last executing test programs: 1.539653216s ago: executing program 0 (id=1): openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x189400, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) r2 = socket(0xa, 0x3, 0x6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_fd=r2, 0xd}, 0x92) r3 = open(0x0, 0x261c2, 0x84) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) r4 = open(&(0x7f0000000000)='./file0\x00', 0x26142, 0x84) bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, r4, 0x0, 0x3}, 0xc) mmap$auto(0x0, 0x4020009, 0xe2, 0xeb1, 0x401, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r5, 0x0, 0x20) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3) r7 = openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) sendfile$auto(r7, r7, 0x0, 0x1) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x0, 0x3, 0x100003f) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) write$auto(0x3, 0x0, 0x800000000fdf1) sendmsg$auto_ETHTOOL_MSG_MODULE_FW_FLASH_ACT(0xffffffffffffffff, 0x0, 0x400c080) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x40000c0) 1.135128399s ago: executing program 0 (id=5): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) socket(0x2, 0x1, 0x106) mq_getsetattr$auto(0xffffffffffffffff, &(0x7f0000000000)={0x81, 0x25, 0x5, 0x80}, 0x0) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000", @ANYRES32=r0, @ANYBLOB="69b5"], 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) socket(0xf, 0x2, 0x6) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000580)='/dev/audio\x00', 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/workqueue/nvmet-wq/affinity_scope\x00', 0x562, 0x0) write$auto(r3, &(0x7f00000005c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xe1\x903\x9e\xca\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81\xe4\xab\xc5\x8da\vr\xb91\xfe\x9a\xf0\x0f\x03\x12m/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\xf4\r\x19$\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbbc\xb9\xd0\x1f\xd9\x8e`\xba\xd0\xa4\xf5\x00\x00\x00\x00\x00\x00\x00\x00', 0x98c7) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r5) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="2f212cbd7000fddb55252100000008000300", @ANYRES32=r7, @ANYBLOB], 0x1c}}, 0x20000040) sendmsg$auto_NL80211_CMD_SET_BEACON(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000d80)=ANY=[@ANYBLOB="fc020000cbe784203321dff83f67deb53eba6407c7570afccff50635f34a78c9104c19468891ff8fb7637a473e7613b007945aee038b11c51379898d974568eb4a4a626ef85785211a08d0291c4ad0f611a50ffbaa4bb045bbffdb32226c52f7c4308559cf4bd27f5a27a536ea180a7c49b0d01641fc911167f2ac9d32a51eccedc49055f9ba311a461ec00c47f71446266b9ecb29", @ANYRES16=r6, @ANYBLOB="000325bd7000fddbdf250e000000de024580dd00408008dc1d6bac53377a67f8d1387506abf67cae353e65b7d945cf6835098581509c627586ccc30d80fdc22bc4ccedf06fbe17227da94338ca54940afe629ceaabb1fee11d5d149774a139fe24c6c4a0d34f8b93f76fc3166d462520e2f249e67e6946287139012afe323cca102e4aabd05b5490087c91687ea872f4b6d4c7ab38298eb508226de8dfc3574bb6d830e8344e90c6f6ced55f47a34bf320e2a2af9c63cbf1d4710e93c637747673badc4a5b27d8a7edd831296d61b6e687c66a57523cf5f3b0a9f881c9860103bb19c624177a9554d707160e6a95000000008d6f5bd90488bc782e9201c3752c38e5f35ad8d9f6d2c8d2e9f158b6f4f550adc5f8cc9d2d59e65596142434154ce81a69e27a78a31f7c51ffc5988fa46aaa0c0037000100000000000000b46d49128b032e7b38b3456630d4ab63e66a3eb3e5b09272ea239ca19a71afeae1b7c4634b7831e196ff98d3af2f7e2cc996ef39baad5894aefe9aafb626ffcb5d461739165266248068d94f87f0971e5d786fcab4e9cc8dadd7ff809ce52895971eab31ca0276e8fa877103d48fd7a244067fdb2b6d1092b58a25d9111de8ee24c84902c76ec37c883c151de9e8f051db87c55a4764e33a2cdebb26a6f01437d02988d112accd310016d47118ea10824e845d5ec9f3eec8b16eed0eb9c4f5a087f3f532d2834d97fd925002aeeeea1f54ea4975a1b85743c39693194dab0aa145cc754287dbd289795e51db8970da23e1b7b8821fbbf543a64aacfe7fe9c07b84a758287712d816e6f6a6bae0647235c0a1a70eeb0108c8751250320f0aee0cf2c0efe10297c1876b37748bb7375ae0219b66af1b4f5e21f9f921b62c1d61ea4dc1bb64219e7959835deface55afcca7cf10d8ac1e75b930546c3a50570f3c49f7898c667156c02e2fe4da21281902d35a4a3d0903c2a04fabfe8f4e3bdf27076a404fecaeba46f13522266d5e2df180b8653448b3e1b15bfcadfc7871e9e4955dabacc18df42115121a14d8a4f2200000600b10000800000"], 0x2fc}, 0x1, 0x0, 0x0, 0x8015}, 0x4000000) select$auto(0xfffffffd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0xffffffffffffffff, 0x62, 0x8000001f, 0x7, 0x2aba, 0x9, 0x2, 0x6]}, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000040)={{0x0, 0xf2cf, 0x1ff, 0x4}, "6a034a07c7b82d90b69a39e32576f893fba86c9dd051a0094a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f", 0x8}) ioctl$auto_UI_DEV_CREATE(r0, 0x5501, 0x0) write$auto(r0, 0x0, 0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/pvrusb2/parameters/vbi_nr\x00', 0x200, 0x0) r8 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/rotate\x00', 0xb02, 0x0) sendfile$auto(r8, r8, 0x0, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000140)='/dev/usbmon32\x00', 0x640, 0x0) 968.020497ms ago: executing program 2 (id=3): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x6) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x2, 0x3, 0x15f4da0a, 0x3, 0x7, 0x862, 0x80000001, 0x7, 0x1, 0x9, 0x4, 