last executing test programs: 1m0.762578426s ago: executing program 3 (id=4): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(0xffffffffffffffff) close_range(r0, 0xffffffffffffffff, 0x0) 59.64041757s ago: executing program 4 (id=5): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x200005, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc810}, 0x4010) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0xfffffffffffffffc, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 58.949829645s ago: executing program 3 (id=7): sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x42, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x34, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}]}}}}}}}, 0x0) 58.586704453s ago: executing program 3 (id=8): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private2, 0x0, 0x2, 0xff, 0x8}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100)) 58.306938826s ago: executing program 0 (id=9): ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x8000000000000000) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') preadv(r0, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/4088, 0xff8}], 0x1, 0x15f, 0x0) 58.129432753s ago: executing program 3 (id=10): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r1, &(0x7f0000000000), 0xe) listen(r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 58.083967199s ago: executing program 0 (id=11): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) chdir(&(0x7f0000000540)='./cgroup\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x449) setxattr$incfs_size(&(0x7f0000000300)='./file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x1) 57.88951856s ago: executing program 3 (id=12): r0 = socket$inet(0x2, 0x3, 0x4) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) 57.833197031s ago: executing program 2 (id=3): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000000)=""/188, 0xbc) syz_usb_disconnect(r0) 57.805413023s ago: executing program 3 (id=13): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x4f, 0x0, 0x0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 55.682922484s ago: executing program 2 (id=14): sched_setscheduler(0x0, 0x2, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x10000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x1200}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0xf, 0xfcff, &(0x7f00000004c0)="e0"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f00000002c0)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 55.553621001s ago: executing program 2 (id=15): syz_emit_ethernet(0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$rds(0x15, 0x5, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x808, 0xa416}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2713, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f00000003c0)) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) mount$afs(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000100), 0x4, &(0x7f0000000080)={[{@dyn}, {@dyn}, {}, {@flock_local}, {@dyn}]}) 55.138824877s ago: executing program 0 (id=16): r0 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, 0x0, 0x84) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0) ioctl$PTP_PIN_SETFUNC2(0xffffffffffffffff, 0x40603d10, &(0x7f0000000200)={'\x00', 0x1}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000280)=@assoc_value={0x0}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={r4, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c) r5 = socket$inet(0x2, 0x1, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={0x1, 0x58, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) setsockopt$inet_mreqn(r5, 0x0, 0x27, &(0x7f00000003c0)={@multicast1, @loopback, r6}, 0xc) setsockopt$inet_mreqn(r5, 0x0, 0x25, &(0x7f0000000080)={@multicast1, @local}, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r7 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) mq_timedsend(r7, &(0x7f0000001600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacfcb0c571caa2200353f2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9d01c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5bb7fe918083bedfa33734a3f6afaf70379f4d423fa592dcfdeef84161df3f8f42204116442fc815a3cb3c79348d489296014fb8d4334c4ad776e14207ed2115781a0caac4cbfddf8f788f58cd9da9c33f145d87a187d7db78ce4368c5bdbba67fde5264a53a65a027a52aa09fd4943aeeae146a769a26a0f3597fd5004b60c179ce2bcafc78220d691c44c153c883bf942f01586b5321e4bbb28ab44d97bea3368f7c5d0c3dda0ef359065fd31f62060beb0b2a31f7164867e4b78f89f5ea0131aed7014ef3385f0b350ff847f4321b81c7dc9a484605ee397a2d5ea8ad9593020cea3acb6a106a560b4bf675c89aa3b14678dfef6602fdfa9afeeb6f16cb1b3cc944ad5d0492a3d07308c07dfc204c071d92f6b8b5694c70d166fe29f7894ceee7554dc32c71f3b971c8f20f2cafa4399a8755684090f90e6b45ee924d1205e0a075fd2259b6ca6430d28c780735353be38578b3cf1badcba4dae86419d4a0c1ec21f4a7510a08018e90974f0757aab8b51dc0fc068193d040cbd9706eeec02360da646b11cc5f1a544ecf24ce87c7165a0cb9bdb6990db03320ecf2f65fb6dfd1f3d32b2ae10723707cf5f30ea387f677aea100649c72e795b5f7d652e0e2fd0ae19eaf96f1b6453d056e01c97aa5c271b5e5f303fa4013f686cfbf64a1c1fe4263786b835e46a98699b8d5262520c494158439a307556d6e", 0xfd1, 0x3, 0x0) 48.265168566s ago: executing program 0 (id=17): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) timer_create(0x1, &(0x7f0000000400)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, 0x0, 0x0) unshare(0x20020480) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmsg$unix(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x2120) 38.697399986s ago: executing program 32 (id=15): syz_emit_ethernet(0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$rds(0x15, 0x5, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x808, 0xa416}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2713, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f00000003c0)) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) mount$afs(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000100), 0x4, &(0x7f0000000080)={[{@dyn}, {@dyn}, {}, {@flock_local}, {@dyn}]}) 38.5407616s ago: executing program 33 (id=13): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x4f, 0x0, 0x0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 38.330471943s ago: executing program 34 (id=5): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x200005, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) sendmsg$IPVS_CMD_NEW_SERVICE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc810}, 0x4010) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0xfffffffffffffffc, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 38.282158266s ago: executing program 0 (id=21): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000640)=0x13) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0x7f) 37.511324886s ago: executing program 0 (id=22): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup(r1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x1, 0x0, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r2, 0x1ad72f7) listen(r2, 0xda90) r3 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) ioctl$int_in(r3, 0x5452, 0x0) openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x149000, 