last executing test programs: 1m57.70500622s ago: executing program 2 (id=40): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000700000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000002c0)='page_pool_state_hold\x00', r0}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0xa4, 0x30, 0x1, 0x4, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x0, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ct={0x0, 0x13, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MIN={0x0, 0xb, @private1}, @TCA_CT_MARK]}, {0x0, 0x6, "0d1fda3912757d67c80d70695bf29580b7610e1612ffa9271de75fcd3c6af17542955d9ec70be1fdc59213ea8232c8669508fd2a587fab206a6baf32aeaa189599c3aa56d647a8c7714a660a07e83ef3b43e5a022b2bbb6a4f71194e467cba9f229ad01b8bb97c3a3e0e16b0c1c121d6c8947f03c5a2392b1852323ee2a1c67043016780bd935e061bd1914c2814866a80"}, {0x0, 0x7, {0x1, 0x1}}, {0x0, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) preadv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000340)=""/133, 0x85}], 0x200000c7, 0x0, 0x1) sendmmsg(r3, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r4) sendmsg$NLBL_CIPSOV4_C_REMOVE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004004}, 0x0) 1m56.635250208s ago: executing program 2 (id=42): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xf}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc) 1m56.268257281s ago: executing program 2 (id=44): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) 1m55.706479477s ago: executing program 0 (id=48): open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000480)=0x0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x14, 0x1, 0x0, r0, &(0x7f0000000000), 0x100000, 0x3f}]) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff}) splice(r4, 0x0, r3, 0x0, 0x1000, 0x0) write$binfmt_aout(r2, &(0x7f00000004c0)=ANY=[], 0x120) 1m55.617664926s ago: executing program 2 (id=49): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x80000, 0x0) mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x5257418, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x2a05004, 0x0) umount2(&(0x7f0000000200)='./file0/file0\x00', 0xb) 1m55.296581049s ago: executing program 4 (id=50): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2) connect$unix(r0, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x8, 0x0, 0x1, 0xffffff01, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, 0x0, 0x0}, 0x20) pipe2$9p(0x0, 0x0) r1 = creat(0x0, 0x0) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x10000000000016, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) modify_ldt$write2(0x11, &(0x7f0000000100)={0x1d30, 0x0, 0x2003, 0x1}, 0x10) 1m55.216709184s ago: executing program 2 (id=51): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1m53.971547602s ago: executing program 4 (id=52): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000700000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000002c0)='page_pool_state_hold\x00', r0}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0xa4, 0x30, 0x1, 0x4, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x0, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ct={0x0, 0x13, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MIN={0x0, 0xb, @private1}, @TCA_CT_MARK]}, {0x0, 0x6, "0d1fda3912757d67c80d70695bf29580b7610e1612ffa9271de75fcd3c6af17542955d9ec70be1fdc59213ea8232c8669508fd2a587fab206a6baf32aeaa189599c3aa56d647a8c7714a660a07e83ef3b43e5a022b2bbb6a4f71194e467cba9f229ad01b8bb97c3a3e0e16b0c1c121d6c8947f03c5a2392b1852323ee2a1c67043016780bd935e061bd1914c2814866a80"}, {0x0, 0x7, {0x1, 0x1}}, {0x0, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) preadv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000340)=""/133, 0x85}], 0x200000c7, 0x0, 0x1) sendmmsg(r3, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r4) sendmsg$NLBL_CIPSOV4_C_REMOVE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004004}, 0x0) 1m53.791780644s ago: executing program 0 (id=53): r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_io_uring_setup(0xbd9, &(0x7f0000000240)={0x0, 0xcc96, 0x400, 0x2, 0x40200333}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f00000037c0)=[{0xa20, 0x11, 0x4, "66f826c9107ebbc8d1f165854974833938769918a5b1a8b2373a25ba9210e2df0c6faea192fcb983406dbc5b99109fd3ec526142b0e6c0781a4d603464e65f0c91d2d081b147e1539fcf5170734fdfb5126832c5d1afdd422631ec88bc204fd032c25e457cc6a5fc220b575de297aa2120a55d4f3a38c59d45bff7f9a2aad4b242b93cd32829de226946df596f6260daaa3c9a712c0a50eee55bf752e464fdbbc4c4612493987548df46a4e004b21e5e74c2172bc747d7b5a1db68edb5f588870c3bc898f12be0ad1c154693a1ee58803333fdc46928e82ede4020846068847fce67f4d0d8595f6a4b514d515a5d0bf4378f34b093df8383115950c6b697ac930c44a577e460808db18ed1c8dbbd54d019e65da56f64de805ef5e8b36daf706a4b520c4ab72de912d6743d3c9be5e80137aa388425a65b6a637783aa59499ee8211f5cd32d64df71a23a746b56807feb6619901e7205caf641dff76aa14ab22ee85462e6737599e36f9afa3fbf73d993b7db3e2269b713e7dd01e7ed7e638ebc63c85ba3020f3aa9fafa6c1139951ce5d026b82194f92a6c99707c368d0da9c2e67503b0381c3cfdf26052c0fc0bf1a3fc48871eaaac6c7eec1cba0457ccd7dc75c9d5b6bf9487770bbc3dea61f3076feb60c08b057c9112263a863b123895c268bf9457af76085aaa299b470126f6b7d52a5d57c2e7f3ad11ec9785d327763889ecf49e9770af3060f76015603f35b68c2dbd6b3e8b480ad8a3561d89ba935c912294d11be45803ea364aa1789a3230d088d2b848d258366ba67ea4b3e5a435988913b9739ab93496924530da10c7c4979bb00ce252dbfc869edf7034f3f0e5e38ce2a19d2dcd9be7a76540de2483eaa4816d08981b27d11d94558c4fa252e503667dd01e233b54549a5d81fd1d367a0ec50a0c8ac28855f75a2ed0f799a1aeb8a0a76968754cca3cebe0f0856cc2bc2b193ad460165e632fdfe80ee14cdb23665a8e04e44fa98f8a43799c9c02edf782d31810ef8531cd3702b5df9435a549282733e8b5e49ffa590693f59d72133fff0230c161ff64eeb6a17c80abfee1bb7b374ff1f0382fd3f3b5cc9c38f286eafba118bbe66e25500bc9e5160be9c741f254c5ae961e38641f1e37f80ce23bc6908fe6fdfa031237440bbaaa0afc1a0098c559ab11a73ca488b9f7d901bedadbc5cc3aa799f71ecb8de759fbc886a3d4083c13956c62e08c8b5866ba2e89c40acb413252067cad2c91d05ad2f04f8fce3cb1cc2435822efe465ad1f17238a38a903ceba3777a8d9fcbd744b6ca9b05589a6a98377069332a906bc68451778408c749bf1a6e326c8da93356813a379aaa108e00ae49faf9cdfd291ea782bae092ffa47df7bbf83686907130f8002abe50bfdd761b202a2f2cc8a413ef75b11b756fe149c8e1df51396bd63c21024635f9b402b369dd9dfd574f0861798b9ca2dd040256f99e5cb71cf0adba24680fcefcb3d057d8506ee6310d48b346091258b2a2b2e0cb2b28315f9fa5594a31a1a5a38624e69573035ebd61e052bbd000b3f02bf61d1c9305544d901f3fcb0078f764c8b96bd11748277fc3edfdba3bfd3d3001c6a75120b56cb830e176f075c1e6552d60134d365f7f9862dc71d26c22805f570f6914f68eb999a4c4ff85d6166d3b14a4f55e3d30ae243111081fc692609cf34a777b8a4b66bac96fdbfb78425c6895a9eb5d473cce53340e7435a6bd213f2c7e9699ca71cb166252b66d49d4a0e3f97d759b1af74c8b21edf32d1536a5cd16cae901dea97f2687f7750b88175fd316174bb13e2da98d244cc6c28dc5026013efd614803c002d36371742c667c0083892073b4947eb4160694a5626550751cfcce0475e823c1e33c228487cae5b81dad69b95b0cb238a65339bf6bc44e0a4a5b7e64795d7f1155ede61fdbab2bc2f277be70d54c2d948035cbb77bd8762f205e07551403d993348a80408a4033e2f84c7753e6f591a8bd668d982d2b08776e4145d0d514997c4a31d877ccf86231825b0ba7bbb333241539c9d0043b0f132074e4b8f565cfc3c0b8b0dd0a66a6668d907dfe4dd6bd8f213302a09843c4c28aac7fcf1d9f5695f248fe16484358b5ef0f8a2cc1bf86f1271344329a6ed5f3020e420ec16a796186366a4bdc91b8f3f38af01596a11d40f914d7cc6820c1f261dd531bae4aabb53c07ace00f9286f13ee149d200e7909fe5755df99fda6fac0adb589c2347fcd7cb390614a80e5a6c62e45e701718dae04c247b19df99824cb63239e7c7501048e61a1549d3df23e95a65920c3e5932f411ec057ed995d8fc0317d7586690bdfc9f5bd8024868c8316c25db8c5bf266ea67cfcef0d1bfdb5e0e26592a066a0b8ba3130b20a2377530d9acaaad010b006f9a5f5d8587d83764f0e42cc4d801081c36192679e783b15b9eb721f63d77ddbbf29084648cde39a672f815800994a2309d489209fcb6a927988bd153251598dcb3b96624d870595e36d590c995bd59114d670b91a3f132873d515435e1dc5cbc82a6b856b4f29b88289af2a8ca5d1cc9d7e6d49f408df75b4d0083379f6b2fef06235af75be1b679b9185ad6792da906c500dc3296e9e8af33d2351a4ba800bef6aa6be778125b2bd911746c5aaf0b436fb37523ab4596c3ae2aed4dcaa1f8e29db2763e2623f5351847d6da000e6c0667835031d545a65c85338b9becd554c3f324013a77a8edd52e2a3a41748fb44a269a4446cbc777f90b67dfb426c892b1eedcc266f4f031cf9c481123fa802c565d706f3930a39b29ecaf65021105958841f1d092525db2d1a9a60c45fa171b023682d10ea4b0b131f2ea4bfc859b4d6fa71ae0bf35052e1778de6cb667ce91d30e8c21231d4ab1dbb9328d4c8cc8d16e4b17471fdcb314530c121a599ba1a01d653373c2bd6b692928a699307f77dc3e0cda977ce315508207bccfa0c6e6012227f439a34ab4a7958943452c96001ec01a094376916cdceaad85d10684b50996f550e6488931064ea6c9371b1d77e00468477fed546d48089101468b98765724fa3a9285d0bd2534265229e7b1a09e417bb58cf01c34e1a137dddfbed3e9bd2ffcf948b938d21550c98caa416a4f70007e91a423e04e042e2b355fa704370188dc0426a63618d99c252e545f8d2d743e3252ef38cf09afae31c407cb92cef224e41a04190b2a9f1f078532683860f172c20573b2be701ecf685c1452669126e072b23b92e6aa3607c4237b6db1682e2c226c11b8fb44afa2cfe607655d84e5078761912ea38e0eb31a3e1847d1795d92bdf9980090f711dc113e2692c521b86976aed484239c3ce91de90ff4b65fc2b4eb8e1912139412de6b1a1cdad9ef216c2725aae767d3e41a4c01bbc2e2d1719c3dada79b4b24c93ee9a961f1682a41b7fb3cd6c06b5bc885091438d5f6b8556d585531ee778736ee4c7128a3056aa7535257f813e9f4e425737ce81b66e498a3ca68e0c0db940dee624df904f07592dfb3f3b54f798711a25908831a48fd29af3b42325cda3b4df1d40c08645de923ebc19294c47e756624d1cd5fe4a0f792e558f5548bc1e90fbd4931c6a6f7fcbb180d164c4f7a26691a3738003b1af94315cd451920832869d25fd"}, {0xc, 0x0, 0xfffffffd}], 0xa2c}, 0x0, 0x4040090}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 1m53.140296394s ago: executing program 4 (id=54): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xf}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc) 1m53.092522896s ago: executing program 2 (id=55): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) write$tun(r1, &(0x7f0000000280)={@val={0xa, 0x6003}, @void, @eth={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @broadcast, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x11, 0x11, 0xff, @empty, @mcast2, {[], {0x4f19, 0x4e20, 0x11, 0x0, @opaque="a5695b9a66f88b2129"}}}}}}}, 0x4b) 1m52.974189571s ago: executing program 0 (id=56): socket$netlink(0x10, 0x3, 0x14) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x80002011}) shutdown(r0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x3000c003}, 0x80) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="54000000020601040000000000000000000000000c00078008000640000000010500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e657400000000bffb2648c21695"], 0x54}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xffffffc1, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 1m52.290144261s ago: executing program 32 (id=55): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) write$tun(r1, &(0x7f0000000280)={@val={0xa, 0x6003}, @void, @eth={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @broadcast, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x11, 0x11, 0xff, @empty, @mcast2, {[], {0x4f19, 0x4e20, 0x11, 0x0, @opaque="a5695b9a66f88b2129"}}}}}}}, 0x4b) 1m52.278783207s ago: executing program 0 (id=58): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x4, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000280)) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000240)=0x28e) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000007640)=ANY=[], 0x3aa0}}, 0x0) recvmsg(r4, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}, 0x0) 1m52.278018352s ago: executing program 1 (id=59): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) 1m52.231960336s ago: executing program 4 (id=61): socket$can_j1939(0x1d, 0x2, 0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x9, 0x14, 0xc2}, &(0x7f00000007c0)=0x0, &(0x7f0000000200)) r4 = socket$alg(0x26, 0x5, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) r6 = accept4(r5, 0x0, 0x0, 0x80800) r7 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000140)={0x10000010}) bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58) close(r0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) r9 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r9, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8000, 0x1000, 0x4, 0x6}}) mount$9p_tcp(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x800000, &(0x7f0000000140)={'trans=tcp,', {'port', 0x3d, 0x20000004e23}}) fallocate(0xffffffffffffffff, 0x40, 0x1ba3, 0x1) r10 = socket$netlink(0x10, 0x3, 0x0) close_range(r10, r9, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f00000002c0)={0x2, @sdr={0x3147504d, 