0x10/0x10 [ 578.819496][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 578.825016][ C1] ? schedule+0x90/0x320 [ 578.829273][ C1] schedule+0x14b/0x320 [ 578.833454][ C1] schedule_preempt_disabled+0x13/0x30 [ 578.838968][ C1] __mutex_lock+0x6a4/0xd70 [ 578.843641][ C1] ? __mutex_lock+0x527/0xd70 [ 578.848449][ C1] ? ethnl_default_set_doit+0x38f/0x900 [ 578.854042][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 578.859171][ C1] ? rtnl_lock+0xe7/0x130 [ 578.863533][ C1] ethnl_default_set_doit+0x38f/0x900 [ 578.868991][ C1] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 578.874934][ C1] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 578.881289][ C1] genl_rcv_msg+0xb14/0xec0 [ 578.885875][ C1] ? mark_lock+0x9a/0x360 [ 578.890233][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 578.895365][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 578.900434][ C1] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 578.906378][ C1] ? __pfx___might_resched+0x10/0x10 [ 578.911692][ C1] netlink_rcv_skb+0x1e3/0x430 [ 578.916499][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 578.921563][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 578.926900][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 578.932394][ C1] genl_rcv+0x28/0x40 [ 578.936422][ C1] netlink_unicast+0x7f0/0x990 [ 578.941206][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 578.946628][ C1] ? __virt_addr_valid+0x183/0x530 [ 578.951760][ C1] ? __check_object_size+0x49c/0x900 [ 578.957081][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 578.962215][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 578.967064][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 578.972421][ C1] ? __import_iovec+0x536/0x820 [ 578.977310][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 578.982271][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 578.987597][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 578.993078][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 578.998414][ C1] __sock_sendmsg+0x221/0x270 [ 579.003118][ C1] ____sys_sendmsg+0x525/0x7d0 [ 579.007942][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 579.013258][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 579.017899][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 579.023067][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 579.029448][ C1] ? do_syscall_64+0x100/0x230 [ 579.034229][ C1] ? do_syscall_64+0xb6/0x230 [ 579.038945][ C1] do_syscall_64+0xf3/0x230 [ 579.043461][ C1] ? clear_bhb_loop+0x35/0x90 [ 579.048182][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.054088][ C1] RIP: 0033:0x7ff185d75b29 [ 579.058564][ C1] RSP: 002b:00007ff186ac6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 579.067045][ C1] RAX: ffffffffffffffda RBX: 00007ff185f03fa0 RCX: 00007ff185d75b29 [ 579.075072][ C1] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 579.083081][ C1] RBP: 00007ff185df6756 R08: 0000000000000000 R09: 0000000000000000 [ 579.091159][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 579.099183][ C1] R13: 000000000000000b R14: 00007ff185f03fa0 R15: 00007fff2cc155e8 [ 579.107210][ C1] [ 579.110238][ C1] DEBUG: waiting rtnl_mutex for 547 jiffies. [ 579.116247][ C1] task:syz.3.2602 state:D stack:26800 pid:13119 tgid:13118 ppid:11859 flags:0x00000004 [ 579.126445][ C1] Call Trace: [ 579.129735][ C1] [ 579.132681][ C1] __schedule+0x17e8/0x4a20 [ 579.137253][ C1] ? __pfx___schedule+0x10/0x10 [ 579.142131][ C1] ? __pfx_lock_release+0x10/0x10 [ 579.147200][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 579.152709][ C1] ? schedule+0x90/0x320 [ 579.157004][ C1] schedule+0x14b/0x320 [ 579.161182][ C1] schedule_preempt_disabled+0x13/0x30 [ 579.166694][ C1] __mutex_lock+0x6a4/0xd70 [ 579.171240][ C1] ? __mutex_lock+0x527/0xd70 [ 579.175990][ C1] ? rtnetlink_rcv_msg+0x839/0x1170 [ 579.181232][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 579.186343][ C1] ? rtnl_lock+0xe7/0x130 [ 579.190720][ C1] rtnetlink_rcv_msg+0x839/0x1170 [ 579.195816][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 579.201066][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 579.206589][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 579.211985][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 579.217236][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 579.222627][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 579.227970][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 579.233106][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 579.238879][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 579.244015][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 579.249265][ C1] ? kasan_save_track+0x51/0x80 [ 579.254172][ C1] ? do_syscall_64+0xf3/0x230 [ 579.258900][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 579.264059][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 579.269493][ C1] ? ref_tracker_free+0x643/0x7e0 [ 579.274546][ C1] netlink_rcv_skb+0x1e3/0x430 [ 579.279355][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 579.284857][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 579.290184][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 579.295461][ C1] netlink_unicast+0x7f0/0x990 [ 579.300317][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 579.305667][ C1] ? __virt_addr_valid+0x183/0x530 [ 579.310811][ C1] ? __check_object_size+0x49c/0x900 [ 579.316155][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 579.321449][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 579.326312][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 579.331632][ C1] ? __import_iovec+0x536/0x820 [ 579.336551][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 579.341538][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 579.346869][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 579.352369][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 579.357697][ C1] __sock_sendmsg+0x221/0x270 [ 579.362395][ C1] ____sys_sendmsg+0x525/0x7d0 [ 579.367315][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 579.372839][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 579.377490][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 579.382622][ C1] ? vfs_write+0x7cb/0xc90 [ 579.387117][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 579.393490][ C1] ? do_syscall_64+0x100/0x230 [ 579.398432][ C1] ? do_syscall_64+0xb6/0x230 [ 579.403172][ C1] do_syscall_64+0xf3/0x230 [ 579.407766][ C1] ? clear_bhb_loop+0x35/0x90 [ 579.412491][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 579.418434][ C1] RIP: 0033:0x7f7420575b29 [ 579.422856][ C1] RSP: 002b:00007f74213a2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 579.431316][ C1] RAX: ffffffffffffffda RBX: 00007f7420703fa0 RCX: 00007f7420575b29 [ 579.439348][ C1] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 579.447382][ C1] RBP: 00007f74205f6756 R08: 0000000000000000 R09: 0000000000000000 [ 579.455406][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 579.463399][ C1] R13: 000000000000000b R14: 00007f7420703fa0 R15: 00007fff12827248 [ 579.471427][ C1] [ 579.474459][ C1] [ 579.474459][ C1] Showing all locks held in the system: [ 579.482250][ C1] 6 locks held by kworker/u8:7/2481: [ 579.487565][ C1] #0: ffff88802ade2948 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 579.498963][ C1] #1: ffffc900092a7d00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 579.512219][ C1] #2: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: batadv_nc_worker+0xcb/0x610 [ 579.521832][ C1] #3: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 579.532072][ C1] #4: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 579.541885][ C1] #5: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 579.551838][ C1] 2 locks held by getty/4848: [ 579.556568][ C1] #0: ffff88802ad2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 579.566511][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 579.576804][ C1] 3 locks held by syz-executor/5077: [ 579.582123][ C1] #0: ffff88801f9689b8 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 [ 579.592502][ C1] #1: ffff88802fa8e518 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x1f0/0xdf0 [ 579.602227][ C1] #2: ffff88802fa92950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x203f/0x22a0 [ 579.611974][ C1] 3 locks held by kworker/1:7/5815: [ 579.617207][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 579.628273][ C1] #1: ffffc9000323fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 579.639350][ C1] #2: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 579.648407][ C1] 2 locks held by syz.0.2582/13063: [ 579.653611][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 579.662674][ C1] #1: ffffffff8e33abb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 579.673796][ C1] 2 locks held by syz.4.2596/13103: [ 579.679059][ C1] #0: ffffffff8f6650f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 579.687425][ C1] #1: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0x38f/0x900 [ 579.697324][ C1] 1 lock held by syz.3.2602/13119: [ 579.702436][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 579.712016][ C1] 1 lock held by syz.2.2604/13124: [ 579.717188][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 579.726568][ C1] 2 locks held by syz.1.2610/13138: [ 579.731771][ C1] #0: ffffffff8f6650f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 579.740027][ C1] #1: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0x38f/0x900 [ 579.749936][ C1] [ 579.752264][ C1] ============================================= [ 579.752264][ C1] [ 580.170474][T13148] loop1: detected capacity change from 0 to 2048 [ 580.214887][T13148] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 580.291366][T13148] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 580.621021][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 580.638758][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 580.655586][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 580.673143][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 580.696292][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 580.703826][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 580.774347][T13166] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2623'. [ 581.223345][ T8214] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.606065][T13184] sctp: [Deprecated]: syz.1.2628 (pid 13184) Use of int in max_burst socket option deprecated. [ 581.606065][T13184] Use struct sctp_assoc_value instead [ 581.980808][ T8214] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.817406][ T54] Bluetooth: hci4: command tx timeout [ 583.044104][T13208] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2638'. [ 583.090457][T13211] Cannot find map_set index 0 as target [ 583.123122][ T8214] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.176494][T13215] fuse: Unknown parameter 'grou00000000000000000000' [ 583.309968][T13219] xt_CT: You must specify a L4 protocol and not use inversions on it [ 583.362231][ T8214] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.465935][T13227] loop2: detected capacity change from 0 to 128 [ 583.474246][T13227] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 583.611408][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 583.611429][ T29] audit: type=1800 audit(1719520762.780:362): pid=13231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2645" name="bus" dev="sda1" ino=2100 res=0 errno=0 [ 583.656702][ T29] audit: type=1804 audit(1719520762.810:363): pid=13227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2642" name="/root/syzkaller.vJLsWo/106/file0/bus" dev="loop2" ino=1048738 res=1 errno=0 [ 583.700186][ T29] audit: type=1800 audit(1719520762.810:364): pid=13231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2645" name="bus" dev="sda1" ino=2100 