last executing test programs: 3.571559767s ago: executing program 2 (id=101): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffff7fdffe00, &(0x7f0000000140)=';') ioctl$auto(0x3, 0xc0086202, 0x38) 2.713544594s ago: executing program 2 (id=110): getgroups$auto(0xffffffff, 0x0) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) exit$auto(0x6) timer_delete$auto(0x0) 2.503278151s ago: executing program 1 (id=111): close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/trigger\x00', 0x0, 0x0) readv$auto(r0, &(0x7f0000001080)={0x0, 0x5c2}, 0x5) 2.314235361s ago: executing program 1 (id=112): mmap$auto(0x0, 0x200009, 0x2, 0x40eb1, 0x602, 0x300000000000) syz_clone(0x7630e0c3684ca6b2, 0x0, 0x40, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x5) madvise$auto(0x0, 0x20499d, 0x9) 1.719850511s ago: executing program 1 (id=115): write$auto(0xffffffffffffffff, 0x0, 0x74700e98) socket$nl_generic(0x10, 0x3, 0x10) semget$auto(0xfffffffa, 0x8, 0xf7fd) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1, 0x0) 1.508611543s ago: executing program 2 (id=118): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), r0) r2 = getpid() sendmsg$auto_TASKSTATS_CMD_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="050a2bbd7000fadbdf250100000008000100", @ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x20004000) 1.433686882s ago: executing program 0 (id=119): r0 = open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) r1 = socket(0x10, 0x2, 0xf) bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0x9, r1}, 0x210) bpf$auto(0x3, &(0x7f0000000080)=@bpf_attr_3={0x5, 0x0, 0x702955be, 0x5c, 0x4, 0x9, 0x80, 0xe4, 0xfffff800, "1eb42b025f50c7bf3d31d335977a12bd", 0x0, 0xffffffff, 0xffffffffffffffff, 0x7, 0x9, 0x4, 0x7, 0x10001, 0x0, 0x8001, @attach_prog_fd, 0x7e, 0x4, 0x1, 0x5, 0x3}, 0x5) 1.370508101s ago: executing program 1 (id=120): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) pipe2$auto(0x0, 0x80) ioctl$auto(0x1, 0x5761, 0xffffffffffffffff) 1.192234929s ago: executing program 3 (id=121): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0xfbe8, 0x4) mlock$auto(0x1a81, 0x2) mlock$auto(0x7c88, 0x7fff) 1.150487706s ago: executing program 1 (id=122): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000009c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_CABLE_TEST_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x80) 1.096220713s ago: executing program 0 (id=123): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000740), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000080)={0x30, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5, 0xb, 0x6}, @ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4089c}, 0x80) 1.063948553s ago: executing program 2 (id=124): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b4a, 0x1) 934.550552ms ago: executing program 3 (id=125): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0xfbe8, 0x4) mlock$auto(0x837, 0x7) mlock$auto(0x7c88, 0x7fff) 872.40493ms ago: executing program 1 (id=126): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) pread64$auto(r0, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{W\xed>\xe7l\xcb\x90\\/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x400) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) fcntl$auto(0x8000000000000001, 0x5, 0x8) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8013) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x12, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x2, 0x948b, 0x3, 0x15f4da0d, 0xe, 0x3, 0x4, 0x80000033, 0xfff, 0x6d3e, 0x9, 0x8, 0x6]}, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0xeb1, 0x405, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x24000001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(r1, 0x0, 0xa, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x40000, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00') r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x200009, 0x2, 0x40eb1, 0x602, 0x300000000000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) madvise$auto(0x0, 0x20499d, 0x9) setsockopt$auto(r2, 0x6, 0x3, &(0x7f0000000040)='/dev/ram7\x00', 0x8) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r2, 0x8000) 866.320614ms ago: executing program 0 (id=127): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/uapsd_max_sp_len\x00', 0x82, 0x0) write$auto_debugfs_full_proxy_file_operations_internal(r0, 0x0, 0x20) getrandom$auto(0x0, 0x6000000, 0x3) 678.574736ms ago: executing program 3 (id=128): r0 = setfsuid$auto(0xee00) r1 = setfsuid$auto(0xee01) setresuid$auto(r0, r1, r0) keyctl$auto(0x12, 0x102000000010001, 0x7f, 0x200, 0x3) 562.928471ms ago: executing program 0 (id=129): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000005540)='/dev/input/event2\x00', 0xa481, 0x0) ioctl$auto_EVIOCSKEYCODE_V2(r0, 0x40284504, 0x0) 501.179684ms ago: executing program 3 (id=130): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8400) prlimit64$auto(0x0, 0x803, &(0x7f00000001c0)={0x4, 0x6}, &(0x7f0000000240)={0xd, 0x7}) r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/manager\x00', 