last executing test programs: 14m50.780254411s ago: executing program 0 (id=1): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x80) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r0, r2, 0x25, 0x4, @void}, 0x10) syz_emit_ethernet(0x11ba, &(0x7f0000001680)=ANY=[], 0x0) 14m27.631277065s ago: executing program 0 (id=5): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000}) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000080)={0x3, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0]}) r1 = syz_open_dev$dri(&(0x7f00000005c0), 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR2(r1, 0xc02464bb, &(0x7f0000000180)={0x1, r2, 0x0, 0x7, 0x10000, 0xffff, 0xb78c, 0x8}) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000000c0)=[0x0]}) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x20, 0x242) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x80, 0x5, 0x9, 0x0, {0xe, 0xd6, 0x1c, 0xd, 0x5, 0x401, 0x200, 0xa, 0x2, 0x52, 0x8000, 0x7e9, 0x401, 0x9aa1, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000100)=[0x0], &(0x7f0000001400), 0x0, 0x1, 0x0, 0x0, r4}) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000180)) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f00000005c0)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0], 0x8, 0x9, 0x8}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000880)={&(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000680)=[{}, {}, {}, {}, {}], &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x9, 0x6}) sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newspdinfo={0x1c, 0x24, 0x21, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x1c}}, 0x0) 14m21.209567007s ago: executing program 0 (id=7): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) syz_open_procfs(0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) syz_io_uring_setup(0x49f, 0x0, &(0x7f0000000180), &(0x7f0000000080)) r1 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e0000000130001"], 0xe0}}, 0x0) 14m9.285652752s ago: executing program 0 (id=9): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x3, 0x5, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x20}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3e}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f00000001c0)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 13m57.970411467s ago: executing program 0 (id=11): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000380)="10797fcd898a0c2446900f4f21072e39c6d0c26cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be171", 0x2b) 13m41.642301232s ago: executing program 0 (id=13): r0 = socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)) syz_init_net_socket$nl_generic(0xb, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='stat\x00') lseek(r3, 0x9, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0xf0ffff, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) connect$can_j1939(r6, 0x0, 0x0) 12m53.482323485s ago: executing program 32 (id=13): r0 = socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)) syz_init_net_socket$nl_generic(0xb, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='stat\x00') lseek(r3, 0x9, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0xf0ffff, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) connect$can_j1939(r6, 0x0, 0x0) 8m49.661081724s ago: executing program 1 (id=34): syz_emit_ethernet(0x7e, &(0x7f0000000480)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2f, 0x0, @local, @multicast1, {[@cipso={0x86, 0x3f, 0x1, [{0x7, 0xc, "fba25e89573286529241"}, {0x5, 0x12, "921a672758e2f5bdf4a9cd53f6519ac7"}, {0x5, 0x5, "e663fb"}, {0x6, 0x11, "61f5c17fcf59a319c2e618eea0fec4"}, {0x2, 0x5, "46ae6b"}]}]}}}}}}}, 0x0) 8m39.253352476s ago: executing program 1 (id=35): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) ppoll(&(0x7f0000000100)=[{r1, 0x3328}], 0x1, 0x0, 0x0, 0x0) close(r0) 8m26.649009093s ago: executing program 1 (id=36): syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe) setreuid(0xee00, 0x0) keyctl$join(0x1, 0x0) keyctl$session_to_parent(0x12) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x48) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r4}, &(0x7f0000000540), &(0x7f0000000580)=r5}, 0x20) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="280000002100050125bd70000000000002000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="b7836f1c1b5be19805e133cc73fc5944bcec8171ae276f847427"], 