res=0 errno=0 [ 583.798621][T13161] chnl_net:caif_netlink_parms(): no params data found [ 584.181967][ T8214] bridge_slave_1: left allmulticast mode [ 584.212020][T13258] loop2: detected capacity change from 0 to 128 [ 584.215317][ T8214] bridge_slave_1: left promiscuous mode [ 584.234341][ T8214] bridge0: port 2(bridge_slave_1) entered disabled state [ 584.257395][T13258] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 584.281679][ T8214] bridge_slave_0: left allmulticast mode [ 584.287780][ T8214] bridge_slave_0: left promiscuous mode [ 584.293615][ T8214] bridge0: port 1(bridge_slave_0) entered disabled state [ 584.452669][ T29] audit: type=1804 audit(1719520763.610:365): pid=13258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2656" name="/root/syzkaller.vJLsWo/109/file0/bus" dev="loop2" ino=1048739 res=1 errno=0 [ 584.511873][ T29] audit: type=1800 audit(1719520763.660:366): pid=13269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2657" name="bus" dev="sda1" ino=2103 res=0 errno=0 [ 584.543310][T13272] fuse: Unknown parameter 'grou00000000000000000000' [ 584.570457][ T29] audit: type=1800 audit(1719520763.660:367): pid=13269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2657" name="bus" dev="sda1" ino=2103 res=0 errno=0 [ 584.857291][ T54] Bluetooth: hci4: command tx timeout [ 585.363648][ T8214] dvmrp0 (unregistering): left allmulticast mode [ 585.423386][T13293] loop2: detected capacity change from 0 to 4096 [ 585.515606][T13293] NILFS (loop2): invalid segment: Checksum error in segment payload [ 585.539294][T13293] NILFS (loop2): trying rollback from an earlier position [ 585.593636][T13293] NILFS (loop2): recovery complete [ 585.607248][T13294] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 585.746307][ T4489] Bluetooth: hci0: command 0x0401 tx timeout [ 586.142638][ T8214] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 586.162214][ T8214] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 586.179394][ T8214] bond0 (unregistering): Released all slaves [ 586.557198][T13161] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.566419][T13306] loop2: detected capacity change from 0 to 1024 [ 586.582265][T13161] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.585614][T13306] EXT4-fs (loop2): filesystem is read-only [ 586.600913][T13306] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 586.612292][T13161] bridge_slave_0: entered allmulticast mode [ 586.614066][T13306] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 586.645834][T13306] EXT4-fs error (device loop2): ext4_get_journal_inode:5750: inode #32: comm syz.2.2671: iget: special inode unallocated [ 586.655019][T13161] bridge_slave_0: entered promiscuous mode [ 586.659533][T13306] EXT4-fs (loop2): no journal found [ 586.672489][T13161] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.680398][T13161] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.707488][T13161] bridge_slave_1: entered allmulticast mode [ 586.722749][T13161] bridge_slave_1: entered promiscuous mode [ 586.934826][ T4489] Bluetooth: hci4: command tx timeout [ 587.044847][ T29] audit: type=1800 audit(1719520766.170:368): pid=13317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2676" name="bus" dev="sda1" ino=2101 res=0 errno=0 [ 587.084284][T13311] loop4: detected capacity change from 0 to 4096 [ 587.112654][T13161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 587.131217][T13311] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 587.135003][ T29] audit: type=1800 audit(1719520766.180:369): pid=13317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2676" name="bus" dev="sda1" ino=2101 res=0 errno=0 [ 587.187860][T13161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 587.199270][T13311] ntfs3: loop4: Failed to initialize $Extend/$Reparse. [ 587.371674][T13161] team0: Port device team_slave_0 added [ 587.463957][ T8214] hsr_slave_0: left promiscuous mode [ 587.478520][ T52] ntfs3: loop4: ino=1a, ntfs3_write_inode failed, -22. [ 587.500359][ T7080] ntfs3: loop4: ino=1a, ntfs_sync_fs failed, -22. [ 587.500417][ T8214] hsr_slave_1: left promiscuous mode [ 587.513963][ T8214] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 587.540268][ T8214] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 587.574846][ T8214] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 587.594120][ T8214] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 587.709560][ T8214] veth1_macvtap: left promiscuous mode [ 587.715930][T13337] loop2: detected capacity change from 0 to 1024 [ 587.727151][ T8214] veth0_macvtap: left promiscuous mode [ 587.736811][ T8214] veth1_vlan: left promiscuous mode [ 587.742268][T13337] EXT4-fs (loop2): filesystem is read-only [ 587.750875][ T8214] veth0_vlan: left promiscuous mode [ 587.756587][T13337] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 587.769142][T13337] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 587.814489][T13337] EXT4-fs error (device loop2): ext4_get_journal_inode:5750: inode #32: comm syz.2.2685: iget: special inode unallocated [ 587.868133][T13337] EXT4-fs (loop2): no journal found [ 587.970239][T13341] sctp: [Deprecated]: syz.4.2684 (pid 13341) Use of int in max_burst socket option deprecated. [ 587.970239][T13341] Use struct sctp_assoc_value instead [ 589.011619][T13350] loop4: detected capacity change from 0 to 256 [ 589.019731][ T4489] Bluetooth: hci4: command tx timeout [ 589.448923][T13361] loop1: detected capacity change from 0 to 1764 [ 589.470175][ T8214] team0 (unregistering): Port device team_slave_1 removed [ 589.643733][ T8214] team0 (unregistering): Port device team_slave_0 removed [ 589.697298][T13361] overlay: ./file0 is not a directory [ 590.566171][T13371] sctp: [Deprecated]: syz.4.2697 (pid 13371) Use of int in max_burst socket option deprecated. [ 590.566171][T13371] Use struct sctp_assoc_value instead [ 590.771570][T13161] team0: Port device team_slave_1 added [ 590.865785][ T4489] Bluetooth: hci1: command 0x0406 tx timeout [ 591.066278][T13161] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 591.099280][T13161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.188272][T13161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 591.273879][T13161] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 591.284821][T13161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.341153][T13379] loop3: detected capacity change from 0 to 256 [ 591.395326][T13161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 591.730039][T13161] hsr_slave_0: entered promiscuous mode [ 591.776142][T13161] hsr_slave_1: entered promiscuous mode [ 591.789122][T13393] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2706'. [ 591.804913][T13161] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 591.812696][T13161] Cannot create hsr debugfs directory [ 591.838507][T13396] loop3: detected capacity change from 0 to 164 [ 591.909915][T13396] Unsupported NM flag settings (8) [ 591.939719][T13393] overlayfs: missing 'lowerdir' [ 592.119389][T13407] loop3: detected capacity change from 0 to 256 [ 592.193279][T13411] input: syz0 as /devices/virtual/input/input41 [ 592.283762][T13408] syzkaller0: entered promiscuous mode [ 592.304077][T13408] syzkaller0: entered allmulticast mode [ 593.181245][T13435] Invalid ELF header len 9 [ 595.862833][T13450] loop3: detected capacity change from 0 to 4096 [ 595.872676][T13450] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 595.952946][T13450] ntfs3: loop3: Failed to initialize $Extend/$Reparse. [ 596.162820][T13462] loop3: detected capacity change from 0 to 1024 [ 596.184412][T13462] hfsplus: invalid extent btree flag [ 596.190310][T13462] hfsplus: failed to load extents file [ 596.412908][T13466] input: syz0 as /devices/virtual/input/input42 [ 597.414757][ C1] DEBUG: waiting rtnl_mutex for 503 jiffies. [ 597.420912][ C1] task:kworker/u8:10 state:D stack:20400 pid:8214 tgid:8214 ppid:2 flags:0x00004000 [ 597.431231][ C1] Workqueue: netns cleanup_net [ 597.436097][ C1] Call Trace: [ 597.439424][ C1] [ 597.442402][ C1] __schedule+0x17e8/0x4a20 [ 597.447026][ C1] ? __pfx___schedule+0x10/0x10 [ 597.451935][ C1] ? __pfx_lock_release+0x10/0x10 [ 597.457036][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 597.462516][ C1] ? kthread_data+0x52/0xd0 [ 597.467058][ C1] ? schedule+0x90/0x320 [ 597.471314][ C1] ? wq_worker_sleeping+0x66/0x240 [ 597.476462][ C1] ? schedule+0x90/0x320 [ 597.480712][ C1] schedule+0x14b/0x320 [ 597.484900][ C1] schedule_preempt_disabled+0x13/0x30 [ 597.490367][ C1] __mutex_lock+0x6a4/0xd70 [ 597.494939][ C1] ? __mutex_lock+0x527/0xd70 [ 597.499664][ C1] ? nat_exit_net+0x30/0x100 [ 597.504264][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 597.509359][ C1] ? __pfx_netdev_run_todo+0x10/0x10 [ 597.514706][ C1] ? rtnl_lock+0xe7/0x130 [ 597.519060][ C1] ? __pfx_nat_exit_net+0x10/0x10 [ 597.524096][ C1] nat_exit_net+0x30/0x100 [ 597.528557][ C1] ? __pfx_nat_exit_net+0x10/0x10 [ 597.533605][ C1] cleanup_net+0x89d/0xcc0 [ 597.538061][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 597.543046][ C1] ? process_scheduled_works+0x945/0x1830 [ 597.548804][ C1] process_scheduled_works+0xa2c/0x1830 [ 597.554411][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 597.560450][ C1] ? assign_work+0x364/0x3d0 [ 597.565075][ C1] worker_thread+0x86d/0xd40 [ 597.569684][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 597.575610][ C1] ? __kthread_parkme+0x169/0x1d0 [ 597.580649][ C1] ? __pfx_worker_thread+0x10/0x10 [ 597.585790][ C1] kthread+0x2f0/0x390 [ 597.589872][ C1] ? __pfx_worker_thread+0x10/0x10 [ 597.595013][ C1] ? __pfx_kthread+0x10/0x10 [ 597.599616][ C1] ret_from_fork+0x4b/0x80 [ 597.604130][ C1] ? __pfx_kthread+0x10/0x10 [ 597.608761][ C1] ret_from_fork_asm+0x1a/0x30 [ 597.613553][ C1] [ 597.616601][ C1] DEBUG: waiting rtnl_mutex for 520 jiffies. [ 597.622584][ C1] task:syz-executor state:D stack:21024 pid:13161 tgid:13161 ppid:13139 flags:0x00000000 [ 597.632837][ C1] Call Trace: [ 597.636145][ C1] [ 597.639083][ C1] __schedule+0x17e8/0x4a20 [ 597.643617][ C1] ? __pfx___schedule+0x10/0x10 [ 597.648510][ C1] ? __pfx_lock_release+0x10/0x10 [ 597.653552][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 597.659072][ C1] ? schedule+0x90/0x320 [ 597.663352][ C1] schedule+0x14b/0x320 [ 597.667546][ C1] schedule_preempt_disabled+0x13/0x30 [ 597.673020][ C1] __mutex_lock+0x6a4/0xd70 [ 597.677571][ C1] ? __mutex_lock+0x527/0xd70 [ 597.682291][ C1] ? rtnetlink_rcv_msg+0x839/0x1170 [ 597.687524][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 597.692585][ C1] ? rtnl_lock+0xe7/0x130 [ 597.696952][ C1] rtnetlink_rcv_msg+0x839/0x1170 [ 597.701998][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 597.707240][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 597.712712][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 597.718045][ C1] ? __pfx_validate_chain+0x10/0x10 [ 597.723261][ C1] ? __pfx_validate_chain+0x10/0x10 [ 597.728506][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 597.733470][ C1] ? mark_lock+0x9a/0x360 [ 597.737876][ C1] ? __pfx_validate_chain+0x10/0x10 [ 597.743097][ C1] ? __lock_acquire+0x1359/0x2000 [ 597.748172][ C1] ? mark_lock+0x9a/0x360 [ 597.752517][ C1] ? __lock_acquire+0x1359/0x2000 [ 597.757592][ C1] netlink_rcv_skb+0x1e3/0x430 [ 597.762370][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 597.767864][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 597.773203][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 597.778438][ C1] netlink_unicast+0x7f0/0x990 [ 597.783218][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 597.788535][ C1] ? __virt_addr_valid+0x183/0x530 [ 597.793668][ C1] ? __check_object_size+0x49c/0x900 [ 597.799002][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 597.804130][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 