last executing test programs: 1.87904788s ago: executing program 3 (id=4): openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 1.708553779s ago: executing program 0 (id=5): r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/ieee80211/phy6/wep_iv\x00', 0x240, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r0, 0x0, 0x0) 1.624320652s ago: executing program 3 (id=6): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x0) bind$auto(0x3, 0x0, 0x6a) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) lsm_list_modules$auto(&(0x7f0000000080)=0x1, &(0x7f0000000140)=0x7a28, 0x4b1d) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) msync$auto(0x2, 0x9, 0x40) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xc8}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0xffffffffffffffff, 0x900064b5, 0xc14) msgctl$auto(0x9, 0xf8, &(0x7f00000001c0)={{0x8, 0xee00, 0x0, 0x4, 0xa771, 0x7, 0x9}, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x1, 0xc28a, 0x5f52, 0x3, 0x9, 0x8, 0x2cce, 0xfffc, 0x6, @inferred, @inferred=0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f00000027c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000002780)={&(0x7f0000000240)=ANY=[@ANYBLOB="580200", @ANYRES16=0x0, @ANYBLOB="00022dbd7000fcdbdf250200000008000800", @ANYRES32=0x0, @ANYBLOB="0f0003002f6465762f6164737031000016020480ce0044800400750004006880d1506bbd2b1ebe4d19b0d1c0ab9c296454e83f6f917ac6b0097c35d5df5abbc18838f7a7f3b46966c809d12efc3a7a069afe67a71d5567097f060e60e752058afe2f21dd8e61df70ef93aeeebfdb2433f6f4fc2a08eaf6e20011cc4749ac9c02feb7059988773029c0283338878bcccdc09ee6318737f2af18d42604ad6bba937d6dd2f5a7d9c92e8f08d40b3f052e083a9bb7bf59ad99a2501b8622414a1400400000000000000000000000ffff0a010100040057800c000400070000000000000000003700ab800400238008006900ffffffff04005f800800d000", @ANYRES32, @ANYBLOB="0c007c0002000000000000000400908079d31828245d1d04005480009900e6809a9ee0a2123a8fa92a4224c5e320835bc1df4b86b08f1eb106b640770860908a7ee198191bec22d0e1fe7b49b4428100781fc9231baa218eb9dff6587e85758d2557a569379b8216c1a1a193300c189b0fae54063c109a24a6cbf4ca980e8cd518672d8170bfc296672040c805d2805a666b2c10da076637bada153ac529599e829086c0d426fe1187195bc35fd30700a5", @ANYRES32=r0, @ANYBLOB="0000000800b6006401010178679f385b78dc0f0041002f6465762f6164737031000034dbb4a18fb580bda46a26cb741baeb66648b73e16593e6280ab1f493bdceced1b1cb8e704a055f6ba30c848e10359186bdac20f914fc3e87ed1e9d944940d1af2861a7aa210570710731e24a2b60c000004000a80080001000500000008000900000000"], 0x258}, 0x1, 0x0, 0x0, 0xd5}, 0x4000040) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20002, 0x0) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x2c, r3, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) connect$auto(0x3, 0x0, 0x55) sendto$auto(r2, &(0x7f00000004c0)="d6673f32dbc9d11dbbd205159a50aeaea81370ecb25b390f012bfffd3ee120deffd280a2193d7536", 0x5, 0x2, &(0x7f0000000500)=@isdn={0x22, 0x7, 0x8, 0x1, 0x5}, 0x101) 1.48563073s ago: executing program 1 (id=2): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x100, 0x0) preadv$auto(0x3, &(0x7f00000004c0)={0x0, 0x8000000}, 0x3, 0x10000, 0x10) 1.458581978s ago: executing program 2 (id=3): setitimer$auto(0x2, &(0x7f0000000040)={{0x0, 0x5}, {0x0, 0x8}}, 0x0) mmap$auto(0x0, 0x20000a, 0xffffffffffffffff, 0x40eb1, 0x602, 0x300000000000) 1.379953469s ago: executing program 0 (id=7): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000100)={"fda25684", 0xffff, 0x6, 0x3, 0x9b4, 0x9, "c625aa3f222ce10e00", '\x00', "0400e6ad", '\x00', ["22dfffffffefffff480400", "f8ffffffffffffff00e10001", "b06f8ca10c66eebcbd6f17c8", "5fe10eedab2c4b353c392a92"]}) 1.210997562s ago: executing program 1 (id=8): openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0xb02, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) 1.094443148s ago: executing program 2 (id=9): setresuid$auto(0x60, 0x1000, 0x8000) ioctl$auto(0xc8, 0x54e3, 0x5c8d) 1.050121536s ago: executing program 0 (id=10): mkdir$auto(&(0x7f0000000040)='./cgroup/../file0\x00', 0x1) mkdir$auto(&(0x7f0000000080)='./cgroup.cpu/cpuset.cpus\x00', 0x8ce) 954.240757ms ago: executing program 1 (id=11): socket(0x11, 0x3, 0x9) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000440)='/proc/vmallocinfo\x00', 0x40502, 0x0) pread64$auto(r0, &(0x7f0000000340)='/proc/Nes\x00'/22, 0x100000001, 0x100) 780.068327ms ago: executing program 2 (id=12): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x480000, 0x0) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) 617.514248ms ago: executing program 0 (id=13): r0 = socket(0x1e, 0x1, 0x0) connect$auto(r0, &(0x7f0000000000)=@tipc=@nameseq={0x1e, 0x1, 0x2, {0x43, 0x4, 0x4}}, 0x10) 320.495869ms ago: executing program 2 (id=14): r0 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_timedsend$auto(r0, &(0x7f00000000c0)='\xcf\x8d\xb6\xaa\x80\xd5\xb4_:A\xacz\xdc\xa0\x1d', 0x2, 0x6, &(0x7f0000000240)={0x2000000000000003, 0x101}) 308.257544ms ago: executing program 