last executing test programs: 613.705646ms ago: executing program 1 (id=2): socket$inet6_tcp(0xa, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000b40)='net/dev_snmp6\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)) epoll_create1(0x80000) socket$inet6_sctp(0xa, 0x801, 0x84) socket$inet6_udp(0xa, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x500, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r0, 0x0, 0x3}) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 606.079694ms ago: executing program 2 (id=3): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup(r2) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x80, 0x28, 0x4ee4e6a52ff56541, 0x4000, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x8}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x8001, 0x314f, 0x40401, 0x6, 0xaa3c}, 0x3, 0x1, 0x6, 0x3, 0x7, 0x13, 0x11, 0xc, 0x6, 0x7f, {0x6, 0x407c, 0x1, 0x4, 0x2b72, 0x2}}}}, @TCA_RATE={0x6, 0x5, {0x6, 0x5}}]}, 0x80}, 0x1, 0x0, 0x0, 0x400dc}, 0x20000010) 465.889759ms ago: executing program 1 (id=5): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 465.76933ms ago: executing program 1 (id=6): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000a40)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4$alg(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f00000003c0), 0x492492492492642, 0x4000041) read$alg(r1, &(0x7f0000000680)=""/29, 0x1d) 446.81229ms ago: executing program 3 (id=4): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x6000}}) syz_fuse_handle_req(r1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 367.510362ms ago: executing program 1 (id=7): r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) setrlimit(0x40000000000008, &(0x7f0000000000)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x3fd4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0) socket$inet6(0x10, 0x3, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) ioperm(0xa, 0x1, 0xffff) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) mlockall(0x7) 367.343642ms ago: executing program 0 (id=1): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001880)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x17, 0xf, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000fdff6a30000000000300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000b5000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000000000885000000ba000000b70002000000000095"], &(0x7f0000000140)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) 367.164113ms ago: executing program 2 (id=8): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000300)={@cgroup=r1, 0x12, 0x0, 0xfffffffe, &(0x7f0000000100)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) 290.261696ms ago: executing program 0 (id=9): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000020000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x56, &(0x7f00000000c0)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20000c}], 0x1) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setregset(0x4205, r3, 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 290.084945ms ago: executing program 2 (id=10): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x485, 0x0, 0x8}]}) 153.708838ms ago: executing program 2 (id=11): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=ANY=[@ANYBLOB="440000002000010027bd7000000000000a000040000000000000e9ff1300030076"], 0x44}, 0x1, 0x0, 0x0, 0x24040804}, 0x4008000) 88.937768ms ago: executing program 0 (id=12): unshare(0x2a060400) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000140)={0x18, r1, 0x0, 0x0, 0x0}) 88.743588ms ago: executing program 1 (id=13): r0 = syz_open_dev$loop(&(0x7f0000000500), 0xee8, 0x5042) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_debug_messages', 0x20940, 0x1d6) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000140)={r1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x5, 0xc, "c44ef9682a689185ff07ec0f9eddd770e010a8b62022fd106fa715e63fee8ab07f3c19ed0c04afcaba06f6d9584488da0162d4cc7030ec4f7b9ab89b3e192e4a", "8bc975aabbbbe9e4cbb0e98d43a12e12538b330e6fe3bce73919393417abdc6c58f0abd4f0c29b3c71757f74bc429c808f46e9cda4584203143a0b9705fb16b6", "666f1d5f5c43005b310134ce9a6d0369862b72c1f9f4980a2346c4dd62ad8050", [0x6, 0x61fe]}}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 88.607861ms ago: executing program 2 (id=14): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20008091}, 0x4000000) write$binfmt_aout(r0, &(0x7f0000000100)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0xe808, 0x40000009, 0xfffffffd, 0x83, "00000000000000000000ffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000003f80)={0x2020}, 