last executing test programs: 1.909094107s ago: executing program 2 (id=3): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0xffffffffffffffff, 0x9b, 0xdf, 0x9b72, 0x2, 0xd) mmap$auto(0x4000000, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x1) timer_create$auto(0x0, &(0x7f0000000140)={@sival_ptr=0x0, @inferred, 0x1, @_tid=0xffffffffffffffff}, &(0x7f0000000200)=0x1000004) timer_settime$auto(0x0, 0x8, &(0x7f0000000040)={{0x0, 0xd3}, {0x1000}}, &(0x7f0000000100)={{0xa04, 0x4}, {0x9, 0x7ff}}) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0xfffffffa) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/devices/virtual/block/loop11/mq/0/nr_tags\x00', 0x8300, 0x0) read$auto(r0, 0x0, 0x400000000020) 1.725839811s ago: executing program 2 (id=5): mmap$auto(0x2, 0x400004, 0xdf, 0x9b72, 0x2, 0x61) setrlimit$auto(0x1000000007, 0x0) socket(0x2a, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0x2505}, 0x7fe}, 0x4, 0x1000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYRES64=r0, @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x48000) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vkms/drm/card1/card1-Writeback-1/modes\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'veth0_to_hsr\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'virt_wifi0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'nr0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'geneve0\x00'}) signalfd$auto(r2, &(0x7f0000000380)={0x9}, 0xe7) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) r3 = pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, r3, 0x8000) r4 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_GET_CONTEXT_ID(r4, 0x7b3, 0x0) r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r5, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, 0x0) 1.289214068s ago: executing program 2 (id=6): sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xd021) 1.275811007s ago: executing program 1 (id=2): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669", 0x14) 1.044089976s ago: executing program 2 (id=7): mmap$auto(0xfffffffffffffffd, 0x40000a, 0x200, 0x9b74, 0xffffffffffffffff, 0x2) socket(0x29, 0x5, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/cpu/kernel_max\x00', 0x200, 0x0) read$auto(0x3, 0x0, 0xf34) write$auto(0x3, 0x0, 0x100082) write$auto(0x3, 0x0, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptyzf\x00', 0x2200, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x0) prctl$auto_PR_SET_MM_ARG_END(0x9, 0x9, 0x0, 0xd, 0x13) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0xcf}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0xb}) ioctl$auto_UI_DEV_CREATE(r1, 0x5501, 0x0) writev$auto(r1, &(0x7f0000000340)={0x0, 0xda7e}, 0x9) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x41, 0x80) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2482, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop2\x00', 0x19d2c2, 0x0) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PHY_GET(r0, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="00000000000000eb000000000000"], 0x14}, 0x1, 0x1000000, 0x0, 0x2404c012}, 0x80) mmap$auto(0x40100, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) semctl$auto(0x1ff, 0x2, 0x13, 0x1) mmap$auto(0x6, 0x2, 0x3, 0x18, 0xffffffffffffffff, 0x4) 1.044005295s ago: executing program 0 (id=1): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r0, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000005c0), 0xffffffffffffffff) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000540)={"ef13a5421a8765cadfca436c4d13dd823843180bb151e936e8ce6cb454168d6c", 0x3ff, 0x4, 0x1000, 0x2, 0x200000000000000d}) ioctl$auto_BLKTRACESTART(r1, 0x1274, 0x0) 984.650741ms ago: executing program 1 (id=8): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20000800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 792.276558ms ago: executing program 3 (id=4): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\x80\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\x00\x0e\v9\xb5j\x00\x04\xc8\x1fa\x1c\x1a\x05 \xfdr/D\xbf\x98\x06\xe5\xf6\x8d\x1fX\xe5\xbc\xbc\"}$', 0x7fffffff) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)) 706.076552ms ago: executing program 0 (id=9): r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x900, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vkms/graphics/fb0/bits_per_pixel\x00', 0x82942, 0x0) sendfile$auto(r1, r1, 0x0, 0x200) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) socket(0x2, 0x1, 0x0) ioctl$auto_SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000001580)) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x6, 0x80003, 0xfff) msgsnd$auto(0x54, &(0x7f0000000080)={0x4, 0x3}, 0x7, 0x2) semtimedop$auto(0x0, &(0x7f0000000040)={0xd, 0x81, 0x5}, 0x7, 0x0) 144.708011ms ago: executing program 1 (id=10): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/net/eql/statistics/tx_carrier_errors\x00', 0x800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000000)=""/45, 0x2d) pipe2$auto(&(0x7f00000000c0), 0x0) writev$auto(0xca, &(0x7f0000000080)={&(0x7f00000000c0), 0x2}, 0x2000000000000003) prctl$auto_PR_SME_SET_VL(0x3f, 0x7, 0x7, 0x3, 0x7) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000004ec0), 0xffffffffffffffff) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmsg$auto_L2TP_CMD_NOOP(r2, &(0x7f0000004fc0)={0x0, 0x0, &(0x7f0000004f80)={&(0x7f0000004f00)={0x14, r3, 0x1, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000000080)='\t', 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1c, r5, 0xf234609f6d79638b, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000080}, 0x40000) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/kvm_intel/parameters/vmentry_l1d_flush\x00', 