last executing test programs: 2.507842165s ago: executing program 2 (id=293): set_mempolicy$auto(0x6, 0x0, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129a00, 0x0) ioctl$auto(r1, 0x900064b5, 0xc14) r2 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/environ\x00', 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0xa2180, 0x0) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x403c6f2b, 0x0) read$auto_proc_environ_operations_base(r2, 0x0, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r4 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x28a800, 0x0) ioctl$auto_UBI_IOCATT(r4, 0x40186f40, &(0x7f0000000140)={0x8000, 0x1, 0xfffdfffe, 0x8, 0x0, 0xb}) writev$auto(0xffffffffffffffff, 0x0, 0x4) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='./cgroup/cpu.stat\x00', 0x1c1800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000080)=""/64, 0x40) 2.047191192s ago: executing program 2 (id=299): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) io_uring_setup$auto(0x48, 0x0) keyctl$auto(0xa, 0x3, 0x0, 0x802000, 0xe) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.14/usb37/bConfigurationValue\x00', 0x0, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) socket$nl_generic(0x10, 0x3, 0x10) 1.679713491s ago: executing program 1 (id=303): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) 1.652470089s ago: executing program 2 (id=304): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) 1.553532322s ago: executing program 1 (id=305): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop12/queue/wbt_lat_usec\x00', 0x102, 0x0) sendfile$auto(r0, r0, 0x0, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/scsi/drivers/st/debug_flag\x00', 0x501, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = memfd_create$auto(0x0, 0x4) r2 = socket(0x11, 0x2, 0x3a) statx$auto(r1, 0x0, 0x1000, 0xbdfc, 0x0) setsockopt$auto(r2, 0x29, 0x14, 0x0, 0x56b) setsockopt$auto(r2, 0x29, 0x14, 0x0, 0x10052b) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8080, 0x0) ioctl$auto_LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4044820) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x8, 0x4000000000df, 0x44eb2, 0x6, 0x102) madvise$auto(0x0, 0x20000a, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) write$auto(0x3, 0x0, 0xfdef) 1.501725204s ago: executing program 3 (id=306): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.14/usb37/bConfigurationValue\x00', 0x0, 0x0) 1.364578937s ago: executing program 2 (id=308): set_mempolicy$auto(0x6, 0x0, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x10000, 0xde, 0x11, r0, 0x28000) madvise$auto(0x0, 0x2000040080000004, 0xe) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129a00, 0x0) ioctl$auto(r1, 0x900064b5, 0xc14) r2 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/environ\x00', 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0xa2180, 0x0) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x403c6f2b, 0x0) read$auto_proc_environ_operations_base(r2, 0x0, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r4 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x28a800, 0x0) ioctl$auto_UBI_IOCATT(r4, 0x40186f40, &(0x7f0000000140)={0x8000, 0x1, 0xfffdfffe, 0x8, 0x0, 0xb}) writev$auto(0xffffffffffffffff, 0x0, 0x4) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001280)='./cgroup/cpu.stat\x00', 0x1c1800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000080)=""/64, 0x40) 1.190530133s ago: executing program 0 (id=309): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) 1.088685821s ago: executing program 3 (id=310): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) sendmsg$auto_NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x13c, r1, 0x800, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x3}, @NL80211_ATTR_FILS_ERP_REALM={0xca, 0xfa, "f7141ae6ae14a7a918f0b99d68ce95733f53280e42441205c2cf15e5d86456a88125887e0b3cf2ba92a1f22b5d9f073839633d01c7bab3509f50e509fc2f37f9b24aef1d6c34f61156782564d2baa788a37413f447486893c09e07578342aeba3addfcc1bcb30548273aa134fb484cf07f971d78aaf6519a744a1c50bac470323b6271a1c9e2b0a6578d9045690f530eb9afbf83e3081b0bf75181217753310121b752e01e52cc9c7b42e0df3ab99314a6c6e77463980d155956fad5e5101975fe343b6eebfa"}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, 0x5}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, 0x1}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xfba}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x7}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x2e, 0xbd, "83bddea30ac9913f35a2abd0b827f182a5b9cdab90cd5ce741f668bed0eb841dfd2f3a079c1de7c949a6"}]}, 0x13c}, 0x1, 0x0, 0x0, 0x800}, 0x44) fallocate$auto(0x3, 0x0, 0xe, 0x8ec5) mmap$auto(0x0, 0x80000, 0xdf, 0x14, r0, 0x28000) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendfile$auto(0x6, 0x3, 0x0, 0x8000) 1.087865615s ago: executing program 1 (id=318): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop12/queue/wbt_lat_usec\x00', 0x102, 0x0) sendfile$auto(r0, r0, 0x0, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/scsi/drivers/st/debug_flag\x00', 0x501, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = memfd_create$auto(0x0, 0x4) r2 = socket(0x11, 0x2, 0x3a) statx$auto(r1, 0x0, 0x1000, 0xbdfc, 0x0) setsockopt$auto(r2, 0x29, 0x14, 0x0, 0x56b) setsockopt$auto(r2, 0x29, 0x14, 0x0, 0x10052b) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8080, 0x0) ioctl$auto_LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4044820) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x8, 0x4000000000df, 0x44eb2, 0x6, 0x102) madvise$auto(0x0, 0x20000a, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) write$auto(0x3, 0x0, 0xfdef) 990.939201ms ago: executing program 0 (id=311): madvise$auto(0x0, 0x20000a, 0x4) 831.783113ms ago: executing program 0 (id=312): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000280)={0x0, 0x44, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, r1, 0x1, 0x70bd25, 0x25dfdb7f}, 0x14}, 0x1, 0x0, 0x0, 0x20004041}, 0x4004040) 745.336507ms ago: executing program 3 (id=313): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) io_uring_setup$auto(0x48, 0x0) keyctl$auto(0xa, 0x3, 0x0, 0x802000, 0xe) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.14/usb37/bConfigurationValue\x00', 0x0, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) socket$nl_generic(0x10, 0x3, 0x10) 649.858061ms ago: executing program 1 (id=314): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) 620.481984ms ago: executing program 0 (id=315): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) io_uring_setup$auto(0x48, 0x0) keyctl$auto(0xa, 0x3, 0x0, 0x802000, 0xe) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.14/usb37/bConfigurationValue\x00', 0x0, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r2) 531.811357ms ago: executing program 2 (id=316): keyctl$auto(0xa, 0x3, 0x0, 0x802000, 0xe) 437.58762ms ago: executing program 3 (id=317): mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) 418.159308ms ago: executing program 0 (id=319): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) io_uring_setup$auto(0x48, 0x0) 357.877345ms ago: executing program 1 (id=320): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) io_uring_setup$auto(0x48, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.14/usb37/bConfigurationValue\x00', 0x0, 0x0) 346.562633ms ago: executing program 2 (id=321): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop12/queue/wbt_lat_usec\x00', 0x102, 0x0) sendfile$auto(r0, r0, 0x0, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/scsi/drivers/st/debug_flag\x00', 0x501, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = memfd_create$auto(0x0, 0x4) r2 = socket(0x11, 0x2, 0x3a) statx$auto(r1, 0x0, 0x1000, 0xbdfc, 0x0) setsockopt$auto(r2, 0x29, 0x14, 0x0, 0x56b) setsockopt$auto(r2, 0x29, 0x14, 0x0, 0x10052b) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8080, 0x0) ioctl$auto_LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4044820) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x8, 0x4000000000df, 0x44eb2, 0x6, 0x102) madvise$auto(0x0, 0x20000a, 0x4) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r3, 0x0, 0x6) write$auto(0x3, 0x0, 0xfdef) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), r2) 266.727586ms ago: executing program 3 (id=322): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) io_uring_setup$auto(0x48, 0x0) keyctl$auto(0xa, 0x3, 0x0, 0x802000, 