0xfdfffffffffffffe]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xec\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xbcZ|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.6f\x13h\x05b\x88\xff@Z5`\xa4m\xffb\x17\xbb\x7f\xea4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xbb\'\x00\x00\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\x00\x00', 0x100000a3d9) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/nbd7/trace/act_mask\x00', 0x120e2, 0x0) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x1000, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r3) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r5, @ANYBLOB="08009e00", @ANYRESOCT=r2], 0x24}}, 0x4000000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x6) r6 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(r6, 0x0, 0x4f, 0x200) ioctl$auto_UDF_RELOCATE_BLOCKS(r6, 0xc0086c43, &(0x7f00000001c0)=0x65b) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0004, 0x1a) setgroups$auto(0xe32, 0x0) madvise$auto(0x4, 0x8000000000000001, 0x19) ioctl$auto_SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x4c04, 0x0) capget$auto(0x0, 0xfffffffffffffffe) 487.36369ms ago: executing program 1 (id=2): setregid$auto(0x5, 0x6) socket(0xa, 0x801, 0x84) mmap$auto(0x2, 0x2, 0x3, 0xeb1, 0x8, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) r0 = syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) socket(0x10, 0x5, 0xffffffc1) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/nbd3/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r3, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0xa) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x10, 0x2, 0x0) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ipv6_route\x00', 0x101000, 0x0) pread64$auto(r4, 0x0, 0x8, 0xffff) madvise$auto(0x0, 0x200007, 0x8) setresuid$auto(0x2, 0x7, 0x8080) r5 = socket(0x10, 0x2, 0x6) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRESOCT=r2, @ANYRES16=r0, @ANYRESOCT], 0x14}, 0x1, 0x0, 0x0, 0x400c000}, 0x8044) 0s ago: executing program 3 (id=4): mmap$auto(0x0, 0x400008, 0x9f, 0x9b72, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x2, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0x200003) r1 = memfd_create$auto(0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdf2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)={0x20, r3, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}, 0x20}}, 0x2000c880) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/loop13/queue/max_sectors_kb\x00', 0x109206, 0x0) unshare$auto(0x20000080) io_uring_setup$auto(0x58, &(0x7f0000000080)={0x7fffffff, 0x2000d, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x23d8, 0x6, 0xf, 0x4000029f, 0x100, 0x7f, 0x80000, 0x6, 0x2}, {0x203, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x7, 0x100000000}}) futex$auto(0x0, 0x85, 0x2, 0x0, 0x0, 0x9) write$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)='-', 0x1) rseq$auto(0x0, 0x8000, 0x0, 0x6) fchown$auto(r1, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.235' (ED25519) to the list of known hosts. [ 97.626961][ T5824] cgroup: Unknown subsys name 'net' [ 97.823158][ T5824] cgroup: Unknown subsys name 'cpuset' [ 97.834037][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 99.762259][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.137394][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.145628][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.145681][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.161166][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.168032][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.171860][ T43] cfg80211: failed to load regulatory.db [ 102.180582][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.180925][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.189683][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.203233][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.220653][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.225625][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.235955][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.236144][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.243435][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.257549][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.265756][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.269224][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.281101][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 102.282017][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 102.310952][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 102.844549][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 102.932040][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 103.174544][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.182607][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.190437][ T5838] bridge_slave_0: entered allmulticast mode [ 103.198083][ T5838] bridge_slave_0: entered promiscuous mode [ 103.207153][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.214447][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.221748][ T5838] bridge_slave_1: entered allmulticast mode [ 103.230080][ T5838] bridge_slave_1: entered promiscuous mode [ 