last executing test programs: 2.04968639s ago: executing program 1 (id=2): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3, 0x0) close_range$auto(r0, 0x8, 0x2) openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ubifs/chk_fs\x00', 0x400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.10/usb30/ep_00/bmAttributes\x00', 0x12b5c0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram3\x00', 0x1035c0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/machinecheck/machinecheck1/cmci_disabled\x00', 0x20102, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) fallocate$auto(r1, 0xa, 0xd, 0xcbd5f) memfd_secret$auto(0x0) mmap$auto(0x0, 0x40dbe7, 0x2, 0x13, 0x3, 0x6) pipe2$auto(0x0, 0x80) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) readv$auto(0x3, &(0x7f0000000040)={&(0x7f0000000000), 0x36a}, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) 2.016718179s ago: executing program 3 (id=4): mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$auto(r0, 0x7, 0x3) fcntl$auto(0x8000000000000001, 0x26, 0x8) close_range$auto(0x0, 0xfffffffffffff000, 0x0) write$auto_random_fops_random(r1, &(0x7f0000000140)="06d54f02e3c606011ee8eee3ae59d36146d5840b85294e26a5a95bed4f1c61a3495106abb8ed7446a1949cad5bf337f483c5d57c62f4818d96d5bcc2e999f4911420c92475f89b58104f54978026b7413b0f68e782e25985e5ee3b39d9006ccf0d149945cce3fffe3af049cba148856e4beba5e7f669de185ea2b52ac102082ea829e5f310a51e15d47585d3f98b14a7fb7e2b53c5a2d748eb28e60dac488e53aa33df0eb5287fa81ddb35d8611e088a4467b73f93ce9f2f1806cfdd9d980921fffd620730898e6caea5f556b84a21142dab959ce13d55c6962145641ee1ebb52f787b0be382cc38c17fcf8f0dde5bf2f1c87eb736f671750e", 0xf9) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SOUND_PCM_READ_BITS(r2, 0x80045005, &(0x7f0000000040)) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000003900)='\t', 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/module/i915/parameters/mitigations\x00', 0x80302, 0x0) sendfile$auto(r3, r3, 0x0, 0x7ffff000) 1.785162066s ago: executing program 3 (id=5): socket(0xa, 0x2, 0x4) syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x64c8, 0x1e2) bind$auto(0x3, 0x0, 0x6a) sendmmsg$auto(r0, 0x0, 0x5, 0x20000000) unshare$auto(0x40000080) madvise$auto(0x0, 0xf43, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0x8, 0x3, 0x105, 0x7, 0x4, 0xffffffff, 0x5, 0x0, 0x0, 0x22d, 0x0, 0x0, 0x0, 0x2, 0x0, [0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0x81) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.256983062s ago: executing program 1 (id=6): socket(0xa, 0x2, 0x4) syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x64c8, 0x1e2) bind$auto(0x3, 0x0, 0x6a) sendmmsg$auto(r0, 0x0, 0x5, 0x20000000) unshare$auto(0x40000080) madvise$auto(0x0, 0xf43, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0x8, 0x3, 0x105, 0x7, 0x4, 0xffffffff, 0x5, 0x0, 0x0, 0x22d, 0x0, 0x0, 0x0, 0x2, 0x0, [0x0, 0x0, 0x0, 0x9, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.053070036s ago: executing program 0 (id=1): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r0 = socket(0x2b, 0x1, 0x1) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) sendmsg$auto_NFC_CMD_DEP_LINK_DOWN(r0, 0x0, 0x20000001) madvise$auto(0x0, 0xffffffffffff0004, 0x19) kill$auto(0x0, 0x21) madvise$auto(0x0, 0x200007, 0x8) madvise$auto(0x0, 0x2003f0, 0x15) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_MPP(r0, 0x0, 0x880) munmap$auto(0x8000, 0xffffffff) syz_genetlink_get_family_id$auto_nfc(&(0x7f00000000c0), r0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x400000eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x10000000000048, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) io_uring_enter$auto(r1, 0x8001, 0x80, 0xf, &(0x7f0000000040)="6f6fdfc624482b6feebecf0c6f9b95dfda4c61249e97790decc0a3b8885108e61e06e4de584eb953737116e751be9b06447d68ceb2fbe4cab38f1f351737e8a1acfa09e4ad456d9b26a7f85a39540a7cb4f7adedabc87237db4dc316f7f529c11804c2db4dbf598c1ea68248f57e56", 0x5) read$auto(r1, 0x0, 0xb4d3) r2 = ioctl$auto_SIOCGIFHWADDR2(0xffffffffffffffff, 0x8927, &(0x7f0000000100)="deee84db") ioctl$auto_SNDRV_PCM_IOCTL_DRAIN2(r2, 0x4144, 0x0) 1.049622798s ago: executing program 2 (id=3): r0 = open(0x0, 0xeee00, 0x31) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/midiC2D0\x00', 0x80102, 0x0) readv$auto(0x3, 0x0, 0x100000007) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x7ff, 0x5, 0x8, 0x18, 0xffffffffffffffff, 0x3) close_range$auto(0x2, 0x8, 0x4) socket(0x11, 0x80002, 0xf) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/console\x00', 0x40040, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@OVS_DP_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) unshare$auto(0x40000080) mmap$auto(0x2, 0x8000000007, 0x4, 0xfb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev3\x00', 0x20081, 0x0) ioctl$auto(r3, 0xc0845657, r3) r4 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r4, 0x107, 0x2, 0x0, 0x28) sendmsg$auto_NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, 0x0, 0x2f1f31acb9aa6917) syz_genetlink_get_family_id$auto_macsec(0x0, r0) socket(0x1e, 0xa, 