last executing test programs: 306.021288ms ago: executing program 1 (id=2): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)={0x94, 0x0, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x2}, @HWSIM_ATTR_TX_INFO_FLAGS={0x39, 0x15, "890743a1d8a2063ecac22003b4bf6386d4b41b00cd5a1cd5a49ed0a66d17cc206d6636b9ddc8aa9c9dded9d3be32f51efe869a9328"}, @HWSIM_ATTR_ADDR_RECEIVER={0x3a, 0x1, "c0d006911cf619d430c6b42dc79ff6b7953087a9a52d4b8d4092092fc8930e78eb9df2ee8f26eb49e445aa5ac04c75ccd383abb225a5"}]}, 0x94}, 0x1, 0x0, 0x0, 0x40047}, 0x40001) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000001c0), 0x88e00, 0x0) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r0) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000840)={0x23c, r1, 0x329, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_SERVICE={0x200, 0x1, 0x0, 0x1, [@typed={0x8, 0x6d, 0x0, 0x0, @u32}, @typed={0x8, 0x3, 0x0, 0x0, @uid}, @generic="da607bb295171b5b3b1692910f31c7b5127ce5f6801a846cfe097f1103d4820b2a39b2720f0a05d7fae94765aaa135735529d80dfe7df2a75ad87cb7d06e3808d74c98fe60a94f0b45dd96cc1b1c2fd286f91117b4703f2d80", @nested={0xc8, 0x73, 0x0, 0x1, [@generic="62aabf2871662e9d4c565ebce4218117b529989a7c66a2eaeb4c1c46792e63dc8163a39c6332c1eaed6986759ae0dc20df5b0144469a58a44b5ff9449bba541f23c4e1474b5547b6a4ea953cc747bb984320aa80b45f82b7ca05ec2e6cf40e309371ad297f9e0afa48bb0d19059cf02c094d4195a64046b1e349b184b1c2851a", @nested={0x4, 0x11c}, @typed={0x8, 0xb9, 0x0, 0x0, @pid}, @generic="9cb5bf6fd86a487cf82272a40a326ba371c1600e7446d5389cd25a3bed2c8b276fd3d31e57bbf537", @typed={0xc, 0x3b, 0x0, 0x0, @u64=0x10}, @nested={0x4, 0xf}]}, @generic="5ab96fb2bc33a8479904c5933a65ae08aff96317b23b220f9b0897c432d9e5ab74421cae2bc1a44071b672207cbe18ca7d518141c76484d6acfc3da864a4a1eed7eca6e7e082da8cf6c0af8e303bea84872d102e8891293ebbd15ec74eb41f1917c8b0d2f20caade536d83fc53686158a9c906bc486f7135a5ac32222730d87d8ffa1938d892a84c1e134296fca187a97b70c72da7edd74c2fab2fb9248db49fcd1e203cb163cc6da44d04d300658d5148a1a0ff78803bc0f4709526f9800475596a9f922ff5f367ac5278"]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}]}, 0x23c}, 0x1, 0x0, 0x0, 0x80}, 0x20008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r2, 0x400454ca, 0x38) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8001) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, 0xffffffffffffffff, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r5, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r6, 0x5609, 0xffffffffffffffff) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) 0s ago: executing program 3 (id=4): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/oss/devices\x00', 0x0, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80300, 0x0) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x403, 0x8000) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) socket(0x2, 0x3, 0x2) socket(0x10, 0x2, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x28000, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) open(0x0, 0x163340, 0x6a) socket(0xa, 0x2, 0x88) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x5) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e22, @broadcast}, 0x55) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts. [ 99.333208][ T5821] cgroup: Unknown subsys name 'net' [ 99.465160][ T5821] cgroup: Unknown subsys name 'cpuset' [ 99.475384][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 101.376294][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.703047][ T978] cfg80211: failed to load regulatory.db [ 103.934592][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 103.942823][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.952480][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 103.954394][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.960785][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.976886][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.985118][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.987466][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 104.001318][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 104.009962][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 104.011166][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 104.021026][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 104.031078][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 104.032680][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 104.047984][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.056506][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 104.064635][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 104.075139][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 104.075254][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.091134][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.756158][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 104.812764][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 104.847183][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 104.963184][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 105.148852][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.157329][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.165061][ T5835] bridge_slave_0: entered allmulticast mode [ 105.174314][ T5835] bridge_slave_0: entered promiscuous mode [ 105.235116][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.242487][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.249821][ T5835] bridge_slave_1: entered allmulticast mode [ 105.257425][ T5835] bridge_slave_1: entered promiscuous mode [ 105.265618][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.272913][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.280118][ T5833] bridge_slave_0: entered allmulticast mode [ 105.287889][ T5833] bridge_slave_0: entered promiscuous mode [ 105.317884][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.325277][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.332819][ T5836] bridge_slave_0: entered allmulticast mode [ 105.341167][ T5836] bridge_slave_0: entered promiscuous mode [ 105.366106][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.373516][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.381151][ T5833] bridge_slave_1: entered allmulticast mode [ 105.388570][ T5833] bridge_slave_1: entered promiscuous mode [ 105.426940][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.434278][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.441880][ T5836] bridge_slave_1: entered allmulticast mode [ 105.449321][ T5836] bridge_slave_1: entered promiscuous mode [ 105.494047][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.505980][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.513309][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.521521][ T5834] bridge_slave_0: entered allmulticast mode [ 105.529033][ T5834] bridge_slave_0: entered promiscuous mode [ 105.556224][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.571429][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.583902][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.594376][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.602097][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.609347][ T5834] bridge_slave_1: entered allmulticast mode [ 105.617303][ T5834] bridge_slave_1: entered promiscuous mode [ 105.715079][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.728732][ T5835] team0: Port device team_slave_0 added [ 105.755400][ T5833] team0: Port device team_slave_0 added [ 105.764949][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.777497][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.792664][ T5835] team0: Port device team_slave_1 added [ 105.801628][ T5833] team0: Port device team_slave_1 added [ 105.810042][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.946454][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.953692][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.981528][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.997281][ T5834] team0: Port device team_slave_0 added [ 106.009195][ T5836] team0: Port device team_slave_0 added [ 106.016665][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.024209][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.050440][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.065468][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.073347][ T5850] Bluetooth: hci1: command tx timeout [ 106.078922][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.105086][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.116974][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.124036][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.141519][ T5850] Bluetooth: hci0: command tx timeout [ 106.151141][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.156354][ T5848] Bluetooth: hci2: command tx timeout [ 106.172683][ T51] Bluetooth: hci3: command tx timeout [ 106.180834][ T5834] team0: Port device team_slave_1 added [ 106.209696][ T5836] team0: Port device team_slave_1 added [ 106.277206][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.284717][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.311175][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.337742][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.344972][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.371226][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.384347][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.391463][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.417487][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.443614][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.451063][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.477247][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.544753][ T5835] hsr_slave_0: entered promiscuous mode [ 106.554451][ T5835] hsr_slave_1: entered promiscuous mode [ 106.567425][ T5833] hsr_slave_0: entered promiscuous mode [ 106.574990][ T5833] hsr_slave_1: entered promiscuous mode [ 106.581966][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.589745][ T5833] Cannot create hsr debugfs directory [ 106.725220][ T5836] hsr_slave_0: entered promiscuous mode [ 106.734867][ T5836] hsr_slave_1: entered promiscuous mode [ 106.741461][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.749059][ T5836] Cannot create hsr debugfs directory [ 106.803009][ T5834] hsr_slave_0: entered promiscuous mode [ 106.810682][ T5834] hsr_slave_1: entered promiscuous mode [ 106.816957][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.824625][ T5834] Cannot create hsr debugfs directory [ 107.291209][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.311075][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.335691][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.347793][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.404627][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.426543][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.456472][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.468671][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 107.546616][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.577582][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.589878][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.603173][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.718624][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 107.729897][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 107.753440][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 107.768218][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 107.917598][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.977302][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.004892][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.027192][ T4801] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.034552][ T4801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.076779][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.087908][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.095408][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.137948][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.141804][ T5848] Bluetooth: hci1: command tx timeout [ 108.145228][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.169762][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.190204][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.206743][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.214023][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.222951][ T5848] Bluetooth: hci2: command tx timeout [ 108.228588][ T5848] Bluetooth: hci0: command tx timeout [ 108.235512][ T5850] Bluetooth: hci3: command tx timeout [ 108.293521][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.309532][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.351885][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.359159][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.369777][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.377024][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.400737][ T4801] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.407944][ T4801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.477298][ T4801] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.484595][ T4801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.603612][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 109.059089][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.245984][ T5833] veth0_vlan: entered promiscuous mode [ 109.266163][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.297504][ T5833] veth1_vlan: entered promiscuous mode [ 109.316824][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.375179][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.421456][ T5833] veth0_macvtap: entered promiscuous mode [ 109.457965][ T5833] veth1_macvtap: entered promiscuous mode [ 109.467430][ T5835] veth0_vlan: entered promiscuous mode [ 109.497808][ T5835] veth1_vlan: entered promiscuous mode [ 109.544863][ T5836] veth0_vlan: entered promiscuous mode [ 109.556718][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.589423][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.616820][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.627464][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.638753][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.647681][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.672647][ T5834] veth0_vlan: entered promiscuous mode [ 109.685747][ T5836] veth1_vlan: entered promiscuous mode [ 109.728863][ T5834] veth1_vlan: entered promiscuous mode [ 109.739270][ T5835] veth0_macvtap: entered promiscuous mode [ 109.766095][ T5835] veth1_macvtap: entered promiscuous mode [ 109.866692][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.906844][ T5834] veth0_macvtap: entered promiscuous mode [ 109.925807][ T5836] veth0_macvtap: entered promiscuous mode [ 109.941319][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.954654][ T5834] veth1_macvtap: entered promiscuous mode [ 109.968473][ T5836] veth1_macvtap: entered promiscuous mode [ 109.972842][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.997952][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.018681][ T5835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.031481][ T5835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.040258][ T5835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.049231][ T5835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.096262][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.104876][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.126308][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.201644][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.221892][ T5850] Bluetooth: hci1: command tx timeout [ 110.232964][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.261672][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.288893][ T5834] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.294243][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 110.303168][ T5834] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.317805][ T5850] Bluetooth: hci3: command tx timeout [ 110.327282][ T5850] Bluetooth: hci0: command tx timeout [ 110.330566][ T5834] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.332918][ T5850] Bluetooth: hci2: command tx timeout [ 110.347033][ T5834] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.367879][ T4571] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.384414][ T4571] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.407657][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.416935][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.427853][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.437812][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.567834][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.594426][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.694405][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.726788][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.835613][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.875418][ T5928] [ 110.876172][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.877982][ T5928] ====================================================== [ 110.892526][ T5928] WARNING: possible circular locking dependency detected [ 110.899603][ T5928] 6.16.0-rc1-syzkaller #0 Not tainted [ 110.905018][ T5928] ------------------------------------------------------ [ 110.912075][ T5928] syz.1.2/5928 is trying to acquire lock: [ 110.917824][ T5928] ffffffff8e2666d0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 110.927404][ T5928] [ 110.927404][ T5928] but task is already holding lock: [ 110.934907][ T5928] ffff8881427a29c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 110.943733][ T5928] [ 110.943733][ T5928] which lock already depends on the new lock. [ 110.943733][ T5928] [ 110.954186][ T5928] [ 110.954186][ T5928] the existing dependency chain (in reverse order) is: [ 110.963245][ T5928] [ 110.963245][ T5928] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 110.969704][ T5931] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.971024][ T5928] __mutex_lock+0x199/0xb90 [ 110.971060][ T5928] wbt_init+0x393/0x540 [ 110.971094][ T5928] queue_wb_lat_store+0x354/0x3d0 [ 110.998283][ T5928] queue_attr_store+0x279/0x320 [ 111.003754][ T5928] sysfs_kf_write+0xf2/0x150 [ 111.009032][ T5928] kernfs_fop_write_iter+0x351/0x510 [ 111.015006][ T5928] vfs_write+0x6c4/0x1150 [ 111.019949][ T5928] ksys_write+0x12a/0x250 [ 111.024893][ T5928] do_syscall_64+0xcd/0x490 [ 111.029982][ T5928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.036644][ T5928] [ 111.036644][ T5928] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 111.045357][ T5928] blk_alloc_queue+0x619/0x760 [ 111.050709][ T5928] blk_mq_alloc_queue+0x175/0x290 [ 111.056338][ T5928] __blk_mq_alloc_disk+0x29/0x120 [ 111.061977][ T5928] loop_add+0x49e/0xb70 [ 111.066731][ T5928] loop_init+0x164/0x270 [ 111.071657][ T5928] do_one_initcall+0x120/0x6e0 [ 111.076997][ T5928] kernel_init_freeable+0x5c2/0x900 [ 111.082794][ T5928] kernel_init+0x1c/0x2b0 [ 111.087699][ T5928] ret_from_fork+0x5d4/0x6f0 [ 111.091168][ T5836] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' [ 111.092858][ T5928] ret_from_fork_asm+0x1a/0x30 [ 111.105937][ T5928] [ 111.105937][ T5928] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 111.113227][ T5928] fs_reclaim_acquire+0x102/0x150 [ 111.118848][ T5928] __kmalloc_cache_node_noprof+0x53/0x420 [ 111.125179][ T5928] create_worker+0x10f/0x7e0 [ 111.130454][ T5928] workqueue_prepare_cpu+0xb5/0x160 [ 111.136238][ T5928] cpuhp_invoke_callback+0x3d5/0xa10 [ 111.142123][ T5928] __cpuhp_invoke_callback_range+0x101/0x210 [ 111.148700][ T5928] _cpu_up+0x3f5/0x930 [ 111.153349][ T5928] cpu_up+0x1dc/0x240 [ 111.157916][ T5928] cpuhp_bringup_mask+0xd8/0x210 [ 111.163449][ T5928] bringup_nonboot_cpus+0x176/0x1c0 [ 111.169280][ T5928] smp_init+0x34/0x160 [ 111.173939][ T5928] kernel_init_freeable+0x3a8/0x900 [ 111.179738][ T5928] kernel_init+0x1c/0x2b0 [ 111.184668][ T5928] ret_from_fork+0x5d4/0x6f0 [ 111.188070][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.189833][ T5928] ret_from_fork_asm+0x1a/0x30 [ 111.189874][ T5928] [ 111.189874][ T5928] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 111.210935][ T5928] __lock_acquire+0x126f/0x1c90 [ 111.216401][ T5928] lock_acquire+0x179/0x350 [ 111.221505][ T5928] cpus_read_lock+0x42/0x160 [ 