597.808947][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 597.814277][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 597.820399][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 597.825401][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 597.830704][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 597.836216][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 597.841517][ C1] __sock_sendmsg+0x221/0x270 [ 597.846233][ C1] __sys_sendto+0x3a4/0x4f0 [ 597.850755][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 597.855838][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 597.861840][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 597.868215][ C1] __x64_sys_sendto+0xde/0x100 [ 597.873005][ C1] do_syscall_64+0xf3/0x230 [ 597.877568][ C1] ? clear_bhb_loop+0x35/0x90 [ 597.882270][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.888200][ C1] RIP: 0033:0x7ffab53778bc [ 597.892620][ C1] RSP: 002b:00007ffceb987f40 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 597.901160][ C1] RAX: ffffffffffffffda RBX: 00007ffab6034620 RCX: 00007ffab53778bc [ 597.909165][ C1] RDX: 0000000000000044 RSI: 00007ffab6034670 RDI: 0000000000000003 [ 597.917165][ C1] RBP: 0000000000000000 R08: 00007ffceb987f94 R09: 000000000000000c [ 597.925164][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 597.933141][ C1] R13: 0000000000000000 R14: 00007ffab6034670 R15: 0000000000000000 [ 597.941172][ C1] [ 597.944198][ C1] DEBUG: holding rtnl_mutex for 555 jiffies. [ 597.950198][ C1] task:syz.1.2711 state:D stack:24672 pid:13400 tgid:13400 ppid:11651 flags:0x00004006 [ 597.960397][ C1] Call Trace: [ 597.963680][ C1] [ 597.966641][ C1] __schedule+0x17e8/0x4a20 [ 597.971180][ C1] ? __pfx___schedule+0x10/0x10 [ 597.976064][ C1] ? __pfx_lock_release+0x10/0x10 [ 597.981099][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 597.987035][ C1] ? schedule+0x90/0x320 [ 597.991285][ C1] schedule+0x14b/0x320 [ 597.995493][ C1] synchronize_rcu_expedited+0x684/0x830 [ 598.001146][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 598.007348][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 598.012645][ C1] ? __pfx___might_resched+0x10/0x10 [ 598.017969][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 598.024047][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 598.029326][ C1] synchronize_rcu+0x11b/0x360 [ 598.034106][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 598.039449][ C1] lockdep_unregister_key+0x556/0x610 [ 598.044861][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 598.050762][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 598.055999][ C1] ? __qdisc_destroy+0x150/0x410 [ 598.060949][ C1] ? kfree+0x149/0x360 [ 598.065053][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 598.070613][ C1] __qdisc_destroy+0x165/0x410 [ 598.075411][ C1] dev_shutdown+0x9b/0x440 [ 598.079845][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 598.086280][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 598.093060][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 598.099082][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 598.105449][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 598.110672][ C1] unregister_netdevice_queue+0x303/0x370 [ 598.116429][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 598.122692][ C1] __tun_detach+0x6b6/0x1600 [ 598.127352][ C1] tun_chr_close+0x108/0x1b0 [ 598.131960][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 598.137105][ C1] __fput+0x24a/0x8a0 [ 598.141116][ C1] task_work_run+0x24f/0x310 [ 598.145746][ C1] ? __pfx_task_work_run+0x10/0x10 [ 598.150874][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 598.156641][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 598.162299][ C1] do_syscall_64+0x100/0x230 [ 598.166958][ C1] ? clear_bhb_loop+0x35/0x90 [ 598.171655][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.177606][ C1] RIP: 0033:0x7efd7b775b29 [ 598.182047][ C1] RSP: 002b:00007fffc9fc6548 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 598.190502][ C1] RAX: 0000000000000000 RBX: 00007efd7b9059a0 RCX: 00007efd7b775b29 [ 598.198511][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 598.206525][ C1] RBP: 00007efd7b9059a0 R08: 0000000000000008 R09: 00000009c9fc685f [ 598.214540][ C1] R10: 00000000005ed6ec R11: 0000000000000246 R12: 0000000000090ba6 [ 598.222551][ C1] R13: 0000000000000032 R14: 00007efd7b9059a0 R15: 00007fffc9fc6630 [ 598.230576][ C1] [ 598.233604][ C1] DEBUG: waiting rtnl_mutex for 578 jiffies. [ 598.239609][ C1] task:syz.4.2712 state:D stack:24672 pid:13402 tgid:13402 ppid:7080 flags:0x00000004 [ 598.249855][ C1] Call Trace: [ 598.253140][ C1] [ 598.256098][ C1] __schedule+0x17e8/0x4a20 [ 598.260636][ C1] ? __pfx___schedule+0x10/0x10 [ 598.265517][ C1] ? __pfx_lock_release+0x10/0x10 [ 598.270554][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 598.276054][ C1] ? schedule+0x90/0x320 [ 598.280304][ C1] schedule+0x14b/0x320 [ 598.284469][ C1] schedule_preempt_disabled+0x13/0x30 [ 598.289968][ C1] __mutex_lock+0x6a4/0xd70 [ 598.294489][ C1] ? __mutex_lock+0x527/0xd70 [ 598.299209][ C1] ? tun_chr_close+0x3e/0x1b0 [ 598.303899][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 598.308980][ C1] ? rtnl_lock+0xe7/0x130 [ 598.313327][ C1] tun_chr_close+0x3e/0x1b0 [ 598.317870][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 598.323001][ C1] __fput+0x24a/0x8a0 [ 598.327045][ C1] task_work_run+0x24f/0x310 [ 598.331656][ C1] ? __pfx_task_work_run+0x10/0x10 [ 598.336839][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 598.342601][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 598.348296][ C1] do_syscall_64+0x100/0x230 [ 598.352900][ C1] ? clear_bhb_loop+0x35/0x90 [ 598.357612][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 598.363516][ C1] RIP: 0033:0x7ff185d75b29 [ 598.367960][ C1] RSP: 002b:00007fff2cc156c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 598.376413][ C1] RAX: 0000000000000000 RBX: 0000000000090895 RCX: 00007ff185d75b29 [ 598.384392][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 598.392395][ C1] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000001d2cc159df [ 598.400401][ C1] R10: 00007ff185c00000 R11: 0000000000000246 R12: 00007ff185f03fac [ 598.408404][ C1] R13: 0000000000000032 R14: 00007ff185f059a0 R15: 00007ff185f03fa0 [ 598.416426][ C1] [ 598.419452][ C1] [ 598.419452][ C1] Showing all locks held in the system: [ 598.427199][ C1] 2 locks held by kworker/0:0/8: [ 598.432142][ C1] 2 locks held by kworker/u8:1/12: [ 598.437311][ C1] 2 locks held by kworker/u8:7/2481: [ 598.442601][ C1] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 598.454357][ C1] #1: ffffc900092a7d00 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 598.466528][ C1] 2 locks held by getty/4848: [ 598.471205][ C1] #0: ffff88802ad2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 598.481033][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 598.491185][ C1] 3 locks held by kworker/0:4/5132: [ 598.496407][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 598.507418][ C1] #1: ffffc90003fd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 598.518426][ C1] #2: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 598.527445][ C1] 4 locks held by kworker/u8:10/8214: [ 598.532819][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 598.543752][ C1] #1: ffffc900103cfd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 598.554342][ C1] #2: ffffffff8f5eee50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 598.563800][ C1] #3: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: nat_exit_net+0x30/0x100 [ 598.572782][ C1] 1 lock held by syz-executor/13161: [ 598.578093][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 598.587643][ C1] 2 locks held by syz.1.2711/13400: [ 598.592841][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 598.601862][ C1] #1: ffffffff8e33abb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 598.612804][ C1] 1 lock held by syz.4.2712/13402: [ 598.617944][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 598.626992][ C1] 1 lock held by syz.2.2733/13460: [ 598.632133][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 598.641686][ C1] [ 598.644012][ C1] ============================================= [ 598.644012][ C1] [ 599.664866][ C1] DEBUG: waiting rtnl_mutex for 728 jiffies. [ 599.670939][ C1] task:kworker/u8:10 state:D stack:20400 pid:8214 tgid:8214 ppid:2 flags:0x00004000 [ 599.681217][ C1] Workqueue: netns cleanup_net [ 599.686081][ C1] Call Trace: [ 599.689389][ C1] [ 599.692355][ C1] __schedule+0x17e8/0x4a20 [ 599.696966][ C1] ? __pfx___schedule+0x10/0x10 [ 599.701878][ C1] ? __pfx_lock_release+0x10/0x10 [ 599.706991][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 599.712505][ C1] ? kthread_data+0x52/0xd0 [ 599.717088][ C1] ? schedule+0x90/0x320 [ 599.721374][ C1] ? wq_worker_sleeping+0x66/0x240 [ 599.726571][ C1] ? schedule+0x90/0x320 [ 599.730877][ C1] schedule+0x14b/0x320 [ 599.735109][ C1] schedule_preempt_disabled+0x13/0x30 [ 599.740615][ C1] __mutex_lock+0x6a4/0xd70 [ 599.745208][ C1] ? __mutex_lock+0x527/0xd70 [ 599.749937][ C1] ? nat_exit_net+0x30/0x100 [ 599.754572][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 599.759736][ C1] ? __pfx_netdev_run_todo+0x10/0x10 [ 599.765141][ C1] ? rtnl_lock+0xe7/0x130 [ 599.769524][ C1] ? __pfx_nat_exit_net+0x10/0x10 [ 599.774674][ C1] nat_exit_net+0x30/0x100 [ 599.779148][ C1] ? __pfx_nat_exit_net+0x10/0x10 [ 599.784228][ C1] cleanup_net+0x89d/0xcc0 [ 599.788747][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 599.793753][ C1] ? process_scheduled_works+0x945/0x1830 [ 599.799563][ C1] process_scheduled_works+0xa2c/0x1830 [ 599.805237][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 599.811276][ C1] ? assign_work+0x364/0x3d0 [ 599.815960][ C1] worker_thread+0x86d/0xd40 [ 599.820616][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 599.826702][ C1] ? __kthread_parkme+0x169/0x1d0 [ 599.831798][ C1] ? __pfx_worker_thread+0x10/0x10 [ 599.837025][ C1] kthread+0x2f0/0x390 [ 599.841160][ C1] ? __pfx_worker_thread+0x10/0x10 [ 599.846374][ C1] ? __pfx_kthread+0x10/0x10 [ 599.851041][ C1] ret_from_fork+0x4b/0x80 [ 599.855569][ C1] ? __pfx_kthread+0x10/0x10 [ 599.860221][ C1] ret_from_fork_asm+0x1a/0x30 [ 599.865112][ C1] [ 599.868170][ C1] DEBUG: waiting rtnl_mutex for 745 jiffies. [ 599.874188][ C1] task:syz-executor state:D stack:21024 pid:13161 tgid:13161 ppid:13139 flags:0x00000000 [ 599.884463][ C1] Call Trace: [ 599.887823][ C1] [ 599.890797][ C1] __schedule+0x17e8/0x4a20 [ 599.895423][ C1] ? __pfx___schedule+0x10/0x10 [ 599.900325][ C1] ? __pfx_lock_release+0x10/0x10 [ 599.905437][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 599.910997][ C1] ? schedule+0x90/0x320 [ 599.915312][ C1] schedule+0x14b/0x320 [ 599.919528][ C1] schedule_preempt_disabled+0x13/0x30 [ 599.925060][ C1] __mutex_lock+0x6a4/0xd70 [ 599.929636][ C1] ? __mutex_lock+0x527/0xd70 [ 599.934391][ C1] ? rtnetlink_rcv_msg+0x839/0x1170 [ 599.939709][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 599.944851][ C1] ? rtnl_lock+0xe7/0x130 [ 599.949255][ C1] rtnetlink_rcv_msg+0x839/0x1170 [ 599.954339][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 599.959645][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 599.965304][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 599.970737][ C1] ? __pfx_validate_chain+0x10/0x10 [ 599.976048][ C1] ? __pfx_validate_chain+0x10/0x10 [ 599.981316][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 599.986363][ C1] ? mark_lock+0x9a/0x360 [ 599.990753][ C1] ? __pfx_validate_chain+0x10/0x10 [ 599.996042][ C1] ? __lock_acquire+0x1359/0x2000 [ 600.001142][ C1] ? mark_lock+0x9a/0x360 [ 600.005548][ C1] ? __lock_acquire+0x1359/0x2000 [ 600.010612][ C1] netlink_rcv_skb+0x1e3/0x430 [ 600.015442][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 