0x40802, 0x0) pread64$auto(r0, 0x0, 0xffff, 0xa) 470.698037ms ago: executing program 2 (id=131): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003a80)={0x0, 0x0, &(0x7f0000003a40)={&(0x7f0000000080)={0x14, r1, 0x1, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) 291.610572ms ago: executing program 3 (id=132): socket(0xa, 0x1, 0x100) listen$auto(0x3, 0x8d) write$auto(0x3, 0x0, 0xfffffdef) 279.669219ms ago: executing program 0 (id=133): r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000080)={0x2c, r0, 0x1, 0x70bd29, 0x25dfdc02, {}, [@ETHTOOL_A_MODULE_EEPROM_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004084}, 0x82) 96.979595ms ago: executing program 3 (id=134): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) migrate_pages$auto(0xffffffffffffffff, 0x8, 0x0, 0x0) 38.395317ms ago: executing program 0 (id=135): r0 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) write$auto(r0, &(0x7f0000000040)='/sys/kernel/config/target/dbroot\x00', 0x6e) write$auto(r0, &(0x7f0000000000)='/dev/audio1\x00', 0x4) 0s ago: executing program 2 (id=136): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r0, 0x1d, 0x0, 0xffffffff) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.54' (ED25519) to the list of known hosts. [ 99.817263][ T5820] cgroup: Unknown subsys name 'net' [ 99.995160][ T5820] cgroup: Unknown subsys name 'cpuset' [ 100.005506][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 101.897649][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.292551][ T890] cfg80211: failed to load regulatory.db [ 104.666810][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 104.676850][ T5841] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 104.685187][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.693919][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.702180][ T5841] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.703571][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 104.754579][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 104.762399][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 104.762529][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 104.780376][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 104.782973][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 104.788908][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 104.805555][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 104.812737][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 104.821016][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 104.828831][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 104.837980][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 104.845676][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 104.855213][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 104.862651][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 105.253526][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 105.486778][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.494764][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.502700][ T5832] bridge_slave_0: entered allmulticast mode [ 105.510310][ T5832] bridge_slave_0: entered promiscuous mode [ 105.557781][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.565003][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.572359][ T5832] bridge_slave_1: entered allmulticast mode [ 105.580266][ T5832] bridge_slave_1: entered promiscuous mode [ 105.635981][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 105.707389][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.735321][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.775235][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 105.823377][ T5832] team0: Port device team_slave_0 added [ 105.836246][ T5832] team0: Port device team_slave_1 added [ 105.854697][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 105.954486][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.961856][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.987921][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.036061][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.043327][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.070494][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.147914][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.155242][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.162853][ T5834] bridge_slave_0: entered allmulticast mode [ 106.170554][ T5834] bridge_slave_0: entered promiscuous mode [ 106.214490][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.221991][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.230073][ T5833] bridge_slave_0: entered allmulticast mode [ 106.238090][ T5833] bridge_slave_0: entered promiscuous mode [ 106.247216][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.254935][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.262586][ T5834] bridge_slave_1: entered allmulticast mode [ 106.270902][ T5834] bridge_slave_1: entered promiscuous mode [ 