last executing test programs: 2m33.2855905s ago: executing program 3 (id=1586): openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/config/target/dbroot\x00', 0x109103, 0x0) 2m32.859341057s ago: executing program 3 (id=1593): openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/console\x00', 0x48600, 0x0) 2m32.470366152s ago: executing program 3 (id=1602): dup$auto(0x1) 2m31.964382734s ago: executing program 3 (id=1609): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) 2m31.565530632s ago: executing program 3 (id=1616): rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 2m29.923177625s ago: executing program 3 (id=1638): open_tree$auto(0xffffffffffffffff, 0x0, 0x8000) 2m29.393902356s ago: executing program 32 (id=1638): open_tree$auto(0xffffffffffffffff, 0x0, 0x8000) 1.183401742s ago: executing program 2 (id=4456): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/misc/hw_random/rng_quality\x00', 0x180, 0x0) pread64$auto(r0, 0x0, 0x100000001, 0x9) 1.067178511s ago: executing program 2 (id=4459): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/machinecheck/machinecheck0/monarch_timeout\x00', 0x2, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000140)="33aa0d7191af", 0x6) 1.044445312s ago: executing program 0 (id=4460): r0 = openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f00000000c0), 0x8a082, 0x0) write$auto(r0, &(0x7f0000000100)='/dev/cec31\x00', 0x200) 944.570428ms ago: executing program 2 (id=4462): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto_P_ALL(0x0, 0xffffffffffffffff, &(0x7f0000000080)={@siginfo_0_0={0x4, 0xe70, 0x9}}, 0x5, 0x0) 856.303201ms ago: executing program 0 (id=4464): r0 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x2482, 0x0) pread64$auto(r0, 0x0, 0x20000000001, 0x240000) 797.449398ms ago: executing program 4 (id=4465): r0 = socket(0xa, 0x2, 0x88) getsockopt$auto_SO_NETNS_COOKIE(r0, 0x1, 0x47, &(0x7f0000000340)='\x00', &(0x7f0000000380)=0x8) 792.608476ms ago: executing program 1 (id=4466): r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000214af"], 0x14}, 0x1, 0x0, 0x0, 0x20000045}, 0x24000044) 691.828563ms ago: executing program 4 (id=4467): r0 = openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0xa0241, 0x0) write$auto_ftrace_set_event_pid_fops_trace_events(r0, &(0x7f0000000300)="674e77c962d7eaf04802459c9a495a2986bcc0678aa591d3a5acae7020", 0x1d) 666.093763ms ago: executing program 0 (id=4468): r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/reset\x00', 0x82, 0x0) write$auto_debugfs_full_proxy_file_operations_internal(r0, 0x0, 0x20) 633.412182ms ago: executing program 1 (id=4469): r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/uapsd_max_sp_len\x00', 0x82, 0x0) write$auto_debugfs_full_proxy_file_operations_internal(r0, 0x0, 0x20) 586.218112ms ago: executing program 2 (id=4470): r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000080), 0x101, 0x0) ioctl$auto_TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f00000000c0)=0x7ff) 514.175963ms ago: executing program 4 (id=4471): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/bridge/bridge-nf-call-ip6tables\x00', 0xd97f760c479e8c8e, 0x0) write$auto(r0, 0x0, 0x0) 490.798116ms ago: executing program 1 (id=4472): r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kcore\x00', 0x101000, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f00000010c0)=""/4114, 0x1012) 489.153148ms ago: executing program 0 (id=4473): r0 = openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000000), 0x80800, 0x0) read$auto_userio_fops_userio(r0, 0x0, 0x0) 426.662266ms ago: executing program 2 (id=4474): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_hcd.4/usb5/power/level\x00', 0x129882, 0x0) sendfile$auto(r0, r0, 0x0, 0x8) 369.519929ms ago: executing program 1 (id=4475): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop5\x00', 0x14f602, 0x0) bind$auto(r0, &(0x7f0000000040)=@ax25={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8}, 0x67) 332.247497ms ago: executing program 4 (id=4476): keyctl$auto(0x5, 0xffffeffffffffffe, 0x107, 0x803, 0x800000000000c) keyctl$auto(0xf, 0xfffffbfffffffffe, 0x2, 0x32, 0x77c) 294.702126ms ago: executing program 0 (id=4477): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x80091, 0x0) write$auto(r0, &(0x7f0000000080)='\xfddev/sequencer\x00', 0xb90) 245.498655ms ago: executing program 2 (id=4478): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) 228.713612ms ago: executing program 1 (id=4479): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) sendfile$auto(r0, r0, 0x0, 0x4) 153.543413ms ago: executing program 4 (id=4480): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/sys/fs/inode-state\x00', 0x0, 0x0) bpf$auto(0x9, &(0x7f0000000a40)=@prog_bind_map={0xffffffffffffffff, 0xffffffffffffffff, 0x2f}, 0x121) 125.466851ms ago: executing program 0 (id=4481): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x400, 0x0) ioctl$auto(r0, 0x800064bc, 0x1e6) 92.189909ms ago: executing program 1 (id=4482): r0 = socket(0x15, 0x5, 0x0) bind$auto(r0, &(0x7f0000000040)=@generic={0xa, "986d17a55d9b07bcc94c4e3770c4"}, 0x6a) 0s ago: executing program 4 (id=4483): openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.58' (ED25519) to the list of known hosts. [ 92.528588][ T5818] cgroup: Unknown subsys name 'net' [ 92.728379][ T5818] cgroup: Unknown subsys name 'cpuset' [ 92.738855][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 94.629436][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.963260][ T5982] mmap: syz.2.147 (5982) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 100.647606][ T6141] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.663316][ T6141] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.671275][ T6141] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.693748][ T6141] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.703916][ T6141] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 101.296263][ T6133] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 102.218290][ T918] cfg80211: failed to load regulatory.db [ 106.594159][ T6141] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.603053][ T6141] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.612271][ T6141] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.623720][ T6141] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.637585][ T6141] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.694493][ T6141] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 106.712183][ T6141] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 106.720426][ T6141] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 106.731998][ T6141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.752377][ T6184] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 106.761217][ T6184] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.796188][ T6186] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 106.815331][ T6186] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 