103.237901][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 103.319917][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 103.351145][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.382906][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.390308][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.397542][ T5851] bridge_slave_0: entered allmulticast mode [ 103.407610][ T5851] bridge_slave_0: entered promiscuous mode [ 103.417693][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.460631][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.467971][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.475443][ T5851] bridge_slave_1: entered allmulticast mode [ 103.483654][ T5851] bridge_slave_1: entered promiscuous mode [ 103.566980][ T5838] team0: Port device team_slave_0 added [ 103.589557][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.602932][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.614301][ T5838] team0: Port device team_slave_1 added [ 103.713233][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.720561][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.727757][ T5837] bridge_slave_0: entered allmulticast mode [ 103.735982][ T5837] bridge_slave_0: entered promiscuous mode [ 103.775665][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.782808][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.808840][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.821805][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.829092][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.836274][ T5837] bridge_slave_1: entered allmulticast mode [ 103.844431][ T5837] bridge_slave_1: entered promiscuous mode [ 103.854805][ T5851] team0: Port device team_slave_0 added [ 103.862377][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.869736][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.876965][ T5844] bridge_slave_0: entered allmulticast mode [ 103.885437][ T5844] bridge_slave_0: entered promiscuous mode [ 103.893596][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.900907][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.927265][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.961804][ T5851] team0: Port device team_slave_1 added [ 103.968049][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.975277][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.982905][ T5844] bridge_slave_1: entered allmulticast mode [ 103.990912][ T5844] bridge_slave_1: entered promiscuous mode [ 104.090132][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.100200][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.107208][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.134410][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.167073][ T5838] hsr_slave_0: entered promiscuous mode [ 104.174328][ T5838] hsr_slave_1: entered promiscuous mode [ 104.185959][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.199094][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.209023][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.216056][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.242377][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.249377][ T5843] Bluetooth: hci0: command tx timeout [ 104.273456][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.328057][ T5843] Bluetooth: hci2: command tx timeout [ 104.328376][ T5853] Bluetooth: hci3: command tx timeout [ 104.333632][ T5846] Bluetooth: hci1: command tx timeout [ 104.373051][ T5837] team0: Port device team_slave_0 added [ 104.399750][ T5844] team0: Port device team_slave_0 added [ 104.408887][ T5837] team0: Port device team_slave_1 added [ 104.425724][ T5844] team0: Port device team_slave_1 added [ 104.545653][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.552776][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.580055][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.592511][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.599931][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.625990][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.644410][ T5851] hsr_slave_0: entered promiscuous mode [ 104.651019][ T5851] hsr_slave_1: entered promiscuous mode [ 104.657187][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.665291][ T5851] Cannot create hsr debugfs directory [ 104.678928][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.685957][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.712011][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.723970][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.731409][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.757467][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.946999][ T5837] hsr_slave_0: entered promiscuous mode [ 104.953908][ T5837] hsr_slave_1: entered promiscuous mode [ 104.960941][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.968838][ T5837] Cannot create hsr debugfs directory [ 104.985624][ T5844] hsr_slave_0: entered promiscuous mode [ 104.992724][ T5844] hsr_slave_1: entered promiscuous mode [ 104.999279][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.006894][ T5844] Cannot create hsr debugfs directory [ 