0x82942, 0x0) sendfile$auto(r8, r8, 0x0, 0x200) 0s ago: executing program 2 (id=11): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/config/target/dbroot\x00', 0x2001, 0x0) msgctl$auto_IPC_INFO(0xfffffff7, 0x3, &(0x7f0000000600)={{0x81, 0x0, 0x0, 0x8215, 0xae5, 0x3ff, 0x16}, 0x0, &(0x7f00000005c0)=0xd9, 0x2, 0x3, 0x9, 0x7, 0x101, 0x3, 0xe, 0x8, @raw=0x2, @raw=0x2}) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d40), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010028bd7000ffdadf2506e18f3a1ceafc1919ca613552f90f87000000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000) r2 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xa, 0x3, 0xb, 0x5, 0x1ffde, 0x3, 0x6, 0x2, 0x6c8, 0x5, 0x20000000003, 0x5, 0xb0, 0x7, 0x10000002, 0x3, 0x5, 0x7, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmsg$auto_BATADV_CMD_GET_ROUTING_ALGOS(r2, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x50, r3, 0x10, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xffff}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xe462}, @BATADV_ATTR_FLAG_BEST={0x4}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}, @BATADV_ATTR_BANDWIDTH_UP={0x8, 0x1b, 0xffffffa7}, @BATADV_ATTR_DAT_CACHE_VID={0x6, 0x25, 0x9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x101}, @BATADV_ATTR_TT_VID={0x6, 0x14, 0x40}]}, 0x50}}, 0x4000000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xc20f0000, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x8) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="3b3d2abd7000fcdbdf25020000000a000900bbbbbbbbbbbb0000eaaeb87306be9a3cd848b9595c95826c1f515d1e64b2ee9478f79440cf06d3189ceff6367d95eabec9787847055f46ff046a8b0edbcd2c635c16de58400cdcdc30040c809b316f5a9fc08e2af2d49f254688d3c1ef1a3700eedb6dccb41126b36a65d033a4507c3a3a0130e2f351bafd7c94003f0ad2a1a6db5b2678976ae58cd093a7deb08d5f349ac57336717c0247e8"], 0x20}}, 0x80) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000540)='/proc/irq/10/effective_affinity_list\x00', 0x11000, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7ffffffff000}, 0x7) write$auto(r0, &(0x7f0000000000)='/sys/kernel/config/target/dbroot\x00', 0x63) futex$auto(&(0x7f0000000040)=0x42af, 0x9, 0x9, &(0x7f0000000080)={0x0, 0xfffffffffffffffe}, &(0x7f00000000c0)=0xc4, 0x7) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. [ 87.017683][ T5821] cgroup: Unknown subsys name 'net' [ 87.126697][ T5821] cgroup: Unknown subsys name 'cpuset' [ 87.135742][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 89.026127][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.357940][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.366683][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.374889][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.383705][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.388674][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.391755][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.406337][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.423729][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.443368][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.444431][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.463208][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.471061][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.483726][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.483944][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.491595][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.508530][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.515763][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.524977][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.534669][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.543831][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.836028][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 92.104812][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.112075][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.120186][ T5832] bridge_slave_0: entered allmulticast mode [ 92.127608][ T5832] bridge_slave_0: entered promiscuous mode [ 92.236754][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.253047][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.260312][ T5832] bridge_slave_1: entered allmulticast mode [ 92.286230][ T5832] bridge_slave_1: entered promiscuous mode [ 92.390167][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 92.449895][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 92.479927][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.536352][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.699521][ T5832] team0: Port device team_slave_0 added [ 92.706075][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 92.723302][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.730484][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.738200][ T5830] bridge_slave_0: entered allmulticast mode [ 92.746660][ T5830] bridge_slave_0: entered promiscuous mode [ 92.756877][ T5832] team0: Port device team_slave_1 added [ 92.763148][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.770292][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.777732][ T5830] bridge_slave_1: entered allmulticast mode [ 92.785931][ T5830] bridge_slave_1: entered promiscuous mode [ 92.880886][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.888138][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.895827][ T5831] bridge_slave_0: entered allmulticast mode [ 92.904979][ T5831] bridge_slave_0: entered promiscuous mode [ 