0x2020) read$FUSE(r2, &(0x7f0000000b80)={0x2020}, 0x2020) 153.419µs ago: executing program 0 (id=15): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x58, 0x0}, 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={r3, r2, 0x15, 0x0, @void}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r4, 0x6, 0xb, 0x0, &(0x7f0000000140)) 0s ago: executing program 0 (id=16): setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x7, 0x4, 0x438, 0x240, 0x240, 0x0, 0x350, 0x370, 0x350, 0x4, 0x0, {[{{@arp={@private, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_to_batadv\x00', 'batadv0\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "bc2e329885ea3654891fbae8c6c66e07212432bde429bcda7deb48d85c6f5e269c2021c8f8dc09af0b3f2e10e8ac79cc67e264613c4be6838ee2daacf7926a6e"}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @rand_addr, @broadcast}}}, {{@arp={@private, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0\x00', 'veth0_to_bond\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x488) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000600)=ANY=[], 0x8) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:61371' (ED25519) to the list of known hosts. [ 46.344417][ T40] audit: type=1400 audit(1771758725.521:62): avc: denied { name_bind } for pid=5833 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 46.379445][ T40] audit: type=1400 audit(1771758725.561:63): avc: denied { execute } for pid=5834 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 46.388585][ T40] audit: type=1400 audit(1771758725.561:64): avc: denied { execute_no_trans } for pid=5834 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 48.936853][ T40] audit: type=1400 audit(1771758728.111:65): avc: denied { mounton } for pid=5834 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 48.945785][ T40] audit: type=1400 audit(1771758728.121:66): avc: denied { mount } for pid=5834 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 48.947894][ T5834] cgroup: Unknown subsys name 'net' [ 48.957809][ T40] audit: type=1400 audit(1771758728.141:67): avc: denied { unmount } for pid=5834 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 49.073122][ T5834] cgroup: Unknown subsys name 'cpuset' [ 49.079386][ T5834] cgroup: Unknown subsys name 'rlimit' [ 49.198418][ T40] audit: type=1400 audit(1771758728.381:68): avc: denied { setattr } for pid=5834 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 49.205873][ T40] audit: type=1400 audit(1771758728.381:69): avc: denied { create } for pid=5834 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.212836][ T40] audit: type=1400 audit(1771758728.381:70): avc: denied { write } for pid=5834 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.220096][ T40] audit: type=1400 audit(1771758728.381:71): avc: denied { read } for pid=5834 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.226520][ T40] audit: type=1400 audit(1771758728.391:72): avc: denied { mounton } for pid=5834 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 49.237114][ T40] audit: type=1400 audit(1771758728.391:73): avc: denied { mount } for pid=5834 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 49.244617][ T40] audit: type=1400 audit(1771758728.391:74): avc: denied { read } for pid=5636 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 49.248617][ T5891] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 49.938657][ T5834] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.910190][ T5933] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.913806][ T5933] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.916866][ T5938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.917812][ T5933] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.918354][ T5939] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.918652][ T5939] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.920699][ T5940] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.920731][ T5941] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.921036][ T5941] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.921391][ T5941] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.921695][ T5941] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.922793][ T5933] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.925358][ T5939] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.928523][ T5933] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.930916][ T5940] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.945799][ T5933] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.948469][ T5939] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.953337][ T5284] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.955436][ T5939] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.977481][ T5939] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 54.116640][ T40] kauditd_printk_skb: 21 callbacks suppressed [ 54.116651][ T40] audit: type=1400 audit(1771758733.291:96): avc: denied { module_request } for pid=5924 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 54.145537][ T5924] chnl_net:caif_netlink_parms(): no params data found [ 54.253881][ T5923] chnl_net:caif_netlink_parms(): no params data found [ 54.346202][ T5924] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.349271][ T5924] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.351653][ T5924] bridge_slave_0: entered allmulticast mode [ 54.354545][ T5924] bridge_slave_0: entered promiscuous mode [ 54.369783][ T5932] chnl_net:caif_netlink_parms(): no params data found [ 54.379450][ T5922] chnl_net:caif_netlink_parms(): no params data found [ 54.387508][ T5924] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.390413][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.392740][ T5924] bridge_slave_1: entered allmulticast mode [ 54.395392][ T5924] bridge_slave_1: entered promiscuous mode [ 54.444441][ T5924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.475744][ T5923] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.478250][ T5923] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.480637][ T5923] bridge_slave_0: entered allmulticast mode [ 54.484430][ T5923] bridge_slave_0: entered promiscuous mode [ 54.491277][ T5924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.524757][ T5923] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.528340][ T5923] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.531516][ T5923] bridge_slave_1: entered allmulticast mode [ 54.534265][ T5923] bridge_slave_1: entered promiscuous mode [ 54.583813][ T5924] team0: Port device team_slave_0 added [ 54.598188][ T5924] team0: Port device team_slave_1 added [ 54.642049][ T5923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.646017][ T5922] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.649194][ T5922] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.652363][ T5922] bridge_slave_0: entered allmulticast mode [ 54.656388][ T5922] bridge_slave_0: entered promiscuous mode [ 54.661849][ T5922] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.664967][ T5922] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.668545][ T5922] bridge_slave_1: entered allmulticast mode [ 54.672614][ T5922] bridge_slave_1: entered promiscuous mode [ 54.688238][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.691338][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.701686][ T5924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.706937][ T5923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.726442][ T5932] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.728979][ T5932] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.731297][ T5932] bridge_slave_0: entered allmulticast mode [ 54.733917][ T5932] bridge_slave_0: entered promiscuous mode [ 54.737546][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.740437][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.749121][ T5924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.774779][ T5932] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.777312][ T5932] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.779681][ T5932] bridge_slave_1: entered allmulticast mode [ 54.782643][ T5932] bridge_slave_1: entered promiscuous mode [ 54.786714][ T5922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.792774][ T5922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.797274][ T5923] team0: Port device team_slave_0 added [ 54.821107][ T5932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.826278][ T5923] team0: Port device team_slave_1 added [ 54.858914][ T5932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.878048][ T5922] team0: Port device team_slave_0 added [ 54.885472][ T5924] hsr_slave_0: entered promiscuous mode [ 54.888529][ T5924] hsr_slave_1: entered promiscuous mode [ 54.907775][ T5922] team0: Port device team_slave_1 added [ 54.921265][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.924095][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.934003][ T5923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.939701][ T5932] team0: Port device team_slave_0 added [ 54.943635][ T5932] team0: Port device team_slave_1 added [ 54.958080][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.960709][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.970594][ T5923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.996029][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.999363][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.010356][ T5922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.021628][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.023920][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.032632][ T5922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.043762][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.046681][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.055761][ T5932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.081540][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.084678][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 55.095768][ T5932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.163344][ T5923] hsr_slave_0: entered promiscuous mode [ 55.165764][ T5923] hsr_slave_1: entered promiscuous mode [ 55.168361][ T5923] debugfs: 'hsr0' already exists in 'hsr' [ 55.170303][ T5923] Cannot create hsr debugfs directory [ 55.187945][ T5932] hsr_slave_0: entered promiscuous mode [ 55.190108][ T5932] hsr_slave_1: entered promiscuous mode [ 55.192148][ T5932] debugfs: 'hsr0' already exists in 'hsr' [ 55.193775][ T5932] Cannot create hsr debugfs directory [ 55.226035][ T5922] hsr_slave_0: entered promiscuous mode [ 55.235022][ T5922] hsr_slave_1: entered promiscuous mode [ 55.238381][ T5922] debugfs: 'hsr0' already exists in 'hsr' [ 55.241035][ T5922] Cannot create hsr debugfs directory [ 55.497042][ T5924] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.508599][ T5924] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.515195][ T5924] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.521630][ T5924] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.564469][ T5923] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 55.570835][ T5923] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 55.580359][ T5923] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 55.592380][ T5923] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.655750][ T5932] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.662684][ T5932] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.686046][ T5932] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.715241][ T5924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.719979][ T5932] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.733596][ T5922] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.738172][ T5922] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.742226][ T5922] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.747736][ T5922] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.771606][ T5924] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.792130][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.795750][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.806328][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.809772][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.831855][ T5923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.863563][ T5923] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.872767][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.875201][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.882894][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.885269][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.908490][ T40] audit: type=1400 audit(1771758735.091:97): avc: denied { sys_module } for pid=5924 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 55.922286][ T5922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.940122][ T5932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.945973][ T5922] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.951493][ T5934] Bluetooth: hci2: command tx timeout [ 55.971045][ T1188] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.973952][ T1188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.980098][ T5932] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.984846][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.987749][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.994680][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.997017][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.013985][ T1188] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.016489][ T1188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.026506][ T5924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.029038][ T5934] Bluetooth: hci1: command tx timeout [ 56.029055][ T5939] Bluetooth: hci0: command tx timeout [ 56.037160][ T5939] Bluetooth: hci3: command tx timeout [ 56.090781][ T5923] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.128755][ T5924] veth0_vlan: entered promiscuous mode [ 56.145146][ T5924] veth1_vlan: entered promiscuous mode [ 56.171592][ T5923] veth0_vlan: entered promiscuous mode [ 56.179305][ T5923] veth1_vlan: entered promiscuous mode [ 56.210725][ T5924] veth0_macvtap: entered promiscuous mode [ 56.222138][ T5923] veth0_macvtap: entered promiscuous mode [ 56.230701][ T5924] veth1_macvtap: entered promiscuous mode [ 56.240474][ T5932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.244518][ T5923] veth1_macvtap: entered promiscuous mode [ 56.253381][ T5922] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.266257][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.272247][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.287363][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.291285][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.295931][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.301020][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.306888][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.314602][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.322757][ T1188] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.327417][ T1188] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.330364][ T1188] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.341660][ T1188] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.363001][ T5932] veth0_vlan: entered promiscuous mode [ 56.374419][ T5922] veth0_vlan: entered promiscuous mode [ 56.390978][ T5932] veth1_vlan: entered promiscuous mode [ 56.411901][ T5922] veth1_vlan: entered promiscuous mode [ 56.422889][ T5932] veth0_macvtap: entered promiscuous mode [ 56.438719][ T5932] veth1_macvtap: entered promiscuous mode [ 56.442310][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.444961][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.474716][ T5922] veth0_macvtap: entered promiscuous mode [ 56.485030][ T5922] veth1_macvtap: entered promiscuous mode [ 56.489970][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.492549][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.495144][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.515934][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.516583][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.520384][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.525089][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.528667][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.536880][ T40] audit: type=1400 audit(1771758735.721:98): avc: denied { mount } for pid=5923 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 56.539808][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.547340][ T40] audit: type=1400 audit(1771758735.731:99): avc: denied { mounton } for pid=5923 comm="syz-executor" path="/syzkaller.apFRRZ/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 56.554821][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.558025][ T40] audit: type=1400 audit(1771758735.731:100): avc: denied { mount } for pid=5923 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 56.561433][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.570581][ T40] audit: type=1400 audit(1771758735.731:101): avc: denied { mounton } for pid=5923 comm="syz-executor" path="/syzkaller.apFRRZ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 56.588746][ T40] audit: type=1400 audit(1771758735.731:103): avc: denied { mounton } for pid=5923 comm="syz-executor" path="/syzkaller.apFRRZ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=8461 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 56.599392][ T40] audit: type=1400 audit(1771758735.731:102): avc: denied { mounton } for pid=5924 comm="syz-executor" path="/syzkaller.FTUl8g/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=9801 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 56.604436][ T5923] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.611046][ T40] audit: type=1400 audit(1771758735.731:104): avc: denied { unmount } for pid=5923 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 56.614988][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.616669][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.623925][ T40] audit: type=1400 audit(1771758735.761:105): avc: denied { mounton } for pid=5923 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 56.626781][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.647090][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.650474][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.678960][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.687549][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.730846][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.734296][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.746158][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.765941][ T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.766171][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.769844][ T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.803560][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.806867][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.828782][ T6023] trusted_key: syz.1.6 sent an empty control message without MSG_MORE. [ 57.144913][ T6040] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11'. [ 57.180522][ T6044] loop6: detected capacity change from 0 to 8 [ 57.379968][ T6044] Dev loop6: unable to read RDB block 8 [ 57.380734][ T6047] [ 57.382859][ T6044] loop6: unable to read partition table [ 57.383668][ T6047] ====================================================== [ 57.383674][ T6047] WARNING: possible circular locking dependency detected [ 57.386278][ T6044] loop6: partition table beyond EOD, [ 57.388571][ T6047] syzkaller #0 Not tainted [ 57.388585][ T6047] ------------------------------------------------------ [ 57.388590][ T6047] syz.1.13/6047 is trying to acquire lock: [ 57.388600][ T6047] ffff88801caf6a20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 57.388652][ T6047] [ 57.388652][ T6047] but task is already holding lock: [ 57.388658][ T6047] ffff888028b71cf8 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 57.388706][ T6047] [ 57.388706][ T6047] which lock already depends on the new lock. [ 57.388706][ T6047] [ 57.388710][ T6047] [ 57.388710][ T6047] the existing dependency chain (in reverse order) is: [ 57.388713][ T6047] [ 57.388713][ T6047] -> #2 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 57.388732][ T6047] blk_alloc_queue+0x610/0x790 [ 57.388747][ T6047] blk_mq_alloc_queue+0x174/0x290 [ 57.388757][ T6047] __blk_mq_alloc_disk+0x29/0x120 [ 57.388767][ T6047] loop_add+0x498/0xb60 [ 57.388786][ T6047] loop_init+0x1d3/0x200 [ 57.388797][ T6047] do_one_initcall+0x11d/0x760 [ 57.388810][ T6047] kernel_init_freeable+0x6e5/0x7a0 [ 57.388822][ T6047] kernel_init+0x1f/0x1e0 [ 57.388836][ T6047] ret_from_fork+0x754/0xd80 [ 57.388846][ T6047] ret_from_fork_asm+0x1a/0x30 [ 57.388857][ T6047] [ 57.388857][ T6047] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 57.388872][ T6047] fs_reclaim_acquire+0xc4/0x100 [ 57.388881][ T6047] kmem_cache_alloc_noprof+0x4c/0x6e0 [ 57.396770][ T6044] truncated [ 57.397632][ T6047] __kernfs_iattrs+0x126/0x400 [ 57.397652][ T6047] __kernfs_setattr+0x4d/0x3c0 [ 57.397679][ T6047] kernfs_iop_setattr+0xda/0x130 [ 57.397693][ T6047] notify_change+0xb25/0x1330 [ 57.397706][ T6047] do_truncate+0x1df/0x240 [ 57.397723][ T6047] path_openat+0x2a55/0x31a0 [ 57.397732][ T6047] do_file_open+0x20e/0x430 [ 57.400544][ T6044] loop_reread_partitions: partition scan of loop6 (ÄNùh*h‘…ÿìžÝ×pਸ਼ "ýo§æ?<í ¯ÊºöÙXDˆÚbÔÌp0ìO{š¸›>.) failed (rc=-5) [ 57.403245][ T6047] do_sys_openat2+0x10d/0x1e0 [ 57.463158][ T6047] __x64_sys_openat+0x12d/0x210 [ 57.465391][ T6047] do_syscall_64+0x106/0xf80 [ 57.467628][ T6047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.469712][ T6047] [ 57.469712][ T6047] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 57.472477][ T6047] __lock_acquire+0x14b8/0x2630 [ 57.474268][ T6047] lock_acquire+0x1cf/0x380 [ 57.475904][ T6047] down_read+0x99/0x460 [ 57.477430][ T6047] kernfs_iop_getattr+0x9c/0xf0 [ 57.479200][ T6047] vfs_getattr_nosec+0x2d4/0x430 [ 57.480957][ T6047] vfs_getattr+0x4a/0x60 [ 57.482523][ T6047] loop_query_min_dio_size.isra.0+0x117/0x250 [ 57.484672][ T6047] lo_ioctl+0x13aa/0x1bc0 [ 57.486269][ T6047] blkdev_ioctl+0x5ad/0x6f0 [ 57.487909][ T6047] __x64_sys_ioctl+0x18e/0x210 [ 57.489639][ T6047] do_syscall_64+0x106/0xf80 [ 57.491305][ T6047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.493365][ T6047] [ 57.493365][ T6047] other info that might help us debug this: [ 57.493365][ T6047] [ 57.496704][ T6047] Chain exists of: [ 57.496704][ T6047] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#23 [ 57.496704][ T6047] [ 57.501430][ T6047] Possible unsafe locking scenario: [ 57.501430][ T6047] [ 57.503850][ T6047] CPU0 CPU1 [ 57.505640][ T6047] ---- ---- [ 57.507379][ T6047] lock(&q->q_usage_counter(io)#23); [ 57.509150][ T6047] lock(fs_reclaim); [ 57.511246][ T6047] lock(&q->q_usage_counter(io)#23); [ 57.513763][ T6047] rlock(&root->kernfs_iattr_rwsem); [ 57.515527][ T6047] [ 57.515527][ T6047] *** DEADLOCK *** [ 57.515527][ T6047] [ 57.518205][ T6047] 3 locks held