last executing test programs: 6.595628033s ago: executing program 0 (id=1): openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000007c0)='/sys/devices/platform/vivid.0/cec23/uevent\x00', 0x80000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r1 = open(0x0, 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) io_uring_setup$auto(0x9, 0x0) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r1, r3, 0x4, 0x401, r2, @relative_id=0x14, 0xe600}, 0xd) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000800)=""/119, 0x77) 6.37079201s ago: executing program 3 (id=4): openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, 0x0, 0x410000, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) unshare$auto(0x40000080) alarm$auto(0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0x4000800) socket(0x9, 0x3, 0x100) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x400800}, 0x8) socket$nl_generic(0x10, 0x3, 0x10) landlock_create_ruleset$auto(&(0x7f0000000000)={0x9, 0x402, 0x7}, 0x9, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000480)) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000000)) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000100)="15") mmap$auto(0x0, 0x8, 0xe2, 0xeb1, 0x69a5, 0xa800000000000000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x8, &(0x7f0000000140)={0x3ff, 0x3, 0x9, 0x10001, 0x12, 0xc05, 0xffffffffffffffff, [0x7ff, 0xfff, 0x8], {0x9, 0x1, 0x5, 0x100, 0x400, 0x0, 0x3fdf, 0x5, 0x1000000000e8}, {0x2, 0x100, 0x54f1, 0x0, 0x101, 0xff, 0x8d6, 0xa, 0x3}}) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) 6.191014134s ago: executing program 0 (id=5): openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22d02, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x80, 0x104, 0x6, 0x20000000003}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x60100, 0x0) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) mmap$auto(0x0, 0x8000000000020006, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fsconfig$auto_SHMEM_HUGE_WITHIN_SIZE(r0, 0xffffffff, &(0x7f0000000040)='\x00', &(0x7f0000000100)="3d70aa42ea72d62d7d2fe39f29603dff8f97c1b1b50e7e992be3959f9d7ee99631dcfa2436c0c16d6b7ce4ee4ec8cf2014a1b7042667e1556a1e592d73cb9181caa36be823fa68b77e63ca01d8a165e47bc429172f0e53852fb397d6dcaa0527abb4ca74db06a015a927aef31bc4804bb0595644acb2b83cbe1a201edd1befdc2cd21c360f43fbfbde7672c5485582b3b5e1f57505c660d153201f663f086f8d37a45d457285063c7ab32e0a0ccec8488beacb7556197bb94b0d63ae87ff5c7af050968766e3ba3ff8b53b44c0add5e50958", 0x2) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio12\x00', 0x0, 0x0) poll$auto(&(0x7f0000000480)={r2, 0xffff, 0x29}, 0x3, 0x8) unshare$auto(0x40000080) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) mmap$auto(0xfffffffffffffffc, 0x40000b, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card1\x00', 0x101002, 0x0) ioctl$auto(r3, 0x9000643a, 0xc35) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyc7/dev\x00', 0x4000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd7000fbdbdf2503000000040008000c000180080003"], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) 5.367406321s ago: executing program 3 (id=6): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x1, 0x0) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x1, 0x0, 0x8004) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x1, 0x0) sigaltstack$auto(0x0, 0x0) sendto$auto(0x3, 0x0, 0xfdef, 0x7, 0x0, 0x20) 5.340651378s ago: executing program 2 (id=3): openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22d02, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x80, 0x104, 0x6, 0x20000000003}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x60100, 0x0) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) mmap$auto(0x0, 0x8000000000020006, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fsconfig$auto_SHMEM_HUGE_WITHIN_SIZE(r0, 0xffffffff, &(0x7f0000000040)='\x00', &(0x7f0000000100)="3d70aa42ea72d62d7d2fe39f29603dff8f97c1b1b50e7e992be3959f9d7ee99631dcfa2436c0c16d6b7ce4ee4ec8cf2014a1b7042667e1556a1e592d73cb9181caa36be823fa68b77e63ca01d8a165e47bc429172f0e53852fb397d6dcaa0527abb4ca74db06a015a927aef31bc4804bb0595644acb2b83cbe1a201edd1befdc2cd21c360f43fbfbde7672c5485582b3b5e1f57505c660d153201f663f086f8d37a45d457285063c7ab32e0a0ccec8488beacb7556197bb94b0d63ae87ff5c7af050968766e3ba3ff8b53b44c0add5e509588a9269cf36fb81", 0x2) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio12\x00', 0x0, 0x0) poll$auto(&(0x7f0000000480)={r2, 0xffff, 0x29}, 0x3, 0x8) unshare$auto(0x40000080) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) mmap$auto(0xfffffffffffffffc, 0x40000b, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card1\x00', 0x101002, 0x0) ioctl$auto(r3, 0x9000643a, 0xc35) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyc7/dev\x00', 0x4000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd7000fbdbdf2503000000040008000c000180080003"], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) 