600.020943][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 600.026296][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 600.031523][ C1] netlink_unicast+0x7f0/0x990 [ 600.036374][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 600.041702][ C1] ? __virt_addr_valid+0x183/0x530 [ 600.046918][ C1] ? __check_object_size+0x49c/0x900 [ 600.052240][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 600.057434][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 600.062270][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 600.067629][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 600.073637][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 600.078653][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 600.083982][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 600.089565][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 600.094909][ C1] __sock_sendmsg+0x221/0x270 [ 600.099639][ C1] __sys_sendto+0x3a4/0x4f0 [ 600.104192][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 600.109334][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 600.115420][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 600.121798][ C1] __x64_sys_sendto+0xde/0x100 [ 600.126613][ C1] do_syscall_64+0xf3/0x230 [ 600.131174][ C1] ? clear_bhb_loop+0x35/0x90 [ 600.135940][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.141900][ C1] RIP: 0033:0x7ffab53778bc [ 600.146390][ C1] RSP: 002b:00007ffceb987f40 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 600.154864][ C1] RAX: ffffffffffffffda RBX: 00007ffab6034620 RCX: 00007ffab53778bc [ 600.162870][ C1] RDX: 0000000000000044 RSI: 00007ffab6034670 RDI: 0000000000000003 [ 600.170896][ C1] RBP: 0000000000000000 R08: 00007ffceb987f94 R09: 000000000000000c [ 600.178962][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 600.187003][ C1] R13: 0000000000000000 R14: 00007ffab6034670 R15: 0000000000000000 [ 600.195086][ C1] [ 600.198148][ C1] DEBUG: holding rtnl_mutex for 781 jiffies. [ 600.204150][ C1] task:syz.1.2711 state:D stack:24672 pid:13400 tgid:13400 ppid:11651 flags:0x00004006 [ 600.214360][ C1] Call Trace: [ 600.217701][ C1] [ 600.220671][ C1] __schedule+0x17e8/0x4a20 [ 600.225243][ C1] ? __pfx___schedule+0x10/0x10 [ 600.230118][ C1] ? __pfx_lock_release+0x10/0x10 [ 600.235215][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 600.241170][ C1] ? schedule+0x90/0x320 [ 600.245499][ C1] schedule+0x14b/0x320 [ 600.249731][ C1] synchronize_rcu_expedited+0x684/0x830 [ 600.255473][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 600.261719][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 600.267128][ C1] ? __pfx___might_resched+0x10/0x10 [ 600.272481][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 600.278545][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 600.284720][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 600.291124][ C1] synchronize_rcu+0x11b/0x360 [ 600.295971][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 600.301288][ C1] lockdep_unregister_key+0x556/0x610 [ 600.306743][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 600.312682][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 600.317951][ C1] ? __qdisc_destroy+0x150/0x410 [ 600.322955][ C1] ? kfree+0x149/0x360 [ 600.327096][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 600.332680][ C1] __qdisc_destroy+0x165/0x410 [ 600.337495][ C1] dev_shutdown+0x9b/0x440 [ 600.341937][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 600.348368][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 600.355240][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 600.361292][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 600.367720][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 600.372989][ C1] unregister_netdevice_queue+0x303/0x370 [ 600.379003][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 600.385424][ C1] __tun_detach+0x6b6/0x1600 [ 600.390107][ C1] tun_chr_close+0x108/0x1b0 [ 600.394803][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 600.399968][ C1] __fput+0x24a/0x8a0 [ 600.403983][ C1] task_work_run+0x24f/0x310 [ 600.408647][ C1] ? __pfx_task_work_run+0x10/0x10 [ 600.413801][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 600.419614][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 600.425332][ C1] do_syscall_64+0x100/0x230 [ 600.429956][ C1] ? clear_bhb_loop+0x35/0x90 [ 600.434714][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.440648][ C1] RIP: 0033:0x7efd7b775b29 [ 600.445131][ C1] RSP: 002b:00007fffc9fc6548 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 600.453618][ C1] RAX: 0000000000000000 RBX: 00007efd7b9059a0 RCX: 00007efd7b775b29 [ 600.461644][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 600.469691][ C1] RBP: 00007efd7b9059a0 R08: 0000000000000008 R09: 00000009c9fc685f [ 600.477731][ C1] R10: 00000000005ed6ec R11: 0000000000000246 R12: 0000000000090ba6 [ 600.485764][ C1] R13: 0000000000000032 R14: 00007efd7b9059a0 R15: 00007fffc9fc6630 [ 600.493793][ C1] [ 600.496892][ C1] DEBUG: waiting rtnl_mutex for 805 jiffies. [ 600.502918][ C1] task:syz.4.2712 state:D stack:24672 pid:13402 tgid:13402 ppid:7080 flags:0x00000004 [ 600.513190][ C1] Call Trace: [ 600.516541][ C1] [ 600.519511][ C1] __schedule+0x17e8/0x4a20 [ 600.524104][ C1] ? __pfx___schedule+0x10/0x10 [ 600.529034][ C1] ? __pfx_lock_release+0x10/0x10 [ 600.534091][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 600.539665][ C1] ? schedule+0x90/0x320 [ 600.543964][ C1] schedule+0x14b/0x320 [ 600.548177][ C1] schedule_preempt_disabled+0x13/0x30 [ 600.553681][ C1] __mutex_lock+0x6a4/0xd70 [ 600.558270][ C1] ? __mutex_lock+0x527/0xd70 [ 600.563002][ C1] ? tun_chr_close+0x3e/0x1b0 [ 600.567737][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 600.572795][ C1] ? rtnl_lock+0xe7/0x130 [ 600.577208][ C1] tun_chr_close+0x3e/0x1b0 [ 600.581819][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 600.587025][ C1] __fput+0x24a/0x8a0 [ 600.591069][ C1] task_work_run+0x24f/0x310 [ 600.595734][ C1] ? __pfx_task_work_run+0x10/0x10 [ 600.600900][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 600.606705][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 600.612372][ C1] do_syscall_64+0x100/0x230 [ 600.617057][ C1] ? clear_bhb_loop+0x35/0x90 [ 600.621806][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.627822][ C1] RIP: 0033:0x7ff185d75b29 [ 600.632314][ C1] RSP: 002b:00007fff2cc156c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 600.640925][ C1] RAX: 0000000000000000 RBX: 0000000000090895 RCX: 00007ff185d75b29 [ 600.648971][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 600.657034][ C1] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000001d2cc159df [ 600.665087][ C1] R10: 00007ff185c00000 R11: 0000000000000246 R12: 00007ff185f03fac [ 600.673117][ C1] R13: 0000000000000032 R14: 00007ff185f059a0 R15: 00007ff185f03fa0 [ 600.681161][ C1] [ 600.684194][ C1] DEBUG: waiting rtnl_mutex for 630 jiffies. [ 600.690225][ C1] task:kworker/0:4 state:D stack:21712 pid:5132 tgid:5132 ppid:2 flags:0x00004000 [ 600.700495][ C1] Workqueue: events linkwatch_event [ 600.705819][ C1] Call Trace: [ 600.709124][ C1] [ 600.712067][ C1] __schedule+0x17e8/0x4a20 [ 600.716709][ C1] ? __pfx___schedule+0x10/0x10 [ 600.721603][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 600.727664][ C1] ? __pfx_lock_release+0x10/0x10 [ 600.732737][ C1] ? kick_pool+0x45c/0x620 [ 600.737242][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 600.742480][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 600.747733][ C1] ? schedule+0x90/0x320 [ 600.752103][ C1] schedule+0x14b/0x320 [ 600.756341][ C1] schedule_preempt_disabled+0x13/0x30 [ 600.761864][ C1] __mutex_lock+0x6a4/0xd70 [ 600.766473][ C1] ? __mutex_lock+0x527/0xd70 [ 600.771231][ C1] ? linkwatch_event+0xe/0x60 [ 600.775982][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 600.781071][ C1] ? process_scheduled_works+0x945/0x1830 [ 600.786871][ C1] ? rtnl_lock+0xe7/0x130 [ 600.791262][ C1] ? process_scheduled_works+0x945/0x1830 [ 600.797048][ C1] linkwatch_event+0xe/0x60 [ 600.801603][ C1] process_scheduled_works+0xa2c/0x1830 [ 600.807287][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 600.813332][ C1] ? assign_work+0x364/0x3d0 [ 600.818002][ C1] worker_thread+0x86d/0xd40 [ 600.822645][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 600.828590][ C1] ? __kthread_parkme+0x169/0x1d0 [ 600.833638][ C1] ? __pfx_worker_thread+0x10/0x10 [ 600.838825][ C1] kthread+0x2f0/0x390 [ 600.842944][ C1] ? __pfx_worker_thread+0x10/0x10 [ 600.848108][ C1] ? __pfx_kthread+0x10/0x10 [ 600.852718][ C1] ret_from_fork+0x4b/0x80 [ 600.857209][ C1] ? __pfx_kthread+0x10/0x10 [ 600.861844][ C1] ret_from_fork_asm+0x1a/0x30 [ 600.866706][ C1] [ 600.869754][ C1] [ 600.869754][ C1] Showing all locks held in the system: [ 600.877636][ C1] 2 locks held by kworker/u8:7/2481: [ 600.882966][ C1] #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 600.894731][ C1] #1: ffffc900092a7d00 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 600.907586][ C1] 2 locks held by getty/4848: [ 600.912298][ C1] #0: ffff88802ad2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 600.922164][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 600.932346][ C1] 3 locks held by kworker/0:4/5132: [ 600.937602][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 600.948702][ C1] #1: ffffc90003fd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 600.959812][ C1] #2: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 600.968897][ C1] 4 locks held by kworker/u8:10/8214: [ 600.974270][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 600.985210][ C1] #1: ffffc900103cfd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 600.995823][ C1] #2: ffffffff8f5eee50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 601.005328][ C1] #3: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: nat_exit_net+0x30/0x100 [ 601.014266][ C1] 1 lock held by syz-executor/13161: [ 601.019627][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 601.029269][ C1] 2 locks held by syz.1.2711/13400: [ 601.034492][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 601.043543][ C1] #1: ffffffff8e33abb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 601.054510][ C1] 1 lock held by syz.4.2712/13402: [ 601.059683][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 601.068756][ C1] 1 lock held by syz.2.2733/13460: [ 601.073878][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 601.083442][ C1] 3 locks held by syz.3.2739/13475: [ 601.088691][ C1] #0: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 601.098879][ C1] #1: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 601.108759][ C1] #2: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 601.118756][ C1] [ 601.121115][ C1] ============================================= [ 601.121115][ C1] [ 601.685570][ T5183] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 601.875127][ T5183] usb 4-1: Using ep0 maxpacket: 32 [ 601.885584][ T5183] usb 4-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 601.900848][ T5183] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.911923][ T5183] usb 4-1: config 0 descriptor?? [ 601.920516][ T5183] rndis_host 4-1:0.0: probe with driver rndis_host failed with error -22 [ 602.147665][ C1] DEBUG: waiting rtnl_mutex for 976 jiffies. [ 602.153736][ C1] task:kworker/u8:10 state:D stack:20400 pid:8214 tgid:8214 ppid:2 flags:0x00004000 [ 602.164076][ C1] Workqueue: netns cleanup_net [ 602.168993][ C1] Call Trace: [ 602.172316][ C1] [ 602.175372][ C1] __schedule+0x17e8/0x4a20 [ 602.179966][ C1] ? __pfx___schedule+0x10/0x10 [ 602.184963][ C1] ? __pfx_lock_release+0x10/0x10 [ 602.190050][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 602.195671][ C1] ? kthread_data+0x52/0xd0 [ 602.200246][ C1] ? schedule+0x90/0x320 [ 602.204566][ C1] ? wq_worker_sleeping+0x66/0x240 [ 602.209841][ C1] ? schedule+0x90/0x320 [ 602.214154][ C1] schedule+0x14b/0x320 [ 602.218468][ C1] schedule_preempt_disabled+0x13/0x30 [ 602.223995][ C1] __mutex_lock+0x6a4/0xd70 [ 602.228660][ C1] ? __mutex_lock+0x527/0xd70 [ 602.233493][ C1] ? nat_exit_net+0x30/0x100 [ 602.238280][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 602.243401][ C1] ? __pfx_netdev_run_todo+0x10/0x10 [ 602.248852][ C1] ? rtnl_lock+0xe7/0x130 [ 602.253239][ C1] ? __pfx_nat_exit_net+0x10/0x10 [ 602.258426][ C1] nat_exit_net+0x30/0x100 [ 602.262912][ C1] ? __pfx_nat_exit_net+0x10/0x10 [ 602.268108][ C1] cleanup_net+0x89d/0xcc0 [ 602.272608][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 602.277716][ C1] ? process_scheduled_works+0x945/0x1830 [ 602.283514][ C1] process_scheduled_works+0xa2c/0x1830 [ 602.289256][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 602.295404][ C1] ? assign_work+0x364/0x3d0 [ 602.300060][ C1] worker_thread+0x86d/0xd40 [ 602.304808][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 602.310779][ C1] ? __kthread_parkme+0x169/0x1d0 [ 602.315978][ C1] ? __pfx_worker_thread+0x10/0x10 [ 602.321161][ C1] kthread+0x2f0/0x390 [ 602.325393][ C1] ? __pfx_worker_thread+0x10/0x10 [ 602.330582][ C1] ? __pfx_kthread+0x10/0x10 [ 602.335336][ C1] ret_from_fork+0x4b/0x80 [ 602.339824][ C1] ? __pfx_kthread+0x10/0x10 [ 602.344488][ C1] ret_from_fork_asm+0x1a/0x30 [ 602.349457][ C1] [ 602.352548][ C1] DEBUG: waiting rtnl_mutex for 993 jiffies. [ 602.358682][ C1] task:syz-executor state:D stack:21024 pid:13161 tgid:13161 ppid:13139 flags:0x00000000 [ 602.369041][ C1] Call Trace: [ 602.372371][ C1] [ 602.375484][ C1] __schedule+0x17e8/0x4a20 [ 602.380082][ C1] ? __pfx___schedule+0x10/0x10 [ 602.385094][ C1] ? __pfx_lock_release+0x10/0x10 [ 602.390199][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 602.395847][ C1] ? schedule+0x90/0x320 [ 602.400162][ C1] schedule+0x14b/0x320 [ 602.404388][ C1] schedule_preempt_disabled+0x13/0x30 [ 602.410017][ C1] __mutex_lock+0x6a4/0xd70 [ 602.414598][ C1] ? __mutex_lock+0x527/0xd70 [ 602.419442][ C1] ? rtnetlink_rcv_msg+0x839/0x1170 [ 602.424955][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 602.430064][ C1] ? rtnl_lock+0xe7/0x130 [ 602.434467][ C1] rtnetlink_rcv_msg+0x839/0x1170 [ 602.439702][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 602.445066][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 602.450584][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 602.456050][ C1] ? __pfx_validate_chain+0x10/0x10 [ 602.461318][ C1] ? __pfx_validate_chain+0x10/0x10 [ 602.466693][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 602.471702][ C1] ? mark_lock+0x9a/0x360 [ 602.476209][ C1] ? __pfx_validate_chain+0x10/0x10 [ 602.481481][ C1] ? __lock_acquire+0x1359/0x2000 [ 602.486750][ C1] ? mark_lock+0x9a/0x360 [ 602.491167][ C1] ? __lock_acquire+0x1359/0x2000 [ 602.496396][ C1] netlink_rcv_skb+0x1e3/0x430 [ 602.501220][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 602.506833][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 602.512199][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 602.517590][ C1] netlink_unicast+0x7f0/0x990 [ 602.522427][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 602.527875][ C1] ? __virt_addr_valid+0x183/0x530 [ 602.533060][ C1] ? __check_object_size+0x49c/0x900 [ 602.538529][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 602.543722][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 602.548694][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 602.554049][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 602.560244][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 602.565382][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 602.570744][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 602.576385][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 602.581741][ C1] __sock_sendmsg+0x221/0x270 [ 602.586605][ C1] __sys_sendto+0x3a4/0x4f0 [ 602.591185][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 602.596428][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 602.602481][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 602.609003][ C1] __x64_sys_sendto+0xde/0x100 [ 602.613846][ C1] do_syscall_64+0xf3/0x230 [ 602.618545][ C1] ? clear_bhb_loop+0x35/0x90 [ 602.623289][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.629356][ C1] RIP: 0033:0x7ffab53778bc [ 602.633834][ C1] RSP: 002b:00007ffceb987f40 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 602.642434][ C1] RAX: ffffffffffffffda RBX: 00007ffab6034620 RCX: 00007ffab53778bc [ 602.650597][ C1] RDX: 0000000000000044 RSI: 00007ffab6034670 RDI: 0000000000000003 [ 602.658737][ C1] RBP: 0000000000000000 R08: 00007ffceb987f94 R09: 000000000000000c [ 602.666884][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 602.675013][ C1] R13: 0000000000000000 R14: 00007ffab6034670 R15: 0000000000000000 [ 602.683063][ C1] [ 602.686235][ C1] DEBUG: holding rtnl_mutex for 1030 jiffies. [ 602.692341][ C1] task:syz.1.2711 state:R running task stack:24672 pid:13400 tgid:13400 ppid:11651 flags:0x0000400e [ 602.704278][ C1] Call Trace: [ 602.707713][ C1] [ 602.710595][ C1] sched_show_task+0x506/0x6d0 [ 602.715546][ C1] ? report_rtnl_holders+0x183/0x2d0 [ 602.720893][ C1] ? __pfx__printk+0x10/0x10 [ 602.725679][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 602.731033][ C1] report_rtnl_holders+0x1ba/0x2d0 [ 602.736320][ C1] ? report_rtnl_holders+0x20/0x2d0 [ 602.741585][ C1] call_timer_fn+0x18e/0x650 [ 602.746345][ C1] ? call_timer_fn+0xc0/0x650 [ 602.751077][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 602.756883][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 602.762050][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 602.767852][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 602.773541][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 602.779338][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 602.784614][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 602.790014][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 602.795814][ C1] __run_timer_base+0x66a/0x8e0 [ 602.800733][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 602.806292][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 602.812693][ C1] run_timer_softirq+0xb7/0x170 [ 602.817744][ C1] handle_softirqs+0x2c4/0x970 [ 602.822572][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 602.827528][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 602.832875][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 602.838271][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 602.842919][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 602.848292][ C1] irq_exit_rcu+0x9/0x30 [ 602.852600][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 602.858356][ C1] [ 602.861323][ C1] [ 602.864294][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 602.870394][ C1] RIP: 0010:lockdep_unregister_key+0x56d/0x610 [ 602.876674][ C1] Code: ff 92 48 c7 c6 90 b6 6f 81 e8 7f 04 0a 00 e8 ea 18 0a 00 e9 e5 fb ff ff e8 00 18 20 0a 41 f7 c7 00 02 00 00 74 d0 fb 45 84 f6 <75> cf eb e0 90 0f 0b 90 45 31 f6 e9 62 ff ff ff 90 0f 0b 90 e9 a1 [ 602.896398][ C1] RSP: 0000:ffffc9000f02f8e0 EFLAGS: 00000246 [ 602.902528][ C1] RAX: dffffc0000000000 RBX: 1ffff92001e05f24 RCX: ffffffff947eb803 [ 602.910618][ C1] RDX: 0000000000000001 RSI: ffffffff8bcad5e0 RDI: ffffffff8c206fe0 [ 602.918713][ C1] RBP: ffffc9000f02f9b8 R08: ffffffff92ff658f R09: 1ffffffff25fecb1 [ 602.926801][ C1] R10: dffffc0000000000 R11: fffffbfff25fecb2 R12: ffffc9000f02f920 [ 602.934885][ C1] R13: 1ffff92001e05f20 R14: 0000000000000000 R15: 0000000000000a07 [ 602.942934][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 602.948965][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 602.954254][ C1] ? __qdisc_destroy+0x150/0x410 [ 602.959309][ C1] ? kfree+0x149/0x360 [ 602.963437][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 602.969122][ C1] __qdisc_destroy+0x165/0x410 [ 602.973949][ C1] dev_shutdown+0x9b/0x440 [ 602.978505][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 602.984983][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 602.991818][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 602.997930][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 603.004336][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 603.009684][ C1] unregister_netdevice_queue+0x303/0x370 [ 603.015545][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 603.021860][ C1] __tun_detach+0x6b6/0x1600 [ 603.026590][ C1] tun_chr_close+0x108/0x1b0 [ 603.031237][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 603.036472][ C1] __fput+0x24a/0x8a0 [ 603.040539][ C1] task_work_run+0x24f/0x310 [ 603.045251][ C1] ? __pfx_task_work_run+0x10/0x10 [ 603.050415][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 603.056279][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 603.061990][ C1] do_syscall_64+0x100/0x230 [ 603.066698][ C1] ? clear_bhb_loop+0x35/0x90 [ 603.071432][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.077443][ C1] RIP: 0033:0x7efd7b775b29 [ 603.081909][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 603.101638][ C1] RSP: 002b:00007fffc9fc6548 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 603.110228][ C1] RAX: 0000000000000000 RBX: 00007efd7b9059a0 RCX: 00007efd7b775b29 [ 603.118325][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 603.126415][ C1] RBP: 00007efd7b9059a0 R08: 0000000000000008 R09: 00000009c9fc685f [ 603.134445][ C1] R10: 00000000005ed6ec R11: 0000000000000246 R12: 0000000000090ba6 [ 603.142561][ C1] R13: 0000000000000032 R14: 00007efd7b9059a0 R15: 00007fffc9fc6630 [ 603.150688][ C1] [ 603.153750][ C1] DEBUG: waiting rtnl_mutex for 1070 jiffies. [ 603.159938][ C1] task:syz.4.2712 state:D stack:24672 pid:13402 tgid:13402 ppid:7080 flags:0x00000004 [ 603.170245][ C1] Call Trace: [ 603.173566][ C1] [ 603.176620][ C1] __schedule+0x17e8/0x4a20 [ 603.181251][ C1] ? __pfx___schedule+0x10/0x10 [ 603.186234][ C1] ? __pfx_lock_release+0x10/0x10 [ 603.191323][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 603.196960][ C1] ? schedule+0x90/0x320 [ 603.201272][ C1] schedule+0x14b/0x320 [ 603.205564][ C1] schedule_preempt_disabled+0x13/0x30 [ 603.211085][ C1] __mutex_lock+0x6a4/0xd70 [ 603.215730][ C1] ? __mutex_lock+0x527/0xd70 [ 603.220477][ C1] ? tun_chr_close+0x3e/0x1b0 [ 603.225298][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 603.230396][ C1] ? rtnl_lock+0xe7/0x130 [ 603.234857][ C1] tun_chr_close+0x3e/0x1b0 [ 603.239414][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 603.244584][ C1] __fput+0x24a/0x8a0 [ 603.248731][ C1] task_work_run+0x24f/0x310 [ 603.253384][ C1] ? __pfx_task_work_run+0x10/0x10 [ 603.258644][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 603.264441][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 603.270250][ C1] do_syscall_64+0x100/0x230 [ 603.274966][ C1] ? clear_bhb_loop+0x35/0x90 [ 603.279740][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.285770][ C1] RIP: 0033:0x7ff185d75b29 [ 603.290241][ C1] RSP: 002b:00007fff2cc156c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 603.298805][ C1] RAX: 0000000000000000 RBX: 0000000000090895 RCX: 00007ff185d75b29 [ 603.306926][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 603.315042][ C1] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000001d2cc159df [ 603.323102][ C1] R10: 00007ff185c00000 R11: 0000000000000246 R12: 00007ff185f03fac [ 603.331222][ C1] R13: 0000000000000032 R14: 00007ff185f059a0 R15: 00007ff185f03fa0 [ 603.339366][ C1] [ 603.342438][ C1] DEBUG: waiting rtnl_mutex for 896 jiffies. [ 603.348551][ C1] task:kworker/0:4 state:D stack:21712 pid:5132 tgid:5132 ppid:2 flags:0x00004000 [ 603.358874][ C1] Workqueue: events