106.823933][ T6186] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 106.832682][ T6186] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 106.841078][ T6184] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 106.841755][ T6186] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 106.856802][ T6186] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 106.866001][ T6186] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 106.874521][ T6186] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 107.424136][ T6187] chnl_net:caif_netlink_parms(): no params data found [ 107.525728][ T6179] chnl_net:caif_netlink_parms(): no params data found [ 107.665220][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.672746][ T6187] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.680564][ T6187] bridge_slave_0: entered allmulticast mode [ 107.688305][ T6187] bridge_slave_0: entered promiscuous mode [ 107.714280][ T6181] chnl_net:caif_netlink_parms(): no params data found [ 107.745280][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.752433][ T6187] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.760190][ T6187] bridge_slave_1: entered allmulticast mode [ 107.767796][ T6187] bridge_slave_1: entered promiscuous mode [ 107.886870][ T6187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.898728][ T6179] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.908475][ T6179] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.918353][ T6179] bridge_slave_0: entered allmulticast mode [ 107.926203][ T6179] bridge_slave_0: entered promiscuous mode [ 107.935838][ T6179] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.943495][ T6179] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.950737][ T6179] bridge_slave_1: entered allmulticast mode [ 107.959513][ T6179] bridge_slave_1: entered promiscuous mode [ 107.989285][ T6187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.069737][ T6183] chnl_net:caif_netlink_parms(): no params data found [ 108.085495][ T6179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.104213][ T6187] team0: Port device team_slave_0 added [ 108.119611][ T6179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.144932][ T6187] team0: Port device team_slave_1 added [ 108.230436][ T6181] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.237991][ T6181] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.245427][ T6181] bridge_slave_0: entered allmulticast mode [ 108.252807][ T6181] bridge_slave_0: entered promiscuous mode [ 108.276728][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.283843][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.310053][ T6187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.331223][ T6179] team0: Port device team_slave_0 added [ 108.339751][ T6181] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.347424][ T6181] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.354871][ T6181] bridge_slave_1: entered allmulticast mode [ 108.362232][ T6181] bridge_slave_1: entered promiscuous mode [ 108.377614][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.384685][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.410872][ T6187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.437771][ T6179] team0: Port device team_slave_1 added [ 108.500460][ T6181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.515160][ T6181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.609935][ T6179] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.620074][ T6179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.646761][ T6179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.660042][ T6179] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.667164][ T6179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.694152][ T6186] Bluetooth: hci0: command tx timeout [ 108.700031][ T6179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.731414][ T6187] hsr_slave_0: entered promiscuous mode [ 108.738055][ T6187] hsr_slave_1: entered promiscuous mode [ 108.745267][ T6183] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.753524][ T6183] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.760745][ T6183] bridge_slave_0: entered allmulticast mode [ 108.768382][ T6183] bridge_slave_0: entered promiscuous mode [ 108.790391][ T6181] team0: Port device team_slave_0 added [ 108.801397][ T6181] team0: Port device team_slave_1 added [ 108.808252][ T6183] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.815764][ T6183] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.822957][ T6183] bridge_slave_1: entered allmulticast mode [ 108.830502][ T6183] bridge_slave_1: entered promiscuous mode [ 108.853166][ T6186] Bluetooth: hci1: command tx timeout [ 108.933144][ T6186] Bluetooth: hci3: command tx timeout [ 108.942322][ T6179] hsr_slave_0: entered promiscuous mode [ 108.949593][ T6179] hsr_slave_1: entered promiscuous mode [ 108.951801][ T6186] Bluetooth: hci2: command tx timeout [ 108.957065][ T6179] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 108.969097][ T6179] Cannot create hsr debugfs directory [ 109.001481][ T6183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.048117][ T6181] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.055507][ T6181] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.081816][ T6181] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.096957][ T6183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.120111][ T6181] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.127236][ T6181] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.155725][ T6181] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.291383][ T6183] team0: Port device team_slave_0 added [ 109.336861][ T6183] team0: Port device team_slave_1 added [ 109.349787][ T6181] hsr_slave_0: entered promiscuous mode [ 109.356741][ T6181] hsr_slave_1: entered promiscuous mode [ 109.363713][ T6181] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.371311][ T6181] Cannot create hsr debugfs directory [ 109.498753][ T6183] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.506233][ T6183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.538942][ T6183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.592690][ T6183] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.600181][ T6183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.626191][ T6183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.741832][ T6183] hsr_slave_0: entered promiscuous mode [ 109.748736][ T6183] hsr_slave_1: entered promiscuous mode [ 109.755247][ T6183] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.762853][ T6183] Cannot create hsr debugfs directory [ 109.879002][ T6187] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 109.899453][ T6187] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 109.936203][ T6187] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 110.002108][ T6187] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 110.098623][ T6179] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 110.111186][ T6179] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 110.127746][ T6179] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 110.155604][ T6179] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 110.237330][ T6181] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 110.248425][ T6181] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 110.261345][ T6181] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 110.276334][ T6181] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 110.438581][ T6183] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 110.450610][ T6183] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 110.462277][ T6183] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 110.478131][ T6183] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 110.589154][ T6187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.637533][ T6179] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.678163][ T6187] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.690289][ T6179] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.708787][ T6181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.735015][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.742353][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.753872][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.761068][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.773932][ T6186] Bluetooth: hci0: command tx timeout [ 110.800398][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.807672][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.821620][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.828788][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.868015][ T6181] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.899321][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.906582][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.924955][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.932162][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.940010][ T6186] Bluetooth: hci1: command tx timeout [ 110.972009][ T6183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.025798][ T6141] Bluetooth: hci3: command tx timeout [ 111.031437][ T6186] Bluetooth: hci2: command tx timeout [ 111.049530][ T6183] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.099038][ T3490] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.106333][ T3490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.138014][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.145307][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.620023][ T6179] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.718385][ T6187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.817026][ T6179] veth0_vlan: entered promiscuous mode [ 111.859735][ T6179] veth1_vlan: entered promiscuous mode [ 111.916639][ T6187] veth0_vlan: entered promiscuous mode [ 111.942687][ T6187] veth1_vlan: entered promiscuous mode [ 111.963607][ T6179] veth0_macvtap: entered promiscuous mode [ 111.985330][ T6179] veth1_macvtap: entered promiscuous mode [ 111.997260][ T6181] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.049890][ T6179] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.090008][ T6187] veth0_macvtap: entered promiscuous mode [ 112.110273][ T6183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.121589][ T6179] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.146234][ T6187] veth1_macvtap: entered promiscuous mode [ 112.167868][ T6179] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.177080][ T6179] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.186279][ T6179] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.195957][ T6179] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.232824][ T6181] veth0_vlan: entered promiscuous mode [ 112.262719][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.298171][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.310987][ T6187] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.321823][ T6187] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.332171][ T6187] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.341256][ T6187] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.362157][ T6181] veth1_vlan: entered promiscuous mode [ 112.407424][ T6183] veth0_vlan: entered promiscuous mode [ 112.467821][ T6183] veth1_vlan: entered promiscuous mode [ 112.511413][ T3513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.522224][ T3513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.548012][ T6181] veth0_macvtap: entered promiscuous mode [ 112.581521][ T6181] veth1_macvtap: entered promiscuous mode [ 112.622882][ T3490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.638355][ T6181] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.654468][ T3490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.692727][ T3490] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.699146][ T6183] veth0_macvtap: entered promiscuous mode [ 112.725372][ T3490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.734901][ T6181] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.761544][ T6183] veth1_macvtap: entered promiscuous mode [ 112.846896][ T6181] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.860268][ T6186] Bluetooth: hci0: command tx timeout [ 112.866495][ T6181] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.875404][ T6181] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.884592][ T6181] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.948547][ T6183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.969478][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.989091][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.004817][ T6183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 113.014962][ T6186] Bluetooth: hci1: command tx timeout [ 113.060897][ T6183] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.090912][ T6183] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.102186][ T6186] Bluetooth: hci2: command tx timeout [ 113.103140][ T6141] Bluetooth: hci3: command tx timeout [ 113.108836][ T6183] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.122388][ T6183] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.408007][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.429203][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.546146][ T3513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.583155][ T3513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.648420][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.698703][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.858604][ T3490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.893546][ T3490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.934023][ T6141] Bluetooth: hci0: command tx timeout [ 115.096121][ T6141] Bluetooth: hci1: command tx timeout [ 115.173467][ T6141] Bluetooth: hci3: command tx timeout [ 115.179946][ T6141] Bluetooth: hci2: command tx timeout [ 117.508854][ T6376] syz.2.358 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 117.815651][ T6386] ptrace attach of "./syz-executor exec"[6181] was attempted by "./syz-executor exec"[6386] [ 121.414975][ T6512] futex_wake_op: syz.0.425 tries to shift op by 64; fix this program [ 121.713952][ T30] audit: type=1800 audit(1748496853.060:2): pid=6523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.431" name="version" dev="configfs" ino=8112 res=0 errno=0 [ 122.218796][ T30] audit: type=1800 audit(1748496853.570:3): pid=6541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.439" name="discovery_nqn" dev="configfs" ino=8927 res=0 errno=0 [ 127.635401][ T6727] nfs: Bad value for 'source' [ 128.576711][ T6141] Bluetooth: hci3: unexpected event 0x31 length: 124 > 6 [ 133.170742][ T6926] random: crng reseeded on system resumption [ 134.068881][ T30] audit: type=1800 audit(1748498917.443:4): pid=6952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.642" name="lu_gp_id" dev="configfs" ino=9764 res=0 errno=0 [ 134.474681][ T6967] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 138.025303][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.033471][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.321393][ T30] audit: type=1800 audit(1748498921.705:5): pid=7099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.714" name="trace_pipe" dev="tracefs" ino=1299 res=0 errno=0 [ 143.613810][ T7258] can: request_module (can-proto-0) failed. [ 145.047252][ T7309] Process accounting resumed [ 150.132145][ T30] audit: type=1800 audit(1748498933.577:6): pid=7488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.907" name="members" dev="configfs" ino=11550 res=0 errno=0 [ 159.024634][ T30] audit: type=1800 audit(1748500993.531:7): pid=7718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1021" name="version" dev="configfs" ino=12778 res=0 errno=0 [ 159.786813][ T7702] kexec: Could not allocate control_code_buffer [ 162.132283][ T7755] kexec: Could not allocate control_code_buffer [ 166.144632][ T30] audit: type=1800 audit(1748501000.688:8): pid=7936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1129" name="dummy_udc" dev="gadgetfs" ino=7121 res=0 errno=0 [ 167.536682][ T7985] ima: policy update failed [ 167.571441][ T30] audit: type=1802 audit(1748501002.115:9): pid=7985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1154" res=0 errno=0 [ 168.482249][ T8022] Unable to find swap-space signature [ 170.556167][ T8093] capability: warning: `syz.1.1207' uses 32-bit capabilities (legacy support in use) [ 170.636102][ T8095] ptrace attach of "./syz-executor exec"[6179] was attempted by "./syz-executor exec"[8095] [ 175.057338][ T8262] Process accounting paused [ 175.858752][ T8298] futex_wake_op: syz.3.1309 tries to shift op by -9; fix this program [ 183.835191][ T8617] Unable to find swap-space signature [ 183.927531][ T8619] __vm_enough_memory: pid: 8619, comm: syz.1.1468, bytes: 4398046511104 not enough memory for the allocation [ 186.105702][ T6141] Bluetooth: hci1: unexpected event 0x36 length: 123 > 7 [ 188.029293][ T8766] syz_tun: tun_chr_ioctl cmd 1074025672 [ 188.077533][ T8766] syz_tun: ignored: set checksum disabled [ 189.399778][ T8815] syz.0.1566(8815): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 190.628111][ T30] audit: type=1800 audit(4294967298.985:10): pid=8860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1586" name="dbroot" dev="configfs" ino=16681 res=0 errno=0 [ 193.312033][ T3513] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.509552][ T3513] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.684143][ T3513] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.861785][ T3513] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.220003][ T3513] bridge_slave_1: left allmulticast mode [ 194.228305][ T3513] bridge_slave_1: left promiscuous mode [ 194.235578][ T3513] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.248859][ T3513] bridge_slave_0: left allmulticast mode [ 194.256643][ T3513] bridge_slave_0: left promiscuous mode [ 194.262569][ T3513] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.567764][ T8971] capability: warning: `syz.1.1645' uses deprecated v2 capabilities in a way that may be insecure [ 195.387056][ T6186] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 195.396535][ T6186] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 195.410352][ T6186] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 195.427117][ T6186] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 195.435622][ T6186] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 195.731250][ T3513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 195.796295][ T3513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 195.831876][ T3513] bond0 (unregistering): Released all slaves [ 197.091080][ T3513] hsr_slave_0: left promiscuous mode [ 197.117040][ T3513] hsr_slave_1: left promiscuous mode [ 197.134896][ T3513] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.162123][ T3513] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 197.226154][ T3513] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 197.239922][ T3513] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 197.352808][ T3513] veth1_macvtap: left promiscuous mode [ 197.373925][ T3513] veth0_macvtap: left promiscuous mode [ 197.403270][ T3513] veth1_vlan: left promiscuous mode [ 197.426356][ T3513] veth0_vlan: left promiscuous mode [ 197.466441][ T6141] Bluetooth: hci2: command tx timeout [ 198.016851][ T30] audit: type=1800 audit(4294967306.413:11): pid=9080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1691" name="trace_pipe" dev="tracefs" ino=1257 res=0 errno=0 [ 198.813995][ T3513] team0 (unregistering): Port device team_slave_1 removed [ 198.908870][ T3513] team0 (unregistering): Port device team_slave_0 removed [ 199.146245][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.154307][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.536431][ T6141] Bluetooth: hci2: command tx timeout [ 200.518953][ T8992] chnl_net:caif_netlink_parms(): no params data found [ 201.039816][ T8992] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.047076][ T8992] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.071643][ T8992] bridge_slave_0: entered allmulticast mode [ 201.089283][ T8992] bridge_slave_0: entered promiscuous mode [ 201.101842][ T8992] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.151574][ T8992] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.183204][ T8992] bridge_slave_1: entered allmulticast mode [ 201.197621][ T8992] bridge_slave_1: entered promiscuous mode [ 201.409503][ T8992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.478879][ T8992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.611651][ T6141] Bluetooth: hci2: command tx timeout [ 201.775750][ T8992] team0: Port device team_slave_0 added [ 201.806799][ T8992] team0: Port device team_slave_1 added [ 202.037112][ T8992] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 202.070698][ T8992] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.155591][ T8992] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 202.212180][ T8992] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 202.219218][ T8992] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.290268][ T9212] program syz.2.1743 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 202.310379][ T9212] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 202.350560][ T8992] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.719615][ T30] audit: type=1807 audit(4294967311.128:12): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 202.750285][ T9221] ima: policy update failed [ 202.754965][ T30] audit: type=1802 audit(4294967311.168:13): pid=9222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.1.1748" res=0 errno=0 [ 202.842150][ T30] audit: type=1802 audit(4294967311.238:14): pid=9221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.1748" res=0 errno=0 [ 202.899678][ T8992] hsr_slave_0: entered promiscuous mode [ 202.906509][ T8992] hsr_slave_1: entered promiscuous mode [ 202.932048][ T8992] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 202.944590][ T8992] Cannot create hsr debugfs directory [ 203.674360][ T6141] Bluetooth: hci2: command tx timeout [ 203.818996][ T8992] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 203.885670][ T8992] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 203.923953][ T8992] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 203.958714][ T8992] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 204.305302][ T8992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.383323][ T8992] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.425833][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.433094][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.484830][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.492100][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.166747][ T9288] program syz.1.1771 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 205.219736][ T9288] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 205.330547][ T8992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.506889][ T8992] veth0_vlan: entered promiscuous mode [ 206.571331][ T8992] veth1_vlan: entered promiscuous mode [ 206.718086][ T8992] veth0_macvtap: entered promiscuous mode [ 206.764834][ T8992] veth1_macvtap: entered promiscuous mode [ 206.786196][ T9327] vhci_hcd: invalid port number 16 [ 206.849825][ T8992] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 206.904248][ T8992] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.974107][ T8992] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.996499][ T8992] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.005289][ T8992] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.056076][ T8992] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.406418][ T3465] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.425386][ T3465] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.545776][ T3465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.583991][ T3465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.971059][ T9415] writes to the poll attribute are ignored. [ 209.977814][ T9415] please use driver specific parameters instead. [ 213.031774][ T9520] QAT: failed to copy from user. [ 213.067383][ T30] audit: type=1807 audit(4294967321.542:15): UNKNOWN= res=0 [ 213.067809][ T9519] ima: policy update failed [ 213.088124][ T30] audit: type=1802 audit(4294967321.542:16): pid=9522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.4.1853" res=0 errno=0 [ 213.134424][ T30] audit: type=1802 audit(4294967321.562:17): pid=9519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.1853" res=0 errno=0 [ 213.840371][ T9545] mmap: syz.2.1864 (9545): VmData 37601280 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 214.894300][ T9580] ecryptfs_miscdev_write: Invalid packet size [192] [ 215.319506][ T9592] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 216.598343][ T9632] ======================================================= [ 216.598343][ T9632] WARNING: The mand mount option has been deprecated and [ 216.598343][ T9632] and is ignored by this kernel. Remove the mand [ 216.598343][ T9632] option from the mount to silence this warning. [ 216.598343][ T9632] ======================================================= [ 217.172526][ T9653] sg_write: data in/out 3292/1 bytes for SCSI command 0xa3-- guessing data in; [ 217.172526][ T9653] program syz.4.1906 not setting count and/or reply_len properly [ 221.579842][ T9808] block2mtd: illegal erase size [ 223.590698][ T9889] process 'syz.2.2015' launched './file0' with NULL argv: empty string added [ 225.295308][ T9954] block2mtd: device name too long [ 225.707890][ T9966] usb usb36: usbfs: process 9966 (syz.0.2057) did not claim interface 0 before use [ 226.354293][ T9990] : Can't lookup blockdev [ 227.410423][T10031] aoe: can't write to that file. [ 229.642090][T10114] program syz.4.2111 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 230.067787][T10128] WARNING! power/level is deprecated; use power/control instead [ 230.635034][T10149] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 231.770159][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 231.775832][ T6189] Bluetooth: hci1: command 0x0406 tx timeout [ 231.782700][ T6189] Bluetooth: hci3: command 0x0406 tx timeout [ 235.786674][T10341] program syz.0.2200 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 237.176819][T10394] page: refcount:3 mapcount:2 mapping:0000000000000000 index:0x0 pfn:0x78400 [ 237.239105][T10394] flags: 0xfff00000000004(referenced|node=0|zone=1|lastcpupid=0x7ff) [ 237.247325][T10394] raw: 00fff00000000004 0000000000000000 dead000000000122 0000000000000000 [ 237.298728][T10394] raw: 0000000000000000 0000000000000000 0000000300000001 0000000000000000 [ 237.315652][T10394] page dumped because: unmovable page [ 237.325001][T10394] page_owner tracks the page as allocated [ 237.338154][T10394] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 6176, tgid 6176 (syz-executor), ts 105906080448, free_ts 102161783365 [ 237.368527][T10394] post_alloc_hook+0x1c0/0x230 [ 237.373745][T10394] get_page_from_freelist+0x135c/0x3950 [ 237.391078][T10394] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 237.408356][T10394] alloc_pages_mpol+0x1fb/0x550 [ 237.413415][T10394] alloc_pages_noprof+0x131/0x390 [ 237.443786][T10394] __vmalloc_node_range_noprof+0x732/0x1520 [ 237.456963][T10394] vmalloc_user_noprof+0x9e/0xe0 [ 237.507808][T10394] kcov_ioctl+0x4c/0x730 [ 237.527575][T10394] __x64_sys_ioctl+0x18b/0x210 [ 237.532561][T10394] do_syscall_64+0xcd/0x490 [ 237.537166][T10394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.627048][T10394] page last free pid 6133 tgid 6133 stack trace: [ 