5.169278483s ago: executing program 1 (id=2): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'veth0_to_bond\x00', 0x0}) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r2) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000300)={0x28, r4, 0x1, 0x70bd2a, 0x25dfdc00, {}, [@ETHTOOL_A_CHANNELS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x400, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r7 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r7, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1a001}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) setsockopt$auto(0x3, 0x10000000084, 0x80, 0x0, 0x8) setsockopt$auto(0x3, 0x10000000084, 0x5, 0x0, 0x84) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r6, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x4, 0x9}, 0x92) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'veth1_to_team\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x12c, r4, 0x100, 0x81, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x101}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_CHANNELS_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xc09}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}, @ETHTOOL_A_CHANNELS_HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x400}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x200}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x101}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x40000}, 0x1) r11 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x5c, r11, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x10}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x211e789c}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @empty=0x1000000}}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @local}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) 4.720768017s ago: executing program 1 (id=7): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon35\x00', 0x400, 0x0) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0x7) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x10000, 0x41) rmdir$auto(&(0x7f0000000380)='./file0\x00') getdents$auto(r0, 0x0, 0x2) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101102, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x3, 0x4000000000df, 0x1ff, r2, 0x92e3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x8) io_uring_setup$auto(0x7, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon21\x00', 0xe001, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, r1, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto(r4, 0x545c, 0xffffffffffffffff) 3.055738009s ago: executing program 1 (id=8): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/audit\x00', 0xb02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x801, 0x4, 0x5, 0x7) r1 = socket(0xa, 0x2, 0x36) setsockopt$auto(r1, 0x29, 0x3e, 0x0, 0x1ff) finit_module$auto(0x3, 0xfffffffffffffffe, 0x9) prctl$auto(0x1000000003b, 0x3, 0x0, 0xd, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80002, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x1) socket(0xa, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xc) socket(0x2, 0x1, 0x106) socket(0x21, 0x2, 0x2) bind$auto(0x3, &(0x7f0000000100)=@tipc=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x200002, 0x2}}, 0x5) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55) write$auto(0x3, 0x0, 0x7fffffff) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) socket(0x2, 0x2, 0x88) openat$auto_bsg_fops_bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg/1:0:0:0\x00', 0x80, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) socket(0x27, 0x2, 0xbd1) socket(0xa, 0x801, 0x84) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0xffff, 0x300, 0x0) listen$auto(0x3, 0x400000) shutdown$auto(0x200000003, 0x2) sendfile$auto(r0, 0x3, 0x0, 0x7ffff000) 2.952049273s ago: executing program 2 (id=9): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon35\x00', 0x400, 0x0) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0x7) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x10000, 0x41) rmdir$auto(&(0x7f0000000380)='./file0\x00') getdents$auto(r0, 0x0, 0x2) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101102, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x3, 0x4000000000df, 0x1ff, r2, 0x92e3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0004, 0x19) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x8) io_uring_setup$auto(0x7, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon21\x00', 0xe001, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, r1, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto(r4, 0x545c, 0xffffffffffffffff) 2.677914068s ago: executing program 0 (id=10): close_range$auto(0x2, 0x8, 0x0) openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000100), 0x602242, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto_MADV_NOHUGEPAGE(0x5106, 0x4, 