last executing test programs: 55.771760802s ago: executing program 1 (id=6): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x9}}, {{@in=@dev={0xac, 0x14, 0x14, 0x1d}, 0x4d3, 0x6c}, 0x0, @in=@broadcast}}, 0xe8) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_emit_ethernet(0x3e, &(0x7f00000002c0)={@local, @random="f368656e065b", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x2, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x90, 0x7f, {0x5, 0x4, 0x2, 0x24, 0x5, 0x67, 0x3ff, 0xa7, 0x5c, 0x8, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x34}}}}}}}, 0x0) 50.656011736s ago: executing program 0 (id=7): unshare(0x2040600) r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) flock(r0, 0x5) 49.129979911s ago: executing program 1 (id=8): r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0xfffc, 0x0, @empty, 0x7ff}, 0x1c) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) 45.944553049s ago: executing program 0 (id=9): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', 0x0}) r4 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$can_raw(r4, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r3}, 0x10, &(0x7f0000000880)={&(0x7f0000000180)=@can={{0x2, 0x1}, 0x6, 0x3, 0x0, 0x0, "aacda1cfd0185b43"}, 0x10}}, 0x14) 44.543051179s ago: executing program 1 (id=10): r0 = syz_usb_connect$cdc_ncm(0x2, 0x74, &(0x7f0000000140)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62, 0x2, 0x1, 0x0, 0x30, 0xaa, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x40}, {0xd, 0x24, 0xf, 0x1, 0x1061bd2d, 0x4, 0x2, 0x81}, {0x6, 0x24, 0x1a, 0x5, 0x34}, [@country_functional={0x6, 0x24, 0x7, 0x7, 0x6}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x6, 0x8, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xb8, 0xd, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x10, 0x6, 0x8}}}}}}}]}}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x400) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000004080)={0x44, 0x0, 0x0, 0x0, &(0x7f0000003f40)={0x20, 0x80, 0x1c, {0x8b, 0x4, 0x401, 0xf5, 0x401, 0x4, 0x5, 0x5, 0x9, 0x7, 0x6, 0x3}}, 0x0, 0x0, 0x0, 0x0}) 40.546310427s ago: executing program 0 (id=11): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000180)={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x47}}, 0x12, {0x2, 0x4e23, @multicast2}, 'team_slave_1\x00'}) 33.316364936s ago: executing program 0 (id=12): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0xdf2, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x71, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000000)={0x20, 0x18, 0x7, {0x7, 0xd, "a18265cc32"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001000)={0x84, &(0x7f0000000b80)=ANY=[@ANYBLOB="0030c600"], 0x0, 0x0, &(0x7f0000000cc0)={0x20, 0x0, 0x4, {0x1, 0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 24.731226652s ago: executing program 1 (id=13): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000040), &(0x7f0000000080)='%pB \x00'}, 0x20) r2 = socket(0x11, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="020114000129184ad4a08058195c6014000000110600ac141414e0ecff02808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1, 0x0, 0x0, 0x4008084}, 0x10) 17.665982193s ago: executing program 1 (id=14): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet(0x2, 0x2, 0x1) syz_open_procfs(0x0, &(0x7f0000000080)='net/vlan/config\x00') r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000300)=""/180}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x2, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000002100)="0800a9fc0da6b30a", 