last executing test programs: 139.555374ms ago: executing program 3 (id=4): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) pread64$auto(0xffffffffffffffff, 0x0, 0x6, 0x200) 0s ago: executing program 0 (id=1): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)={0x5c, 0x0, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x2}, @HWSIM_ATTR_TX_INFO_FLAGS={0x39, 0x15, "890743a1d8a2063ecac22003b4bf6386d4b41b00cd5a1cd5a49ed0a66d17cc206d6636b9ddc8aa9c9dded9d3be32f51efe869a9328"}, @HWSIM_ATTR_ADDR_RECEIVER={0x4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40047}, 0x40001) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000001c0), 0x88e00, 0x0) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r0) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000840)={0x244, r1, 0x329, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_SERVICE={0x208, 0x1, 0x0, 0x1, [@typed={0x8, 0x6d, 0x0, 0x0, @u32}, @typed={0x8, 0x3, 0x0, 0x0, @uid}, @generic="da607bb295171b5b3b1692910f31c7b5127ce5f6801a846cfe097f1103d4820b2a39b2720f0a05d7fae94765aaa135735529d80dfe7df2a75ad87cb7d06e3808d74c98fe60a94f0b45dd96cc1b1c2fd286f91117b4703f2d80", @nested={0xcd, 0x73, 0x0, 0x1, [@generic="62aabf2871662e9d4c565ebce4218117b529989a7c66a2eaeb4c1c46792e63dc8163a39c6332c1eaed6986759ae0dc20df5b0144469a58a44b5ff9449bba541f23c4e1474b5547b6a4ea953cc747bb984320aa80b45f82b7ca05ec2e6cf40e309371ad297f9e0afa48bb0d19059cf02c094d4195a64046b1e349b184b1c2851a", @nested={0x4, 0x11c}, @typed={0x8, 0xb9, 0x0, 0x0, @pid}, @generic="9cb5bf6fd86a487cf82272a40a326ba371c1600e7446d5389cd25a3bed2c8b276fd3d31e57bbf537b621c9d21d", @typed={0xc, 0x3b, 0x0, 0x0, @u64=0x10}, @nested={0x4, 0xf}]}, @generic="5ab96fb2bc33a8479904c5933a65ae08aff96317b23b220f9b0897c432d9e5ab74421cae2bc1a44071b672207cbe18ca7d518141c76484d6acfc3da864a4a1eed7eca6e7e082da8cf6c0af8e303bea84872d102e8891293ebbd15ec74eb41f1917c8b0d2f20caade536d83fc53686158a9c906bc486f7135a5ac32222730d87d8ffa1938d892a84c1e134296fca187a97b70c72da7edd74c2fab2fb9248db49fcd1e203cb163cc6da44d04d300658d5148a1a0ff78803bc0f4709526f9800475596a9f922ff5f367ac5278"]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}]}, 0x244}, 0x1, 0x0, 0x0, 0x80}, 0x20008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r2, 0x400454ca, 0x38) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8001) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, 0xffffffffffffffff, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r5, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r6, 0x5609, 0xffffffffffffffff) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.15.194' (ED25519) to the list of known hosts. [ 80.975079][ T5827] cgroup: Unknown subsys name 'net' [ 81.128137][ T5827] cgroup: Unknown subsys name 'cpuset' [ 81.136914][ T5827] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.559843][ T5827] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.612991][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.660348][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.668432][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.670740][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.676934][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.684621][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.697258][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.697693][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.710993][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.714402][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.719656][ T5843] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.727920][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.733099][ T5843] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.748151][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.768127][ T5157] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.772931][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.794592][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.802715][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.809756][ T5157] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.820440][ T5157] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.275942][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 85.437706][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 85.448153][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 85.575642][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 85.590084][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.597708][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.605299][ T5836] bridge_slave_0: entered allmulticast mode [ 85.612577][ T5836] bridge_slave_0: entered promiscuous mode [ 85.636694][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.643999][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.651247][ T5836] bridge_slave_1: entered allmulticast mode [ 85.659308][ T5836] bridge_slave_1: entered promiscuous mode [ 