237.633470][T10394] __free_frozen_pages+0x7fe/0x1180 [ 237.675139][T10394] vfree+0x176/0xa40 [ 237.686750][T10394] kcov_close+0x34/0x60 [ 237.701136][T10394] __fput+0x402/0xb70 [ 237.716578][T10394] task_work_run+0x14d/0x240 [ 237.729795][T10394] do_exit+0xae2/0x2c70 [ 237.741983][T10394] do_group_exit+0xd3/0x2a0 [ 237.766331][T10394] get_signal+0x2673/0x26d0 [ 237.771065][T10394] arch_do_signal_or_restart+0x8f/0x790 [ 237.796307][T10394] exit_to_user_mode_loop+0x84/0x110 [ 237.802758][T10394] do_syscall_64+0x3f6/0x490 [ 237.854719][T10394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.284414][T10463] syz_tun: tun_chr_ioctl cmd 2147767517 [ 239.444676][ T30] audit: type=1804 audit(4294967348.029:18): pid=10470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2250" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 240.417365][T10510] QAT: Invalid ioctl 21531 [ 241.213651][T10542] delete_channel: no stack [ 241.422944][T10548] Per memcg swappiness does not exist in cgroup v2. See memory.reclaim or memory.swap.max there [ 241.422944][T10548] [ 241.829476][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 241.853950][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 241.909191][T10568] bcache: register_bcache() error : failed to open device [ 243.752672][ T30] audit: type=1800 audit(4294967352.381:19): pid=10633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2320" name="lu_gp_id" dev="configfs" ino=22072 res=0 errno=0 [ 246.331500][T10742] kafs: addr_prefs: Invalid Command [ 247.208477][T10781] zram0: detected capacity change from 0 to 8 [ 249.240849][T10872] ubi0: attaching mtd0 [ 249.249813][T10872] ubi0 error: ubi_attach_mtd_dev: bad VID header (3969) or data offsets (4033) [ 249.259327][T10874] bond0: Unable to set down delay as MII monitoring is disabled [ 249.770825][ T30] audit: type=1400 audit(4294967358.432:20): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=10897 comm="syz.1.2451" [ 251.357887][T10959] delete_channel: no stack [ 251.788386][T10981] vivid-007: ================= START STATUS ================= [ 251.797200][T10981] vivid-007: Generate PTS: true [ 251.802640][T10981] vivid-007: Generate SCR: true [ 251.808871][T10981] tpg source WxH: 320x240 (Y'CbCr) [ 251.817720][T10981] tpg field: 1 [ 251.821155][T10981] tpg crop: (0,0)/320x240 [ 251.830641][T10981] tpg compose: (0,0)/320x240 [ 251.836595][T10981] tpg colorspace: 8 [ 251.840541][T10981] tpg transfer function: 0/0 [ 251.846922][T10981] tpg Y'CbCr encoding: 0/0 [ 251.851610][T10981] tpg quantization: 0/0 [ 251.893093][T10981] tpg RGB range: 0/2 [ 251.900510][T10981] vivid-007: ================== END STATUS ================== [ 259.737448][T11312] rnbd_client L213: map_device: Parameters missing [ 260.278466][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.284912][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.557454][T11352] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5) [ 261.722466][T11408] misc userio: Invalid payload size [ 262.267798][T11433] scsi_dev_info_list_add_str: bad dev info string ')zD 5fk+*X#R84*VsndvqQW}~YrȀ-8VGDƘLB%v†v}Ypq|?O[,! 7xWDr%[}E$3?G9Ff=lrGH;2L<=|8 -c Fո"[v9q4Mmvqk[(iNDСMX PSqqX4X`V!;r֍)y]WzfIH0,v{q8שUܹ䑉m؛HTwCz-nR%2]x05oՕ|3>lS*L/Cdgӑ[C=Cwem)l#' ''S.sHgi-TY%ܹF*8nFTH?i{' '' [ 262.315574][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.811514][T11461] random: crng reseeded on system resumption [ 263.196767][T11474] random: crng reseeded on system resumption [ 264.872949][T11556] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 265.476761][T11584] block2mtd: error: cannot open device /sys/module/block2mtd/parameters/block2mtd [ 266.775406][T11648] syz_tun: tun_chr_ioctl cmd 1074025698 [ 267.794802][T11696] kAFS: unparsable volume name [ 268.295675][T11717] zram0: detected capacity change from 8 to 0 [ 268.881929][T11744] usb usb24: check_ctrlrecip: process 11744 (syz.1.2853) requesting ep 01 but needs 81 [ 268.892147][T11744] usb usb24: usbfs: process 11744 (syz.1.2853) did not claim interface 0 before use [ 269.895579][T11791] i2c i2c-0: new_device: Missing parameters [ 269.948020][T11794] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 270.245510][T11807] blkio.reset_stats is deprecated [ 270.597853][T11826] futex_wake_op: syz.0.2892 tries to shift op by 64; fix this program [ 270.940174][T11844] XFS: irix_symlink_mode sysctl option is deprecated. [ 273.129690][T11948] warning: `syz.4.2955' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 274.979928][ T30] audit: type=1800 audit(4294967383.774:21): pid=12036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3000" name="discovery_nqn" dev="configfs" ino=26304 res=0 errno=0 [ 275.614491][T12066] vhci_hcd: invalid port number 21 [ 275.621146][T12066] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub. [ 277.537989][T12145] block nbd8: NBD_DISCONNECT [ 280.394758][T12263] binder: 12262:12263 ioctl 40046205 38 returned -22 [ 280.537967][T12273] binder: binder_mmap: 12271 0-1000 bad vm_flags failed -1 [ 281.483111][T12309] nvme_fcloop: unknown parameter or missing value '7' [ 287.069661][T12504] tipc: Can't bind to reserved service type 1 [ 287.774726][T12541] syz_tun: tun_chr_ioctl cmd 2147767507 [ 290.765602][T12678] rnbd_client L202: map_device: Unknown parameter or missing value '(' [ 290.806834][T12680] block nbd14: the capability attribute has been deprecated. [ 291.422499][T12705] ima: Unable to open file: /suritRy/integrity?iqa/policy (-2) [ 291.423048][T12704] ima: policy update failed [ 291.457450][ T30] audit: type=1802 audit(4294967400.339:22): pid=12704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.3325" res=0 errno=0 [ 293.995235][ T6186] Bluetooth: hci2: unexpected event 0x3e length: 728 > 260 [ 293.995280][ T6186] Bluetooth: hci2: unexpected subevent 0x03 length: 727 > 9 [ 294.889497][T12848] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 296.369044][T12904] usbip-vudc usbip-vudc.0: gadget not bound [ 297.983267][T12968] i2c i2c-0: new_device: Can't parse I2C address [ 303.626933][T13227] deleting an unspecified loop device is not supported. [ 307.010830][T13382] sysfs_service_op_store: Client not running :-5: [ 307.708027][T13413] sctp: Changing rto_alpha or rto_beta may lead to suboptimal rtt/srtt estimations! [ 308.878134][T13471] vhci_hcd: invalid port number 21 [ 308.885871][T13471] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub. [ 310.716348][ T30] audit: type=1806 audit(4294967419.689:23): xattr=2EC7871B res=-22 [ 310.983310][ T30] audit: type=1800 audit(4294967419.961:24): pid=13567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3748" name="discovery_nqn" dev="configfs" ino=30557 res=0 errno=0 [ 311.030699][T13569] rtc_cmos 00:00: in use; can't configure [ 314.521918][ T30] audit: type=1806 audit(4294967423.519:25): res=-14 [ 318.358409][ T6184] Bluetooth: hci2: command 0x0406 tx timeout [ 319.070334][T13961] i2c i2c-0: new_device: Invalid device name [ 