0 (id=15): r0 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/ieee80211/phy6/statistics/dot11FCSErrorCount\x00', 0x8002, 0x0) read$auto(r0, 0x0, 0x7fff) 230.435915ms ago: executing program 0 (id=16): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x1a1842, 0x0) write$auto(r0, &(0x7f0000000000)='9\x00d1L\xff\x15\xba\xa17=(\xc1\xf8\xff\xff\v\xb5^\xa1/[', 0x8) 0s ago: executing program 1 (id=17): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto_P_PID(0x1, r0, 0x0, 0x7, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts. [ 96.482685][ T5823] cgroup: Unknown subsys name 'net' [ 96.596319][ T5823] cgroup: Unknown subsys name 'cpuset' [ 96.606140][ T5823] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 97.344799][ T43] cfg80211: failed to load regulatory.db [ 98.562090][ T5823] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 100.818928][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.827689][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.838879][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.866090][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 100.875686][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 100.884769][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 100.893256][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 100.907322][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 100.915905][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 100.924654][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 100.931501][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.941321][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 100.943950][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 100.950145][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.957529][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 100.994079][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 101.002272][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 101.010989][ T5852] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 101.019439][ T5852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 101.028987][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 101.709671][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 101.721100][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 101.767138][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 101.891977][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 102.039034][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.047008][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.056844][ T5838] bridge_slave_0: entered allmulticast mode [ 102.064481][ T5838] bridge_slave_0: entered promiscuous mode [ 102.101739][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.109034][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.117016][ T5841] bridge_slave_0: entered allmulticast mode [ 102.124318][ T5841] bridge_slave_0: entered promiscuous mode [ 102.132906][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.140318][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.147841][ T5841] bridge_slave_1: entered allmulticast mode [ 102.155378][ T5841] bridge_slave_1: entered promiscuous mode [ 102.180295][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.187962][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.195497][ T5838] bridge_slave_1: entered allmulticast mode [ 102.203405][ T5838] bridge_slave_1: entered promiscuous mode [ 102.268648][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.276616][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.284260][ T5842] bridge_slave_0: entered allmulticast mode [ 102.291609][ T5842] bridge_slave_0: entered promiscuous mode [ 102.314978][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.327618][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.339288][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.346881][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.354373][ T5842] bridge_slave_1: entered allmulticast mode [ 102.361499][ T5842] bridge_slave_1: entered promiscuous mode [ 102.386380][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.398587][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.423295][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.430630][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.438538][ T5848] bridge_slave_0: entered allmulticast mode [ 102.446144][ T5848] bridge_slave_0: entered promiscuous mode [ 102.509419][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.517748][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.525652][ T5848] bridge_slave_1: entered allmulticast mode [ 102.535977][ T5848] bridge_slave_1: entered promiscuous mode [ 102.558411][ T5841] team0: Port device team_slave_0 added [ 102.594823][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.612490][ T5841] team0: Port device team_slave_1 added [ 102.621579][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.636085][ T5838] team0: Port device team_slave_0 added [ 102.645347][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.685301][ T5838] team0: Port device team_slave_1 added [ 102.710490][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.747139][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.755681][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.782097][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.796996][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.805051][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.832689][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.860366][ T5842] team0: Port device team_slave_0 added [ 102.887256][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.894700][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.921641][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.953435][ T5842] team0: Port device team_slave_1 added [ 102.974614][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.981638][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.008989][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.023463][ T5852] Bluetooth: hci1: command tx timeout [ 103.023498][ T5840] Bluetooth: hci0: command tx timeout [ 103.031799][ T5848] team0: Port device team_slave_0 added [ 103.079226][ T5848] team0: Port device team_slave_1 added [ 103.086202][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.096495][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.103189][ T5852] Bluetooth: hci2: command tx timeout [ 103.124262][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.129513][ T5840] Bluetooth: hci3: command tx timeout [ 103.146217][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.146239][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.146278][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.213725][ T5841] hsr_slave_0: entered promiscuous mode [ 103.220717][ T5841] hsr_slave_1: entered promiscuous mode [ 103.289075][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.296889][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.324158][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.337935][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.345309][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.372615][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.389170][ T5842] hsr_slave_0: entered promiscuous mode [ 103.395836][ T5842] hsr_slave_1: entered promiscuous mode [ 103.402413][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.410596][ T5842] Cannot create hsr debugfs directory [ 103.446113][ T5838] hsr_slave_0: entered promiscuous mode [ 103.453308][ T5838] hsr_slave_1: entered promiscuous mode [ 103.459533][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.467777][ T5838] Cannot create hsr debugfs directory [ 103.596804][ T5848] hsr_slave_0: entered promiscuous mode [ 103.604465][ T5848] hsr_slave_1: entered promiscuous mode [ 103.610919][ T5848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.619370][ T5848] Cannot create hsr debugfs directory [ 104.070986][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.087853][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.099368][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.121392][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.192081][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 104.206592][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 104.237362][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 104.249585][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 104.341072][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 104.366278][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 104.391680][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 104.417634][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 104.496892][ T5848] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 104.510083][ T5848] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 104.533900][ T5848] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 104.550341][ T5848] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 104.614512][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.668386][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.710408][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.755535][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.788116][ T3500] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.799964][ T3500] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.811517][ T3500] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.818993][ T3500] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.849009][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.856366][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.898713][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.906861][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.937944][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.031582][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.049531][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.072041][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.079509][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.103816][ T5840] Bluetooth: hci1: command tx timeout [ 105.104031][ T5852] Bluetooth: hci0: command tx timeout [ 105.118878][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.126120][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.149581][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.183387][ T5852] Bluetooth: hci2: command tx timeout [ 105.239296][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.246795][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.263083][ T5852] Bluetooth: hci3: command tx timeout [ 105.279411][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.287652][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.829423][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.851205][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.036668][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.070984][ T5841] veth0_vlan: entered promiscuous mode [ 106.127596][ T5841] veth1_vlan: entered promiscuous mode [ 106.135148][ T5842] veth0_vlan: entered promiscuous mode [ 106.157664][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.184914][ T5842] veth1_vlan: entered promiscuous mode [ 106.232104][ T5838] veth0_vlan: entered promiscuous mode [ 106.278100][ T5838] veth1_vlan: entered promiscuous mode [ 106.310705][ T5841] veth0_macvtap: entered promiscuous mode [ 106.320553][ T5848] veth0_vlan: entered promiscuous mode [ 106.347891][ T5841] veth1_macvtap: entered promiscuous mode [ 106.359171][ T5848] veth1_vlan: entered promiscuous mode [ 106.373796][ T5842] veth0_macvtap: entered promiscuous mode [ 106.397808][ T5842] veth1_macvtap: entered promiscuous mode [ 106.456033][ T5838] veth0_macvtap: entered promiscuous mode [ 106.475248][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.486009][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.500772][ T5838] veth1_macvtap: entered promiscuous mode [ 106.520762][ T5848] veth0_macvtap: entered promiscuous mode [ 106.536441][ T5848] veth1_macvtap: entered promiscuous mode [ 106.548054][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.560352][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.582014][ T5841] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.594144][ T5841] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.603938][ T5841] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.615506][ T5841] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.649470][ T5842] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.658868][ T5842] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.668944][ T5842] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.678953][ T5842] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.756010][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.769669][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.806147][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.821765][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.855328][ T5838] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.866563][ T5838] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.876475][ T5838] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.885489][ T5838] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.928369][ T5848] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.937977][ T5848] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.950665][ T5848] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.959978][ T5848] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.981307][ T1082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.001277][ T1082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.062894][ T1082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.071502][ T1082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.120784][ T55] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.129376][ T55] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.183060][ T5852] Bluetooth: hci0: command tx timeout [ 107.183069][ T5840] Bluetooth: hci1: command tx timeout [ 107.198373][ T55] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.206887][ T55] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.262956][ T5852] Bluetooth: hci2: command tx timeout [ 107.344695][ T5852] Bluetooth: hci3: command tx timeout [ 107.351253][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 107.353827][ T1082] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.396042][ T1082] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.431557][ T3500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.441931][ T3500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.638051][ T1082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.648847][ T3500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.660610][ T1082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.679865][ T3500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.423692][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.433147][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.442297][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.482827][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.493521][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 108.533265][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.542081][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.262979][ T5852] Bluetooth: hci1: command tx timeout [ 109.263091][ T5840] Bluetooth: hci0: command tx timeout [ 109.342843][ T5840] Bluetooth: hci2: command tx timeout [ 109.423949][ T5840] Bluetooth: hci3: command tx timeout [ 109.505707][ T5934] [ 109.508178][ T5934] ====================================================== [ 109.515415][ T5934] WARNING: possible circular locking dependency detected [ 109.522800][ T5934] 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 Not tainted [ 109.529576][ T5934] ------------------------------------------------------ [ 109.536861][ T5934] syz.0.16/5934 is trying to acquire lock: [ 109.542759][ T5934] ffff888143b467b0 (&q->elevator_lock){+.+.}-{4:4}, at: elevator_change+0x103/0x400 [ 109.552705][ T5934] [ 109.552705][ T5934] but task is already holding lock: [ 109.560172][ T5934] ffff888143b46278 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 109.572145][ T5934] [ 109.572145][ T5934] which lock already depends on the new lock. [ 109.572145][ T5934] [ 109.583527][ T5934] [ 109.583527][ T5934] the existing dependency chain (in reverse order) is: [ 109.593165][ T5934] [ 109.593165][ T5934] -> #3 (&q->q_usage_counter(io)#55){++++}-{0:0}: [ 109.602269][ T5934] blk_alloc_queue+0x619/0x760 [ 109.607855][ T5934] blk_mq_alloc_queue+0x175/0x290 [ 109.613507][ T5934] __blk_mq_alloc_disk+0x29/0x120 [ 109.619258][ T5934] nbd_dev_add+0x4a0/0xbc0 [ 109.624336][ T5934] nbd_init+0x181/0x320 [ 109.629181][ T5934] do_one_initcall+0x120/0x6e0 [ 109.634771][ T5934] kernel_init_freeable+0x5c2/0x900 [ 109.640596][ T5934] kernel_init+0x1c/0x2b0 [ 109.645483][ T5934] ret_from_fork+0x5d7/0x6f0 [ 109.650612][ T5934] ret_from_fork_asm+0x1a/0x30 [ 109.656096][ T5934] [ 109.656096][ T5934] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 109.663608][ T5934] fs_reclaim_acquire+0x102/0x150 [ 109.669917][ T5934] prepare_alloc_pages+0x162/0x610 [ 109.676266][ T5934] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 109.682985][ T5934] __alloc_pages_noprof+0xb/0x1b0 [ 109.688792][ T5934] pcpu_populate_chunk+0x110/0xb00 [ 109.694550][ T5934] pcpu_alloc_noprof+0x86a/0x1470 [ 109.700136][ T5934] xt_percpu_counter_alloc+0x13e/0x1b0 [ 109.706234][ T5934] find_check_entry.constprop.0+0xbc/0x9b0 [ 109.712615][ T5934] translate_table+0xc98/0x1720 [ 109.718386][ T5934] ipt_register_table+0x102/0x430 [ 109.724272][ T5934] iptable_mangle_table_init+0x40/0x60 [ 109.730755][ T5934] xt_find_table_lock+0x2e1/0x520 [ 109.736423][ T5934] xt_request_find_table_lock+0x28/0xf0 [ 109.742961][ T5934] get_info+0x190/0x610 [ 109.747885][ T5934] do_ipt_get_ctl+0x169/0xa10 [ 109.753752][ T5934] nf_getsockopt+0x7c/0xe0 [ 109.759274][ T5934] ip_getsockopt+0x18c/0x1e0 [ 109.764974][ T5934] tcp_getsockopt+0xa1/0x100 [ 109.770296][ T5934] do_sock_getsockopt+0x3fc/0x800 [ 109.775906][ T5934] __sys_getsockopt+0x123/0x1b0 [ 109.781497][ T5934] __x64_sys_getsockopt+0xbd/0x160 [ 109.787508][ T5934] do_syscall_64+0xcd/0x490 [ 109.792831][ T5934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.799991][ T5934] [ 109.799991][ T5934] -> #1 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 109.808036][ T5934] __mutex_lock+0x199/0xb90 [ 109.813430][ T5934] pcpu_alloc_noprof+0xb4c/0x1470 [ 109.819303][ T5934] sbitmap_init_node+0x2fd/0x770 [ 109.825216][ T5934] sbitmap_queue_init_node+0x41/0x560 [ 109.831222][ T5934] blk_mq_init_tags+0x12d/0x2b0 [ 109.836798][ T5934] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 109.842962][ T5934] blk_mq_init_sched+0x30c/0x610 [ 109.849339][ T5934] elevator_switch+0x1e1/0x7f0 [ 109.854926][ T5934] elevator_change+0x2ac/0x400 [ 109.861151][ T5934] elevator_set_default+0x292/0x320 [ 109.867089][ T5934] blk_register_queue+0x393/0x4f0 [ 109.872989][ T5934] __add_disk+0x74a/0xf00 [ 109.879013][ T5934] add_disk_fwnode+0x13f/0x5d0 [ 109.884332][ T5934] nbd_dev_add+0x791/0xbc0 [ 109.889395][ T5934] nbd_init+0x181/0x320 [ 109.894337][ T5934] do_one_initcall+0x120/0x6e0 [ 109.899765][ T5934] kernel_init_freeable+0x5c2/0x900 [ 109.905686][ T5934] kernel_init+0x1c/0x2b0 [ 109.910720][ T5934] ret_from_fork+0x5d7/0x6f0 [ 109.916321][ T5934] ret_from_fork_asm+0x1a/0x30 [ 109.921749][ T5934] [ 109.921749][ T5934] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 