85.772022][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.779265][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.786487][ T5845] bridge_slave_0: entered allmulticast mode [ 85.793430][ T5845] bridge_slave_0: entered promiscuous mode [ 85.806034][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.817802][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.827936][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.835336][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.842918][ T5841] bridge_slave_0: entered allmulticast mode [ 85.849853][ T5841] bridge_slave_0: entered promiscuous mode [ 85.861564][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.868783][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.876437][ T5845] bridge_slave_1: entered allmulticast mode [ 85.883572][ T5845] bridge_slave_1: entered promiscuous mode [ 85.901715][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.909121][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.916737][ T5841] bridge_slave_1: entered allmulticast mode [ 85.923898][ T5841] bridge_slave_1: entered promiscuous mode [ 86.014380][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.026894][ T5836] team0: Port device team_slave_0 added [ 86.037254][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.047198][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.056291][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.063943][ T5849] bridge_slave_0: entered allmulticast mode [ 86.070846][ T5849] bridge_slave_0: entered promiscuous mode [ 86.081777][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.093365][ T5836] team0: Port device team_slave_1 added [ 86.115872][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.125334][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.132912][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.140036][ T5849] bridge_slave_1: entered allmulticast mode [ 86.147561][ T5849] bridge_slave_1: entered promiscuous mode [ 86.215300][ T5845] team0: Port device team_slave_0 added [ 86.246689][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.253676][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.279591][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.293640][ T5845] team0: Port device team_slave_1 added [ 86.301948][ T5841] team0: Port device team_slave_0 added [ 86.311007][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.323932][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.333625][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.340575][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.367276][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.391466][ T5841] team0: Port device team_slave_1 added [ 86.471664][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.479015][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.505197][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.521076][ T5849] team0: Port device team_slave_0 added [ 86.530496][ T5849] team0: Port device team_slave_1 added [ 86.537738][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.544941][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.570918][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.584155][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.591115][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.619917][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.631629][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.638640][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.664635][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.757445][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.765236][ T5840] Bluetooth: hci0: command tx timeout [ 86.770938][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.798056][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.842674][ T5840] Bluetooth: hci2: command tx timeout [ 86.843539][ T5157] Bluetooth: hci3: command tx timeout [ 86.888273][ T5845] hsr_slave_0: entered promiscuous mode [ 86.895217][ T5845] hsr_slave_1: entered promiscuous mode [ 86.903191][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.910152][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.922577][ T5157] Bluetooth: hci1: command tx timeout [ 86.945790][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.968746][ T5836] hsr_slave_0: entered promiscuous mode [ 86.981212][ T5836] hsr_slave_1: entered promiscuous mode [ 86.991119][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.998993][ T5836] Cannot create hsr debugfs directory [ 87.145154][ T5841] hsr_slave_0: entered promiscuous mode [ 87.151372][ T5841] hsr_slave_1: entered promiscuous mode [ 87.157881][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.165765][ T5841] Cannot create hsr debugfs directory [ 87.201249][ T5849] hsr_slave_0: entered promiscuous mode [ 87.207504][ T5849] hsr_slave_1: entered promiscuous mode [ 87.213708][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.221268][ T5849] Cannot create hsr debugfs directory [ 