0x0) ioctl$PTP_EXTTS_REQUEST2(r4, 0xc4c03d12, &(0x7f0000000380)={0xa, 0x4}) 22.512987132s ago: executing program 35 (id=22): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup(r1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x1, 0x0, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r2, 0x1ad72f7) listen(r2, 0xda90) r3 = openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) ioctl$int_in(r3, 0x5452, 0x0) openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0) r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x149000, 0x0) ioctl$PTP_EXTTS_REQUEST2(r4, 0xc4c03d12, &(0x7f0000000380)={0xa, 0x4}) 16.010695922s ago: executing program 1 (id=2): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket(0x10, 0x80002, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYRESHEX=r0], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r2, 0xffffffffffffffff}, 0xfffffffffffffece) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095", @ANYRES32=r1, @ANYRES32=r2, @ANYRES16=r3], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000005600)='sys_enter\x00', r4, 0x0, 0x2}, 0x18) pipe(&(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) pipe2(0x0, 0x80c80) rt_sigprocmask(0x3, 0x0, &(0x7f0000000240), 0xd250) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r5, 0x5607, 0x2f) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = dup(r6) ioctl$TIOCL_SETVESABLANK(r7, 0x560e, &(0x7f0000000140)) r8 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_ACTIVATE(r8, 0x5606, 0x4) ioctl$TIOCL_BLANKSCREEN(r8, 0x541c, &(0x7f0000000000)) set_tid_address(&(0x7f0000000040)) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8923, 0x0) ioctl$VT_RESIZEX(r8, 0x560a, &(0x7f0000000080)={0xd, 0x8, 0x2, 0x0, 0x0, 0x1000}) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2) close(r9) socket$phonet_pipe(0x23, 0x5, 0x2) write$sndseq(r9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) getpid() 0s ago: executing program 36 (id=2): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket(0x10, 0x80002, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYRESHEX=r0], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r2, 0xffffffffffffffff}, 0xfffffffffffffece) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000182300", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095", @ANYRES32=r1, @ANYRES32=r2, @ANYRES16=r3], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000005600)='sys_enter\x00', r4, 0x0, 0x2}, 0x18) pipe(&(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) pipe2(0x0, 0x80c80) rt_sigprocmask(0x3, 0x0, &(0x7f0000000240), 0xd250) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r5, 0x5607, 0x2f) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = dup(r6) ioctl$TIOCL_SETVESABLANK(r7, 0x560e, &(0x7f0000000140)) r8 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_ACTIVATE(r8, 0x5606, 0x4) ioctl$TIOCL_BLANKSCREEN(r8, 0x541c, &(0x7f0000000000)) set_tid_address(&(0x7f0000000040)) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8923, 0x0) ioctl$VT_RESIZEX(r8, 0x560a, &(0x7f0000000080)={0xd, 0x8, 0x2, 0x0, 0x0, 0x1000}) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2) close(r9) socket$phonet_pipe(0x23, 0x5, 0x2) write$sndseq(r9, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) getpid() kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.16' (ED25519) to the list of known hosts. [ 80.332373][ T5824] cgroup: Unknown subsys name 'net' [ 80.573916][ T5824] cgroup: Unknown subsys name 'cpuset' [ 80.619658][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.366759][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.004168][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.005820][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.006762][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.011229][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.017632][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.018402][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.020656][ T5155] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.023807][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.025300][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.026326][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.038687][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.050875][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.055681][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.057598][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.063863][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.114553][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.117017][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.118127][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.128220][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.131000][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.236350][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.246708][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.249417][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.274226][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.276426][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.989949][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 86.033269][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 86.093744][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 86.098362][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 86.654329][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 86.753231][ T45] cfg80211: failed to load regulatory.db [ 86.833089][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.833177][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.833493][ T5837] bridge_slave_0: entered allmulticast mode [ 86.835137][ T5837] bridge_slave_0: entered promiscuous mode [ 87.078130][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.078237][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.078514][ T5837] bridge_slave_1: entered allmulticast mode [ 87.082072][ T5841] Bluetooth: hci1: command tx timeout [ 87.091947][ T5837] bridge_slave_1: entered promiscuous mode [ 87.115084][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.115218][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.115425][ T5839] bridge_slave_0: entered allmulticast mode [ 87.117691][ T5839] bridge_slave_0: entered promiscuous mode [ 87.149265][ T5841] Bluetooth: hci3: command tx timeout [ 87.149422][ T5843] Bluetooth: hci0: command tx timeout [ 87.149430][ T5841] Bluetooth: hci2: command tx timeout [ 87.309323][ T5843] Bluetooth: hci4: command tx timeout [ 87.459966][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.460100][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.460269][ T5839] bridge_slave_1: entered allmulticast mode [ 87.462080][ T5839] bridge_slave_1: entered promiscuous mode [ 87.464965][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.465062][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.465169][ T5847] bridge_slave_0: entered allmulticast mode [ 87.466628][ T5847] bridge_slave_0: entered promiscuous mode [ 