linkwatch_event [ 603.364157][ C1] Call Trace: [ 603.367574][ C1] [ 603.370557][ C1] __schedule+0x17e8/0x4a20 [ 603.375243][ C1] ? __pfx___schedule+0x10/0x10 [ 603.380157][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 603.386298][ C1] ? __pfx_lock_release+0x10/0x10 [ 603.391395][ C1] ? kick_pool+0x45c/0x620 [ 603.395977][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 603.401246][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 603.406628][ C1] ? schedule+0x90/0x320 [ 603.410930][ C1] schedule+0x14b/0x320 [ 603.415238][ C1] schedule_preempt_disabled+0x13/0x30 [ 603.420755][ C1] __mutex_lock+0x6a4/0xd70 [ 603.425425][ C1] ? __mutex_lock+0x527/0xd70 [ 603.430172][ C1] ? linkwatch_event+0xe/0x60 [ 603.435015][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 603.440145][ C1] ? process_scheduled_works+0x945/0x1830 [ 603.446033][ C1] ? rtnl_lock+0xe7/0x130 [ 603.450428][ C1] ? process_scheduled_works+0x945/0x1830 [ 603.456310][ C1] linkwatch_event+0xe/0x60 [ 603.460885][ C1] process_scheduled_works+0xa2c/0x1830 [ 603.466625][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 603.472683][ C1] ? assign_work+0x364/0x3d0 [ 603.477442][ C1] worker_thread+0x86d/0xd40 [ 603.482105][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 603.488153][ C1] ? __kthread_parkme+0x169/0x1d0 [ 603.493248][ C1] ? __pfx_worker_thread+0x10/0x10 [ 603.498512][ C1] kthread+0x2f0/0x390 [ 603.502644][ C1] ? __pfx_worker_thread+0x10/0x10 [ 603.507919][ C1] ? __pfx_kthread+0x10/0x10 [ 603.512570][ C1] ret_from_fork+0x4b/0x80 [ 603.517141][ C1] ? __pfx_kthread+0x10/0x10 [ 603.521799][ C1] ret_from_fork_asm+0x1a/0x30 [ 603.526747][ C1] [ 603.529807][ C1] DEBUG: waiting rtnl_mutex for 751 jiffies. [ 603.535916][ C1] task:syz.2.2733 state:D stack:24528 pid:13460 tgid:13459 ppid:11558 flags:0x00004004 [ 603.546245][ C1] Call Trace: [ 603.549562][ C1] [ 603.552537][ C1] __schedule+0x17e8/0x4a20 [ 603.557228][ C1] ? __pfx___schedule+0x10/0x10 [ 603.562140][ C1] ? __pfx_lock_release+0x10/0x10 [ 603.567329][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 603.572877][ C1] ? schedule+0x90/0x320 [ 603.577280][ C1] schedule+0x14b/0x320 [ 603.581493][ C1] schedule_preempt_disabled+0x13/0x30 [ 603.587100][ C1] __mutex_lock+0x6a4/0xd70 [ 603.591656][ C1] ? __mutex_lock+0x527/0xd70 [ 603.596477][ C1] ? rtnetlink_rcv_msg+0x839/0x1170 [ 603.596977][ T4489] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 603.601700][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 603.614147][ C1] ? rtnl_lock+0xe7/0x130 [ 603.616898][ T4489] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 603.618635][ C1] rtnetlink_rcv_msg+0x839/0x1170 [ 603.630617][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 603.633277][ T4489] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 603.635939][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 603.635980][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 603.636011][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 603.636051][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 603.636081][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 603.652883][ T4489] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 603.653946][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 603.664060][ T4489] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 603.664615][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 603.664768][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 603.664810][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 603.672937][ T4489] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 603.677127][ C1] ? kasan_save_track+0x51/0x80 [ 603.677173][ C1] ? do_syscall_64+0xf3/0x230 [ 603.722358][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 603.727652][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 603.733119][ C1] ? ref_tracker_free+0x643/0x7e0 [ 603.738355][ C1] netlink_rcv_skb+0x1e3/0x430 [ 603.743197][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 603.748848][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 603.754239][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 603.759616][ C1] netlink_unicast+0x7f0/0x990 [ 603.764452][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 603.769911][ C1] ? __virt_addr_valid+0x183/0x530 [ 603.775203][ C1] ? __check_object_size+0x49c/0x900 [ 603.776256][ T4489] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 603.780602][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 603.780645][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 603.780695][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 603.780725][ C1] ? __import_iovec+0x536/0x820 [ 603.795839][ T4489] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 603.798222][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 603.807584][ T4489] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 603.808397][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 603.821668][ T4489] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 603.827341][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 603.827386][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 603.835189][ T4489] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 603.839728][ C1] __sock_sendmsg+0x221/0x270 [ 603.846826][ T4489] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 603.850500][ C1] ____sys_sendmsg+0x525/0x7d0 [ 603.874260][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 603.879759][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 603.884413][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 603.889735][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 603.896204][ C1] ? do_syscall_64+0x100/0x230 [ 603.901037][ C1] ? do_syscall_64+0xb6/0x230 [ 603.905798][ C1] do_syscall_64+0xf3/0x230 [ 603.910319][ C1] ? clear_bhb_loop+0x35/0x90 [ 603.915106][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.921045][ C1] RIP: 0033:0x7fef53575b29 [ 603.925533][ C1] RSP: 002b:00007fef54287048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 603.934018][ C1] RAX: ffffffffffffffda RBX: 00007fef53703fa0 RCX: 00007fef53575b29 [ 603.942052][ C1] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 603.950086][ C1] RBP: 00007fef535f6756 R08: 0000000000000000 R09: 0000000000000000 [ 603.958154][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.966257][ C1] R13: 000000000000000b R14: 00007fef53703fa0 R15: 00007ffdb665bab8 [ 603.974320][ C1] [ 603.977438][ C1] [ 603.977438][ C1] Showing all locks held in the system: [ 603.985282][ C1] 2 locks held by kworker/u8:6/1109: [ 603.990610][ C1] #0: ffff8880b943e958 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 604.000691][ C1] #1: ffffc900040d7d00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 604.013976][ C1] 2 locks held by getty/4848: [ 604.018712][ C1] #0: ffff88802ad2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 604.028566][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 604.038837][ C1] 3 locks held by kworker/0:4/5132: [ 604.044078][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 604.055173][ C1] #1: ffffc90003fd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 604.066306][ C1] #2: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 604.075442][ C1] 4 locks held by kworker/u8:10/8214: [ 604.080862][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 604.091918][ C1] #1: ffffc900103cfd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 604.102545][ C1] #2: ffffffff8f5eee50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 604.112073][ C1] #3: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: nat_exit_net+0x30/0x100 [ 604.121123][ C1] 1 lock held by syz-executor/13161: [ 604.126505][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 604.136169][ C1] 4 locks held by syz.1.2711/13400: [ 604.141406][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 604.150561][ C1] #1: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 604.160832][ C1] #2: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0 [ 604.170780][ C1] #3: ffffffff8e3357e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 604.180785][ C1] 1 lock held by syz.4.2712/13402: [ 604.186014][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 604.195154][ C1] 1 lock held by syz.2.2733/13460: [ 604.200274][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 604.209893][ C1] 1 lock held by syz.3.2741/13482: [ 604.215127][ C1] #0: ffff888067a99068 (&pipe->mutex){+.+.}-{3:3}, at: splice_file_to_pipe+0x2e/0x500 [ 604.225000][ C1] 1 lock held by syz-executor/13487: [ 604.230334][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 604.240114][ C1] 1 lock held by syz-executor/13489: [ 604.245532][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 604.255165][ C1] [ 604.257516][ C1] ============================================= [ 604.257516][ C1] [ 604.378248][ T5090] usb 4-1: USB disconnect, device number 10 [ 604.455216][T13492] loop3: detected capacity change from 0 to 1024 [ 604.470136][T13492] hfsplus: invalid extent btree flag [ 604.475916][T13492] hfsplus: failed to load extents file [ 605.354809][ C1] DEBUG: waiting rtnl_mutex for 1296 jiffies. [ 605.361031][ C1] task:kworker/u8:10 state:D stack:20400 pid:8214 tgid:8214 ppid:2 flags:0x00004000 [ 605.371318][ C1] Workqueue: netns cleanup_net [ 605.376178][ C1] Call Trace: [ 605.379468][ C1] [ 605.382410][ C1] __schedule+0x17e8/0x4a20 [ 605.386983][ C1] ? __pfx___schedule+0x10/0x10 [ 605.391857][ C1] ? __pfx_lock_release+0x10/0x10 [ 605.396929][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 605.402413][ C1] ? kthread_data+0x52/0xd0 [ 605.406961][ C1] ? schedule+0x90/0x320 [ 605.411234][ C1] ? wq_worker_sleeping+0x66/0x240 [ 605.416395][ C1] ? schedule+0x90/0x320 [ 605.420658][ C1] schedule+0x14b/0x320 [ 605.424876][ C1] schedule_preempt_disabled+0x13/0x30 [ 605.430380][ C1] __mutex_lock+0x6a4/0xd70 [ 605.434982][ C1] ? __mutex_lock+0x527/0xd70 [ 605.439735][ C1] ? nat_exit_net+0x30/0x100 [ 605.444369][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 605.449448][ C1] ? __pfx_netdev_run_todo+0x10/0x10 [ 605.454796][ C1] ? rtnl_lock+0xe7/0x130 [ 605.459148][ C1] ? __pfx_nat_exit_net+0x10/0x10 [ 605.464195][ C1] nat_exit_net+0x30/0x100 [ 605.468684][ C1] ? __pfx_nat_exit_net+0x10/0x10 [ 605.473731][ C1] cleanup_net+0x89d/0xcc0 [ 605.478230][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 605.483225][ C1] ? process_scheduled_works+0x945/0x1830 [ 605.489019][ C1] process_scheduled_works+0xa2c/0x1830 [ 605.494607][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 605.500698][ C1] ? assign_work+0x364/0x3d0 [ 605.505406][ C1] worker_thread+0x86d/0xd40 [ 605.510076][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 605.516046][ C1] ? __kthread_parkme+0x169/0x1d0 [ 605.521131][ C1] ? __pfx_worker_thread+0x10/0x10 [ 605.526299][ C1] kthread+0x2f0/0x390 [ 605.530396][ C1] ? __pfx_worker_thread+0x10/0x10 [ 605.535573][ C1] ? __pfx_kthread+0x10/0x10 [ 605.540198][ C1] ret_from_fork+0x4b/0x80 [ 605.544684][ C1] ? __pfx_kthread+0x10/0x10 [ 605.549319][ C1] ret_from_fork_asm+0x1a/0x30 [ 605.554145][ C1] [ 605.557216][ C1] DEBUG: waiting rtnl_mutex for 1314 jiffies. [ 605.563289][ C1] task:syz-executor state:D stack:21024 pid:13161 tgid:13161 ppid:13139 flags:0x00000000 [ 605.573497][ C1] Call Trace: [ 605.576810][ C1] [ 605.579756][ C1] __schedule+0x17e8/0x4a20 [ 605.584295][ C1] ? __pfx___schedule+0x10/0x10 [ 605.589196][ C1] ? __pfx_lock_release+0x10/0x10 [ 605.594239][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 605.599753][ C1] ? schedule+0x90/0x320 [ 605.604021][ C1] schedule+0x14b/0x320 [ 605.608222][ C1] schedule_preempt_disabled+0x13/0x30 [ 605.613698][ C1] __mutex_lock+0x6a4/0xd70 [ 605.618260][ C1] ? __mutex_lock+0x527/0xd70 [ 605.622966][ C1] ? rtnetlink_rcv_msg+0x839/0x1170 [ 605.628203][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 