106.308782][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.315977][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.323515][ T5833] bridge_slave_1: entered allmulticast mode [ 106.331881][ T5833] bridge_slave_1: entered promiscuous mode [ 106.385512][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.392951][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.401254][ T5840] bridge_slave_0: entered allmulticast mode [ 106.409369][ T5840] bridge_slave_0: entered promiscuous mode [ 106.449699][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.465910][ T5832] hsr_slave_0: entered promiscuous mode [ 106.473274][ T5832] hsr_slave_1: entered promiscuous mode [ 106.481340][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.488841][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.496050][ T5840] bridge_slave_1: entered allmulticast mode [ 106.504119][ T5840] bridge_slave_1: entered promiscuous mode [ 106.513763][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.526760][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.553230][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.656320][ T5834] team0: Port device team_slave_0 added [ 106.665792][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.679173][ T5833] team0: Port device team_slave_0 added [ 106.695901][ T5834] team0: Port device team_slave_1 added [ 106.704748][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.716725][ T5833] team0: Port device team_slave_1 added [ 106.769820][ T5842] Bluetooth: hci0: command tx timeout [ 106.835345][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.844485][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.872427][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.893469][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.900653][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.927441][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.938701][ T5843] Bluetooth: hci3: command tx timeout [ 106.938710][ T5837] Bluetooth: hci1: command tx timeout [ 106.942322][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.944954][ T5842] Bluetooth: hci2: command tx timeout [ 106.950293][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.989422][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.004281][ T5840] team0: Port device team_slave_0 added [ 107.012747][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.020204][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.046580][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.087701][ T5840] team0: Port device team_slave_1 added [ 107.154507][ T5833] hsr_slave_0: entered promiscuous mode [ 107.161394][ T5833] hsr_slave_1: entered promiscuous mode [ 107.167835][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.175900][ T5833] Cannot create hsr debugfs directory [ 107.203938][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.211090][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.237602][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.251015][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.258015][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.284795][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.437976][ T5834] hsr_slave_0: entered promiscuous mode [ 107.445418][ T5834] hsr_slave_1: entered promiscuous mode [ 107.451995][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.460212][ T5834] Cannot create hsr debugfs directory [ 107.480123][ T5840] hsr_slave_0: entered promiscuous mode [ 107.486884][ T5840] hsr_slave_1: entered promiscuous mode [ 107.493592][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.501392][ T5840] Cannot create hsr debugfs directory [ 107.815473][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.863706][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.924532][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.960936][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 108.022397][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 108.039545][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 108.056869][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 108.070784][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 108.169199][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 108.191093][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 108.204465][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 108.242435][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.361075][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 108.383135][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 108.396609][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 