87.468813][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.468945][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.479227][ T5834] bridge_slave_0: entered allmulticast mode [ 87.481882][ T5834] bridge_slave_0: entered promiscuous mode [ 87.680018][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.680111][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.680220][ T5847] bridge_slave_1: entered allmulticast mode [ 87.681774][ T5847] bridge_slave_1: entered promiscuous mode [ 87.683434][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.683565][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.683884][ T5834] bridge_slave_1: entered allmulticast mode [ 87.685376][ T5834] bridge_slave_1: entered promiscuous mode [ 87.718156][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.014678][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.034041][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.465544][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.468607][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.481931][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.702257][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.704359][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.706768][ T5837] team0: Port device team_slave_0 added [ 88.707266][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.707458][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.707623][ T5849] bridge_slave_0: entered allmulticast mode [ 88.710277][ T5849] bridge_slave_0: entered promiscuous mode [ 89.018129][ T5837] team0: Port device team_slave_1 added [ 89.018565][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.018674][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.018783][ T5849] bridge_slave_1: entered allmulticast mode [ 89.022029][ T5849] bridge_slave_1: entered promiscuous mode [ 89.025871][ T5839] team0: Port device team_slave_0 added [ 89.159276][ T5843] Bluetooth: hci1: command tx timeout [ 89.229323][ T59] Bluetooth: hci0: command tx timeout [ 89.229353][ T59] Bluetooth: hci3: command tx timeout [ 89.229494][ T5843] Bluetooth: hci2: command tx timeout [ 89.336340][ T5839] team0: Port device team_slave_1 added [ 89.347792][ T5847] team0: Port device team_slave_0 added [ 89.358516][ T5834] team0: Port device team_slave_0 added [ 89.389379][ T5843] Bluetooth: hci4: command tx timeout [ 89.554173][ T5847] team0: Port device team_slave_1 added [ 89.557204][ T5834] team0: Port device team_slave_1 added [ 89.723192][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.723203][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.723216][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.727123][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.941267][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.941282][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.941305][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.944986][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.945643][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.945653][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.945666][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.290708][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.290718][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.290731][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.291611][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.291622][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.291634][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.292711][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.292722][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.292744][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.533411][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.533424][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.533437][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.534300][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.534309][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.534322][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.538520][ T5849] team0: Port device team_slave_0 added [ 90.677151][ T5849] team0: Port device team_slave_1 added [ 90.926990][ T5837] hsr_slave_0: entered promiscuous mode [ 90.928058][ T5837] hsr_slave_1: entered promiscuous mode [ 91.200481][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.200492][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.200504][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.206175][ T5839] hsr_slave_0: entered promiscuous mode [ 91.206975][ T5839] hsr_slave_1: entered promiscuous mode [ 91.207633][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 91.207716][ T5839] Cannot create hsr debugfs directory [ 91.239201][ T5843] Bluetooth: hci1: command tx timeout [ 91.309285][ T5843] Bluetooth: hci2: command tx timeout [ 91.309316][ T5843] Bluetooth: hci3: command tx timeout [ 91.309336][ T5843] Bluetooth: hci0: command tx timeout [ 91.450638][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.450655][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.450677][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.457531][ T5834] hsr_slave_0: entered promiscuous mode [ 91.458297][ T5834] hsr_slave_1: entered promiscuous mode [ 91.458802][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 91.458818][ T5834] Cannot create hsr debugfs directory [ 91.469303][ T5841] Bluetooth: hci4: command tx timeout [ 91.585222][ T5847] hsr_slave_0: entered promiscuous mode [ 91.586027][ T5847] hsr_slave_1: entered promiscuous mode [ 91.586522][ T5847] debugfs: 'hsr0' already exists in 'hsr' [ 91.586543][ T5847] Cannot create hsr debugfs directory [ 92.528356][ T5849] hsr_slave_0: entered promiscuous mode [ 92.529670][ T5849] hsr_slave_1: entered promiscuous mode [ 92.530553][ T5849] debugfs: 'hsr0' already exists in 'hsr' [ 92.530575][ T5849] Cannot create hsr debugfs directory [ 93.309298][ T5841] Bluetooth: hci1: command tx timeout [ 93.389586][ T5841] Bluetooth: hci0: command tx timeout [ 93.389616][ T5841] Bluetooth: hci3: command tx timeout [ 93.389636][ T5841] Bluetooth: hci2: command tx timeout [ 93.559851][ T5843] Bluetooth: hci4: command tx timeout [ 93.654086][ T5837] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.698277][ T5837] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.724711][ T5837] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.767614][ T5837] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.902498][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.959649][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.987054][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.025784][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.140894][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.188011][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.236886][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.285055][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.450723][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.488868][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.527498][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.577933][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.740207][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.755981][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.817413][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.864679][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.904790][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.988511][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.044374][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.044806][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.078201][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.108367][ T188] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.110059][ T188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.195934][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.240641][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.246925][ T70] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.247273][ T70] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.292605][ T4469] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.292756][ T4469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.368570][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.395397][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.421568][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.421692][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.484372][ T188] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.485048][ T188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.551668][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.604923][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.614040][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.615090][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.672712][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.672859][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.801200][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.858560][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.860159][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.910005][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.910119][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.058281][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.252178][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.570513][ T5839] veth0_vlan: entered promiscuous mode [ 96.621258][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.664569][ T5839] veth1_vlan: entered promiscuous mode [ 96.906290][ T5839] veth0_macvtap: entered promiscuous mode [ 96.919838][ T5834] veth0_vlan: entered promiscuous mode [ 96.948661][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.975741][ T5839] veth1_macvtap: entered promiscuous mode [ 97.018029][ T5834] veth1_vlan: entered promiscuous mode [ 97.030210][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.098050][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.107951][ T5837] veth0_vlan: entered promiscuous mode [ 97.140740][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.171224][ T5837] veth1_vlan: entered promiscuous mode [ 97.198239][ T4469] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.221657][ T4469] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.241273][ T4469] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.253112][ T4469] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.323158][ T5834] veth0_macvtap: entered promiscuous mode [ 97.344030][ T5847] veth0_vlan: entered promiscuous mode [ 97.397014][ T5834] veth1_macvtap: entered promiscuous mode [ 97.515288][ T5849] veth0_vlan: entered promiscuous mode [ 97.516510][ T5847] veth1_vlan: entered promiscuous mode [ 97.580047][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.581382][ T5837] veth0_macvtap: entered promiscuous mode [ 97.585959][ T5849] veth1_vlan: entered promiscuous mode [ 97.613932][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.617983][ T5837] veth1_macvtap: entered promiscuous mode [ 97.692635][ T188] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.693872][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.693895][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.736825][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.755732][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.778512][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.832160][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.882147][ T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.882166][ T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.883067][ T5847] veth0_macvtap: entered promiscuous mode [ 97.908828][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.003197][ T5847] veth1_macvtap: entered promiscuous mode [ 98.100388][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.111032][ T5849] veth0_macvtap: entered promiscuous mode [ 98.116700][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.148621][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.164714][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.171832][ T5849] veth1_macvtap: entered promiscuous mode [ 98.281306][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.281324][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.282018][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.417648][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.511987][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.540431][ T64] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.540516][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.540528][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.545804][ T70] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.579002][ T70] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.594871][ T70] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.623046][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.663646][ T5927] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 98.704284][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.704303][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.790065][ T57] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.823983][ T5927] usb 4-1: Using ep0 maxpacket: 8 [ 98.836760][ T57] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.848431][ T5927] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 98.848455][ T5927] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 98.848509][ T5927] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 98.848535][ T5927] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 98.848577][ T5927] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 98.848598][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.903920][ T57] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.941594][ T57] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.962758][ T5927] hub 4-1:1.0: bad descriptor, ignoring hub [ 98.964981][ T5927] hub 4-1:1.0: probe with driver hub failed with error -5 [ 98.974624][ T5927] cdc_wdm 4-1:1.0: skipping garbage [ 98.974641][ T5927] cdc_wdm 4-1:1.0: skipping garbage [ 99.010826][ T5927] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 99.010855][ T5927] cdc_wdm 4-1:1.0: Unknown control protocol [ 99.065383][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.065402][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.308330][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 99.372701][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 99.376131][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.376148][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.404378][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 99.430275][ T5927] usb 4-1: USB disconnect, device number 2 [ 99.465072][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 99.527408][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 99.586198][ T5961] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.870936][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.870954][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.009519][ T188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.009539][ T188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.699414][ T1231] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 101.869493][ T1231] usb 3-1: Using ep0 maxpacket: 32 [ 101.872876][ T1231] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 101.952746][ T1231] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 101.952775][ T1231] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 101.952794][ T1231] usb 3-1: Product: syz [ 101.952807][ T1231] usb 3-1: Manufacturer: syz [ 101.952821][ T1231] usb 3-1: SerialNumber: syz [ 102.045688][ T1231] usb 3-1: config 0 descriptor?? [ 102.047240][ T5988] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 102.354692][ T5926] usb 3-1: USB disconnect, device number 2 [ 104.446918][ C1] sched: DL replenish lagged too much [ 110.141851][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.141872][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.339182][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.439152][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.640580][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.649206][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.742564][ T0] NOHZ tick-stop error: local softirq work is pending, handler #88!!! [ 122.557077][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 122.571592][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 122.573112][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 122.574569][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 122.575756][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 122.849065][ T5843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 122.865646][ T5843] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 122.868405][ T5843] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 122.885668][ T5843] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 122.886487][ T5843] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 122.977260][ T5843] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 122.999358][ T5843] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 123.000336][ T5843] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 123.002142][ T5843] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 123.002988][ T5843] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 124.655390][ T6028] chnl_net:caif_netlink_parms(): no params data found [ 124.756165][ T5841] Bluetooth: hci5: command tx timeout [ 124.991529][ T5841] Bluetooth: hci6: command tx timeout [ 125.070493][ T5841] Bluetooth: hci7: command tx timeout [ 126.829530][ T5841] Bluetooth: hci5: command tx timeout [ 127.069489][ T5841] Bluetooth: hci6: command tx timeout [ 127.160599][ T5841] Bluetooth: hci7: command tx timeout [ 128.909409][ T5841] Bluetooth: hci5: command tx timeout [ 129.149411][ T5841] Bluetooth: hci6: command tx timeout [ 129.239284][ T5841] Bluetooth: hci7: command tx timeout [ 130.989516][ T5841] Bluetooth: hci5: command tx timeout [ 131.229458][ T5841] Bluetooth: hci6: command tx timeout [ 131.317491][ T5841] Bluetooth: hci7: command tx timeout [ 133.779767][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.779865][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.429752][ T5843] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 138.431642][ T5843] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 138.432526][ T5843] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 138.434509][ T5843] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 138.436140][ T5843] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 140.589653][ T5843] Bluetooth: hci8: command tx timeout [ 142.669416][ T5843] Bluetooth: hci8: command tx timeout [ 142.964010][ T6030] chnl_net:caif_netlink_parms(): no params data found [ 143.339892][ T6056] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 144.554383][ T6032] chnl_net:caif_netlink_parms(): no params data found [ 144.749363][ T5843] Bluetooth: hci8: command tx timeout [ 146.829535][ T5843] Bluetooth: hci8: command tx timeout [ 160.383640][ T5841] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 160.398592][ T5841] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 160.399857][ T5841] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 160.417333][ T5841] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 160.418294][ T5841] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 162.509314][ T5841] Bluetooth: hci9: command tx timeout [ 164.599327][ T5841] Bluetooth: hci9: command tx timeout [ 166.669507][ T5841] Bluetooth: hci9: command tx timeout [ 168.759816][ T5841] Bluetooth: hci9: command tx timeout [ 181.880185][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 181.887305][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 181.888220][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 181.926563][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 181.927472][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 182.701859][ T59] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 182.725062][ T59] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 182.726080][ T59] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 182.727395][ T59] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 182.728286][ T59] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 182.785558][ T59] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 182.787432][ T59] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 182.788336][ T59] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 182.811611][ T59] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 182.842937][ T59] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 189.505853][ T59] Bluetooth: hci10: command tx timeout [ 191.549420][ T5841] Bluetooth: hci10: command tx timeout [ 191.549625][ T5841] Bluetooth: hci3: command tx timeout [ 191.549733][ T5841] Bluetooth: hci11: command tx timeout [ 193.640250][ T5843] Bluetooth: hci11: command tx timeout [ 193.640284][ T5843] Bluetooth: hci3: command tx timeout [ 193.640305][ T5843] Bluetooth: hci10: command tx timeout [ 195.709496][ T5841] Bluetooth: hci10: command tx timeout [ 