605.633258][ C1] ? rtnl_lock+0xe7/0x130 [ 605.637632][ C1] rtnetlink_rcv_msg+0x839/0x1170 [ 605.642681][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 605.647922][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 605.653399][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 605.658745][ C1] ? __pfx_validate_chain+0x10/0x10 [ 605.663968][ C1] ? __pfx_validate_chain+0x10/0x10 [ 605.669218][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 605.674180][ C1] ? mark_lock+0x9a/0x360 [ 605.678572][ C1] ? __pfx_validate_chain+0x10/0x10 [ 605.683800][ C1] ? __lock_acquire+0x1359/0x2000 [ 605.688882][ C1] ? mark_lock+0x9a/0x360 [ 605.693324][ C1] ? __lock_acquire+0x1359/0x2000 [ 605.698415][ C1] netlink_rcv_skb+0x1e3/0x430 [ 605.703200][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 605.708707][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 605.714036][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 605.719292][ C1] netlink_unicast+0x7f0/0x990 [ 605.724088][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 605.729414][ C1] ? __virt_addr_valid+0x183/0x530 [ 605.734582][ C1] ? __check_object_size+0x49c/0x900 [ 605.734974][ T4489] Bluetooth: hci5: command tx timeout [ 605.739925][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 605.750987][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 605.755808][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 605.761105][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 605.767134][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 605.772094][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 605.777423][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 605.782907][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 605.788233][ C1] __sock_sendmsg+0x221/0x270 [ 605.792933][ C1] __sys_sendto+0x3a4/0x4f0 [ 605.797481][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 605.802545][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 605.808586][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 605.814964][ C1] __x64_sys_sendto+0xde/0x100 [ 605.819772][ C1] do_syscall_64+0xf3/0x230 [ 605.824314][ C1] ? clear_bhb_loop+0x35/0x90 [ 605.829045][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.834980][ C1] RIP: 0033:0x7ffab53778bc [ 605.839410][ C1] RSP: 002b:00007ffceb987f40 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 605.847867][ C1] RAX: ffffffffffffffda RBX: 00007ffab6034620 RCX: 00007ffab53778bc [ 605.855874][ C1] RDX: 0000000000000044 RSI: 00007ffab6034670 RDI: 0000000000000003 [ 605.863856][ C1] RBP: 0000000000000000 R08: 00007ffceb987f94 R09: 000000000000000c [ 605.871863][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 605.879884][ C1] R13: 0000000000000000 R14: 00007ffab6034670 R15: 0000000000000000 [ 605.887917][ C1] [ 605.890947][ C1] DEBUG: holding rtnl_mutex for 1350 jiffies. [ 605.894975][ T4489] Bluetooth: hci6: command tx timeout [ 605.897050][ C1] task:syz.1.2711 state:D stack:24672 pid:13400 tgid:13400 ppid:11651 flags:0x00004006 [ 605.913105][ C1] Call Trace: [ 605.916452][ C1] [ 605.919420][ C1] __schedule+0x17e8/0x4a20 [ 605.923970][ C1] ? __pfx___schedule+0x10/0x10 [ 605.928877][ C1] ? __pfx_lock_release+0x10/0x10 [ 605.933920][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 605.939872][ C1] ? schedule+0x90/0x320 [ 605.944130][ C1] schedule+0x14b/0x320 [ 605.948334][ C1] synchronize_rcu_expedited+0x684/0x830 [ 605.954011][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 605.960256][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 605.965590][ C1] ? __pfx___might_resched+0x10/0x10 [ 605.970889][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 605.976909][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 605.982993][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 605.989388][ C1] synchronize_rcu+0x11b/0x360 [ 605.994178][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 605.999528][ C1] lockdep_unregister_key+0x556/0x610 [ 606.004971][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 606.010915][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 606.016162][ C1] ? __qdisc_destroy+0x150/0x410 [ 606.021115][ C1] ? kfree+0x149/0x360 [ 606.025247][ C1] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 606.030868][ C1] __qdisc_destroy+0x165/0x410 [ 606.035680][ C1] dev_shutdown+0x9b/0x440 [ 606.040116][ C1] unregister_netdevice_many_notify+0x977/0x16b0 [ 606.046527][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 606.053312][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 606.059351][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 606.065726][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 606.070959][ C1] unregister_netdevice_queue+0x303/0x370 [ 606.076757][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 606.083031][ C1] __tun_detach+0x6b6/0x1600 [ 606.087676][ C1] tun_chr_close+0x108/0x1b0 [ 606.092282][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 606.097439][ C1] __fput+0x24a/0x8a0 [ 606.101448][ C1] task_work_run+0x24f/0x310 [ 606.106074][ C1] ? __pfx_task_work_run+0x10/0x10 [ 606.111228][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 606.117030][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 606.122686][ C1] do_syscall_64+0x100/0x230 [ 606.127332][ C1] ? clear_bhb_loop+0x35/0x90 [ 606.132050][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.138043][ C1] RIP: 0033:0x7efd7b775b29 [ 606.142500][ C1] RSP: 002b:00007fffc9fc6548 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 606.151018][ C1] RAX: 0000000000000000 RBX: 00007efd7b9059a0 RCX: 00007efd7b775b29 [ 606.159084][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 606.167158][ C1] RBP: 00007efd7b9059a0 R08: 0000000000000008 R09: 00000009c9fc685f [ 606.175222][ C1] R10: 00000000005ed6ec R11: 0000000000000246 R12: 0000000000090ba6 [ 606.183254][ C1] R13: 0000000000000032 R14: 00007efd7b9059a0 R15: 00007fffc9fc6630 [ 606.191352][ C1] [ 606.194419][ C1] DEBUG: waiting rtnl_mutex for 1374 jiffies. [ 606.200567][ C1] task:syz.4.2712 state:D stack:24672 pid:13402 tgid:13402 ppid:7080 flags:0x00000004 [ 606.210847][ C1] Call Trace: [ 606.214167][ C1] [ 606.217178][ C1] __schedule+0x17e8/0x4a20 [ 606.221787][ C1] ? __pfx___schedule+0x10/0x10 [ 606.226765][ C1] ? __pfx_lock_release+0x10/0x10 [ 606.231874][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 606.237473][ C1] ? schedule+0x90/0x320 [ 606.241775][ C1] schedule+0x14b/0x320 [ 606.246026][ C1] schedule_preempt_disabled+0x13/0x30 [ 606.251539][ C1] __mutex_lock+0x6a4/0xd70 [ 606.256138][ C1] ? __mutex_lock+0x527/0xd70 [ 606.260865][ C1] ? tun_chr_close+0x3e/0x1b0 [ 606.265621][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 606.270782][ C1] ? rtnl_lock+0xe7/0x130 [ 606.275457][ C1] tun_chr_close+0x3e/0x1b0 [ 606.280118][ C1] ? __pfx_tun_chr_close+0x10/0x10 [ 606.285419][ C1] __fput+0x24a/0x8a0 [ 606.289470][ C1] task_work_run+0x24f/0x310 [ 606.294120][ C1] ? __pfx_task_work_run+0x10/0x10 [ 606.299342][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 606.305167][ C1] syscall_exit_to_user_mode+0x168/0x370 [ 606.310879][ C1] do_syscall_64+0x100/0x230 [ 606.315571][ C1] ? clear_bhb_loop+0x35/0x90 [ 606.320306][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.326297][ C1] RIP: 0033:0x7ff185d75b29 [ 606.330772][ C1] RSP: 002b:00007fff2cc156c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 606.339295][ C1] RAX: 0000000000000000 RBX: 0000000000090895 RCX: 00007ff185d75b29 [ 606.347367][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 606.355424][ C1] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000001d2cc159df [ 606.363453][ C1] R10: 00007ff185c00000 R11: 0000000000000246 R12: 00007ff185f03fac [ 606.371527][ C1] R13: 0000000000000032 R14: 00007ff185f059a0 R15: 00007ff185f03fa0 [ 606.379641][ C1] [ 606.382707][ C1] DEBUG: waiting rtnl_mutex for 1200 jiffies. [ 606.388869][ C1] task:kworker/0:4 state:D stack:21712 pid:5132 tgid:5132 ppid:2 flags:0x00004000 [ 606.399192][ C1] Workqueue: events linkwatch_event [ 606.404469][ C1] Call Trace: [ 606.407829][ C1] [ 606.410806][ C1] __schedule+0x17e8/0x4a20 [ 606.415434][ C1] ? __pfx___schedule+0x10/0x10 [ 606.420345][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 606.426424][ C1] ? __pfx_lock_release+0x10/0x10 [ 606.431531][ C1] ? kick_pool+0x45c/0x620 [ 606.436068][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 606.441332][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 606.446664][ C1] ? schedule+0x90/0x320 [ 606.450980][ C1] schedule+0x14b/0x320 [ 606.455247][ C1] schedule_preempt_disabled+0x13/0x30 [ 606.460870][ C1] __mutex_lock+0x6a4/0xd70 [ 606.465490][ C1] ? __mutex_lock+0x527/0xd70 [ 606.470243][ C1] ? linkwatch_event+0xe/0x60 [ 606.475025][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 606.480147][ C1] ? process_scheduled_works+0x945/0x1830 [ 606.485987][ C1] ? rtnl_lock+0xe7/0x130 [ 606.490435][ C1] ? process_scheduled_works+0x945/0x1830 [ 606.496301][ C1] linkwatch_event+0xe/0x60 [ 606.500892][ C1] process_scheduled_works+0xa2c/0x1830 [ 606.506601][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 606.512684][ C1] ? assign_work+0x364/0x3d0 [ 606.513530][ T54] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 606.517376][ C1] worker_thread+0x86d/0xd40 [ 606.517438][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 606.533368][ T54] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 606.535637][ C1] ? __kthread_parkme+0x169/0x1d0 [ 606.535687][ C1] ? __pfx_worker_thread+0x10/0x10 [ 606.535721][ C1] kthread+0x2f0/0x390 [ 606.535756][ C1] ? __pfx_worker_thread+0x10/0x10 [ 606.535786][ C1] ? __pfx_kthread+0x10/0x10 [ 606.535819][ C1] ret_from_fork+0x4b/0x80 [ 606.535856][ C1] ? __pfx_kthread+0x10/0x10 [ 606.535891][ C1] ret_from_fork_asm+0x1a/0x30 [ 606.535942][ C1] [ 606.535957][ C1] DEBUG: waiting rtnl_mutex for 1052 jiffies. [ 606.552127][ T54] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 606.553139][ C1] task:syz.2.2733 state:D [ 606.561732][ T54] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 606.562389][ C1] stack:24528 pid:13460 tgid:13459 ppid:11558 flags:0x00004004 [ 606.568109][ T54] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 606.571434][ C1] Call Trace: [ 606.576875][ T54] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 606.580835][ C1] [ 606.636894][ C1] __schedule+0x17e8/0x4a20 [ 606.641446][ C1] ? __pfx___schedule+0x10/0x10 [ 606.646353][ C1] ? __pfx_lock_release+0x10/0x10 [ 606.651396][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 606.656907][ C1] ? schedule+0x90/0x320 [ 606.661168][ C1] schedule+0x14b/0x320 [ 606.665375][ C1] schedule_preempt_disabled+0x13/0x30 [ 606.670877][ C1] __mutex_lock+0x6a4/0xd70 [ 606.675421][ C1] ? __mutex_lock+0x527/0xd70 [ 606.680118][ C1] ? rtnetlink_rcv_msg+0x839/0x1170 [ 606.685359][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 606.690414][ C1] ? rtnl_lock+0xe7/0x130 [ 606.694817][ C1] rtnetlink_rcv_msg+0x839/0x1170 [ 606.699913][ C1] ? rtnetlink_rcv_msg+0x208/0x1170 [ 606.705197][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 606.710721][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 606.716141][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 606.721391][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 606.726857][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 606.732295][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 606.737456][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 606.743209][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 606.748372][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 606.753593][ C1] ? kasan_save_track+0x51/0x80 [ 606.758485][ C1] ? do_syscall_64+0xf3/0x230 [ 606.763174][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 606.768329][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 