105.277126][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.307773][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.353039][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.364553][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.501637][ T5851] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 105.531351][ T5851] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 105.553112][ T5851] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 105.574692][ T5851] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 105.655011][ T5844] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 105.671289][ T5844] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 105.703857][ T5844] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 105.720668][ T5844] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 105.804360][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 105.816119][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 105.835948][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 105.865850][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 105.934845][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.013904][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.026910][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.073299][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.080649][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.119789][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.127005][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.162802][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.185752][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.219619][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.226832][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.259373][ T3979] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.266549][ T3979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.287320][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.330232][ T5846] Bluetooth: hci0: command tx timeout [ 106.332205][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.342848][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.373396][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.380630][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.408366][ T5846] Bluetooth: hci1: command tx timeout [ 106.413848][ T5846] Bluetooth: hci2: command tx timeout [ 106.420055][ T5843] Bluetooth: hci3: command tx timeout [ 106.439169][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.542914][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.614118][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.621420][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.672171][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.679411][ T3495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.816014][ T5837] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 106.841596][ T5837] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 107.083140][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.095775][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.266483][ T5838] veth0_vlan: entered promiscuous mode [ 107.292457][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.321350][ T5838] veth1_vlan: entered promiscuous mode [ 107.356551][ T5851] veth0_vlan: entered promiscuous mode [ 107.411717][ T5851] veth1_vlan: entered promiscuous mode [ 107.466578][ T5844] veth0_vlan: entered promiscuous mode [ 107.475026][ T5838] veth0_macvtap: entered promiscuous mode [ 107.496200][ T5838] veth1_macvtap: entered promiscuous mode [ 107.516835][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.530546][ T5844] veth1_vlan: entered promiscuous mode [ 107.558285][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.579251][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.602750][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.614315][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.624696][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.633790][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.655815][ T5851] veth0_macvtap: entered promiscuous mode [ 107.721458][ T5851] veth1_macvtap: entered promiscuous mode [ 107.791534][ T5844] veth0_macvtap: entered promiscuous mode [ 107.823697][ T5837] veth0_vlan: entered promiscuous mode [ 107.832411][ T5844] veth1_macvtap: entered promiscuous mode [ 107.847380][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.874116][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.883939][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.902808][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.907345][ T5851] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.924282][ T5851] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.934077][ T5851] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.943542][ T5851] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.987622][ T5837] veth1_vlan: entered promiscuous mode [ 108.003673][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.021392][ T3495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.029608][ T3495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.072027][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.125027][ T5844] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.143696][ T5844] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.153056][ T5844] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.162287][ T5844] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.191414][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 108.240881][ T5837] veth0_macvtap: entered promiscuous mode [ 108.275651][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.288420][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.377303][ T5837] veth1_macvtap: entered promiscuous mode [ 108.418861][ T5846] Bluetooth: hci0: command tx timeout [ 108.435972][ T4497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.463363][ T4497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.488524][ T5846] Bluetooth: hci2: command tx timeout [ 108.494057][ T5843] Bluetooth: hci3: command tx timeout [ 108.494830][ T5853] Bluetooth: hci1: command tx timeout [ 108.580139][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.616830][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.649288][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.715153][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.732301][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.741875][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.758434][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.767304][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.910037][ T3495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.918756][ T3495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.167571][ T5938] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 109.209394][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.217292][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.284874][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 109.458823][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.459730][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.468380][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.472342][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.472388][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.842467][ T5945] [ 109.842482][ T5945] ====================================================== [ 109.842494][ T5945] WARNING: possible circular locking dependency detected [ 109.842521][ T5945] 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 Not tainted [ 109.842541][ T5945] ------------------------------------------------------ [ 109.842553][ T5945] syz.1.2/5945 is trying to acquire lock: [ 109.842571][ T5945] ffffffff8e266b50 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 109.842665][ T5945] [ 109.842665][ T5945] but task is already holding lock: [ 109.842676][ T5945] ffff888026630c70 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 109.842763][ T5945] [ 109.842763][ T5945] which lock already depends on the new lock. [ 109.842763][ T5945] [ 109.842774][ T5945] [ 109.842774][ T5945] the existing dependency chain (in reverse order) is: [ 109.842786][ T5945] [ 109.842786][ T5945] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 109.842831][ T5945] __mutex_lock+0x199/0xb90 [ 109.842860][ T5945] wbt_init+0x393/0x540 [ 109.842892][ T5945] queue_wb_lat_store+0x354/0x3d0 [ 109.842929][ T5945] queue_attr_store+0x279/0x320 [ 109.842957][ T5945] sysfs_kf_write+0xf2/0x150 [ 109.842994][ T5945] kernfs_fop_write_iter+0x351/0x510 [ 109.843027][ T5945] vfs_write+0x6c7/0x1150 [ 109.843072][ T5945] ksys_write+0x12a/0x250 [ 109.843118][ T5945] do_syscall_64+0xcd/0x490 [ 109.843165][ T5945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.843211][ T5945] [ 109.843211][ T5945] -> #2 (&q->q_usage_counter(io)#52){++++}-{0:0}: [ 109.843284][ T5945] blk_alloc_queue+0x619/0x760 [ 109.843324][ T5945] blk_mq_alloc_queue+0x175/0x290 [ 109.843373][ T5945] __blk_mq_alloc_disk+0x29/0x120 [ 109.843424][ T5945] nbd_dev_add+0x4a0/0xbc0 [ 109.843474][ T5945] nbd_init+0x181/0x320 [ 109.843518][ T5945] do_one_initcall+0x120/0x6e0 [ 109.843550][ T5945] kernel_init_freeable+0x5c2/0x900 [ 109.843596][ T5945] kernel_init+0x1c/0x2b0 [ 109.843634][ T5945] ret_from_fork+0x5d7/0x6f0 [ 109.843677][ T5945] ret_from_fork_asm+0x1a/0x30 [ 109.843709][ T5945] [ 109.843709][ T5945] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 109.843753][ T5945] fs_reclaim_acquire+0x102/0x150 [ 109.843791][ T5945] __kmalloc_cache_node_noprof+0x53/0x420 [ 109.843840][ T5945] create_worker+0x10f/0x7e0 [ 109.843883][ T5945] workqueue_prepare_cpu+0xb5/0x160 [ 109.843934][ T5945] cpuhp_invoke_callback+0x3d5/0xa10 [ 109.843968][ T5945] __cpuhp_invoke_callback_range+0x101/0x210 [ 109.844004][ T5945] _cpu_up+0x3f5/0x930 [ 109.844038][ T5945] cpu_up+0x1dc/0x240 [ 109.844073][ T5945] cpuhp_bringup_mask+0xd8/0x210 [ 109.844121][ T5945] bringup_nonboot_cpus+0x176/0x1c0 [ 109.844170][ T5945] smp_init+0x34/0x160 [ 109.844203][ T5945] kernel_init_freeable+0x3a8/0x900 [ 109.844248][ T5945] kernel_init+0x1c/0x2b0 [ 109.844298][ T5945] ret_from_fork+0x5d7/0x6f0 [ 109.844338][ T5945] ret_from_fork_asm+0x1a/0x30 [ 109.844369][ T5945] [ 109.844369][ T5945] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 109.844413][ T5945] __lock_acquire+0x126f/0x1c90 [ 109.844454][ T5945] lock_acquire+0x179/0x350 [ 109.844492][ T5945] cpus_read_lock+0x42/0x160 [ 109.844523][ T5945] static_key_slow_inc+0x12/0x30 [ 109.844567][ T5945] rq_qos_add+0x2f8/0x4b0 [ 109.844610][ T5945] wbt_init+0x3a9/0x540 [ 109.844642][ T5945] queue_wb_lat_store+0x354/0x3d0 [ 109.844669][ T5945] queue_attr_store+0x279/0x320 [ 109.844696][ T5945] sysfs_kf_write+0xf2/0x150 [ 109.844733][ T5945] kernfs_fop_write_iter+0x351/0x510 [ 109.844767][ T5945] vfs_write+0x6c7/0x1150 [ 109.844811][ T5945] ksys_write+0x12a/0x250 [ 109.844856][ T5945] do_syscall_64+0xcd/0x490 [ 109.844885][ T5945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.844929][ T5945] [ 109.844929][ T5945] other info that might help us debug this: [ 109.844929][ T5945] [ 109.844939][ T5945] Chain exists of: [ 109.844939][ T5945] cpu_hotplug_lock --> &q->q_usage_counter(io)#52 --> &q->rq_qos_mutex [ 109.844939][ T5945] [ 109.845000][ T5945] Possible unsafe locking scenario: [ 109.845000][ T5945] [ 109.845009][ T5945] CPU0 CPU1 [ 109.845017][ T5945] ---- ---- [ 109.845026][ T5945] lock(&q->rq_qos_mutex); [ 109.845046][ T5945] lock(&q->q_usage_counter(io)#52); [ 109.845078][ T5945] lock(&q->rq_qos_mutex); [ 109.845101][ T5945] rlock(cpu_hotplug_lock); [ 109.845121][ T5945] [ 109.845121][ T5945] *** DEADLOCK *** [ 109.845121][ T5945] [ 109.845129][ T5945] 7 locks held by syz.1.2/5945: [ 109.845146][ T5945] #0: ffff88803288c638 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 109.845237][ T5945] #1: ffff888036948428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 109.845334][ T5945] #2: ffff88805c67e888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 109.845414][ T5945] #3: ffff888025d6d878 (kn->active#62){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 109.845502][ T5945] #4: ffff888026630a70 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 109.845597][ T5945] #5: ffff888026630aa8 (&q->q_usage_counter(queue)#4){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 109.845695][ T5945] #6: ffff888026630c70 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 109.845773][ T5945] [ 109.845773][ T5945] stack backtrace: [ 109.845794][ T5945] CPU: 1 UID: 0 PID: 5945 Comm: syz.1.2 Not tainted 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) [ 109.845834][ T5945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.845858][ T5945] Call Trace: [ 109.845871][ T5945] [ 109.845888][ T5945] dump_stack_lvl+0x116/0x1f0 [ 109.845929][ T5945] print_circular_bug+0x275/0x350 [ 109.845972][ T5945] check_noncircular+0x14c/0x170 [ 109.846009][ T5945] ? irqentry_exit+0x3b/0x90 [ 109.846043][ T5945] __lock_acquire+0x126f/0x1c90 [ 109.846091][ T5945] lock_acquire+0x179/0x350 [ 109.846131][ T5945] ? static_key_slow_inc+0x12/0x30 [ 109.846177][ T5945] ? __pfx___might_resched+0x10/0x10 [ 109.846213][ T5945] cpus_read_lock+0x42/0x160 [ 109.846246][ T5945] ? static_key_slow_inc+0x12/0x30 [ 109.846292][ T5945] static_key_slow_inc+0x12/0x30 [ 109.846335][ T5945] rq_qos_add+0x2f8/0x4b0 [ 109.846381][ T5945] wbt_init+0x3a9/0x540 [ 109.846417][ T5945] queue_wb_lat_store+0x354/0x3d0 [ 109.846448][ T5945] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 109.846480][ T5945] ? __mutex_trylock_common+0xe9/0x250 [ 109.846525][ T5945] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 109.846555][ T5945] queue_attr_store+0x279/0x320 [ 109.846585][ T5945] ? __pfx_queue_attr_store+0x10/0x10 [ 109.846614][ T5945] ? __lock_acquire+0x622/0x1c90 [ 109.846664][ T5945] ? find_held_lock+0x2b/0x80 [ 109.846694][ T5945] ? sysfs_file_kobj+0xe4/0x290 [ 109.846735][ T5945] ? __pfx_queue_attr_store+0x10/0x10 [ 109.846765][ T5945] sysfs_kf_write+0xf2/0x150 [ 109.846805][ T5945] kernfs_fop_write_iter+0x351/0x510 [ 109.846840][ T5945] ? __pfx_sysfs_kf_write+0x10/0x10 [ 109.846881][ T5945] vfs_write+0x6c7/0x1150 [ 109.846937][ T5945] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 109.846974][ T5945] ? __pfx___mutex_lock+0x10/0x10 [ 109.847005][ T5945] ? __pfx_vfs_write+0x10/0x10 [ 109.847063][ T5945] ksys_write+0x12a/0x250 [ 109.847109][ T5945] ? __pfx_ksys_write+0x10/0x10 [ 109.847162][ T5945] do_syscall_64+0xcd/0x490 [ 109.847193][ T5945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.847225][ T5945] RIP: 0033:0x7fae5738e929 [ 109.847255][ T5945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.847286][ T5945] RSP: 002b:00007fae582b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 109.847316][ T5945] RAX: ffffffffffffffda RBX: 00007fae575b6080 RCX: 00007fae5738e929 [ 109.847337][ T5945] RDX: 0000000000000081 RSI: 00002000000001c0 RDI: 0000000000000007 [ 109.847357][ T5945] RBP: 00007fae57410b39 R08: 0000000000000000 R09: 0000000000000000 [ 109.847376][ T5945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.847395][ T5945] R13: 0000000000000000 R14: 00007fae575b6080 R15: 00007ffe54da0de8 [ 109.847424][ T5945] [ 110.488016][ T5853] Bluetooth: hci0: command tx timeout [ 110.568254][ T5853] Bluetooth: hci1: command tx timeout [ 110.568293][ T5853] Bluetooth: hci2: command tx timeout [ 110.568321][ T5853] Bluetooth: hci3: command tx timeout [ 111.138053][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.138452][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.148292][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.148529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!