last executing test programs: 1m44.794470014s ago: executing program 0 (id=1): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) mmap(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x3000005, 0x13, r0, 0x0) 1m44.638077732s ago: executing program 0 (id=5): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(r0, r1, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x24, r2, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x1}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) 1m44.438779184s ago: executing program 0 (id=6): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0}) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000005180)={0x2020}, 0x2020) 1m44.178241514s ago: executing program 0 (id=7): userfaultfd(0x80001) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x2, {0x2, 0x0, 0x1}, 0xfd}, 0x18) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[], 0x28}}, 0x44001) syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x2ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40010) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffffe) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0xf) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1) 1m43.368308196s ago: executing program 3 (id=4): r0 = socket$kcm(0x10, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000180)=@ethtool_pauseparam={0x13, 0x0, 0x5bed, 0x7}}) 1m43.069055418s ago: executing program 3 (id=8): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000002340)={'veth0_to_team\x00', &(0x7f0000001300)=@ethtool_eeprom={0x43, 0x80000001, 0x339}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001600)=ANY=[@ANYRES32=r1, @ANYBLOB="7600d3ee1d31b7bbbffb9f9a05000000ff697d50cffa3777d95851d3dd482df2a644c155f5c182adb11fceca99d9634b326ed97f4b3e2806abefcdbc8bdf57c793468f33eb90889e8578d71fb7356a30fe6a6ef6d0c37206b849b312ce9596cec21f9bb9206efa8a32941978c69cdde470d80071c4375f364c1bf758db93bf4d2e55e6a76aa113f103fef65bb159943c9a6eaafe2ef9dcef70390d3749de2d4ca8a23a7004076881f0c0920707b33fc4f0ee667a1ae4dbd543b69114adfaec50f72e6dd5119fee51b3af2d78e185"], 0x1c}, 0x1, 0x0, 0x0, 0x20044801}, 0x2004c094) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280), 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0}, 0x1, 0x0, 0x0, 0x4000080}, 0x40c8) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050) 1m42.903608812s ago: executing program 0 (id=9): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x1e0) r0 = syz_usbip_server_init(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000) sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000014000000000000000000000000a60000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a300000000034000480300001800a0001006d617463680000002000028005000300000000000b000100736f636b65740000082f024000000002"], 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0) ppoll(&(0x7f0000000000)=[{r0, 0x281}], 0x1, &(0x7f0000000040)={0x0, 0x989680}, &(0x7f0000000080)={[0x74]}, 0x8) fsopen(&(0x7f00000000c0)='qnx4\x00', 0x1) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r2, 0x5607, 0x2c) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_MOVE(r3, 0xc028aa05, &(0x7f00000001c0)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x2000}) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000000000000200000014000200626f6e64"], 0x34}, 0x1, 0x0, 0x0, 0x40488a0}, 0x800) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r8 = dup(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) ioctl$TIOCL_SETVESABLANK(r5, 0x560e, &(0x7f0000000140)) ioctl$VT_ACTIVATE(r5, 0x5606, 0x2) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) creat(&(0x7f0000000040)='./file0\x00', 0x4) socket$netlink(0x10, 0x3, 0x7) ioctl$TIOCL_BLANKSCREEN(r9, 0x541c, &(0x7f0000000000)) 1m42.813132817s ago: executing program 3 (id=10): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xb4, 0x4) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, 0x0, &(0x7f0000000100)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r6, &(0x7f00000000c0)={0x1d, r7}, 0x10) sendmsg$can_bcm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r5, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$can_bcm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x38}, 0x2, 0x0, 0x0, 0x8084}, 0x4004) connect$inet(r4, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f00006dbffc), 0x4) sendmsg$key(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r3) 1m40.72985484s ago: executing program 1 (id=2): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x4c, r1, 0x1, 0x70bd2b, 0x1000, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x9}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x122}, @NBD_ATTR_BACKEND_IDENTIFIER={0xd, 0xa, 'list:set\x00'}]}, 0x4c}}, 0x400400c) 0s ago: executing program 32 (id=9): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x1e0) r0 = syz_usbip_server_init(0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000) sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000014000000000000000000000000a60000000060a090400000000000000000200fffe0900020073797a32000000000900010073797a300000000034000480300001800a0001006d617463680000002000028005000300000000000b000100736f636b65740000082f024000000002"], 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0) ppoll(&(0x7f0000000000)=[{r0, 0x281}], 0x1, &(0x7f0000000040)={0x0, 0x989680}, &(0x7f0000000080)={[0x74]}, 0x8) fsopen(&(0x7f00000000c0)='qnx4\x00', 0x1) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r2, 0x5607, 0x2c) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_MOVE(r3, 0xc028aa05, &(0x7f00000001c0)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x2000}) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000000000000200000014000200626f6e64"], 0x34}, 0x1, 0x0, 0x0, 0x40488a0}, 0x800) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r8 = dup(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) ioctl$TIOCL_SETVESABLANK(r5, 0x560e, &(0x7f0000000140)) ioctl$VT_ACTIVATE(r5, 0x5606, 0x2) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) creat(&(0x7f0000000040)='./file0\x00', 0x4) socket$netlink(0x10, 0x3, 0x7) ioctl$TIOCL_BLANKSCREEN(r9, 0x541c, &(0x7f0000000000)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts. [ 92.119737][ T824] cfg80211: failed to load regulatory.db [ 93.079516][ T5593] cgroup: Unknown subsys name 'net' [ 93.320320][ T5593] cgroup: Unknown subsys name 'cpuset' [ 93.372688][ T5593] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 95.351660][ T5593] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.912912][ T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.921755][ T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.927649][ T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.931420][ T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.953481][ T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 98.051217][ T60] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 98.072840][ T60] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 98.075220][ T60] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 98.078977][ T60] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 98.113251][ T60] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 98.170468][ T60] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 98.195720][ T60] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 98.216619][ T60] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 98.218743][ T60] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 98.221527][ T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.285474][ T5616] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 98.290390][ T5616] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 98.301035][ T5616] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 98.330071][ T5616] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 98.331379][ T5616] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 100.013791][ T4921] Bluetooth: hci0: command tx timeout [ 100.172218][ T4921] Bluetooth: hci1: command tx timeout [ 100.343029][ T4921] Bluetooth: hci2: command tx timeout [ 100.412216][ T4921] Bluetooth: hci3: command tx timeout [ 100.590148][ T5608] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.591414][ T5608] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.591669][ T5608] bridge_slave_0: entered allmulticast mode [ 100.611285][ T5608] bridge_slave_0: entered promiscuous mode [ 100.645644][ T5618] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.645975][ T5618] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.646257][ T5618] bridge_slave_0: entered allmulticast mode [ 100.648895][ T5618] bridge_slave_0: entered promiscuous mode [ 100.691372][ T5608] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.691742][ T5608] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.691993][ T5608] bridge_slave_1: entered allmulticast mode [ 100.704193][ T5608] bridge_slave_1: entered promiscuous mode [ 100.708845][ T5613] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.710562][ T5613] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.724228][ T5613] bridge_slave_0: entered allmulticast mode [ 100.733365][ T5613] bridge_slave_0: entered promiscuous mode [ 100.751465][ T5618] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.751790][ T5618] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.767485][ T5618] bridge_slave_1: entered allmulticast mode [ 100.770179][ T5618] bridge_slave_1: entered promiscuous mode [ 100.827163][ T5613] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.827418][ T5613] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.827634][ T5613] bridge_slave_1: entered allmulticast mode [ 100.830033][ T5613] bridge_slave_1: entered promiscuous mode [ 100.873686][ T5612] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.873918][ T5612] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.874115][ T5612] bridge_slave_0: entered allmulticast mode [ 100.876518][ T5612] bridge_slave_0: entered promiscuous mode [ 100.955816][ T5612] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.956141][ T5612] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.956757][ T5612] bridge_slave_1: entered allmulticast mode [ 100.959231][ T5612] bridge_slave_1: entered promiscuous mode [ 100.995132][ T5608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.028415][ T5618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.059613][ T5608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.073856][ T5613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.079897][ T5618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.140170][ T5613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.169327][ T5612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.239560][ T5612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.249965][ T5608] team0: Port device team_slave_0 added [ 101.278765][ T5618] team0: Port device team_slave_0 added [ 101.308815][ T5608] team0: Port device team_slave_1 added [ 101.320019][ T5613] team0: Port device team_slave_0 added [ 101.328339][ T5618] team0: Port device team_slave_1 added [ 101.384461][ T5613] team0: Port device team_slave_1 added [ 101.424074][ T5612] team0: Port device team_slave_0 added [ 101.484834][ T5612] team0: Port device team_slave_1 added [ 101.487001][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.487015][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.487035][ T5608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.549322][ T5618] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.549335][ T5618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.549355][ T5618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.602529][ T5608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.602542][ T5608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.602563][ T5608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.604620][ T5613] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.604632][ T5613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.604652][ T5613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.606889][ T5618] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.606902][ T5618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.606922][ T5618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.751337][ T5613] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.751350][ T5613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.751377][ T5613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.799329][ T5612] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.799344][ T5612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.799364][ T5612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.860499][ T5612] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.860513][ T5612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.860534][ T5612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.023682][ T5608] hsr_slave_0: entered promiscuous mode [ 102.025568][ T5608] hsr_slave_1: entered promiscuous mode [ 102.092396][ T4921] Bluetooth: hci0: command tx timeout [ 102.254325][ T4921] Bluetooth: hci1: command tx timeout [ 102.291950][ T5618] hsr_slave_0: entered promiscuous mode [ 102.301410][ T5618] hsr_slave_1: entered promiscuous mode [ 102.308493][ T5618] debugfs: 'hsr0' already exists in 'hsr' [ 102.308588][ T5618] Cannot create hsr debugfs directory [ 102.345117][ T5613] hsr_slave_0: entered promiscuous mode [ 102.346704][ T5613] hsr_slave_1: entered promiscuous mode [ 102.348045][ T5613] debugfs: 'hsr0' already exists in 'hsr' [ 102.348071][ T5613] Cannot create hsr debugfs directory [ 102.397625][ T5612] hsr_slave_0: entered promiscuous mode [ 102.399237][ T5612] hsr_slave_1: entered promiscuous mode [ 102.400512][ T5612] debugfs: 'hsr0' already exists in 'hsr' [ 102.400544][ T5612] Cannot create hsr debugfs directory [ 102.412213][ T4921] Bluetooth: hci2: command tx timeout [ 102.502484][ T4921] Bluetooth: hci3: command tx timeout [ 103.294621][ T5608] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.337148][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 103.344925][ T5608] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.387764][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 103.404413][ T5608] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.451300][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 103.476584][ T5608] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.509414][ T5608] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 103.673676][ T5613] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 103.718481][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 103.734801][ T5613] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 103.778324][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 103.793132][ T5613] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 103.829399][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 103.875795][ T5613] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 103.907130][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 104.076788][ T5618] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 104.121172][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 104.137296][ T5618] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 104.168098][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 104.184368][ T4921] Bluetooth: hci0: command tx timeout [ 104.185869][ T5618] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 104.216584][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 104.258065][ T5618] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 104.286442][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 104.336462][ T4921] Bluetooth: hci1: command tx timeout [ 104.445129][ T5612] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 104.487836][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 104.492578][ T4921] Bluetooth: hci2: command tx timeout [ 104.514767][ T5612] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 104.556700][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 104.572337][ T4921] Bluetooth: hci3: command tx timeout [ 104.588933][ T5612] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 104.629019][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 104.643160][ T5612] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 104.676585][ T5612] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 104.803849][ T5608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.949387][ T5608] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.013727][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.013937][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.046372][ T5613] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.113331][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.113463][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.241427][ T5613] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.263287][ T5618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.324000][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.324140][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.407320][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.407667][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.455399][ T5618] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.497536][ T5612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.522966][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.523143][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.581582][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.581763][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.771758][ T5612] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.916398][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.916533][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.976858][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.977158][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.254590][ T4921] Bluetooth: hci0: command tx timeout [ 106.412204][ T4921] Bluetooth: hci1: command tx timeout [ 106.573864][ T4921] Bluetooth: hci2: command tx timeout [ 106.654554][ T4921] Bluetooth: hci3: command tx timeout [ 106.742767][ T5608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.351302][ T5608] veth0_vlan: entered promiscuous mode [ 107.387165][ T5613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.451815][ T5608] veth1_vlan: entered promiscuous mode [ 107.675472][ T5618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.779452][ T5608] veth0_macvtap: entered promiscuous mode [ 107.791281][ T5613] veth0_vlan: entered promiscuous mode [ 107.806066][ T5612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.829887][ T5608] veth1_macvtap: entered promiscuous mode [ 107.879641][ T5613] veth1_vlan: entered promiscuous mode [ 107.960240][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.010024][ T5608] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.098933][ T5618] veth0_vlan: entered promiscuous mode [ 108.120685][ T1179] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.156173][ T1179] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.178254][ T1179] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.212253][ T1179] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.221726][ T5612] veth0_vlan: entered promiscuous mode [ 108.240346][ T5613] veth0_macvtap: entered promiscuous mode [ 108.319571][ T5618] veth1_vlan: entered promiscuous mode [ 108.340437][ T5613] veth1_macvtap: entered promiscuous mode [ 108.420936][ T5612] veth1_vlan: entered promiscuous mode [ 108.634392][ T5613] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.713448][ T5613] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.747529][ T158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.747551][ T158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.839325][ T171] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.853993][ T171] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.855818][ T5618] veth0_macvtap: entered promiscuous mode [ 108.902548][ T171] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.907075][ T171] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.956957][ T5618] veth1_macvtap: entered promiscuous mode [ 108.979322][ T2404] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.979342][ T2404] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.033267][ T5612] veth0_macvtap: entered promiscuous mode [ 109.131491][ T5612] veth1_macvtap: entered promiscuous mode [ 109.310827][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.373167][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.452606][ T5612] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.506898][ T1179] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.509686][ T1179] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.546564][ T1179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.546585][ T1179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.551293][ T5612] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.580392][ T2404] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.627196][ T2404] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.680109][ T2404] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.710556][ T2404] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.874127][ T2404] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.902975][ T2404] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.982390][ T171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.982412][ T171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.090186][ T1179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.090210][ T1179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.344159][ T122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.344182][ T122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.562231][ T122] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.562254][ T122] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.760904][ T5766] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 111.760936][ T5766] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 111.790924][ T5766] vhci_hcd vhci_hcd.0: Device attached [ 111.893775][ T158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.893797][ T158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.019423][ T5766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9'. [ 112.386380][ T5749] usb 33-1: new high-speed USB device number 2 using vhci_hcd [ 127.432081][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 133.058461][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.058609][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.072232][ C0] sched: DL replenish lagged too much [ 157.227094][ T5770] vhci_hcd: connection reset by peer [ 159.250270][ T163] vhci_hcd vhci_hcd.0: stop threads [ 159.250884][ T163] vhci_hcd vhci_hcd.0: release socket [ 159.252192][ T163] vhci_hcd vhci_hcd.0: disconnect device [ 180.042053][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 184.692047][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 