109.929712][ T5934] __lock_acquire+0x126f/0x1c90 [ 109.935272][ T5934] lock_acquire+0x179/0x350 [ 109.940509][ T5934] __mutex_lock+0x199/0xb90 [ 109.945985][ T5934] elevator_change+0x103/0x400 [ 109.951741][ T5934] elv_iosched_store+0x2eb/0x3a0 [ 109.957297][ T5934] queue_attr_store+0x279/0x320 [ 109.962696][ T5934] sysfs_kf_write+0xef/0x150 [ 109.967932][ T5934] kernfs_fop_write_iter+0x351/0x510 [ 109.973835][ T5934] vfs_write+0x6c7/0x1150 [ 109.979001][ T5934] ksys_write+0x12a/0x250 [ 109.984067][ T5934] do_syscall_64+0xcd/0x490 [ 109.989648][ T5934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.996344][ T5934] [ 109.996344][ T5934] other info that might help us debug this: [ 109.996344][ T5934] [ 110.007159][ T5934] Chain exists of: [ 110.007159][ T5934] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#55 [ 110.007159][ T5934] [ 110.021273][ T5934] Possible unsafe locking scenario: [ 110.021273][ T5934] [ 110.029390][ T5934] CPU0 CPU1 [ 110.034947][ T5934] ---- ---- [ 110.040497][ T5934] lock(&q->q_usage_counter(io)#55); [ 110.046542][ T5934] lock(fs_reclaim); [ 110.053681][ T5934] lock(&q->q_usage_counter(io)#55); [ 110.061865][ T5934] lock(&q->elevator_lock); [ 110.066742][ T5934] [ 110.066742][ T5934] *** DEADLOCK *** [ 110.066742][ T5934] [ 110.075178][ T5934] 7 locks held by syz.0.16/5934: [ 110.080308][ T5934] #0: ffff888068dd47f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 110.089614][ T5934] #1: ffff8880246b2428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 110.099075][ T5934] #2: ffff88802761ac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 110.109259][ T5934] #3: ffff88814375a3c8 (kn->active#60){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 110.119734][ T5934] #4: ffff8880260fd988 (&set->update_nr_hwq_lock){.+.+}-{4:4}, at: elv_iosched_store+0x337/0x3a0 [ 110.130683][ T5934] #5: ffff888143b46278 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 110.142521][ T5934] #6: ffff888143b462b0 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 110.155026][ T5934] [ 110.155026][ T5934] stack backtrace: [ 110.161030][ T5934] CPU: 0 UID: 0 PID: 5934 Comm: syz.0.16 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 110.161056][ T5934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.161066][ T5934] Call Trace: [ 110.161074][ T5934] [ 110.161081][ T5934] dump_stack_lvl+0x116/0x1f0 [ 110.161115][ T5934] print_circular_bug+0x275/0x350 [ 110.161140][ T5934] check_noncircular+0x14c/0x170 [ 110.161165][ T5934] __lock_acquire+0x126f/0x1c90 [ 110.161207][ T5934] lock_acquire+0x179/0x350 [ 110.161231][ T5934] ? elevator_change+0x103/0x400 [ 110.161259][ T5934] ? __pfx___might_resched+0x10/0x10 [ 110.161283][ T5934] __mutex_lock+0x199/0xb90 [ 110.161309][ T5934] ? elevator_change+0x103/0x400 [ 110.161349][ T5934] ? elevator_change+0x103/0x400 [ 110.161390][ T5934] ? __pfx___mutex_lock+0x10/0x10 [ 110.161420][ T5934] ? blk_mq_cancel_work_sync+0xd8/0x110 [ 110.161446][ T5934] ? __pfx_blk_mq_cancel_work_sync+0x10/0x10 [ 110.161468][ T5934] ? elevator_change+0x103/0x400 [ 110.161494][ T5934] elevator_change+0x103/0x400 [ 110.161522][ T5934] elv_iosched_store+0x2eb/0x3a0 [ 110.161539][ T5934] ? __pfx_elv_iosched_store+0x10/0x10 [ 110.161570][ T5934] ? __mutex_trylock_common+0xe9/0x250 [ 110.161604][ T5934] ? __pfx_elv_iosched_store+0x10/0x10 [ 110.161633][ T5934] queue_attr_store+0x279/0x320 [ 110.161655][ T5934] ? __pfx_queue_attr_store+0x10/0x10 [ 110.161676][ T5934] ? __lock_acquire+0x622/0x1c90 [ 110.161703][ T5934] ? find_held_lock+0x2b/0x80 [ 110.161720][ T5934] ? sysfs_file_kobj+0xe4/0x290 [ 110.161743][ T5934] ? __pfx_queue_attr_store+0x10/0x10 [ 110.161764][ T5934] sysfs_kf_write+0xef/0x150 [ 110.161786][ T5934] kernfs_fop_write_iter+0x351/0x510 [ 110.161805][ T5934] ? __pfx_sysfs_kf_write+0x10/0x10 [ 110.161827][ T5934] vfs_write+0x6c7/0x1150 [ 110.161854][ T5934] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 110.161874][ T5934] ? __pfx___mutex_lock+0x10/0x10 [ 110.161890][ T5934] ? __pfx_vfs_write+0x10/0x10 [ 110.161921][ T5934] ksys_write+0x12a/0x250 [ 110.161947][ T5934] ? __pfx_ksys_write+0x10/0x10 [ 110.161976][ T5934] do_syscall_64+0xcd/0x490 [ 110.161994][ T5934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.162014][ T5934] RIP: 0033:0x7ff55878e969 [ 110.162029][ T5934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.162046][ T5934] RSP: 002b:00007ff5595d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.162063][ T5934] RAX: ffffffffffffffda RBX: 00007ff5589b5fa0 RCX: 00007ff55878e969 [ 110.162075][ T5934] RDX: 0000000000000008 RSI: 0000200000000000 RDI: 0000000000000003 [ 110.162085][ T5934] RBP: 00007ff558810ab1 R08: 0000000000000000 R09: 0000000000000000 [ 110.162096][ T5934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.162106][ T5934] R13: 0000000000000000 R14: 00007ff5589b5fa0 R15: 00007ffca61ea838 [ 110.162121][ T5934]