last executing test programs: 2.901453762s ago: executing program 0 (id=161): futex_waitv(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), 0x0) 2.901072748s ago: executing program 0 (id=163): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/member', 0x2, 0x0) 2.892044848s ago: executing program 0 (id=168): memfd_secret(0x0) 2.836737162s ago: executing program 0 (id=174): mq_timedsend(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 2.83667467s ago: executing program 0 (id=175): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l/by-path/platform-soc@0:qcom_cam-req-mgr-video-index0', 0x2, 0x0) 2.818376538s ago: executing program 0 (id=179): pause() 2.693060616s ago: executing program 3 (id=192): uselib(0x0) 2.692348148s ago: executing program 3 (id=196): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tlk_device', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tlk_device', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tlk_device', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tlk_device', 0x800, 0x0) 2.642125306s ago: executing program 3 (id=198): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xa, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xa, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xa, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xa, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x14, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x14, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x14, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x14, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1e, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1e, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1e, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1e, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x28, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x28, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x28, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x28, 0x800) 2.585489764s ago: executing program 3 (id=203): sendfile64(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 2.585040534s ago: executing program 3 (id=207): syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sg(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$sg(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$sg(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$sg(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$sg(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$sg(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$sg(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$sg(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$sg(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$sg(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$sg(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$sg(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$sg(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$sg(&(0x7f0000000500), 0x4, 0x800) 2.584963673s ago: executing program 2 (id=208): sched_setaffinity(0x0, 0x0, &(0x7f0000000000)) 2.57750728s ago: executing program 2 (id=210): utimes(&(0x7f0000000000), &(0x7f0000000000)) 2.576050262s ago: executing program 1 (id=211): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom', 0x800, 0x0) 2.509362863s ago: executing program 3 (id=215): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools', 0x1, 0x0) 1.922456384s ago: executing program 2 (id=213): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.906138522s ago: executing program 1 (id=214): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.211431199s ago: executing program 2 (id=219): pwrite64(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 1.187769583s ago: executing program 2 (id=221): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/pmem0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pmem0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/pmem0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/pmem0', 0x800, 0x0) 658.548856ms ago: executing program 1 (id=220): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 546.224264ms ago: executing program 2 (id=222): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 250.405643ms ago: executing program 4 (id=228): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/yama/ptrace_scope', 0x2, 0x0) 211.711518ms ago: executing program 4 (id=229): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot', 0x800, 0x0) 129.322159ms ago: executing program 4 (id=230): syz_open_dev$sndpcmc(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2b, 0x800) 118.50059ms ago: executing program 1 (id=224): timerfd_create(0x0, 0x0) 95.804456ms ago: executing program 4 (id=231): syz_open_dev$sndhw(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2b, 0x800) 95.654774ms ago: executing program 5 (id=225): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/init_regions', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/init_regions', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/init_regions', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/init_regions', 0x800, 0x0) 29.418759ms ago: executing program 5 (id=232): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2c, 0x800) 29.274972ms ago: executing program 4 (id=233): syz_open_dev$sndmidi(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x2b, 0x800) 29.201854ms ago: executing program 1 (id=234): syz_open_dev$usbfs(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x2b, 0x800) 29.051429ms ago: executing program 5 (id=235): syz_open_dev$sndpcmc(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2c, 0x800) 7.544633ms ago: executing program 4 (id=236): syz_open_dev$sndhw(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2c, 0x800) 6.031224ms ago: executing program 1 (id=237): syz_open_dev$sndmidi(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x2c, 0x800) 0s ago: executing program 5 (id=238): syz_open_dev$usbfs(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x2c, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.53' (ED25519) to the list of known hosts. [ 60.174163][ T5818] cgroup: Unknown subsys name 'net' [ 60.291022][ T5818] cgroup: Unknown subsys name 'cpuset' [ 60.299112][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 61.653103][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 63.971929][ T5891] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 64.129031][ T5913] mmap: syz.2.73 (5913) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 64.383825][ T5951] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.574172][ T6061] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.663676][ T6062] chnl_net:caif_netlink_parms(): no params data found [ 65.951474][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.963322][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.090541][ T6062] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.098874][ T6062] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.106232][ T6062] bridge_slave_0: entered allmulticast mode [ 66.113486][ T6062] bridge_slave_0: entered promiscuous mode [ 66.184041][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.202564][ T6062] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.221778][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.230093][ T6062] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.249450][ T6062] bridge_slave_1: entered allmulticast mode [ 66.288600][ T6062] bridge_slave_1: entered promiscuous mode [ 66.812403][ T6062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.844901][ T6062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.023133][ T6062] team0: Port device team_slave_0 added [ 67.038938][ T6062] team0: Port device team_slave_1 added [ 67.118676][ T6062] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.125670][ T6062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.151618][ C0] vkms_vblank_simulate: vblank timer overrun [ 67.163248][ T6062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.204449][ T6062] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.211616][ T6062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.237479][ C0] vkms_vblank_simulate: vblank timer overrun [ 67.243603][ T6062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.351297][ T6062] hsr_slave_0: entered promiscuous mode [ 67.359456][ T6062] hsr_slave_1: entered promiscuous mode [ 67.731057][ T6062] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 67.745109][ T6062] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 67.852261][ T6062] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 67.870690][ T6062] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 67.965765][ T3529] [ 67.968150][ T3529] ====================================================== [ 67.975175][ T3529] WARNING: possible circular