last executing test programs: 0s ago: executing program 1 (id=2): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)={0x94, 0x0, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x2}, @HWSIM_ATTR_TX_INFO_FLAGS={0x39, 0x15, "890743a1d8a2063ecac22003b4bf6386d4b41b00cd5a1cd5a49ed0a66d17cc206d6636b9ddc8aa9c9dded9d3be32f51efe869a9328"}, @HWSIM_ATTR_ADDR_RECEIVER={0x3a, 0x1, "c0d006911cf619d430c6b42dc79ff6b7953087a9a52d4b8d4092092fc8930e78eb9df2ee8f26eb49e445aa5ac04c75ccd383abb225a5"}]}, 0x94}, 0x1, 0x0, 0x0, 0x40047}, 0x40001) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000001c0), 0x88e00, 0x0) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r0) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000840)={0x238, r1, 0x329, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_SERVICE={0x1fc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6d, 0x0, 0x0, @u32}, @typed={0x8, 0x3, 0x0, 0x0, @uid}, @generic="da607bb295171b5b3b1692910f31c7b5127ce5f6801a846cfe097f1103d4820b2a39b2720f0a05d7fae94765aaa135735529d80dfe7df2a75ad87cb7d06e3808d74c98fe60a94f0b45dd96cc1b1c2fd286f91117b4703f2d80", @nested={0xc2, 0x73, 0x0, 0x1, [@generic="62aabf2871662e9d4c565ebce4218117b529989a7c66a2eaeb4c1c46792e63dc8163a39c6332c1eaed6986759ae0dc20df5b0144469a58a44b5ff9449bba541f23c4e1474b5547b6a4ea953cc747bb984320aa80b45f82b7ca05ec2e6cf40e309371ad297f9e0afa48bb0d19059cf02c094d4195a64046b1e349b184b1c2851a", @nested={0x4, 0x11c}, @typed={0x8, 0xb9, 0x0, 0x0, @pid}, @generic="9cb5bf6fd86a487cf82272a40a326ba371c1600e7446d5389cd25a3bed2c8b276fd3", @typed={0xc, 0x3b, 0x0, 0x0, @u64=0x10}, @nested={0x4, 0xf}]}, @generic="5ab96fb2bc33a8479904c5933a65ae08aff96317b23b220f9b0897c432d9e5ab74421cae2bc1a44071b672207cbe18ca7d518141c76484d6acfc3da864a4a1eed7eca6e7e082da8cf6c0af8e303bea84872d102e8891293ebbd15ec74eb41f1917c8b0d2f20caade536d83fc53686158a9c906bc486f7135a5ac32222730d87d8ffa1938d892a84c1e134296fca187a97b70c72da7edd74c2fab2fb9248db49fcd1e203cb163cc6da44d04d300658d5148a1a0ff78803bc0f4709526f9800475596a9f922ff5f367ac5278"]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}]}, 0x238}, 0x1, 0x0, 0x0, 0x80}, 0x20008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r2, 0x400454ca, 0x38) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8001) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, 0xffffffffffffffff, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r5, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r6, 0x5609, 0xffffffffffffffff) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts. [ 97.863268][ T5823] cgroup: Unknown subsys name 'net' [ 97.959123][ T5823] cgroup: Unknown subsys name 'cpuset' [ 97.968782][ T5823] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 99.793546][ T5823] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.090491][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.098981][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.107306][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.167365][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.168982][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.176179][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.182658][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.189416][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.196839][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.207909][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.210528][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.217701][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.225470][ T1213] cfg80211: failed to load regulatory.db [ 102.232405][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.267630][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 102.301447][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 102.311675][ T5156] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.321308][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.329662][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.344261][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.352159][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 102.781373][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 103.022162][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.030416][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.038342][ T5838] bridge_slave_0: entered allmulticast mode [ 103.046192][ T5838] bridge_slave_0: entered promiscuous mode [ 103.059031][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.066234][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.073420][ T5838] bridge_slave_1: entered allmulticast mode [ 103.081376][ T5838] bridge_slave_1: entered promiscuous mode [ 103.093505][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 103.105759][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 103.192310][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.206264][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.332380][ T5838] team0: Port device team_slave_0 added [ 103.359168][ T5838] team0: Port device team_slave_1 added [ 103.365659][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 103.452865][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.461631][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.488086][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.553254][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.560671][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.568728][ T5842] bridge_slave_0: entered allmulticast mode [ 103.577055][ T5842] bridge_slave_0: entered promiscuous mode [ 103.586203][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.593198][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.619274][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.637283][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.644466][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.651768][ T5846] bridge_slave_0: entered allmulticast mode [ 103.659213][ T5846] bridge_slave_0: entered promiscuous mode [ 103.667818][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.675122][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.682499][ T5842] bridge_slave_1: entered allmulticast mode [ 103.690131][ T5842] bridge_slave_1: entered promiscuous mode [ 103.731888][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.740001][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.747879][ T5846] bridge_slave_1: entered allmulticast mode [ 103.755642][ T5846] bridge_slave_1: entered promiscuous mode [ 103.780167][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.793064][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.909848][ T5842] team0: Port device team_slave_0 added [ 103.918891][ T5842] team0: Port device team_slave_1 added [ 103.926267][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.933446][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.941443][ T5852] bridge_slave_0: entered allmulticast mode [ 103.949234][ T5852] bridge_slave_0: entered promiscuous mode [ 103.957394][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.964505][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.971843][ T5852] bridge_slave_1: entered allmulticast mode [ 103.979990][ T5852] bridge_slave_1: entered promiscuous mode [ 103.989943][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.058048][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.086691][ T5838] hsr_slave_0: entered promiscuous mode [ 104.093859][ T5838] hsr_slave_1: entered promiscuous mode [ 104.116069][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.123054][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.149446][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.198069][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.205988][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.232435][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.246331][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.260056][ T5846] team0: Port device team_slave_0 added [ 104.289813][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.295818][ T5849] Bluetooth: hci0: command tx timeout [ 104.319625][ T5846] team0: Port device team_slave_1 added [ 104.365136][ T5849] Bluetooth: hci1: command tx timeout [ 104.396698][ T5852] team0: Port device team_slave_0 added [ 104.439815][ T5852] team0: Port device team_slave_1 added [ 104.445557][ T5849] Bluetooth: hci2: command tx timeout [ 104.452546][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.460510][ T5849] Bluetooth: hci3: command tx timeout [ 104.464928][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.493050][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.547187][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.554266][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.580552][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.606720][ T5842] hsr_slave_0: entered promiscuous mode [ 104.613205][ T5842] hsr_slave_1: entered promiscuous mode [ 104.619664][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.627526][ T5842] Cannot create hsr debugfs directory [ 104.685339][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.692366][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.718788][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.731667][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.739217][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.765573][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.896942][ T5846] hsr_slave_0: entered promiscuous mode [ 104.903355][ T5846] hsr_slave_1: entered promiscuous mode [ 104.910290][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.918517][ T5846] Cannot create hsr debugfs directory [ 104.970481][ T5852] hsr_slave_0: entered promiscuous mode [ 104.979067][ T5852] hsr_slave_1: entered promiscuous mode [ 104.985461][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.993038][ T5852] Cannot create hsr debugfs directory [ 105.109164][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 