606.773734][ C1] ? ref_tracker_free+0x643/0x7e0 [ 606.778808][ C1] netlink_rcv_skb+0x1e3/0x430 [ 606.783589][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 606.789089][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 606.794409][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 606.799656][ C1] netlink_unicast+0x7f0/0x990 [ 606.804441][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 606.809775][ C1] ? __virt_addr_valid+0x183/0x530 [ 606.814944][ C1] ? __check_object_size+0x49c/0x900 [ 606.820247][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 606.825520][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 606.830321][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 606.835646][ C1] ? __import_iovec+0x536/0x820 [ 606.840512][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 606.845506][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 606.850863][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 606.856379][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 606.861708][ C1] __sock_sendmsg+0x221/0x270 [ 606.866433][ C1] ____sys_sendmsg+0x525/0x7d0 [ 606.871230][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 606.876580][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 606.881200][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 606.886397][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 606.892747][ C1] ? do_syscall_64+0x100/0x230 [ 606.897563][ C1] ? do_syscall_64+0xb6/0x230 [ 606.902259][ C1] do_syscall_64+0xf3/0x230 [ 606.906799][ C1] ? clear_bhb_loop+0x35/0x90 [ 606.911497][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.917485][ C1] RIP: 0033:0x7fef53575b29 [ 606.921946][ C1] RSP: 002b:00007fef54287048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 606.930425][ C1] RAX: ffffffffffffffda RBX: 00007fef53703fa0 RCX: 00007fef53575b29 [ 606.938482][ C1] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 606.946519][ C1] RBP: 00007fef535f6756 R08: 0000000000000000 R09: 0000000000000000 [ 606.954564][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.962571][ C1] R13: 000000000000000b R14: 00007fef53703fa0 R15: 00007ffdb665bab8 [ 606.970631][ C1] [ 606.973663][ C1] [ 606.973663][ C1] Showing all locks held in the system: [ 606.981465][ C1] 2 locks held by getty/4848: [ 606.986175][ C1] #0: ffff88802ad2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 606.995988][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 607.006142][ C1] 3 locks held by kworker/0:4/5132: [ 607.011345][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 607.022400][ C1] #1: ffffc90003fd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 607.033433][ C1] #2: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 607.042486][ C1] 4 locks held by kworker/u8:10/8214: [ 607.047928][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 607.058925][ C1] #1: ffffc900103cfd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 607.069520][ C1] #2: ffffffff8f5eee50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 607.078980][ C1] #3: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: nat_exit_net+0x30/0x100 [ 607.087936][ C1] 1 lock held by syz-executor/13161: [ 607.093229][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 607.102820][ C1] 2 locks held by syz.1.2711/13400: [ 607.108063][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 607.117112][ C1] #1: ffffffff8e33abb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 607.128069][ C1] 1 lock held by syz.4.2712/13402: [ 607.133213][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 607.142285][ C1] 1 lock held by syz.2.2733/13460: [ 607.147456][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 607.157012][ C1] 1 lock held by syz-executor/13487: [ 607.162297][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 607.171840][ C1] 1 lock held by syz-executor/13489: [ 607.177174][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 607.186761][ C1] 2 locks held by syz.3.2747/13497: [ 607.191959][ C1] #0: ffff8880654cf408 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240 [ 607.202242][ C1] #1: ffffffff8e33abb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 607.213191][ C1] 1 lock held by syz.3.2747/13498: [ 607.218337][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 607.227882][ C1] 1 lock held by syz.3.2747/13499: [ 607.233001][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x86e/0x1340 [ 607.241886][ C1] 1 lock held by syz.3.2747/13500: [ 607.247069][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 607.256682][ C1] 1 lock held by syz-executor/13503: [ 607.261971][ C1] #0: ffffffff8f5fb948 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170 [ 607.271527][ C1] [ 607.273859][ C1] ============================================= [ 607.273859][ C1] [ 607.421946][T13498] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2747'. [ 607.431195][T13498] gretap0: entered promiscuous mode [ 607.440193][T13498] netlink: 'syz.3.2747': attribute type 3 has an invalid length. [ 607.451214][T13498] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2747'. [ 607.815368][ T4489] Bluetooth: hci5: command tx timeout [ 607.984978][ T4489] Bluetooth: hci6: command tx timeout [ 608.775678][ T4489] Bluetooth: hci7: command tx timeout [ 609.191220][ T25] ------------[ cut here ]------------ [ 609.197890][ T25] WARNING: CPU: 1 PID: 25 at io_uring/io_uring.c:703 io_cqring_event_overflow+0x442/0x660 [ 609.197940][ T25] Modules linked in: [ 609.197973][ T25] CPU: 1 UID: 0 PID: 25 Comm: kworker/1:0 Not tainted 6.10.0-rc5-next-20240627-syzkaller #0 [ 609.198000][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 609.198016][ T25] Workqueue: events io_fallback_req_func [ 609.198047][ T25] RIP: 0010:io_cqring_event_overflow+0x442/0x660 [ 609.198072][ T25] Code: 0f 95 c0 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ed 1f ee fc 90 0f 0b 90 e9 c5 fc ff ff e8 df 1f ee fc 90 <0f> 0b 90 e9 6e fc ff ff e8 d1 1f ee fc c6 05 59 1d f4 0a 01 90 48 [ 609.198092][ T25] RSP: 0018:ffffc900001f7a08 EFLAGS: 00010293 [ 609.198112][ T25] RAX: ffffffff84a55e81 RBX: 0000000000000000 RCX: ffff8880176f9e00 [ 609.198130][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 609.198144][ T25] RBP: 0000000000000000 R08: ffffffff84a55ae4 R09: 0000000000000000 [ 609.198160][ T25] R10: dffffc0000000000 R11: ffffffff84a98540 R12: ffff8880710ba000 [ 609.198177][ T25] R13: 0000000000000000 R14: ffff8880710ba000 R15: 0000000000000000 [ 609.198992][ T25] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 609.199015][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 609.199031][ T25] CR2: 00007fff12825ca8 CR3: 0000000070752000 CR4: 00000000003506f0 [ 609.199052][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000006800 [ 609.199067][ T25] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 609.199082][ T25] Call Trace: [ 609.199091][ T25] [ 609.199101][ T25] ? __warn+0x168/0x4e0 [ 609.199123][ T25] ? io_cqring_event_overflow+0x442/0x660 [ 609.199149][ T25] ? report_bug+0x2b3/0x500 [ 609.199183][ T25] ? io_cqring_event_overflow+0x442/0x660 [ 609.199213][ T25] ? handle_bug+0x3e/0x70 [ 609.199239][ T25] ? exc_invalid_op+0x1a/0x50 [ 609.199263][ T25] ? asm_exc_invalid_op+0x1a/0x20 [ 609.199297][ T25] ? __pfx_io_msg_tw_complete+0x10/0x10 [ 609.199333][ T25] ? io_cqring_event_overflow+0xa4/0x660 [ 609.199354][ T25] ? io_cqring_event_overflow+0x441/0x660 [ 609.199381][ T25] ? io_cqring_event_overflow+0x442/0x660 [ 609.199407][ T25] ? io_cqring_event_overflow+0x441/0x660 [ 609.199430][ T25] ? io_get_cqe_overflow+0x57f/0x590 [ 609.199459][ T25] io_add_aux_cqe+0x27c/0x320 [ 609.199489][ T25] ? io_fallback_req_func+0x71/0x1c0 [ 609.199521][ T25] ? __pfx_io_add_aux_cqe+0x10/0x10 [ 609.199557][ T25] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 609.199590][ T25] io_msg_tw_complete+0x9d/0x4d0 [ 609.199623][ T25] ? percpu_ref_get_many+0x1f/0x1d0 [ 609.199656][ T25] io_fallback_req_func+0xce/0x1c0 [ 609.199692][ T25] ? process_scheduled_works+0x945/0x1830 [ 609.199722][ T25] process_scheduled_works+0xa2c/0x1830 [ 609.199781][ T25] ? __pfx_process_scheduled_works+0x10/0x10 [ 609.199828][ T25] ? assign_work+0x364/0x3d0 [ 609.199863][ T25] worker_thread+0x86d/0xd40 [ 609.199909][ T25] ? __kthread_parkme+0x169/0x1d0 [ 609.199945][ T25] ? __pfx_worker_thread+0x10/0x10 [ 609.199975][ T25] kthread+0x2f0/0x390 [ 609.200007][ T25] ? __pfx_worker_thread+0x10/0x10 [ 609.200036][ T25] ? __pfx_kthread+0x10/0x10 [ 609.200068][ T25] ret_from_fork+0x4b/0x80 [ 609.200101][ T25] ? __pfx_kthread+0x10/0x10 [ 609.200134][ T25] ret_from_fork_asm+0x1a/0x30 [ 609.200186][ T25] [ 609.200198][ T25] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 609.536184][ T25] CPU: 1 UID: 0 PID: 25 Comm: kworker/1:0 Not tainted 6.10.0-rc5-next-20240627-syzkaller #0 [ 609.546270][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 609.556344][ T25] Workqueue: events io_fallback_req_func [ 609.562017][ T25] Call Trace: [ 609.565316][ T25] [ 609.568265][ T25] dump_stack_lvl+0x241/0x360 [ 609.572969][ T25] ? __pfx_dump_stack_lvl+0x10/0x10 [ 609.578189][ T25] ? __pfx__printk+0x10/0x10 [ 609.582821][ T25] ? vscnprintf+0x5d/0x90 [ 609.587175][ T25] panic+0x349/0x870 [ 609.591097][ T25] ? __warn+0x177/0x4e0 [ 609.595358][ T25] ? __pfx_panic+0x10/0x10 [ 609.599813][ T25] ? ret_from_fork_asm+0x1a/0x30 [ 609.604785][ T25] __warn+0x34b/0x4e0 [ 609.608786][ T25] ? io_cqring_event_overflow+0x442/0x660 [ 609.614527][ T25] report_bug+0x2b3/0x500 [ 609.618904][ T25] ? io_cqring_event_overflow+0x442/0x660 [ 609.624653][ T25] handle_bug+0x3e/0x70 [ 609.628842][ T25] exc_invalid_op+0x1a/0x50 [ 609.633362][ T25] asm_exc_invalid_op+0x1a/0x20 [ 609.638233][ T25] RIP: 0010:io_cqring_event_overflow+0x442/0x660 [ 609.644583][ T25] Code: 0f 95 c0 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ed 1f ee fc 90 0f 0b 90 e9 c5 fc ff ff e8 df 1f ee fc 90 <0f> 0b 90 e9 6e fc ff ff e8 d1 1f ee fc c6 05 59 1d f4 0a 01 90 48 [ 609.664256][ T25] RSP: 0018:ffffc900001f7a08 EFLAGS: 00010293 [ 609.670345][ T25] RAX: ffffffff84a55e81 RBX: 0000000000000000 RCX: ffff8880176f9e00 [ 609.678337][ T25] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 609.686324][ T25] RBP: 0000000000000000 R08: ffffffff84a55ae4 R09: 0000000000000000 [ 609.694309][ T25] R10: dffffc0000000000 R11: ffffffff84a98540 R12: ffff8880710ba000 [ 609.702294][ T25] R13: 0000000000000000 R14: ffff8880710ba000 R15: 0000000000000000 [ 609.710291][ T25] ? __pfx_io_msg_tw_complete+0x10/0x10 [ 609.715887][ T25] ? io_cqring_event_overflow+0xa4/0x660 [ 609.721540][ T25] ? io_cqring_event_overflow+0x441/0x660 [ 609.727288][ T25] ? io_cqring_event_overflow+0x441/0x660 [ 609.733020][ T25] ? io_get_cqe_overflow+0x57f/0x590 [ 609.738324][ T25] io_add_aux_cqe+0x27c/0x320 [ 609.743021][ T25] ? io_fallback_req_func+0x71/0x1c0 [ 609.748334][ T25] ? __pfx_io_add_aux_cqe+0x10/0x10 [ 609.753559][ T25] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 609.759566][ T25] io_msg_tw_complete+0x9d/0x4d0 [ 609.764527][ T25] ? percpu_ref_get_many+0x1f/0x1d0 [ 609.769745][ T25] io_fallback_req_func+0xce/0x1c0 [ 609.774883][ T25] ? process_scheduled_works+0x945/0x1830 [ 609.780623][ T25] process_scheduled_works+0xa2c/0x1830 [ 609.786218][ T25] ? __pfx_process_scheduled_works+0x10/0x10 [ 609.792236][ T25] ? assign_work+0x364/0x3d0 [ 609.796856][ T25] worker_thread+0x86d/0xd40 [ 609.801480][ T25] ? __kthread_parkme+0x169/0x1d0 [ 609.806531][ T25] ? __pfx_worker_thread+0x10/0x10 [ 609.811665][ T25] kthread+0x2f0/0x390 [ 609.815766][ T25] ? __pfx_worker_thread+0x10/0x10 [ 609.820899][ T25] ? __pfx_kthread+0x10/0x10 [ 609.825511][ T25] ret_from_fork+0x4b/0x80 [ 609.829945][ T25] ? __pfx_kthread+0x10/0x10 [ 609.834569][ T25] ret_from_fork_asm+0x1a/0x30 [ 609.839371][ T25] [ 609.842706][ T25] Kernel Offset: disabled [ 609.847185][ T25] Rebooting in 86400 seconds..