by syz.1.13/6047: [ 57.519806][ T6047] #0: ffff8880290f0448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 57.523306][ T6047] #1: ffff888028b71cf8 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 57.527124][ T6047] #2: ffff888028b71d30 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 57.530916][ T6047] [ 57.530916][ T6047] stack backtrace: [ 57.532808][ T6047] CPU: 2 UID: 0 PID: 6047 Comm: syz.1.13 Not tainted syzkaller #0 PREEMPT(full) [ 57.532821][ T6047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 57.532827][ T6047] Call Trace: [ 57.532831][ T6047] [ 57.532836][ T6047] dump_stack_lvl+0x100/0x190 [ 57.532854][ T6047] print_circular_bug.cold+0x178/0x1c7 [ 57.532871][ T6047] check_noncircular+0x146/0x160 [ 57.532889][ T6047] __lock_acquire+0x14b8/0x2630 [ 57.532907][ T6047] lock_acquire+0x1cf/0x380 [ 57.532922][ T6047] ? kernfs_iop_getattr+0x9c/0xf0 [ 57.532936][ T6047] ? __pfx___might_resched+0x10/0x10 [ 57.532949][ T6047] down_read+0x99/0x460 [ 57.532960][ T6047] ? kernfs_iop_getattr+0x9c/0xf0 [ 57.532974][ T6047] ? find_held_lock+0x2b/0x80 [ 57.532986][ T6047] ? __pfx_down_read+0x10/0x10 [ 57.532997][ T6047] ? kernfs_root+0xee/0x2a0 [ 57.533011][ T6047] kernfs_iop_getattr+0x9c/0xf0 [ 57.533025][ T6047] vfs_getattr_nosec+0x2d4/0x430 [ 57.533035][ T6047] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 57.533050][ T6047] vfs_getattr+0x4a/0x60 [ 57.533059][ T6047] loop_query_min_dio_size.isra.0+0x117/0x250 [ 57.533076][ T6047] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 57.533096][ T6047] lo_ioctl+0x13aa/0x1bc0 [ 57.533112][ T6047] ? __pfx_lo_ioctl+0x10/0x10 [ 57.533127][ T6047] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 57.533142][ T6047] ? kasan_quarantine_put+0x104/0x240 [ 57.533156][ T6047] ? blk_get_meta_cap+0xd4/0x6c0 [ 57.533171][ T6047] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 57.533188][ T6047] ? blkdev_common_ioctl+0x515/0x2ba0 [ 57.533205][ T6047] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 57.533223][ T6047] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 57.533237][ T6047] ? do_vfs_ioctl+0x226/0x13e0 [ 57.533251][ T6047] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 57.533264][ T6047] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 57.533278][ T6047] ? __fget_files+0x215/0x3d0 [ 57.533287][ T6047] ? __pfx_lo_ioctl+0x10/0x10 [ 57.533302][ T6047] blkdev_ioctl+0x5ad/0x6f0 [ 57.533311][ T6047] ? __pfx_blkdev_ioctl+0x10/0x10 [ 57.533326][ T6047] ? selinux_file_ioctl+0x139/0x290 [ 57.533336][ T6047] ? selinux_file_ioctl+0xb4/0x290 [ 57.533347][ T6047] ? __pfx_blkdev_ioctl+0x10/0x10 [ 57.533363][ T6047] __x64_sys_ioctl+0x18e/0x210 [ 57.533377][ T6047] do_syscall_64+0x106/0xf80 [ 57.533387][ T6047] ? clear_bhb_loop+0x40/0x90 [ 57.533398][ T6047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.533408][ T6047] RIP: 0033:0x7f20ec59c629 [ 57.533417][ T6047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 57.533426][ T6047] RSP: 002b:00007f20ed498028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.533436][ T6047] RAX: ffffffffffffffda RBX: 00007f20ec816090 RCX: 00007f20ec59c629 [ 57.533443][ T6047] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003 [ 57.533448][ T6047] RBP: 00007f20ec632b39 R08: 0000000000000000 R09: 0000000000000000 [ 57.533454][ T6047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.533460][ T6047] R13: 00007f20ec816128 R14: 00007f20ec816090 R15: 00007fffb0bad198 [ 57.533468][ T6047] [ 57.721088][ T5942] Dev loop6: unable to read RDB block 8 [ 57.723115][ T5942] loop6: unable to read partition table [ 57.725036][ T5942] loop6: partition table beyond EOD, truncated [ 57.814148][ T6047] Dev loop6: unable to read RDB block 8 [ 57.816043][ T6047] loop6: unable to read partition table [ 57.818468][ T6047] loop6: partition table beyond EOD, truncated [ 57.820498][ T6047] loop_reread_partitions: partition scan of loop6 (ÄNùh*h‘…ÿìžÝ×pਸ਼ "ýo§æ?<í ¯ÊºöÙXDˆÚbÔÌp0ìO{š¸›>.) failed (rc=-5) [ 58.027159][ T5939] Bluetooth: hci2: command tx timeout [ 58.107143][ T5939] Bluetooth: hci3: command tx timeout [ 58.107175][ T5284] Bluetooth: hci1: command tx timeout [ 58.107696][ T5934] Bluetooth: hci0: command tx timeout [ 60.107512][ T5284] Bluetooth: hci2: command tx timeout [ 60.187249][ T5284] Bluetooth: hci0: command tx timeout [ 60.187385][ T5939] Bluetooth: hci3: command tx timeout [ 60.197128][ T5939] Bluetooth: hci1: command tx timeout [ 62.187154][ T5939] Bluetooth: hci2: command tx timeout [ 62.267384][ T5939] Bluetooth: hci1: command tx timeout [ 62.267497][ T5284] Bluetooth: hci3: command tx timeout [ 62.267526][ T5934] Bluetooth: hci0: command tx timeout