0xe) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.14/usb37/bConfigurationValue\x00', 0x0, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r2) 197.571305ms ago: executing program 0 (id=323): r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r0, 0xc0109207, 0x0) mmap$auto(0x0, 0x40086, 0xdf, 0x9b72, r0, 0x9) mmap$auto(0x4, 0x0, 0x4, 0xeb1, r0, 0x7ff7) r1 = gettid() lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_BLKOPENZONE(0xffffffffffffffff, 0x40101286, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x11, 0x2, 0x0) r2 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x100) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) socket(0x2, 0x1, 0x106) listen$auto(0x3, 0x81) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x0, 0x0) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x1896c2, 0x0) ioctl$auto_RTC_IRQP_READ(r3, 0x8008700b, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) tkill$auto(r1, 0x7) socketpair$auto(0x1, 0x1, 0x3, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/unix\x00', 0x200, 0x0) socket(0x5, 0x800, 0xfffffffc) 112.140604ms ago: executing program 1 (id=324): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop12/queue/wbt_lat_usec\x00', 0x102, 0x0) sendfile$auto(r0, r0, 0x0, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/scsi/drivers/st/debug_flag\x00', 0x501, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = memfd_create$auto(0x0, 0x4) r2 = socket(0x11, 0x2, 0x3a) statx$auto(r1, 0x0, 0x1000, 0xbdfc, 0x0) setsockopt$auto(r2, 0x29, 0x14, 0x0, 0x56b) setsockopt$auto(r2, 0x29, 0x14, 0x0, 0x10052b) mmap$auto(0x0, 0x2020009, 0x3, 0x20000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8080, 0x0) ioctl$auto_LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4044820) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x8, 0x4000000000df, 0x44eb2, 0x6, 0x102) madvise$auto(0x0, 0x20000a, 0x4) read$auto(0xffffffffffffffff, 0x0, 0x6) write$auto(0x3, 0x0, 0xfdef) 0s ago: executing program 3 (id=325): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nullb0/queue/io_poll\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) io_uring_setup$auto(0x48, 0x0) keyctl$auto(0xa, 0x3, 0x0, 0x802000, 0xe) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.14/usb37/bConfigurationValue\x00', 0x0, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000280)={0x0, 0x44, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, 0x0, 0x1, 0x70bd25, 0x25dfdb7f}, 0x14}, 0x1, 0x0, 0x0, 0x20004041}, 0x4004040) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts. [ 85.400920][ T5818] cgroup: Unknown subsys name 'net' [ 85.539940][ T5818] cgroup: Unknown subsys name 'cpuset' [ 85.549313][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.284157][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.333496][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.343069][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.350884][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.359799][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.367647][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.419649][ T5830] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.427836][ T5830] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.435484][ T5830] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.444088][ T5830] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.451970][ T5830] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.538218][ T5830] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.555492][ T5830] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.566016][ T5830] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.574294][ T5830] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.586602][ T5830] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.618384][ T5830] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.627639][ T5830] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.635399][ T5830] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.643584][ T5830] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.651373][ T5830] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.031786][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 90.112913][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 90.309966][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 90.321351][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 90.346033][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.353260][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.361488][ T5827] bridge_slave_0: entered allmulticast mode [ 90.369163][ T5827] bridge_slave_0: entered promiscuous mode [ 90.414059][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.421498][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.428890][ T5827] bridge_slave_1: entered allmulticast mode [ 90.436810][ T5827] bridge_slave_1: entered promiscuous mode [ 90.471632][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.478873][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.486253][ T5831] bridge_slave_0: entered allmulticast mode [ 90.493574][ T5831] bridge_slave_0: entered promiscuous mode [ 90.536903][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.544127][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.551489][ T5831] bridge_slave_1: entered allmulticast mode [ 90.559985][ T5831] bridge_slave_1: entered promiscuous mode [ 90.635935][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.669541][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.683133][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.694731][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.778344][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.785731][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.792909][ T5837] bridge_slave_0: entered allmulticast mode [ 90.801620][ T5837] bridge_slave_0: entered promiscuous mode [ 90.827838][ T5827] team0: Port device team_slave_0 added [ 90.847904][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.855438][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.862697][ T5837] bridge_slave_1: entered allmulticast mode [ 90.871343][ T5837] bridge_slave_1: entered promiscuous mode [ 90.893727][ T5831] team0: Port device team_slave_0 added [ 90.902157][ T5827] team0: Port device team_slave_1 added [ 90.922692][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.930658][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.937928][ T5835] bridge_slave_0: entered allmulticast mode [ 90.945305][ T5835] bridge_slave_0: entered promiscuous mode [ 90.966976][ T5831] team0: Port device team_slave_1 added [ 90.975103][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.999155][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.006527][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.013729][ T5835] bridge_slave_1: entered allmulticast mode [ 91.021262][ T5835] bridge_slave_1: entered promiscuous mode [ 91.052036][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.062177][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.069323][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.096239][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.160430][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.167645][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.193959][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.229079][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.236199][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.262694][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.277262][ T5837] team0: Port device team_slave_0 added [ 91.283834][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.292083][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.318270][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.333182][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.344535][ T5837] team0: Port device team_slave_1 added [ 91.362311][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.445733][ T5830] Bluetooth: hci0: command tx timeout [ 91.458275][ T5835] team0: Port device team_slave_0 added [ 91.464950][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.472166][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.498283][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.525722][ T5830] Bluetooth: hci1: command tx timeout [ 91.541140][ T5835] team0: Port device team_slave_1 added [ 