0xf) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop10/mq/0/nr_tags\x00', 0x20100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f00000001c0)="06067400bd1373ade283e29ef03b962ce2532b902d293cb9ffbe57505c7425ffcc92c9a9d8602b56a825a02f8e7d905e4856d3295886aba91b45", 0x3a) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x88b, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="04002bbd7004ffdbdf250500000008000500030000000c00018008000302"], 0x28}, 0x1, 0x0, 0x0, 0x278e18a297a8387c}, 0x24000802) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x5, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fddbdf250300000004000800040003374b0008"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 2.468311267s ago: executing program 3 (id=11): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) userfaultfd$auto(0x1) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) set_mempolicy$auto(0x2, 0x0, 0x4) shmget$auto(0x8, 0x10565, 0x7ff) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) shmdt$auto(&(0x7f0000000000)='(\x00') mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xca, 0x0, 0x1ff) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000340), 0x108800, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) adjtimex$auto(&(0x7f0000000100)={0xfffffffd, 0x0, 0x1933, 0x0, 0x1800000000000, 0x3d5, 0xfffffffc, 0x0, 0x0, 0x7, 0x1, {0xc, 0x1}, 0x48, 0x0, 0xcc5, 0x0, 0x0, 0x6, 0x18f, 0x7f, 0xffffffff, 0x9, 0x8}) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x2, 0x2) r1 = prctl$auto_PR_SCHED_CORE_GET(0xfff, 0x0, 0xffffffffffffffff, 0x5b, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'pimreg\x00'}) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) socket(0x1f, 0x800, 0xffffff01) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_netdev(&(0x7f00000000c0), r1) 1.730102009s ago: executing program 1 (id=12): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x1, 0x0) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x1, 0x0, 0x8004) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x1, 0x0) sigaltstack$auto(&(0x7f0000000040)={0x0, 0x80000000, 0x7fffffffffffffff}, 0x0) sendto$auto(0x3, 0x0, 0xfdef, 0x7, &(0x7f0000000440)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x4}}, 0x20) 529.282633ms ago: executing program 2 (id=13): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_UBI_IOCDET(0xffffffffffffffff, 0x40046f41, 0x0) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000500)='/dev/cpu/0/cpuid\x00', 0xad00, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/sctp/rto_beta_exp_divisor\x00', 0xa0081, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x29, 0x2, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x200408a4}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x40040) recvmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/maps\x00', 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x11, 0x800, 0x2) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) get_mempolicy$auto(0x0, 0x0, 0x3, 0x1ff, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) r5 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r5, &(0x7f0000000100)="4ceac02070916ed1dc1f91", 0xb) sendmsg$auto_NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="20002bbd7000fedbdf25680000000c00311c0004008c00080023010004000000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20040041}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) 244.025107ms ago: executing program 1 (id=14): openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000040)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) mmap$auto(0x3, 0x8001, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x880080, 0x0) bpf$auto(0x40000e, &(0x7f00000002c0)=@bpf_attr_4={0x2, r1, 0x1, r1}, 0x5) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) open(0x0, 0x222ac2, 0x5d745cb200ae4d73) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x8000000}, 0x3, 0xf8, 0x10) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/oom_adj\x00', 0x4000, 0x0) read$auto(r2, 0x0, 0x1f40) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop12/queue/nr_requests\x00', 0x80302, 0x0) read$auto(r3, 0x0, 0xf30) write$auto(0x3, 0x0, 0xffd8) 0s ago: executing program 3 (id=15): openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x22d02, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x80, 0x104, 0x6, 0x20000000003}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x60100, 0x0) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) mmap$auto(0x0, 0x8000000000020006, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fsconfig$auto_SHMEM_HUGE_WITHIN_SIZE(r0, 0xffffffff, &(0x7f0000000040)='\x00', &(0x7f0000000100)="3d70aa42ea72d62d7d2fe39f29603dff8f97c1b1b50e7e992be3959f9d7ee99631dcfa2436c0c16d6b7ce4ee4ec8cf2014a1b7042667e1556a1e592d73cb9181caa36be823fa68b77e63ca01d8a165e47bc429172f0e53852fb397d6dcaa0527abb4ca74db06a015a927aef31bc4804b", 