0xfffffffc) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xf0, 0x200008fd6, 0x948b, 0x6, 0x15f4da0a, 0x2000003, 0x3, 0x64, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) 500.054287ms ago: executing program 3 (id=7): r0 = open(0x0, 0xeee00, 0x31) unshare$auto(0x40000080) r1 = socket(0x22, 0x2, 0x1c00) readv$auto(0x3, 0x0, 0x100000007) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0x7ff, 0x5, 0x8, 0x18, r1, 0x3) close_range$auto(0x2, 0x8, 0x4) socket(0x11, 0x80002, 0xf) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/console\x00', 0x40040, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@OVS_DP_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) unshare$auto(0x40000080) mmap$auto(0x2, 0x8000000007, 0x4, 0xfb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev3\x00', 0x20081, 0x0) ioctl$auto(r4, 0xc0845657, r4) r5 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r5, 0x107, 0x2, 0x0, 0x28) sendmsg$auto_NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, 0x0, 0x2f1f31acb9aa6917) syz_genetlink_get_family_id$auto_macsec(0x0, r0) socket(0x1e, 0xa, 0xfffffffc) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xf0, 0x200008fd6, 0x948b, 0x6, 0x15f4da0a, 0x2000003, 0x3, 0x64, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) 0s ago: executing program 2 (id=8): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r0, 0x400454ca, 0x38) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r2, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, r0, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x7d, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, r0, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r3, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket(0xa, 0x3, 0x3c) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r6, 0x5609, r5) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x474ee) ioctl$auto_NS_GET_PID_FROM_PIDNS(r3, 0x8004b706, &(0x7f0000000180)=0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xfffffffffffffe7f, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="000229bd0080fbdbdf350a0000000800fbffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x20000050}, 0x400c0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.164' (ED25519) to the list of known hosts. syzkaller login: [ 88.896247][ T5827] cgroup: Unknown subsys name 'net' [ 89.088848][ T5827] cgroup: Unknown subsys name 'cpuset' [ 89.098922][ T5827] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.891827][ T5827] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 93.084367][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.092351][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.100418][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.115650][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.123531][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.165112][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 93.173081][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 93.182085][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 93.191334][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 93.199663][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 93.235081][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 93.243412][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 93.251212][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 93.259385][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 93.267455][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 93.311801][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 93.323634][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 93.335399][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 93.343692][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 93.354035][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.553886][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 93.820911][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.828614][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.836360][ T5836] bridge_slave_0: entered allmulticast mode [ 93.844375][ T5836] bridge_slave_0: entered promiscuous mode [ 93.854514][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.861984][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.869511][ T5836] bridge_slave_1: entered allmulticast mode [ 93.877565][ T5836] bridge_slave_1: entered promiscuous mode [ 93.976067][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 94.017692][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.027290][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 94.058608][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.116315][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 94.148811][ T5836] team0: Port device team_slave_0 added [ 94.158216][ T5836] team0: Port device team_slave_1 added [ 