91.563046][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.570090][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.596088][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.620341][ T5831] hsr_slave_0: entered promiscuous mode [ 91.626857][ T5831] hsr_slave_1: entered promiscuous mode [ 91.639898][ T5827] hsr_slave_0: entered promiscuous mode [ 91.646386][ T5827] hsr_slave_1: entered promiscuous mode [ 91.652442][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.660435][ T5827] Cannot create hsr debugfs directory [ 91.675380][ T5142] Bluetooth: hci2: command tx timeout [ 91.681245][ T5830] Bluetooth: hci3: command tx timeout [ 91.706462][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.713450][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.739407][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.751928][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.758953][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.784976][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.993944][ T5837] hsr_slave_0: entered promiscuous mode [ 92.002109][ T5837] hsr_slave_1: entered promiscuous mode [ 92.009398][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.017474][ T5837] Cannot create hsr debugfs directory [ 92.047061][ T5835] hsr_slave_0: entered promiscuous mode [ 92.053817][ T5835] hsr_slave_1: entered promiscuous mode [ 92.062008][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.070056][ T5835] Cannot create hsr debugfs directory [ 92.514651][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.531702][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.543299][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.564771][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.622674][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.637722][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.648772][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.660939][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.753037][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.764127][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.777265][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.813664][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.912132][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.924117][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.935125][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.958875][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.988303][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.069792][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.117633][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.124935][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.164329][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.171496][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.193916][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.214508][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.259295][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.310279][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.321334][ T4171] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.328534][ T4171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.372066][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.382041][ T4171] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.389267][ T4171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.412453][ T4171] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.419673][ T4171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.453671][ T4171] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.460892][ T4171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.517961][ T5830] Bluetooth: hci0: command tx timeout [ 93.536945][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.563132][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.570328][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.597578][ T5830] Bluetooth: hci1: command tx timeout [ 93.620680][ T4157] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.627938][ T4157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.737265][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.757361][ T5830] Bluetooth: hci3: command tx timeout [ 93.762829][ T5830] Bluetooth: hci2: command tx timeout [ 93.967343][ T5827] veth0_vlan: entered promiscuous mode [ 94.000716][ T5827] veth1_vlan: entered promiscuous mode [ 94.048138][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.118575][ T5827] veth0_macvtap: entered promiscuous mode [ 94.144735][ T5827] veth1_macvtap: entered promiscuous mode [ 94.211895][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.222750][ T5837] veth0_vlan: entered promiscuous mode [ 94.244404][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.263349][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.280689][ T5837] veth1_vlan: entered promiscuous mode [ 94.299511][ T5827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.308565][ T5827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.318956][ T5827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.330542][ T5827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.368659][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.477107][ T5837] veth0_macvtap: entered promiscuous mode [ 94.506275][ T5837] veth1_macvtap: entered promiscuous mode [ 94.519258][ T5831] veth0_vlan: entered promiscuous mode [ 94.534476][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.551268][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.594791][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.606313][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.617753][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.626593][ T5831] veth1_vlan: entered promiscuous mode [ 94.642229][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.646455][ T5835] veth0_vlan: entered promiscuous mode [ 94.665771][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.672937][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.684132][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.696345][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.714962][ T5837] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.726288][ T5837] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.735025][ T5837] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.744854][ T5837] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.761151][ T5835] veth1_vlan: entered promiscuous mode [ 94.883434][ T5831] veth0_macvtap: entered promiscuous mode [ 94.896077][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.907819][ T5835] veth0_macvtap: entered promiscuous mode [ 94.942503][ T5835] veth1_macvtap: entered promiscuous mode [ 94.973208][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.975487][ T5831] veth1_macvtap: entered promiscuous mode [ 95.010562][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.024630][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.053336][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.072518][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.085080][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.100352][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.136610][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.148268][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.158510][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.169267][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.181312][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.218779][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.227817][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.243597][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.253049][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.297267][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.310339][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.320431][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.335246][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.345089][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.364391][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.384377][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.404930][ T3460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.423044][ T3460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.424074][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.451676][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.461964][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.475886][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.489701][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.501181][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.520326][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.572346][ T5831] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.590351][ T5831] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.596194][ T5830] Bluetooth: hci0: command tx timeout [ 95.604148][ T5831] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.615960][ T5831] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.675768][ T5830] Bluetooth: hci1: command tx timeout [ 95.820099][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.834758][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.835567][ T5830] Bluetooth: hci2: command tx timeout [ 95.848800][ T5142] Bluetooth: hci3: command tx timeout [ 95.886245][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.911651][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.450909][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.459318][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.592802][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.606914][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.961262][ T976] cfg80211: failed to load regulatory.db [ 97.014500][ T5913] cifs: Unknown parameter 'T.żc[$⁍)UÑnE-ʙl- -_5Z omfwYh*/xDlݩgkǐA79Xa/f_ARxM vp$^;q3n-6+ek [ 98.191509][ T5933] dump_stack_lvl+0x16c/0x1f0 [ 98.191551][ T5933] should_fail_ex+0x512/0x640 [ 98.191593][ T5933] ? __kmalloc_noprof+0xbf/0x510 [ 98.191628][ T5933] ? lsm_blob_alloc+0x68/0x90 [ 98.191671][ T5933] should_failslab+0xc2/0x120 [ 98.191705][ T5933] __kmalloc_noprof+0xd2/0x510 [ 98.191746][ T5933] lsm_blob_alloc+0x68/0x90 [ 98.191790][ T5933] security_sk_alloc+0x30/0x270 [ 98.191822][ T5933] sk_prot_alloc+0xfb/0x2a0 [ 98.191866][ T5933] sk_alloc+0x36/0xc20 [ 98.191912][ T5933] inet6_create+0x381/0x1300 [ 98.191959][ T5933] ? inet6_create+0x7f/0x1300 [ 98.192007][ T5933] __sock_create+0x335/0x8d0 [ 98.192051][ T5933] __sys_socket+0x14d/0x260 [ 98.192090][ T5933] ? __pfx___sys_socket+0x10/0x10 [ 98.192130][ T5933] ? rcu_is_watching+0x12/0xc0 [ 98.192164][ T5933] __x64_sys_socket+0x72/0xb0 [ 98.192200][ T5933] ? lockdep_hardirqs_on+0x7c/0x110 [ 98.192234][ T5933] do_syscall_64+0xcd/0x230 [ 98.192273][ T5933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.192302][ T5933] RIP: 0033:0x7f8d5198e969 [ 98.192325][ T5933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.192352][ T5933] RSP: 002b:00007f8d528ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 98.192384][ T5933] RAX: ffffffffffffffda RBX: 00007f8d51bb5fa0 RCX: 00007f8d5198e969 [ 98.192403][ T5933] RDX: 0000000000000084 RSI: 0000000000000801 RDI: 000000000000000a [ 98.192421][ T5933] RBP: 00007f8d51a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 98.192451][ T5933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.192467][ T5933] R13: 0000000000000000 R14: 00007f8d51bb5fa0 R15: 00007ffd5b215c38 [ 98.192502][ T5933] [ 98.448557][ T5936] netlink: 'syz.3.13': attribute type 29 has an invalid length. [ 98.457421][ T5936] netlink: 334 bytes leftover after parsing attributes in process `syz.3.13'. [ 98.597278][ T5928] bridge0: port 3(team0) entered blocking state [ 98.603712][ T5928] bridge0: port 3(team0) entered disabled state [ 98.615368][ T5928] team0: entered allmulticast mode [ 98.620537][ T5928] team_slave_0: entered allmulticast mode [ 98.627509][ T5928] team_slave_1: entered allmulticast mode [ 98.636829][ T5928] team0: entered promiscuous mode [ 98.642569][ T5928] team_slave_0: entered promiscuous mode [ 98.651068][ T5928] team_slave_1: entered promiscuous mode [ 98.658461][ T5928] bridge0: port 3(team0) entered blocking state [ 98.665074][ T5928] bridge0: port 3(team0) entered forwarding state [ 99.225594][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 99.437830][ T5947] Setting dangerous option i915.mitigations - tainting kernel [ 100.275739][ T5959] Zero length message leads to an empty skb [ 100.373749][ T5961] random: crng reseeded on system resumption [ 100.590518][ T5964] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    syzkaller syzkaller login: [ 133.410998][ T6407] netlink: 72 bytes leftover after parsing attributes in process `syz.1.108'. [ 134.692065][ T6445] blkio.reset_stats is deprecated [ 137.924993][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.934887][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.488382][ T6499] Setting dangerous option i915.mitigations - tainting kernel [ 141.551189][ T6491] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 141.584750][ T6491] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 141.596165][ T6491] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 141.603527][ T6491] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 142.283884][ T6511] netlink: 'syz.2.132': attribute type 1 has an invalid length. [ 142.362707][ T6511] Device name cannot be null; rc = [-22] [ 143.196107][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 143.331415][ T6530] page: refcount:3 mapcount:1 mapping:ffff88807d360a28 index:0x5a pfn:0x78032 [ 143.409960][ T6530] memcg:ffff8880281a8000 [ 143.414890][ T6530] aops:shmem_aops ino:464 dentry name(?):"dev/zero" [ 143.471925][ T6530] flags: 0xfff00000020018(uptodate|dirty|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 143.512015][ T6530] raw: 00fff00000020018 ffffea0001055888 ffffea0001056908 ffff88807d360a28 [ 143.587081][ T6530] raw: 000000000000005a 0000000000000000 0000000300000000 ffff8880281a8000 [ 143.597722][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 143.615601][ T6530] page dumped because: unmovable page [ 143.675340][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 143.681504][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 143.704178][ T6530] page_owner tracks the page as allocated [ 143.784567][ T6534] could not allocate digest TFM handle binfmt_misc [ 143.836529][ T6530] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 6535, tgid 6532 (syz.1.138), ts 143302372265, free_ts 143243055519 [ 143.936942][ T6530] post_alloc_hook+0x181/0x1b0 [ 143.971674][ T6530] get_page_from_freelist+0x135c/0x3920 [ 143.989908][ T6530] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 143.996172][ T6530] alloc_pages_mpol+0x1fb/0x550 [ 144.015305][ T6530] folio_alloc_mpol_noprof+0x36/0x2f0 [ 144.020764][ T6530] shmem_alloc_folio+0x135/0x160 [ 144.100625][ T6530] shmem_alloc_and_add_folio+0x499/0xc20 [ 144.158681][ T6530] shmem_get_folio_gfp+0x687/0x1530 [ 144.163993][ T6530] shmem_fault+0x1fe/0xa30 [ 144.237270][ T6530] __do_fault+0x10a/0x490 [ 144.251652][ T6530] do_pte_missing+0x1a6/0x3fb0 [ 144.287458][ T6530] __handle_mm_fault+0x103d/0x2a40 [ 144.317578][ T6530] handle_mm_fault+0x3fe/0xad0 [ 144.322430][ T6530] do_user_addr_fault+0x7a6/0x1370 [ 144.389097][ T6530] exc_page_fault+0x5c/0xc0 [ 144.393714][ T6530] asm_exc_page_fault+0x26/0x30 [ 144.445465][ T6530] page last free pid 6525 tgid 6520 stack trace: [ 144.451904][ T6530] free_unref_folios+0x999/0x1630 [ 144.511629][ T6530] folios_put_refs+0x56f/0x740 [ 144.539103][ T6530] free_pages_and_swap_cache+0x245/0x4a0 [ 144.563777][ T6530] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 144.605239][ T6530] tlb_flush_mmu+0xe9/0x590 [ 144.609828][ T6530] unmap_page_range+0x1ed6/0x4390 [ 144.614923][ T6530] unmap_single_vma+0x194/0x2a0 [ 144.663065][ T6530] unmap_vmas+0x22c/0x490 [ 144.715290][ T6530] exit_mmap+0x1b9/0xb90 [ 144.719631][ T6530] __mmput+0x12a/0x410 [ 144.723752][ T6530] mmput+0x62/0x70 [ 144.758263][ T6530] do_exit+0x9d1/0x2c30 [ 144.762502][ T6530] do_group_exit+0xd3/0x2a0 [ 144.798643][ T6530] get_signal+0x2673/0x26d0 [ 144.803238][ T6530] arch_do_signal_or_restart+0x8f/0x7a0 [ 144.835348][ T6530] syscall_exit_to_user_mode+0x150/0x2a0 [ 147.111784][ T55] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 147.111826][ T55] Bluetooth: hci1: unexpected subevent 0x05 length: 725 > 12 [ 147.652974][ T6587] uvcvideo: [Deprecated]: nodrop parameter will be eventually removed. [ 147.847129][ T6577] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 147.875219][ T6577] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 148.146867][ T6576] netlink: 'syz.3.147': attribute type 1 has