0x2) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/swradio12\x00', 0x0, 0x0) poll$auto(&(0x7f0000000480)={r2, 0xffff, 0x29}, 0x3, 0x8) unshare$auto(0x40000080) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) mmap$auto(0xfffffffffffffffc, 0x40000b, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/card1\x00', 0x101002, 0x0) ioctl$auto(r3, 0x9000643a, 0xc35) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyc7/dev\x00', 0x4000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd7000fbdbdf2503000000040008000c000180080003"], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts. [ 338.765064][ T5857] cgroup: Unknown subsys name 'net' [ 338.962001][ T5857] cgroup: Unknown subsys name 'cpuset' [ 338.971510][ T5857] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 340.827375][ T5857] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 343.254560][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 343.263222][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 343.271602][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 343.279533][ T5870] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 343.298497][ T5870] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 343.306405][ T5870] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 343.307702][ T5881] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 343.322599][ T5881] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 343.326231][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 343.330783][ T5881] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 343.345871][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 343.353832][ T5870] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 343.362196][ T5883] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 343.369640][ T5870] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 343.371349][ T5884] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 343.378739][ T5883] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 343.385149][ T5884] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 343.392024][ T5870] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 343.399090][ T5884] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 343.423884][ T5884] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 344.007699][ T5869] chnl_net:caif_netlink_parms(): no params data found [ 344.074064][ T5868] chnl_net:caif_netlink_parms(): no params data found [ 344.218204][ T5872] chnl_net:caif_netlink_parms(): no params data found [ 344.346512][ T5869] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.354702][ T5869] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.362851][ T5869] bridge_slave_0: entered allmulticast mode [ 344.370936][ T5869] bridge_slave_0: entered promiscuous mode [ 344.437684][ T5869] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.444919][ T5869] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.453169][ T5869] bridge_slave_1: entered allmulticast mode [ 344.461189][ T5869] bridge_slave_1: entered promiscuous mode [ 344.504175][ T5867] chnl_net:caif_netlink_parms(): no params data found [ 344.517371][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.524954][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.532725][ T5868] bridge_slave_0: entered allmulticast mode [ 344.540830][ T5868] bridge_slave_0: entered promiscuous mode [ 344.552099][ T5869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 344.565322][ T5869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 344.603981][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.611652][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.619049][ T5868] bridge_slave_1: entered allmulticast mode [ 344.626827][ T5868] bridge_slave_1: entered promiscuous mode [ 344.725560][ T5869] team0: Port device team_slave_0 added [ 344.732455][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.739947][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.747251][ T5872] bridge_slave_0: entered allmulticast mode [ 344.754642][ T5872] bridge_slave_0: entered promiscuous mode [ 344.771132][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 344.784888][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 344.797073][ T5869] team0: Port device team_slave_1 added [ 344.817559][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.824858][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.832207][ T5872] bridge_slave_1: entered allmulticast mode [ 344.840113][ T5872] bridge_slave_1: entered promiscuous mode [ 344.965547][ T5868] team0: Port device team_slave_0 added [ 344.975567][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 345.002018][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 345.009433][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.036229][ T5869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 345.050243][ T5868] team0: Port device team_slave_1 added [ 345.060024][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 