195.709527][ T5841] Bluetooth: hci3: command tx timeout [ 195.709547][ T5841] Bluetooth: hci11: command tx timeout [ 197.800608][ T5843] Bluetooth: hci11: command tx timeout [ 197.800650][ T5843] Bluetooth: hci3: command tx timeout [ 198.079989][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.080065][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.437348][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 198.456507][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 198.457446][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 198.458637][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 198.486616][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 200.667955][ T5843] Bluetooth: hci4: command tx timeout [ 202.669322][ T5843] Bluetooth: hci4: command tx timeout [ 204.749282][ T5843] Bluetooth: hci4: command tx timeout [ 206.833898][ T5843] Bluetooth: hci4: command tx timeout [ 211.735297][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 211.735341][ T5843] Bluetooth: hci1: command 0x0406 tx timeout [ 211.735368][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 220.977524][ T5843] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 220.988863][ T5843] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 221.006984][ T5843] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 221.008261][ T5843] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 221.025848][ T5843] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 232.829452][ T5843] Bluetooth: hci12: command tx timeout [ 234.913925][ T5843] Bluetooth: hci12: command tx timeout [ 236.989372][ T5843] Bluetooth: hci12: command tx timeout [ 239.069415][ T5843] Bluetooth: hci12: command tx timeout [ 241.998514][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 242.013114][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 242.014061][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 242.015501][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 242.016290][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 244.109348][ T5845] Bluetooth: hci5: command tx timeout [ 244.191029][ T38] INFO: task syz.4.5:5960 blocked for more than 143 seconds. [ 244.191059][ T38] Not tainted syzkaller #0 [ 244.191069][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 244.191081][ T38] task:syz.4.5 state:D stack:25128 pid:5960 tgid:5960 ppid:5837 task_flags:0x400040 flags:0x00004006 [ 244.191141][ T38] Call Trace: [ 244.191148][ T38] [ 244.191161][ T38] __schedule+0x16f3/0x4c20 [ 244.191210][ T38] ? sched_clock+0x3f/0x60 [ 244.191233][ T38] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 244.191264][ T38] ? __pfx___schedule+0x10/0x10 [ 244.191316][ T38] rt_mutex_schedule+0x77/0xf0 [ 244.191335][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 244.191370][ T38] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 244.191395][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 244.191417][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 244.191439][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 244.191471][ T38] ? rcu_barrier+0x4c/0x570 [ 244.191498][ T38] ? rt_mutex_slowunlock+0x493/0x8a0 [ 244.191523][ T38] ? rcu_barrier+0x4c/0x570 [ 244.191539][ T38] mutex_lock_nested+0x16a/0x1d0 [ 244.191566][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 244.191591][ T38] rcu_barrier+0x4c/0x570 [ 244.191620][ T38] kvm_mmu_uninit_vm+0x53/0x90 [ 244.191640][ T38] kvm_arch_destroy_vm+0x23d/0x280 [ 244.191666][ T38] kvm_put_kvm+0xf8e/0x1670 [ 244.191696][ T38] ? __pfx_kvm_vm_release+0x10/0x10 [ 244.191719][ T38] kvm_vm_release+0x46/0x50 [ 244.191740][ T38] __fput+0x458/0xa80 [ 244.191771][ T38] task_work_run+0x1d4/0x260 [ 244.191793][ T38] ? __pfx_task_work_run+0x10/0x10 [ 244.191817][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 244.191842][ T38] exit_to_user_mode_loop+0xec/0x110 [ 244.191865][ T38] do_syscall_64+0x2bd/0x3b0 [ 244.191882][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.191905][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.191924][ T38] ? clear_bhb_loop+0x60/0xb0 [ 244.191946][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.191964][ T38] RIP: 0033:0x7fa310e3eba9 [ 244.191986][ T38] RSP: 002b:00007ffc6929aaf8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 244.192005][ T38] RAX: 0000000000000000 RBX: 00007fa311087da0 RCX: 00007fa310e3eba9 [ 244.192017][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 244.192028][ T38] RBP: 00007fa311087da0 R08: 0000000000000140 R09: 000000126929adef [ 244.192041][ T38] R10: 00007fa311087cb0 R11: 0000000000000246 R12: 0000000000018792 [ 244.192052][ T38] R13: 00007fa311086090 R14: ffffffffffffffff R15: 00007ffc6929ac10 [ 244.192083][ T38] [ 244.192138][ T38] INFO: task syz.4.5:5961 blocked for more than 143 seconds. [ 244.192151][ T38] Not tainted syzkaller #0 [ 244.192160][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 244.192189][ T38] task:syz.4.5 state:D stack:25400 pid:5961 tgid:5960 ppid:5837 task_flags:0x400040 flags:0x00004006 [ 244.192234][ T38] Call Trace: [ 244.192240][ T38] [ 244.192252][ T38] __schedule+0x16f3/0x4c20 [ 244.192299][ T38] ? __lock_acquire+0xab9/0xd20 [ 244.192322][ T38] ? __pfx___schedule+0x10/0x10 [ 244.192362][ T38] ? schedule+0x91/0x360 [ 244.192389][ T38] schedule+0x165/0x360 [ 244.192414][ T38] schedule_timeout+0x9a/0x270 [ 244.192436][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 244.192473][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 244.192496][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.192518][ T38] ? wait_for_completion+0x267/0x5d0 [ 244.192544][ T38] wait_for_completion+0x2bf/0x5d0 [ 244.192589][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 244.192615][ T38] ? __raw_spin_lock_init+0x45/0x100 [ 244.192644][ T38] rcu_barrier+0x463/0x570 [ 244.192674][ T38] kvm_mmu_uninit_vm+0x53/0x90 [ 244.192694][ T38] kvm_arch_destroy_vm+0x23d/0x280 [ 244.192718][ T38] kvm_put_kvm+0xf8e/0x1670 [ 244.192747][ T38] ? __pfx_kvm_vm_release+0x10/0x10 [ 244.192770][ T38] kvm_vm_release+0x46/0x50 [ 244.192791][ T38] __fput+0x458/0xa80 [ 244.192818][ T38] task_work_run+0x1d4/0x260 [ 244.192839][ T38] ? __pfx_task_work_run+0x10/0x10 [ 244.192855][ T38] ? __fget_files+0x2a/0x420 [ 244.192884][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 244.192910][ T38] exit_to_user_mode_loop+0xec/0x110 [ 244.192934][ T38] do_syscall_64+0x2bd/0x3b0 [ 244.192949][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.192973][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.192990][ T38] ? clear_bhb_loop+0x60/0xb0 [ 244.193012][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.193030][ T38] RIP: 0033:0x7fa310e3e7ab [ 244.193044][ T38] RSP: 002b:00007fa30f0a4490 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 244.193062][ T38] RAX: 0000000000000000 RBX: 00007fa30f0a4be0 RCX: 00007fa310e3e7ab [ 244.193074][ T38] RDX: 00007fa30f0a4be0 RSI: 000000004020ae46 RDI: 0000000000000006 [ 244.193085][ T38] RBP: 0000000000000006 R08: 0000000000000001 R09: 0000000000000000 [ 244.193094][ T38] R10: 0000000000000006 R11: 0000000000000246 R12: 000000000000000b [ 244.193105][ T38] R13: 000020000000b000 R14: 0000200000000000 R15: 00000000fec00000 [ 244.193135][ T38] [ 244.193241][ T38] [ 244.193241][ T38] Showing all locks held in the system: [ 244.193253][ T38] 2 locks held by rcuc/1/28: [ 244.193263][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 244.193311][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 244.193355][ T38] 7 locks held by ktimers/1/29: [ 244.193366][ T38] 2 locks held by ksoftirqd/1/30: [ 244.193376][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 244.193419][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 244.193465][ T38] 1 lock held by khungtaskd/38: [ 244.193475][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 244.193519][ T38] 3 locks held by kworker/u8:5/70: [ 244.193529][ T38] #0: ffff88803046b138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 244.193581][ T38] #1: ffffc9000155fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 244.193626][ T38] #2: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 244.193672][ T38] 5 locks held by kworker/1:1H/105: [ 244.193691][ T38] 3 locks held by kworker/u8:9/1308: [ 244.193701][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 244.193750][ T38] #1: ffffc900052afbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 244.193794][ T38] #2: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 244.193847][ T38] 2 locks held by kworker/u8:10/3541: [ 244.193860][ T38] 2 locks held by getty/5596: [ 244.193869][ T38] #0: ffff88823bf360a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 244.193919][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 244.193965][ T38] 1 lock held by syz-executor/5847: [ 244.193974][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 244.194022][ T38] 5 locks held by kworker/1:4/5925: [ 244.194032][ T38] 4 locks held by kworker/1:5/5927: [ 244.194043][ T38] #0: ffff88805c3bc538 ((wq_completion)wg-crypt-wg0#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 244.194098][ T38] #1: ffffc9000504fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 244.194155][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 244.194198][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 244.194243][ T38] 1 lock held by syz.4.5/5960: [ 244.194252][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 244.194293][ T38] 1 lock held by syz.4.5/5961: [ 244.194303][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 244.194344][ T38] 1 lock held by syz.3.13/5986: [ 244.194354][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 244.194395][ T38] 2 locks held by kworker/1:7/6003: [ 244.194405][ T38] 4 locks held by kworker/1:8/6004: [ 244.194414][ T38] #0: ffff88805c32ad38 ((wq_completion)wg-crypt-wg2#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 244.194463][ T38] #1: ffffc9000524fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 244.194519][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 244.194568][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 244.194612][ T38] 4 locks held by kworker/1:9/6009: [ 244.194622][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 244.194667][ T38] #1: ffffc900052cfbc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 244.194711][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 244.194755][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 244.194799][ T38] 4 locks held by kworker/1:10/6010: [ 244.194809][ T38] #0: ffff88805c3d3d38 ((wq_completion)wg-crypt-wg2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 244.194856][ T38] #1: ffffc9000527fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 244.194913][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 244.194957][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 244.195002][ T38] 1 lock held by syz.0.22/6025: [ 244.195011][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 244.195053][ T38] 4 locks held by kworker/1:11/6027: [ 244.195063][ T38] #0: ffff88805c12a938 ((wq_completion)wg-crypt-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 244.195111][ T38] #1: ffffc9000530fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 244.195156][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 244.195200][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 244.195244][ T38] 1 lock held by syz-executor/6028: [ 244.195254][ T38] #0: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 244.195302][ T38] 2 locks held by syz-executor/6030: [ 244.195312][ T38] #0: ffffffff8f1d78e8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 244.195363][ T38] #1: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 244.195408][ T38] 3 locks held by kworker/1:12/6036: [ 244.195418][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 244.195463][ T38] #1: ffffc900053bfbc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 244.195506][ T38] #2: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 [ 244.195555][ T38] 2 locks held by syz-executor/6048: [ 244.195572][ T38] #0: ffffffff8ecc6640 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 244.195616][ T38] #1: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990 [ 244.195663][ T38] 1 lock held by syz.1.2/6055: [ 244.195672][ T38] #0: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 244.195719][ T38] 4 locks held by kworker/1:15/6063: [ 244.195730][ T38] 1 lock held by syz-executor/6066: [ 244.195739][ T38] #0: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 244.195785][ T38] 1 lock held by syz-executor/6077: [ 244.195795][ T38] #0: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 244.195836][ T38] 1 lock held by syz-executor/6080: [ 244.195846][ T38] #0: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 244.195887][ T38] 1 lock held by syz-executor/6081: [ 244.195897][ T38] #0: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 244.195938][ T38] 1 lock held by syz-executor/6096: [ 244.195948][ T38] #0: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 244.195990][ T38] 1 lock held by syz-executor/6102: [ 244.196000][ T38] #0: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 244.196041][ T38] 1 lock held by syz-executor/6111: [ 244.196051][ T38] #0: ffffffff8ecd3538 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 244.196091][ T38] 1 lock held by syz-executor/6114: [ 244.196101][ T38] #0: ffff88813fffc5d8 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x992/0x21b0 [ 244.196143][ T38] 2 locks held by syz-executor/6115: [ 244.196154][ T38] [ 244.196158][ T38] ============================================= [ 244.196158][ T38] [ 244.196177][ T38] NMI backtrace for cpu 0 [ 244.196203][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 244.196246][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 244.196256][ T38] Call Trace: [ 244.196263][ T38] [ 244.196270][ T38] dump_stack_lvl+0x189/0x250 [ 244.196298][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.196322][ T38] ? __pfx__printk+0x10/0x10 [ 244.196352][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 244.196377][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 244.196401][ T38] ? __pfx__printk+0x10/0x10 [ 244.196424][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 