last executing test programs: 1.900203547s ago: executing program 0 (id=1): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x801, 0x106) setsockopt$auto(r0, 0x6, 0x3, 0x0, 0xa1) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x62000, 0x0) read$auto_tracing_buffers_fops_trace(r1, &(0x7f00000002c0)=""/4096, 0x1000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) socket(0x2000000000000021, 0x2, 0x10000000000002) ioctl$auto_KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000080)={0x7, [0x4d, 0xfffffb23, 0xf2, 0x5f, 0x7, 0xa]}) ioctl$auto(0xffffffffffffffff, 0x800064c1, 0xffffffffffffffff) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x9) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000040), 0x481, 0x0) open(0x0, 0x40a00, 0x1c7) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x2000, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x7) setresuid$auto(0x0, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x20802, 0x0) r4 = open(0x0, 0x22240, 0x55) statx$auto(r4, 0x0, 0x1003, 0x4005, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_NEW_SEC_DEV(r4, 0x0, 0x0) 1.403474469s ago: executing program 1 (id=2): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000b40), r0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x11, 0x4, 0xfffffffe) mmap$auto(0x0, 0x2020009, 0x8000000000000006, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x1, 0x0) sysfs$auto(0x2, 0x10, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40080, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 1.064446685s ago: executing program 1 (id=5): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0xfffffffffffffffd, 0x810004, 0xe, 0x8000000008011, r0, 0x4) syz_open_procfs$namespace(0x0, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x35}}, 0x54) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) keyctl$auto(0x6, 0xfffffffffffffffd, 0xee01, 0x0, 0xfff) mremap$auto(0x0, 0xbfffffffffffffff, 0x401, 0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) preadv2$auto(r0, 0x0, 0x6, 0x3, 0x4, 0x2a) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r1, 0x8000) mprotect$auto(0x1000, 0x401000, 0x4) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/024/001\x00', 0xa901, 0x0) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0xc, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 969.126886ms ago: executing program 0 (id=6): mmap$auto(0x0, 0x7, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x1, 0x0, 0x0) 804.332618ms ago: executing program 3 (id=4): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0xfffffffffffffffd, 0x810004, 0xe, 0x8000000008011, r0, 0x4) r1 = syz_open_procfs$namespace(0x0, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) bind$auto(r1, 0x0, 0x6a) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x35}}, 0x54) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) keyctl$auto(0x6, 0xfffffffffffffffd, 0xee01, 0x0, 0xfff) mremap$auto(0x0, 0xbfffffffffffffff, 0x401, 0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) preadv2$auto(r0, 0x0, 0x6, 0x3, 0x4, 0x2a) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) mprotect$auto(0x1000, 0x401000, 0x4) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/024/001\x00', 0xa901, 0x0) mmap$auto(0x0, 0x202000a, 0x5, 0xfffffffffffffffb, 0xfffffffffffffffa, 0x2) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) ioctl$auto_USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0) r3 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000080), 0x141501, 0x0) write$auto_split_huge_pages_fops_huge_memory(r3, &(0x7f0000000100)='1\x00'/11, 0xb) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) mmap$auto(0xc, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 605.897015ms ago: executing program 0 (id=7): socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xffffffffffffffff, 0x8000) ioctl$auto(0x3, 0x541b, 0x7f) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x13, 0x0, 0x25, 0x70bd25, 0x25dfdbfe, {}, [@CGROUPSTATS_CMD_ATTR_FD={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='r'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x200440c0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(r0, &(0x7f0000000080)={{0x0, 0x8001c01, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x7}, 0x3d55, 0x0) 391.514243ms ago: executing program 0 (id=8): socket(0x0, 0x3, 0x3a) ioctl$auto_RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000100)={0x1, 0x3, 0x9, 0x6, 0xfffff0d3, 0x2, 0x6, 0x6, 0xa}) madvise$auto(0x0, 0x7fffeffffffffffe, 0xa) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_ED_LEVEL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYRES16=r0, @ANYRES16=0x0, @ANYRESHEX=0x0], 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x40000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/pcm0c/sub7/sw_params\x00', 0x501000, 0x0) ioctl$auto(r1, 0x400c4d02, r1) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/open_files\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, 