94.219049][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.226801][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.252841][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.272415][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.279643][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.305978][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.355827][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.362949][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.370287][ T5840] bridge_slave_0: entered allmulticast mode [ 94.377776][ T5840] bridge_slave_0: entered promiscuous mode [ 94.386053][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.393194][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.400601][ T5840] bridge_slave_1: entered allmulticast mode [ 94.408805][ T5840] bridge_slave_1: entered promiscuous mode [ 94.478485][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.486780][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.493914][ T5847] bridge_slave_0: entered allmulticast mode [ 94.501689][ T5847] bridge_slave_0: entered promiscuous mode [ 94.543149][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.550520][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.557846][ T5847] bridge_slave_1: entered allmulticast mode [ 94.565952][ T5847] bridge_slave_1: entered promiscuous mode [ 94.589416][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.617421][ T5836] hsr_slave_0: entered promiscuous mode [ 94.623768][ T5836] hsr_slave_1: entered promiscuous mode [ 94.648861][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.660850][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.697735][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.705046][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.712258][ T5842] bridge_slave_0: entered allmulticast mode [ 94.720223][ T5842] bridge_slave_0: entered promiscuous mode [ 94.730420][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.753951][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.761335][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.768760][ T5842] bridge_slave_1: entered allmulticast mode [ 94.776174][ T5842] bridge_slave_1: entered promiscuous mode [ 94.810486][ T5840] team0: Port device team_slave_0 added [ 94.857126][ T5840] team0: Port device team_slave_1 added [ 94.865932][ T5847] team0: Port device team_slave_0 added [ 94.881812][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.895554][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.931337][ T5847] team0: Port device team_slave_1 added [ 94.988240][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.995422][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.021715][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.055798][ T5842] team0: Port device team_slave_0 added [ 95.062392][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.069693][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.095787][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.107591][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.114559][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.140891][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.160456][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.167496][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.193568][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.204217][ T5839] Bluetooth: hci0: command tx timeout [ 95.212492][ T5842] team0: Port device team_slave_1 added [ 95.275026][ T5839] Bluetooth: hci1: command tx timeout [ 95.292558][ T5840] hsr_slave_0: entered promiscuous mode [ 95.299386][ T5840] hsr_slave_1: entered promiscuous mode [ 95.305933][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.313639][ T5840] Cannot create hsr debugfs directory [ 95.355500][ T5839] Bluetooth: hci2: command tx timeout [ 95.373662][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.380707][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.407052][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.434783][ T5839] Bluetooth: hci3: command tx timeout [ 95.455115][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.462243][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.488406][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.517177][ T5847] hsr_slave_0: entered promiscuous mode [ 95.523473][ T5847] hsr_slave_1: entered promiscuous mode [ 95.530290][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.537936][ T5847] Cannot create hsr debugfs directory [ 95.708153][ T5842] hsr_slave_0: entered promiscuous mode [ 95.714979][ T5842] hsr_slave_1: entered promiscuous mode [ 95.721126][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.728791][ T5842] Cannot create hsr debugfs directory [ 95.870610][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.907925][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.924510][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.957429][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.090494][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.103874][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.117396][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.129936][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.227180][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.244468][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.265130][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.276507][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.386536][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.423765][ T5842] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.438495][ T5842] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.451617][ T5842] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.463983][ T5842] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.500754][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.513153][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.553945][ T1171] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.561320][ T1171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.597771][ T1171] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.604958][ T1171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.649402][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.686311][ T3487] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.693479][ T3487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.747913][ T1171] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.755157][ T1171] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.780665][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.820276][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.821899][ T9] cfg80211: failed to load regulatory.db [ 96.914349][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.942610][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.949765][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.996686][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.003858][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.080896][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.133690][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.192945][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.200192][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.265474][ T3487] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.272649][ T3487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.279656][ T5839] Bluetooth: hci0: command tx timeout [ 97.354831][ T5839] Bluetooth: hci1: command tx timeout [ 97.392391][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.435953][ T5839] Bluetooth: hci2: command tx timeout [ 97.452470][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.515843][ T5839] Bluetooth: hci3: command tx timeout [ 97.632235][ T5836] veth0_vlan: entered promiscuous mode [ 97.665643][ T5840] veth0_vlan: entered promiscuous mode [ 97.682460][ T5840] veth1_vlan: entered promiscuous mode [ 97.701566][ T5836] veth1_vlan: entered promiscuous mode [ 97.781300][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.793203][ T5840] veth0_macvtap: entered promiscuous mode [ 97.805256][ T5836] veth0_macvtap: entered promiscuous mode [ 97.835963][ T5840] veth1_macvtap: entered promiscuous mode [ 97.850052][ T5836] veth1_macvtap: entered promiscuous mode [ 97.900304][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.918392][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.932791][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.945499][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.959285][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.971105][ T5840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.980479][ T5840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.990961][ T5840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.000426][ T5840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.025979][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.037072][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.046619][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.057264][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.102320][ T5847] veth0_vlan: entered promiscuous mode [ 98.199028][ T5847] veth1_vlan: entered promiscuous mode [ 98.258820][ T5842] veth0_vlan: entered promiscuous mode [ 98.264597][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.284053][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.314206][ T1171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.326061][ T5842] veth1_vlan: entered promiscuous mode [ 98.332876][ T1171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.382830][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.391074][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.408807][ T5847] veth0_macvtap: entered promiscuous mode [ 98.442210][ T5847] veth1_macvtap: entered promiscuous mode [ 98.462131][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.481777][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.490101][ T5842] veth0_macvtap: entered promiscuous mode [ 98.520512][ T5842] veth1_macvtap: entered promiscuous mode [ 98.522445][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 98.544116][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.558221][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.582551][ T5847] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.591636][ T5847] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.600855][ T5847] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.610506][ T5847] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.670753][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.710415][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.771822][ T5842] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.799553][ T5842] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.822408][ T5842] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.839870][ T5926] Setting dangerous option i915.mitigations - tainting kernel [ 98.847901][ T5842] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.020496][ T1171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.040837][ T1171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.131618][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.162515][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.269135][ T3456] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.300294][ T3456] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.350143][ T3487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.359381][ T5839] Bluetooth: hci0: command tx timeout [ 99.388588][ T3487] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.434888][ T5839] Bluetooth: hci1: command tx timeout [ 99.515398][ T5839] Bluetooth: hci2: command tx timeout [ 99.595262][ T5839] Bluetooth: hci3: command tx timeout [ 99.863940][ T5946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 100.398046][ T5956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7'. [ 100.962760][ T5945] mmap: syz.0.1 (5945) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 101.123442][ T5964] [ 101.125836][ T5964] ====================================================== [ 101.132886][ T5964] WARNING: possible circular locking dependency detected [ 101.139946][ T5964] 6.15.0-syzkaller-13473-gc0c9379f235d #0 Tainted: G U [ 101.148302][ T5964] ------------------------------------------------------ [ 101.155352][ T5964] syz.2.8/5964 is trying to acquire lock: [ 101.161116][ T5964] ffffffff8e52f4c8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 101.170763][ T5964] [ 101.170763][ T5964] but task is already holding lock: [ 101.178144][ T5964] ffff888142f027c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 101.189453][ T5964] [ 101.189453][ T5964] which lock already depends on the new lock. [ 101.189453][ T5964] [ 101.199891][ T5964] [ 101.199891][ T5964] the existing dependency chain (in reverse order) is: [ 101.208956][ T5964] [ 101.208956][ T5964] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 101.217646][ T5964] blk_alloc_queue+0x619/0x760 [ 101.222978][ T5964] blk_mq_alloc_queue+0x175/0x290 [ 101.228583][ T5964] __blk_mq_alloc_disk+0x29/0x120 [ 101.234182][ T5964] loop_add+0x49e/0xb70 [ 101.238897][ T5964] loop_init+0x164/0x270 [ 101.243708][ T5964] do_one_initcall+0x120/0x6e0 [ 101.249031][ T5964] kernel_init_freeable+0x5c2/0x900 [ 101.254803][ T5964] kernel_init+0x1c/0x2b0 [ 101.259696][ T5964] ret_from_fork+0x5d7/0x6f0 [ 101.264855][ T5964] ret_from_fork_asm+0x1a/0x30 [ 101.270265][ T5964] [ 101.270265][ T5964] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 101.277533][ T5964] fs_reclaim_acquire+0x102/0x150 [ 101.283104][ T5964] prepare_alloc_pages+0x162/0x610 [ 101.288767][ T5964] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 101.295219][ T5964] __alloc_pages_noprof+0xb/0x1b0 [ 101.300800][ T5964] pcpu_populate_chunk+0x110/0xb00 [ 101.306469][ T5964] pcpu_alloc_noprof+0x86a/0x1470 [ 101.312051][ T5964] xt_percpu_counter_alloc+0x13e/0x1b0 [ 101.318096][ T5964] translate_table+0xe3b/0x1c10 [ 101.323490][ T5964] arpt_register_table+0x102/0x410 [ 101.329142][ T5964] arptable_filter_table_init+0x40/0x60 [ 101.335234][ T5964] xt_find_table_lock+0x2e4/0x520 [ 101.340825][ T5964] xt_request_find_table_lock+0x28/0xf0 [ 101.346931][ T5964] get_info+0x19e/0x620 [ 101.351630][ T5964] do_arpt_get_ctl+0x42d/0x900 [ 101.356933][ T5964] nf_getsockopt+0x79/0xe0 [ 101.361899][ T5964] ip_getsockopt+0x18c/0x1e0 [ 101.367042][ T5964] tcp_getsockopt+0x9e/0x100 [ 101.372183][ T5964] do_sock_getsockopt+0x3ff/0x800 [ 101.377753][ T5964] __sys_getsockopt+0x123/0x1b0 [ 101.383163][ T5964] __x64_sys_getsockopt+0xbd/0x160 [ 101.388843][ T5964] do_syscall_64+0xcd/0x490 [ 101.393911][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.400352][ T5964] [ 101.400352][ T5964] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 101.408128][ T5964] __lock_acquire+0x126f/0x1c90 [ 101.413541][ T5964] lock_acquire+0x179/0x350 [ 101.418604][ T5964] __mutex_lock+0x199/0xb90 [ 101.423651][ T5964] pcpu_alloc_noprof+0xb4c/0x1470 [ 101.429234][ T5964] blk_stat_alloc_callback+0xc8/0x280 [ 101.435151][ T5964] wbt_init+0xac/0x540 [ 101.439763][ T5964] queue_wb_lat_store+0x354/0x3d0 [ 101.445337][ T5964] queue_attr_store+0x279/0x320 [ 101.450725][ T5964] sysfs_kf_write+0xef/0x150 [ 101.455864][ T5964] kernfs_fop_write_iter+0x354/0x510 [ 101.461700][ T5964] vfs_write+0x6c4/0x1150 [ 101.466587][ T5964] ksys_write+0x12a/0x250 [ 101.471488][ T5964] do_syscall_64+0xcd/0x490 [ 101.476534][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.482983][ T5964] [ 101.482983][ T5964] other info that might help us debug this: [ 101.482983][ T5964] [ 101.493221][ T5964] Chain exists of: [ 101.493221][ T5964] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#18 [ 101.493221][ T5964] [ 101.506920][ T5964] Possible unsafe locking scenario: [ 101.506920][ T5964] [ 101.514388][ T5964] CPU0 CPU1 [ 101.519767][ T5964] ---- ---- [ 101.525147][ T5964] lock(&q->q_usage_counter(io)#18); [ 101.530547][ T5964] lock(fs_reclaim); [ 101.537076][ T5964] lock(&q->q_usage_counter(io)#18); [ 101.545003][ T5964] lock(pcpu_alloc_mutex); [ 101.549525][ T5964] [ 101.549525][ T5964] *** DEADLOCK *** [ 101.549525][ T5964] [ 101.557676][ T5964] 6 locks held by syz.2.8/5964: [ 101.562539][ T5964] #0: ffff888032162b78 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 101.571638][ T5964] #1: ffff888024670428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 101.580668][ T5964] #2: ffff88805e292088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 101.590469][ T5964] #3: ffff8880254ae968 (kn->active#60){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 101.600523][ T5964] #4: ffff888142f027c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 101.612237][ T5964] #5: ffff888142f02800 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 101.624216][ T5964] [ 101.624216][ T5964] stack backtrace: [ 101.630129][ T5964] CPU: 0 UID: 0 PID: 5964 Comm: syz.2.8 Tainted: G U 6.15.0-syzkaller-13473-gc0c9379f235d #0 PREEMPT(full) [ 101.630166][ T5964] Tainted: [U]=USER [ 101.630174][ T5964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 101.630191][ T5964] Call Trace: [ 101.630202][ T5964] [ 101.630214][ T5964] dump_stack_lvl+0x116/0x1f0 [ 101.630261][ T5964] print_circular_bug+0x275/0x350 [ 101.630295][ T5964] check_noncircular+0x14c/0x170 [ 101.630330][ T5964] __lock_acquire+0x126f/0x1c90 [ 101.630369][ T5964] lock_acquire+0x179/0x350 [ 101.630400][ T5964] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 101.630438][ T5964] ? __pfx___might_resched+0x10/0x10 [ 101.630464][ T5964] ? ksys_write+0x12a/0x250 [ 101.630500][ T5964] ? do_syscall_64+0xcd/0x490 [ 101.630523][ T5964] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.630550][ T5964] __mutex_lock+0x199/0xb90 [ 101.630573][ T5964] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 101.630609][ T5964] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 101.630646][ T5964] ? __pfx___mutex_lock+0x10/0x10 [ 101.630678][ T5964] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 101.630712][ T5964] pcpu_alloc_noprof+0xb4c/0x1470 [ 101.630753][ T5964] ? __pfx_wbt_data_dir+0x10/0x10 [ 101.630791][ T5964] ? __pfx_wb_timer_fn+0x10/0x10 [ 101.630817][ T5964] blk_stat_alloc_callback+0xc8/0x280 [ 101.630843][ T5964] ? kasan_save_track+0x14/0x30 [ 101.630883][ T5964] wbt_init+0xac/0x540 [ 101.630911][ T5964] queue_wb_lat_store+0x354/0x3d0 [ 101.630935][ T5964] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 101.630980][ T5964] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 101.631021][ T5964] queue_attr_store+0x279/0x320 [ 101.631044][ T5964] ? __pfx_queue_attr_store+0x10/0x10 [ 101.631075][ T5964] ? irqentry_exit+0x3b/0x90 [ 101.631096][ T5964] ? lockdep_hardirqs_on+0x7c/0x110 [ 101.631137][ T5964] ? __pfx_queue_attr_store+0x10/0x10 [ 101.631163][ T5964] ? __pfx_queue_attr_store+0x10/0x10 [ 101.631186][ T5964] sysfs_kf_write+0xef/0x150 [ 101.631217][ T5964] kernfs_fop_write_iter+0x354/0x510 [ 101.631243][ T5964] ? __pfx_sysfs_kf_write+0x10/0x10 [ 101.631276][ T5964] vfs_write+0x6c4/0x1150 [ 101.631312][ T5964] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 101.631340][ T5964] ? __pfx___mutex_lock+0x10/0x10 [ 101.631363][ T5964] ? __pfx_vfs_write+0x10/0x10 [ 101.631408][ T5964] ksys_write+0x12a/0x250 [ 101.631445][ T5964] ? __pfx_ksys_write+0x10/0x10 [ 101.631485][ T5964] do_syscall_64+0xcd/0x490 [ 101.631510][ T5964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.631535][ T5964] RIP: 0033:0x7ff4afb8e929 [ 101.631558][ T5964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.631582][ T5964] RSP: 002b:00007ff4b0a25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 101.631604][ T5964] RAX: ffffffffffffffda RBX: 00007ff4afdb6160 RCX: 00007ff4afb8e929 [ 101.631621][ T5964] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000005 [ 101.631636][ T5964] RBP: 00007ff4afc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 101.631651][ T5964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.631666][ T5964] R13: 0000000000000000 R14: 00007ff4afdb6160 R15: 00007ffec1496c38 [ 101.631689][ T5964] [ 101.964710][ T5839] Bluetooth: hci0: command tx timeout [ 101.970190][ T5839] Bluetooth: hci1: command tx timeout [ 101.975656][ T5839] Bluetooth: hci2: command tx timeout [ 101.981068][ T5839] Bluetooth: hci3: command tx timeout [ 102.140733][ T5966] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.