345.084812][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.092264][ T5867] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.099791][ T5867] bridge_slave_0: entered allmulticast mode [ 345.107512][ T5867] bridge_slave_0: entered promiscuous mode [ 345.115934][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 345.122926][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.148936][ T5869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 345.196701][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.203924][ T5867] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.216146][ T5867] bridge_slave_1: entered allmulticast mode [ 345.223596][ T5867] bridge_slave_1: entered promiscuous mode [ 345.310800][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 345.318442][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.344544][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 345.360211][ T5872] team0: Port device team_slave_0 added [ 345.369705][ T5867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 345.394178][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 345.401274][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.427308][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 345.446839][ T5884] Bluetooth: hci3: command tx timeout [ 345.449344][ T5872] team0: Port device team_slave_1 added [ 345.461281][ T5867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 345.491637][ T5869] hsr_slave_0: entered promiscuous mode [ 345.498808][ T5869] hsr_slave_1: entered promiscuous mode [ 345.526559][ T55] Bluetooth: hci1: command tx timeout [ 345.532306][ T5139] Bluetooth: hci2: command tx timeout [ 345.538121][ T5884] Bluetooth: hci0: command tx timeout [ 345.594306][ T5868] hsr_slave_0: entered promiscuous mode [ 345.600945][ T5868] hsr_slave_1: entered promiscuous mode [ 345.608447][ T5868] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 345.617375][ T5868] Cannot create hsr debugfs directory [ 345.640196][ T5867] team0: Port device team_slave_0 added [ 345.650771][ T5867] team0: Port device team_slave_1 added [ 345.665709][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 345.672843][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.699555][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 345.757521][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 345.764528][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.790944][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 345.817890][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 345.824903][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.851348][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 345.864548][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 345.871784][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.897815][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 346.038631][ T5872] hsr_slave_0: entered promiscuous mode [ 346.045094][ T5872] hsr_slave_1: entered promiscuous mode [ 346.051787][ T5872] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 346.059513][ T5872] Cannot create hsr debugfs directory [ 346.140134][ T5867] hsr_slave_0: entered promiscuous mode [ 346.147877][ T5867] hsr_slave_1: entered promiscuous mode [ 346.154366][ T5867] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 346.162123][ T5867] Cannot create hsr debugfs directory [ 346.507553][ T5868] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 346.522457][ T5868] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 346.564656][ T5868] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 346.603075][ T5868] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 346.675496][ T5869] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 346.702989][ T5869] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 346.715248][ T5869] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 346.741191][ T5869] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 346.801550][ T5867] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 346.823750][ T5867] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 346.834919][ T5867] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 346.847840][ T5867] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 346.970964][ T5872] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 346.985743][ T5872] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 347.008222][ T5872] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 347.040025][ T5872] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 347.124471][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.208681][ T5868] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.252958][ T5891] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.260357][ T5891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.300499][ T5869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.334113][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.354363][ T5891] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.361739][ T5891] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.413525][ T5869] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.431000][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.448137][ T5891] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.455351][ T5891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.474735][ T5867] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.511144][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.518408][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.527137][ T5884] Bluetooth: hci3: command tx timeout [ 347.537431][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.544576][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.565243][ T5872] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.606484][ T5884] Bluetooth: hci0: command tx timeout [ 347.611969][ T5884] Bluetooth: hci2: command tx timeout [ 347.617818][ T5139] Bluetooth: hci1: command tx timeout [ 347.659575][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.666819][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.680562][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.687828][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.702725][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.709987][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.222367][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.284199][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.412861][ T5868] veth0_vlan: entered promiscuous mode [ 348.472757][ T5868] veth1_vlan: entered promiscuous mode [ 348.525501][ T5867] veth0_vlan: entered promiscuous mode [ 348.551693][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.580459][ T5867] veth1_vlan: entered promiscuous mode [ 348.599959][ T5868] veth0_macvtap: entered promiscuous mode [ 348.617395][ T5868] veth1_macvtap: entered promiscuous mode [ 348.659457][ T5869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.685173][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 348.712225][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 348.754281][ T5867] veth0_macvtap: entered promiscuous mode [ 348.767679][ T5868] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.777808][ T5868] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.788534][ T5868] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.798012][ T5868] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 348.812340][ T5872] veth0_vlan: entered promiscuous mode [ 348.822495][ T5867] veth1_macvtap: entered promiscuous mode [ 348.863967][ T5872] veth1_vlan: entered promiscuous mode [ 348.929623][ T5869] veth0_vlan: entered promiscuous mode [ 348.943582][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 348.989208][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 349.020325][ T5867] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.031868][ T5867] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.041973][ T5867] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.055077][ T5867] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.073907][ T5869] veth1_vlan: entered promiscuous mode [ 349.114169][ T5872] veth0_macvtap: entered promiscuous mode [ 349.116815][ T5912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.138237][ T5912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.221444][ T5872] veth1_macvtap: entered promiscuous mode [ 349.255453][ T5917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.265433][ T5917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.323642][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 349.326591][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.361000][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.378119][ T5869] veth0_macvtap: entered promiscuous mode [ 349.419520][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 349.446331][ T5868] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 349.449216][ T5869] veth1_macvtap: entered promiscuous mode [ 349.475758][ T5872] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.486033][ T5872] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.494780][ T5872] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.505002][ T5872] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.521002][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.530472][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.594075][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 349.609722][ T5884] Bluetooth: hci3: command tx timeout [ 349.686234][ T5884] Bluetooth: hci2: command tx timeout [ 349.691923][ T5139] Bluetooth: hci0: command tx timeout [ 349.699976][ T55] Bluetooth: hci1: command tx timeout [ 349.723123][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 349.757184][ T5869] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.768746][ T5869] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.777620][ T5869] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.786482][ T5869] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.900165][ T5937] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 349.997332][ T5917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.005201][ T5917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.221444][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.222779][ T5945] Zero length message leads to an empty skb [ 350.259373][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.426588][ T5949] process 'syz.0.5' launched './file0' with NULL argv: empty string added [ 350.489964][ T5921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.498124][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.515584][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.525175][ T5921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.701244][ T5954] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 351.386867][ T5956] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 351.542410][ T5958] lo: entered allmulticast mode [ 351.569123][ T5958] lo: left allmulticast mode [ 351.699420][ T5884] Bluetooth: hci3: command tx timeout [ 351.766643][ T5884] Bluetooth: hci2: command tx timeout [ 351.766814][ T55] Bluetooth: hci1: command tx timeout [ 351.785957][ T5139] Bluetooth: hci0: command tx timeout [ 352.716552][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 353.096479][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 353.415015][ T5976] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 353.546287][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 354.066343][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 354.086423][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 354.345369][ T30] audit: type=1800 audit(1747558756.998:2): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.11" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 354.659944][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 354.680354][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 355.229293][ T5990] lo: entered allmulticast mode [ 355.278596][ T5990] lo: left allmulticast mode [ 355.868334][ T6000] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 356.356769][ T6003] [ 356.359180][ T6003] ====================================================== [ 356.366253][ T6003] WARNING: possible circular locking dependency detected [ 356.373317][ T6003] 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 Not tainted [ 356.380444][ T6003] ------------------------------------------------------ [ 356.387475][ T6003] syz.1.14/6003 is trying to acquire lock: [ 356.393309][ T6003] ffff888144f285d8 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 356.403198][ T6003] [ 356.403198][ T6003] but task is already holding lock: [ 356.410592][ T6003] ffff888144f280a8 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 356.421891][ T6003] [ 356.421891][ T6003] which lock already depends on the new lock. [ 356.421891][ T6003] [ 356.432317][ T6003] [ 356.432317][ T6003] the existing dependency chain (in reverse order) is: [ 356.441347][ T6003] [ 356.441347][ T6003] -> #2 (&q->q_usage_counter(io)#29){++++}-{0:0}: [ 356.450000][ T6003] blk_alloc_queue+0x619/0x760 [ 356.455325][ T6003] blk_mq_alloc_queue+0x179/0x290 [ 356.460914][ T6003] __blk_mq_alloc_disk+0x29/0x120 [ 356.466509][ T6003] loop_add+0x496/0xb70 [ 356.471221][ T6003] loop_init+0x164/0x270 [ 356.476025][ T6003] do_one_initcall+0x120/0x6e0 [ 356.481345][ T6003] kernel_init_freeable+0x5c2/0x900 [ 356.487111][ T6003] kernel_init+0x1c/0x2b0 [ 356.491997][ T6003] ret_from_fork+0x48/0x80 [ 356.496959][ T6003] ret_from_fork_asm+0x1a/0x30 [ 356.502284][ T6003] [ 356.502284][ T6003] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 356.509536][ T6003] fs_reclaim_acquire+0x102/0x150 [ 356.515129][ T6003] kmem_cache_alloc_noprof+0x53/0x3b0 [ 356.521054][ T6003] __kernfs_new_node+0xd2/0x8a0 [ 356.526461][ T6003] kernfs_new_node+0x13c/0x1e0 [ 356.531785][ T6003] kernfs_create_dir_ns+0x4c/0x1a0 [ 356.537450][ T6003] sysfs_create_dir_ns+0x13a/0x2b0 [ 356.543126][ T6003] kobject_add_internal+0x2c4/0x9b0 [ 356.548884][ T6003] kobject_add+0x16e/0x240 [ 356.553849][ T6003] elv_register_queue+0xd3/0x2a0 [ 356.559347][ T6003] blk_register_queue+0x3c4/0x560 [ 356.564959][ T6003] add_disk_fwnode+0x911/0x13a0 [ 356.570376][ T6003] nbd_dev_add+0x78e/0xbb0 [ 356.575342][ T6003] nbd_init+0x181/0x320 [ 356.580057][ T6003] do_one_initcall+0x120/0x6e0 [ 356.585381][ T6003] kernel_init_freeable+0x5c2/0x900 [ 356.591146][ T6003] kernel_init+0x1c/0x2b0 [ 356.596028][ T6003] ret_from_fork+0x48/0x80 [ 356.600991][ T6003] ret_from_fork_asm+0x1a/0x30 [ 356.606317][ T6003] [ 356.606317][ T6003] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 356.614176][ T6003] __lock_acquire+0x1173/0x1ba0 [ 