last executing test programs: 2.833022329s ago: executing program 0 (id=258): close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)={0x38, r1, 0x1, 0x703d25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x18, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, @typed={0x8, 0x23, 0x0, 0x0, @uid}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880) 2.56140453s ago: executing program 3 (id=260): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, &(0x7f00000000c0)={0x225c17d03}, 0x0, 0x5) futex$auto(0x0, 0x5, 0x4, 0x0, &(0x7f0000000080)=0x9, 0x4000000) 2.560411239s ago: executing program 0 (id=268): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/gro_flush_timeout\x00', 0x88282, 0x0) write$auto(r0, &(0x7f0000000000)='\x00', 0x4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x200000000000404, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x389803, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2081, 0x0) ioctl$auto_USB_RAW_IOCTL_EP0_STALL(r2, 0x550c, 0x5f) rt_sigaction$auto(0x7, 0x0, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r3 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x4000000) connect$auto(r3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x25, 0x0, 0x90) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xa00c0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x6, 0x4) eventfd$auto(0x5d5d) mq_timedsend$auto(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) mq_getsetattr$auto(r4, 0x0, 0x0) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="01002d"], 0x14}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) 2.326300305s ago: executing program 3 (id=261): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) shmat$auto(0x59, &(0x7f0000000580)='(\x04', 0xfffffffd) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) mq_open$auto(&(0x7f0000000000)='/dev/sequencer2\x00', 0x5, 0x3, 0x0) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="200028bd7000fff2df277d03a5270500190077000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000840)='/proc/sys/vm/dirty_background_ratio\x00', 0x80000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) sendto$auto(0x3, 0x0, 0x18, 0x101, 0x0, 0x1c) openat$auto_proc_projid_map_operations_base(0xffffffffffffff9c, 0x0, 0x101002, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) gettimeofday$auto(&(0x7f0000000040)={0xb1c3, 0x401}, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x800006, 0x7) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/mounts\x00', 0x40800, 0x0) chroot$auto(&(0x7f0000000200)='./file0\x00') ioperm$auto(0x5, 0x9, 0xf) openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x40, 0x10, 0xc}, 0x18) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8e80, 0x0) 2.27193146s ago: executing program 1 (id=262): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffeffb, 0x2, 0x8e0, 0x300, 0x50b301a, 0xe4, 0x2c, 0x1, 0x5}) 1.61620394s ago: executing program 2 (id=264): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x3) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x2, 0x8000) vmsplice$auto(0x1, 0x0, 0xa, 0x6) 1.286272972s ago: executing program 1 (id=265): openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r0, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) 1.071930087s ago: executing program 1 (id=266): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x6f43, 0xffffffffffffffff) 997.242971ms ago: executing program 2 (id=267): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x11, 0x80003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'geneve0\x00', 0x0}) sendto$auto(0x3, 0x0, 0x34, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0xdd86, r1, 0x10}, 0x22) 951.285657ms ago: executing program 3 (id=269): open(&(0x7f0000000000)='./file0\x00', 0xa41c2, 0x84) socket(0x2, 0x801, 0x100) pipe$auto(&(0x7f0000000080)) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) sendfile$auto(0x6, 0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8000, 0x0) 819.940155ms ago: executing program 1 (id=270): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, &(0x7f00000000c0)={0x225c17d03}, 0x0, 0x5) futex$auto(0x0, 0x5, 0x4, 0x0, &(0x7f0000000080)=0x9, 0x4000000) 817.903904ms ago: executing program 0 (id=278): r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x9) getsockopt$auto(r0, 0x84, 0x85, 0x0, 0x0) 732.906163ms ago: executing program 2 (id=271): mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x402, 0x7fffffff) ioperm$auto(0x7, 0x6, 0x10) statfs$auto(0x0, 0x0) 731.848389ms ago: executing program 3 (id=272): rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2b, 0x1, 0x0) ppoll$auto(&(0x7f0000000000)={r0, 0x8, 0x6}, 0x7, 0x0, 0x0, 0x8) sendmmsg$auto(r0, 0x0, 0x1, 0x20000000) connect$auto(0x3, 0x0, 0x55) 591.398905ms ago: executing program 0 (id=273): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto(0x3, 0xae78, 0x38) 590.547105ms ago: executing program 1 (id=274): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mprotect$auto(0x0, 0x806121, 0x6) r0 = socket(0xa, 0x3, 0x3a) close$auto(r0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r0, 0x2, &(0x7f0000000000), 0x0) 555.264641ms ago: executing program 2 (id=275): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) setsockopt$auto(0x3, 0x114, 0x6, 0x0, 0xa0) 419.966732ms ago: executing program 3 (id=276): r0 = socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x2, 0x2, 0x1) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @local}, 0x55) write$auto(r0, &(0x7f0000000000)='*\x00', 0xfd) 343.960747ms ago: executing program 3 (id=277): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/jbd2/sda1-8/info\x00', 0x2, 0x0) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x1, 0x0, 0x8004) 285.588008ms ago: executing program 0 (id=279): mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFC_CMD_STOP_POLL(0xffffffffffffffff, 0x0, 0x4040080) getpeername$auto(0x3, 0x0, 0x0) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b49, r0) 265.741168ms ago: executing program 2 (id=280): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(r0, 0x6f51, 0xffffffffffffffff) 117.450537ms ago: executing program 1 (id=281): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop12/queue/nr_requests\x00', 0x80302, 0x0) mmap$auto(0x0, 0x20007, 0xe6, 0xeb1, 0xffffffffffffffff, 0x0) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x1f40) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write$auto(0x3, 0x0, 0xfdef) 27.874104ms ago: executing program 0 (id=282): mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000) r0 = gettid() process_vm_writev$auto(r0, 0x0, 0x3, 0x0, 0x4, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) 0s ago: executing program 2 (id=283): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) statx$auto(0x2, 0x0, 0x1000, 0xbdfa, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r0, 0x7cb, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.88' (ED25519) to the list of known hosts. [ 89.745806][ T5828] cgroup: Unknown subsys name 'net' [ 89.882786][ T5828] cgroup: Unknown subsys name 'cpuset' [ 89.892122][ T5828] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.673501][ T5828] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.907850][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.916950][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.925995][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.934731][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.942658][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.054019][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 94.062526][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 94.070700][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 94.087643][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 94.095563][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 94.133537][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 94.144124][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 94.152694][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 94.162668][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 94.170953][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 94.179613][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 94.187749][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 94.196711][ T5852] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 94.204565][ T5852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 94.228187][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 94.750822][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 94.792172][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 94.928291][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 95.072495][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 95.084116][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.092219][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.100601][ T5837] bridge_slave_0: entered allmulticast mode [ 95.108525][ T5837] bridge_slave_0: entered promiscuous mode [ 95.160500][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.167714][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.174885][ T5837] bridge_slave_1: entered allmulticast mode [ 95.183442][ T5837] bridge_slave_1: entered promiscuous mode [ 95.196843][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.203987][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.211307][ T5849] bridge_slave_0: entered allmulticast mode [ 95.218908][ T5849] bridge_slave_0: entered promiscuous mode [ 95.227379][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.234598][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.241920][ T5849] bridge_slave_1: entered allmulticast mode [ 95.249295][ T5849] bridge_slave_1: entered promiscuous mode [ 95.389069][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.417689][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.430530][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.457914][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.467277][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.474473][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.482293][ T5843] bridge_slave_0: entered allmulticast mode [ 95.489817][ T5843] bridge_slave_0: entered promiscuous mode [ 95.498692][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.505854][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.513635][ T5843] bridge_slave_1: entered allmulticast mode [ 95.522125][ T5843] bridge_slave_1: entered promiscuous mode [ 95.559124][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.566484][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.573687][ T5845] bridge_slave_0: entered allmulticast mode [ 95.581317][ T5845] bridge_slave_0: entered promiscuous mode [ 95.620585][ T5837] team0: Port device team_slave_0 added [ 95.653917][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.661270][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.668915][ T5845] bridge_slave_1: entered allmulticast mode [ 95.676979][ T5845] bridge_slave_1: entered promiscuous mode [ 95.685944][ T5837] team0: Port device team_slave_1 added [ 95.712749][ T5849] team0: Port device team_slave_0 added [ 95.786030][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.799671][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.810790][ T5849] team0: Port device team_slave_1 added [ 95.834852][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.845055][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.852273][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.878502][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.918677][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.925677][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.951824][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.966989][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.980682][ T5840] Bluetooth: hci0: command tx timeout [ 95.985479][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.993551][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.019965][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.031990][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.039305][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.066574][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.123270][ T5843] team0: Port device team_slave_0 added [ 96.137043][ T5840] Bluetooth: hci1: command tx timeout [ 96.156146][ T5845] team0: Port device team_slave_0 added [ 96.167362][ T5843] team0: Port device team_slave_1 added [ 96.177339][ T5845] team0: Port device team_slave_1 added [ 96.266215][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.273395][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.297292][ T5152] Bluetooth: hci3: command tx timeout [ 96.301534][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.305113][ T5840] Bluetooth: hci2: command tx timeout [ 96.351646][ T5849] hsr_slave_0: entered promiscuous mode [ 96.359705][ T5849] hsr_slave_1: entered promiscuous mode [ 96.367687][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.374677][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.401760][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.420425][ T5837] hsr_slave_0: entered promiscuous mode [ 96.427644][ T5837] hsr_slave_1: entered promiscuous mode [ 96.433845][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.441685][ T5837] Cannot create hsr debugfs directory [ 96.448202][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.455183][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.481729][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.494476][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.501887][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.528142][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.677819][ T5845] hsr_slave_0: entered promiscuous mode [ 96.684307][ T5845] hsr_slave_1: entered promiscuous mode [ 96.691416][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.700359][ T5845] Cannot create hsr debugfs directory [ 96.785647][ T5843] hsr_slave_0: entered promiscuous mode [ 96.792418][ T5843] hsr_slave_1: entered promiscuous mode [ 96.798870][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.806934][ T5843] Cannot create hsr debugfs directory [ 97.098631][ T24] cfg80211: failed to load regulatory.db [ 97.222581][ T5849] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.245163][ T5849] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.257555][ T5849] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 97.286883][ T5849] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 97.338193][ T5837] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.361319][ T5837] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.395715][ T5837] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.420147][ T5837] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.481147][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.493378][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.520758][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.535479][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.655531][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 