last executing test programs: 1m5.432510697s ago: executing program 1 (id=2788): socket$alg(0x26, 0x5, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001400), 0x0, 0x1000000, 0x0) syz_usb_connect(0x2, 0x41, &(0x7f0000000240)={{0x12, 0x1, 0x310, 0x74, 0x3f, 0x5f, 0x40, 0x15ba, 0x2b, 0x4223, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2f, 0x1, 0x4, 0x2, 0x10, 0x1, [{{0x9, 0x4, 0x1, 0xf, 0x0, 0x22, 0xc0, 0x3e, 0x56, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x3, 0xe092, 0xc5}, {0x6, 0x24, 0x1a, 0x367, 0x3}}]}}]}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x29, &(0x7f0000000140)={0x5, 0xf, 0x29, 0x2, [@ssp_cap={0x10, 0x10, 0xa, 0x9e, 0x1, 0x8, 0xf000, 0xc6, [0xff0000]}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "fd833ada09d67e09301e171e8f91947d"}]}}) 1m4.039075941s ago: executing program 1 (id=2800): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x3, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x200, 0x0, 0x0, {[@mss={0x2, 0x4, 0x1}]}}}}}}}, 0x0) 1m3.682293928s ago: executing program 1 (id=2804): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000028c0)='./file0\x00', &(0x7f0000002900)=[0x4], 0x0, 0x4, 0x1}}, 0x40) 1m3.316240864s ago: executing program 1 (id=2807): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xc, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 58.653494192s ago: executing program 1 (id=2821): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000780)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000381a7fe500000100000030000180060004000000000006000100020000000600020000000000040003"], 0x44}}, 0x0) 58.086222634s ago: executing program 1 (id=2827): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000001c0)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x1, 0x0, 0x2}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f00000000c0)=0x7a42, 0x4) 55.768900268s ago: executing program 3 (id=2842): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00') read$smackfs_ptrace(r0, &(0x7f0000000000), 0x14) 55.534830924s ago: executing program 3 (id=2843): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00'}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a017f7f00000000000000050000000900010073797a30000000000900030073797a300000000008000a400000000328000480080002400000001208000140000000000d0003"], 0xac}}, 0x0) 48.015205782s ago: executing program 4 (id=2852): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038540000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000280003802400008004000180040002800c00044000000000000000090c0005"], 0xe8}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) 48.014481308s ago: executing program 3 (id=2854): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$BTRFS_IOC_START_SYNC(r0, 0x4008af10, &(0x7f0000000080)) 47.954841878s ago: executing program 2 (id=2856): r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) 47.936654198s ago: executing program 4 (id=2857): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) unshare(0x2040400) getpeername$packet(r0, 0x0, 0x0) 47.414984476s ago: executing program 4 (id=2858): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) set_robust_list(&(0x7f00000001c0)={0x0, 0x8}, 0x18) 47.33731713s ago: executing program 2 (id=2859): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x1, &(0x7f0000000340)=0xffffffff, 0x4) 47.318358291s ago: executing program 3 (id=2860): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)={0x54, r1, 0xfe12482fe0801d67, 0x0, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x7fffffff}, {0xc, 0x90, 0x9}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040010}, 0x4000810) 46.99150502s ago: executing program 4 (id=2862): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xd, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000380)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 46.960123234s ago: executing program 2 (id=2863): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="cc000000", @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf250300000014000180060005004e2400000500020005000000050005000a00000038000180060001000a000000060005004e22000008000300ac1414aa14000400fe8000000000000000000000000000bb080006"], 0xcc}, 0x1, 0x0, 0x0, 0x44850}, 0xc0) 46.928679098s ago: executing program 3 (id=2864): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_POSITION_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x4000004) 46.532828545s ago: executing program 2 (id=2866): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x19, &(0x7f0000000340), 0x8) 46.455734932s ago: executing program 4 (id=2867): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0xffffffb8, &(0x7f00000000c0)={&(0x7f0000000240)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x1f}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) 46.08367776s ago: executing program 2 (id=2869): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_GET_TSC(0x19, &(0x7f00000001c0)) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000400000000000000", @ANYRES32=0x0, @ANYBLOB="00000000140000002400128009000100626f6e6400000000140002800500130d0000000008001e"], 0x44}, 0x1, 0x2000000000000000}, 0x0) 46.083412712s ago: executing program 4 (id=2870): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101900, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000080)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0xffff0000) 45.418689773s ago: executing program 2 (id=2871): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0xa}, 0x1c) close(r0) 39.196433025s ago: executing program 32 (id=2827): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000001c0)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x1, 0x0, 0x2}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f00000000c0)=0x7a42, 0x4) 32.837642499s ago: executing program 3 (id=2875): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x4200, 0x3, 0x5}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00"], 0x20}, 0x1, 0x0, 0x0, 0x20040041}, 0x0) 29.578736637s ago: executing program 33 (id=2870): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101900, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000080)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0xffff0000) 27.467940242s ago: executing program 34 (id=2871): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0xa}, 0x1c) close(r0) 17.463600916s ago: executing program 35 (id=2875): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x4200, 0x3, 0x5}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB="200000001600010a00"], 0x20}, 0x1, 0x0, 0x0, 0x20040041}, 0x0) 17.289834775s ago: executing program 0 (id=2889): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = gettid() process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x3e, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 16.114374184s ago: executing program 0 (id=2890): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@private1={0xfc, 0x1, '\x00', 0xfd}, 0x8000000, 0x0, 0x3, 0x1, 0xfffc}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@loopback={0xfec0ffff00000000}, 0x8000000, 0x0, 0x3, 0x0, 0x0, 0x600}, 0x20) 15.80225854s ago: executing program 0 (id=2891): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r0) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x38, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffff19, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x0, 0x2, 0x140}]}]}, 0x38}}, 0x0) 15.627492295s ago: executing program 0 (id=2892): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r0, &(0x7f0000002240)=ANY=[@ANYBLOB="e001000000000000", @ANYRES64=r1, @ANYBLOB="07000000000000140000000100000000b7010000000000007fb4e4a3e82449888c0a7daca90e9204bcd4badbc6f94b0e5300bd75b93bcdeb1a4cec3f7f5c4ee14589c966d18a78f381044b4a0be919482bdfe3dba4324c68b8e46e4cfe31d560864363ddf26e0ea7f58603eeec38ad06a8d730baa9ae28c00633d5b669ebaee23e66a1c7e85fd9ae2c8db001f03cd65f65a44610f073c0c6103d17161ad98baf711e5fee20bb929f890a1bafa2444469e49b65676376a1e4458f738ec65b2e980f3bc34835fb0ee8b23c3e0deb9b0cf615f2c0264cec3bcac0a3b684c7689c9dfd55592d6f33ce00003394dc9f952cb2a50dcc98f500000000000000004af4a9000000000a00000021650e2febc5fae3f59e91ad4abd2b2d6eb4b86134bcdf1dd8c144ff7c4724f60df3ad354f7ea97109b4830a0666f0b3a604a7ecfd7af3da58c15341e478a1d96aaabd54bec794a8e5779711080c53d87de413eb6b3c3ede0be27427e645fce69a7811035281c9901f51f7ae2868d28f6a0970f856645930a8c67c4d3f324a03fffa499a76f65e0152ce40b4e5080021546fdb7ddd9d267c4c2b55b210ae6fe6f5cfb2b11084d02296a846737456b53ad78c45950e0c674abaee178bc2c13c4063c107170894b206"], 0x1e0) 15.46386336s ago: executing program 0 (id=2893): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000000)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x190, 0x1, 0x0, 0xdd9f83, 0x1, 0x9, 0x3, 0x2, 0x6, 0x722, 0xed, 0x4, 0x7f, 0x3f, 0xb763599953cb090f, {0x10000, 0x6fd8e84b}, 0x3, 0xed}}) 15.316560236s ago: executing program 0 (id=2894): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=@newqdisc={0x5c, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0xc}, {0xffff, 0xffff}, {0xd, 0xc}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x5, 0x12, 0x400, 0x1, 0x200}}, {0x4}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44004}, 0x0) 0s ago: executing program 36 (id=2894): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=@newqdisc={0x5c, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0xc}, {0xffff, 0xffff}, {0xd, 0xc}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x5, 0x12, 0x400, 0x1, 0x200}}, {0x4}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44004}, 0x0) kernel console output (not intermixed with test programs): 918] usb 3-1: SerialNumber: syz [ 107.305231][ T5918] cdc_ether 3-1:1.0: skipping garbage [ 107.305751][ T5918] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 107.306617][ T5918] usb-storage 3-1:1.0: USB Mass Storage device detected [ 107.393908][ T5918] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 107.630083][ T5918] usb 3-1: USB disconnect, device number 2 [ 107.739438][ T6437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.213'. [ 107.739466][ T6437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.213'. [ 107.739477][ T6437] tc_dump_action: action bad kind [ 107.779949][ T49] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 107.933323][ T49] usb 4-1: Using ep0 maxpacket: 8 [ 107.935492][ T49] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 107.935517][ T49] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 107.967503][ T49] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 107.967521][ T49] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.967531][ T49] usb 4-1: Product: syz [ 107.967537][ T49] usb 4-1: Manufacturer: syz [ 107.967544][ T49] usb 4-1: SerialNumber: syz [ 107.991961][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 108.024855][ T49] usb 4-1: config 0 descriptor?? [ 108.149676][ T6447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.218'. [ 108.508465][ T49] usb 4-1: USB disconnect, device number 3 [ 110.799990][ T5918] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 110.955751][ T5918] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 110.955783][ T5918] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 110.955819][ T5918] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 110.955840][ T5918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.002330][ T6501] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 111.037519][ T5918] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 111.300589][ T5918] usb 2-1: USB disconnect, device number 3 [ 112.480100][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 112.651908][ T9] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 112.651936][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.651954][ T9] usb 2-1: Product: syz [ 112.651966][ T9] usb 2-1: Manufacturer: syz [ 112.651978][ T9] usb 2-1: SerialNumber: syz [ 112.722668][ T6513] netlink: 40 bytes leftover after parsing attributes in process `syz.2.250'. [ 112.746655][ T9] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 112.839888][ T5927] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 112.952164][ T6518] netlink: 'syz.4.253': attribute type 11 has an invalid length. [ 112.952188][ T6518] netlink: 12 bytes leftover after parsing attributes in process `syz.4.253'. [ 113.024677][ T6523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.256'. [ 113.024713][ T6523] netlink: 32 bytes leftover after parsing attributes in process `syz.0.256'. [ 113.040181][ T6521] netlink: 'syz.2.255': attribute type 1 has an invalid length. [ 113.365071][ T1585] usb 2-1: USB disconnect, device number 4 [ 113.430149][ T6531] netlink: 'syz.0.260': attribute type 1 has an invalid length. [ 113.430197][ T6531] netlink: 12 bytes leftover after parsing attributes in process `syz.0.260'. [ 113.793834][ T6545] netlink: 'syz.3.267': attribute type 1 has an invalid length. [ 114.099134][ T6552] netlink: 40 bytes leftover after parsing attributes in process `syz.2.271'. [ 114.139964][ T5927] usb 2-1: Service connection timeout for: 256 [ 114.139987][ T5927] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 114.141730][ T5927] ath9k_htc: Failed to initialize the device [ 114.150593][ T1585] usb 2-1: ath9k_htc: USB layer deinitialized [ 114.161101][ T6552] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 114.162432][ T6552] gretap1: entered promiscuous mode [ 114.162456][ T6552] gretap1: entered allmulticast mode [ 114.191280][ T6557] trusted_key: encrypted_key: keyword 'load HID v0.00 Device [syz0] on syz0 [ 277.416724][T12961] fido_id[12961]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 277.462242][ T6023] elo 0003:04E7:0030.000A: item fetching failed at offset 5/7 [ 277.463039][ T6023] elo 0003:04E7:0030.000A: parse failed [ 277.463139][ T6023] elo 0003:04E7:0030.000A: probe with driver elo failed with error -22 [ 277.608520][ T5910] usb 5-1: USB disconnect, device number 14 [ 277.802117][ T5911] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 277.949832][ T5911] usb 1-1: Using ep0 maxpacket: 8 [ 277.953442][ T5911] usb 1-1: unable to get BOS descriptor or descriptor too short [ 277.955256][ T5911] usb 1-1: config 4 has an invalid interface number: 30 but max is 0 [ 277.955278][ T5911] usb 1-1: config 4 has no interface number 0 [ 277.955311][ T5911] usb 1-1: config 4 interface 30 has no altsetting 0 [ 277.998959][ T5911] usb 1-1: string descriptor 0 read error: -22 [ 277.999108][ T5911] usb 1-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 277.999129][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.044324][ T5911] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 278.044375][ T5911] dw2102: su3000_power_ctrl: 1, initialized 0 [ 278.044996][ T5911] dvb-usb: bulk message failed: -22 (2/0) [ 278.091945][ T5911] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 278.092950][ T5911] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 278.093003][ T5911] usb 1-1: media controller created [ 278.093308][ T5911] dvb-usb: bulk message failed: -22 (6/0) [ 278.093322][ T5911] dw2102: i2c transfer failed. [ 278.093340][ T5911] dvb-usb: bulk message failed: -22 (6/0) [ 278.093352][ T5911] dw2102: i2c transfer failed. [ 278.093368][ T5911] dvb-usb: bulk message failed: -22 (6/0) [ 278.093380][ T5911] dw2102: i2c transfer failed. [ 278.093403][ T5911] dvb-usb: bulk message failed: -22 (6/0) [ 278.093415][ T5911] dw2102: i2c transfer failed. [ 278.093431][ T5911] dvb-usb: bulk message failed: -22 (6/0) [ 278.093443][ T5911] dw2102: i2c transfer failed. [ 278.093459][ T5911] dvb-usb: bulk message failed: -22 (6/0) [ 278.093471][ T5911] dw2102: i2c transfer failed. [ 278.093480][ T5911] dvb-usb: MAC address: 02:02:02:02:02:02 [ 278.263579][T12971] dvb-usb: bulk message failed: -22 (3/0) [ 278.263608][T12971] dw2102: i2c transfer failed. [ 278.263617][T12971] dvb-usb: bulk message failed: -22 (3/0) [ 278.263629][T12971] dw2102: i2c transfer failed. [ 278.340960][ T5911] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 278.454137][ T5911] dvb-usb: bulk message failed: -22 (3/0) [ 278.454161][ T5911] dw2102: command 0x0e transfer failed. [ 278.454171][ T5911] dvb-usb: bulk message failed: -22 (3/0) [ 278.454183][ T5911] dw2102: command 0x0e transfer failed. [ 278.760116][ T5911] dvb-usb: bulk message failed: -22 (3/0) [ 278.760139][ T5911] dw2102: command 0x0e transfer failed. [ 278.760148][ T5911] dvb-usb: bulk message failed: -22 (3/0) [ 278.760160][ T5911] dw2102: command 0x0e transfer failed. [ 278.760169][ T5911] dvb-usb: bulk message failed: -22 (1/0) [ 278.760181][ T5911] dw2102: command 0x51 transfer failed. [ 278.760189][ T5911] dvb-usb: bulk message failed: -22 (5/0) [ 278.760201][ T5911] dw2102: i2c probe for address 0x68 failed. [ 278.760212][ T5911] dvb-usb: bulk message failed: -22 (5/0) [ 278.760224][ T5911] dw2102: i2c probe for address 0x69 failed. [ 278.760233][ T5911] dvb-usb: bulk message failed: -22 (5/0) [ 278.760245][ T5911] dw2102: i2c probe for address 0x6a failed. [ 278.760255][ T5911] dw2102: probing for demodulator failed. Is the external power switched on? [ 278.760265][ T5911] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 279.119803][ T5911] rc_core: IR keymap rc-tt-1500 not found [ 279.119824][ T5911] Registered IR keymap rc-empty [ 279.128495][ T5911] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0 [ 279.171633][ T5911] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input13 [ 279.206587][ T5911] dvb-usb: schedule remote query interval to 250 msecs. [ 279.206609][ T5911] dw2102: su3000_power_ctrl: 0, initialized 1 [ 279.206622][ T5911] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 279.271012][ T5911] usb 1-1: USB disconnect, device number 11 [ 279.752904][T13023] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2819'. [ 280.481054][ T15] sched: DL replenish lagged too much [ 281.502584][T13035] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2821'. [ 283.793473][T13083] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2839'. [ 284.363731][T13093] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2843'. [ 284.363763][T13093] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2843'. [ 288.876844][ T5911] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 293.122490][T13163] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2863'. [ 