an invalid length. [ 149.196761][ T55] Bluetooth: hci1: command 0x0c1a tx timeout [ 152.064870][ T6628] netlink: 28 bytes leftover after parsing attributes in process `syz.0.159'. [ 152.073995][ T6628] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 153.131084][ T55] Bluetooth: hci2: unexpected event 0x03 length: 725 > 11 [ 154.176825][ T6649] Process accounting resumed [ 154.848940][ T6660] capability: warning: `syz.3.165' uses deprecated v2 capabilities in a way that may be insecure [ 155.768888][ T6672] bridge0: port 3(hsr0) entered blocking state [ 155.777104][ T6672] bridge0: port 3(hsr0) entered disabled state [ 155.783572][ T6672] hsr0: entered allmulticast mode [ 155.791673][ T6672] hsr_slave_0: entered allmulticast mode [ 155.812754][ T6672] hsr_slave_1: entered allmulticast mode [ 155.830167][ T6672] hsr0: entered promiscuous mode [ 155.853251][ T6672] bridge0: port 3(hsr0) entered blocking state [ 155.859605][ T6672] bridge0: port 3(hsr0) entered forwarding state [ 156.816197][ T6699] netlink: 28 bytes leftover after parsing attributes in process `syz.0.174'. [ 156.917245][ T6697] svc: failed to register nfsdv3 RPC service (errno 111). [ 156.943977][ T6697] svc: failed to register nfsaclv3 RPC service (errno 111). [ 157.277062][ T6694] ima: policy update failed [ 157.291969][ T30] audit: type=1802 audit(6040675525.822:6): pid=6694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.174" res=0 errno=0 [ 157.576248][ T6710] netlink: 4 bytes leftover after parsing attributes in process `syz.0.177'. [ 158.626199][ T6725] FAULT_INJECTION: forcing a failure. [ 158.626199][ T6725] name failslab, interval 1, probability 0, space 0, times 0 [ 158.669434][ T6725] CPU: 0 UID: 0 PID: 6725 Comm: syz.3.180 Tainted: G U 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) [ 158.669486][ T6725] Tainted: [U]=USER [ 158.669496][ T6725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 158.669515][ T6725] Call Trace: [ 158.669524][ T6725] [ 158.669536][ T6725] dump_stack_lvl+0x16c/0x1f0 [ 158.669578][ T6725] should_fail_ex+0x512/0x640 [ 158.669622][ T6725] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 158.669676][ T6725] should_failslab+0xc2/0x120 [ 158.669714][ T6725] __kmalloc_cache_noprof+0x6a/0x3e0 [ 158.669777][ T6725] ? loopback_open+0x145/0x13a0 [ 158.669813][ T6725] loopback_open+0x145/0x13a0 [ 158.669849][ T6725] snd_pcm_open_substream+0xa5d/0x17f0 [ 158.669911][ T6725] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 158.669959][ T6725] snd_pcm_oss_open+0x735/0x1400 [ 158.670003][ T6725] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 158.670036][ T6725] ? __lock_acquire+0xaa4/0x1ba0 [ 158.670069][ T6725] ? __pfx_default_wake_function+0x10/0x10 [ 158.670096][ T6725] ? __lock_acquire+0xaa4/0x1ba0 [ 158.670154][ T6725] ? do_raw_spin_lock+0x12c/0x2b0 [ 158.670193][ T6725] ? soundcore_open+0x35a/0x580 [ 158.670220][ T6725] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 158.670252][ T6725] soundcore_open+0x409/0x580 [ 158.670280][ T6725] ? __pfx_soundcore_open+0x10/0x10 [ 158.670305][ T6725] chrdev_open+0x231/0x6a0 [ 158.670328][ T6725] ? __pfx_apparmor_file_open+0x10/0x10 [ 158.670358][ T6725] ? __pfx_chrdev_open+0x10/0x10 [ 158.670385][ T6725] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 158.670429][ T6725] do_dentry_open+0x741/0x1c10 [ 158.670459][ T6725] ? __pfx_chrdev_open+0x10/0x10 [ 158.670490][ T6725] vfs_open+0x82/0x3f0 [ 158.670523][ T6725] path_openat+0x1e5e/0x2d40 [ 158.670557][ T6725] ? __pfx_path_openat+0x10/0x10 [ 158.670587][ T6725] do_filp_open+0x20b/0x470 [ 158.670610][ T6725] ? __pfx_do_filp_open+0x10/0x10 [ 158.670655][ T6725] ? alloc_fd+0x471/0x7d0 [ 158.670701][ T6725] do_sys_openat2+0x11b/0x1d0 [ 158.670731][ T6725] ? __pfx_do_sys_openat2+0x10/0x10 [ 158.670775][ T6725] __x64_sys_openat+0x174/0x210 [ 158.670806][ T6725] ? __pfx___x64_sys_openat+0x10/0x10 [ 158.670840][ T6725] ? rcu_is_watching+0x12/0xc0 [ 158.670870][ T6725] do_syscall_64+0xcd/0x230 [ 158.670902][ T6725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.670926][ T6725] RIP: 0033:0x7fa64ab8e969 [ 158.670945][ T6725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.670968][ T6725] RSP: 002b:00007fa64ba6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 158.670991][ T6725] RAX: ffffffffffffffda RBX: 00007fa64adb5fa0 RCX: 00007fa64ab8e969 [ 158.671007][ T6725] RDX: 0000000000020b42 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 158.671022][ T6725] RBP: 00007fa64ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 158.671036][ T6725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 158.671050][ T6725] R13: 0000000000000000 R14: 00007fa64adb5fa0 R15: 00007ffec573a3a8 [ 158.671080][ T6725] [ 158.970831][ C0] vkms_vblank_simulate: vblank timer overrun [ 158.972093][ T6731] netlink: 20 bytes leftover after parsing attributes in process `syz.1.179'. [ 158.993868][ T6731] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 159.003553][ T6731] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 160.431304][ T6747] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[6747] [ 160.901341][ T6763] sp0: Synchronizing with TNC [ 161.449229][ T6771] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 165.268912][ T6821] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 165.813863][ T6829] netlink: 334 bytes leftover after parsing attributes in process `syz.2.202'. [ 165.876318][ T6829] netlink: 334 bytes leftover after parsing attributes in process `syz.2.202'. [ 169.173381][ T6848] FAULT_INJECTION: forcing a failure. [ 169.173381][ T6848] name failslab, interval 1, probability 0, space 0, times 0 [ 169.205217][ T6848] CPU: 1 UID: 0 PID: 6848 Comm: syz.0.206 Tainted: G U 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) [ 169.205261][ T6848] Tainted: [U]=USER [ 169.205270][ T6848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 169.205290][ T6848] Call Trace: [ 169.205317][ T6848] [ 169.205328][ T6848] dump_stack_lvl+0x16c/0x1f0 [ 169.205372][ T6848] should_fail_ex+0x512/0x640 [ 169.205412][ T6848] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 169.205445][ T6848] should_failslab+0xc2/0x120 [ 169.205480][ T6848] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 169.205512][ T6848] ? __proc_create+0xc3/0x8c0 [ 169.205547][ T6848] ? __proc_create+0x2ce/0x8c0 [ 169.205591][ T6848] __proc_create+0x2ce/0x8c0 [ 169.205639][ T6848] ? __pfx___proc_create+0x10/0x10 [ 169.205677][ T6848] ? find_held_lock+0x2b/0x80 [ 169.205711][ T6848] ? mark_held_locks+0x49/0x80 [ 169.205759][ T6848] proc_create_reg+0x7d/0x180 [ 169.205802][ T6848] proc_create_net_data+0x8e/0x1b0 [ 169.205841][ T6848] ? __pfx_proc_create_net_data+0x10/0x10 [ 169.205881][ T6848] ? __pfx___netlink_kernel_create+0x10/0x10 [ 169.205927][ T6848] fib_proc_init+0x58/0x1b0 [ 169.205989][ T6848] fib_net_init+0x2af/0x3f0 [ 169.206017][ T6848] ? __pfx___register_sysctl_table+0x10/0x10 [ 169.206053][ T6848] ? __pfx_fib_net_init+0x10/0x10 [ 169.206082][ T6848] ? lockdep_init_map_type+0x5c/0x280 [ 169.206151][ T6848] ? __pfx_nl_fib_input+0x10/0x10 [ 169.206202][ T6848] ? devinet_init_net+0x5c2/0x910 [ 169.206240][ T6848] ? __pfx_fib_net_init+0x10/0x10 [ 169.206267][ T6848] ops_init+0x1df/0x5f0 [ 169.206303][ T6848] setup_net+0x21e/0x850 [ 169.206339][ T6848] ? __pfx_setup_net+0x10/0x10 [ 169.206367][ T6848] ? lockdep_init_map_type+0x5c/0x280 [ 169.206408][ T6848] ? __pfx_down_read_killable+0x10/0x10 [ 169.206457][ T6848] ? debug_mutex_init+0x37/0x70 [ 169.206510][ T6848] copy_net_ns+0x2a6/0x5f0 [ 169.206569][ T6848] create_new_namespaces+0x3ea/0xad0 [ 169.206622][ T6848] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 169.206663][ T6848] ksys_unshare+0x45b/0xa40 [ 169.206707][ T6848] ? __pfx_ksys_unshare+0x10/0x10 [ 169.206768][ T6848] ? xfd_validate_state+0x5d/0x180 [ 169.206825][ T6848] ? rcu_is_watching+0x12/0xc0 [ 169.206866][ T6848] __x64_sys_unshare+0x31/0x40 [ 169.206912][ T6848] do_syscall_64+0xcd/0x230 [ 169.206959][ T6848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.206995][ T6848] RIP: 0033:0x7fe36c38e969 [ 169.207023][ T6848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.207056][ T6848] RSP: 002b:00007fe36d178038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 169.207088][ T6848] RAX: ffffffffffffffda RBX: 00007fe36c5b5fa0 RCX: 00007fe36c38e969 [ 169.207111][ T6848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 169.207131][ T6848] RBP: 