319.116908][T13957] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.399269][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.406074][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.684945][T14089] syz.2.4000 uses obsolete (PF_INET,SOCK_PACKET) [ 324.008476][T14209] bond0: no command found in slaves file - use +ifname or -ifname [ 324.227974][T14221] Setting dangerous option i915.mitigations - tainting kernel [ 324.235561][T14221] Bad "i915.mitigations=!h@S", 'h@S' is unknown [ 324.497793][T14233] sg_write: data in/out 589824/1 bytes for SCSI command 0x7b-- guessing data in; [ 324.497793][T14233] program syz.1.4068 not setting count and/or reply_len properly [ 326.400157][T14342] ima: policy update failed [ 326.414989][ T30] audit: type=1802 audit(4294967304.931:26): pid=14342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.4108" res=0 errno=0 [ 326.492327][T14345] aoe: invalid device specification [ 326.617422][T14350] ICMPv6: process `syz.1.4112' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 327.624083][T14399] program syz.0.4134 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 328.202774][T14421] < [ 328.828411][ T981] Process accounting resumed [ 329.119424][T14465] scsi_strcpy_devinfo: vendor string '/&c~n] | [ 329.119424][T14465] M' is too long [ 329.150355][T14465] scsi_strcpy_devinfo: model string 'Dd5 K2b [ 329.150355][T14465] W ' is too long [ 329.203925][T14469] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 330.560085][T14549] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.591074][T14555] Format for deleting device is "id" (uint). [ 330.856667][T14549] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.960943][T14570] program syz.2.4205 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 331.003567][T14570] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 331.018979][T14549] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.216236][T14549] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.407108][T14592] synth uevent: /bus/hid/drivers/zeroplus: unknown uevent action string [ 333.427020][T14704] udc dummy_udc.0: soft-connect without a gadget driver [ 333.908272][T14726] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 333.938260][T14726] CIFS mount error: No usable UNC path provided in device string! [ 333.938260][T14726] [ 333.963728][T14726] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 336.330542][ T30] audit: type=1800 audit(4294967314.912:27): pid=14846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4325" name="members" dev="configfs" ino=34418 res=0 errno=0 [ 337.017690][T14872] i2c i2c-0: delete_device: Can't find device in list [ 337.268005][T14880] bond0: option mode: unable to set because the bond device is up [ 338.772397][T14949] vivid-003: ================= START STATUS ================= [ 338.793944][T14949] vivid-003: Radio HW Seek Mode: Bounded [ 338.810990][T14949] vivid-003: Radio Programmable HW Seek: false [ 338.820859][T14949] vivid-003: RDS Rx I/O Mode: Block I/O [ 338.830831][T14949] vivid-003: Generate RBDS Instead of RDS: false [ 338.837269][T14949] vivid-003: RDS Reception: true [ 338.860802][T14949] vivid-003: RDS Program Type: 0 inactive [ 338.866913][T14949] vivid-003: RDS PS Name: inactive [ 338.887166][T14949] vivid-003: RDS Radio Text: inactive [ 338.897288][T14949] vivid-003: RDS Traffic Announcement: false inactive [ 338.917006][T14949] vivid-003: RDS Traffic Program: false inactive [ 338.927111][T14949] vivid-003: RDS Music: false inactive [ 338.940275][T14949] vivid-003: ================== END STATUS ================== [ 339.584641][T14991] nvme_fabrics: unknown parameter or missing value '7' in ctrl creation request [ 340.027701][T15027] sysfs_service_op_show: Client not running :-5: [ 342.379603][T15156] ima: policy update failed [ 342.392304][ T30] audit: type=1802 audit(4294967320.994:28): pid=15156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4451" res=0 errno=0 [ 343.726521][T15221] RDS: rds_bind could not find a transport for 7bc:c94c:4e37:70c4::, load rds_tcp or rds_rdma? [ 343.748410][T15214] [ 343.750826][T15214] ====================================================== [ 343.757862][T15214] WARNING: possible circular locking dependency detected [ 343.764897][T15214] 6.15.0-syzkaller-07774-g90b83efa6701 #0 Tainted: G U [ 343.773265][T15214] ------------------------------------------------------ [ 343.780305][T15214] syz.2.4478/15214 is trying to acquire lock: [ 343.786385][T15214] ffff8880268905e0 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400 [ 343.795930][T15214] [ 343.795930][T15214] but task is already holding lock: [ 343.803307][T15214] ffff8880268900a8 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 343.814591][T15214] [ 343.814591][T15214] which lock already depends on the new lock. [ 343.814591][T15214] [ 343.825007][T15214] [ 343.825007][T15214] the existing dependency chain (in reverse order) is: [ 343.834055][T15214] [ 343.834055][T15214] -> #3 (&q->q_usage_counter(io)#55){++++}-{0:0}: [ 343.842703][T15214] blk_alloc_queue+0x619/0x760 [ 343.848021][T15214] blk_mq_alloc_queue+0x175/0x290 [ 343.853605][T15214] __blk_mq_alloc_disk+0x29/0x120 [ 343.859193][T15214] nbd_dev_add+0x4a0/0xbc0 [ 343.864166][T15214] nbd_init+0x181/0x320 [ 343.868864][T15214] do_one_initcall+0x120/0x6e0 [ 343.874164][T15214] kernel_init_freeable+0x5c2/0x900 [ 343.879914][T15214] kernel_init+0x1c/0x2b0 [ 343.884786][T15214] ret_from_fork+0x5d7/0x6f0 [ 343.889927][T15214] ret_from_fork_asm+0x1a/0x30 [ 343.895231][T15214] [ 343.895231][T15214] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 343.902472][T15214] fs_reclaim_acquire+0x102/0x150 [ 343.908041][T15214] prepare_alloc_pages+0x162/0x610 [ 343.913695][T15214] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 343.920139][T15214] __alloc_pages_noprof+0xb/0x1b0 [ 343.925723][T15214] pcpu_populate_chunk+0x110/0xb00 [ 343.931389][T15214] pcpu_alloc_noprof+0x86a/0x1470 [ 343.936971][T15214] xt_percpu_counter_alloc+0x13e/0x1b0 [ 343.942982][T15214] find_check_entry.constprop.0+0xbc/0x9b0 [ 343.949347][T15214] translate_table+0xc98/0x1720 [ 343.954753][T15214] ipt_register_table+0x102/0x430 [ 343.960356][T15214] iptable_raw_table_init+0x63/0x90 [ 343.966109][T15214] xt_find_table_lock+0x2e1/0x520 [ 343.971678][T15214] xt_request_find_table_lock+0x28/0xf0 [ 343.977765][T15214] get_info+0x190/0x610 [ 343.982455][T15214] do_ipt_get_ctl+0x169/0xa10 [ 343.987672][T15214] nf_getsockopt+0x7c/0xe0 [ 343.992642][T15214] ip_getsockopt+0x18c/0x1e0 [ 343.997774][T15214] tcp_getsockopt+0x9e/0x100 [ 344.002914][T15214] do_sock_getsockopt+0x3ff/0x800 [ 344.008475][T15214] __sys_getsockopt+0x123/0x1b0 [ 344.013873][T15214] __x64_sys_getsockopt+0xbd/0x160 [ 344.019548][T15214] do_syscall_64+0xcd/0x490 [ 344.024609][T15214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.031076][T15214] [ 344.031076][T15214] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 344.038843][T15214] __mutex_lock+0x199/0xb90 [ 