0x1}}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000300)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff00000000ae04020000000000be400300000000006504030001ed00007b130000000000004d44000000000000620a00fe000000007133000000000000b5030000000000009500000000000000023bc065b7a379d17cf9333379fc05000000912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50bec919bc461e91a7168c5181554d1b583c587e436fe275daf51efd601b6bf01c8e8b1b526375ec5dd6fcd82e4fee5bef7af9a0200000000000000e3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f645679c294392cf538b07ce2646cb7798b3e6440c2fbdb00a3e35208b0bb1d2cd871c5548930be3835f2554b4a28610643a98d9ec21ead2ed51b104d4d91af25b84550a7925c3109b151b8b9f75d80000000eda88c658d42ecbf28bf7076c15b463bebc72f526d8e4a9e231d512381e7a78afcb913466aae7f6df70252e79166d858fc152b659da074e1320060d0b11008e59a5923906f88b53987ad1714e72ba7a5b74f0c33d39000d06a59ff61622cfd9aa58fe8d485ae2c0cc65c2a36aaec2477584b6a89adaf17b0a6041bde4cc3ed54d27f777e92b87496e6649cf728d236619074d6ebdf098bc908c423d228a40f9411fe7226a40409d6e37c4f46756d31cb46761bade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18de0ae564162a27afea62d84f3a10746443d64364f56e24e6d21053d901204a1deeed41556175cbd4041b7d301bcb72652d950ad31928b0b093778b68e2e9853c02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f98928d5e9b94ff9ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cff538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595bcf50ab32d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063b59261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6f8c3a13596c2ea3e2e04cfdce669e51731b2875353193f82ade69d0540059fe6c7fe7c00fb7502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abd47b64a1b304502dda787343ce3c95300000000010000003baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022af46667cf25c5d3038816106dec28eaeb88343261a48a18f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfeff59d54d1f92ecc4e95dd2d18383117c03987d198899b212c55318294270a1ad10d30fef7c24b78b29d83238273f4fc87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead8eaf68b0c5dda0467d35a3807000000b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ea1e717d29135753208165b9cdbae037f315c7d951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d7012c1b45f6ada1ee7baa5b6a686b50f09b7f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac4d73a008364e0602a594817031fc2ff2c32a1989e00f52f8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a3c3e6e4fd2e016820f78b796a825b3dad9ce7b37507e0b83c3ecd01549bca6a016b3e18a00c748894dc3bfe5efda8b0a477d6a6562fdee45eb16e276dee992094ba9830f6c164179e7d532d86060bea930118d3cae1b8f916b9671b7000000000040f4bee5ad2dea2d14e195265504c05bba38b095e1679f96ddef65ba5de9c8cfb6465ae4165c0689a314a6eb6b36aa705b957edef3035e14b879d4e7dc00624708042e00bf9a7f7ae5f308744770759558e4fcb99c0dc957521ef255362bf2f3966f3754e81fb9bdef22c19f5a49147b85343f9f36bcda9f64b7a5c5b2f5452f5b1de02e6f15c5640bf89d4a74d51dc233dee628c1dfbb5566b98478c174b34eb234481547e484c6af101396b6977dd668b401391c1dc54f2edccf1cabe6be9868d383eb937efdfd9ade018106f544f04fc07ad525497f65fbad3cf145396acf3b0d38e6b46e28d86880fd6f62c373000000000000000000005d194c27cd4d8f6727de79be80fb4493a0ee2e85f59c71dc84311c0f1fb6c87081c7be9355288610c32c2d8c18bf2027212182903687f48262aea54c5f8a315c9aa4a5af1aa2c4007d1baae38c270012b7eb9411ae451204dba30f8321b07a18db97c3e0cf6a15170e515b1cc463a67a5b2b23ec5662ccfa898b8d5075647bdfb390cde56efb8fd42df12c5c8f66bdc58449ec2b38bf12f5f0a49dcbcf4e6f11c47d23fa34793a0000a1cbb1e06e9a8d2449451d7a05ec0a0d3c9716f505ddeba488c60ebf44cac05c2739694359c925148137376dd3f1330ed0e9211f73ee279cc0b5c298422395ce438f48a39ff569375e609f9e904aacc3d8011326d5e4d654c74501cf16bbf72d3984f9b4ef000000003a8a3d49fc837001e4622e58e3a4ef6b55a8dd0680d951cdb6e54ed92a9a6a0e5e494b7b7b0ef4b4bafc5d964551b2a22bfd12b0761ef07a103e51e84917ee44f860b9785e264343f6a80e9318edecf73df6940856cd56c56eb3831445833c701044aaa49439a44a624267580b3c0980d7f87437bf498f6e1915450400000000000000564a02552c0a5fedbcf4da0db6ed03b9dbc224ee76d20aaf1ac74bcb7eb6f202209e64cc4d130dcf6ab3df8ae4911deb4bb5c7df97fc348d151e834be73915f854272f69d88123f666448b6a8e73322b04fffea9cc05e4129debf311c73b4d1a244b1e5b9943028745a0b6477686740ab877315e35624d791e6f71adb1acd3e22cf472ff7e048b16c11c84da9a3b16b92665912132a4dba680052919c20e191311d8092a09f3c609823fed1bd651ce1c34de105790ba2ca3afa26647f66efbf97b109e7226c74e32beb14ff3fd6918e255fc9b42f86b0188cf885afcc9bb77a7fc3ca7ec1015af494add960f8a11422ca005f24006867cd156e0350022943e301b2c07f4d37d07b05ac2fa1f1d5a0d6eb7e992b076bd77509c26034d2a740d578476410b413591884136259693effaf27e7bcfb58efa92625fb9bd68ecca42047f6e7d24b0446ea16a310073c163d1c6aa3ba1fe76b4e88d5f98cc05c6d033e2c28b4990892230d6b4e5c083a601a25145eb22f4f77313117f8147810d95c64fb78b0a000000000000000000000000e92ba8b066e4bd82bb6003d5da8791d838bcd6eefb13000000000000000000000000000000b652ff6fbad82da75114742bc6a27cba894ef490531be709a3a3c81b267dfafa55e6f855200b4e7518682c30f40808cd5bb8f00beb63b4989cc01d8e75a182337b9f9e08430ccec9bda0134d07a9f54b60033182f5d2bb61fd130d65e68bf148d26470060c707a8cf750ca954ee63c78cd975c7f565783383f02edcb7ce4a9ed0c511d18fe32352276d72eefe0d566f97ccae16b3492f60b96574aac4f1862fb6e4932c181dbf8c68ca16b765de9edba0bf5bfb9c4950d19c0bc31db02f374ce62141160436639d4b6cb0033a47ffdc54d55f1136743b1b26946f200000000000000007590ab8f29c7accd9d11786c4ca1271cd2293b572f14a3dfcaa3467f2783fc09e3eee3fa4b82b7b6ce904e05fa797a2f7ff63e4f874bd870821f6460904e05d7a3f8295a9a5fd21e3587b9d9e878c86ba9b66c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffdbb}, 0x48) 1m52.034448693s ago: executing program 1 (id=62): r0 = socket(0x1e, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) syz_init_net_socket$ax25(0x3, 0x5, 0xc4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) setuid(0xee01) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) chdir(0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req={0x8, 0x5, 0x8, 0x4}, 0x10) recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x9200000000000000) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0xc8200, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) ioctl$TCFLSH(r4, 0x540b, 0x2) 1m50.513539752s ago: executing program 3 (id=64): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_procfs$pagemap(0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) r1 = socket$inet6(0xa, 0x2, 0x3a) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000b00)=0x6) r3 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r3, 0xc0044dff, &(0x7f0000000100)=0x9) recvmmsg(0xffffffffffffffff, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001a00)}, 0x2}], 0x1, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xb, &(0x7f0000000100)=0x47d, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000600)) 1m49.769826688s ago: executing program 1 (id=65): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}]}, &(0x7f0000000240)=0x10) 1m48.162695027s ago: executing program 3 (id=66): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd) r0 = dup(0xffffffffffffffff) read$eventfd(r0, 0x0, 0x0) write$P9_RLINK(r0, &(0x7f0000000300)={0x7, 0x47, 0x1}, 0x7) 1m48.161469298s ago: executing program 1 (id=67): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x30, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x30}}, 0x0) fsopen(0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 1m47.800562938s ago: executing program 3 (id=68): socket$inet6_mptcp(0xa, 0x1, 0x106) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x8a2b01) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000240)={@hyper}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0) 1m47.536065016s ago: executing program 1 (id=69): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000001c0895"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)=ANY=[@ANYBLOB="5c000000020605000000000000000000000000000c00078005001500267d00000500010007000000050005000a000000050004"], 0x5c}}, 0x4000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1) sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) 1m47.289245373s ago: executing program 1 (id=70): fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2002) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(0xffffffffffffffff, &(0x7f00000004c0)={0x2, 0x4e24, @multicast2}, 0x10) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]}) close_range(r3, 0xffffffffffffffff, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) clock_settime(0xfffffffb, &(0x7f0000000280)={0x0, 0x989680}) 1m46.770726495s ago: executing program 3 (id=71): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000700000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000002c0)='page_pool_state_hold\x00', r0}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0xa4, 0x30, 0x1, 0x4, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x0, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ct={0x0, 0x13, 0x0, 0x0, {{}, {0x0, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MIN={0x0, 0xb, @private1}, @TCA_CT_MARK]}, {0x0, 0x6, "0d1fda3912757d67c80d70695bf29580b7610e1612ffa9271de75fcd3c6af17542955d9ec70be1fdc59213ea8232c8669508fd2a587fab206a6baf32aeaa189599c3aa56d647a8c7714a660a07e83ef3b43e5a022b2bbb6a4f71194e467cba9f229ad01b8bb97c3a3e0e16b0c1c121d6c8947f03c5a2392b1852323ee2a1c67043016780bd935e061bd1914c2814866a80"}, {0x0, 0x7, {0x1, 0x1}}, {0x0, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) preadv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000340)=""/133, 0x85}], 0x200000c7, 0x0, 0x1) sendmmsg(r2, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r3) sendmsg$NLBL_CIPSOV4_C_REMOVE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x1c, r4, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004004}, 0x0) 1m46.343516293s ago: executing program 4 (id=72): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r5, r4], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}) ioctl$DRM_IOCTL_MODE_GETENCODER(r6, 0xc01464a6, &(0x7f0000000080)={r7}) 1m45.032595231s ago: executing program 4 (id=73): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) recvmmsg(r0, &(0x7f0000000c00)=[{{&(0x7f0000000140)=@rc={0x1f, @none}, 0x80, &(0x7f0000000400)}, 0x71}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000540)=""/1, 0x1}, {0x0}, {&(0x7f0000000680)=""/26, 0x1a}, {&(0x7f0000000900)=""/198, 0xc6}], 0x4, &(0x7f0000000840)}, 0x4}], 0x2, 0x40008140, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000002300)=[{{&(0x7f0000000000)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000100)=[{&(0x7f00000002c0)="e044", 0x2}], 0x1}}], 0x1, 0x2000c000) 1m44.906051256s ago: executing program 3 (id=74): r0 = socket(0x1e, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) syz_init_net_socket$ax25(0x3, 0x5, 0xc4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) setuid(0xee01) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) chdir(0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req={0x8, 0x5, 0x8, 0x4}, 0x10) recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x9200000000000000) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0xc8200, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) ioctl$TCFLSH(r4, 0x540b, 0x2) 1m44.822895552s ago: executing program 0 (id=75): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_procfs$pagemap(0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) r1 = socket$inet6(0xa, 0x2, 0x3a) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000b00)=0x6) r3 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r3, 0xc0044dff, &(0x7f0000000100)=0x9) recvmmsg(0xffffffffffffffff, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001a00)}, 0x2}], 0x1, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xb, &(0x7f0000000100)=0x47d, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000600)) 1m31.866813589s ago: executing program 3 (id=76): open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000480)=0x0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x14, 0x1, 0x0, r0, &(0x7f0000000000), 0x100000, 0x3f}]) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff}) splice(r4, 0x0, r3, 0x0, 0x1000, 0x0) write$binfmt_aout(r2, &(0x7f00000004c0)=ANY=[], 0x120) 1m31.866579919s ago: executing program 0 (id=77): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd) r0 = dup(0xffffffffffffffff) read$eventfd(r0, 0x0, 0x0) write$P9_RLINK(r0, &(0x7f0000000300)={0x7, 0x47, 0x1}, 0x7) 1m22.554665889s ago: executing program 33 (id=70): fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2002) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(0xffffffffffffffff, &(0x7f00000004c0)={0x2, 0x4e24, @multicast2}, 0x10) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]}) close_range(r3, 