108.422272][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.495525][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.559512][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.573716][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.597665][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.642689][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.650087][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.670741][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.685546][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.712305][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.719578][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.740065][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.747390][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.769903][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.777222][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.808223][ T3985] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.815557][ T3985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.831873][ T3985] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.839149][ T3985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.849346][ T5842] Bluetooth: hci0: command tx timeout [ 108.907579][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.989973][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.008904][ T5842] Bluetooth: hci2: command tx timeout [ 109.014494][ T5842] Bluetooth: hci3: command tx timeout [ 109.020146][ T5843] Bluetooth: hci1: command tx timeout [ 109.046459][ T3985] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.053714][ T3985] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.114359][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.121606][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.317120][ T5834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 109.688114][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.717159][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.733220][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.853639][ T5833] veth0_vlan: entered promiscuous mode [ 109.897544][ T5833] veth1_vlan: entered promiscuous mode [ 109.915013][ T5832] veth0_vlan: entered promiscuous mode [ 109.940699][ T5840] veth0_vlan: entered promiscuous mode [ 109.966977][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.975826][ T5832] veth1_vlan: entered promiscuous mode [ 109.994809][ T5840] veth1_vlan: entered promiscuous mode [ 110.055535][ T5833] veth0_macvtap: entered promiscuous mode [ 110.066965][ T5833] veth1_macvtap: entered promiscuous mode [ 110.097834][ T5832] veth0_macvtap: entered promiscuous mode [ 110.124734][ T5832] veth1_macvtap: entered promiscuous mode [ 110.142108][ T5840] veth0_macvtap: entered promiscuous mode [ 110.155196][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.179533][ T5840] veth1_macvtap: entered promiscuous mode [ 110.201855][ T5834] veth0_vlan: entered promiscuous mode [ 110.216762][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.245977][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.267679][ T5833] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.277371][ T5833] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.287165][ T5833] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.298248][ T5833] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.313231][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.328886][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.341942][ T5834] veth1_vlan: entered promiscuous mode [ 110.355895][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.367526][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.379862][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.389156][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.398730][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.424198][ T5840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.433782][ T5840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.442655][ T5840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.452080][ T5840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.563866][ T5834] veth0_macvtap: entered promiscuous mode [ 110.591368][ T5834] veth1_macvtap: entered promiscuous mode [ 110.679535][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.687648][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.705442][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.761084][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.771889][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.780055][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.803870][ T5834] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.816819][ T5834] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.826000][ T5834] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.834933][ T5834] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.873317][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.881635][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.930075][ T5842] Bluetooth: hci0: command tx timeout [ 110.953867][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.973210][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.993383][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.001808][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.056443][ T3985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.082895][ T3985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.091797][ T5843] Bluetooth: hci3: command tx timeout [ 111.097282][ T5843] Bluetooth: hci1: command tx timeout [ 111.103357][ T5842] Bluetooth: hci2: command tx timeout [ 111.163425][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 111.206379][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.230727][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.320883][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.345215][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.455348][ T5906] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. syzkaller syzkaller login: [ 112.998911][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 113.010398][ T5842] Bluetooth: hci0: command tx timeout [ 113.169183][ T5842] Bluetooth: hci3: command tx timeout [ 113.174768][ T5842] Bluetooth: hci2: command tx timeout [ 113.180838][ T5843] Bluetooth: hci1: command tx timeout [ 113.376905][ T5925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.351863][ T5931] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 115.062594][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 116.358821][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.935294][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 117.208908][ T5968] bridge0: port 3(vlan1) entered blocking state [ 117.218746][ T5968] bridge0: port 3(vlan1) entered disabled state [ 117.225623][ T5968] vlan1: entered allmulticast mode [ 117.234903][ T5968] veth0_vlan: entered allmulticast mode [ 117.248040][ T5968] vlan1: entered promiscuous mode [ 117.273813][ T5968] bridge0: port 3(vlan1) entered blocking state [ 117.280429][ T5968] bridge0: port 3(vlan1) entered forwarding state [ 119.933341][ T5995] FAULT_INJECTION: forcing a failure. [ 119.933341][ T5995] name failslab, interval 1, probability 0, space 0, times 1 [ 119.946423][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: syz.3.30 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 119.946464][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.946486][ T5995] Call Trace: [ 119.946500][ T5995] [ 119.946515][ T5995] dump_stack_lvl+0x16c/0x1f0 [ 119.946576][ T5995] should_fail_ex+0x512/0x640 [ 119.946610][ T5995] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 119.946657][ T5995] should_failslab+0xc2/0x120 [ 119.946688][ T5995] __kmalloc_cache_noprof+0x6a/0x3e0 [ 119.946730][ T5995] ? snd_ctl_get_preferred_subdevice+0x16c/0x1f0 [ 119.946778][ T5995] ? snd_pcm_attach_substream+0x441/0xd60 [ 119.946845][ T5995] snd_pcm_attach_substream+0x441/0xd60 [ 119.946905][ T5995] snd_pcm_open_substream+0x8d/0x17f0 [ 119.946955][ T5995] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 119.947013][ T5995] snd_pcm_oss_open+0x735/0x1400 [ 119.947067][ T5995] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 119.947108][ T5995] ? __lock_acquire+0xb8a/0x1c90 [ 119.947149][ T5995] ? __pfx_default_wake_function+0x10/0x10 [ 119.947184][ T5995] ? __lock_acquire+0xb8a/0x1c90 [ 119.947233][ T5995] ? do_raw_spin_lock+0x12c/0x2b0 [ 119.947285][ T5995] ? soundcore_open+0x35a/0x580 [ 119.947319][ T5995] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 119.947359][ T5995] soundcore_open+0x40c/0x580 [ 119.947394][ T5995] ? __pfx_soundcore_open+0x10/0x10 [ 119.947426][ T5995] chrdev_open+0x234/0x6a0 [ 119.947453][ T5995] ? __pfx_apparmor_file_open+0x10/0x10 [ 119.947502][ T5995] ? __pfx_chrdev_open+0x10/0x10 [ 119.947533][ T5995] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 119.947583][ T5995] do_dentry_open+0x741/0x1c10 [ 119.947632][ T5995] ? __pfx_chrdev_open+0x10/0x10 [ 119.947700][ T5995] vfs_open+0x82/0x3f0 [ 119.947740][ T5995] path_openat+0x1de4/0x2cb0 [ 119.947909][ T5995] ? __pfx_path_openat+0x10/0x10 [ 119.948034][ T5995] ? __lock_acquire+0xb8a/0x1c90 [ 119.948084][ T5995] do_filp_open+0x20b/0x470 [ 119.948134][ T5995] ? __pfx_do_filp_open+0x10/0x10 [ 119.948211][ T5995] ? alloc_fd+0x471/0x7d0 [ 119.948265][ T5995] do_sys_openat2+0x11b/0x1d0 [ 119.948307][ T5995] ? __pfx_do_sys_openat2+0x10/0x10 [ 119.948347][ T5995] ? __sys_sendmsg+0x18c/0x220 [ 119.948387][ T5995] __x64_sys_openat+0x174/0x210 [ 119.948427][ T5995] ? __pfx___x64_sys_openat+0x10/0x10 [ 119.948485][ T5995] do_syscall_64+0xcd/0x490 [ 119.948521][ T5995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.948555][ T5995] RIP: 0033:0x7fca2c18e969 [ 119.948592][ T5995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.948624][ T5995] RSP: 002b:00007fca2d054038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 119.948655][ T5995] RAX: ffffffffffffffda RBX: 00007fca2c3b5fa0 RCX: 00007fca2c18e969 [ 119.948676][ T5995] RDX: 0000000000020b42 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 119.948696][ T5995] RBP: 00007fca2c210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 119.948724][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.948743][ T5995] R13: 0000000000000000 R14: 00007fca2c3b5fa0 R15: 00007ffee3b40638 [ 119.948785][ T5995] [ 120.979874][ T6017] Zero length message leads to an empty skb [ 121.781468][ T6017] netdevsim netdevsim15 