0x8}], 0x1, &(0x7f0000001d00)=ANY=[@ANYBLOB="18000000000000000000000007000000890704ac1414aa0011000000000000000000000001"], 0x30}, 0x0) 14.719639129s ago: executing program 0 (id=15): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r3}, 0x10) close(r0) 9.599314543s ago: executing program 1 (id=16): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 0s ago: executing program 0 (id=17): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet(0x2, 0x1, 0x0) listen(r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xffff, 0x20000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x7b53a000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080), 0x18) r7 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x480, 0x2a0, 0x268, 0x300, 0x0, 0x268, 0x3b0, 0x460, 0x460, 0x3b0, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x240, 0x2a0, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x9}}}, @common=@unspec=@limit={{0x48}, {0xfff, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x2}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@loopback, [0x0, 0xffffff00, 0xffffffff, 0xff000000], 0x4e22, 0x4e22, 0x4e21, 0x4e21, 0xd9, 0x1, 0x5, 0x5b, 0x6}}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x2, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4e0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000001000010a00"/20, @ANYRES32=0x0, @ANYBLOB="1000edb612f30000280012800b0001006d616373656300001800028005000300100000000c0004000100000100028000f18e876729ec05fb1f200100c28000"], 0x48}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:27810' (ED25519) to the list of known hosts. syzkaller login: [ 535.986100][ T3220] cgroup: Unknown subsys name 'net' [ 536.737637][ T3220] cgroup: Unknown subsys name 'cpuset' [ 536.966512][ T3220] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 629.021932][ T3220] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 762.957394][ T3227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 763.246108][ T3227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 768.127530][ T3231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 768.573513][ T3231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 783.015172][ T3227] hsr_slave_0: entered promiscuous mode [ 783.425278][ T3227] hsr_slave_1: entered promiscuous mode [ 788.864400][ T3231] hsr_slave_0: entered promiscuous mode [ 789.304960][ T3231] hsr_slave_1: entered promiscuous mode [ 789.354898][ T3231] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 789.375294][ T3231] Cannot create hsr debugfs directory [ 798.913971][ T3227] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 799.146854][ T3227] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 799.652241][ T3227] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 800.162167][ T3227] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 801.976643][ T3231] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 802.248464][ T3231] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 802.788516][ T3231] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 802.974280][ T3231] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 822.200773][ T3227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 827.194487][ T3231] 8021q: adding VLAN 0 to HW filter on device bond0 [ 891.844898][ T3227] veth0_vlan: entered promiscuous mode [ 892.920346][ T3227] veth1_vlan: entered promiscuous mode [ 896.385827][ T3227] veth0_macvtap: entered promiscuous mode [ 896.705600][ T3227] veth1_macvtap: entered promiscuous mode [ 899.998672][ T3231] veth0_vlan: entered promiscuous mode [ 900.943110][ T3227] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 900.947036][ T3227] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 900.984247][ T3227] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 900.987140][ T3227] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 901.404461][ T3231] veth1_vlan: entered promiscuous mode [ 905.436705][ T3231] veth0_macvtap: entered promiscuous mode [ 905.796976][ T3231] veth1_macvtap: entered promiscuous mode [ 907.945661][ T3231] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.948439][ T3231] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.985423][ T3231] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.988067][ T3231] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 909.186896][ T3227] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 918.695772][ T24] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 919.453047][ T24] usb 1-1: unable to get BOS descriptor or descriptor too short [ 919.526029][ T24] usb 1-1: not running at top speed; connect to a high speed hub [ 919.817504][ T24] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 919.985797][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 919.988780][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 919.994334][ T24] usb 1-1: Product: syz [ 919.996280][ T24] usb 1-1: Manufacturer: syz [ 919.998437][ T24] usb 1-1: SerialNumber: syz [ 922.596863][ T3936] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 924.243465][ T24] cdc_ncm 1-1:1.0: SET_CRC_MODE failed [ 924.277500][ T24] cdc_ncm 1-1:1.0: bind() failure [ 924.531884][ T24] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 924.533529][ T24] cdc_ncm 1-1:1.1: bind() failure [ 924.745375][ T24] usb 1-1: USB disconnect, device number 2 [ 930.283216][ T3960] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 940.532116][ T35] audit: type=1326 audit(939.440:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 940.536955][ T35] audit: type=1326 audit(939.460:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 940.671990][ T35] audit: type=1326 audit(939.560:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 940.710487][ T35] audit: type=1326 audit(939.640:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 940.760521][ T35] audit: type=1326 audit(939.670:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 940.811201][ T35] audit: type=1326 audit(939.710:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 940.891559][ T35] audit: type=1326 audit(939.820:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 940.903335][ T35] audit: type=1326 audit(939.840:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 940.918844][ T35] audit: type=1326 audit(939.850:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=280 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 941.051117][ T35] audit: type=1326 audit(939.980:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3965 comm="syz.0.7" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb92 code=0x7ffc0000 [ 947.501363][ T36] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 948.078432][ T36] usb 2-1: unable to get BOS descriptor or descriptor too short [ 948.123810][ T36] usb 2-1: not running at top speed; connect to a high speed hub [ 948.356265][ T36] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 