293.920505][T13180] netlink: 'syz.2.2869': attribute type 30 has an invalid length. [ 298.193033][T13227] Bluetooth: MGMT ver 1.23 [ 298.297514][ T5843] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 298.318223][ T5843] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 298.319450][ T5843] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 298.352557][ T5843] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 298.353361][ T5843] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 298.488484][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 298.488944][ T5846] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 298.489355][ T5846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 298.513146][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 298.514013][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 300.611549][ T5843] Bluetooth: hci5: command tx timeout [ 302.689883][ T5843] Bluetooth: hci5: command tx timeout [ 304.779835][ T5843] Bluetooth: hci5: command tx timeout [ 306.820589][T13262] tipc: Started in network mode [ 306.820619][T13262] tipc: Node identity aaaaaaaaaa34, cluster identity 4711 [ 306.821874][T13262] tipc: Enabled bearer , priority 10 [ 306.850349][ T5843] Bluetooth: hci5: command tx timeout [ 307.953769][ T1585] tipc: Node number set to 10398378 [ 310.001102][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 310.025696][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 310.038695][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 310.049315][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 310.065940][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 311.130639][ T5843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 311.149405][ T5843] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 311.165332][ T5843] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 311.167052][ T5843] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 311.167930][ T5843] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 312.129914][ T5846] Bluetooth: hci2: command tx timeout [ 313.249883][ T5846] Bluetooth: hci6: command tx timeout [ 314.210071][ T5846] Bluetooth: hci2: command tx timeout [ 315.329903][ T5846] Bluetooth: hci6: command tx timeout [ 316.290606][ T5846] Bluetooth: hci2: command tx timeout [ 317.201920][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.201997][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.409847][ T5846] Bluetooth: hci6: command tx timeout [ 318.374801][ T5846] Bluetooth: hci2: command tx timeout [ 319.495071][ T5846] Bluetooth: hci6: command tx timeout [ 320.969298][T13320] Falling back ldisc for ttyS3. [ 323.763286][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 323.784065][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 323.785330][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 323.786504][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 323.787339][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 324.121749][T13347] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2891'. [ 324.285840][T13350] CUSE: info not properly terminated [ 325.895668][ T5843] Bluetooth: hci3: command tx timeout [ 327.970147][ T5843] Bluetooth: hci3: command tx timeout [ 330.049916][ T5843] Bluetooth: hci3: command tx timeout [ 332.130065][ T5843] Bluetooth: hci3: command tx timeout [ 340.659106][ T5846] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 340.673139][ T5846] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 340.674976][ T5846] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 340.676176][ T5846] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 340.676982][ T5846] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 342.315100][T13273] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2875'. [ 342.771550][ T5843] Bluetooth: hci7: command tx timeout [ 344.850240][ T5843] Bluetooth: hci7: command tx timeout [ 346.929881][ T5843] Bluetooth: hci7: command tx timeout [ 349.010224][ T5843] Bluetooth: hci7: command tx timeout [ 359.162527][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 359.180946][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 359.182921][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 359.184516][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 359.219283][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 361.330041][ T5843] Bluetooth: hci4: command tx timeout [ 363.410254][ T5843] Bluetooth: hci4: command tx timeout [ 365.489914][ T5843] Bluetooth: hci4: command tx timeout [ 367.569876][ T5843] Bluetooth: hci4: command tx timeout [ 370.371787][ T5846] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 370.400054][ T5846] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 370.401573][ T5846] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 370.407353][ T5846] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 370.408371][ T5846] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 371.319197][ T5846] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 371.340229][ T5846] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 371.341955][ T5846] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 371.366243][ T5846] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 371.368920][ T5846] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 372.530135][ T5846] Bluetooth: hci8: command tx timeout [ 373.493894][ T5846] Bluetooth: hci9: command tx timeout [ 374.610821][ T5846] Bluetooth: hci8: command tx timeout [ 375.570104][ T5846] Bluetooth: hci9: command tx timeout [ 376.690219][ T5846] Bluetooth: hci8: command tx timeout [ 377.650150][ T5846] Bluetooth: hci9: command tx timeout [ 378.621953][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.622030][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.770475][ T5846] Bluetooth: hci8: command tx timeout [ 379.730774][ T5846] Bluetooth: hci9: command tx timeout [ 383.811773][ T5843] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 383.830491][ T5843] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 383.832519][ T5843] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 