92.946322][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.956482][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.968975][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.976407][ T5831] bridge_slave_1: entered allmulticast mode [ 92.983979][ T5831] bridge_slave_1: entered promiscuous mode [ 92.991249][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.998256][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.024535][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.044932][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.068349][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.075470][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.101801][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.146246][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.195328][ T5830] team0: Port device team_slave_0 added [ 93.204968][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.243709][ T5830] team0: Port device team_slave_1 added [ 93.274113][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.281647][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.290085][ T5839] bridge_slave_0: entered allmulticast mode [ 93.297275][ T5839] bridge_slave_0: entered promiscuous mode [ 93.336480][ T5831] team0: Port device team_slave_0 added [ 93.347788][ T5832] hsr_slave_0: entered promiscuous mode [ 93.354277][ T5832] hsr_slave_1: entered promiscuous mode [ 93.361063][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.369163][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.376527][ T5839] bridge_slave_1: entered allmulticast mode [ 93.384447][ T5839] bridge_slave_1: entered promiscuous mode [ 93.405063][ T5831] team0: Port device team_slave_1 added [ 93.411674][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.418795][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.445084][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.503566][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.510581][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.537366][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.548511][ T5846] Bluetooth: hci2: command tx timeout [ 93.580805][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.587928][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.614117][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.627954][ T5846] Bluetooth: hci3: command tx timeout [ 93.627976][ T5843] Bluetooth: hci1: command tx timeout [ 93.628215][ T51] Bluetooth: hci0: command tx timeout [ 93.634311][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.651514][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.677655][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.699050][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.748336][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.826912][ T5831] hsr_slave_0: entered promiscuous mode [ 93.834432][ T5831] hsr_slave_1: entered promiscuous mode [ 93.840469][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.849147][ T5831] Cannot create hsr debugfs directory [ 93.904673][ T5839] team0: Port device team_slave_0 added [ 93.917580][ T5830] hsr_slave_0: entered promiscuous mode [ 93.925232][ T5830] hsr_slave_1: entered promiscuous mode [ 93.931298][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.939491][ T5830] Cannot create hsr debugfs directory [ 93.961485][ T5839] team0: Port device team_slave_1 added [ 94.098731][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.106300][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.132310][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.175933][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.183287][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.209824][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.369297][ T5839] hsr_slave_0: entered promiscuous mode [ 94.376533][ T5839] hsr_slave_1: entered promiscuous mode [ 94.382597][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.390599][ T5839] Cannot create hsr debugfs directory [ 94.501926][ T5832] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.515252][ T5832] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.549882][ T5832] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.567170][ T5832] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.677598][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.694444][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.705318][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.730524][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.811680][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.832549][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.846029][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.858226][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.999382][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.017748][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.028470][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.046899][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.058611][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.125654][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.177918][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.185226][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.198676][ T1103] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.205812][ T1103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.249185][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.284726][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.351159][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.386021][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.393257][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.408890][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.450557][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.457698][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.467576][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.474782][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.485143][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.492310][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.574862][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.593504][ T51] Bluetooth: hci2: command tx timeout [ 95.674324][ T51] Bluetooth: hci0: command tx timeout [ 95.677724][ T5846] Bluetooth: hci1: command tx timeout [ 95.679753][ T5843] Bluetooth: hci3: command tx timeout [ 95.711778][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.800940][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.808214][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.855596][ T1103] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.862826][ T1103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.089896][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.269979][ T5832] veth0_vlan: entered promiscuous mode [ 96.321980][ T5832] veth1_vlan: entered promiscuous mode [ 96.349589][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.480039][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.497264][ T5832] veth0_macvtap: entered promiscuous mode [ 96.545849][ T5832] veth1_macvtap: entered promiscuous mode [ 96.594369][ T5831] veth0_vlan: entered promiscuous mode [ 96.610238][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.630204][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.648015][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.661127][ T5831] veth1_vlan: entered promiscuous mode [ 96.675153][ T5832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.684715][ T5832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.693802][ T5832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.702531][ T5832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.772607][ T5830] veth0_vlan: entered promiscuous mode [ 96.806338][ T5830] veth1_vlan: entered promiscuous mode [ 96.852869][ T5831] veth0_macvtap: entered promiscuous mode [ 96.893577][ T5839] veth0_vlan: entered promiscuous mode [ 96.924360][ T5831] veth1_macvtap: entered promiscuous mode [ 96.949823][ T5839] veth1_vlan: entered promiscuous mode [ 96.964733][ T3533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.971763][ T5830] veth0_macvtap: entered promiscuous mode [ 96.978602][ T3533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.036145][ T5830] veth1_macvtap: entered promiscuous mode [ 97.061797][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.082138][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.084599][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.097411][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.120453][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.137629][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.162764][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.176210][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.185969][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.196392][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.211121][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.221809][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.231264][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.240510][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.279546][ T977] cfg80211: failed to load regulatory.db [ 97.289460][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.337612][ T5839] veth0_macvtap: entered promiscuous mode [ 97.382747][ T5839] veth1_macvtap: entered promiscuous mode [ 97.490819][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.525238][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.580523][ T5839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.610793][ T5839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.622887][ T5839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.631655][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.659153][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.668854][ T3533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.678135][ T3533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.681393][ T5846] Bluetooth: hci2: command tx timeout [ 97.687206][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.753806][ T5846] Bluetooth: hci0: command tx timeout [ 97.754142][ T51] Bluetooth: hci3: command tx timeout [ 97.759253][ T5846] Bluetooth: hci1: command tx timeout [ 97.812282][ T3533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.835820][ T3533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.955949][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.976381][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.103567][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.135521][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.323106][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.330996][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.605833][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.608056][ T5941] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 98.832699][ T5942] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8'. [ 98.867547][ T5942] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8'. [ 98.896076][ T5942] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8'. [ 98.922273][ T5942] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8'. [ 98.945337][ T5942] netlink: 342 bytes leftover after parsing attributes in process `syz.1.8'. [ 99.378318][ T5846] Bluetooth: hci1: Malformed HCI Event [ 99.380507][ T5956] Zero length message leads to an empty skb [ 99.424913][ T5956] [ 99.427306][ T5956] ============================================ [ 99.433574][ T5956] WARNING: possible recursive locking detected [ 99.439752][ T5956] 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 Not tainted [ 99.446896][ T5956] -------------------------------------------- [ 99.453080][ T5956] syz.2.11/5956 is trying to acquire lock: [ 99.458926][ T5956] ffff888027d2e878 (&p->frag_sem){.