948.622134][ T36] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 948.623964][ T36] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 948.625988][ T36] usb 2-1: Product: syz [ 948.628301][ T36] usb 2-1: Manufacturer: syz [ 948.636746][ T36] usb 2-1: SerialNumber: syz [ 950.131893][ T3972] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 952.007449][ T36] cdc_ncm 2-1:1.0: SET_CRC_MODE failed [ 952.034681][ T36] cdc_ncm 2-1:1.0: bind() failure [ 952.372868][ T36] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 952.375738][ T36] cdc_ncm 2-1:1.1: bind() failure [ 952.768800][ T36] usb 2-1: USB disconnect, device number 2 [ 958.482822][ T36] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 958.762208][ T36] usb 1-1: Using ep0 maxpacket: 16 [ 958.897168][ T36] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 958.902998][ T36] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 958.906388][ T36] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00 [ 958.923204][ T36] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 959.458313][ T36] usb 1-1: config 0 descriptor?? [ 962.646199][ T36] playstation 0003:054C:0DF2.0001: hidraw0: USB HID v0.09 Device [HID 054c:0df2] on usb-dummy_hcd.0-1/input0 [ 962.854518][ T36] playstation 0003:054C:0DF2.0001: Invalid reportID received, expected 9 got 0 [ 962.858539][ T36] playstation 0003:054C:0DF2.0001: Failed to retrieve DualSense pairing info: -22 [ 962.884032][ T36] playstation 0003:054C:0DF2.0001: Failed to get MAC address from DualSense [ 962.886551][ T36] playstation 0003:054C:0DF2.0001: Failed to create dualsense. [ 963.242922][ T36] playstation 0003:054C:0DF2.0001: probe with driver playstation failed with error -22 [ 963.607560][ T36] usb 1-1: USB disconnect, device number 3 [ 996.333085][ T4027] Unable to handle kernel paging request at virtual address 235ba17f9123a408 [ 996.335328][ T4027] [ 996.335496][ T4027] ====================================================== [ 996.335624][ T4027] WARNING: possible circular locking dependency detected [ 996.336097][ T4027] 6.16.0-rc7-syzkaller-g7b388bf7a9d9 #0 Not tainted [ 996.336475][ T4027] ------------------------------------------------------ [ 996.336603][ T4027] syz.1.16/4027 is trying to acquire lock: [ 996.336824][ T4027] ffffffff884e8200 (console_owner){....}-{0:0}, at: console_lock_spinning_enable+0x9a/0xd6 [ 996.339083][ T4027] [ 996.339083][ T4027] but task is already holding lock: [ 996.339201][ T4027] ffffaf806ed1d098 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x314/0x4088 [ 996.340130][ T4027] [ 996.340130][ T4027] which lock already depends on the new lock. [ 996.340130][ T4027] [ 996.340251][ T4027] [ 996.340251][ T4027] the existing dependency chain (in reverse order) is: [ 996.340390][ T4027] [ 996.340390][ T4027] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 996.340928][ T4027] lock_acquire+0x1ac/0x448 [ 996.341469][ T4027] _raw_spin_lock_nested+0x36/0x4e [ 996.341904][ T4027] task_rq_lock+0xea/0x3be [ 996.342348][ T4027] cgroup_move_task+0x86/0x1f4 [ 996.342762][ T4027] css_set_move_task+0x1da/0x446 [ 996.343108][ T4027] cgroup_post_fork+0x16c/0x816 [ 996.343501][ T4027] copy_process+0x51ae/0x62e4 [ 996.343795][ T4027] kernel_clone+0x128/0xe1e [ 996.344074][ T4027] user_mode_thread+0xd4/0x110 [ 996.344365][ T4027] rest_init+0x34/0x2e6 [ 996.344883][ T4027] console_on_rootfs+0x0/0x96 [ 996.345475][ T4027] [ 996.345475][ T4027] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 