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.787697][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 123.413147][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 123.808762][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 123.868802][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 123.878374][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 124.400813][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 125.053757][ T6086] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.177601][ T6088] netlink: 28 bytes leftover after parsing attributes in process `syz.2.57'. [ 126.191535][ T6097] XFS: Clearing xfsstats [ 131.699901][ T6176] FAULT_INJECTION: forcing a failure. [ 131.699901][ T6176] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 131.748443][ T6176] CPU: 0 UID: 0 PID: 6176 Comm: syz.0.91 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 131.748491][ T6176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.748511][ T6176] Call Trace: [ 131.748523][ T6176] [ 131.748536][ T6176] dump_stack_lvl+0x16c/0x1f0 [ 131.748599][ T6176] should_fail_ex+0x512/0x640 [ 131.748643][ T6176] core_sys_select+0x949/0xc10 [ 131.748702][ T6176] ? __pfx_core_sys_select+0x10/0x10 [ 131.748796][ T6176] ? set_user_sigmask+0x21b/0x2b0 [ 131.748829][ T6176] ? __pfx_set_user_sigmask+0x10/0x10 [ 131.748859][ T6176] ? find_held_lock+0x2b/0x80 [ 131.748901][ T6176] do_pselect.constprop.0+0x19f/0x1e0 [ 131.748950][ T6176] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 131.749006][ T6176] ? __x64_sys_futex+0x1e0/0x4c0 [ 131.749052][ T6176] __x64_sys_pselect6+0x182/0x240 [ 131.749101][ T6176] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 131.749160][ T6176] do_syscall_64+0xcd/0x490 [ 131.749194][ T6176] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.749227][ T6176] RIP: 0033:0x7f3613b8e969 [ 131.749253][ T6176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.749284][ T6176] RSP: 002b:00007f36149f8038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 131.749325][ T6176] RAX: ffffffffffffffda RBX: 00007f3613db5fa0 RCX: 00007f3613b8e969 [ 131.749347][ T6176] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009 [ 131.749366][ T6176] RBP: 00007f3613c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 131.749385][ T6176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.749404][ T6176] R13: 0000000000000000 R14: 00007f3613db5fa0 R15: 00007ffe55fb0328 [ 131.749445][ T6176] [ 131.935574][ C0] vkms_vblank_simulate: vblank timer overrun [ 132.189303][ T6185] FAULT_INJECTION: forcing a failure. [ 132.189303][ T6185] name failslab, interval 1, probability 0, space 0, times 0 [ 132.289575][ T6185] CPU: 1 UID: 0 PID: 6185 Comm: syz.0.93 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 132.289619][ T6185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.289638][ T6185] Call Trace: [ 132.289648][ T6185] [ 132.289660][ T6185] dump_stack_lvl+0x16c/0x1f0 [ 132.289721][ T6185] should_fail_ex+0x512/0x640 [ 132.289757][ T6185] ? __kmalloc_noprof+0xbf/0x510 [ 132.289811][ T6185] ? lsm_blob_alloc+0x68/0x90 [ 132.289846][ T6185] should_failslab+0xc2/0x120 [ 132.289880][ T6185] __kmalloc_noprof+0xd2/0x510 [ 132.289938][ T6185] lsm_blob_alloc+0x68/0x90 [ 132.289976][ T6185] security_sk_alloc+0x30/0x270 [ 132.290023][ T6185] sk_prot_alloc+0xfb/0x2a0 [ 132.290065][ T6185] sk_alloc+0x36/0xc20 [ 132.290116][ T6185] unix_create1+0xa6/0x700 [ 132.290165][ T6185] unix_create+0x10e/0x1d0 [ 132.290212][ T6185] __sock_create+0x335/0x8d0 [ 132.290262][ T6185] __sys_socketpair+0x25c/0x5a0 [ 132.290310][ T6185] ? __pfx___sys_socketpair+0x10/0x10 [ 132.290353][ T6185] ? fput+0x70/0xf0 [ 132.290389][ T6185] ? xfd_validate_state+0x61/0x180 [ 132.290439][ T6185] ? __pfx_do_writev+0x10/0x10 [ 132.290492][ T6185] __x64_sys_socketpair+0x96/0x100 [ 132.290536][ T6185] ? lockdep_hardirqs_on+0x7c/0x110 [ 132.290586][ T6185] do_syscall_64+0xcd/0x490 [ 132.290621][ T6185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.290654][ T6185] RIP: 0033:0x7f3613b8e969 [ 132.290679][ T6185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.290708][ T6185] RSP: 002b:00007f36149f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 132.290738][ T6185] RAX: ffffffffffffffda RBX: 00007f3613db5fa0 RCX: 00007f3613b8e969 [ 132.290759][ T6185] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 132.290778][ T6185] RBP: 00007f3613c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 132.290797][ T6185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.290814][ T6185] R13: 0000000000000000 R14: 00007f3613db5fa0 R15: 00007ffe55fb0328 [ 132.290855][ T6185] [ 135.919803][ T6278] capability: warning: `syz.2.124' uses 32-bit capabilities (legacy support in use) [ 136.909712][ T6307] [ 136.912311][ T6307] ============================================ [ 136.918495][ T6307] WARNING: possible recursive locking detected [ 136.924779][ T6307] 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 Not tainted [ 136.931739][ T6307] -------------------------------------------- [ 136.938079][ T6307] syz.0.135/6307 is trying to acquire lock: [ 136.944171][ T6307] ffff888027ceda78 (&p->frag_sem){.