00007fe36c410ab1 R08: 0000000000000000 R09: 0000000000000000 [ 169.207152][ T6848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.207172][ T6848] R13: 0000000000000000 R14: 00007fe36c5b5fa0 R15: 00007ffccf8abc08 [ 169.207216][ T6848] [ 170.486310][ T6867] netlink: 28 bytes leftover after parsing attributes in process `syz.3.211'. [ 170.626287][ T6867] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.076543][ T6867] bridge_slave_1 (unregistering): left allmulticast mode [ 171.083737][ T6867] bridge_slave_1 (unregistering): left promiscuous mode [ 171.147639][ T6867] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.173154][ T6882] misc userio: No port type given on /dev/userio [ 172.801389][ T6882] misc userio: Invalid payload size [ 173.628757][ T6895] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 173.700315][ T6895] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 174.562113][ T6902] openvswitch: netlink: Key 5 has unexpected len 4 expected 2 [ 175.036415][ T6909] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 175.192211][ T6914] netlink: 28 bytes leftover after parsing attributes in process `syz.3.219'. [ 177.858344][ T30] audit: type=1326 audit(6040675546.402:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6940 comm="syz.3.226" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa64ab8e969 code=0x0 [ 177.992490][ T6945] FAULT_INJECTION: forcing a failure. [ 177.992490][ T6945] name failslab, interval 1, probability 0, space 0, times 0 [ 178.031678][ T6945] CPU: 1 UID: 0 PID: 6945 Comm: syz.3.226 Tainted: G U 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) [ 178.031727][ T6945] Tainted: [U]=USER [ 178.031738][ T6945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 178.031755][ T6945] Call Trace: [ 178.031765][ T6945] [ 178.031775][ T6945] dump_stack_lvl+0x16c/0x1f0 [ 178.031816][ T6945] should_fail_ex+0x512/0x640 [ 178.031857][ T6945] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 178.031891][ T6945] should_failslab+0xc2/0x120 [ 178.031925][ T6945] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 178.031958][ T6945] ? __pfx___might_resched+0x10/0x10 [ 178.031997][ T6945] ? alloc_vmap_area+0x613/0x2970 [ 178.032045][ T6945] alloc_vmap_area+0x613/0x2970 [ 178.032102][ T6945] ? __pfx_alloc_vmap_area+0x10/0x10 [ 178.032153][ T6945] __get_vm_area_node+0x1a7/0x300 [ 178.032231][ T6945] __vmalloc_node_range_noprof+0x277/0x1540 [ 178.032279][ T6945] ? n_tty_open+0x1a/0x170 [ 178.032328][ T6945] ? n_tty_open+0x1a/0x170 [ 178.032370][ T6945] ? __ldsem_down_write_nested+0x10e/0x850 [ 178.032413][ T6945] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 178.032471][ T6945] ? n_tty_open+0x1a/0x170 [ 178.032509][ T6945] vzalloc_noprof+0x6b/0x90 [ 178.032552][ T6945] ? n_tty_open+0x1a/0x170 [ 178.032591][ T6945] ? __pfx_n_tty_open+0x10/0x10 [ 178.032627][ T6945] n_tty_open+0x1a/0x170 [ 178.032664][ T6945] ? __pfx_n_tty_open+0x10/0x10 [ 178.032702][ T6945] tty_ldisc_open+0x9c/0x120 [ 178.032732][ T6945] tty_ldisc_setup+0x40/0x100 [ 178.032763][ T6945] tty_init_dev.part.0+0x1ec/0x500 [ 178.032802][ T6945] tty_open+0xa50/0xf90 [ 178.032845][ T6945] ? __pfx_tty_open+0x10/0x10 [ 178.032881][ T6945] ? chrdev_open+0x10b/0x6a0 [ 178.032916][ T6945] ? __pfx_tty_open+0x10/0x10 [ 178.032949][ T6945] chrdev_open+0x231/0x6a0 [ 178.032985][ T6945] ? __pfx_apparmor_file_open+0x10/0x10 [ 178.033023][ T6945] ? __pfx_chrdev_open+0x10/0x10 [ 178.033056][ T6945] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 178.033108][ T6945] do_dentry_open+0x741/0x1c10 [ 178.033138][ T6945] ? __pfx_chrdev_open+0x10/0x10 [ 178.033175][ T6945] vfs_open+0x82/0x3f0 [ 178.033217][ T6945] path_openat+0x1e5e/0x2d40 [ 178.033259][ T6945] ? __pfx_path_openat+0x10/0x10 [ 178.033297][ T6945] do_filp_open+0x20b/0x470 [ 178.033325][ T6945] ? __pfx_do_filp_open+0x10/0x10 [ 178.033382][ T6945] ? alloc_fd+0x471/0x7d0 [ 178.033459][ T6945] do_sys_openat2+0x11b/0x1d0 [ 178.033500][ T6945] ? __pfx_do_sys_openat2+0x10/0x10 [ 178.033558][ T6945] __x64_sys_openat+0x174/0x210 [ 178.033600][ T6945] ? __pfx___x64_sys_openat+0x10/0x10 [ 178.033644][ T6945] ? rcu_is_watching+0x12/0xc0 [ 178.033686][ T6945] do_syscall_64+0xcd/0x230 [ 178.033728][ T6945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.033759][ T6945] RIP: 0033:0x7fa64ab8e969 [ 178.033784][ T6945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.033812][ T6945] RSP: 002b:00007fa64ba0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 178.033843][ T6945] RAX: ffffffffffffffda RBX: 00007fa64adb6240 RCX: 00007fa64ab8e969 [ 178.033863][ T6945] RDX: 0000000000000201 RSI: 0000200000000540 RDI: ffffffffffffff9c [ 178.033883][ T6945] RBP: 00007fa64ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 178.033901][ T6945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.033919][ T6945] R13: 0000000000000000 R14: 00007fa64adb6240 R15: 00007ffec573a3a8 [ 178.033960][ T6945] [ 178.097176][ T6949] HfR: entered promiscuous mode [ 178.191465][ T6945] syz.3.226: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 178.285580][ T6952] netlink: 12 bytes leftover after parsing attributes in process `syz.1.227'. [ 178.287814][ T6952] HfR: left promiscuous mode [ 178.420531][ T6945] ,cpuset=/,mems_allowed=0-1 [ 178.430346][ T6945] CPU: 0 UID: 0 PID: 6945 Comm: syz.3.226 Tainted: G U 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) [ 178.430394][ T6945] Tainted: [U]=USER [ 178.430405][ T6945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 178.430423][ T6945] Call Trace: [ 178.430433][ T6945] [ 178.430445][ T6945] dump_stack_lvl+0x16c/0x1f0 [ 178.430488][ T6945] warn_alloc+0x248/0x3a0 [ 178.430535][ T6945] ? __pfx_warn_alloc+0x10/0x10 [ 178.430568][ T6945] ? kfree+0x2b6/0x4d0 [ 178.430639][ T6945] ? __get_vm_area_node+0x1e5/0x300 [ 178.430706][ T6945] __vmalloc_node_range_noprof+0xd31/0x1540 [ 178.430782][ T6945] ? n_tty_open+0x1a/0x170 [ 178.430826][ T6945] ? __ldsem_down_write_nested+0x10e/0x850 [ 178.430869][ T6945] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 178.430927][ T6945] ? n_tty_open+0x1a/0x170 [ 178.430965][ T6945] vzalloc_noprof+0x6b/0x90 [ 178.431028][ T6945] ? n_tty_open+0x1a/0x170 [ 178.431067][ T6945] ? __pfx_n_tty_open+0x10/0x10 [ 178.431106][ T6945] n_tty_open+0x1a/0x170 [ 178.431146][ T6945] ? __pfx_n_tty_open+0x10/0x10 [ 178.431186][ T6945] tty_ldisc_open+0x9c/0x120 [ 178.431217][ T6945] tty_ldisc_setup+0x40/0x100 [ 178.431248][ T6945] tty_init_dev.part.0+0x1ec/0x500 [ 178.431299][ T6945] tty_open+0xa50/0xf90 [ 178.431340][ T6945] ? __pfx_tty_open+0x10/0x10 [ 178.431376][ T6945] ? chrdev_open+0x10b/0x6a0 [ 178.431411][ T6945] ? __pfx_tty_open+0x10/0x10 [ 178.431445][ T6945] chrdev_open+0x231/0x6a0 [ 178.431474][ T6945] ? __pfx_apparmor_file_open+0x10/0x10 [ 178.431511][ T6945] ? __pfx_chrdev_open+0x10/0x10 [ 178.431544][ T6945] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 178.431596][ T6945] do_dentry_open+0x741/0x1c10 [ 178.431647][ T6945] ? __pfx_chrdev_open+0x10/0x10 [ 178.431706][ T6945] vfs_open+0x82/0x3f0 [ 178.431749][ T6945] path_openat+0x1e5e/0x2d40 [ 178.431793][ T6945] ? __pfx_path_openat+0x10/0x10 [ 178.431831][ T6945] do_filp_open+0x20b/0x470 [ 178.431859][ T6945] ? __pfx_do_filp_open+0x10/0x10 [ 178.431916][ T6945] ? alloc_fd+0x471/0x7d0 [ 178.431972][ T6945] do_sys_openat2+0x11b/0x1d0 [ 178.432010][ T6945] ? __pfx_do_sys_openat2+0x10/0x10 [ 178.432067][ T6945] __x64_sys_openat+0x174/0x210 [ 178.432107][ T6945] ? __pfx___x64_sys_openat+0x10/0x10 [ 178.432148][ T6945] ? rcu_is_watching+0x12/0xc0 [ 178.432187][ T6945] do_syscall_64+0xcd/0x230 [ 178.432226][ T6945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.432255][ T6945] RIP: 0033:0x7fa64ab8e969 [ 178.432278][ T6945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.432306][ T6945] RSP: 002b:00007fa64ba0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 178.432334][ T6945] RAX: ffffffffffffffda RBX: 00007fa64adb6240 RCX: 00007fa64ab8e969 [ 178.432353][ T6945] RDX: 0000000000000201 RSI: 0000200000000540 RDI: ffffffffffffff9c [ 178.432371][ T6945] RBP: 00007fa64ac10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 178.432389][ T6945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.432406][ T6945] R13: 0000000000000000 R14: 00007fa64adb6240 R15: 00007ffec573a3a8 [ 178.432444][ T6945] [ 178.466582][ T6949] device-mapper: ioctl: Unable to rename non-existent device,  to [ 178.734919][ T6945] Mem-Info: [ 178.843014][ T6945] active_anon:42803 inactive_anon:0 isolated_anon:0 [ 178.843014][ T6945] active_file:7037 inactive_file:51849 isolated_file:0 [ 178.843014][ T6945] unevictable:768 dirty:541 writeback:0 [ 178.843014][ T6945] slab_reclaimable:10334 slab_unreclaimable:93977 [ 178.843014][ T6945] mapped:31026 shmem:33237 pagetables:834 [ 178.843014][ T6945] sec_pagetables:0 bounce:0 [ 178.843014][ T6945] kernel_misc_reclaimable:0 [ 178.843014][ T6945] free:1309276 free_pcp:921 free_cma:0 [ 178.995347][ T6945] Node 0 active_anon:169588kB inactive_anon:0kB active_file:28164kB inactive_file:207324kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124148kB dirty:2172kB writeback:0kB shmem:130052kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10704kB pagetables:3420kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 179.075297][ T6945] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1532kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 179.218271][ T6945] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 179.284160][ T6945] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 179.290474][ T6945] Node 0 DMA32 free:1310844kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:170740kB inactive_anon:0kB active_file:28164kB inactive_file:205516kB unevictable:1536kB writepending:2172kB present:3129332kB managed:2544212kB mlocked:0kB bounce:0kB free_pcp:560kB local_pcp:392kB free_cma:0kB [ 179.323191][ T6945] lowmem_reserve[]: 0 0 1 1 1 [ 179.328358][ T6945] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1808kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 179.355316][ T6961] vivid-009: ================= START STATUS ================= [ 179.363302][ T6961] vivid-009: Enable Output Cropping: true grabbed [ 179.385029][ T6945] lowmem_reserve[]: 0 0 0 0 0 [ 179.396321][ T6961] vivid-009: Enable Output Composing: true grabbed [ 179.402929][ T6961] vivid-009: Enable Output Scaler: true grabbed [ 179.405658][ T6945] Node 1 Normal free:3913184kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 179.435220][ T6961] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 179.487475][ T6945] lowmem_reserve[]: 0 0 0 0 0 [ 179.490225][ T6961] vivid-009: Transmit Mode: [ 179.492282][ T6945] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 179.548782][ T6961] HDMI grabbed [ 179.552229][ T6961] vivid-009: Hotplug Present: 0x00000000 [ 179.557607][ T6945] Node 0 DMA32: 2019*4kB (UME) 926*8kB (UME) 737*16kB (UME) 138*32kB (ME) 227*64kB (UME) 57*128kB (UME) 22*256kB (UME) 50*512kB (UME) 34*1024kB (UM) 38*2048kB (UME) 271*4096kB (UM) = 1307404kB [ 179.588784][ T6961] vivid-009: RxSense Present: 0x00000000 [ 179.594583][ T6961] vivid-009: EDID Present: 0x00000000 [ 179.615244][ T6945] Node 0 Normal: 2*4kB (M) 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32kB [ 179.655769][ T6945] Node 1 Normal: 230*4kB (UME) 67*8kB (UME) 47*16kB (UME) 204*32kB (UME) 87*64kB (UME) 30*128kB (UME) 15*256kB (UM) 12*512kB (UME) 4*1024kB (UME) 3*2048kB (UME) 946*4096kB (M) = 3913184kB [ 179.657749][ T6961] vivid-009: ================== END STATUS ================== [ 179.712071][ T6945] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 179.738262][ T6945] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 179.754811][ T6945] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 179.765255][ T6945] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 179.774851][ T6945] 88236 total pagecache pages [ 179.780975][ T6945] 0 pages in swap cache [ 179.790381][ T6945] Free swap = 124996kB [ 179.794733][ T6945] Total swap = 124996kB [ 179.799251][ T6945] 2097051 pages RAM [ 179.803164][ T6945] 0 pages HighMem/MovableOnly [ 179.811986][ T6945] 428892 pages reserved [ 179.819358][ T6945] 0 pages cma reserved [ 179.823989][ T6945] tty tty45: ldisc open failed (-12), clearing slot 44 [ 179.834938][ T6951] tty tty17: ldisc open failed (-12), clearing slot 16 [ 179.844616][ T6942] ttyS ttyS3: ldisc open failed (-12), clearing slot 3 [ 179.866044][ T6953] pty pty244: ldisc open failed (-12), clearing slot 244 [ 182.122016][ T7010] zswap: compressor not available [ 182.178738][ T7010] FAULT_INJECTION: forcing a failure. [ 182.178738][ T7010] name failslab, interval 1, probability 0, space 0, times 0 [ 182.238534][ T7010] CPU: 1 UID: 0 PID: 7010 Comm: syz.2.239 Tainted: G U 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) [ 182.238582][ T7010] Tainted: [U]=USER [ 182.238591][ T7010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 182.238611][ T7010] Call Trace: [ 182.238620][ T7010] [ 182.238630][ T7010] dump_stack_lvl+0x16c/0x1f0 [ 182.238671][ T7010] should_fail_ex+0x512/0x640 [ 182.238718][ T7010] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 182.238768][ T7010] should_failslab+0xc2/0x120 [ 182.238812][ T7010] __kmalloc_cache_noprof+0x6a/0x3e0 [ 182.238854][ T7010] ? pty_common_install+0xdf/0xb30 [ 182.238885][ T7010] pty_common_install+0xdf/0xb30 [ 182.238908][ T7010] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 182.238947][ T7010] ? __pfx_pty_unix98_install+0x10/0x10 [ 182.238975][ T7010] tty_init_dev.part.0+0x99/0x500 [ 182.239011][ T7010] tty_init_dev+0x60/0x80 [ 182.239044][ T7010] ? __pfx_ptmx_open+0x10/0x10 [ 182.239085][ T7010] ptmx_open+0x10d/0x360 [ 182.239129][ T7010] ? __pfx_ptmx_open+0x10/0x10 [ 182.239171][ T7010] chrdev_open+0x231/0x6a0 [ 182.239198][ T7010] ? __pfx_apparmor_file_open+0x10/0x10 [ 182.239232][ T7010] ? __pfx_chrdev_open+0x10/0x10 [ 182.239262][ T7010] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 182.239310][ T7010] do_dentry_open+0x741/0x1c10 [ 182.239338][ T7010] ? __pfx_chrdev_open+0x10/0x10 [ 182.239372][ T7010] vfs_open+0x82/0x3f0 [ 182.239412][ T7010] path_openat+0x1e5e/0x2d40 [ 182.239450][ T7010] ? __pfx_path_openat+0x10/0x10 [ 182.239487][ T7010] do_filp_open+0x20b/0x470 [ 182.239513][ T7010] ? __pfx_do_filp_open+0x10/0x10 [ 182.239567][ T7010] ? alloc_fd+0x471/0x7d0 [ 182.239618][ T7010] do_sys_openat2+0x11b/0x1d0 [ 182.239653][ T7010] ? __pfx_do_sys_openat2+0x10/0x10 [ 182.239709][ T7010] __x64_sys_openat+0x174/0x210 [ 182.239747][ T7010] ? __pfx___x64_sys_openat+0x10/0x10 [ 182.239785][ T7010] ? rcu_is_watching+0x12/0xc0 [ 182.239821][ T7010] do_syscall_64+0xcd/0x230 [ 182.239858][ T7010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.239885][ T7010] RIP: 0033:0x7f8d5198e969 [ 182.239905][ T7010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.239931][ T7010] RSP: 002b:00007f8d528ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 182.239962][ T7010] RAX: ffffffffffffffda RBX: 00007f8d51bb5fa0 RCX: 00007f8d5198e969 [ 182.239981][ T7010] RDX: 0000000000020540 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 182.239998][ T7010] RBP: 00007f8d51a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 182.240014][ T7010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.240030][ T7010] R13: 0000000000000000 R14: 00007f8d51bb5fa0 R15: 00007ffd5b215c38 [ 182.240065][ T7010] [ 182.517625][ C1] vkms_vblank_simulate: vblank timer overrun [ 185.584825][ T7039] Process accounting paused [ 186.822921][ T30] audit: type=1800 audit(6040675555.362:8): pid=7063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.245" name="lu_gp_id" dev="configfs" ino=12568 res=0 errno=0 [ 189.314874][ T7092] Invalid ELF header magic: != ELF [ 189.376678][ T7096] sg_write: data in/out 32732/16086 bytes for SCSI command 0x0-- guessing data in; [ 189.376678][ T7096] program syz.3.254 not setting count and/or reply_len properly [ 189.518492][ T55] Bluetooth: hci2: Unable to find connection for big 0xd2 [ 190.445770][ T7092] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 194.703405][ T7151] netlink: 4 bytes leftover after parsing attributes in process `syz.2.265'. [ 196.296163][ T7167] kexec: Could not allocate control_code_buffer [ 197.031023][ T7187] writes to the poll attribute are ignored. [ 197.057958][ T7187] please use driver specific parameters instead. [ 197.215659][ T7192] writes to the poll attribute are ignored. [ 197.245218][ T7192] please use driver specific parameters instead. [ 197.458785][ T7195] writes to the poll attribute are ignored. [ 197.464756][ T7195] please use driver specific parameters instead. [ 197.745234][ T7201] writes to the poll attribute are ignored. [ 197.804700][ T7201] please use driver specific parameters instead. [ 197.995295][ T7214] writes to the poll attribute are ignored. [ 