0xffffffffffffffff, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) clock_settime(0xfffffffb, &(0x7f0000000280)={0x0, 0x989680}) 43.920387045s ago: executing program 34 (id=73): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) recvmmsg(r0, &(0x7f0000000c00)=[{{&(0x7f0000000140)=@rc={0x1f, @none}, 0x80, &(0x7f0000000400)}, 0x71}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000540)=""/1, 0x1}, {0x0}, {&(0x7f0000000680)=""/26, 0x1a}, {&(0x7f0000000900)=""/198, 0xc6}], 0x4, &(0x7f0000000840)}, 0x4}], 0x2, 0x40008140, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000002300)=[{{&(0x7f0000000000)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000100)=[{&(0x7f00000002c0)="e044", 0x2}], 0x1}}], 0x1, 0x2000c000) 8.087420774s ago: executing program 35 (id=77): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd) r0 = dup(0xffffffffffffffff) read$eventfd(r0, 0x0, 0x0) write$P9_RLINK(r0, &(0x7f0000000300)={0x7, 0x47, 0x1}, 0x7) 0s ago: executing program 36 (id=76): open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000480)=0x0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x14, 0x1, 0x0, r0, &(0x7f0000000000), 0x100000, 0x3f}]) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff}) splice(r4, 0x0, r3, 0x0, 0x1000, 0x0) write$binfmt_aout(r2, &(0x7f00000004c0)=ANY=[], 0x120) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.153' (ED25519) to the list of known hosts. [ 83.289829][ T5823] cgroup: Unknown subsys name 'net' [ 83.522664][ T5823] cgroup: Unknown subsys name 'cpuset' [ 83.598385][ T5823] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.294745][ T5823] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.062048][ T31] cfg80211: failed to load regulatory.db [ 88.132874][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.136483][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.143958][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.145135][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.149119][ T5838] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.149933][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.152581][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.153028][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.154649][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.155495][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.159604][ T5155] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.161462][ T60] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.163444][ T60] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.235507][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.243643][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.244522][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.263850][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.270767][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.272055][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.297376][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.298434][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.355071][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.358119][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.369764][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.370501][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.174924][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 89.203009][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 89.558584][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 89.610875][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 89.644965][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 90.139876][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.141127][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.141744][ T5835] bridge_slave_0: entered allmulticast mode [ 90.144844][ T5835] bridge_slave_0: entered promiscuous mode [ 90.179366][ T5846] Bluetooth: hci0: command tx timeout [ 90.231301][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.231410][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.231546][ T5840] bridge_slave_0: entered allmulticast mode [ 90.233020][ T5840] bridge_slave_0: entered promiscuous mode [ 90.255455][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.255671][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.256237][ T5835] bridge_slave_1: entered allmulticast mode [ 90.258006][ T5846] Bluetooth: hci1: command tx timeout [ 90.268980][ T5835] bridge_slave_1: entered promiscuous mode [ 90.311971][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.312048][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.312175][ T5840] bridge_slave_1: entered allmulticast mode [ 90.313730][ T5840] bridge_slave_1: entered promiscuous mode [ 90.338984][ T5845] Bluetooth: hci2: command tx timeout [ 90.339226][ T5846] Bluetooth: hci4: command tx timeout [ 90.418015][ T5846] Bluetooth: hci3: command tx timeout [ 90.942934][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.943213][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.943392][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.943561][ T5836] bridge_slave_0: entered allmulticast mode [ 90.945964][ T5836] bridge_slave_0: entered promiscuous mode [ 91.053079][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.143884][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.144212][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.144365][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.144538][ T5836] bridge_slave_1: entered allmulticast mode [ 91.147677][ T5836] bridge_slave_1: entered promiscuous mode [ 91.262525][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.262887][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.262976][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.263093][ T5848] bridge_slave_0: entered allmulticast mode [ 91.264570][ T5848] bridge_slave_0: entered promiscuous mode [ 91.409664][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.409802][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.409975][ T5843] bridge_slave_0: entered allmulticast mode [ 91.412731][ T5843] bridge_slave_0: entered promiscuous mode [ 91.640053][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.640166][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.640302][ T5848] bridge_slave_1: entered allmulticast mode [ 91.641798][ T5848] bridge_slave_1: entered promiscuous mode [ 91.793198][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.793326][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.793486][ T5843] bridge_slave_1: entered allmulticast mode [ 91.794991][ T5843] bridge_slave_1: entered promiscuous mode [ 91.960207][ T5835] team0: Port device team_slave_0 added [ 91.963641][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.042658][ T5840] team0: Port device team_slave_0 added [ 92.133283][ T5835] team0: Port device team_slave_1 added [ 92.135992][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.207648][ T5840] team0: Port device team_slave_1 added [ 92.219977][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.259707][ T5846] Bluetooth: hci0: command tx timeout [ 92.337909][ T5846] Bluetooth: hci1: command tx timeout [ 92.411636][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.417945][ T5846] Bluetooth: hci4: command tx timeout [ 92.417964][ T5845] Bluetooth: hci2: command tx timeout [ 92.493624][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.498984][ T5846] Bluetooth: hci3: command tx timeout [ 92.677595][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.034516][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.034534][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.034558][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.039701][ T5836] team0: Port device team_slave_0 added [ 93.150794][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.150812][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.150834][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.231186][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.231197][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.231210][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.233186][ T5836] team0: Port device team_slave_1 added [ 93.331046][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.331065][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.331088][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.334139][ T5848] team0: Port device team_slave_0 added [ 93.451743][ T5843] team0: Port device team_slave_0 added [ 93.465886][ T5848] team0: Port device team_slave_1 added [ 93.552976][ T5843] team0: Port device team_slave_1 added [ 93.614687][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.614701][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.614716][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.969610][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.969625][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.969648][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.091367][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.091384][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.091407][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.338089][ T5846] Bluetooth: hci0: command tx timeout [ 94.368679][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.368695][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.368717][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.373210][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.373225][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.373258][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.390786][ T5835] hsr_slave_0: entered promiscuous mode [ 94.392389][ T5835] hsr_slave_1: entered promiscuous mode [ 94.418747][ T5846] Bluetooth: hci1: command tx timeout [ 94.420688][ T5840] hsr_slave_0: entered promiscuous mode [ 94.422025][ T5840] hsr_slave_1: entered promiscuous mode [ 94.423160][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 94.423313][ T5840] Cannot create hsr debugfs directory [ 94.452968][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.452985][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.453008][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.498246][ T5845] Bluetooth: hci2: command tx timeout [ 94.498400][ T5846] Bluetooth: hci4: command tx timeout [ 94.578251][ T5846] Bluetooth: hci3: command tx timeout [ 94.940172][ T5836] hsr_slave_0: entered promiscuous mode [ 94.941591][ T5836] hsr_slave_1: entered promiscuous mode [ 94.942539][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 94.942562][ T5836] Cannot create hsr debugfs directory [ 95.205548][ T5848] hsr_slave_0: entered promiscuous mode [ 95.206360][ T5848] hsr_slave_1: entered promiscuous mode [ 95.206911][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 95.206932][ T5848] Cannot create hsr debugfs directory [ 95.560095][ T5843] hsr_slave_0: entered promiscuous mode [ 95.561438][ T5843] hsr_slave_1: entered promiscuous mode [ 95.563533][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 95.563551][ T5843] Cannot create hsr debugfs directory [ 96.418297][ T5846] Bluetooth: hci0: command tx timeout [ 96.497895][ T5846] Bluetooth: hci1: command tx timeout [ 96.577999][ T5845] Bluetooth: hci2: command tx timeout [ 96.578058][ T5846] Bluetooth: hci4: command tx timeout [ 96.659109][ T5846] Bluetooth: hci3: command tx timeout [ 96.900262][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.950827][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.974435][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 97.035437][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.162456][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.204324][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.251969][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.307211][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.459879][ T5848] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.524607][ T5848] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.570210][ T5848] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 97.640704][ T5848] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 97.810734][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.856349][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.903948][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.989655][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.170810][ T5843] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 98.229483][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.234299][ T5843] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 98.262326][ T5843] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 98.297303][ T5843] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 98.424114][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.455899][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.495626][ T4152] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.496525][ T4152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.569274][ T84] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.569426][ T84] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.606525][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.656523][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.673169][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.673390][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.733776][ T4152] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.734017][ T4152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.830925][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.876651][ T84] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.876921][ T84] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.914245][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.932470][ T4546] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.932654][ T4546] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.100830][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.182754][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.199128][ T4152] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.199264][ T4152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.257614][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.258015][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.376424][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.447040][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.447343][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.516601][ T3588] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.516760][ T3588] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.589069][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.903577][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.990641][ T5835] veth0_vlan: entered promiscuous mode [ 100.031885][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.069803][ T5835] veth1_vlan: entered promiscuous mode [ 100.335782][ T5836] veth0_vlan: entered promiscuous mode [ 100.340073][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.363271][ T5835] veth0_macvtap: entered promiscuous mode [ 100.396137][ T5835] veth1_macvtap: entered promiscuous mode [ 100.397386][ T5848] veth0_vlan: entered promiscuous mode [ 100.425363][ T5836] veth1_vlan: entered promiscuous mode [ 100.460580][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.483814][ T5848] veth1_vlan: entered promiscuous mode [ 100.512872][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.565299][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.623898][ T84] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.645107][ T84] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.672174][ T84] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.693532][ T84] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.736386][ T5836] veth0_macvtap: entered promiscuous mode [ 100.751252][ T5840] veth0_vlan: entered promiscuous mode [ 100.832576][ T5836] veth1_macvtap: entered promiscuous mode [ 100.950598][ T5848] veth0_macvtap: entered promiscuous mode [ 100.956912][ T5840] veth1_vlan: entered promiscuous mode [ 101.061831][ T5848] veth1_macvtap: entered promiscuous mode [ 101.094749][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.166424][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.226495][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.226517][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.262011][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.262121][ T4152] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.282624][ T4152] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.324642][ T4152] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.375411][ T4152] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.385419][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.420454][ T5840] veth0_macvtap: entered promiscuous mode [ 101.468556][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.468573][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.497280][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.508627][ T5840] veth1_macvtap: entered promiscuous mode [ 101.515165][ T5843] veth0_vlan: entered promiscuous mode [ 101.516581][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.596552][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.616248][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.736576][ T5843] veth1_vlan: entered promiscuous mode [ 101.873982][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.016865][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.035313][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.035333][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.146637][ T4152] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.217105][ T4152] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.220405][ T4152] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.220691][ T4152] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.247776][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.527964][ T4546] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.527982][ T4546] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.664326][ T5843] veth0_macvtap: entered promiscuous mode [ 102.740044][ T5843] veth1_macvtap: entered promiscuous mode [ 102.801229][ T4546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.801247][ T4546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.998678][ T4152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.998699][ T4152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.196529][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.251751][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.251771][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.637761][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.637803][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.637835][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.637867][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.637899][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.637930][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.637962][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.637995][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.638027][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 104.316485][ T5964] mmap: syz.1.2 (5964) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 104.446002][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.991852][ T5972] input: syz1 as /devices/virtual/input/input5 [ 104.997456][ T37] audit: type=1326 audit(1756821696.023:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 104.997506][ T37] audit: type=1326 audit(1756821696.023:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 104.997538][ T37] audit: type=1326 audit(1756821696.023:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 104.997569][ T37] audit: type=1326 audit(1756821696.023:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 104.997603][ T37] audit: type=1326 audit(1756821696.023:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 104.997635][ T37] audit: type=1326 audit(1756821696.023:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 104.997666][ T37] audit: type=1326 audit(1756821696.033:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 104.997968][ T37] audit: type=1326 audit(1756821696.033:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 104.998010][ T37] audit: type=1326 audit(1756821696.033:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 104.998046][ T37] audit: type=1326 audit(1756821696.033:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5969 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f27215debe9 code=0x7ffc0000 [ 105.105155][ T1183] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.106516][ T1183] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.201856][ T1183] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.235073][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.235090][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.296893][ T58] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.859887][ T5987] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 106.914420][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.914439][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.368903][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.368919][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.211673][ T6031] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 113.249480][ T6031] process 'syz.1.21' launched './file0' with NULL argv: empty string added [ 114.546625][ T6052] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 114.546655][ T6052] overlayfs: failed to set xattr on upper [ 114.546662][ T6052] overlayfs: ...falling back to redirect_dir=nofollow. [ 114.546669][ T6052] overlayfs: ...falling back to index=off. [ 114.546676][ T6052] overlayfs: ...falling back to uuid=null. [ 115.313435][ T6075] fuse: Bad value for 'group_id' [ 115.313454][ T6075] fuse: Bad value for 'group_id' [ 115.407621][ T6076] overlayfs: missing 'lowerdir' [ 117.240681][ T6091] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.241544][ T6091] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.631508][ T6087] sctp: failed to load transform for md5: -2 [ 119.294320][ T6091] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.301474][ T6091] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.807154][ T3588] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.820377][ T57] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.820424][ T57] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.820475][ T57] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.955059][ T6120] overlayfs: missing 'lowerdir' [ 123.889916][ T6142] Zero length message leads to an empty skb [ 124.356723][ T6151] overlayfs: missing 'lowerdir' [ 126.976356][ T57] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.387851][ T37] kauditd_printk_skb: 18 callbacks suppressed [ 127.387911][ T37] audit: type=1326 audit(1756821718.393:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1564ceebe9 code=0x7ffc0000 [ 127.388051][ T37] audit: type=1326 audit(1756821718.393:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1564ceebe9 code=0x7ffc0000 [ 128.456929][ T57] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.726296][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 128.756393][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 128.774965][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 128.776699][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 128.777306][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 129.206051][ T57] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.762385][ T57] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.900418][ T5845] Bluetooth: hci0: command tx timeout [ 132.013138][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.779817][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.813667][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.847968][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.881742][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.915013][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.957573][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.995240][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.033844][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.069346][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.102960][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.136294][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.174667][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.208375][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.244061][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.276662][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.316122][ C1] vkms_vblank_simulate: vblank timer