87.620970][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.648899][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.666274][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.683531][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.725646][ T5845] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.737125][ T5845] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.749904][ T5845] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.769844][ T5845] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.823417][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.836979][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.856866][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.867659][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.965327][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.978702][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.989059][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.009755][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.157386][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.184983][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.217378][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.249252][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.261553][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.285596][ T3539] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.292917][ T3539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.309667][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.316850][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.349767][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.356920][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.368389][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.380732][ T3539] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.387917][ T3539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.401451][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.431258][ T3539] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.438428][ T3539] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.460383][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.484485][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.491635][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.512293][ T3420] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.519432][ T3420] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.588153][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.595301][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.766837][ T5849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.842660][ T5157] Bluetooth: hci0: command tx timeout [ 88.923363][ T5157] Bluetooth: hci2: command tx timeout [ 88.925124][ T5840] Bluetooth: hci3: command tx timeout [ 89.002677][ T5840] Bluetooth: hci1: command tx timeout [ 89.116737][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.180576][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.267290][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.283411][ T5845] veth0_vlan: entered promiscuous mode [ 89.300698][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.331669][ T5845] veth1_vlan: entered promiscuous mode [ 89.376558][ T5836] veth0_vlan: entered promiscuous mode [ 89.395771][ T5836] veth1_vlan: entered promiscuous mode [ 89.463513][ T5845] veth0_macvtap: entered promiscuous mode [ 89.476005][ T5841] veth0_vlan: entered promiscuous mode [ 89.489814][ T5845] veth1_macvtap: entered promiscuous mode [ 89.502679][ T5849] veth0_vlan: entered promiscuous mode [ 89.533761][ T5836] veth0_macvtap: entered promiscuous mode [ 89.547543][ T5836] veth1_macvtap: entered promiscuous mode [ 89.558177][ T5841] veth1_vlan: entered promiscuous mode [ 89.567773][ T5849] veth1_vlan: entered promiscuous mode [ 89.579823][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.608744][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.630198][ T5845] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.639643][ T5845] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.650662][ T5845] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.659459][ T5845] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.676761][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.705600][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.718703][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.729595][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.740768][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.749627][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.808288][ T5841] veth0_macvtap: entered promiscuous mode [ 89.835164][ T5849] veth0_macvtap: entered promiscuous mode [ 89.854490][ T5841] veth1_macvtap: entered promiscuous mode [ 89.894228][ T5849] veth1_macvtap: entered promiscuous mode [ 