198.011540][ T7214] please use driver specific parameters instead. [ 198.326120][ T7223] writes to the poll attribute are ignored. [ 198.345449][ T7223] please use driver specific parameters instead. [ 198.605327][ T7229] writes to the poll attribute are ignored. [ 198.633498][ T7229] please use driver specific parameters instead. [ 198.895943][ T7240] writes to the poll attribute are ignored. [ 198.915042][ T7240] please use driver specific parameters instead. [ 199.226460][ T7250] writes to the poll attribute are ignored. [ 199.227021][ T7251] writes to the poll attribute are ignored. [ 199.232491][ T7250] please use driver specific parameters instead. [ 199.250871][ T7251] please use driver specific parameters instead. [ 199.385690][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.392052][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.737227][ T7290] [ 200.739616][ T7290] ====================================================== [ 200.746660][ T7290] WARNING: possible circular locking dependency detected [ 200.753721][ T7290] 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 Tainted: G U [ 200.762411][ T7290] ------------------------------------------------------ [ 200.769428][ T7290] syz.2.321/7290 is trying to acquire lock: [ 200.775327][ T7290] ffff888025e385d8 (&q->elevator_lock){+.+.}-{4:4}, at: queue_wb_lat_store+0x187/0x3d0 [ 200.785036][ T7290] [ 200.785036][ T7290] but task is already holding lock: [ 200.792416][ T7290] ffff888025e380a8 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 200.803790][ T7290] [ 200.803790][ T7290] which lock already depends on the new lock. [ 200.803790][ T7290] [ 200.814218][ T7290] [ 200.814218][ T7290] the existing dependency chain (in reverse order) is: [ 200.823240][ T7290] [ 200.823240][ T7290] -> #2 (&q->q_usage_counter(io)#29){++++}-{0:0}: [ 200.831881][ T7290] blk_alloc_queue+0x619/0x760 [ 200.837205][ T7290] blk_mq_alloc_queue+0x179/0x290 [ 200.842784][ T7290] __blk_mq_alloc_disk+0x29/0x120 [ 200.848367][ T7290] loop_add+0x496/0xb70 [ 200.853067][ T7290] loop_init+0x164/0x270 [ 200.857865][ T7290] do_one_initcall+0x120/0x6e0 [ 200.863208][ T7290] kernel_init_freeable+0x5c2/0x900 [ 200.868966][ T7290] kernel_init+0x1c/0x2b0 [ 200.873847][ T7290] ret_from_fork+0x45/0x80 [ 200.878820][ T7290] ret_from_fork_asm+0x1a/0x30 [ 200.884134][ T7290] [ 200.884134][ T7290] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 200.891375][ T7290] fs_reclaim_acquire+0x102/0x150 [ 200.896954][ T7290] kmem_cache_alloc_noprof+0x53/0x3b0 [ 200.902867][ T7290] __kernfs_new_node+0xd2/0x8a0 [ 200.908268][ T7290] kernfs_new_node+0x13c/0x1e0 [ 200.913568][ T7290] kernfs_create_dir_ns+0x4c/0x1a0 [ 200.919216][ T7290] sysfs_create_dir_ns+0x13a/0x2b0 [ 200.924883][ T7290] kobject_add_internal+0x2c4/0x9b0 [ 200.930630][ T7290] kobject_add+0x16e/0x240 [ 200.935589][ T7290] elv_register_queue+0xd3/0x2a0 [ 200.941077][ T7290] blk_register_queue+0x3c4/0x560 [ 200.946670][ T7290] add_disk_fwnode+0x911/0x13a0 [ 200.952083][ T7290] nbd_dev_add+0x78e/0xbb0 [ 200.957055][ T7290] nbd_init+0x181/0x320 [ 200.961781][ T7290] do_one_initcall+0x120/0x6e0 [ 200.967114][ T7290] kernel_init_freeable+0x5c2/0x900 [ 200.972869][ T7290] kernel_init+0x1c/0x2b0 [ 200.977760][ T7290] ret_from_fork+0x45/0x80 [ 200.982737][ T7290] ret_from_fork_asm+0x1a/0x30 [ 200.988083][ T7290] [ 200.988083][ T7290] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 200.995957][ T7290] __lock_acquire+0x1173/0x1ba0 [ 201.001363][ T7290] lock_acquire+0x179/0x350 [ 201.006415][ T7290] __mutex_lock+0x199/0xb90 [ 201.011469][ T7290] queue_wb_lat_store+0x187/0x3d0 [ 201.017052][ T7290] queue_attr_store+0x270/0x310 [ 201.022458][ T7290] sysfs_kf_write+0xef/0x150 [ 201.027596][ T7290] kernfs_fop_write_iter+0x351/0x510 [ 201.033426][ T7290] vfs_write+0x5ba/0x1180 [ 201.038288][ T7290] ksys_write+0x12a/0x240 [ 201.043154][ T7290] do_syscall_64+0xcd/0x230 [ 201.048201][ T7290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.054632][ T7290] [ 201.054632][ T7290] other info that might help us debug this: [ 201.054632][ T7290] [ 201.064865][ T7290] Chain exists of: [ 201.064865][ T7290] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#29 [ 201.064865][ T7290] [ 201.078644][ T7290] Possible unsafe locking scenario: [ 201.078644][ T7290] [ 201.086121][ T7290] CPU0 CPU1 [ 201.091504][ T7290] ---- ---- [ 201.096877][ T7290] lock(&q->q_usage_counter(io)#29); [ 201.102276][ T7290] lock(fs_reclaim); [ 201.108801][ T7290] lock(&q->q_usage_counter(io)#29); [ 201.116731][ T7290] lock(&q->elevator_lock); [ 201.121341][ T7290] [ 201.121341][ T7290] *** DEADLOCK *** [ 201.121341][ T7290] [ 201.129492][ T7290] 6 locks held by syz.2.321/7290: [ 201.134522][ T7290] #0: ffff88802e2222b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 201.143605][ T7290] #1: ffff888035a8c420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 201.152616][ T7290] #2: ffff888031b71488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 201.162424][ T7290] #3: ffff888025e6fc38 (kn->active#79){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 201.172485][ T7290] #4: ffff888025e380a8 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 201.184199][ T7290] #5: ffff888025e380e0 (&q->q_usage_counter(queue)#21){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 201.196194][ T7290] [ 201.196194][ T7290] stack backtrace: [ 201.202097][ T7290] CPU: 0 UID: 0 PID: 7290 Comm: syz.2.321 Tainted: G U 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) [ 201.202136][ T7290] Tainted: [U]=USER [ 201.202144][ T7290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 201.202159][ T7290] Call Trace: [ 201.202167][ T7290] [ 201.202176][ T7290] dump_stack_lvl+0x116/0x1f0 [ 201.202208][ T7290] print_circular_bug+0x275/0x350 [ 201.202243][ T7290] check_noncircular+0x14c/0x170 [ 201.202277][ T7290] __lock_acquire+0x1173/0x1ba0 [ 201.202322][ T7290] lock_acquire+0x179/0x350 [ 201.202353][ T7290] ? queue_wb_lat_store+0x187/0x3d0 [ 201.202393][ T7290] ? __pfx___might_resched+0x10/0x10 [ 201.202421][ T7290] ? do_raw_spin_lock+0x12c/0x2b0 [ 201.202461][ T7290] __mutex_lock+0x199/0xb90 [ 201.202492][ T7290] ? queue_wb_lat_store+0x187/0x3d0 [ 201.202531][ T7290] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 201.202558][ T7290] ? queue_wb_lat_store+0x187/0x3d0 [ 201.202595][ T7290] ? lockdep_hardirqs_on+0x7c/0x110 [ 201.202624][ T7290] ? __pfx___mutex_lock+0x10/0x10 [ 201.202665][ T7290] ? __pfx_autoremove_wake_function+0x10/0x10 [ 201.202699][ T7290] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 201.202738][ T7290] ? queue_wb_lat_store+0x187/0x3d0 [ 201.202775][ T7290] queue_wb_lat_store+0x187/0x3d0 [ 201.202815][ T7290] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 201.202855][ T7290] ? __mutex_trylock_common+0xe9/0x250 [ 201.202890][ T7290] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 201.202929][ T7290] queue_attr_store+0x270/0x310 [ 201.202969][ T7290] ? __pfx_queue_attr_store+0x10/0x10 [ 201.203016][ T7290] ? find_held_lock+0x2b/0x80 [ 201.203039][ T7290] ? sysfs_file_kobj+0xe4/0x290 [ 201.203078][ T7290] ? __pfx_queue_attr_store+0x10/0x10 [ 201.203116][ T7290] sysfs_kf_write+0xef/0x150 [ 201.203152][ T7290] kernfs_fop_write_iter+0x351/0x510 [ 201.203184][ T7290] ? __pfx_sysfs_kf_write+0x10/0x10 [ 201.203227][ T7290] vfs_write+0x5ba/0x1180 [ 201.203259][ T7290] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 201.203306][ T7290] ? __pfx___mutex_lock+0x10/0x10 [ 201.203337][ T7290] ? __pfx_vfs_write+0x10/0x10 [ 201.203369][ T7290] ksys_write+0x12a/0x240 [ 201.203392][ T7290] ? __pfx_ksys_write+0x10/0x10 [ 201.203414][ T7290] ? rcu_is_watching+0x12/0xc0 [ 201.203440][ T7290] do_syscall_64+0xcd/0x230 [ 201.203473][ T7290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.203505][ T7290] RIP: 0033:0x7f8d5198e969 [ 201.203525][ T7290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.203551][ T7290] RSP: 002b:00007f8d528ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 201.203574][ T7290] RAX: ffffffffffffffda RBX: 00007f8d51bb5fa0 RCX: 00007f8d5198e969 [ 201.203591][ T7290] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 201.203606][ T7290] RBP: 00007f8d51a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 201.203621][ T7290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 201.203637][ T7290] R13: 0000000000000000 R14: 00007f8d51bb5fa0 R15: 00007ffd5b215c38 [ 201.203660][ T7290]