344.043900][T15214] pcpu_alloc_noprof+0xb4a/0x1470 [ 344.049477][T15214] sbitmap_init_node+0x2fd/0x770 [ 344.054968][T15214] sbitmap_queue_init_node+0x41/0x560 [ 344.060903][T15214] blk_mq_init_tags+0x12d/0x2b0 [ 344.066291][T15214] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 344.072397][T15214] blk_mq_init_sched+0x30c/0x610 [ 344.077883][T15214] elevator_switch+0x1e1/0x7f0 [ 344.083199][T15214] elevator_change+0x2ac/0x400 [ 344.088510][T15214] elevator_set_default+0x292/0x320 [ 344.094257][T15214] blk_register_queue+0x393/0x4f0 [ 344.099820][T15214] __add_disk+0x74a/0xf00 [ 344.104703][T15214] add_disk_fwnode+0x13f/0x5d0 [ 344.110018][T15214] nbd_dev_add+0x791/0xbc0 [ 344.115003][T15214] nbd_init+0x181/0x320 [ 344.119712][T15214] do_one_initcall+0x120/0x6e0 [ 344.125031][T15214] kernel_init_freeable+0x5c2/0x900 [ 344.130787][T15214] kernel_init+0x1c/0x2b0 [ 344.135662][T15214] ret_from_fork+0x5d7/0x6f0 [ 344.140818][T15214] ret_from_fork_asm+0x1a/0x30 [ 344.146125][T15214] [ 344.146125][T15214] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 344.153977][T15214] __lock_acquire+0x126f/0x1c90 [ 344.159390][T15214] lock_acquire+0x179/0x350 [ 344.164446][T15214] __mutex_lock+0x199/0xb90 [ 344.169498][T15214] elevator_change+0x103/0x400 [ 344.174810][T15214] elv_iosched_store+0x2eb/0x3a0 [ 344.180295][T15214] queue_attr_store+0x276/0x320 [ 344.185686][T15214] sysfs_kf_write+0xef/0x150 [ 344.190814][T15214] kernfs_fop_write_iter+0x354/0x510 [ 344.196653][T15214] iter_file_splice_write+0x91c/0x1150 [ 344.202656][T15214] direct_splice_actor+0x18f/0x6c0 [ 344.208320][T15214] splice_direct_to_actor+0x345/0xa30 [ 344.214231][T15214] do_splice_direct+0x174/0x240 [ 344.219622][T15214] do_sendfile+0xb06/0xe50 [ 344.224581][T15214] __x64_sys_sendfile64+0x1d8/0x220 [ 344.230331][T15214] do_syscall_64+0xcd/0x490 [ 344.235398][T15214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.241837][T15214] [ 344.241837][T15214] other info that might help us debug this: [ 344.241837][T15214] [ 344.252077][T15214] Chain exists of: [ 344.252077][T15214] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#55 [ 344.252077][T15214] [ 344.265876][T15214] Possible unsafe locking scenario: [ 344.265876][T15214] [ 344.273335][T15214] CPU0 CPU1 [ 344.278714][T15214] ---- ---- [ 344.284083][T15214] lock(&q->q_usage_counter(io)#55); [ 344.289487][T15214] lock(fs_reclaim); [ 344.296009][T15214] lock(&q->q_usage_counter(io)#55); [ 344.303936][T15214] lock(&q->elevator_lock); [ 344.308553][T15214] [ 344.308553][T15214] *** DEADLOCK *** [ 344.308553][T15214] [ 344.316704][T15214] 6 locks held by syz.2.4478/15214: [ 344.321911][T15214] #0: ffff888036356428 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x345/0xa30 [ 344.331977][T15214] #1: ffff88804c01a488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 344.341811][T15214] #2: ffff8880264f91e8 (kn->active#153){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 344.351989][T15214] #3: ffff888026888988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: elv_iosched_store+0x337/0x3a0 [ 344.362703][T15214] #4: ffff8880268900a8 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 344.374435][T15214] #5: ffff8880268900e0 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 344.386321][T15214] [ 344.386321][T15214] stack backtrace: [ 344.392237][T15214] CPU: 1 UID: 0 PID: 15214 Comm: syz.2.4478 Tainted: G U 6.15.0-syzkaller-07774-g90b83efa6701 #0 PREEMPT(full) [ 344.392278][T15214] Tainted: [U]=USER [ 344.392286][T15214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 344.392302][T15214] Call Trace: [ 344.392311][T15214] [ 344.392321][T15214] dump_stack_lvl+0x116/0x1f0 [ 344.392358][T15214] print_circular_bug+0x275/0x350 [ 344.392390][T15214] check_noncircular+0x14c/0x170 [ 344.392429][T15214] __lock_acquire+0x126f/0x1c90 [ 344.392465][T15214] lock_acquire+0x179/0x350 [ 344.392494][T15214] ? elevator_change+0x103/0x400 [ 344.392529][T15214] ? __pfx___might_resched+0x10/0x10 [ 344.392557][T15214] __mutex_lock+0x199/0xb90 [ 344.392593][T15214] ? elevator_change+0x103/0x400 [ 344.392627][T15214] ? elevator_change+0x103/0x400 [ 344.392662][T15214] ? __pfx___mutex_lock+0x10/0x10 [ 344.392702][T15214] ? blk_mq_cancel_work_sync+0xd8/0x110 [ 344.392757][T15214] ? __pfx_blk_mq_cancel_work_sync+0x10/0x10 [ 344.392801][T15214] ? elevator_change+0x103/0x400 [ 344.392832][T15214] elevator_change+0x103/0x400 [ 344.392866][T15214] elv_iosched_store+0x2eb/0x3a0 [ 344.392902][T15214] ? __pfx_elv_iosched_store+0x10/0x10 [ 344.392937][T15214] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.392966][T15214] ? __mutex_trylock_common+0xe9/0x250 [ 344.392999][T15214] ? __pfx_elv_iosched_store+0x10/0x10 [ 344.393034][T15214] queue_attr_store+0x276/0x320 [ 344.393059][T15214] ? __pfx_queue_attr_store+0x10/0x10 [ 344.393082][T15214] ? __lock_acquire+0x622/0x1c90 [ 344.393118][T15214] ? find_held_lock+0x2b/0x80 [ 344.393157][T15214] ? sysfs_file_kobj+0xe4/0x290 [ 344.393184][T15214] ? __pfx_queue_attr_store+0x10/0x10 [ 344.393208][T15214] sysfs_kf_write+0xef/0x150 [ 344.393234][T15214] kernfs_fop_write_iter+0x354/0x510 [ 344.393274][T15214] ? __pfx_sysfs_kf_write+0x10/0x10 [ 344.393301][T15214] iter_file_splice_write+0x91c/0x1150 [ 344.393338][T15214] ? __pfx_iter_file_splice_write+0x10/0x10 [ 344.393370][T15214] ? __pfx_copy_splice_read+0x10/0x10 [ 344.393413][T15214] ? __pfx_iter_file_splice_write+0x10/0x10 [ 344.393442][T15214] direct_splice_actor+0x18f/0x6c0 [ 344.393471][T15214] splice_direct_to_actor+0x345/0xa30 [ 344.393498][T15214] ? __pfx_direct_splice_actor+0x10/0x10 [ 344.393528][T15214] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 344.393559][T15214] do_splice_direct+0x174/0x240 [ 344.393585][T15214] ? __pfx_do_splice_direct+0x10/0x10 [ 344.393611][T15214] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 344.393638][T15214] ? rw_verify_area+0xcf/0x680 [ 344.393666][T15214] do_sendfile+0xb06/0xe50 [ 344.393695][T15214] ? __pfx_do_sendfile+0x10/0x10 [ 344.393724][T15214] ? __x64_sys_futex+0x1e0/0x4c0 [ 344.393752][T15214] ? __x64_sys_futex+0x1e9/0x4c0 [ 344.393780][T15214] __x64_sys_sendfile64+0x1d8/0x220 [ 344.393817][T15214] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 344.393858][T15214] do_syscall_64+0xcd/0x490 [ 344.393893][T15214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.393919][T15214] RIP: 0033:0x7f2602d8e969 [ 344.393940][T15214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.393965][T15214] RSP: 002b:00007f2603b7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 344.393987][T15214] RAX: ffffffffffffffda RBX: 00007f2602fb5fa0 RCX: 00007f2602d8e969 [ 344.394004][T15214] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 344.394037][T15214] RBP: 00007f2602e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 344.394053][T15214] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 344.394069][T15214] R13: 0000000000000000 R14: 00007f2602fb5fa0 R15: 00007ffd3e062bb8 [ 344.394093][T15214]