89.912011][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.929516][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.937161][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.964489][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.979035][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.010686][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.022201][ T5841] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.031073][ T5841] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.040735][ T5841] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.049714][ T5841] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.081404][ T5849] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.090483][ T5849] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.099271][ T5849] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.108003][ T5849] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.125197][ T3420] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.133886][ T3420] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.161680][ T3420] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.185656][ T3420] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.229859][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 90.294711][ T3420] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.308157][ T3420] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.382137][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.397077][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.505852][ T3420] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.525495][ T3420] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.610468][ T3539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.652895][ T3539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.705562][ T3539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.726854][ T3539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.737317][ T5936] [ 90.739673][ T5936] ====================================================== [ 90.746704][ T5936] WARNING: possible circular locking dependency detected [ 90.753754][ T5936] 6.16.0-rc1-syzkaller #0 Not tainted [ 90.759142][ T5936] ------------------------------------------------------ [ 90.766168][ T5936] syz.0.1/5936 is trying to acquire lock: [ 90.771883][ T5936] ffffffff8e2666d0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 90.781396][ T5936] [ 90.781396][ T5936] but task is already holding lock: [ 90.788754][ T5936] ffff888025f929c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 90.797475][ T5936] [ 90.797475][ T5936] which lock already depends on the new lock. [ 90.797475][ T5936] [ 90.807876][ T5936] [ 90.807876][ T5936] the existing dependency chain (in reverse order) is: [ 90.816885][ T5936] [ 90.816885][ T5936] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 90.824636][ T5936] __mutex_lock+0x199/0xb90 [ 90.829662][ T5936] wbt_init+0x393/0x540 [ 90.834339][ T5936] queue_wb_lat_store+0x354/0x3d0 [ 90.839897][ T5936] queue_attr_store+0x279/0x320 [ 90.845283][ T5936] sysfs_kf_write+0xf2/0x150 [ 90.850400][ T5936] kernfs_fop_write_iter+0x351/0x510 [ 90.856205][ T5936] vfs_write+0x6c4/0x1150 [ 90.861062][ T5936] ksys_write+0x12a/0x250 [ 90.865919][ T5936] do_syscall_64+0xcd/0x490 [ 90.871030][ T5936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.877445][ T5936] [ 90.877445][ T5936] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 90.886069][ T5936] blk_alloc_queue+0x619/0x760 [ 90.891363][ T5936] blk_mq_alloc_queue+0x175/0x290 [ 90.896920][ T5936] __blk_mq_alloc_disk+0x29/0x120 [ 90.902491][ T5936] loop_add+0x49e/0xb70 [ 90.907171][ T5936] loop_init+0x164/0x270 [ 90.911939][ T5936] do_one_initcall+0x120/0x6e0 [ 90.917225][ T5936] kernel_init_freeable+0x5c2/0x900 [ 90.922951][ T5936] kernel_init+0x1c/0x2b0 [ 90.927808][ T5936] ret_from_fork+0x5d4/0x6f0 [ 90.932929][ T5936] ret_from_fork_asm+0x1a/0x30 [ 90.938216][ T5936] [ 90.938216][ T5936] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 90.945437][ T5936] fs_reclaim_acquire+0x102/0x150 [ 90.950995][ T5936] __kmalloc_cache_node_noprof+0x53/0x420 [ 90.957246][ T5936] create_worker+0x10f/0x7e0 [ 90.962365][ T5936] workqueue_prepare_cpu+0xb5/0x160 [ 90.968089][ T5936] cpuhp_invoke_callback+0x3d5/0xa10 [ 90.973908][ T5936] __cpuhp_invoke_callback_range+0x101/0x210 [ 90.980420][ T5936] _cpu_up+0x3f5/0x930 [ 90.985014][ T5936] cpu_up+0x1dc/0x240 [ 90.989525][ T5936] cpuhp_bringup_mask+0xd8/0x210 [ 90.995001][ T5936] bringup_nonboot_cpus+0x176/0x1c0 [ 91.000735][ T5936] smp_init+0x34/0x160 [ 91.005331][ T5936] kernel_init_freeable+0x3a8/0x900 [ 91.011061][ T5936] kernel_init+0x1c/0x2b0 [ 91.015919][ T5936] ret_from_fork+0x5d4/0x6f0 [ 91.021040][ T5936] ret_from_fork_asm+0x1a/0x30 [ 91.026328][ T5936] [ 91.026328][ T5936] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 91.034066][ T5936] __lock_acquire+0x126f/0x1c90 [ 91.039443][ T5936] lock_acquire+0x179/0x350 [ 91.044473][ T5936] cpus_read_lock+0x42/0x160 [ 91.049585][ T5936] static_key_slow_inc+0x12/0x30 [ 91.055052][ T5936] rq_qos_add+0x2f8/0x4b0 [ 91.059909][ T5936] wbt_init+0x3a9/0x540 [ 91.064587][ T5936] queue_wb_lat_store+0x354/0x3d0 [ 91.070141][ T5936] queue_attr_store+0x279/0x320 [ 91.075521][ T5936] sysfs_kf_write+0xf2/0x150 [ 91.080640][ T5936] kernfs_fop_write_iter+0x351/0x510 [ 91.086444][ T5936] vfs_write+0x6c4/0x1150 [ 91.091307][ T5936] ksys_write+0x12a/0x250 [ 91.096168][ T5936] do_syscall_64+0xcd/0x490 [ 91.101193][ T5936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.107612][ T5936] [ 91.107612][ T5936] other info that might help us debug this: [ 91.107612][ T5936] [ 91.117833][ T5936] Chain exists of: [ 91.117833][ T5936] cpu_hotplug_lock --> &q->q_usage_counter(io)#18 --> &q->rq_qos_mutex [ 91.117833][ T5936] [ 91.132020][ T5936] Possible unsafe locking scenario: [ 91.132020][ T5936] [ 91.139464][ T5936] CPU0 CPU1 [ 91.144825][ T5936] ---- ---- [ 91.150181][ T5936] lock(&q->rq_qos_mutex); [ 91.154686][ T5936] lock(&q->q_usage_counter(io)#18); [ 91.162588][ T5936] lock(&q->rq_qos_mutex); [ 91.169612][ T5936] rlock(cpu_hotplug_lock); [ 91.174201][ T5936] [ 91.174201][ T5936] *** DEADLOCK *** [ 91.174201][ T5936] [ 91.182349][ T5936] 7 locks held by syz.0.1/5936: [ 91.187193][ T5936] #0: ffff888032ba62b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 91.196271][ T5936] #1: ffff888035ff6428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 91.205266][ T5936] #2: ffff88805a55b888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 91.215033][ T5936] #3: ffff888142b8d698 (kn->active#59){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 91.225070][ T5936] #4: ffff888025f927c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 91.236758][ T5936] #5: ffff888025f92800 (&q->q_usage_counter(queue)#19){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 91.248704][ T5936] #6: ffff888025f929c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 91.257868][ T5936] [ 91.257868][ T5936] stack backtrace: [ 91.263762][ T5936] CPU: 1 UID: 0 PID: 5936 Comm: syz.0.1 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 91.263788][ T5936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.263803][ T5936] Call Trace: [ 91.263813][ T5936] [ 91.263824][ T5936] dump_stack_lvl+0x116/0x1f0 [ 91.263860][ T5936] print_circular_bug+0x275/0x350 [ 91.263887][ T5936] check_noncircular+0x14c/0x170 [ 91.263916][ T5936] __lock_acquire+0x126f/0x1c90 [ 91.263946][ T5936] lock_acquire+0x179/0x350 [ 91.263971][ T5936] ? static_key_slow_inc+0x12/0x30 [ 91.264000][ T5936] ? __pfx___might_resched+0x10/0x10 [ 91.264024][ T5936] cpus_read_lock+0x42/0x160 [ 91.264045][ T5936] ? static_key_slow_inc+0x12/0x30 [ 91.264072][ T5936] static_key_slow_inc+0x12/0x30 [ 91.264098][ T5936] rq_qos_add+0x2f8/0x4b0 [ 91.264128][ T5936] wbt_init+0x3a9/0x540 [ 91.264151][ T5936] queue_wb_lat_store+0x354/0x3d0 [ 91.264183][ T5936] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 91.264216][ T5936] ? __mutex_trylock_common+0xe9/0x250 [ 91.264243][ T5936] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 91.264275][ T5936] queue_attr_store+0x279/0x320 [ 91.264307][ T5936] ? __pfx_queue_attr_store+0x10/0x10 [ 91.264337][ T5936] ? __lock_acquire+0x622/0x1c90 [ 91.264368][ T5936] ? find_held_lock+0x2b/0x80 [ 91.264388][ T5936] ? sysfs_file_kobj+0xe4/0x290 [ 91.264414][ T5936] ? __pfx_queue_attr_store+0x10/0x10 [ 91.264445][ T5936] sysfs_kf_write+0xf2/0x150 [ 91.264469][ T5936] kernfs_fop_write_iter+0x351/0x510 [ 91.264490][ T5936] ? __pfx_sysfs_kf_write+0x10/0x10 [ 91.264519][ T5936] vfs_write+0x6c4/0x1150 [ 91.264548][ T5936] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 91.264571][ T5936] ? __pfx___mutex_lock+0x10/0x10 [ 91.264590][ T5936] ? __pfx_vfs_write+0x10/0x10 [ 91.264625][ T5936] ksys_write+0x12a/0x250 [ 91.264652][ T5936] ? __pfx_ksys_write+0x10/0x10 [ 91.264684][ T5936] do_syscall_64+0xcd/0x490 [ 91.264704][ T5936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.264726][ T5936] RIP: 0033:0x7f7a0598e929 [ 91.264748][ T5936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.264772][ T5936] RSP: 002b:00007f7a0675c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 91.264791][ T5936] RAX: ffffffffffffffda RBX: 00007f7a05bb6080 RCX: 00007f7a0598e929 [ 91.264805][ T5936] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000006 [ 91.264818][ T5936] RBP: 00007f7a05a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 91.264831][ T5936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.264844][ T5936] R13: 0000000000000000 R14: 00007f7a05bb6080 R15: 00007ffec03e69a8 [ 91.264863][ T5936] [ 91.595761][ T5840] Bluetooth: hci3: command tx timeout [ 91.601190][ T5840] Bluetooth: hci1: command tx timeout [ 91.607227][ T5840] Bluetooth: hci0: command tx timeout [ 91.613391][ T5840] Bluetooth: hci2: command tx timeout [ 91.809952][ T10] cfg80211: failed to load regulatory.db [ 93.642608][ T5157] Bluetooth: hci2: command tx timeout [ 93.648093][ T5157] Bluetooth: hci0: command tx timeout [ 93.648179][ T5840] Bluetooth: hci1: command tx timeout [ 93.654016][ T50] Bluetooth: hci3: command tx timeout