97.667978][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 97.704300][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 97.715870][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.790943][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.859333][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.875858][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.932362][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.939842][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.982419][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.989651][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.002327][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.060643][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.067879][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.070827][ T5840] Bluetooth: hci0: command tx timeout [ 98.086151][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.093339][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.118480][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.191648][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.202747][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.229035][ T5840] Bluetooth: hci1: command tx timeout [ 98.260378][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.267736][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.322482][ T1339] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.329736][ T1339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.369310][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.376575][ T5840] Bluetooth: hci2: command tx timeout [ 98.377432][ T5152] Bluetooth: hci3: command tx timeout [ 98.432375][ T1339] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.439640][ T1339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.464113][ T1339] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.471360][ T1339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.635571][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.766147][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.890286][ T5849] veth0_vlan: entered promiscuous mode [ 98.924139][ T5849] veth1_vlan: entered promiscuous mode [ 98.995191][ T5837] veth0_vlan: entered promiscuous mode [ 99.035942][ T5837] veth1_vlan: entered promiscuous mode [ 99.058595][ T5849] veth0_macvtap: entered promiscuous mode [ 99.081538][ T5849] veth1_macvtap: entered promiscuous mode [ 99.125650][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.149978][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.172446][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.199769][ T5837] veth0_macvtap: entered promiscuous mode [ 99.210632][ T5849] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.221295][ T5849] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.230451][ T5849] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.239668][ T5849] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.260751][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.269795][ T5837] veth1_macvtap: entered promiscuous mode [ 99.318896][ T5845] veth0_vlan: entered promiscuous mode [ 99.332964][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.350705][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.362765][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.393403][ T5845] veth1_vlan: entered promiscuous mode [ 99.407982][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.420357][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.432177][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.468703][ T5837] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.477705][ T5837] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.487528][ T5837] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.497187][ T5837] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.599193][ T5843] veth0_vlan: entered promiscuous mode [ 99.644088][ T5845] veth0_macvtap: entered promiscuous mode [ 99.683928][ T5845] veth1_macvtap: entered promiscuous mode [ 99.688662][ T1339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.697652][ T5843] veth1_vlan: entered promiscuous mode [ 99.720210][ T1339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.743319][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.755685][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.769439][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.781966][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.793884][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.804396][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.816195][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.847550][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.858834][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.869431][ T5845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.880287][ T5845] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.891740][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.932345][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.939471][ T5843] veth0_macvtap: entered promiscuous mode [ 99.946034][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.953128][ T5845] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.963311][ T5845] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.973246][ T5845] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.982702][ T5845] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.020405][ T5843] veth1_macvtap: entered promiscuous mode [ 100.040642][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.074354][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.137875][ T5152] Bluetooth: hci0: command tx timeout [ 100.190723][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.216340][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.226203][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.242847][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.252770][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 100.263424][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.275289][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.299273][ T5152] Bluetooth: hci1: command tx timeout [ 100.307621][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.318314][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.329819][ T5849] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 100.332328][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.358881][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.369527][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.381160][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.391088][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 100.403258][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 100.415180][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.446725][ T5843] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.455519][ T5843] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.466035][ T5152] Bluetooth: hci3: command tx timeout [ 100.471685][ T5152] Bluetooth: hci2: command tx timeout [ 100.478144][ T5843] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.487374][ T5843] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.595733][ T737] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.630765][ T737] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.797708][ T737] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.805676][ T737] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.969137][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.995761][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.219474][ T5840] Bluetooth: hci0: command tx timeout [ 102.376414][ T5840] Bluetooth: hci1: command tx timeout [ 102.537257][ T5840] Bluetooth: hci3: command tx timeout [ 102.538181][ T5152] Bluetooth: hci2: command tx timeout [ 102.603780][ T5949] zswap: compressor not available [ 103.133533][ T5960] capability: warning: `syz.1.25' uses 32-bit capabilities (legacy support in use) [ 103.709894][ T5971] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input5 [ 104.025745][ T5974] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6 [ 104.304810][ T5984] FAULT_INJECTION: forcing a failure. [ 104.304810][ T5984] name failslab, interval 1, probability 0, space 0, times 1 [ 104.344811][ T5984] CPU: 1 UID: 0 PID: 5984 Comm: syz.2.33 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) [ 104.344858][ T5984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 104.344882][ T5984] Call Trace: [ 104.344893][ T5984] [ 104.344910][ T5984] dump_stack_lvl+0x16c/0x1f0 [ 104.344964][ T5984] should_fail_ex+0x512/0x640 [ 104.345001][ T5984] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 104.345052][ T5984] should_failslab+0xc2/0x120 [ 104.345085][ T5984] __kmalloc_cache_noprof+0x6a/0x3e0 [ 104.345130][ T5984] ? getname_flags.part.0+0x288/0x540 [ 104.345182][ T5984] getname_flags.part.0+0x288/0x540 [ 104.345224][ T5984] getname_flags+0x93/0xf0 [ 104.345269][ T5984] do_sys_openat2+0xb8/0x1d0 [ 104.345304][ T5984] ? __pfx_do_sys_openat2+0x10/0x10 [ 104.345355][ T5984] __x64_sys_open+0x153/0x1e0 [ 104.345391][ T5984] ? __pfx___x64_sys_open+0x10/0x10 [ 104.345435][ T5984] ? rcu_is_watching+0x12/0xc0 [ 104.345479][ T5984] do_syscall_64+0xcd/0x260 [ 104.345528][ T5984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.345560][ T5984] RIP: 0033:0x7ff66018d169 [ 104.345585][ T5984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.345616][ T5984] RSP: 002b:00007ff65dff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 104.345646][ T5984] RAX: ffffffffffffffda RBX: 00007ff6603a5fa0 RCX: 00007ff66018d169 [ 104.345667][ T5984] RDX: 00000000000000d1 RSI: 0000000000103040 RDI: 0000200000000380 [ 104.345687][ T5984] RBP: 00007ff66020e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 104.345707][ T5984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.345725][ T5984] R13: 0000000000000000 R14: 00007ff6603a5fa0 R15: 00007fff43952498 [ 104.345771][ T5984] [ 105.917139][ T30] audit: type=1326 audit(1743744931.714:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6017 comm="syz.1.48" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f24b678d169 code=0x0 [ 106.402056][ T6037] netlink: 346 bytes leftover after parsing attributes in process `syz.3.56'. [ 106.418903][ T6037] Zero length message leads to an empty skb [ 106.915977][ T6049] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 107.553060][ T6069] CIFS: VFS: Unsupported security flags: 0x200 [ 108.999236][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 110.406874][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.432889][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 110.486810][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.638680][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 110.648206][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 111.079384][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.097175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.137132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.146029][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.250450][ T6169] PM: Enabling pm_trace changes system date and time during resume. [ 111.250450][ T6169] PM: Correct system time has to be restored manually after resume. [ 114.541616][ T6257] mmap: syz.1.142 (6257) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 117.197075][ T6323] Loading of unsigned module is rejected [ 117.562313][ T6335] sd 0:0:1:0: PR command failed: 1026 [ 117.585220][ T6335] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 117.618372][ T6335] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 119.465782][ T6388] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 122.304423][ T6470] netlink: 4 bytes leftover after parsing attributes in process `syz.0.220'. [ 122.748325][ T6478] ima: policy update failed [ 122.756540][ T30] audit: type=1802 audit(1743744948.554:3): pid=6478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm=20 res=0 errno=0 [ 124.217813][ T6510] x86/mm: Checked W+X mappings: passed, no W+X pages found. syzkaller syzkaller login: [ 124.914099][ T6535] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input7 [ 126.768405][ T6573] nbd: socks must be embedded in a SOCK_ITEM attr [ 126.813408][ T6573] block nbd0: shutting down sockets [ 129.486698][ T6640] [ 129.489265][ T6640] ====================================================== [ 129.496332][ T6640] WARNING: possible circular locking dependency detected [ 129.503383][ T6640] 6.14.0-syzkaller-13183-g06a22366d6a1 #0 Not tainted [ 129.510190][ T6640] ------------------------------------------------------ [ 129.517257][ T6640] syz.1.281/6640 is trying to acquire lock: [ 129.523179][ T6640] ffff888025e59958 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 129.533081][ T6640] [ 129.533081][ T6640] but task is already holding lock: [ 129.540468][ T6640] ffff888025e59428 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 129.551751][ T6640] [ 129.551751][ T6640] which lock already depends on the new lock. [ 129.551751][ T6640] [ 129.562170][ T6640] [ 129.562170][ T6640] the existing dependency chain (in reverse order) is: [ 129.571211][ T6640] [ 129.571211][ T6640] -> #2 (&q->q_usage_counter(io)#29){++++}-{0:0}: [ 129.579900][ T6640] blk_alloc_queue+0x619/0x760 [ 129.585219][ T6640] blk_mq_alloc_queue+0x179/0x290 [ 129.590835][ T6640] __blk_mq_alloc_disk+0x29/0x120 [ 129.596436][ T6640] loop_add+0x496/0xb70 [ 129.601154][ T6640] loop_init+0x164/0x270 [ 129.605948][ T6640] do_one_initcall+0x120/0x6e0 [ 129.611274][ T6640] kernel_init_freeable+0x5c2/0x900 [ 129.617031][ T6640] kernel_init+0x1c/0x2b0 [ 129.621899][ T6640] ret_from_fork+0x45/0x80 [ 129.626859][ T6640] ret_from_fork_asm+0x1a/0x30 [ 129.632203][ T6640] [ 129.632203][ T6640] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 129.639449][ T6640] fs_reclaim_acquire+0x102/0x150 [ 129.645047][ T6640] kmem_cache_alloc_noprof+0x53/0x3b0 [ 129.650984][ T6640] __kernfs_new_node+0xd2/0x8a0 [ 129.656396][ T6640] kernfs_new_node+0x13c/0x1e0 [ 129.661705][ T6640] kernfs_create_dir_ns+0x4c/0x1a0 [ 129.667383][ T6640] sysfs_create_dir_ns+0x13a/0x2b0 [ 129.673068][ T6640] kobject_add_internal+0x2c4/0x9b0 [ 129.678826][ T6640] kobject_add+0x16e/0x240 [ 129.683816][ T6640] elv_register_queue+0xd3/0x2a0 [ 129.693143][ T6640] blk_register_queue+0x37e/0x500 [ 129.698741][ T6640] add_disk_fwnode+0x911/0x13a0 [ 129.704157][ T6640] nbd_dev_add+0x78e/0xbb0 [ 129.709129][ T6640] nbd_init+0x181/0x320 [ 129.713826][ T6640] do_one_initcall+0x120/0x6e0 [ 129.719166][ T6640] kernel_init_freeable+0x5c2/0x900 [ 129.724932][ T6640] kernel_init+0x1c/0x2b0 [ 129.729818][ T6640] ret_from_fork+0x45/0x80 [ 129.734779][ T6640] ret_from_fork_asm+0x1a/0x30 [ 129.740145][ T6640] [ 129.740145][ T6640] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 