0x28}}, 0x0) r7 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @loopback}}}, 0x108) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00'}) close(r7) 7m47.902310038s ago: executing program 1 (id=37): socket$l2tp(0x2, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$inet6(0x10, 0x3, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010028bd7000070000000200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) write$nci(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="414601", @ANYRES8], 0x4) 7m32.247885368s ago: executing program 1 (id=38): syz_emit_ethernet(0x7e, &(0x7f0000000480)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2f, 0x0, @local, @multicast1, {[@cipso={0x86, 0x40, 0x1, [{0x7, 0xc, "fba25e89573286529241"}, {0x5, 0x12, "921a672758e2f5bdf4a9cd53f6519ac7"}, {0x5, 0x6, "e663fb5d"}, {0x6, 0x11, "61f5c17fcf59a319c2e618eea0fec4"}, {0x2, 0x5, "46ae6b"}]}]}}}}}}}, 0x0) 7m21.253517609s ago: executing program 1 (id=39): r0 = socket(0x2b, 0x80801, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8000000, 0x7fffffe, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x3, 0x0}, @mcast1, [0x0, 0x0, 0x0, 0xffffff], [0x0, 0x0, 0x4c62d6309aaa1bde, 0xff000000], 'ip6tnl0\x00', 'nicvf0\x00', {}, {0xff}, 0x3a}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x4, '\x00', 'syz1\x00'}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [], [0x0, 0x0, 0xffffff00, 0xffffff00], 'veth1\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', {0x1}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000001540)={0x0}, 0x1, 0x0, 0x0, 0x40040}, 0x20000000) 6m32.629408659s ago: executing program 33 (id=39): r0 = socket(0x2b, 0x80801, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8000000, 0x7fffffe, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x3, 0x0}, @mcast1, [0x0, 0x0, 0x0, 0xffffff], [0x0, 0x0, 0x4c62d6309aaa1bde, 0xff000000], 'ip6tnl0\x00', 'nicvf0\x00', {}, {0xff}, 0x3a}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x4, '\x00', 'syz1\x00'}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [], [0x0, 0x0, 0xffffff00, 0xffffff00], 'veth1\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', {0x1}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000001540)={0x0}, 0x1, 0x0, 0x0, 0x40040}, 0x20000000) 1m49.340977234s ago: executing program 2 (id=51): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000001c0)=ANY=[@ANYBLOB="000a000000000fd60730000000000a0000000000000000000000000000000000000000000000000000000d00000000000000000000ef60fc4bd8ecc4e3200000000006004dee00000000000032acaace3269d4"], 0xd0060) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mount$fuse(0x0, &(0x7f00000002c0)='./cgroup\x00', &(0x7f0000000340), 0x888000, &(0x7f0000000400)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}}) shmctl$IPC_RMID(0x0, 0x0) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x24, 0x3f, 0x107, 0xfffffffe, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x17}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 1m7.992731141s ago: executing program 2 (id=52): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a310000000014000480080002403cb140bb08000140000000030a000700726f757465000000140000001100"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f0000000080), 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001880)=[{&(0x7f0000000280)="f4000900062b3325fe80000000000000dc8b850f2323fcb11ea3548466cc00007a000000ad6e911b", 0x28}], 0x1}, 0x0) 46.659067479s ago: executing program 2 (id=53): setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000000)=0x8, 0x4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c844) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440606769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d5", 0x423, 0x6000000000000000, 0x0, 0x0) 29.582560624s ago: executing program 2 (id=54): syz_emit_ethernet(0x6e, &(0x7f0000000480)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x11, 0x4, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2f, 0x0, @local, @multicast1, {[@cipso={0x86, 0x2f, 0x1, [{0x7, 0xc, "fba25e89573286529241"}, {0x5, 0x7, "e663fb5d60"}, {0x6, 0x11, "61f5c17fcf59a319c2e618eea0fec4"}, {0x2, 0x5, "46ae6b"}]}]}}}}}}}, 0x0) 18.612189563s ago: executing program 2 (id=55): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x48, r0, 0x801, 0x400, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "6e615216fe"}]}]}, 0x48}}, 0x0) 0s ago: executing