+.+}-{4:4}, at: __configfs_open_file+0xe8/0x9c0 [ 99.468322][ T5956] [ 99.468322][ T5956] but task is already holding lock: [ 99.475724][ T5956] ffff888027d2e878 (&p->frag_sem){.+.+}-{4:4}, at: configfs_write_iter+0x219/0x4e0 [ 99.485114][ T5956] [ 99.485114][ T5956] other info that might help us debug this: [ 99.493186][ T5956] Possible unsafe locking scenario: [ 99.493186][ T5956] [ 99.500643][ T5956] CPU0 [ 99.503933][ T5956] ---- [ 99.507225][ T5956] lock(&p->frag_sem); [ 99.511397][ T5956] lock(&p->frag_sem); [ 99.515570][ T5956] [ 99.515570][ T5956] *** DEADLOCK *** [ 99.515570][ T5956] [ 99.523724][ T5956] May be due to missing lock nesting notation [ 99.523724][ T5956] [ 99.532047][ T5956] 5 locks held by syz.2.11/5956: [ 99.536994][ T5956] #0: ffff88803206cd38 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 99.546091][ T5956] #1: ffff888145af4428 (sb_writers#13){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 99.555213][ T5956] #2: ffff88807c64c288 (&buffer->mutex){+.+.}-{4:4}, at: configfs_write_iter+0x75/0x4e0 [ 99.565090][ T5956] #3: ffff888027d2e878 (&p->frag_sem){.+.+}-{4:4}, at: configfs_write_iter+0x219/0x4e0 [ 99.574883][ T5956] #4: ffffffff8f677f48 (target_devices_lock){+.+.}-{4:4}, at: target_core_item_dbroot_store+0x21/0x350 [ 99.586151][ T5956] [ 99.586151][ T5956] stack backtrace: [ 99.592049][ T5956] CPU: 0 UID: 0 PID: 5956 Comm: syz.2.11 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) [ 99.592077][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 99.592090][ T5956] Call Trace: [ 99.592097][ T5956] [ 99.592105][ T5956] dump_stack_lvl+0x116/0x1f0 [ 99.592139][ T5956] print_deadlock_bug+0x1e9/0x240 [ 99.592175][ T5956] __lock_acquire+0x1106/0x1c90 [ 99.592208][ T5956] lock_acquire+0x179/0x350 [ 99.592237][ T5956] ? __configfs_open_file+0xe8/0x9c0 [ 99.592270][ T5956] ? __pfx___might_resched+0x10/0x10 [ 99.592295][ T5956] down_read+0x9b/0x480 [ 99.592316][ T5956] ? __configfs_open_file+0xe8/0x9c0 [ 99.592349][ T5956] ? __pfx_down_read+0x10/0x10 [ 99.592373][ T5956] __configfs_open_file+0xe8/0x9c0 [ 99.592406][ T5956] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 99.592437][ T5956] do_dentry_open+0x744/0x1c10 [ 99.592468][ T5956] ? __pfx_configfs_open_file+0x10/0x10 [ 99.592503][ T5956] vfs_open+0x82/0x3f0 [ 99.592526][ T5956] path_openat+0x1de4/0x2cb0 [ 99.592560][ T5956] ? __pfx_path_openat+0x10/0x10 [ 99.592590][ T5956] ? kasan_save_stack+0x42/0x60 [ 99.592619][ T5956] ? kasan_save_stack+0x33/0x60 [ 99.592648][ T5956] ? kasan_save_track+0x14/0x30 [ 99.592678][ T5956] ? __kasan_slab_alloc+0x89/0x90 [ 99.592711][ T5956] do_filp_open+0x20b/0x470 [ 99.592740][ T5956] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.592763][ T5956] ? __pfx_do_filp_open+0x10/0x10 [ 99.592807][ T5956] file_open_name+0x2a3/0x450 [ 99.592832][ T5956] ? __pfx_file_open_name+0x10/0x10 [ 99.592858][ T5956] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 99.592889][ T5956] ? getname_kernel+0x52/0x370 [ 99.592910][ T5956] ? __asan_memcpy+0x3c/0x60 [ 99.592939][ T5956] filp_open+0x4b/0x80 [ 99.592961][ T5956] target_core_item_dbroot_store+0x108/0x350 [ 99.592988][ T5956] configfs_write_iter+0x303/0x4e0 [ 99.593021][ T5956] vfs_write+0x6c7/0x1150 [ 99.593050][ T5956] ? __pfx_configfs_write_iter+0x10/0x10 [ 99.593083][ T5956] ? __pfx___mutex_lock+0x10/0x10 [ 99.593116][ T5956] ? __pfx_vfs_write+0x10/0x10 [ 99.593159][ T5956] ksys_write+0x12a/0x250 [ 99.593189][ T5956] ? __pfx_ksys_write+0x10/0x10 [ 99.593222][ T5956] do_syscall_64+0xcd/0x490 [ 99.593255][ T5956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.593277][ T5956] RIP: 0033:0x7f46b238e929 [ 99.593295][ T5956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.593316][ T5956] RSP: 002b:00007f46b316d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 99.593336][ T5956] RAX: ffffffffffffffda RBX: 00007f46b25b5fa0 RCX: 00007f46b238e929 [ 99.593350][ T5956] RDX: 0000000000000063 RSI: 0000200000000000 RDI: 0000000000000003 [ 99.593365][ T5956] RBP: 00007f46b2410b39 R08: 0000000000000000 R09: 0000000000000000 [ 99.593379][ T5956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.593392][ T5956] R13: 0000000000000000 R14: 00007f46b25b5fa0 R15: 00007ffeeed61778 [ 99.593411][ T5956] [ 99.593434][ C0] vkms_vblank_simulate: vblank timer overrun [ 99.896967][ C0] vkms_vblank_simulate: vblank timer overrun [ 99.907047][ T5846] Bluetooth: hci2: command tx timeout [ 99.912532][ T5846] Bluetooth: hci1: command tx timeout [ 99.918426][ T5846] Bluetooth: hci3: command tx timeout [ 99.924203][ T5846] Bluetooth: hci0: command tx timeout [ 99.925027][ T5956] db_root: not a directory: /sys/kernel/config/target/dbroot [ 99.947395][ T30] audit: type=1804 audit(1751004552.812:2): pid=5956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.11" name="/newroot/sys/kernel/config/target/dbroot" dev="configfs" ino=6718 res=1 errno=0 [ 100.019424][ T30] audit: type=1800 audit(1751004552.812:3): pid=5956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.11" name="dbroot" dev="configfs" ino=6718 res=0 errno=0 [ 100.199818][ T5957] zswap: compressor not available