locking dependency detected [ 67.982309][ T3529] 6.13.0-syzkaller-04858-g21266b8df522 #0 Not tainted [ 67.989088][ T3529] ------------------------------------------------------ [ 67.996124][ T3529] kworker/u8:8/3529 is trying to acquire lock: [ 67.997168][ T6062] 8021q: adding VLAN 0 to HW filter on device bond0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 68.002273][ T3529] ffffffff8fcc0d88 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0xac2/0x2030 [ 68.015941][ T6062] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.019326][ T3529] [ 68.019326][ T3529] but task is already holding lock: [ 68.019335][ T3529] ffff888079dc8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 68.019381][ T3529] [ 68.019381][ T3529] which lock already depends on the new lock. [ 68.019381][ T3529] [ 68.019387][ T3529] [ 68.019387][ T3529] the existing dependency chain (in reverse order) is: [ 68.019393][ T3529] [ 68.019393][ T3529] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 68.019414][ T3529] lock_acquire+0x1ed/0x550 [ 68.019433][ T3529] __mutex_lock+0x19c/0x1010 [ 68.019452][ T3529] wiphy_register+0x1a49/0x27b0 [ 68.019470][ T3529] ieee80211_register_hw+0x354e/0x4240 [ 68.019492][ T3529] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 68.019508][ T3529] init_mac80211_hwsim+0x87a/0xb00 [ 68.019523][ T3529] do_one_initcall+0x248/0x870 [ 68.019541][ T3529] do_initcall_level+0x157/0x210 [ 68.019561][ T3529] do_initcalls+0x3f/0x80 [ 68.120802][ T3529] kernel_init_freeable+0x435/0x5d0 [ 68.126526][ T3529] kernel_init+0x1d/0x2b0 [ 68.131365][ T3529] ret_from_fork+0x4b/0x80 [ 68.136293][ T3529] ret_from_fork_asm+0x1a/0x30 [ 68.141564][ T3529] [ 68.141564][ T3529] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 68.148776][ T3529] validate_chain+0x18ef/0x5920 [ 68.154232][ T3529] __lock_acquire+0x1397/0x2100 [ 68.159762][ T3529] lock_acquire+0x1ed/0x550 [ 68.164944][ T3529] __mutex_lock+0x19c/0x1010 [ 68.170049][ T3529] unregister_netdevice_many_notify+0xac2/0x2030 [ 68.176890][ T3529] unregister_netdevice_queue+0x303/0x370 [ 68.183116][ T3529] _cfg80211_unregister_wdev+0x163/0x590 [ 68.189263][ T3529] ieee80211_remove_interfaces+0x4ef/0x700 [ 68.195578][ T3529] ieee80211_unregister_hw+0x5d/0x2c0 [ 68.201475][ T3529] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 68.207528][ T3529] hwsim_exit_net+0x5c1/0x670 [ 68.212725][ T3529] cleanup_net+0x812/0xd60 [ 68.217676][ T3529] process_scheduled_works+0xa66/0x1840 [ 68.223773][ T3529] worker_thread+0x870/0xd30 [ 68.228882][ T3529] kthread+0x7a9/0x920 [ 68.233465][ T3529] ret_from_fork+0x4b/0x80 [ 68.238404][ T3529] ret_from_fork_asm+0x1a/0x30 [ 68.243677][ T3529] [ 68.243677][ T3529] other info that might help us debug this: [ 68.243677][ T3529] [ 68.253899][ T3529] Possible unsafe locking scenario: [ 68.253899][ T3529] [ 68.261340][ T3529] CPU0 CPU1 [ 68.266688][ T3529] ---- ---- [ 68.272050][ T3529] lock(&rdev->wiphy.mtx); [ 68.276551][ T3529] lock(rtnl_mutex); [ 68.283046][ T3529] lock(&rdev->wiphy.mtx); [ 68.290071][ T3529] lock(rtnl_mutex); [ 68.294042][ T3529] [ 68.294042][ T3529] *** DEADLOCK *** [ 68.294042][ T3529] [ 68.302170][ T3529] 4 locks held by kworker/u8:8/3529: [ 68.307790][ T3529] #0: ffff88801baf5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 68.318859][ T3529] #1: ffffc9000cbe7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 68.329411][ T3529] #2: ffffffff8fcb47d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 68.338809][ T3529] #3: ffff888079dc8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x129/0x700 [ 68.349607][ T3529] [ 68.349607][ T3529] stack backtrace: [ 68.355779][ T3529] CPU: 0 UID: 0 PID: 3529 Comm: kworker/u8:8 Not tainted 6.13.0-syzkaller-04858-g21266b8df522 #0 [ 68.355794][ T3529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 68.355804][ T3529] Workqueue: netns cleanup_net [ 68.355826][ T3529] Call Trace: [ 68.355833][ T3529] [ 68.355839][ T3529] dump_stack_lvl+0x241/0x360 [ 68.355860][ T3529] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.355877][ T3529] ? __pfx__printk+0x10/0x10 [ 68.355895][ T3529] print_circular_bug+0x13a/0x1b0 [ 68.355914][ T3529] check_noncircular+0x36a/0x4a0 [ 68.355932][ T3529] ? __pfx_check_noncircular+0x10/0x10 [ 68.355949][ T3529] ? lockdep_lock+0x123/0x2b0 [ 68.355965][ T3529] validate_chain+0x18ef/0x5920 [ 68.355989][ T3529] ? __pfx_validate_chain+0x10/0x10 [ 68.356008][ T3529] ? mark_lock+0x9a/0x360 [ 68.356023][ T3529] ? __lock_acquire+0x1397/0x2100 [ 68.356046][ T3529] ? mark_lock+0x9a/0x360 [ 68.356062][ T3529] __lock_acquire+0x1397/0x2100 [ 68.356080][ T3529] lock_acquire+0x1ed/0x550 [ 68.356093][ T3529] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 68.356111][ T3529] ? __pfx_lock_acquire+0x10/0x10 [ 68.356125][ T3529] ? __pfx___might_resched+0x10/0x10 [ 68.356138][ T3529] ? finish_wait+0xd4/0x1e0 [ 68.356153][ T3529] __mutex_lock+0x19c/0x1010 [ 68.356171][ T3529] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 68.356189][ T3529] ? unregister_netdevice_many_notify+0xac2/0x2030 [ 68.356204][ T3529] ? __pfx___mutex_lock+0x10/0x10 [ 68.356220][ T3529] ? __pfx___might_resched+0x10/0x10 [ 68.356233][ T3529] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 68.356248][ T3529] ? unregister_netdevice_many_notify+0x9fa/0x2030 [ 68.356264][ T3529] unregister_netdevice_many_notify+0xac2/0x2030 [ 68.356279][ T3529] ? mark_lock+0x9a/0x360 [ 68.356297][ T3529] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 68.356313][ T3529] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 68.356330][ T3529] ? __pfx_lock_release+0x10/0x10 [ 68.356350][ T3529] unregister_netdevice_queue+0x303/0x370 [ 68.356363][ T3529] ? __pfx_up_write+0x10/0x10 [ 68.356380][ T3529] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 68.356395][ T3529] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 68.356412][ T3529] _cfg80211_unregister_wdev+0x163/0x590 [ 68.356431][ T3529] ieee80211_remove_interfaces+0x4ef/0x700 [ 68.356447][ T3529] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 68.356460][ T3529] ? rcu_is_watching+0x15/0xb0 [ 68.356480][ T3529] ieee80211_unregister_hw+0x5d/0x2c0 [ 68.356499][ T3529] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 68.356516][ T3529] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 68.356529][ T3529] ? __rcu_read_unlock+0xa1/0x110 [ 68.356545][ T3529] hwsim_exit_net+0x5c1/0x670 [ 68.356564][ T3529] ? __pfx_hwsim_exit_net+0x10/0x10 [ 68.356583][ T3529] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 68.356601][ T3529] cleanup_net+0x812/0xd60 [ 68.356620][ T3529] ? __pfx_cleanup_net+0x10/0x10 [ 68.356640][ T3529] ? process_scheduled_works+0x976/0x1840 [ 68.356659][ T3529] process_scheduled_works+0xa66/0x1840 [ 68.356685][ T3529] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.356706][ T3529] ? assign_work+0x364/0x3d0 [ 68.356725][ T3529] worker_thread+0x870/0xd30 [ 68.356740][ T3529] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 68.356756][ T3529] ? __kthread_parkme+0x169/0x1d0 [ 68.356770][ T3529] ? __pfx_worker_thread+0x10/0x10 [ 68.356782][ T3529] kthread+0x7a9/0x920 [ 68.356795][ T3529] ? __pfx_kthread+0x10/0x10 [ 68.356809][ T3529] ? __pfx_worker_thread+0x10/0x10 [ 68.356821][ T3529] ? __pfx_kthread+0x10/0x10 [ 68.356835][ T3529] ? __pfx_kthread+0x10/0x10 [ 68.356849][ T3529] ? __pfx_kthread+0x10/0x10 [ 68.356862][ T3529] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.356876][ T3529] ? lockdep_hardirqs_on+0x99/0x150 [ 68.356893][ T3529] ? __pfx_kthread+0x10/0x10 [ 68.356906][ T3529] ret_from_fork+0x4b/0x80 [ 68.356920][ T3529] ? __pfx_kthread+0x10/0x10 [ 68.356933][ T3529] ret_from_fork_asm+0x1a/0x30 [ 68.356949][ T3529] [ 68.741039][ C0] vkms_vblank_simulate: vblank timer overrun [ 69.979890][ T3529] bridge_slave_1: left allmulticast mode [ 69.985648][ T3529] bridge_slave_1: left promiscuous mode [ 69.991392][ T3529] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.999642][ T3529] bridge_slave_0: left allmulticast mode [ 70.005288][ T3529] bridge_slave_0: left promiscuous mode [ 70.011482][ T3529] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.121589][ T3529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 70.131339][ T3529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 70.141170][ T3529] bond0 (unregistering): Released all slaves [ 70.242429][ T3529] hsr_slave_0: left promiscuous mode [ 70.249209][ T3529] hsr_slave_1: left promiscuous mode [ 70.255156][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 70.264504][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 70.358977][ T3529] team0 (unregistering): Port device team_slave_1 removed [ 70.375523][ T3529] team0 (unregistering): Port device team_slave_0 removed [ 71.778689][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.785008][ T1297] ieee802154 phy1 wpan1: encryption failed: -22