111.223852][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.226746][ T5928] static_key_slow_inc+0x12/0x30 [ 111.239647][ T5928] rq_qos_add+0x2f8/0x4b0 [ 111.244589][ T5928] wbt_init+0x3a9/0x540 [ 111.249356][ T5928] queue_wb_lat_store+0x354/0x3d0 [ 111.254991][ T5928] queue_attr_store+0x279/0x320 [ 111.260435][ T5928] sysfs_kf_write+0xf2/0x150 [ 111.263231][ T5836] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 111.265594][ T5928] kernfs_fop_write_iter+0x351/0x510 [ 111.279775][ T5928] vfs_write+0x6c4/0x1150 [ 111.284782][ T5928] ksys_write+0x12a/0x250 [ 111.289711][ T5928] do_syscall_64+0xcd/0x490 [ 111.294797][ T5928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.301294][ T5928] [ 111.301294][ T5928] other info that might help us debug this: [ 111.301294][ T5928] [ 111.311570][ T5928] Chain exists of: [ 111.311570][ T5928] cpu_hotplug_lock --> &q->q_usage_counter(io)#18 --> &q->rq_qos_mutex [ 111.311570][ T5928] [ 111.325954][ T5928] Possible unsafe locking scenario: [ 111.325954][ T5928] [ 111.333539][ T5928] CPU0 CPU1 [ 111.338956][ T5928] ---- ---- [ 111.344365][ T5928] lock(&q->rq_qos_mutex); [ 111.348940][ T5928] lock(&q->q_usage_counter(io)#18); [ 111.356925][ T5928] lock(&q->rq_qos_mutex); [ 111.364101][ T5928] rlock(cpu_hotplug_lock); [ 111.368743][ T5928] [ 111.368743][ T5928] *** DEADLOCK *** [ 111.368743][ T5928] [ 111.377097][ T5928] 7 locks held by syz.1.2/5928: [ 111.381986][ T5928] #0: ffff88807b7827f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 111.384032][ T4571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.391119][ T5928] #1: ffff888036886428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 111.407507][ T4571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.408026][ T5928] #2: ffff88807e01b088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 111.425186][ T5928] #3: ffff8880260bec38 (kn->active#59){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 111.435309][ T5928] #4: ffff8881427a27c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 111.447094][ T5928] #5: ffff8881427a2800 (&q->q_usage_counter(queue)#19){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 111.459223][ T5928] #6: ffff8881427a29c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 111.468484][ T5928] [ 111.468484][ T5928] stack backtrace: [ 111.474519][ T5928] CPU: 1 UID: 0 PID: 5928 Comm: syz.1.2 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 111.474557][ T5928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.474588][ T5928] Call Trace: [ 111.474603][ T5928] [ 111.474619][ T5928] dump_stack_lvl+0x116/0x1f0 [ 111.474682][ T5928] print_circular_bug+0x275/0x350 [ 111.474725][ T5928] check_noncircular+0x14c/0x170 [ 111.474771][ T5928] __lock_acquire+0x126f/0x1c90 [ 111.474819][ T5928] lock_acquire+0x179/0x350 [ 111.474858][ T5928] ? static_key_slow_inc+0x12/0x30 [ 111.474904][ T5928] ? __pfx___might_resched+0x10/0x10 [ 111.474942][ T5928] cpus_read_lock+0x42/0x160 [ 111.474974][ T5928] ? static_key_slow_inc+0x12/0x30 [ 111.475016][ T5928] static_key_slow_inc+0x12/0x30 [ 111.475060][ T5928] rq_qos_add+0x2f8/0x4b0 [ 111.475112][ T5928] wbt_init+0x3a9/0x540 [ 111.475148][ T5928] queue_wb_lat_store+0x354/0x3d0 [ 111.475202][ T5928] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 111.475254][ T5928] ? __mutex_trylock_common+0xe9/0x250 [ 111.475298][ T5928] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 111.475348][ T5928] queue_attr_store+0x279/0x320 [ 111.475411][ T5928] ? __pfx_queue_attr_store+0x10/0x10 [ 111.475459][ T5928] ? __lock_acquire+0x622/0x1c90 [ 111.475506][ T5928] ? find_held_lock+0x2b/0x80 [ 111.475535][ T5928] ? sysfs_file_kobj+0xe4/0x290 [ 111.475579][ T5928] ? __pfx_queue_attr_store+0x10/0x10 [ 111.475626][ T5928] sysfs_kf_write+0xf2/0x150 [ 111.475664][ T5928] kernfs_fop_write_iter+0x351/0x510 [ 111.475692][ T5928] ? __pfx_sysfs_kf_write+0x10/0x10 [ 111.475726][ T5928] vfs_write+0x6c4/0x1150 [ 111.475770][ T5928] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 111.475803][ T5928] ? __pfx___mutex_lock+0x10/0x10 [ 111.475832][ T5928] ? __pfx_vfs_write+0x10/0x10 [ 111.475892][ T5928] ksys_write+0x12a/0x250 [ 111.475977][ T5928] ? __pfx_ksys_write+0x10/0x10 [ 111.476025][ T5928] do_syscall_64+0xcd/0x490 [ 111.476073][ T5928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.476106][ T5928] RIP: 0033:0x7fae10f8e929 [ 111.476135][ T5928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.476165][ T5928] RSP: 002b:00007fae11d47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.476193][ T5928] RAX: ffffffffffffffda RBX: 00007fae111b6160 RCX: 00007fae10f8e929 [ 111.476214][ T5928] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000006 [ 111.476233][ T5928] RBP: 00007fae11010b39 R08: 0000000000000000 R09: 0000000000000000 [ 111.476251][ T5928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.476268][ T5928] R13: 0000000000000000 R14: 00007fae111b6160 R15: 00007fff20d3a938 [ 111.476297][ T5928] [ 112.300859][ T5850] Bluetooth: hci1: command tx timeout [ 112.380885][ T5850] Bluetooth: hci0: command tx timeout [ 112.380896][ T51] Bluetooth: hci3: command tx timeout [ 112.380933][ T51] Bluetooth: hci2: command tx timeout