996.345981][ T4027] lock_acquire+0x1ac/0x448 [ 996.346308][ T4027] _raw_spin_lock_irqsave+0x3e/0x62 [ 996.346694][ T4027] try_to_wake_up+0xb8/0xfcc [ 996.347019][ T4027] default_wake_function+0x30/0x58 [ 996.347363][ T4027] woken_wake_function+0x38/0x64 [ 996.347661][ T4027] __wake_up_common+0x106/0x184 [ 996.348143][ T4027] __wake_up+0x32/0x58 [ 996.348429][ T4027] tty_wakeup+0x60/0xfc [ 996.348917][ T4027] tty_port_default_wakeup+0x2c/0x44 [ 996.349410][ T4027] tty_port_tty_wakeup+0x52/0x72 [ 996.349756][ T4027] uart_write_wakeup+0x40/0x5e [ 996.350051][ T4027] serial8250_tx_chars+0x5f8/0x7a6 [ 996.350524][ T4027] serial8250_handle_irq+0x648/0x938 [ 996.351017][ T4027] serial8250_default_handle_irq+0x80/0xe4 [ 996.351523][ T4027] serial8250_interrupt+0xda/0x1ee [ 996.351975][ T4027] __handle_irq_event_percpu+0x268/0xb38 [ 996.352482][ T4027] handle_irq_event+0xb4/0x1ee [ 996.352973][ T4027] handle_fasteoi_irq+0x32c/0xd5a [ 996.353397][ T4027] handle_irq_desc+0xfc/0x140 [ 996.353882][ T4027] generic_handle_domain_irq+0x2a/0x36 [ 996.354380][ T4027] plic_handle_irq+0x17a/0x3c8 [ 996.355052][ T4027] handle_irq_desc+0xfc/0x140 [ 996.355983][ T4027] generic_handle_domain_irq+0x2a/0x36 [ 996.356918][ T4027] riscv_intc_irq+0x4a/0xcc [ 996.357694][ T4027] handle_riscv_irq+0x2e/0x4c [ 996.358423][ T4027] call_on_irq_stack+0x32/0x40 [ 996.359264][ T4027] [ 996.359264][ T4027] -> #2 (&tty->write_wait){-.-.}-{3:3}: [ 996.360165][ T4027] lock_acquire+0x1ac/0x448 [ 996.360603][ T4027] _raw_spin_lock_irqsave+0x3e/0x62 [ 996.360989][ T4027] __wake_up+0x22/0x58 [ 996.361380][ T4027] tty_wakeup+0x60/0xfc [ 996.361780][ T4027] tty_port_default_wakeup+0x2c/0x44 [ 996.362184][ T4027] tty_port_tty_wakeup+0x52/0x72 [ 996.362520][ T4027] uart_write_wakeup+0x40/0x5e [ 996.362829][ T4027] serial8250_tx_chars+0x5f8/0x7a6 [ 996.363307][ T4027] serial8250_handle_irq+0x648/0x938 [ 996.363804][ T4027] serial8250_default_handle_irq+0x80/0xe4 [ 996.364315][ T4027] serial8250_interrupt+0xda/0x1ee [ 996.364717][ T4027] __handle_irq_event_percpu+0x268/0xb38 [ 996.365273][ T4027] handle_irq_event+0xb4/0x1ee [ 996.365792][ T4027] handle_fasteoi_irq+0x32c/0xd5a [ 996.366151][ T4027] handle_irq_desc+0xfc/0x140 [ 996.366606][ T4027] generic_handle_domain_irq+0x2a/0x36 [ 996.367111][ T4027] plic_handle_irq+0x17a/0x3c8 [ 996.367589][ T4027] handle_irq_desc+0xfc/0x140 [ 996.368056][ T4027] generic_handle_domain_irq+0x2a/0x36 [ 996.368543][ T4027] riscv_intc_irq+0x4a/0xcc [ 996.368952][ T4027] handle_riscv_irq+0x2e/0x4c [ 996.369380][ T4027] call_on_irq_stack+0x32/0x40 [ 996.369840][ T4027] [ 996.369840][ T4027] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 996.370347][ T4027] lock_acquire+0x1ac/0x448 [ 996.370683][ T4027] _raw_spin_lock_irqsave+0x3e/0x62 [ 996.371070][ T4027] uart_port_lock_irqsave+0x2a/0x2b6 [ 996.371543][ T4027] serial8250_console_write+0x1ae/0x15d4 [ 996.372121][ T4027] univ8250_console_write+0x70/0x9c [ 996.372528][ T4027] console_flush_all+0x7bc/0xb70 [ 996.372908][ T4027] console_unlock+0x108/0x22e [ 996.373303][ T4027] vprintk_emit+0x476/0x784 [ 996.373684][ T4027] vprintk_default+0x26/0x32 [ 996.374062][ T4027] vprintk+0x20/0x2c [ 996.374435][ T4027] _printk+0x98/0xc4 [ 996.374785][ T4027] register_console+0x9a2/0xf30 [ 996.375164][ T4027] serial_core_register_port+0x1f6e/0x2058 [ 996.375543][ T4027] serial_ctrl_register_port+0x20/0x2c [ 996.375937][ T4027] uart_add_one_port+0x20/0x2c [ 996.376302][ T4027] serial8250_register_8250_port+0x12cc/0x2072 [ 996.376751][ T4027] of_platform_serial_probe+0x724/0xb42 [ 996.377089][ T4027] platform_probe+0xfa/0x1e8 [ 996.377481][ T4027] really_probe+0x236/0x9c2 [ 996.377769][ T4027] __driver_probe_device+0x1d4/0x3f2 [ 996.378076][ T4027] driver_probe_device+0x60/0x1ce [ 996.378377][ T4027] __driver_attach+0x250/0x4ee [ 996.378680][ T4027] bus_for_each_dev+0x124/0x1ba [ 996.379149][ T4027] driver_attach+0x3e/0x52 [ 996.379677][ T4027] bus_add_driver+0x29e/0x5e6 [ 996.380170][ T4027] driver_register+0x18e/0x3ee [ 996.380479][ T4027] __platform_driver_register+0x5e/0x7e [ 996.380874][ T4027] of_platform_serial_driver_init+0x22/0x2a [ 996.381443][ T4027] do_one_initcall+0x1b0/0xb76 [ 996.381784][ T4027] kernel_init_freeable+0x6e4/0x790 [ 996.382231][ T4027] kernel_init+0x28/0x24c [ 996.382734][ T4027] ret_from_fork_kernel+0x2a/0xbec [ 996.383128][ T4027] ret_from_fork_kernel_asm+0x16/0x18 [ 996.383544][ T4027] [ 996.383544][ T4027] -> #0 (console_owner){....}-{0:0}: [ 996.384048][ T4027] check_noncircular+0x132/0x146 [ 996.384368][ T4027] __lock_acquire+0x12a0/0x24d8 [ 996.384700][ T4027] lock_acquire+0x1ac/0x448 [ 996.385015][ T4027] console_lock_spinning_enable+0xc0/0xd6 [ 996.385624][ T4027] console_flush_all+0x772/0xb70 [ 996.386480][ T4027] console_unlock+0x108/0x22e [ 996.387199][ T4027] vprintk_emit+0x476/0x784 [ 996.387902][ T4027] vprintk_default+0x26/0x32 [ 996.388583][ T4027] vprintk+0x20/0x2c [ 996.389297][ T4027] _printk+0x98/0xc4 [ 996.389912][ T4027] die_kernel_fault+0x3e/0x7f0 [ 996.390729][ T4027] handle_page_fault+0x9dc/0x1388 [ 996.391433][ T4027] do_page_fault+0x20/0x56 [ 996.391839][ T4027] handle_exception+0x15e/0x16a [ 996.392299][ T4027] bpf_prog_67a7f92a6a5e5f13+0x62/0x7c [ 996.393194][ T4027] [ 996.393194][ T4027] other info that might help us debug this: [ 996.393194][ T4027] [ 996.393364][ T4027] Chain exists of: [ 996.393364][ T4027] console_owner --> &p->pi_lock --> &rq->__lock [ 996.393364][ T4027] [ 996.394033][ T4027] Possible unsafe locking scenario: [ 996.394033][ T4027] [ 996.394142][ T4027] CPU0 CPU1 [ 996.394242][ T4027] ---- ---- [ 996.394349][ T4027] lock(&rq->__lock); [ 996.394659][ T4027] lock(&p->pi_lock); [ 996.394940][ T4027] lock(&rq->__lock); [ 996.395237][ T4027] lock(console_owner); [ 996.395515][ T4027] [ 996.395515][ T4027] *** DEADLOCK *** [ 996.395515][ T4027] [ 996.395646][ T4027] 8 locks held by syz.1.16/4027: [ 996.395940][ T4027] #0: ffffffff88660188 (tracepoints_mutex){+.+.}-{4:4}, at: tracepoint_probe_register_prio_may_exist+0xa6/0x10a [ 996.397090][ T4027] #1: ffffffff8847d590 (cpu_hotplug_lock){++++}-{0:0}, at: cpus_read_lock+0x14/0x1c [ 996.398099][ T4027] #2: ffffffff88705b28 (jump_label_mutex){+.+.}-{4:4}, at: static_key_enable_cpuslocked+0xd4/0x28e [ 996.399018][ T4027] #3: ffffffff8849b8a8 (text_mutex){+.+.}-{4:4}, at: arch_jump_label_transform_queue+0x192/0x312 [ 996.400015][ T4027] #4: ffffaf806ed1d098 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x314/0x4088 [ 996.401002][ T4027] #5: ffffffff885dbd80 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x20a/0x70c [ 996.402102][ T4027] #6: ffffffff884e7e00 (console_lock){+.+.}-{0:0}, at: vprintk_default+0x26/0x32 [ 996.403042][ T4027] #7: ffffffff884e8050 (console_srcu){....