+.+}-{4:4}, at: __configfs_open_file+0xe8/0x9c0 [ 136.953969][ T6307] [ 136.953969][ T6307] but task is already holding lock: [ 136.961376][ T6307] ffff888027ceda78 (&p->frag_sem){.+.+}-{4:4}, at: configfs_write_iter+0x219/0x4e0 [ 136.970862][ T6307] [ 136.970862][ T6307] other info that might help us debug this: [ 136.978951][ T6307] Possible unsafe locking scenario: [ 136.978951][ T6307] [ 136.986431][ T6307] CPU0 [ 136.989759][ T6307] ---- [ 136.993158][ T6307] lock(&p->frag_sem); [ 136.997441][ T6307] lock(&p->frag_sem); [ 137.001638][ T6307] [ 137.001638][ T6307] *** DEADLOCK *** [ 137.001638][ T6307] [ 137.009801][ T6307] May be due to missing lock nesting notation [ 137.009801][ T6307] [ 137.018226][ T6307] 5 locks held by syz.0.135/6307: [ 137.023361][ T6307] #0: ffff888030d58d38 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 137.032539][ T6307] #1: ffff888144ef0428 (sb_writers#18){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 137.041673][ T6307] #2: ffff88807892d288 (&buffer->mutex#2){+.+.}-{4:4}, at: configfs_write_iter+0x75/0x4e0 [ 137.051773][ T6307] #3: ffff888027ceda78 (&p->frag_sem){.+.+}-{4:4}, at: configfs_write_iter+0x219/0x4e0 [ 137.061679][ T6307] #4: ffffffff8f4743e8 (target_devices_lock){+.+.}-{4:4}, at: target_core_item_dbroot_store+0x21/0x350 [ 137.072891][ T6307] [ 137.072891][ T6307] stack backtrace: [ 137.078825][ T6307] CPU: 0 UID: 0 PID: 6307 Comm: syz.0.135 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 137.078860][ T6307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.078876][ T6307] Call Trace: [ 137.078884][ T6307] [ 137.078894][ T6307] dump_stack_lvl+0x116/0x1f0 [ 137.078943][ T6307] print_deadlock_bug+0x1e9/0x240 [ 137.078977][ T6307] __lock_acquire+0x1106/0x1c90 [ 137.079020][ T6307] lock_acquire+0x179/0x350 [ 137.079055][ T6307] ? __configfs_open_file+0xe8/0x9c0 [ 137.079099][ T6307] ? __pfx___might_resched+0x10/0x10 [ 137.079129][ T6307] down_read+0x9b/0x480 [ 137.079157][ T6307] ? __configfs_open_file+0xe8/0x9c0 [ 137.079199][ T6307] ? __pfx_down_read+0x10/0x10 [ 137.079232][ T6307] __configfs_open_file+0xe8/0x9c0 [ 137.079276][ T6307] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 137.079317][ T6307] do_dentry_open+0x741/0x1c10 [ 137.079359][ T6307] ? __pfx_configfs_open_file+0x10/0x10 [ 137.079405][ T6307] vfs_open+0x82/0x3f0 [ 137.079435][ T6307] path_openat+0x1de4/0x2cb0 [ 137.079480][ T6307] ? __pfx_path_openat+0x10/0x10 [ 137.079527][ T6307] ? kasan_save_stack+0x42/0x60 [ 137.079567][ T6307] ? kasan_save_stack+0x33/0x60 [ 137.079606][ T6307] ? kasan_save_track+0x14/0x30 [ 137.079647][ T6307] ? __kasan_slab_alloc+0x89/0x90 [ 137.079672][ T6307] do_filp_open+0x20b/0x470 [ 137.079711][ T6307] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.079740][ T6307] ? __pfx_do_filp_open+0x10/0x10 [ 137.079798][ T6307] file_open_name+0x2a3/0x450 [ 137.079830][ T6307] ? __pfx_file_open_name+0x10/0x10 [ 137.079860][ T6307] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 137.079902][ T6307] ? getname_kernel+0x52/0x370 [ 137.079929][ T6307] ? __asan_memcpy+0x3c/0x60 [ 137.079967][ T6307] filp_open+0x4b/0x80 [ 137.079996][ T6307] target_core_item_dbroot_store+0x108/0x350 [ 137.080040][ T6307] configfs_write_iter+0x303/0x4e0 [ 137.080085][ T6307] vfs_write+0x6c7/0x1150 [ 137.080125][ T6307] ? __pfx_configfs_write_iter+0x10/0x10 [ 137.080169][ T6307] ? __pfx___mutex_lock+0x10/0x10 [ 137.080194][ T6307] ? __pfx_vfs_write+0x10/0x10 [ 137.080243][ T6307] ksys_write+0x12a/0x250 [ 137.080284][ T6307] ? __pfx_ksys_write+0x10/0x10 [ 137.080329][ T6307] do_syscall_64+0xcd/0x490 [ 137.080355][ T6307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.080383][ T6307] RIP: 0033:0x7f3613b8e969 [ 137.080404][ T6307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.080432][ T6307] RSP: 002b:00007f36149f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 137.080456][ T6307] RAX: ffffffffffffffda RBX: 00007f3613db5fa0 RCX: 00007f3613b8e969 [ 137.080474][ T6307] RDX: 000000000000006e RSI: 0000200000000040 RDI: 0000000000000003 [ 137.080491][ T6307] RBP: 00007f3613c10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 137.080512][ T6307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.080528][ T6307] R13: 0000000000000000 R14: 00007f3613db5fa0 R15: 00007ffe55fb0328 [ 137.080552][ T6307] [ 137.081441][ T30] audit: type=1800 audit(6043973650.136:2): pid=6307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.135" name="dbroot" dev="configfs" ino=8857 res=0 errno=0 [ 137.466050][ T30] audit: type=1804 audit(6043973650.706:3): pid=6307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.135" name="/newroot/sys/kernel/config/target/dbroot" dev="configfs" ino=8857 res=1 errno=0 [ 137.507619][ T6307] db_root: not a directory: /sys/kernel/config/target/dbroot [ 143.250742][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.257184][ T1305] ieee802154 phy1 wpan1: encryption failed: -22