program 2 (id=56): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a310000000014000480080002403cb140bb08000140000000030a000700726f757465000000140000001100"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f0000000080), 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001880)=[{&(0x7f0000000280)="f4000900062b3325fe80000000000000dc8b850f2323fcb11ea3548466cc00007a000000ad6e911b", 0x28}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:40149' (ED25519) to the list of known hosts. syzkaller login: [ 590.520073][ T3193] cgroup: Unknown subsys name 'net' [ 591.473261][ T3193] cgroup: Unknown subsys name 'cpuset' [ 591.727563][ T3193] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 682.670480][ T3193] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 872.839662][ T3205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 873.971523][ T3205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 874.164837][ T3207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 875.171070][ T3207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 893.751942][ T3205] hsr_slave_0: entered promiscuous mode [ 893.861567][ T3205] hsr_slave_1: entered promiscuous mode [ 895.048113][ T3207] hsr_slave_0: entered promiscuous mode [ 895.141373][ T3207] hsr_slave_1: entered promiscuous mode [ 895.178696][ T3207] debugfs: 'hsr0' already exists in 'hsr' [ 895.184262][ T3207] Cannot create hsr debugfs directory [ 908.872169][ T3205] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 909.163195][ T3205] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 909.373006][ T3205] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 909.993178][ T3205] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 912.941495][ T3207] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 913.250334][ T3207] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 914.134324][ T3207] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 914.784168][ T3207] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 934.693287][ T3205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 949.059547][ T3207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1020.883701][ T3205] veth0_vlan: entered promiscuous mode [ 1021.603253][ T3205] veth1_vlan: entered promiscuous mode [ 1025.086854][ T3205] veth0_macvtap: entered promiscuous mode [ 1025.940104][ T3205] veth1_macvtap: entered promiscuous mode [ 1029.492888][ T3210] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.522891][ T3210] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.709736][ T3482] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.838517][ T27] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1034.843026][ T3207] veth0_vlan: entered promiscuous mode [ 1035.956359][ T3207] veth1_vlan: entered promiscuous mode [ 1037.300084][ T3205] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1040.387644][ T3207] veth0_macvtap: entered promiscuous mode [ 1041.148108][ T3207] veth1_macvtap: entered promiscuous mode [ 1046.073518][ T3467] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1046.094990][ T3467] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1046.161583][ T3467] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1046.164399][ T3467] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1068.830103][ T3827] sch_tbf: burst 1885 is lower than device lo mtu (65550) ! [ 1070.227052][ T3828] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3'. [ 1235.914962][ T3924] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1268.744565][ T3482] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1270.484456][ T3482] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1273.075140][ T3482] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1275.572806][ T3482] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1301.281067][ T3482] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1301.683990][ T3482] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1301.931079][ T3482] bond0 (unregistering): Released all slaves [ 1304.872757][ T3482] hsr_slave_0: left promiscuous mode [ 1305.048977][ T3482] hsr_slave_1: left promiscuous mode [ 1306.251677][ T3482] veth1_macvtap: left promiscuous mode [ 1306.278779][ T3482] veth0_macvtap: left promiscuous mode [ 1306.287052][ T3482] veth1_vlan: left promiscuous mode [ 1306.314788][ T3482] veth0_vlan: left promiscuous mode [ 1354.299057][ T3887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1355.632826][ T3887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1384.644385][ T938] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 1385.450663][ T938] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1385.454339][ T938] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1386.590768][ T938] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1386.593286][ T938] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1386.640785][ T938] usb 2-1: Product: syz [ 1386.642838][ T938] usb 2-1: Manufacturer: syz [ 1386.644433][ T938] usb 2-1: SerialNumber: syz [ 1387.299997][ T938] usb 2-1: config 0 descriptor?? [ 1388.330582][ T938] usb 2-1: selecting invalid altsetting 0 [ 1393.600897][ T4117] snd-usb-audio 2-1:0.0: Runtime PM usage count underflow! [ 1393.753779][ T3887] hsr_slave_0: entered promiscuous mode [ 1393.942798][ T3887] hsr_slave_1: entered promiscuous mode [ 1394.034768][ T3887] debugfs: 'hsr0' already exists in 'hsr' [ 1394.061714][ T3887] Cannot create hsr debugfs directory [ 1395.032945][ T3705] usb 2-1: USB disconnect, device number 2 [ 1421.844581][ T3887] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1423.273288][ T3887] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1424.463966][ T3887] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1424.843254][ T3887] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1451.317494][ T4284] netlink: 12 bytes leftover after parsing attributes in process `syz.1.36'. [ 1481.333298][ T3887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1633.584388][ T3887] veth0_vlan: entered promiscuous mode [ 1636.553076][ T3887] veth1_vlan: entered promiscuous mode [ 1644.581375][ T3887] veth0_macvtap: entered promiscuous mode [ 1645.567043][ T3887] veth1_macvtap: entered promiscuous mode [ 1653.389218][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1653.392960][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1653.753069][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1653.778429][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1676.988228][ T4440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1677.304703][ T4440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1702.832268][ T4488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1703.094046][ T4488] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1719.253360][ T4343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1719.637535][ T4343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1774.044026][ T4343] hsr_slave_0: entered promiscuous mode [ 1774.237506][ T4343] hsr_slave_1: entered promiscuous mode [ 1774.384830][ T4343] debugfs: 'hsr0' already exists in 'hsr' [ 1774.388096][ T4343] Cannot create hsr debugfs directory [ 1809.693575][ T4343] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1810.461192][ T4343] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1811.863760][ T4343] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1812.709628][ T4343] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1883.954713][ T4343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1961.322064][ T33] INFO: task syz.1.39:4314 blocked for more than 430 seconds. [ 1961.382702][ T33] Not tainted syzkaller #0 [ 1961.384812][ T33] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1961.430923][ T33] task:syz.1.39 state:D stack:0 pid:4314 tgid:4311 ppid:3205 task_flags:0x400040 flags:0x00000002 [ 1961.435182][ T33] Call Trace: [ 1961.501682][ T33] [] __schedule+0x102c/0x451e [ 1961.587918][ T33] [] schedule+0xc4/0x35e [ 1961.590284][ T33] [] schedule_preempt_disabled+0x16/0x28 [ 1961.592324][ T33] [] __mutex_lock+0x8aa/0x19b4 [ 1961.594305][ T33] [] mutex_lock_nested+0x14/0x1c [ 1961.647304][ T33] [] smc_switch_to_fallback+0x3e/0xa9c [ 1961.649972][ T33] [] smc_sendmsg+0x14c/0xd12 [ 1961.652001][ T33] [] __sock_sendmsg+0xcc/0x162 [ 1961.653862][ T33] [] ____sys_sendmsg+0x640/0x79e SYZFAIL: failed to recv rpc [ 1961.729030][ T33] [] ___sys_sendmsg+0x144/0x1e6 [ 1961.768518][ T33] [] __sys_sendmsg+0x188/0x246 [ 1961.771230][ T33] [] __riscv_sys_sendmsg+0x70/0xa2 [ 1961.773437][ T33] [] syscall_handler+0x94/0x118 fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1961.858579][ T33] [] do_trap_ecall_u+0x3d8/0x56c [ 1961.861198][ T33] [] handle_exception+0x146/0x152 [ 1961.919550][ T33] [ 1961.919550][ T33] Showing all locks held in the system: [ 1961.922192][ T33] 3 locks held by kworker/u8:2/27: [ 1961.924183][ T33] 1 lock held by khungtaskd/33: [ 1962.000393][ T33] #0: ffffffff889e1320 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2a/0x1a0 [ 1962.092083][ T33] 2 locks held by kworker/u8:7/1976: [ 1962.094316][ T33] #0: ffffaf8012289148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x848/0x1f3a [ 1962.184412][ T33] #1: ffff8f8002c97b70 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x870/0x1f3a [ 1962.327674][ T33] 2 locks held by getty/3169: [ 1962.331197][ T33] #0: ffffaf801dcc50a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46 [ 1962.401628][ T33] #1: ffff8f800008e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x3e4/0x12ea [ 1962.443611][ T33] 2 locks held by syz-executor/3193: [ 1962.508658][ T33] 3 locks held by kworker/u8:3/3210: [ 1962.510746][ T33] 6 locks held by kworker/u8:8/3988: [ 1962.512310][ T33] 1 lock held by syz.1.39/4312: [ 1962.513836][ T33] 2 locks held by syz.1.39/4314: [ 1962.577426][ T33] #0: ffffaf801c740260 (sk_lock-AF_SMC){+.+.}-{0:0}, at: smc_sendmsg+0x4e/0xd12 [ 1962.582967][ T33] #1: ffffaf801c740ba8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_switch_to_fallback+0x3e/0xa9c [ 1962.695003][ T33] 3 locks held by kworker/1:0/4352: [ 1962.722466][ T33] 2 locks held by kworker/0:4/4439: [ 1962.724165][ T33] 1 lock held by syz.2.56/4719: [ 1962.751597][ T33] 1 lock held by modprobe/4722: [ 1962.790454][ T33] [ 1962.792174][ T33] ============================================= [ 1962.792174][ T33] [ 1962.794897][ T33] NMI backtrace for cpu 1 [ 1962.795924][ T33] CPU: 1 UID: 0 PID: 33 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT [ 1962.796625][ T33] Hardware name: riscv-virtio,qemu (DT) [ 1962.796930][ T33] Call Trace: [ 1962.797149][ T33] [] dump_backtrace+0x2e/0x3c [ 1962.797911][ T33] [] show_stack+0x30/0x3c [ 1962.798963][ T33] [] dump_stack_lvl+0x12a/0x1a2 [ 1962.799697][ T33] [] dump_stack+0x1c/0x24 [ 1962.800416][ T33] [] nmi_cpu_backtrace+0x3b0/0x3b2 [ 1962.801059][ T33] [] nmi_trigger_cpumask_backtrace+0x2b6/0x45a [ 1962.801798][ T33] [] arch_trigger_cpumask_backtrace+0x2c/0x3c [ 1962.802587][ T33] [] sys_info+0x20c/0x252 [ 1962.803320][ T33] [] watchdog+0xa70/0x11ec [ 1962.803936][ T33] [] kthread+0x39e/0x7d8 [ 1962.804488][ T33] [] ret_from_fork_kernel+0x2a/0xc78 [ 1962.805476][ T33] [] ret_from_fork_kernel_asm+0x16/0x18 [ 1962.823526][ T33] Sending NMI from CPU 1 to CPUs 0: [ 1962.829874][ C0] NMI backtrace for cpu 0 [ 1962.830403][ C0] CPU: 0 UID: 0 PID: 4722 Comm: modprobe Not tainted syzkaller #0 PREEMPT [ 1962.830962][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1962.831289][ C0] epc : debug_check_no_obj_freed+0x27c/0x4fe [ 1962.832121][ C0] ra : debug_check_no_obj_freed+0x26a/0x4fe [ 1962.832893][ C0] epc : ffffffff8187846e ra : ffffffff8187845c sp : ffff8f8003057610 [ 1962.833354][ C0] gp : ffffffff8a2fec60 tp : ffffaf8012369a80 t0 : ffff8f8003057660 [ 1962.833759][ C0] t1 : fffffffef22c5994 t2 : 0000000000000000 s0 : ffff8f80030577a0 [ 1962.834157][ C0] s1 : ffffaf801cbc36e0 a0 : ffffaf8012369a88 a1 : ffffffff8820a170 [ 1962.834545][ C0] a2 : 0000000000000006 a3 : 0000000000000001 a4 : ffffffff8a446f80 [ 1962.834924][ C0] a5 : 0000000000000037 a6 : 0000000000000003 a7 : ffffffff9162cca3 [ 1962.835362][ C0] s2 : 1ffff1f00060aed0 s3 : dead000000000100 s4 : dead000000000122 [ 1962.835757][ C0] s5 : dfffffff00000000 s6 : ffffffff9162cc98 s7 : ffffaf801cbc3690 [ 1962.836136][ C0] s8 : 0000000000000000 s9 : 0000000000000000 s10: ffffaf801cbc36e0 [ 1962.836605][ C0] s11: ffffaf801cbc3000 t3 : fd5228ce00000000 t4 : fffffffef22c5994 [ 1962.837012][ C0] t5 : fffffffef22c5995 t6 : 0000000000000002 [ 1962.837380][ C0] status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000001 [ 1962.837869][ C0] [] debug_check_no_obj_freed+0x27c/0x4fe [ 1962.838771][ C0] [] kmem_cache_free+0x2ea/0x882 [ 1962.839528][ C0] [] unlink_anon_vmas+0x460/0x6c0 [ 1962.840187][ C0] [] free_pgtables+0x1e4/0x77a [ 1962.840803][ C0] [] exit_mmap+0x39a/0xd04 [ 1962.841298][ C0] [] __mmput+0x114/0x3d4 [ 1962.842033][ C0] [] mmput+0x74/0x88 [ 1962.842682][ C0] [] do_exit+0x7d2/0x28fc [ 1962.843262][ C0] [] do_group_exit+0xd4/0x26c [ 1962.843880][ C0] [] __riscv_sys_exit_group+0x4a/0x54 [ 1962.844640][ C0] [] syscall_handler+0x94/0x118 [ 1962.845247][ C0] [] do_trap_ecall_u+0x3d8/0x56c [ 1962.845943][ C0] [] handle_exception+0x146/0x152