}-{0:0}, at: console_flush_all+0x114/0xb70 [ 996.403989][ T4027] [ 996.403989][ T4027] stack backtrace: [ 996.404539][ T4027] CPU: 1 UID: 0 PID: 4027 Comm: syz.1.16 Not tainted 6.16.0-rc7-syzkaller-g7b388bf7a9d9 #0 PREEMPT [ 996.405033][ T4027] Hardware name: riscv-virtio,qemu (DT) [ 996.405503][ T4027] Call Trace: [ 996.405693][ T4027] [] dump_backtrace+0x2e/0x3c [ 996.406233][ T4027] [] show_stack+0x30/0x3c [ 996.406599][ T4027] [] dump_stack_lvl+0x12e/0x1a6 [ 996.406974][ T4027] [] dump_stack+0x1c/0x24 [ 996.407318][ T4027] [] print_circular_bug+0x254/0x29a [ 996.407707][ T4027] [] check_noncircular+0x132/0x146 [ 996.408086][ T4027] [] __lock_acquire+0x12a0/0x24d8 [ 996.408470][ T4027] [] lock_acquire+0x1ac/0x448 [ 996.408857][ T4027] [] console_lock_spinning_enable+0xc0/0xd6 [ 996.409371][ T4027] [] console_flush_all+0x772/0xb70 [ 996.409818][ T4027] [] console_unlock+0x108/0x22e [ 996.410238][ T4027] [] vprintk_emit+0x476/0x784 [ 996.410675][ T4027] [] vprintk_default+0x26/0x32 [ 996.411109][ T4027] [] vprintk+0x20/0x2c [ 996.411531][ T4027] [] _printk+0x98/0xc4 [ 996.411988][ T4027] [] die_kernel_fault+0x3e/0x7f0 [ 996.412508][ T4027] [] handle_page_fault+0x9dc/0x1388 [ 996.413042][ T4027] [] do_page_fault+0x20/0x56 [ 996.413565][ T4027] [] handle_exception+0x15e/0x16a [ 996.414064][ T4027] [] bpf_prog_67a7f92a6a5e5f13+0x62/0x7c [ 996.618713][ T4027] Current syz.1.16 pgtable: 4K pagesize, 48-bit VAs, pgdp=0x00000000a1a90000 [ 996.620344][ T4027] [235ba17f9123a408] pgd=000000002460b401, p4d=000000002460b401, pud=0000000000000000 [ 996.622907][ T4027] Oops [#1] [ 996.623883][ T4027] Modules linked in: [ 996.626164][ T4027] CPU: 1 UID: 0 PID: 4027 Comm: syz.1.16 Not tainted 6.16.0-rc7-syzkaller-g7b388bf7a9d9 #0 PREEMPT [ 996.629031][ T4027] Hardware name: riscv-virtio,qemu (DT) [ 996.630486][ T4027] epc : bpf_prog_67a7f92a6a5e5f13+0x62/0x7c [ 996.631679][ T4027] ra : bpf_trace_run4+0x2a6/0x70c [ 996.632990][ T4027] epc : ffffffff78000076 ra : ffffffff80595fb0 sp : ffff8f80046b7180 [ 996.634344][ T4027] gp : ffffffff89e816e0 tp : ffffaf8011991a40 t0 : 0000000000000000 [ 996.635624][ T4027] t1 : 235ba17f9123a408 t2 : ffffffff9123a400 s0 : ffff8f80046b71b0 [ 996.636900][ T4027] s1 : ffff8f80046b7280 a0 : ffffaf80123179d8 a1 : ffff8f80046b7188 [ 996.638242][ T4027] a2 : 0000000000000008 a3 : 0000000000000000 a4 : 1ffff1f0001bf206 [ 996.639541][ T4027] a5 : ffffffff17b0a000 a6 : 0000000000000021 a7 : ffffffff80595f14 [ 996.640913][ T4027] s2 : 1ffff1f0008d6e3c s3 : 0000000000000000 s4 : ffffffff9123a400 [ 996.642263][ T4027] s5 : ffff8f80046b7190 s6 : 0000000000000001 s7 : 1ffff1f0001bf205 [ 996.643603][ T4027] s8 : ffff8f8000df9028 s9 : ffff8f80046b7200 s10: 0000000000000001 [ 996.644843][ T4027] s11: 0000000000000000 t3 : ca76b45d00000000 t4 : 0000000000001fff [ 996.646220][ T4027] t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000 [ 996.647541][ T4027] status: 0000000200000100 badaddr: 235ba17f9123a408 cause: 000000000000000d [ 996.648989][ T4027] [] bpf_prog_67a7f92a6a5e5f13+0x62/0x7c [ 996.650520][ T4027] [] bpf_trace_run4+0x2a6/0x70c [ 996.651963][ T4027] [] __bpf_trace_sched_switch+0x14/0x1c [ 996.653344][ T4027] [] __schedule+0x1372/0x4088 [ 996.654807][ T4027] [] preempt_schedule+0xd2/0x1e2 [ 996.656212][ T4027] [] __patch_insn_write+0xb7c/0xd88 [ 996.657706][ T4027] [] patch_insn_write+0x78/0xb4 [ 996.659045][ T4027] [] arch_jump_label_transform_queue+0x19e/0x312 [ 996.661776][ T4027] [] __jump_label_update+0x11c/0x3ee [ 996.664280][ T4027] [] jump_label_update+0x322/0x52c [ 996.666107][ T4027] [] static_key_enable_cpuslocked+0x1e4/0x28e [ 996.667609][ T4027] [] static_key_enable+0x22/0x34 [ 996.668887][ T4027] [] tracepoint_add_func+0x812/0xa26 [ 996.670306][ T4027] [] tracepoint_probe_register_prio_may_exist+0xbe/0x10a [ 996.671871][ T4027] [] bpf_probe_register+0x150/0x1c2 [ 996.673309][ T4027] [] bpf_raw_tp_link_attach+0x27c/0x538 [ 996.674620][ T4027] [] __sys_bpf+0x14ba/0x419e [ 996.675763][ T4027] [] __riscv_sys_bpf+0x6c/0xc6 [ 996.676949][ T4027] [] syscall_handler+0x94/0x118 [ 996.678393][ T4027] [] do_trap_ecall_u+0x396/0x530 [ 996.679791][ T4027] [] handle_exception+0x15e/0x16a [ 996.681746][ T4027] Code: 97aa 639c 3303 00c2 a397 1923 8393 3963 6333 2073 (3303) 0003 [ 996.683494][ T4027] ---[ end trace 0000000000000000 ]--- [ 996.685078][ T4027] Kernel panic - not syncing: Fatal exception [ 996.686694][ T4027] SMP: stopping secondary CPUs [ 1000.889711][ T4027] SMP: failed to stop secondary CPUs 0-1 [ 1000.892467][ T4027] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:57:53 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff864229b4 mhartid 0000000000000000 mstatus 0000000a000001a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000220 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff864261a0 vstvec 0000000000000000 mepc ffffffff80091e3a sepc ffffffff850ffd22 vsepc 0000000000000000 mcause 0000000000000009 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 000000008004a000 sscratch 0000000000000000 satp 901f5000000a1a90 x0/zero 0000000000000000 x1/ra ffffffff8642293a x2/sp ffff8f8000007700 x3/gp ffffffff89e816e0 x4/tp ffffaf8018efb480 x5/t0 ffff8f8000007680 x6/t1 fffff5ef0dda3a10 x7/t2 1ffff1f000000ef8 x8/s0 ffff8f8000007840 x9/s1 0000000000000000 x10/a0 0000000000000001 x11/a1 0000000000000004 x12/a2 0000000000000001 x13/a3 0000000000000000 x14/a4 ffffaf806ed1d080 x15/a5 0000000000000001 x16/a6 fffff5ef0dda3a11 x17/a7 ffffaf806ed1d083 x18/s2 fffff5ef0dda3a10 x19/s3 ffffaf806ed1d080 x20/s4 1ffff5f00dda3a10 x21/s5 1ffff1f000000ee8 x22/s6 00000000000000ff x23/s7 0000000000000000 x24/s8 0000000000000000 x25/s9 0000000000000001 x26/s10 ffffaf8018efb480 x27/s11 ffffaf806ed1d080 x28/t3 0000000000000001 x29/t4 fffff5ef0dda3a10 x30/t5 fffff5ef0dda3a11 x31/t6 1ffff5f00dd9cab1 fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff804f7e06 mhartid 0000000000000001 mstatus 0000000a00000180 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000020 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff864261a0 vstvec 0000000000000000 mepc ffffffff804f7dbe sepc ffffffff78000076 vsepc 0000000000000000 mcause 8000000000000003 scause 000000000000000d vscause 0000000000000000 mtval 0000000000000000 stval 235ba17f9123a408 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080048000 sscratch 0000000000000000 satp 901f5000000a1a90 x0/zero 0000000000000000 x1/ra ffffffff8030a606 x2/sp ffff8f80046b6a80 x3/gp ffffffff89e816e0 x4/tp ffffaf8011991a40 x5/t0 2000000000000000 x6/t1 0000000000000057 x7/t2 203a474e494e5241 x8/s0 ffff8f80046b6c20 x9/s1 ffffffff88d01f80 x10/a0 0000000000000001 x11/a1 ffffaf8011992a40 x12/a2 0000000000000000 x13/a3 0000000000080000 x14/a4 ffff8f8009488850 x15/a5 000000000028a850 x16/a6 0000000000000008 x17/a7 0000000000000038 x18/s2 1ffffffff11a03fb x19/s3 0000000200000100 x20/s4 0000000000000000 x21/s5 0000000000000000 x22/s6 ffff8f80046b6b40 x23/s7 ffffffff88d01fd8 x24/s8 1ffffffff11a03fc x25/s9 ffffffff88d01fe0 x26/s10 dfffffff00000000 x27/s11 ffff8f80046b6ba0 x28/t3 ffffffff91043ff7 x29/t4 ffffffff91043ff7 x30/t5 ffffffff91043ff8 x31/t6 ffffffff91043ff7 fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000