0x0, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r0, 0x0, 0x200008c0) madvise$auto(0x110c230000, 0x1, 0x9) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/prev\x00', 0x101002, 0x0) r3 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x68) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x80, 0x0, 0x8) prctl$auto(0x1000000003b, 0x1, 0x4, 0x7, 0x7) select$auto(0x8, 0x0, 0x0, 0x0, 0x0) io_setup$auto(0x5, 0x0) syz_clone(0x48142000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/platform/vhci_hcd.3/usb16/16-0:1.0/usb16-port5/disable\x00', 0x181942, 0x0) sendfile$auto(0xffffffffffffffff, r3, 0x0, 0x2000400000000006) socket(0x2, 0x801, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020209, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) 287.235034ms ago: executing program 2 (id=3): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0xfffffffffffffffd, 0x810004, 0xe, 0x8000000008011, r0, 0x4) r1 = syz_open_procfs$namespace(0x0, 0x0) io_uring_setup$auto(0x6, 0x0) bind$auto(r1, 0x0, 0x6a) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x35}}, 0x54) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) 206.218454ms ago: executing program 1 (id=9): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x1880, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$auto(0xc916, 0xfffffffffffffffb, 0x7fffffffffffffff, 0x10, 0xffffffffffffffff, 0xffffffffffffffff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/tty/ttyub/power/runtime_status\x00', 0x1a03c2, 0x0) sendfile$auto(r1, r1, 0x0, 0x2) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) sendfile$auto(r0, r2, 0x0, 0x213b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/ipvlan1/mcast_solicit\x00', 0x40400, 0x0) read$auto(r3, 0x0, 0x1ff) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000002340), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) listmount$auto(&(0x7f0000000080)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x8}, 0x0, 0xf4240, 0x1) lsm_set_self_attr$auto(0x9, 0x0, 0x80, 0x0) timer_settime$auto(0x0, 0x8, &(0x7f00000000c0)={{0x8}, {0x0, 0x87}}, 0x0) mmap$auto(0x1000003, 0x2, 0xd6, 0x96fe, 0x4, 0x300000000000) syz_clone(0x60011, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/fail-nth\x00', 0xc4640, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/bus/usb/drivers/ucan/bind\x00', 0x0, 0x0) read$auto(r5, 0x0, 0x20) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x5adc0, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) socket(0xa, 0x801, 0x84) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x7, 0xffb, 0x8000000008011, 0x3, 0x8000) semctl$auto(0x1000, 0x10, 0x9d06, 0x5) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) 0s ago: executing program 2 (id=10): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x7, 0xffb, 0x8000000008011, 0x3, 0x8000) semctl$auto(0x1000, 0x10, 0x3, 0x5) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x69) listen$auto(0x3, 0x81) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x6, 0x0, 0x7, 0x1}, 0x3}, 0x4, 0x20000000) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) close_range$auto(0x2, 0x8, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.75' (ED25519) to the list of known hosts. [ 78.448416][ T5614] cgroup: Unknown subsys name 'net' [ 78.563490][ T5614] cgroup: Unknown subsys name 'cpuset' [ 78.572655][ T5614] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 80.055375][ T5614] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.959127][ T5629] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.969025][ T5629] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.978948][ T5629] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.987723][ T5629] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.995607][ T5629] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.035867][ T4945] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.044898][ T4945] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.065638][ T5637] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.077176][ T5637] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.085298][ T4945] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.094479][ T4945] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.103960][ T4945] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.111119][ T5637] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.119424][ T5637] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.129371][ T5637] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.134230][ T5644] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.138326][ T5637] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.151728][ T5644] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.161024][ T5644] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.170461][ T5644] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.541630][ T5625] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.549574][ T5625] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.557942][ T5625] bridge_slave_0: entered allmulticast mode [ 83.565645][ T5625] bridge_slave_0: entered promiscuous mode [ 83.596607][ T5625] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.603843][ T5625] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.611604][ T5625] bridge_slave_1: entered allmulticast mode [ 83.618637][ T5625] bridge_slave_1: entered promiscuous mode [ 83.719278][ T5625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.762050][ T5625] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.840832][ T5625] team0: Port device team_slave_0 added [ 83.850290][ T5625] team0: Port device team_slave_1 added [ 83.885344][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.892465][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.918474][ T5625] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.948915][ T5625] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.958403][ T5625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.984835][ T5625] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.071649][ T5634] Bluetooth: hci0: command tx timeout [ 84.148973][ T5625] hsr_slave_0: entered promiscuous mode [ 84.155567][ T5625] hsr_slave_1: entered promiscuous mode [ 84.230871][ T5634] Bluetooth: hci2: command tx timeout [ 84.230881][ T50] Bluetooth: hci3: command tx timeout [ 84.231027][ T50] Bluetooth: hci1: command tx timeout [ 84.248601][ T5626] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.255991][ T5626] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.263331][ T5626] bridge_slave_0: entered allmulticast mode [ 84.270767][ T5626] bridge_slave_0: entered promiscuous mode [ 84.297699][ T5630] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.305064][ T5630] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.312537][ T5630] bridge_slave_0: entered allmulticast mode [ 84.319597][ T5630] bridge_slave_0: entered promiscuous mode [ 84.328466][ T5626] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.336072][ T5626] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.343495][ T5626] bridge_slave_1: entered allmulticast mode [ 84.350822][ T5626] bridge_slave_1: entered promiscuous mode [ 84.363315][ T5632] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.370544][ T5632] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.377733][ T5632] bridge_slave_0: entered allmulticast mode [ 84.385052][ T5632] bridge_slave_0: entered promiscuous mode [ 84.396590][ T5630] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.403872][ T5630] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.411811][ T5630] bridge_slave_1: entered allmulticast mode [ 84.418945][ T5630] bridge_slave_1: entered promiscuous mode [ 84.461046][ T5632] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.468161][ T5632] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.476033][ T5632] bridge_slave_1: entered allmulticast mode [ 84.483233][ T5632] bridge_slave_1: entered promiscuous mode [ 84.545967][ T5630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.562420][ T5626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.581124][ T5632] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.592493][ T5630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.617522][ T5626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.634800][ T5632] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.680885][ T5630] team0: Port device team_slave_0 added [ 84.715857][ T5630] team0: Port device team_slave_1 added [ 84.723410][ T5626] team0: Port device team_slave_0 added [ 84.736687][ T5632] team0: Port device team_slave_0 added [ 84.754895][ T5626] team0: Port device team_slave_1 added [ 84.772813][ T5632] team0: Port device team_slave_1 added [ 84.814560][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.821656][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.847866][ T5630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.886062][ T5630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.893229][ T5630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.919303][ T5630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.931062][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.938002][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.964966][ T5626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.977647][ T5626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.984646][ T5626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.010783][ T5626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.028585][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.035976][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.062407][ T5632] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.097496][ T5632] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.104701][ T5632] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.131683][ T5632] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.192817][ T5630] hsr_slave_0: entered promiscuous mode [ 85.200190][ T5630] hsr_slave_1: entered promiscuous mode [ 85.206300][ T5630] debugfs: 'hsr0' already exists in 'hsr' [ 85.212436][ T5630] Cannot create hsr debugfs directory [ 85.254254][ T5632] hsr_slave_0: entered promiscuous mode [ 85.260654][ T5632] hsr_slave_1: entered promiscuous mode [ 85.266719][ T5632] debugfs: 'hsr0' already exists in 'hsr' [ 85.272621][ T5632] Cannot create hsr debugfs directory [ 85.321836][ T5626] hsr_slave_0: entered promiscuous mode [ 85.328142][ T5626] hsr_slave_1: entered promiscuous mode [ 85.334437][ T5626] debugfs: 'hsr0' already exists in 'hsr' [ 85.340331][ T5626] Cannot create hsr debugfs directory [ 85.509041][ T5625] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.522697][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.566723][ T5625] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.576888][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.613369][ T5625] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.623325][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.657767][ T5625] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.671871][ T5625] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.835174][ T5630] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 85.845608][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.859291][ T5630] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 85.869155][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.883526][ T5630] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 85.894837][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.915840][ T5630] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 85.926305][ T5630] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 86.016904][ T5626] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.026822][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 86.042493][ T5626] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 86.053206][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 86.061429][ T5626] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.073501][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 86.081830][ T5626] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 86.091785][ T5626] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 86.150014][ T50] Bluetooth: hci0: command tx timeout [ 86.163157][ T5625] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.206511][ T5632] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 86.216357][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 86.225436][ T5632] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.237009][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 86.252433][ T5632] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.262913][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 86.271789][ T5632] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.282321][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 86.306917][ T5625] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.310317][ T50] Bluetooth: hci2: command tx timeout [ 86.314009][ T5644] Bluetooth: hci3: command tx timeout [ 86.319493][ T5634] Bluetooth: hci1: command tx timeout [ 86.358992][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.366776][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.397116][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.404260][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.470845][ T5630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.535322][ T5630] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.571901][ T5626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.581339][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.588445][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.620785][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.628158][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.682156][ T5626] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.740023][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.747219][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.759341][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.779325][ T152] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.786550][ T152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.844282][ T5632] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.888189][ T152] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.895405][ T152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.945271][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.952497][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.041556][ T809] cfg80211: failed to load regulatory.db [ 87.554973][ T5625] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.694213][ T5625] veth0_vlan: entered promiscuous mode [ 87.732857][ T5625] veth1_vlan: entered promiscuous mode [ 87.825211][ T5625] veth0_macvtap: entered promiscuous mode [ 87.858869][ T5625] veth1_macvtap: entered promiscuous mode [ 87.894302][ T5630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.971830][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.005325][ T5625] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.041962][ T5626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.073368][ T116] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.082823][ T116] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.104573][ T116] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.113738][ T116] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.145283][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.162875][ T5630] veth0_vlan: entered promiscuous mode [ 88.228657][ T5630] veth1_vlan: entered promiscuous mode [ 88.234377][ T5634] Bluetooth: hci0: command tx timeout [ 88.276255][ T5626] veth0_vlan: entered promiscuous mode [ 88.299398][ T3029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.310483][ T3029] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.348486][ T5630] veth0_macvtap: entered promiscuous mode [ 88.367932][ T5626] veth1_vlan: entered promiscuous mode [ 88.392199][ T50] Bluetooth: hci2: command tx timeout [ 88.397948][ T5634] Bluetooth: hci1: command tx timeout [ 88.400172][ T5644] Bluetooth: hci3: command tx timeout [ 88.404171][ T5630] veth1_macvtap: entered promiscuous mode [ 88.429184][ T152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.439599][ T152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.464736][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.479176][ T5632] veth0_vlan: entered promiscuous mode [ 88.514854][ T5630] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.535646][ T5625] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 88.545145][ T5632] veth1_vlan: entered promiscuous mode [ 88.558317][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.567502][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.582276][ T5626] veth0_macvtap: entered promiscuous mode [ 88.594370][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.617665][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.628788][ T5626] veth1_macvtap: entered promiscuous mode [ 88.740345][ T5781] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 88.774537][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.802092][ T5626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.810798][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.832422][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.841682][ T5632] veth0_macvtap: entered promiscuous mode [ 88.850588][ T3029] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.861562][ T3029] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.884753][ T3029] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.894415][ T3029] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.906741][ T5781] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.916463][ T5632] veth1_macvtap: entered promiscuous mode [ 88.949062][ T3029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.961682][ T3029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.054653][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.179562][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.236466][ T152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.245825][ T1025] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.254555][ T152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.286024][ T1025] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.331242][ T1025] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.352419][ T1025] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.426776][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.450452][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.861554][ T1025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.889038][ T1025] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.019430][ T5798] netlink: 86 bytes leftover after parsing attributes in process `syz.0.7'. [ 90.031534][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.049279][ T5798] Zero length message leads to an empty skb [ 90.057949][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.311061][ T5644] Bluetooth: hci0: command tx timeout [ 90.470388][ T5644] Bluetooth: hci3: command tx timeout [ 90.476517][ T50] Bluetooth: hci2: command tx timeout [ 90.476531][ T5634] Bluetooth: hci1: command tx timeout [ 90.900766][ T5810] [ 90.903131][ T5810] ====================================================== [ 90.910159][ T5810] WARNING: possible circular locking dependency detected [ 90.917195][ T5810] syzkaller #0 Not tainted [ 90.921628][ T5810] ------------------------------------------------------ [ 90.928664][ T5810] syz.2.10/5810 is trying to acquire lock: [ 90.934490][ T5810] ffff88802d642fe8 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0x4ca/0xcb0 [ 90.946028][ T5810] [ 90.946028][ T5810] but task is already holding lock: [ 90.953407][ T5810] ffff8880360f0ee0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 90.962521][ T5810] [ 90.962521][ T5810] which lock already depends on the new lock. [ 90.962521][ T5810] [ 90.973021][ T5810] [ 90.973021][ T5810] the existing dependency chain (in reverse order) is: [ 90.982055][ T5810] [ 90.982055][ T5810] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 90.989844][ T5810] lock_sock_nested+0x41/0xf0 [ 90.995072][ T5810] smc_listen_out+0x1f5/0x4b0 [ 91.000405][ T5810] smc_listen_work+0x4c2/0x50e0 [ 91.006085][ T5810] process_one_work+0xa0e/0x1980 [ 91.011550][ T5810] worker_thread+0x5ef/0xe50 [ 91.016663][ T5810] kthread+0x370/0x450 [ 91.021261][ T5810] ret_from_fork+0x72b/0xd50 [ 91.026498][ T5810] ret_from_fork_asm+0x1a/0x30 [ 91.031818][ T5810] [ 91.031818][ T5810] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 91.042012][ T5810] __lock_acquire+0x14b8/0x2630 [ 91.047402][ T5810] lock_acquire+0x1b1/0x370 [ 91.052439][ T5810] __flush_work+0x4de/0xcb0 [ 91.057481][ T5810] cancel_work_sync+0xd1/0xf0 [ 91.062692][ T5810] smc_clcsock_release+0x5f/0xe0 [ 91.068171][ T5810] __smc_release+0x5c2/0x880 [ 91.073296][ T5810] smc_close_non_accepted+0xda/0x200 [ 91.079124][ T5810] smc_close_active+0x4ff/0x1070 [ 91.084687][ T5810] __smc_release+0x634/0x880 [ 91.089806][ T5810] smc_release+0x1fc/0x620 [ 91.094758][ T5810] __sock_release+0xb3/0x260 [ 91.099894][ T5810] sock_close+0x1c/0x30 [ 91.104579][ T5810] __fput+0x3ff/0xb50 [ 91.109106][ T5810] task_work_run+0x150/0x240 [ 91.114221][ T5810] exit_to_user_mode_loop+0x107/0x4f0 [ 91.120124][ T5810] do_syscall_64+0x6f2/0x830 [ 91.125234][ T5810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.131652][ T5810] [ 91.131652][ T5810] other info that might help us debug this: [ 91.131652][ T5810] [ 91.141900][ T5810] Possible unsafe locking scenario: [ 91.141900][ T5810] [ 91.149343][ T5810] CPU0 CPU1 [ 91.154700][ T5810] ---- ---- [ 91.160062][ T5810] lock(sk_lock-AF_SMC/1); [ 91.164582][ T5810] lock((work_completion)(&new_smc->smc_listen_work)); [ 91.174039][ T5810] lock(sk_lock-AF_SMC/1); [ 91.181075][ T5810] lock((work_completion)(&new_smc->smc_listen_work)); [ 91.188020][ T5810] [ 91.188020][ T5810] *** DEADLOCK *** [ 91.188020][ T5810] [ 91.196154][ T5810] 3 locks held by syz.2.10/5810: [ 91.201086][ T5810] #0: ffff88805b17d040 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 91.211668][ T5810] #1: ffff8880360f0ee0 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a5/0x620 [ 91.221221][ T5810] #2: ffffffff8e7e5420 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xfd/0xcb0 [ 91.230391][ T5810] [ 91.230391][ T5810] stack backtrace: [ 91.236295][ T5810] CPU: 1 UID: 0 PID: 5810 Comm: syz.2.10 Not tainted syzkaller #0 PREEMPT(full) [ 91.236330][ T5810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 91.236349][ T5810] Call Trace: [ 91.236357][ T5810] [ 91.236366][ T5810] dump_stack_lvl+0x100/0x190 [ 91.236400][ T5810] print_circular_bug.cold+0x178/0x1c7 [ 91.236444][ T5810] check_noncircular+0x146/0x160 [ 91.236489][ T5810] __lock_acquire+0x14b8/0x2630 [ 91.236520][ T5810] lock_acquire+0x1b1/0x370 [ 91.236544][ T5810] ? __flush_work+0x4ca/0xcb0 [ 91.236574][ T5810] ? __flush_work+0x4ca/0xcb0 [ 91.236601][ T5810] __flush_work+0x4de/0xcb0 [ 91.236628][ T5810] ? __flush_work+0x4ca/0xcb0 [ 91.236657][ T5810] ? __pfx___flush_work+0x10/0x10 [ 91.236686][ T5810] ? __pfx_wq_barrier_func+0x10/0x10 [ 91.236727][ T5810] ? __pfx___might_resched+0x10/0x10 [ 91.236761][ T5810] cancel_work_sync+0xd1/0xf0 [ 91.236794][ T5810] smc_clcsock_release+0x5f/0xe0 [ 91.236833][ T5810] __smc_release+0x5c2/0x880 [ 91.236869][ T5810] ? __pfx_sock_def_readable+0x10/0x10 [ 91.236899][ T5810] smc_close_non_accepted+0xda/0x200 [ 91.236938][ T5810] smc_close_active+0x4ff/0x1070 [ 91.236978][ T5810] __smc_release+0x634/0x880 [ 91.237014][ T5810] smc_release+0x1fc/0x620 [ 91.237049][ T5810] __sock_release+0xb3/0x260 [ 91.237087][ T5810] ? __pfx_sock_close+0x10/0x10 [ 91.237120][ T5810] sock_close+0x1c/0x30 [ 91.237151][ T5810] __fput+0x3ff/0xb50 [ 91.237188][ T5810] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.237227][ T5810] task_work_run+0x150/0x240 [ 91.237254][ T5810] ? __pfx_task_work_run+0x10/0x10 [ 91.237282][ T5810] ? rcu_is_watching+0x12/0xc0 [ 91.237316][ T5810] exit_to_user_mode_loop+0x107/0x4f0 [ 91.237342][ T5810] ? rcu_is_watching+0x12/0xc0 [ 91.237374][ T5810] do_syscall_64+0x6f2/0x830 [ 91.237398][ T5810] ? clear_bhb_loop+0x40/0x90 [ 91.237428][ T5810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.237456][ T5810] RIP: 0033:0x7f754bf9ce59 [ 91.237482][ T5810] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 91.237508][ T5810] RSP: 002b:00007f754cd98028 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 91.237533][ T5810] RAX: 0000000000000001 RBX: 00007f754c215fa0 RCX: 00007f754bf9ce59 [ 91.237551][ T5810] RDX: 0000000000000400 RSI: 0000000000000005 RDI: 0000200000000d40 [ 91.237571][ T5810] RBP: 00007f754c032d6f R08: 0000000000000000 R09: 0000000000000000 [ 91.237588][ T5810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.237604][ T5810] R13: 00007f754c216038 R14: 00007f754c215fa0 R15: 00007ffcff733e78 [ 91.237629][ T5810]