383.833819][ T5843] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 383.834691][ T5843] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 385.980259][ T5846] Bluetooth: hci10: command tx timeout [ 388.050161][ T5846] Bluetooth: hci10: command tx timeout [ 390.130675][ T5846] Bluetooth: hci10: command tx timeout [ 392.209776][ T5846] Bluetooth: hci10: command tx timeout [ 401.260915][ T5843] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 401.285537][ T5843] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 401.300035][ T5843] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 401.301317][ T5843] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 401.302219][ T5843] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 403.410373][ T5843] Bluetooth: hci11: command tx timeout [ 405.490252][ T5843] Bluetooth: hci11: command tx timeout [ 407.570134][ T5843] Bluetooth: hci11: command tx timeout [ 409.649974][ T5843] Bluetooth: hci11: command tx timeout [ 419.752687][ T59] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 419.773558][ T59] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 419.774892][ T59] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 419.776161][ T59] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 419.787122][ T59] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 421.679928][ T5846] Bluetooth: hci5: command 0x0406 tx timeout [ 423.569841][ T5846] Bluetooth: hci12: command tx timeout [ 425.652382][ T5846] Bluetooth: hci12: command tx timeout [ 427.730138][ T5846] Bluetooth: hci12: command tx timeout [ 429.810557][ T5843] Bluetooth: hci12: command tx timeout [ 430.714851][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 430.734401][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 430.735665][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 430.737071][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 430.770015][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 431.551739][ T59] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 431.568752][ T59] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 431.579130][ T59] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 431.587901][ T59] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 431.588667][ T59] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 440.057705][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.057783][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.891587][ T38] INFO: task kworker/u8:6:1054 blocked for more than 143 seconds. [ 443.891621][ T38] Not tainted syzkaller #0 [ 443.891632][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 443.891644][ T38] task:kworker/u8:6 state:D stack:20488 pid:1054 tgid:1054 ppid:2 task_flags:0x4208160 flags:0x00004000 [ 443.891700][ T38] Workqueue: events_unbound free_mem_alloc_deferred [ 443.891732][ T38] Call Trace: [ 443.891740][ T38] [ 443.891753][ T38] __schedule+0x16f3/0x4c20 [ 443.891800][ T38] ? __lock_acquire+0xab9/0xd20 [ 443.891823][ T38] ? __pfx___schedule+0x10/0x10 [ 443.891860][ T38] ? schedule+0x91/0x360 [ 443.891883][ T38] schedule+0x165/0x360 [ 443.891904][ T38] schedule_timeout+0x9a/0x270 [ 443.891923][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 443.891961][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 443.891980][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 443.891998][ T38] ? wait_for_completion+0x267/0x5d0 [ 443.892021][ T38] wait_for_completion+0x2bf/0x5d0 [ 443.892055][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 443.892076][ T38] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 443.892098][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 443.892122][ T38] ? __init_swait_queue_head+0xa9/0x150 [ 443.892147][ T38] rcu_barrier+0x463/0x570 [ 443.892177][ T38] free_mem_alloc_deferred+0x16/0x30 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 443.892196][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 443.892216][ T38] process_scheduled_works+0xade/0x17b0 [ 443.892268][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 443.892313][ T38] worker_thread+0x8a0/0xda0 [ 443.892362][ T38] kthread+0x711/0x8a0 [ 443.892390][ T38] ? __pfx_worker_thread+0x10/0x10 [ 443.892410][ T38] ? __pfx_kthread+0x10/0x10 [ 443.892456][ T38] ? __pfx_kthread+0x10/0x10 [ 443.892484][ T38] ret_from_fork+0x3fc/0x770 [ 443.892509][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 443.892537][ T38] ? __switch_to_asm+0x39/0x70 [ 443.892554][ T38] ? __switch_to_asm+0x33/0x70 [ 443.892569][ T38] ? __pfx_kthread+0x10/0x10 [ 443.892593][ T38] ret_from_fork_asm+0x1a/0x30 [ 443.892627][ T38] [ 443.892746][ T38] [ 443.892746][ T38] Showing all locks held in the system: [ 443.892756][ T38] 4 locks held by kworker/0:0/9: [ 443.892766][ T38] #0: ffff88805b891d38 ((wq_completion)wg-crypt-wg0#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.892817][ T38] #1: ffffc900000e7bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.892863][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.892907][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.892957][ T38] 4 locks held by kworker/0:1/10: [ 443.892967][ T38] #0: ffff88805bcdc938 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.893016][ T38] #1: ffffc900000f7bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.893060][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local[ 443.893060][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.893110][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.893154][ T38] 3 locks held by kworker/u8:1/13: [ 443.893164][ T38] #0: ffff88814cc9d938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.893208][ T38] #1: ffffc90000127bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.893251][ T38] #2: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 443.893293][ T38] 2 locks held by ksoftirqd/0/15: [ 443.893303][ T38] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.893346][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.893391][ T38] 2 locks held by rcuc/0/20: [ 443.893402][ T38] 1 lock held by khungtaskd/38: [ 443.893412][ T38] #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 443.893455][ T38] 4 locks held by kworker/u9:0/59: [ 443.893465][ T38] #0: ffff8880365b0938 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.893512][ T38] #1: ffffc9000125fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.893556][ T38] #2: ffff8880889480a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 443.893598][ T38] #3: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 443.893643][ T38] 4 locks held by kworker/0:2/990: [ 443.893654][ T38] #0: ffff88805ba95d38 ((wq_completion)wg-crypt-wg1#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.893701][ T38] #1: ffffc900049d7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.893759][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.893802][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.893846][ T38] 3 locks held by kworker/u8:6/1054: [ 443.893856][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.893900][ T38] #1: ffffc90004befbc0 ((work_completion)(©->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.893950][ T38] #2: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 443.893992][ T38] 4 locks held by irq/31-virtio1-/1183: [ 443.894004][ T38] 2 locks held by kworker/u8:8/1363: [ 443.894026][ T38] 2 locks held by getty/5593: [ 443.894035][ T38] #0: ffff88823bf308a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 443.894081][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 443.894124][ T38] 1 lock held by syz-executor/5841: [ 443.894135][ T38] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 443.894176][ T38] 4 locks held by kworker/u9:5/5846: [ 443.894185][ T38] #0: ffff88805c3ff938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.894233][ T38] #1: ffffc90004d2fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.894277][ T38] #2: ffff8880841500a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 443.894317][ T38] #3: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 443.894359][ T38] 1 lock held by kworker/R-wg-cr/5871: [ 443.894371][ T38] 4 locks held by kworker/R-wg-cr/5879: [ 443.894380][ T38] #0: ffff88805bcdc938 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.894428][ T38] #1: ffffc90004edfba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.894485][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.894528][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.894572][ T38] 3 locks held by kworker/1:4/5910: [ 443.894582][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.894625][ T38] #1: ffffc9000506fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.894669][ T38] #2: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 443.894714][ T38] 4 locks held by kworker/0:3/5918: [ 443.894725][ T38] #0: ffff88805ba87138 ((wq_completion)wg-crypt-wg1#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.894772][ T38] #1: ffffc900050ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.894828][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.894871][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.894914][ T38] 4 locks held by kworker/0:4/5919: [ 443.894925][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.894974][ T38] #1: ffffc9000510fbc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.895019][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.895061][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.895105][ T38] 4 locks held by kworker/0:5/5927: [ 443.895116][ T38] #0: ffff88805b891d38 ((wq_completion)wg-crypt-wg0#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.895163][ T38] #1: ffffc9000519fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.895220][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.895263][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.895307][ T38] 4 locks held by kworker/0:6/7627: [ 443.895317][ T38] #0: ffff88805ba9e538 ((wq_completion)wg-crypt-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.895365][ T38] #1: ffffc9000b39fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.895421][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.895464][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.895512][ T38] 4 locks held by kworker/0:7/8110: [ 443.895523][ T38] #0: ffff88805b594538 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.895567][ T38] #1: ffffc9000dc0fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.895623][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.895665][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.895708][ T38] 4 locks held by kworker/0:8/8111: [ 443.895718][ T38] #0: ffff88805ba96538 ((wq_completion)wg-crypt-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.895766][ T38] #1: ffffc9000dc4fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.895823][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.895866][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.895909][ T38] 1 lock held by kworker/0:9/8112: [ 443.895919][ T38] #0: ffffffff8d8525f8 (wq_pool_attach_mutex){+.+.}-{4:4}, at: worker_attach_to_pool+0x2e/0x3a0 [ 443.895968][ T38] 4 locks held by kworker/0:10/8114: [ 443.895978][ T38] #0: ffff88805b594538 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.896021][ T38] #1: ffffc9000dc7fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.896066][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.896108][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.896152][ T38] 1 lock held by syz.1.2827/13047: [ 443.896162][ T38] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 443.896203][ T38] 1 lock held by syz.4.2870/13181: [ 443.896212][ T38] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 443.896254][ T38] 3 locks held by syz-executor/13229: [ 443.896264][ T38] #0: ffff88802fc1ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 443.896304][ T38] #1: ffff88802fc1c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 443.896347][ T38] #2: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 443.896393][ T38] 1 lock held by syz.3.2875/13273: [ 443.896403][ T38] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 443.896444][ T38] 2 locks held by syz-executor/13280: [ 443.896454][ T38] #0: ffff888033120e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 443.896494][ T38] #1: ffff8880331200a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 443.896536][ T38] 3 locks held by syz-executor/13288: [ 443.896546][ T38] #0: ffff8880233f8e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 443.896587][ T38] #1: ffff8880233f80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 443.896629][ T38] #2: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 443.896674][ T38] 4 locks held by syz-executor/13335: [ 443.896683][ T38] #0: ffff88805e028e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 443.896723][ T38] #1: ffff88805e0280a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 443.896765][ T38] #2: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 443.896810][ T38] #3: ffff88802835e358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 443.896859][ T38] 1 lock held by syz.0.2894/13356: [ 443.896869][ T38] #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 443.896913][ T38] 4 locks held by kworker/0:11/13360: [ 443.896923][ T38] #0: ffff88805b7ccd38 ((wq_completion)wg-crypt-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.896972][ T38] #1: ffffc9000671fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.897028][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.897071][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.897114][ T38] 3 locks held by syz-executor/13362: [ 443.897125][ T38] #0: ffff888051778e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 443.897165][ T38] #1: ffff8880517780a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 443.897207][ T38] #2: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 443.897253][ T38] 4 locks held by kworker/0:12/13370: [ 443.897263][ T38] #0: ffff88805b7ccd38 ((wq_completion)wg-crypt-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 443.897306][ T38] #1: ffffc9000664fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 443.897351][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 443.897394][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 443.897438][ T38] 1 lock held by syz-executor/13402: [ 443.897448][ T38] #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 443.897491][ T38] 1 lock held by syz-executor/13413: [ 443.897501][ T38] #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 443.897543][ T38] 1 lock held by syz-executor/13422: [ 443.897553][ T38] #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 443.897594][ T38] 1 lock held by syz-executor/13436: [ 443.897604][ T38] #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 443.897651][ T38] 1 lock held by syz-executor/13444: [ 443.897661][ T38] #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 443.897707][ T38] 1 lock held by dhcpcd/13449: [ 443.897717][ T38] #0: ffff888037ae45f8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 443.897762][ T38] 1 lock held by dhcpcd/13452: [ 443.897772][ T38] #0: ffff88803dd67538 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 443.897816][ T38] 1 lock held by dhcpcd/13455: [ 443.897826][ T38] #0: ffff888061d0c350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 443.897867][ T38] 1 lock held by syz-executor/13457: [ 443.897878][ T38] [ 443.897882][ T38] ============================================= [ 443.897882][ T38] [ 443.897897][ T38] NMI backtrace for cpu 1 [ 443.897920][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 443.897945][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 443.897955][ T38] Call Trace: [ 443.897963][ T38] [ 443.897971][ T38] dump_stack_lvl+0x189/0x250 [ 443.897997][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 443.898020][ T38] ? __pfx__printk+0x10/0x10 [ 443.898051][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 443.898072][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 443.898093][ T38] ? __pfx__printk+0x10/0x10 [ 443.898116][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 443.898139][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 443.898160][ T38] watchdog+0xf93/0xfe0 [ 443.898185][ T38] ? watchdog+0x1de/0xfe0 [ 443.898211][ T38] kthread+0x711/0x8a0 [ 443.898237][ T38] ? __pfx_watchdog+0x10/0x10 [ 443.898256][ T38] ? __pfx_kthread+0x10/0x10 [ 443.898284][ T38] ? __pfx_kthread+0x10/0x10 [ 443.898307][ T38] ret_from_fork+0x3fc/0x770 [ 443.898331][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 443.898357][ T38] ? __switch_to_asm+0x39/0x70 [ 443.898372][ T38] ? __switch_to_asm+0x33/0x70 [ 443.898386][ T38] ? __pfx_kthread+0x10/0x10 [ 443.898410][ T38] ret_from_fork_asm+0x1a/0x30 [ 443.898441][ T38] [ 443.898448][ T38] Sending NMI from CPU 1 to CPUs 0: [ 443.898473][ C0] NMI backtrace for cpu 0 [ 443.898487][ C0] CPU: 0 UID: 0 PID: 1183 Comm: irq/31-virtio1- Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 443.898506][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 443.898521][ C0] RIP: 0010:__lock_acquire+0x50c/0xd20 [ 443.898543][ C0] Code: 49 83 c7 28 41 89 c4 48 39 cb 0f 8d d6 00 00 00 48 83 fb 31 0f 83 92 00 00 00 41 8b 07 25 ff 1f 00 00 48 0f a3 05 a4 8a 61 11 <73> 10 48 69 c0 c8 00 00 00 48 8d 88 f0 82 9e 92 eb 40 83 3d 4b 1a [ 443.898557][ C0] RSP: 0018:ffffc9000509e8b0 EFLAGS: 00000003 [ 443.898571][ C0] RAX: 000000000000000b RBX: 0000000000000001 RCX: 0000000000000006 [ 443.898581][ C0] RDX: 0000000000000003 RSI: 0000000000000005 RDI: ffff888027080000 [ 443.898592][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8af89bab [ 443.898603][ C0] R10: 0000000000000000 R11: fffffbfff1e3a8a7 R12: 0000000000000003 [ 443.898613][ C0] R13: 0000000000000001 R14: ffff888027080c10 R15: ffff888027080b68 [ 443.898625][ C0] FS: 0000000000000000(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000 [ 443.898638][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 443.898650][ C0] CR2: 00005561b6cb8a90 CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 443.898664][ C0] Call Trace: [ 443.898670][ C0] [ 443.898685][ C0] reacquire_held_locks+0x127/0x1d0 [ 443.898708][ C0] ? rt_spin_lock+0x1bb/0x2c0 [ 443.898726][ C0] lock_release+0x1b4/0x3e0 [ 443.898745][ C0] ? ___slab_alloc+0x4d3/0xdd0 [ 443.898769][ C0] rt_spin_unlock+0x16/0x80 [ 443.898784][ C0] ___slab_alloc+0x4d3/0xdd0 [ 443.898807][ C0] ? fill_pool+0x100/0x570 [ 443.898826][ C0] ? fill_pool+0x100/0x570 [ 443.898843][ C0] kmem_cache_alloc_noprof+0xe6/0x310 [ 443.898864][ C0] fill_pool+0x100/0x570 [ 443.898882][ C0] ? debug_objects_fill_pool+0xdf/0x120 [ 443.898900][ C0] ? __pfx_fill_pool+0x10/0x10 [ 443.898919][ C0] ? debug_objects_fill_pool+0xdf/0x120 [ 443.898937][ C0] ? debug_objects_fill_pool+0xdf/0x120 [ 443.898955][ C0] debug_objects_fill_pool+0x107/0x120 [ 443.898973][ C0] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 443.898995][ C0] debug_object_activate+0x6c/0x3a0 [ 443.899016][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 443.899038][ C0] call_rcu+0xaa/0x9c0 [ 443.899055][ C0] ? rcuref_put+0x1b7/0x210 [ 443.899076][ C0] ? __pfx_call_rcu+0x10/0x10 [ 443.899090][ C0] ? percpu_counter_add_batch+0xea/0x1e0 [ 443.899111][ C0] ? dst_release+0x126/0x1b0 [ 443.899133][ C0] skb_release_head_state+0x71/0x250 [ 443.899155][ C0] consume_skb+0x60/0xf0 [ 443.899173][ C0] nft_synproxy_eval_v4+0x376/0x560 [ 443.899198][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 443.899221][ C0] ? nf_ip_checksum+0x13c/0x510 [ 443.899245][ C0] nft_synproxy_do_eval+0x345/0x570 [ 443.899266][ C0] ? skb_orphan+0xaf/0xd0 [ 443.899285][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 443.899314][ C0] nft_do_chain+0x40c/0x1920 [ 443.899336][ C0] ? __pfx_ip_list_rcv+0x10/0x10 [ 443.899357][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 443.899377][ C0] ? __netif_receive_skb_list_core+0x7d2/0x800 [ 443.899410][ C0] nft_do_chain_inet+0x25d/0x340 [ 443.899431][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 443.899452][ C0] ? __lock_acquire+0xab9/0xd20 [ 443.899475][ C0] ? NF_HOOK+0x9a/0x3a0 [ 443.899492][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 443.899514][ C0] nf_hook_slow+0xc5/0x220 [ 443.899534][ C0] NF_HOOK+0x206/0x3a0 [ 443.899551][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 443.899572][ C0] ? NF_HOOK+0x9a/0x3a0 [ 443.899587][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 443.899603][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 443.899622][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 443.899641][ C0] ? skb_dst+0x4f/0xd0 [ 443.899658][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 443.899681][ C0] NF_HOOK+0x309/0x3a0 [ 443.899704][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 443.899721][ C0] ? NF_HOOK+0x9a/0x3a0 [ 443.899737][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 443.899755][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 443.899776][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 443.899792][ C0] __netif_receive_skb+0x143/0x380 [ 443.899808][ C0] ? rt_spin_unlock+0x65/0x80 [ 443.899825][ C0] ? process_backlog+0x27b/0x900 [ 443.899841][ C0] process_backlog+0x31e/0x900 [ 443.899864][ C0] __napi_poll+0xb6/0x540 [ 443.899881][ C0] net_rx_action+0x707/0xe00 [ 443.899905][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 443.899924][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 443.899946][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 443.899975][ C0] handle_softirqs+0x22c/0x710 [ 443.899998][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 443.900020][ C0] __local_bh_enable_ip+0x179/0x270 [ 443.900039][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 443.900059][ C0] ? virtqueue_disable_cb+0xd9/0x370 [ 443.900080][ C0] ? irq_finalize_oneshot+0x54/0x3d0 [ 443.900101][ C0] ? __pfx_skb_recv_done+0x10/0x10 [ 443.900119][ C0] ? vring_interrupt+0x221/0x380 [ 443.900138][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 443.900157][ C0] irq_forced_thread_fn+0xe9/0x120 [ 443.900177][ C0] ? irq_forced_thread_fn+0x2b/0x120 [ 443.900199][ C0] irq_thread+0x427/0x690 [ 443.900217][ C0] ? irq_thread+0x17b/0x690 [ 443.900240][ C0] ? __pfx_irq_forced_thread_fn+0x10/0x10 [ 443.900260][ C0] ? __pfx_irq_thread+0x10/0x10 [ 443.900280][ C0] ? __kthread_parkme+0x7b/0x200 [ 443.900298][ C0] ? __pfx_irq_thread_dtor+0x10/0x10 [ 443.900318][ C0] ? __kthread_parkme+0x1a1/0x200 [ 443.900340][ C0] kthread+0x711/0x8a0 [ 443.900361][ C0] ? __pfx_irq_thread+0x10/0x10 [ 443.900381][ C0] ? __pfx_kthread+0x10/0x10 [ 443.900404][ C0] ? __pfx_kthread+0x10/0x10 [ 443.900425][ C0] ret_from_fork+0x3fc/0x770 [ 443.900445][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 443.900466][ C0] ? __switch_to_asm+0x39/0x70 [ 443.900480][ C0] ? __switch_to_asm+0x33/0x70 [ 443.900494][ C0] ? __pfx_kthread+0x10/0x10 [ 443.900516][ C0] ret_from_fork_asm+0x1a/0x30 [ 443.900555][ C0] [ 444.259620][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 444.259640][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 444.259660][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 444.259678][ T38] Call Trace: [ 444.259685][ T38] [ 444.259693][ T38] dump_stack_lvl+0x99/0x250 [ 444.259721][ T38] ? __asan_memcpy+0x40/0x70 [ 444.259741][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 444.259764][ T38] ? __pfx__printk+0x10/0x10 [ 444.259795][ T38] vpanic+0x281/0x750 [ 444.259820][ T38] ? __pfx_vpanic+0x10/0x10 [ 444.259841][ T38] ? preempt_schedule+0xae/0xc0 [ 444.259863][ T38] ? preempt_schedule_common+0x83/0xd0 [ 444.259889][ T38] panic+0xb9/0xc0 [ 444.259910][ T38] ? __pfx_panic+0x10/0x10 [ 444.259933][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 444.259959][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 444.259980][ T38] watchdog+0xfd2/0xfe0 [ 444.260006][ T38] ? watchdog+0x1de/0xfe0 [ 444.260033][ T38] kthread+0x711/0x8a0 [ 444.260059][ T38] ? __pfx_watchdog+0x10/0x10 [ 444.260078][ T38] ? __pfx_kthread+0x10/0x10 [ 444.260106][ T38] ? __pfx_kthread+0x10/0x10 [ 444.260130][ T38] ret_from_fork+0x3fc/0x770 [ 444.260154][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 444.260181][ T38] ? __switch_to_asm+0x39/0x70 [ 444.260196][ T38] ? __switch_to_asm+0x33/0x70 [ 444.260210][ T38] ? __pfx_kthread+0x10/0x10 [ 444.260234][ T38] ret_from_fork_asm+0x1a/0x30 [ 444.260266][ T38] [ 444.260525][ T38] Kernel Offset: disabled