244.196447][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 244.196471][ T38] watchdog+0xf93/0xfe0 [ 244.196497][ T38] ? watchdog+0x1de/0xfe0 [ 244.196523][ T38] kthread+0x70e/0x8a0 [ 244.196550][ T38] ? __pfx_watchdog+0x10/0x10 [ 244.196576][ T38] ? __pfx_kthread+0x10/0x10 [ 244.196605][ T38] ? __pfx_kthread+0x10/0x10 [ 244.196629][ T38] ret_from_fork+0x439/0x7d0 [ 244.196654][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 244.196681][ T38] ? __switch_to_asm+0x39/0x70 [ 244.196696][ T38] ? __switch_to_asm+0x33/0x70 [ 244.196711][ T38] ? __pfx_kthread+0x10/0x10 [ 244.196735][ T38] ret_from_fork_asm+0x1a/0x30 [ 244.196766][ T38] [ 244.196773][ T38] Sending NMI from CPU 0 to CPUs 1: [ 244.196803][ C1] NMI backtrace for cpu 1 [ 244.196821][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 244.196838][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 244.196846][ C1] RIP: 0010:ip_route_output_key_hash_rcu+0x6c4/0x23e0 [ 244.196871][ C1] Code: 24 49 81 c7 f0 04 00 00 4c 89 f8 48 c1 e8 03 48 bd 00 00 00 00 00 fc ff df 80 3c 28 00 74 08 4c 89 ff e8 ef 7f b6 f8 49 8b 07 <48> 89 04 24 41 0f b6 04 2e 84 c0 0f 85 ec 16 00 00 41 c7 04 24 01 [ 244.196883][ C1] RSP: 0018:ffffc90000a3ea48 EFLAGS: 00000246 [ 244.196896][ C1] RAX: ffff888034f54000 RBX: ffffc90000a3eb20 RCX: ffff88801ca91dc0 [ 244.196912][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 244.196926][ C1] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000100 [ 244.196935][ C1] R10: ffffc90000a3eb20 R11: fffff52000147d6a R12: ffffc90000a3ecc0 [ 244.196946][ C1] R13: 1ffff92000147d9d R14: 1ffff92000147d98 R15: ffff88803ccf04f0 [ 244.196958][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 244.196970][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 244.196981][ C1] CR2: 000000110c2b28aa CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 244.196994][ C1] Call Trace: [ 244.197000][ C1] [ 244.197010][ C1] ? ip_route_output_key_hash+0xde/0x2e0 [ 244.197025][ C1] ? ip_route_output_key_hash+0xde/0x2e0 [ 244.197042][ C1] ip_route_output_key_hash+0x1b9/0x2e0 [ 244.197057][ C1] ? __lock_acquire+0xab9/0xd20 [ 244.197075][ C1] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 244.197094][ C1] ? ip_route_me_harder+0x4ad/0x1030 [ 244.197113][ C1] ip_route_output_flow+0x2a/0x150 [ 244.197127][ C1] ? ip_route_me_harder+0x6c0/0x1030 [ 244.197144][ C1] ip_route_me_harder+0x6d2/0x1030 [ 244.197165][ C1] ? __pfx_ip_route_me_harder+0x10/0x10 [ 244.197194][ C1] synproxy_send_tcp+0x359/0x6c0 [ 244.197219][ C1] synproxy_send_client_synack+0x8bb/0xe20 [ 244.197245][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 244.197264][ C1] ? nft_log_eval+0x568/0xab0 [ 244.197282][ C1] ? synproxy_pernet+0x45/0x270 [ 244.197300][ C1] nft_synproxy_eval_v4+0x36e/0x560 [ 244.197319][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 244.197335][ C1] ? nf_ip_checksum+0x13c/0x510 [ 244.197352][ C1] nft_synproxy_do_eval+0x345/0x570 [ 244.197370][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 244.197393][ C1] nft_do_chain+0x409/0x1920 [ 244.197415][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 244.197442][ C1] ? try_to_take_rt_mutex+0x840/0xb00 [ 244.197471][ C1] nft_do_chain_inet+0x25d/0x340 [ 244.197487][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 244.197501][ C1] ? __lock_acquire+0xab9/0xd20 [ 244.197523][ C1] ? NF_HOOK+0x9a/0x3a0 [ 244.197541][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 244.197561][ C1] nf_hook_slow+0xc2/0x220 [ 244.197582][ C1] NF_HOOK+0x206/0x3a0 [ 244.197600][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 244.197618][ C1] ? NF_HOOK+0x9a/0x3a0 [ 244.197635][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 244.197651][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 244.197671][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 244.197690][ C1] ? skb_dst+0x4f/0xd0 [ 244.197707][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 244.197727][ C1] NF_HOOK+0x30c/0x3a0 [ 244.197745][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 244.197762][ C1] ? NF_HOOK+0x9a/0x3a0 [ 244.197779][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 244.197798][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 244.197828][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 244.197844][ C1] __netif_receive_skb+0x143/0x380 [ 244.197862][ C1] ? rt_spin_unlock+0x65/0x80 [ 244.197880][ C1] ? process_backlog+0x27b/0x900 [ 244.197897][ C1] process_backlog+0x31e/0x900 [ 244.197920][ C1] __napi_poll+0xb3/0x540 [ 244.197939][ C1] net_rx_action+0x707/0xe00 [ 244.197956][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 244.197983][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 244.198016][ C1] handle_softirqs+0x22f/0x710 [ 244.198037][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 244.198063][ C1] run_ktimerd+0xcf/0x190 [ 244.198081][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 244.198103][ C1] ? schedule+0x91/0x360 [ 244.198124][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 244.198141][ C1] smpboot_thread_fn+0x53f/0xa60 [ 244.198158][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 244.198179][ C1] kthread+0x70e/0x8a0 [ 244.198199][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 244.198216][ C1] ? __pfx_kthread+0x10/0x10 [ 244.198237][ C1] ? __pfx_kthread+0x10/0x10 [ 244.198256][ C1] ret_from_fork+0x439/0x7d0 [ 244.198275][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 244.198294][ C1] ? __switch_to_asm+0x39/0x70 [ 244.198308][ C1] ? __switch_to_asm+0x33/0x70 [ 244.198320][ C1] ? __pfx_kthread+0x10/0x10 [ 244.198340][ C1] ret_from_fork_asm+0x1a/0x30 [ 244.198361][ C1] [ 244.198805][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 244.198817][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 244.198838][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 244.198847][ T38] Call Trace: [ 244.198854][ T38] [ 244.198861][ T38] dump_stack_lvl+0x99/0x250 [ 244.198886][ T38] ? __asan_memcpy+0x40/0x70 [ 244.198905][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.198929][ T38] ? __pfx__printk+0x10/0x10 [ 244.198959][ T38] vpanic+0x281/0x750 [ 244.198986][ T38] ? __pfx_vpanic+0x10/0x10 [ 244.199006][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 244.199024][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.199059][ T38] panic+0xb9/0xc0 [ 244.199078][ T38] ? __pfx_panic+0x10/0x10 [ 244.199100][ T38] ? irq_work_queue+0xc3/0x140 [ 244.199124][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 244.199148][ T38] watchdog+0xfd2/0xfe0 [ 244.199174][ T38] ? watchdog+0x1de/0xfe0 [ 244.199200][ T38] kthread+0x70e/0x8a0 [ 244.199227][ T38] ? __pfx_watchdog+0x10/0x10 [ 244.199247][ T38] ? __pfx_kthread+0x10/0x10 [ 244.199276][ T38] ? __pfx_kthread+0x10/0x10 [ 244.199301][ T38] ret_from_fork+0x439/0x7d0 [ 244.199325][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 244.199351][ T38] ? __switch_to_asm+0x39/0x70 [ 244.199366][ T38] ? __switch_to_asm+0x33/0x70 [ 244.199382][ T38] ? __pfx_kthread+0x10/0x10 [ 244.199407][ T38] ret_from_fork_asm+0x1a/0x30 [ 244.199438][ T38] [ 244.199700][ T38] Kernel Offset: disabled