105.158927][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 105.196156][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 105.232915][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 105.401795][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 105.440351][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 105.473563][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 105.492326][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 105.568441][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 105.597158][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 105.621374][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 105.646659][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 105.758906][ T5852] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.773001][ T5852] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.797629][ T5852] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.809255][ T5852] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.909854][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.000230][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.017721][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.034521][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.071601][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.078991][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.100084][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.107339][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.121911][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.159406][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.166637][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.183962][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.233439][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.240621][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.254399][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.261595][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.291484][ T5838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 106.315279][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.322475][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.364931][ T5849] Bluetooth: hci0: command tx timeout [ 106.387693][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.455236][ T5849] Bluetooth: hci1: command tx timeout [ 106.535689][ T5849] Bluetooth: hci3: command tx timeout [ 106.537132][ T5845] Bluetooth: hci2: command tx timeout [ 106.552306][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.608278][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.617485][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.691446][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.698740][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.943628][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.041977][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.152411][ T5838] veth0_vlan: entered promiscuous mode [ 107.203492][ T5838] veth1_vlan: entered promiscuous mode [ 107.224024][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.256841][ T5846] veth0_vlan: entered promiscuous mode [ 107.315725][ T5846] veth1_vlan: entered promiscuous mode [ 107.360165][ T5838] veth0_macvtap: entered promiscuous mode [ 107.381530][ T5838] veth1_macvtap: entered promiscuous mode [ 107.402713][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.428846][ T5842] veth0_vlan: entered promiscuous mode [ 107.452181][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.480587][ T5846] veth0_macvtap: entered promiscuous mode [ 107.490715][ T5842] veth1_vlan: entered promiscuous mode [ 107.503992][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.514655][ T5846] veth1_macvtap: entered promiscuous mode [ 107.542580][ T5838] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.552506][ T5838] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.564424][ T5838] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.574863][ T5838] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.644220][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.671303][ T5852] veth0_vlan: entered promiscuous mode [ 107.691507][ T5842] veth0_macvtap: entered promiscuous mode [ 107.720407][ T5842] veth1_macvtap: entered promiscuous mode [ 107.732980][ T5852] veth1_vlan: entered promiscuous mode [ 107.748930][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.793544][ T5846] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.806536][ T5846] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.817054][ T5846] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.825919][ T5846] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.868237][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.900155][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.908954][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.919552][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.949788][ T5842] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.958788][ T5842] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.969091][ T5842] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.980590][ T5842] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.020073][ T5852] veth0_macvtap: entered promiscuous mode [ 108.043847][ T5852] veth1_macvtap: entered promiscuous mode [ 108.081860][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.098807][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.149412][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.169431][ T4479] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.174326][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.185767][ T4479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.210853][ T5852] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.220183][ T5852] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.229830][ T5852] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.238667][ T5852] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.257298][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 108.425698][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.433606][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.446410][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.447676][ T5845] Bluetooth: hci0: command tx timeout [ 108.490255][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.527318][ T5845] Bluetooth: hci1: command tx timeout [ 108.605594][ T5845] Bluetooth: hci2: command tx timeout [ 108.611095][ T5845] Bluetooth: hci3: command tx timeout [ 108.647936][ T30] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.685986][ T30] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.705684][ T5928] [ 108.708083][ T5928] ====================================================== [ 108.715135][ T5928] WARNING: possible circular locking dependency detected [ 108.722212][ T5928] 6.16.0-rc1-syzkaller #0 Not tainted [ 108.727630][ T5928] ------------------------------------------------------ [ 108.734682][ T5928] syz.1.2/5928 is trying to acquire lock: [ 108.740427][ T5928] ffffffff8e2666d0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 108.749998][ T5928] [ 108.749998][ T5928] but task is already holding lock: [ 108.757392][ T5928] ffff8881427c29c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 108.766151][ T5928] [ 108.766151][ T5928] which lock already depends on the new lock. [ 108.766151][ T5928] [ 108.776572][ T5928] [ 108.776572][ T5928] the existing dependency chain (in reverse order) is: [ 108.785608][ T5928] [ 108.785608][ T5928] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 108.793384][ T5928] __mutex_lock+0x199/0xb90 [ 108.798439][ T5928] wbt_init+0x393/0x540 [ 108.803153][ T5928] queue_wb_lat_store+0x354/0x3d0 [ 108.808758][ T5928] queue_attr_store+0x279/0x320 [ 108.814181][ T5928] sysfs_kf_write+0xf2/0x150 [ 108.819329][ T5928] kernfs_fop_write_iter+0x351/0x510 [ 108.825166][ T5928] vfs_write+0x6c4/0x1150 [ 108.830059][ T5928] ksys_write+0x12a/0x250 [ 108.834949][ T5928] do_syscall_64+0xcd/0x490 [ 108.839998][ T5928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.846442][ T5928] [ 108.846442][ T5928] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 108.855096][ T5928] blk_alloc_queue+0x619/0x760 [ 108.860418][ T5928] blk_mq_alloc_queue+0x175/0x290 [ 108.866005][ T5928] __blk_mq_alloc_disk+0x29/0x120 [ 108.871588][ T5928] loop_add+0x49e/0xb70 [ 108.876311][ T5928] loop_init+0x164/0x270 [ 108.881115][ T5928] do_one_initcall+0x120/0x6e0 [ 108.886429][ T5928] kernel_init_freeable+0x5c2/0x900 [ 108.892187][ T5928] kernel_init+0x1c/0x2b0 [ 108.897069][ T5928] ret_from_fork+0x5d4/0x6f0 [ 108.902221][ T5928] ret_from_fork_asm+0x1a/0x30 [ 108.907533][ T5928] [ 108.907533][ T5928] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 108.914783][ T5928] fs_reclaim_acquire+0x102/0x150 [ 108.920377][ T5928] __kmalloc_cache_node_noprof+0x53/0x420 [ 108.926652][ T5928] create_worker+0x10f/0x7e0 [ 108.931817][ T5928] workqueue_prepare_cpu+0xb5/0x160 [ 108.937576][ T5928] cpuhp_invoke_callback+0x3d5/0xa10 [ 108.943410][ T5928] __cpuhp_invoke_callback_range+0x101/0x210 [ 108.949945][ T5928] _cpu_up+0x3f5/0x930 [ 108.954566][ T5928] cpu_up+0x1dc/0x240 [ 108.959104][ T5928] cpuhp_bringup_mask+0xd8/0x210 [ 108.964610][ T5928] bringup_nonboot_cpus+0x176/0x1c0 [ 108.970366][ T5928] smp_init+0x34/0x160 [ 108.974985][ T5928] kernel_init_freeable+0x3a8/0x900 [ 108.980741][ T5928] kernel_init+0x1c/0x2b0 [ 108.985621][ T5928] ret_from_fork+0x5d4/0x6f0 [ 108.990770][ T5928] ret_from_fork_asm+0x1a/0x30 [ 108.996085][ T5928] [ 108.996085][ T5928] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 109.003886][ T5928] __lock_acquire+0x126f/0x1c90 [ 109.009297][ T5928] lock_acquire+0x179/0x350 [ 109.014356][ T5928] cpus_read_lock+0x42/0x160 [ 109.019505][ T5928] static_key_slow_inc+0x12/0x30 [ 109.024994][ T5928] rq_qos_add+0x2f8/0x4b0 [ 109.029882][ T5928] wbt_init+0x3a9/0x540 [ 109.034589][ T5928] queue_wb_lat_store+0x354/0x3d0 [ 109.040171][ T5928] queue_attr_store+0x279/0x320 [ 109.045596][ T5928] sysfs_kf_write+0xf2/0x150 [ 109.050736][ T5928] kernfs_fop_write_iter+0x351/0x510 [ 109.056567][ T5928] vfs_write+0x6c4/0x1150 [ 109.061452][ T5928] ksys_write+0x12a/0x250 [ 109.066340][ T5928] do_syscall_64+0xcd/0x490 [ 109.071390][ T5928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.077826][ T5928] [ 109.077826][ T5928] other info that might help us debug this: [ 109.077826][ T5928] [ 109.088079][ T5928] Chain exists of: [ 109.088079][ T5928] cpu_hotplug_lock --> &q->q_usage_counter(io)#18 --> &q->rq_qos_mutex [ 109.088079][ T5928] [ 109.102316][ T5928] Possible unsafe locking scenario: [ 109.102316][ T5928] [ 109.109790][ T5928] CPU0 CPU1 [ 109.115183][ T5928] ---- ---- [ 109.120572][ T5928] lock(&q->rq_qos_mutex); [ 109.125108][ T5928] lock(&q->q_usage_counter(io)#18); [ 109.133043][ T5928] lock(&q->rq_qos_mutex); [ 109.140095][ T5928] rlock(cpu_hotplug_lock); [ 109.144714][ T5928] [ 109.144714][ T5928] *** DEADLOCK *** [ 109.144714][ T5928] [ 109.152886][ T5928] 7 locks held by syz.1.2/5928: [ 109.157764][ T5928] #0: ffff888034d99cf8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 109.166900][ T5928] #1: ffff888024754428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 109.175948][ T5928] #2: ffff888034e51488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 109.185761][ T5928] #3: ffff888142b024b8 (kn->active#59){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 109.195844][ T5928] #4: ffff8881427c27c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 109.207617][ T5928] #5: ffff8881427c2800 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 109.219602][ T5928] #6: ffff8881427c29c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 109.228797][ T5928] [ 109.228797][ T5928] stack backtrace: [ 109.234722][ T5928] CPU: 0 UID: 0 PID: 5928 Comm: syz.1.2 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 109.234754][ T5928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.234774][ T5928] Call Trace: [ 109.234788][ T5928] [ 109.234801][ T5928] dump_stack_lvl+0x116/0x1f0 [ 109.234850][ T5928] print_circular_bug+0x275/0x350 [ 109.234885][ T5928] check_noncircular+0x14c/0x170 [ 109.234920][ T5928] __lock_acquire+0x126f/0x1c90 [ 109.234959][ T5928] lock_acquire+0x179/0x350 [ 109.234991][ T5928] ? static_key_slow_inc+0x12/0x30 [ 109.235028][ T5928] ? __pfx___might_resched+0x10/0x10 [ 109.235058][ T5928] cpus_read_lock+0x42/0x160 [ 109.235089][ T5928] ? static_key_slow_inc+0x12/0x30 [ 109.235123][ T5928] static_key_slow_inc+0x12/0x30 [ 109.235157][ T5928] rq_qos_add+0x2f8/0x4b0 [ 109.235194][ T5928] wbt_init+0x3a9/0x540 [ 109.235222][ T5928] queue_wb_lat_store+0x354/0x3d0 [ 109.235264][ T5928] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 109.235307][ T5928] ? __mutex_trylock_common+0xe9/0x250 [ 109.235343][ T5928] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 109.235383][ T5928] queue_attr_store+0x279/0x320 [ 109.235425][ T5928] ? __pfx_queue_attr_store+0x10/0x10 [ 109.235465][ T5928] ? __lock_acquire+0x622/0x1c90 [ 109.235505][ T5928] ? find_held_lock+0x2b/0x80 [ 109.235529][ T5928] ? sysfs_file_kobj+0xe4/0x290 [ 109.235561][ T5928] ? __pfx_queue_attr_store+0x10/0x10 [ 109.235601][ T5928] sysfs_kf_write+0xf2/0x150 [ 109.235632][ T5928] kernfs_fop_write_iter+0x351/0x510 [ 109.235658][ T5928] ? __pfx_sysfs_kf_write+0x10/0x10 [ 109.235689][ T5928] vfs_write+0x6c4/0x1150 [ 109.235725][ T5928] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 109.235753][ T5928] ? __pfx___mutex_lock+0x10/0x10 [ 109.235776][ T5928] ? __pfx_vfs_write+0x10/0x10 [ 109.235823][ T5928] ksys_write+0x12a/0x250 [ 109.235859][ T5928] ? __pfx_ksys_write+0x10/0x10 [ 109.235899][ T5928] do_syscall_64+0xcd/0x490 [ 109.235923][ T5928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.235950][ T5928] RIP: 0033:0x7fd6de58e929 [ 109.235978][ T5928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.236002][ T5928] RSP: 002b:00007fd6df483038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 109.236026][ T5928] RAX: ffffffffffffffda RBX: 00007fd6de7b6080 RCX: 00007fd6de58e929 [ 109.236043][ T5928] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000006 [ 109.236058][ T5928] RBP: 00007fd6de610b39 R08: 0000000000000000 R09: 0000000000000000 [ 109.236079][ T5928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.236095][ T5928] R13: 0000000000000000 R14: 00007fd6de7b6080 R15: 00007ffc9962d6e8 [ 109.236120][ T5928] [ 109.597216][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.607424][ T5852] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 109.617624][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.764451][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.794007][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.524927][ T5845] Bluetooth: hci0: command tx timeout [ 110.605240][ T5845] Bluetooth: hci1: command tx timeout [ 110.684801][ T5845] Bluetooth: hci3: command tx timeout [ 110.684993][ T5849] Bluetooth: hci2: command tx timeout