overrun [ 133.354600][ T5845] Bluetooth: hci0: command tx timeout [ 135.398925][ C1] vkms_vblank_simulate: vblank timer overrun [ 139.213805][ T5845] Bluetooth: hci0: command tx timeout [ 140.116163][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 140.236150][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 141.754946][ T5846] Bluetooth: hci0: command tx timeout [ 145.604023][ C1] sched: DL replenish lagged too much [ 149.192813][ C1] wlan1: beacon TX faster than countdown (channel/color switch) completion [ 150.005980][ T6202] syz.4.73 (6202) used greatest stack depth: 18128 bytes left [ 176.349558][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 176.381859][ T5846] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 177.348920][ T5846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 177.365436][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 177.366353][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 181.717151][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 182.730161][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 182.739448][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 182.740697][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 182.741509][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 204.373521][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.391598][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 213.727316][ T5849] Bluetooth: hci3: command 0x0406 tx timeout [ 213.727570][ T5849] Bluetooth: hci2: command 0x0406 tx timeout [ 241.698803][ T5849] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 241.714111][ T5849] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 241.715341][ T5849] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 241.716794][ T5849] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 241.717555][ T5849] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 246.515344][ T5155] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 246.520951][ T5155] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 246.522872][ T5155] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 246.543589][ T5155] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 247.538061][ T5155] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 248.617390][ T5155] Bluetooth: hci4: command 0x0406 tx timeout [ 249.707551][ T5155] Bluetooth: hci6: command 0x0c39 tx timeout [ 251.929520][ T6264] Bluetooth: hci6: Opcode 0x0c39 failed: -110 [ 258.156954][ T60] Bluetooth: hci0: command 0x0406 tx timeout [ 264.693764][ T60] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 264.701322][ T60] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 264.702394][ T60] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 264.703568][ T60] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 264.704634][ T60] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 269.881095][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 269.898173][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 270.081752][ T5838] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 270.535185][ T5838] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 270.764991][ T5838] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 270.766924][ T5838] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 270.789332][ T5838] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 276.538475][ T5851] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 278.553263][ T60] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 279.569919][ T60] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 279.571317][ T60] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 279.571735][ T60] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 279.572903][ T60] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 279.573702][ T60] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 281.382638][ T6287] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 281.399545][ T6287] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 281.403055][ T6287] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 281.404524][ T6287] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 281.405677][ T6287] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 281.406115][ T6287] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 285.111385][ T6287] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 285.129396][ T6287] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 285.134147][ T6287] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 287.119412][ T6286] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 287.250397][ T6286] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 287.250834][ T6286] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 287.251233][ T6286] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 287.252387][ T6286] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 287.253133][ T6286] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 304.995483][ T60] Bluetooth: hci11: Opcode 0x0c03 failed: -110 [ 309.891559][ T38] INFO: task syz.3.76:6231 blocked for more than 144 seconds. [ 309.891596][ T38] Not tainted syzkaller #0 [ 309.891612][ T38] Blocked by coredump[ 309.891612][ T38] Blocked by coredump. [ 309.891617][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 309.891629][ T38] task:syz.3.76 state:D stack:28520 pid:6231 tgid:6227 ppid:5848 task_flags:0x40044c flags:0x00004004 [ 309.891696][ T38] Call Trace: [ 309.891702][ T38] [ 309.891716][ T38] __schedule+0x16f3/0x4c20 [ 309.891774][ T38] ? __lock_acquire+0xab9/0xd20 [ 309.891799][ T38] ? __pfx___schedule+0x10/0x10 [ 309.891837][ T38] ? schedule+0x91/0x360 [ 309.891860][ T38] schedule+0x165/0x360 [ 309.891883][ T38] schedule_timeout+0x9a/0x270 [ 309.891904][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 309.891937][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 309.891957][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.891977][ T38] ? wait_for_completion+0x267/0x5d0 [ 309.892000][ T38] wait_for_completion+0x2bf/0x5d0 [ 309.892035][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 309.892071][ T38] exit_aio+0x2f1/0x3b0 [ 309.892100][ T38] ? __pfx_exit_aio+0x10/0x10 [ 309.892134][ T38] ? uprobe_clear_state+0x280/0x2a0 [ 309.892152][ T38] ? mm_update_next_owner+0xa7/0x870 [ 309.892174][ T38] __mmput+0x68/0x3d0 [ 309.892199][ T38] exit_mm+0x1da/0x2c0 [ 309.892218][ T38] ? __pfx_exit_mm+0x10/0x10 [ 309.892238][ T38] ? rcu_is_watching+0x15/0xb0 [ 309.892268][ T38] do_exit+0x648/0x2300 [ 309.892285][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 309.892311][ T38] ? __lock_acquire+0xab9/0xd20 [ 309.892335][ T38] ? __pfx_do_exit+0x10/0x10 [ 309.892349][ T38] ? rt_mutex_slowunlock+0x493/0x8a0 [ 309.892370][ T38] ? rt_spin_lock+0x1bb/0x2c0 [ 309.892398][ T38] do_group_exit+0x21c/0x2d0 [ 309.892422][ T38] get_signal+0x125e/0x1310 [ 309.892468][ T38] arch_do_signal_or_restart+0x9a/0x750 [ 309.892496][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 309.892533][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 309.892560][ T38] exit_to_user_mode_loop+0x75/0x110 [ 309.892582][ T38] do_syscall_64+0x2bd/0x3b0 [ 309.892602][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.892631][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.892649][ T38] ? clear_bhb_loop+0x60/0xb0 [ 309.892671][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.892689][ T38] RIP: 0033:0x7f1564ceebe9 [ 309.892710][ T38] RSP: 002b:00007f1562f240e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 309.892728][ T38] RAX: fffffffffffffe00 RBX: 00007f1564f26098 RCX: 00007f1564ceebe9 [ 309.892741][ T38] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1564f26098 [ 309.892752][ T38] RBP: 00007f1564f26090 R08: 0000000000000000 R09: 0000000000000000 [ 309.892763][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.892773][ T38] R13: 00007f1564f26128 R14: 00007fff42cd82e0 R15: 00007fff42cd83c8 [ 309.892802][ T38] [ 309.892837][ T38] [ 309.892837][ T38] Showing all locks held in the system: [ 309.892846][ T38] 4 locks held by kworker/u8:0/12: [ 309.892857][ T38] 5 locks held by kworker/u8:1/13: [ 309.892865][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.892912][ T38] #1: ffffc90000127bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.892955][ T38] #2: ffff888060910898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 309.892999][ T38] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.893041][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.893084][ T38] 2 locks held by ksoftirqd/0/15: [ 309.893094][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.893135][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.893179][ T38] 2 locks held by rcuc/0/20: [ 309.893188][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.893229][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.893272][ T38] 2 locks held by rcuc/1/28: [ 309.893282][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.893324][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.893366][ T38] 7 locks held by ktimers/1/29: [ 309.893376][ T38] 2 locks held by ksoftirqd/1/30: [ 309.893385][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.893426][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.893468][ T38] 4 locks held by kworker/1:0/31: [ 309.893478][ T38] #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.893521][ T38] #1: ffffc90000a5fbc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.893564][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.893612][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.893656][ T38] 1 lock held by khungtaskd/38: [ 309.893666][ T38] #0: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 309.893708][ T38] 2 locks held by kworker/u8:2/43: [ 309.893717][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.893760][ T38] #1: ffffc90000b47bc0 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.893804][ T38] 6 locks held by kworker/u8:3/57: [ 309.893813][ T38] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.893855][ T38] #1: ffffc9000123fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.893897][ T38] #2: ffffffff8ecc5400 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 309.893941][ T38] #3: ffff8880370c20d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 309.893987][ T38] #4: ffff8880370c3300 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 309.894032][ T38] #5: ffffffff8ecd22f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0 [ 309.894075][ T38] 5 locks held by kworker/u8:4/58: [ 309.894084][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.894126][ T38] #1: ffffc9000124fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.894169][ T38] #2: ffff88805f8f0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 309.894210][ T38] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.894252][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.894296][ T38] 5 locks held by kworker/u8:5/84: [ 309.894305][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.894348][ T38] #1: ffffc9000159fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.894400][ T38] #2: ffff8880495c0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 309.894442][ T38] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.894483][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.894527][ T38] 5 locks held by kworker/u8:6/158: [ 309.894537][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.894579][ T38] #1: ffffc90003a5fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.894627][ T38] #2: ffff888060500898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 309.894668][ T38] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.894709][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.894750][ T38] 5 locks held by kworker/u8:7/177: [ 309.894760][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.894802][ T38] #1: ffffc900039afbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.894845][ T38] #2: ffff888060010898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 309.894885][ T38] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.894926][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.894971][ T38] 4 locks held by kworker/1:2/992: [ 309.894981][ T38] #0: ffff88805c8c1938 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.895028][ T38] #1: ffffc90004917bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.895082][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.895123][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.895168][ T38] 2 locks held by kworker/u8:8/1183: [ 309.895178][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.895220][ T38] #1: ffffc90004e87bc0 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.895263][ T38] 2 locks held by aoe_tx0/1324: [ 309.895273][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.895314][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.895369][ T38] 5 locks held by kworker/u8:9/3567: [ 309.895379][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.895421][ T38] #1: ffffc9000d697bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.895464][ T38] #2: ffff888048400898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 309.895506][ T38] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.895547][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.895590][ T38] 6 locks held by kworker/u8:10/3588: [ 309.895600][ T38] #0: ffff88802e7c1138 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.895648][ T38] #1: ffffc9000d797bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.895691][ T38] #2: ffff888035b455f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 309.895733][ T38] #3: ffff888021731928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 309.895773][ T38] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.895815][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.895857][ T38] 4 locks held by kworker/u8:11/4152: [ 309.895866][ T38] #0: ffff88805cbbb938 ((wq_completion)wg-kex-wg1#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.895913][ T38] #1: ffffc9000e3b7bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.895956][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.895997][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.896039][ T38] 4 locks held by kworker/u8:12/4546: [ 309.896049][ T38] #0: ffff8880360f9138 ((wq_completion)wg-kex-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.896094][ T38] #1: ffffc9000ef57bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.896137][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.896179][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.896221][ T38] 5 locks held by kworker/u9:1/5155: [ 309.896231][ T38] #0: ffff88803364e938 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.896274][ T38] #1: ffffc9000fbefbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.896316][ T38] #2: ffff888049470e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 309.896363][ T38] #3: ffff8880494700a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 309.896405][ T38] #4: ffffffff8ee39c78 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 309.896451][ T38] 3 locks held by udevd/5206: [ 309.896460][ T38] #0: ffff888032580350 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: netlink_insert+0xd3/0x1370 [ 309.896501][ T38] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.896543][ T38] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.896585][ T38] 2 locks held by dhcpcd/5501: [ 309.896595][ T38] #0: ffff8880255a8908 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 [ 309.896643][ T38] #1: ffffffff8ecd22f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200 [ 309.896685][ T38] 2 locks held by getty/5595: [ 309.896694][ T38] #0: ffff88823bf620a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 309.896739][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 309.896779][ T38] 3 locks held by syz-executor/5823: [ 309.896788][ T38] #0: ffff8880239d9290 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_recvmsg+0xd3/0x560 [ 309.896830][ T38] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.896871][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.896913][ T38] 3 locks held by syz-executor/5836: [ 309.896923][ T38] #0: ffff88805a02ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 309.896963][ T38] #1: ffff88805a02c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 309.897005][ T38] #2: ffffffff8ee39c78 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 309.897122][ T38] 4 locks held by kworker/u9:2/5838: [ 309.897135][ T38] #0: ffff888030be3138 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.897182][ T38] #1: ffffc90004bc7bc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.897225][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.897272][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.897311][ T38] 6 locks held by kworker/u9:3/5841: [ 309.897321][ T38] #0: ffff888028d9c138 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.897366][ T38] #1: ffffc90004be7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.897408][ T38] #2: ffff8880359ace80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 309.897454][ T38] #3: ffff8880359ac0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 309.897497][ T38] #4: ffffffff8ee39c78 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 309.897542][ T38] #5: ffff888028f91358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 309.897600][ T38] 4 locks held by kworker/u9:4/5845: [ 309.897611][ T38] #0: ffff888028d9d138 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.897655][ T38] #1: ffffc90004c27bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.897841][ T38] #2: ffff888035e94e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 309.897878][ T38] #3: ffff888035e940a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 309.897922][ T38] 4 locks held by kworker/u9:5/5846: [ 309.897933][ T38] #0: ffff88803d85a938 ((wq_completion)hci5#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.897983][ T38] #1: ffffc90004c37bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.898026][ T38] #2: ffff888028dd40a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 [ 309.898071][ T38] #3: ffffffff8ee39c78 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 [ 309.898114][ T38] 5 locks held by kworker/u9:6/5849: [ 309.898125][ T38] #0: ffff888026528138 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.898169][ T38] #1: ffffc90004c57bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.898213][ T38] #2: ffff88805a038e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 309.898258][ T38] #3: ffff88805a0380a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 309.898299][ T38] #4: ffffffff8ee39c78 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 309.898347][ T38] 4 locks held by kworker/u9:7/5851: [ 309.898358][ T38] #0: ffff88803cef6138 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.898407][ T38] #1: ffffc90004c77bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.898452][ T38] #2: ffff888061cc40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 309.898495][ T38] #3: ffffffff8ee39c78 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 309.898538][ T38] 2 locks held by kworker/R-wg-cr/5876: [ 309.898549][ T38] 4 locks held by kworker/R-wg-cr/5879: [ 309.898559][ T38] #0: ffff88805cbc8138 ((wq_completion)wg-crypt-wg1#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.898711][ T38] #1: ffffc90004db7ba0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.898754][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.898795][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.898838][ T38] 2 locks held by kworker/R-wg-cr/5880: [ 309.898849][ T38] 4 locks held by kworker/R-wg-cr/5884: [ 309.898859][ T38] #0: ffff88805c8c3d38 ((wq_completion)wg-crypt-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.898905][ T38] #1: ffffc90004e07ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.898958][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.898998][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.899041][ T38] 2 locks held by napi/wg1-0/5903: [ 309.899051][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.899091][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.899133][ T38] 6 locks held by kworker/0:4/5909: [ 309.899142][ T38] #0: ffff88805cbfc138 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.899188][ T38] #1: ffffc90004f67bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.899240][ T38] #2: ffff888035d855f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 309.899282][ T38] #3: ffff888023b7a3c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 309.899322][ T38] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.899362][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.899404][ T38] 2 locks held by napi/wg1-0/5910: [ 309.899414][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.899454][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.899497][ T38] 4 locks held by kworker/1:4/5924: [ 309.899507][ T38] #0: ffff88805cbee538 ((wq_completion)wg-kex-wg2#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.899551][ T38] #1: ffffc90005117bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.899615][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.899655][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.899696][ T38] 4 locks held by kworker/1:5/5925: [ 309.899706][ T38] #0: ffff88805cbfc138 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.899750][ T38] #1: ffffc90005127bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.899815][ T38] #2: ffff888035d855f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 309.899854][ T38] #3: ffff888023b7a3c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4de/0x900 [ 309.899894][ T38] 2 locks held by napi/wg2-0/5926: [ 309.899903][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.899952][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.899994][ T38] 4 locks held by kworker/1:7/6019: [ 309.900004][ T38] #0: ffff88805cbfc538 ((wq_completion)wg-crypt-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.900049][ T38] #1: ffffc90005397bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.900101][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.900141][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.900182][ T38] 4 locks held by kworker/1:9/6105: [ 309.900192][ T38] 2 locks held by syz-executor/6178: [ 309.900201][ T38] #0: ffffffff8ecc5400 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 309.900239][ T38] #1: ffffffff8ecd22f8 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 309.900276][ T38] 5 locks held by kworker/u8:13/6211: [ 309.900285][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.900327][ T38] #1: ffffc9000600fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.900369][ T38] #2: ffff888060270898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 309.900411][ T38] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.900450][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.900492][ T38] 5 locks held by kworker/u8:14/6212: [ 309.900501][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.900561][ T38] #1: ffffc9000614fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.900614][ T38] #2: ffff88805f8e0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 309.900655][ T38] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.900694][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.900735][ T38] 3 locks held by kworker/u8:15/6213: [ 309.900745][ T38] #0: ffff888030331138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.900786][ T38] #1: ffffc9000615fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.900828][ T38] #2: ffffffff8ecd22f8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 309.900868][ T38] 6 locks held by kworker/u8:16/6214: [ 309.900877][ T38] #0: ffff888031ac1138 ((wq_completion)wg-kex-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.900935][ T38] #1: ffffc9000616fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.900977][ T38] #2: ffff88805c4a55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 309.901016][ T38] #3: ffff888021730e90 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 309.901055][ T38] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.901095][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.901136][ T38] 4 locks held by kworker/0:6/6216: [ 309.901145][ T38] #0: ffff88805c8c1d38 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.901190][ T38] #1: ffffc9000617fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.901231][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.901272][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.901313][ T38] 6 locks held by kworker/u8:18/6217: [ 309.901322][ T38] #0: ffff8880360ae938 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.901366][ T38] #1: ffffc900060ffbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.901408][ T38] #2: ffff88805d1055f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 309.901447][ T38] #3: ffff888021736350 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 309.901485][ T38] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.901525][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.901566][ T38] 4 locks held by kworker/0:7/6218: [ 309.901575][ T38] #0: ffff88805cbee538 ((wq_completion)wg-kex-wg2#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.901626][ T38] #1: ffffc9000618fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.901677][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.901726][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.901768][ T38] 4 locks held by kworker/u8:20/6220: [ 309.901777][ T38] #0: ffff88802e7c3138 ((wq_completion)wg-kex-wg2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.901819][ T38] #1: ffffc9000619fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.901860][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.901901][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.901942][ T38] 4 locks held by kworker/0:9/6225: [ 309.901951][ T38] #0: ffff888033fca938 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.901992][ T38] #1: ffffc900061bfbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.902034][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.902074][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.902115][ T38] 4 locks held by kworker/0:10/6226: [ 309.902125][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.902165][ T38] #1: ffffc900061dfbc0 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.902207][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.902247][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.902288][ T38] 7 locks held by kworker/u8:21/6229: [ 309.902298][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.902339][ T38] #1: ffffc9000620fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.902381][ T38] #2: ffff88805ec21300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 309.902429][ T38] #3: ffff88805eba2120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 309.902470][ T38] #4: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 309.902509][ T38] #5: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.902549][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.902597][ T38] 4 locks held by kworker/0:12/6233: [ 309.902606][ T38] #0: ffff88805cbd4d38 ((wq_completion)wg-kex-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.902651][ T38] #1: ffffc90005eb7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.902716][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.902755][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.902795][ T38] 4 locks held by kworker/0:13/6238: [ 309.902804][ T38] #0: ffff88805cbd6d38 ((wq_completion)wg-kex-wg1#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.902848][ T38] #1: ffffc900068e7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.902900][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.902940][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.902981][ T38] 3 locks held by dhcpcd/6240: [ 309.902990][ T38] #0: ffff88805fdb8278 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 309.903031][ T38] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.903069][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.903108][ T38] 3 locks held by dhcpcd/6241: [ 309.903118][ T38] #0: ffff88805fdb9d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 309.903158][ T38] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.903196][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.903235][ T38] 4 locks held by kworker/1:11/6243: [ 309.903244][ T38] #0: ffff88805cbcad38 ((wq_completion)wg-kex-wg0#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.903288][ T38] #1: ffffc90005fefbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.903340][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.903379][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.903420][ T38] 2 locks held by kworker/1:12/6244: [ 309.903429][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.903470][ T38] #1: ffffc90005fdfbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.903510][ T38] 4 locks held by kworker/1:13/6245: [ 309.903520][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.903561][ T38] #1: ffffc90005fcfbc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.903696][ T38] #2: ffffffff8ecd22f8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 [ 309.903746][ T38] #3: ffff888048400898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x164/0xf30 [ 309.903792][ T38] 6 locks held by kworker/1:14/6246: [ 309.903804][ T38] #0: ffff88805c6a9538 ((wq_completion)wg-kex-wg0#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.903852][ T38] #1: ffffc90006587bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.903909][ T38] #2: ffff88805c84d5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 309.903952][ T38] #3: ffff88803b6e9928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 309.903994][ T38] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.904026][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.904051][ T38] 2 locks held by kworker/1:15/6247: [ 309.904058][ T38] 1 lock held by dhcpcd/6248: [ 309.904064][ T38] #0: ffff88805fdbb878 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 309.904091][ T38] 4 locks held by kworker/1:16/6252: [ 309.904102][ T38] #0: ffff888033fca938 ((wq_completion)wg-crypt-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.904142][ T38] #1: ffffc9000603fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.904188][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.904231][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.904275][ T38] 4 locks held by kworker/1:18/6254: [ 309.904285][ T38] #0: ffff88805cbd4d38 ((wq_completion)wg-kex-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.904332][ T38] #1: ffffc90005f9fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.904385][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.904426][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.904469][ T38] 4 locks held by kworker/1:19/6255: [ 309.904479][ T38] #0: ffff88805c8c3938 ((wq_completion)wg-kex-wg1#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.904526][ T38] #1: ffffc90005f57bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.904580][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.904629][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.904673][ T38] 4 locks held by kworker/u8:24/6259: [ 309.904683][ T38] #0: ffff888035344938 ((wq_completion)wg-kex-wg2#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.904729][ T38] #1: ffffc90005bdfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.904773][ T38] #2: ffff888035d855f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 309.904815][ T38] #3: ffff888023b7a3c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 309.904856][ T38] 4 locks held by kworker/u8:25/6262: [ 309.904865][ T38] #0: ffff8880360aa938 ((wq_completion)wg-kex-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.904911][ T38] #1: ffffc90005ef7bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.904954][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.904995][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.905036][ T38] 6 locks held by kworker/u8:26/6266: [ 309.905045][ T38] #0: ffff88805cbb9938 ((wq_completion)wg-kex-wg0#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.905092][ T38] #1: ffffc90005f17bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.905134][ T38] #2: ffff88802ff5d5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 309.905174][ T38] #3: ffff888023b78e90 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 309.905213][ T38] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.905253][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.905297][ T38] 2 locks held by kworker/u8:27/6268: [ 309.905308][ T38] 3 locks held by dhcpcd/6270: [ 309.905317][ T38] #0: ffff8880230de350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 309.905359][ T38] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.905400][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.905442][ T38] 3 locks held by dhcpcd/6274: [ 309.905452][ T38] #0: ffff888019926350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 309.905490][ T38] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.905529][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.905571][ T38] 3 locks held by syz-executor/6275: [ 309.905581][ T38] #0: ffff88803981c350 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: netlink_insert+0xd3/0x1370 [ 309.905628][ T38] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.905669][ T38] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.905711][ T38] 4 locks held by syz-executor/6279: [ 309.905720][ T38] #0: ffff88803aff7538 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 309.905761][ T38] #1: ffff88805f1e1350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x5b/0x520 [ 309.905805][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.905839][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.905880][ T38] 1 lock held by dhcpcd/6280: [ 309.905889][ T38] #0: ffff888037bda350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 309.905928][ T38] 5 locks held by syz-executor/6282: [ 309.905938][ T38] #0: ffff88803aff1d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 309.905980][ T38] #1: ffff8880300893e8 (&u->lock){+.+.}-{3:3}, at: unix_release_sock+0x411/0xd60 [ 309.906018][ T38] #2: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 309.906058][ T38] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.906098][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.906139][ T38] 4 locks held by syz-executor/6284: [ 309.906148][ T38] #0: ffff88803d59e0f8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 309.906189][ T38] #1: ffff888036598350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x5b/0x520 [ 309.906231][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.906272][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.906313][ T38] 4 locks held by kworker/u9:8/6286: [ 309.906322][ T38] #0: ffff888031d1a138 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.906367][ T38] #1: ffffc90005e87bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.906409][ T38] #2: ffff8880791540a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 309.906447][ T38] #3: ffffffff8ee39c78 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 309.906487][ T38] 4 locks held by kworker/u9:9/6287: [ 309.906496][ T38] #0: ffff888038ee6938 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.906541][ T38] #1: ffffc90005c3fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.906581][ T38] #2: ffff888069e200a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 309.906624][ T38] #3: ffffffff8ee39c78 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 309.906664][ T38] 4 locks held by kworker/u8:29/6290: [ 309.906674][ T38] #0: ffff88802e7c1138 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.906715][ T38] #1: ffffc90005927bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.906752][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.906791][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.906833][ T38] 4 locks held by kworker/u8:30/6293: [ 309.906842][ T38] #0: ffff8880360aa938 ((wq_completion)wg-kex-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.906880][ T38] #1: ffffc900058f7bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.906916][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.906955][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.906997][ T38] 7 locks held by kworker/u8:31/6294: [ 309.907007][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.907048][ T38] #1: ffffc90005967bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.907090][ T38] #2: ffff88805e802300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 309.907139][ T38] #3: ffff88805e780520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 309.907181][ T38] #4: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 309.907219][ T38] #5: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.907259][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.907299][ T38] 7 locks held by kworker/u8:32/6295: [ 309.907309][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 309.907350][ T38] #1: ffffc90005bffbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 