129.748003][ T6640] __lock_acquire+0x1173/0x1ba0 [ 129.753423][ T6640] lock_acquire+0x179/0x350 [ 129.758649][ T6640] __mutex_lock+0x199/0xb90 [ 129.763714][ T6640] queue_requests_store+0x1c7/0x310 [ 129.769470][ T6640] queue_attr_store+0x270/0x310 [ 129.774871][ T6640] sysfs_kf_write+0xef/0x150 [ 129.780275][ T6640] kernfs_fop_write_iter+0x351/0x510 [ 129.786142][ T6640] vfs_write+0x5ba/0x1180 [ 129.791031][ T6640] ksys_write+0x12a/0x240 [ 129.795917][ T6640] do_syscall_64+0xcd/0x260 [ 129.800988][ T6640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.807424][ T6640] [ 129.807424][ T6640] other info that might help us debug this: [ 129.807424][ T6640] [ 129.817686][ T6640] Chain exists of: [ 129.817686][ T6640] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#29 [ 129.817686][ T6640] [ 129.831465][ T6640] Possible unsafe locking scenario: [ 129.831465][ T6640] [ 129.838937][ T6640] CPU0 CPU1 [ 129.844306][ T6640] ---- ---- [ 129.849685][ T6640] lock(&q->q_usage_counter(io)#29); [ 129.855356][ T6640] lock(fs_reclaim); [ 129.861879][ T6640] lock(&q->q_usage_counter(io)#29); [ 129.869802][ T6640] lock(&q->elevator_lock); [ 129.874431][ T6640] [ 129.874431][ T6640] *** DEADLOCK *** [ 129.874431][ T6640] [ 129.882763][ T6640] 6 locks held by syz.1.281/6640: [ 129.887794][ T6640] #0: ffff88803493ed38 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 129.896912][ T6640] #1: ffff88802ff98420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 129.905943][ T6640] #2: ffff88802591e888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 129.915742][ T6640] #3: ffff888025f49788 (kn->active#78){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 129.925803][ T6640] #4: ffff888025e59428 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 129.937518][ T6640] #5: ffff888025e59460 (&q->q_usage_counter(queue)#21){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 129.949579][ T6640] [ 129.949579][ T6640] stack backtrace: [ 129.955477][ T6640] CPU: 0 UID: 0 PID: 6640 Comm: syz.1.281 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) [ 129.955511][ T6640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 129.955526][ T6640] Call Trace: [ 129.955536][ T6640] [ 129.955546][ T6640] dump_stack_lvl+0x116/0x1f0 [ 129.955584][ T6640] print_circular_bug+0x275/0x350 [ 129.955627][ T6640] check_noncircular+0x14c/0x170 [ 129.955671][ T6640] __lock_acquire+0x1173/0x1ba0 [ 129.955700][ T6640] lock_acquire+0x179/0x350 [ 129.955722][ T6640] ? queue_requests_store+0x1c7/0x310 [ 129.955759][ T6640] ? __pfx___might_resched+0x10/0x10 [ 129.955796][ T6640] ? do_raw_spin_lock+0x12c/0x2b0 [ 129.955826][ T6640] __mutex_lock+0x199/0xb90 [ 129.955862][ T6640] ? queue_requests_store+0x1c7/0x310 [ 129.955898][ T6640] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 129.955930][ T6640] ? queue_requests_store+0x1c7/0x310 [ 129.955963][ T6640] ? lockdep_hardirqs_on+0x7c/0x110 [ 129.955997][ T6640] ? __pfx___mutex_lock+0x10/0x10 [ 129.956036][ T6640] ? __pfx_autoremove_wake_function+0x10/0x10 [ 129.956081][ T6640] ? queue_requests_store+0x1c7/0x310 [ 129.956116][ T6640] queue_requests_store+0x1c7/0x310 [ 129.956152][ T6640] ? __pfx_queue_requests_store+0x10/0x10 [ 129.956190][ T6640] ? __mutex_trylock_common+0xe9/0x250 [ 129.956215][ T6640] ? __pfx_queue_requests_store+0x10/0x10 [ 129.956251][ T6640] queue_attr_store+0x270/0x310 [ 129.956288][ T6640] ? __pfx_queue_attr_store+0x10/0x10 [ 129.956334][ T6640] ? find_held_lock+0x2b/0x80 [ 129.956366][ T6640] ? sysfs_file_kobj+0xe4/0x290 [ 129.956403][ T6640] ? __pfx_queue_attr_store+0x10/0x10 [ 129.956436][ T6640] sysfs_kf_write+0xef/0x150 [ 129.956472][ T6640] kernfs_fop_write_iter+0x351/0x510 [ 129.956504][ T6640] ? __pfx_sysfs_kf_write+0x10/0x10 [ 129.956541][ T6640] vfs_write+0x5ba/0x1180 [ 129.956577][ T6640] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 129.956611][ T6640] ? __pfx___mutex_lock+0x10/0x10 [ 129.956646][ T6640] ? __pfx_vfs_write+0x10/0x10 [ 129.956691][ T6640] ksys_write+0x12a/0x240 [ 129.956725][ T6640] ? __pfx_ksys_write+0x10/0x10 [ 129.956760][ T6640] ? rcu_is_watching+0x12/0xc0 [ 129.956796][ T6640] do_syscall_64+0xcd/0x260 [ 129.956833][ T6640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.956860][ T6640] RIP: 0033:0x7f24b678d169 [ 129.956880][ T6640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.956910][ T6640] RSP: 002b:00007f24b7678038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 129.956934][ T6640] RAX: ffffffffffffffda RBX: 00007f24b69a5fa0 RCX: 00007f24b678d169 [ 129.956950][ T6640] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 129.956965][ T6640] RBP: 00007f24b680e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 129.956981][ T6640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.956996][ T6640] R13: 0000000000000000 R14: 00007f24b69a5fa0 R15: 00007ffc8fd14a78 [ 129.957020][ T6640] [ 138.058777][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.065108][ T1301] ieee802154 phy1 wpan1: encryption failed: -22