185.352050][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 185.392050][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 185.762053][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 186.172055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 186.582057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 186.782045][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 187.362043][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 195.143123][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.143226][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 243.741365][ T4921] Bluetooth: hci0: command tx timeout [ 243.741407][ T4921] Bluetooth: hci1: command 0x0406 tx timeout [ 243.741436][ T4921] Bluetooth: hci3: command tx timeout [ 246.714624][ T5616] Bluetooth: hci2: command tx timeout [ 256.402476][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.402594][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.660531][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.685830][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 332.951131][ T5749] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 342.332166][ T38] INFO: task kworker/u8:13:2404 blocked for more than 145 seconds. [ 342.332211][ T38] Not tainted syzkaller #0 [ 342.332223][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 342.332238][ T38] task:kworker/u8:13 state:D stack:21952 pid:2404 tgid:2404 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 342.332310][ T38] Workqueue: ipv6_addrconf addrconf_dad_work [ 342.332346][ T38] Call Trace: [ 342.332358][ T38] [ 342.332384][ T38] __schedule+0x172b/0x5550 [ 342.332444][ T38] ? __pfx___schedule+0x10/0x10 [ 342.332487][ T38] rt_mutex_schedule+0x76/0xf0 [ 342.332521][ T38] rt_mutex_slowlock_block+0x505/0x670 [ 342.332578][ T38] rt_mutex_slowlock+0x2dc/0x780 [ 342.332604][ T38] ? rt_mutex_slowlock+0x1fd/0x780 [ 342.332628][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 342.332649][ T38] ? __rtnl_unlock+0xc8/0xf0 [ 342.332702][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 342.332736][ T38] ? addrconf_dad_work+0x124/0x1680 [ 342.332758][ T38] mutex_lock_nested+0x168/0x1d0 [ 342.332795][ T38] ? addrconf_dad_work+0x124/0x1680 [ 342.332823][ T38] addrconf_dad_work+0x124/0x1680 [ 342.332854][ T38] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 342.332883][ T38] ? __pfx_addrconf_dad_work+0x10/0x10 [ 342.332908][ T38] ? process_one_work+0x8be/0x1630 [ 342.332955][ T38] ? process_one_work+0x8be/0x1630 [ 342.332988][ T38] process_one_work+0x98b/0x1630 [ 342.333045][ T38] ? __pfx_process_one_work+0x10/0x10 [ 342.333077][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 342.333120][ T38] worker_thread+0xb49/0x1140 [ 342.333165][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 342.333210][ T38] kthread+0x388/0x470 [ 342.333237][ T38] ? __pfx_worker_thread+0x10/0x10 [ 342.333270][ T38] ? __pfx_kthread+0x10/0x10 [ 342.333297][ T38] ret_from_fork+0x514/0xb70 [ 342.333329][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 342.333356][ T38] ? __switch_to+0xc79/0x1410 [ 342.333392][ T38] ? __pfx_kthread+0x10/0x10 [ 342.333421][ T38] ret_from_fork_asm+0x1a/0x30 [ 342.333470][ T38] [ 342.752177][ T38] [ 342.752177][ T38] Showing all locks held in the system: [ 342.752196][ T38] 3 locks held by kworker/0:0/9: [ 342.752211][ T38] #0: ffff88813fe56538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.752297][ T38] #1: ffffc900000e7c40 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.752362][ T38] #2: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: crda_timeout_work+0x16/0x80 [ 342.752426][ T38] 8 locks held by kworker/u8:1/13: [ 342.752439][ T38] #0: ffff88801fa91138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.752504][ T38] #1: ffffc90000127c40 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.752569][ T38] #2: ffff8880367740d0 (&type->s_umount_key#34){++++}-{4:4}, at: super_trylock_shared+0x20/0xf0 [ 342.752633][ T38] #3: ffff888036514cd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x205/0x3b0 [ 342.752702][ T38] #4: ffff888036770bb0 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x2054/0x2290 [ 342.752766][ T38] #5: ffff888033772610 (&ei->i_data_sem#2){++++}-{4:4}, at: ext4_map_blocks+0x7b5/0x11d0 [ 342.752829][ T38] #6: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.752895][ T38] #7: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 342.752958][ T38] 3 locks held by ksoftirqd/0/15: [ 342.752970][ T38] #0: ffffffff8e261520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 342.753037][ T38] #1: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 342.753103][ T38] #2: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: sched_balance_domains+0xf9/0x900 [ 342.753162][ T38] 5 locks held by ktimers/0/16: [ 342.753174][ T38] #0: ffffffff8e261520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 342.753240][ T38] #1: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 342.753313][ T38] #2: ffff8880b86284f8 (&base->softirq_expiry_lock){+...}-{3:3}, at: hrtimer_run_softirq+0x7f/0x260 [ 342.753370][ T38] #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 342.753423][ T38] #4: ffff8880b8628458 (hrtimer_bases.lock){-...