356.619589][ T6003] lock_acquire+0x179/0x350 [ 356.624853][ T6003] __mutex_lock+0x199/0xb90 [ 356.629928][ T6003] queue_requests_store+0x1c7/0x310 [ 356.635675][ T6003] queue_attr_store+0x273/0x310 [ 356.641072][ T6003] sysfs_kf_write+0xf2/0x150 [ 356.646230][ T6003] kernfs_fop_write_iter+0x351/0x510 [ 356.652076][ T6003] vfs_write+0x5ba/0x1180 [ 356.656950][ T6003] ksys_write+0x12a/0x240 [ 356.661839][ T6003] do_syscall_64+0xcd/0x230 [ 356.666906][ T6003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.673346][ T6003] [ 356.673346][ T6003] other info that might help us debug this: [ 356.673346][ T6003] [ 356.683590][ T6003] Chain exists of: [ 356.683590][ T6003] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#29 [ 356.683590][ T6003] [ 356.697377][ T6003] Possible unsafe locking scenario: [ 356.697377][ T6003] [ 356.704835][ T6003] CPU0 CPU1 [ 356.710217][ T6003] ---- ---- [ 356.715593][ T6003] lock(&q->q_usage_counter(io)#29); [ 356.721003][ T6003] lock(fs_reclaim); [ 356.727537][ T6003] lock(&q->q_usage_counter(io)#29); [ 356.735479][ T6003] lock(&q->elevator_lock); [ 356.740100][ T6003] [ 356.740100][ T6003] *** DEADLOCK *** [ 356.740100][ T6003] [ 356.748258][ T6003] 6 locks held by syz.1.14/6003: [ 356.753213][ T6003] #0: ffff88801280beb8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 356.762323][ T6003] #1: ffff888032b90420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 356.771347][ T6003] #2: ffff8880325cd888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 356.781151][ T6003] #3: ffff8881417b3c38 (kn->active#62){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 356.791244][ T6003] #4: ffff888144f280a8 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 356.802979][ T6003] #5: ffff888144f280e0 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 356.814981][ T6003] [ 356.814981][ T6003] stack backtrace: [ 356.820905][ T6003] CPU: 0 UID: 0 PID: 6003 Comm: syz.1.14 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 356.820941][ T6003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 356.820961][ T6003] Call Trace: [ 356.820970][ T6003] [ 356.820984][ T6003] dump_stack_lvl+0x116/0x1f0 [ 356.821032][ T6003] print_circular_bug+0x275/0x350 [ 356.821069][ T6003] check_noncircular+0x14c/0x170 [ 356.821107][ T6003] __lock_acquire+0x1173/0x1ba0 [ 356.821148][ T6003] lock_acquire+0x179/0x350 [ 356.821182][ T6003] ? queue_requests_store+0x1c7/0x310 [ 356.821217][ T6003] ? __pfx___might_resched+0x10/0x10 [ 356.821247][ T6003] ? do_raw_spin_lock+0x12c/0x2b0 [ 356.821290][ T6003] __mutex_lock+0x199/0xb90 [ 356.821331][ T6003] ? queue_requests_store+0x1c7/0x310 [ 356.821359][ T6003] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 356.821396][ T6003] ? queue_requests_store+0x1c7/0x310 [ 356.821422][ T6003] ? lockdep_hardirqs_on+0x7c/0x110 [ 356.821461][ T6003] ? __pfx___mutex_lock+0x10/0x10 [ 356.821506][ T6003] ? __pfx_autoremove_wake_function+0x10/0x10 [ 356.821543][ T6003] ? queue_requests_store+0x1c7/0x310 [ 356.821570][ T6003] queue_requests_store+0x1c7/0x310 [ 356.821598][ T6003] ? __pfx_queue_requests_store+0x10/0x10 [ 356.821627][ T6003] ? __mutex_trylock_common+0xe9/0x250 [ 356.821665][ T6003] ? __pfx_queue_requests_store+0x10/0x10 [ 356.821692][ T6003] queue_attr_store+0x273/0x310 [ 356.821718][ T6003] ? __pfx_queue_attr_store+0x10/0x10 [ 356.821751][ T6003] ? find_held_lock+0x2b/0x80 [ 356.821776][ T6003] ? sysfs_file_kobj+0xe4/0x290 [ 356.821816][ T6003] ? __pfx_queue_attr_store+0x10/0x10 [ 356.821841][ T6003] sysfs_kf_write+0xf2/0x150 [ 356.821880][ T6003] kernfs_fop_write_iter+0x351/0x510 [ 356.821915][ T6003] ? __pfx_sysfs_kf_write+0x10/0x10 [ 356.821957][ T6003] vfs_write+0x5ba/0x1180 [ 356.821984][ T6003] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 356.822020][ T6003] ? __pfx___mutex_lock+0x10/0x10 [ 356.822061][ T6003] ? __pfx_vfs_write+0x10/0x10 [ 356.822097][ T6003] ksys_write+0x12a/0x240 [ 356.822122][ T6003] ? __pfx_ksys_write+0x10/0x10 [ 356.822147][ T6003] ? rcu_is_watching+0x12/0xc0 [ 356.822176][ T6003] do_syscall_64+0xcd/0x230 [ 356.822228][ T6003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.822256][ T6003] RIP: 0033:0x7f6d45f8e969 [ 356.822278][ T6003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.822309][ T6003] RSP: 002b:00007f6d46dfd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 356.822333][ T6003] RAX: ffffffffffffffda RBX: 00007f6d461b5fa0 RCX: 00007f6d45f8e969 [ 356.822351][ T6003] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 356.822366][ T6003] RBP: 00007f6d46010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 356.822382][ T6003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.822398][ T6003] R13: 0000000000000000 R14: 00007f6d461b5fa0 R15: 00007ffc533bf8a8 [ 356.822422][ T6003] [ 357.536638][ T6007] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 359.365972][ T5139] Bluetooth: hci4: Opcode 0x0c03 failed: -110