309.907392][ T38] #2: ffff888021347300 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 309.907438][ T38] #3: ffff88805e59dd20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 309.907480][ T38] #4: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 309.907517][ T38] #5: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 309.907557][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 309.907598][ T38] 6 locks held by kworker/u8:33/6297: [ 310.049395][ T38] #0: ffff88805cbbb938 ((wq_completion)wg-kex-wg1#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 310.049463][ T38] #1: ffffc90005c5fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 310.049508][ T38] #2: ffff88805d1c15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 310.049569][ T38] #3: ffff88805f0083f8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 310.049606][ T38] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 310.049649][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 310.049693][ T38] 6 locks held by kworker/u8:35/6299: [ 310.049702][ T38] #0: ffff88802e7c3138 ((wq_completion)wg-kex-wg2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 310.049742][ T38] #1: ffffc90005907bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 310.049785][ T38] #2: ffff88805c7515f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 310.049825][ T38] #3: ffff8880217323c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 310.049875][ T38] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 310.049915][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 310.049958][ T38] 6 locks held by kworker/u8:36/6300: [ 310.049968][ T38] #0: ffff8880360f9138 ((wq_completion)wg-kex-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 310.050021][ T38] #1: ffffc900058d7bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 310.050063][ T38] #2: ffff88805c84d5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 310.050104][ T38] #3: ffff888021732e58 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 310.050144][ T38] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 310.050186][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 310.050230][ T38] 4 locks held by kworker/u9:10/6304: [ 310.050240][ T38] #0: ffff8880235b9138 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 310.050285][ T38] #1: ffffc900058c7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 310.050327][ T38] #2: ffff888073f980a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 310.050369][ T38] #3: ffffffff8ee39c78 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 310.050409][ T38] 3 locks held by syz-executor/6305: [ 310.050419][ T38] #0: ffff888024155350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_ioctl+0x247/0x910 [ 310.050464][ T38] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 310.050505][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 310.050548][ T38] 3 locks held by syz-executor/6309: [ 310.050561][ T38] [ 310.050566][ T38] ============================================= [ 310.050566][ T38] [ 310.050589][ T38] NMI backtrace for cpu 0 [ 310.050618][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 310.050666][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 310.050689][ T38] Call Trace: [ 310.050703][ T38] [ 310.050720][ T38] dump_stack_lvl+0x189/0x250 [ 310.050787][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.050845][ T38] ? __pfx__printk+0x10/0x10 [ 310.050876][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 310.050899][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 310.050920][ T38] ? __pfx__printk+0x10/0x10 [ 310.050943][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 310.050968][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 310.050989][ T38] watchdog+0xf93/0xfe0 [ 310.051015][ T38] ? watchdog+0x1de/0xfe0 [ 310.051040][ T38] kthread+0x711/0x8a0 [ 310.051067][ T38] ? __pfx_watchdog+0x10/0x10 [ 310.051086][ T38] ? __pfx_kthread+0x10/0x10 [ 310.051113][ T38] ? __pfx_kthread+0x10/0x10 [ 310.051137][ T38] ret_from_fork+0x3f9/0x770 [ 310.051161][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 310.051187][ T38] ? __switch_to_asm+0x39/0x70 [ 310.051202][ T38] ? __switch_to_asm+0x33/0x70 [ 310.051216][ T38] ? __pfx_kthread+0x10/0x10 [ 310.051239][ T38] ret_from_fork_asm+0x1a/0x30 [ 310.051270][ T38] [ 310.051276][ T38] Sending NMI from CPU 0 to CPUs 1: [ 310.051302][ C1] NMI backtrace for cpu 1 [ 310.051318][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 310.051356][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 310.051375][ C1] RIP: 0010:lock_acquire+0x8d/0x360 [ 310.051405][ C1] Code: f6 05 b9 60 6b 0d 01 0f 84 d7 01 00 00 83 3d 79 68 81 0d 00 0f 84 f0 00 00 00 48 8b b4 24 90 00 00 00 4c 89 ef e8 a3 78 81 00 <83> 3d 5c 68 81 0d 00 0f 84 fa 00 00 00 65 8b 05 bf 2d 5a 10 85 c0 [ 310.051418][ C1] RSP: 0018:ffffc90000a3e318 EFLAGS: 00000202 [ 310.051432][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 6181191516e39e00 [ 310.051443][ C1] RDX: 0000000000000000 RSI: ffffffff8172b182 RDI: 1ffffffff1b35178 [ 310.051454][ C1] RBP: ffffffff8172b165 R08: 0000000000000000 R09: 0000000000000000 [ 310.051464][ C1] R10: ffffc90000a3e4d8 R11: ffffffff81aae2b0 R12: 0000000000000002 [ 310.051475][ C1] R13: ffffffff8d9a8bc0 R14: 0000000000000000 R15: 0000000000000000 [ 310.051486][ C1] FS: 0000000000000000(0000) GS:ffff8881269c2000(0000) knlGS:0000000000000000 [ 310.051499][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 310.051510][ C1] CR2: 00007f276ee95000 CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 310.051525][ C1] Call Trace: [ 310.051531][ C1] [ 310.051540][ C1] ? unwind_next_frame+0xa5/0x2390 [ 310.051563][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 310.051582][ C1] ? unwind_next_frame+0xa5/0x2390 [ 310.051607][ C1] unwind_next_frame+0xc2/0x2390 [ 310.051626][ C1] ? unwind_next_frame+0xa5/0x2390 [ 310.051649][ C1] ? unwind_next_frame+0xa5/0x2390 [ 310.051669][ C1] ? kasan_save_track+0x3e/0x80 [ 310.051688][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 310.051706][ C1] arch_stack_walk+0x11c/0x150 [ 310.051732][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 310.051752][ C1] stack_trace_save+0x9c/0xe0 [ 310.051767][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 310.051782][ C1] ? do_raw_spin_lock+0x121/0x290 [ 310.051806][ C1] kasan_save_track+0x3e/0x80 [ 310.051822][ C1] ? kasan_save_track+0x3e/0x80 [ 310.051837][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 310.051878][ C1] ? ref_tracker_alloc+0x13b/0x450 [ 310.051900][ C1] __kasan_kmalloc+0x93/0xb0 [ 310.051918][ C1] __kmalloc_cache_noprof+0x1a8/0x320 [ 310.051940][ C1] ? ref_tracker_alloc+0x13b/0x450 [ 310.051962][ C1] ref_tracker_alloc+0x13b/0x450 [ 310.051983][ C1] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 310.052009][ C1] ? dst_alloc+0x105/0x170 [ 310.052031][ C1] ? dst_alloc+0x105/0x170 [ 310.052054][ C1] dst_init+0xd9/0x450 [ 310.052077][ C1] dst_alloc+0x12a/0x170 [ 310.052100][ C1] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 310.052128][ C1] ? ip_route_output_key_hash+0xde/0x2e0 [ 310.052152][ C1] ip_route_output_key_hash+0x1b9/0x2e0 [ 310.052173][ C1] ? __lock_acquire+0xab9/0xd20 [ 310.052193][ C1] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 310.052218][ C1] ? ip_route_me_harder+0x4ad/0x1030 [ 310.052239][ C1] ip_route_output_flow+0x2a/0x150 [ 310.052259][ C1] ? ip_route_me_harder+0x6c0/0x1030 [ 310.052275][ C1] ip_route_me_harder+0x6d2/0x1030 [ 310.052297][ C1] ? __pfx_ip_route_me_harder+0x10/0x10 [ 310.052327][ C1] synproxy_send_tcp+0x359/0x6c0 [ 310.052352][ C1] synproxy_send_client_synack+0x8bb/0xe20 [ 310.052378][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 310.052398][ C1] ? nft_osf_init+0x68/0x240 [ 310.052418][ C1] ? synproxy_pernet+0x45/0x270 [ 310.052443][ C1] nft_synproxy_eval_v4+0x36e/0x560 [ 310.052468][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 310.052491][ C1] ? nf_ip_checksum+0x13c/0x510 [ 310.052516][ C1] nft_synproxy_do_eval+0x345/0x570 [ 310.052541][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 310.052571][ C1] nft_do_chain+0x409/0x1920 [ 310.052598][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 310.052620][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 310.052644][ C1] ? call_timer_fn+0x17b/0x5f0 [ 310.052664][ C1] ? __run_timer_base+0x648/0x970 [ 310.052680][ C1] ? run_timer_softirq+0xb7/0x180 [ 310.052696][ C1] ? handle_softirqs+0x22c/0x710 [ 310.052729][ C1] nft_do_chain_inet+0x25d/0x340 [ 310.052750][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 310.052771][ C1] ? __lock_acquire+0xab9/0xd20 [ 310.052795][ C1] ? NF_HOOK+0x9a/0x3a0 [ 310.052813][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 310.052835][ C1] nf_hook_slow+0xc5/0x220 [ 310.052856][ C1] NF_HOOK+0x206/0x3a0 [ 310.052875][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 310.052893][ C1] ? NF_HOOK+0x9a/0x3a0 [ 310.052910][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 310.052926][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 310.052946][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 310.052965][ C1] ? skb_dst+0x4f/0xd0 [ 310.052983][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 310.053002][ C1] NF_HOOK+0x30c/0x3a0 [ 310.053021][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 310.053038][ C1] ? NF_HOOK+0x9a/0x3a0 [ 310.053055][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 310.053073][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 310.053096][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 310.053113][ C1] __netif_receive_skb+0x143/0x380 [ 310.053129][ C1] ? rt_spin_unlock+0x65/0x80 [ 310.053147][ C1] ? process_backlog+0x27b/0x900 [ 310.053164][ C1] process_backlog+0x31e/0x900 [ 310.053187][ C1] __napi_poll+0xb6/0x540 [ 310.053206][ C1] net_rx_action+0x707/0xe00 [ 310.053232][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 310.053257][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 310.053280][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 310.053312][ C1] handle_softirqs+0x22c/0x710 [ 310.053335][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 310.053358][ C1] run_ktimerd+0xcf/0x190 [ 310.053378][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 310.053396][ C1] ? schedule+0x91/0x360 [ 310.053418][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 310.053437][ C1] smpboot_thread_fn+0x542/0xa60 [ 310.053456][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 310.053478][ C1] kthread+0x711/0x8a0 [ 310.053500][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 310.053518][ C1] ? __pfx_kthread+0x10/0x10 [ 310.053541][ C1] ? __pfx_kthread+0x10/0x10 [ 310.053562][ C1] ret_from_fork+0x3f9/0x770 [ 310.053582][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 310.053612][ C1] ? __switch_to_asm+0x39/0x70 [ 310.053626][ C1] ? __switch_to_asm+0x33/0x70 [ 310.053640][ C1] ? __pfx_kthread+0x10/0x10 [ 310.053661][ C1] ret_from_fork_asm+0x1a/0x30 [ 310.053684][ C1] [ 310.054304][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 310.054318][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 310.054337][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 310.054346][ T38] Call Trace: [ 310.054353][ T38] [ 310.054360][ T38] dump_stack_lvl+0x99/0x250 [ 310.054384][ T38] ? __asan_memcpy+0x40/0x70 [ 310.054403][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.054425][ T38] ? __pfx__printk+0x10/0x10 [ 310.054455][ T38] vpanic+0x281/0x750 [ 310.054481][ T38] ? __pfx_vpanic+0x10/0x10 [ 310.054500][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 310.054518][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 310.054549][ T38] panic+0xb9/0xc0 [ 310.054570][ T38] ? __pfx_panic+0x10/0x10 [ 310.054595][ T38] ? irq_work_queue+0xc3/0x140 [ 310.054618][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 310.054640][ T38] watchdog+0xfd2/0xfe0 [ 310.054664][ T38] ? watchdog+0x1de/0xfe0 [ 310.054690][ T38] kthread+0x711/0x8a0 [ 310.054720][ T38] ? __pfx_watchdog+0x10/0x10 [ 310.054739][ T38] ? __pfx_kthread+0x10/0x10 [ 310.054767][ T38] ? __pfx_kthread+0x10/0x10 [ 310.054790][ T38] ret_from_fork+0x3f9/0x770 [ 310.054814][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 310.054846][ T38] ? __switch_to_asm+0x39/0x70 [ 310.054861][ T38] ? __switch_to_asm+0x33/0x70 [ 310.054876][ T38] ? __pfx_kthread+0x10/0x10 [ 310.054899][ T38] ret_from_fork_asm+0x1a/0x30 [ 310.054930][ T38] [ 310.055251][ T38] Kernel Offset: disabled