}-{2:2}, at: rt_mutex_slowunlock+0xbf/0x8b0 [ 342.753514][ T38] 1 lock held by khungtaskd/38: [ 342.753527][ T38] #0: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 342.753582][ T38] 4 locks held by kworker/u8:2/41: [ 342.753595][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.753661][ T38] #1: ffffc90000b27c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.753727][ T38] #2: ffff88804ec908d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 342.753783][ T38] #3: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcaf/0x26e0 [ 342.753845][ T38] 3 locks held by kworker/u8:3/56: [ 342.753857][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.753922][ T38] #1: ffffc9000122fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.753988][ T38] #2: ffff88805e8a08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 342.754046][ T38] 7 locks held by kworker/u8:4/67: [ 342.754058][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.754124][ T38] #1: ffffc9000152fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.754192][ T38] #2: ffff88803a6bc310 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0 [ 342.754263][ T38] #3: ffff888037d3f520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0 [ 342.754337][ T38] #4: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 342.754390][ T38] #5: ffffffff8e261520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 342.754455][ T38] #6: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 342.754525][ T38] 4 locks held by kworker/u8:5/122: [ 342.754537][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.754603][ T38] #1: ffffc900030cfc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.754668][ T38] #2: ffff88805f3808d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 342.754724][ T38] #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 342.754790][ T38] 4 locks held by kworker/u8:6/158: [ 342.754803][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.754868][ T38] #1: ffffc900039cfc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.754935][ T38] #2: ffff88805cbc08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 342.754990][ T38] #3: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcaf/0x26e0 [ 342.755048][ T38] 4 locks held by kworker/u8:7/163: [ 342.755061][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.755125][ T38] #1: ffffc90003a1fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.755191][ T38] #2: ffff88805ec708d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 342.755247][ T38] #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 342.755316][ T38] 8 locks held by kworker/u8:8/171: [ 342.755329][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.755394][ T38] #1: ffffc90003a6fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.755463][ T38] #2: ffff88805d38e310 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0 [ 342.755532][ T38] #3: ffff88805d294d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0 [ 342.755598][ T38] #4: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 342.755651][ T38] #5: ffffffff8e261520 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 342.755715][ T38] #6: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 342.755781][ T38] #7: ffff8880b8739078 ((bh_lock)){+...}-{3:3}, at: napi_skb_cache_get+0xbf/0x450 [ 342.755846][ T38] 3 locks held by kworker/u8:9/1179: [ 342.755859][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.755925][ T38] #1: ffffc90006057c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.755989][ T38] #2: ffff88805efd08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 342.756046][ T38] 4 locks held by kworker/u8:10/1183: [ 342.756059][ T38] #0: ffff888036930938 ((wq_completion)ext4-rsv-conversion){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.756124][ T38] #1: ffffc90005d67c40 ((work_completion)(&ei->i_rsv_conversion_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.756190][ T38] #2: ffff888036770bb0 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x2054/0x2290 [ 342.756252][ T38] #3: ffff888033772610 (&ei->i_data_sem#2){++++}-{4:4}, at: ext4_map_blocks+0x7b5/0x11d0 [ 342.756322][ T38] 4 locks h[ 342.756322][ T38] 4 locks held by kworker/u8:11/1198: [ 342.756334][ T38] #0: ffff8880332dd938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.756398][ T38] #1: ffffc900063d7c40 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.756464][ T38] #2: ffff8880397e61d0 (&hard_iface->bat_iv.ogm_buff_mutex){+.+.}-{4:4}, at: batadv_iv_ogm_schedule+0xe8/0xfa0 [ 342.756525][ T38] #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: batadv_iv_ogm_schedule+0x874/0xfa0 [ 342.756586][ T38] 3 locks held by kworker/u8:12/1380: [ 342.756599][ T38] #0: ffff88801ae92938 ((wq_completion)kvfree_rcu_reclaim){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.756663][ T38] #1: ffffc900069a7c40 ((work_completion)(&(&krcp->krw_arr[i].rcu_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.756731][ T38] #2: ffffffff8e3cb3c0 (rcu_callback){....}-{0:0}, at: kvfree_rcu_bulk+0x6d/0x1b0 [ 342.756809][ T38] 3 locks held by kworker/u8:13/2404: [ 342.756822][ T38] #0: ffff888032d69938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.756888][ T38] #1: ffffc900085afc40 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.756954][ T38] #2: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x124/0x1680 [ 342.757023][ T38] 1 lock held by jbd2/sda1-8/4934: [ 342.757036][ T38] #0: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcaf/0x26e0 [ 342.757094][ T38] 2 locks held by klogd/4961: [ 342.757107][ T38] #0: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.757175][ T38] #1: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 342.757229][ T38] 4 locks held by udevd/4972: [ 342.757241][ T38] #0: ffff88803d4047c0 (&type->i_mutex_dir_key#4){++++}-{4:4}, at: lookup_slow+0x46/0x70 [ 342.757309][ T38] #1: ffff88801c2f3238 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_iop_lookup+0x5f/0x320 [ 342.757367][ T38] #2: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.757433][ T38] #3: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 342.757486][ T38] 2 locks held by dhcpcd/5266: [ 342.757498][ T38] #0: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.757563][ T38] #1: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __update_page_owner_free_handle+0x2e/0x470 [ 342.757620][ T38] 2 locks held by dhcpcd/5267: [ 342.757633][ T38] #0: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.757697][ T38] #1: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 342.757751][ T38] 2 locks held by getty/5359: [ 342.757764][ T38] #0: ffff888036ea30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 342.757823][ T38] #1: ffffc90003cc62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x465/0x1490 [ 342.757889][ T38] 4 locks held by syz-executor/5593: [ 342.757902][ T38] #0: ffff8880321af308 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 342.757957][ T38] #1: ffff888036774678 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x203/0x1150 [ 342.758024][ T38] #2: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.758088][ T38] #3: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 342.758141][ T38] 1 lock held by syz-executor/5608: [ 342.758153][ T38] #0: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 342.758208][ T38] 5 locks held by syz-executor/5612: [ 342.758220][ T38] #0: ffff8880117cc500 (sb_writers#10){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 342.758293][ T38] #1: ffff8880334c3788 (&type->i_mutex_dir_key#7/1){+.+.}-{4:4}, at: filename_create+0x200/0x370 [ 342.758365][ T38] #2: ffffffff8e40b458 (cgroup_mutex){+.+.}-{4:4}, at: cgroup_kn_lock_live+0x13c/0x230 [ 342.758421][ T38] #3: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.758487][ T38] #4: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 342.758540][ T38] 5 locks held by syz-executor/5613: [ 342.758553][ T38] #0: ffff888033da1f30 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x194/0x9e0 [ 342.758606][ T38] #1: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x29/0x200 [ 342.758671][ T38] #2: ffff88802efdf658 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x13d/0x210 [ 342.758743][ T38] #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 342.758795][ T38] #4: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: page_table_check_clear+0x124/0x4f0 [ 342.758850][ T38] 4 locks held by syz-executor/5618: [ 342.758862][ T38] #0: ffffffff8e49e250 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x10f/0x480 [ 342.758928][ T38] #1: ffff888033da11b0 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x184/0x1d70 [ 342.758983][ T38] #2: ffff88801ae83a30 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x272/0x1d70 [ 342.759042][ T38] #3: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.759113][ T38] 4 locks held by kworker/0:5/5706: [ 342.759126][ T38] #0: ffff88813fe56538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.759192][ T38] #1: ffffc9000513fc40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.759256][ T38] #2: ffffffff8f7b0bb8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xab/0x10d0 [ 342.759323][ T38] #3: ffff88805e8a08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x197/0x10d0 [ 342.759384][ T38] 9 locks held by kworker/1:6/5749: [ 342.759396][ T38] #0: ffff88801fef3538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.759461][ T38] #1: ffffc90005a7fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.759525][ T38] #2: ffff88802ae9c210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60 [ 342.759584][ T38] #3: ffff88802adb0658 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b0/0x4f60 [ 342.759641][ T38] #4: ffff88802ac81558 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e0/0x4f60 [ 342.759698][ T38] #5: ffffffff8f056340 (ehci_cf_port_reset_rwsem){.+.+}-{4:4}, at: hub_port_reset+0x14e/0x1820 [ 342.759757][ T38] #6: ffff88802adb2088 (&hub->status_mutex){+.+.}-{4:4}, at: hub_ext_port_status+0x53/0x820 [ 342.759823][ T38] #7: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.759888][ T38] #8: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 342.759942][ T38] 4 locks held by kworker/u8:14/5777: [ 342.759955][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.760020][ T38] #1: ffffc90005c1fc40 ((stats_flush_dwork).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.760084][ T38] #2: ffffffff8fcf4738 (ss_rstat_lock(ss)){+.+.}-{3:3}, at: __css_rstat_lock+0x73/0x460 [ 342.760144][ T38] #3: ffffffff8e3cb2a0 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10c/0x2b0 [ 342.760199][ T38] 5 locks held by kworker/1:7/5779: [ 342.760212][ T38] #0: ffff888032b44d38 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.760282][ T38] #1: ffffc9000495fc40 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.760348][ T38] #2: ffff888033a66628 (&idev->mc_lock){+.+.}-{4:4}, at: mld_ifc_work+0x2d/0xe70 [ 342.760404][ T38] #3: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.760469][ T38] #4: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 342.760522][ T38] 4 locks held by kworker/u8:15/5780: [ 342.760534][ T38] #0: ffff88801ae94138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 342.760600][ T38] #1: ffffc90005c3fc40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 342.760666][ T38] #2: ffff88802aee08d8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xbe/0x440 [ 342.760721][ T38] #3: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xcaf/0x26e0 [ 342.760780][ T38] 4 locks held by syz-executor/5782: [ 342.760793][ T38] #0: ffff88802e9241c8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 342.760850][ T38] #1: ffff888037b08430 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock+0x1f/0x70 [ 342.760911][ T38] #2: ffffffff8e512450 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 342.760975][ T38] #3: ffff88813fffbb98 (&zone->lock){+.+.}-{3:3}, at: free_one_page+0x43/0x250 [ 342.761029][ T38] 3 locks held by syz-executor/5785: [ 342.761042][ T38] #0: ffff888037b0c7b0 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x237/0x4f0