last executing test programs: 0s ago: executing program 0 (id=1): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)={0x94, 0x0, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x2}, @HWSIM_ATTR_TX_INFO_FLAGS={0x39, 0x15, "890743a1d8a2063ecac22003b4bf6386d4b41b00cd5a1cd5a49ed0a66d17cc206d6636b9ddc8aa9c9dded9d3be32f51efe869a9328"}, @HWSIM_ATTR_ADDR_RECEIVER={0x3a, 0x1, "c0d006911cf619d430c6b42dc79ff6b7953087a9a52d4b8d4092092fc8930e78eb9df2ee8f26eb49e445aa5ac04c75ccd383abb225a5"}]}, 0x94}, 0x1, 0x0, 0x0, 0x40047}, 0x40001) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000001c0), 0x88e00, 0x0) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r0) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000840)={0x244, r1, 0x329, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_SERVICE={0x205, 0x1, 0x0, 0x1, [@typed={0x8, 0x6d, 0x0, 0x0, @u32}, @typed={0x8, 0x3, 0x0, 0x0, @uid}, @generic="da607bb295171b5b3b1692910f31c7b5127ce5f6801a846cfe097f1103d4820b2a39b2720f0a05d7fae94765aaa135735529d80dfe7df2a75ad87cb7d06e3808d74c98fe60a94f0b45dd96cc1b1c2fd286f91117b4703f2d80", @nested={0xcd, 0x73, 0x0, 0x1, [@generic="62aabf2871662e9d4c565ebce4218117b529989a7c66a2eaeb4c1c46792e63dc8163a39c6332c1eaed6986759ae0dc20df5b0144469a58a44b5ff9449bba541f23c4e1474b5547b6a4ea953cc747bb984320aa80b45f82b7ca05ec2e6cf40e309371ad297f9e0afa48bb0d19059cf02c094d4195a64046b1e349b184b1c2851a", @nested={0x4, 0x11c}, @typed={0x8, 0xb9, 0x0, 0x0, @pid}, @generic="9cb5bf6fd86a487cf82272a40a326ba371c1600e7446d5389cd25a3bed2c8b276fd3d31e57bbf537b621c9d21d", @typed={0xc, 0x3b, 0x0, 0x0, @u64=0x10}, @nested={0x4, 0xf}]}, @generic="5ab96fb2bc33a8479904c5933a65ae08aff96317b23b220f9b0897c432d9e5ab74421cae2bc1a44071b672207cbe18ca7d518141c76484d6acfc3da864a4a1eed7eca6e7e082da8cf6c0af8e303bea84872d102e8891293ebbd15ec74eb41f1917c8b0d2f20caade536d83fc53686158a9c906bc486f7135a5ac32222730d87d8ffa1938d892a84c1e134296fca187a97b70c72da7edd74c2fab2fb9248db49fcd1e203cb163cc6da44d04d300658d5148a1a0ff78803bc0f4709526f9800475596a9f922ff5f367"]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}]}, 0x244}, 0x1, 0x0, 0x0, 0x80}, 0x20008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r2, 0x400454ca, 0x38) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8001) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, 0xffffffffffffffff, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r5, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r6, 0x5609, 0xffffffffffffffff) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.33' (ED25519) to the list of known hosts. [ 98.976558][ T5822] cgroup: Unknown subsys name 'net' [ 99.131010][ T5822] cgroup: Unknown subsys name 'cpuset' [ 99.140574][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.993828][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.238044][ T1213] cfg80211: failed to load regulatory.db [ 103.386636][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.396075][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 103.403765][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.412499][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.421040][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.429093][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.470021][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 103.478134][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.493004][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.506615][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.517829][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.518259][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.529429][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.544112][ T5155] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.547153][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.558783][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.567469][ T5155] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.568889][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.582908][ T5155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 103.583520][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 104.040396][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 104.290650][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 104.342534][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.349957][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.358153][ T5838] bridge_slave_0: entered allmulticast mode [ 104.365614][ T5838] bridge_slave_0: entered promiscuous mode [ 104.381566][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.388799][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.396132][ T5838] bridge_slave_1: entered allmulticast mode [ 104.404074][ T5838] bridge_slave_1: entered promiscuous mode [ 104.416924][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 104.551159][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.561349][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 104.594886][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.705006][ T5838] team0: Port device team_slave_0 added [ 104.740863][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.748368][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.755557][ T5846] bridge_slave_0: entered allmulticast mode [ 104.763853][ T5846] bridge_slave_0: entered promiscuous mode [ 104.773432][ T5838] team0: Port device team_slave_1 added [ 104.822526][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.829905][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.837782][ T5846] bridge_slave_1: entered allmulticast mode [ 104.845184][ T5846] bridge_slave_1: entered promiscuous mode [ 104.872571][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.879881][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.887154][ T5841] bridge_slave_0: entered allmulticast mode [ 104.894536][ T5841] bridge_slave_0: entered promiscuous mode [ 104.917005][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.924018][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.950109][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.976334][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.983598][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.991202][ T5841] bridge_slave_1: entered allmulticast mode [ 104.998719][ T5841] bridge_slave_1: entered promiscuous mode [ 105.034809][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.041990][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.068524][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.098768][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.106032][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.113195][ T5845] bridge_slave_0: entered allmulticast mode [ 105.121023][ T5845] bridge_slave_0: entered promiscuous mode [ 105.148558][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.168492][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.175953][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.183160][ T5845] bridge_slave_1: entered allmulticast mode [ 105.191019][ T5845] bridge_slave_1: entered promiscuous mode [ 105.216930][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.229187][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.272472][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.284487][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.340069][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.394803][ T5841] team0: Port device team_slave_0 added [ 105.405007][ T5841] team0: Port device team_slave_1 added [ 105.414290][ T5846] team0: Port device team_slave_0 added [ 105.442016][ T5838] hsr_slave_0: entered promiscuous mode [ 105.451254][ T5838] hsr_slave_1: entered promiscuous mode [ 105.474076][ T5846] team0: Port device team_slave_1 added [ 105.485466][ T5845] team0: Port device team_slave_0 added [ 105.496422][ T5845] team0: Port device team_slave_1 added [ 105.517306][ T5843] Bluetooth: hci0: command tx timeout [ 105.582109][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.590033][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.596174][ T5843] Bluetooth: hci1: command tx timeout [ 105.617277][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.634767][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.641835][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.667973][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.681606][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.688783][ T5843] Bluetooth: hci2: command tx timeout [ 105.688792][ T5844] Bluetooth: hci3: command tx timeout [ 105.690660][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.726121][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.752844][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.760066][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.786102][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.798067][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.805066][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.831134][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.872579][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.880118][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.906494][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.979144][ T5846] hsr_slave_0: entered promiscuous mode [ 105.985612][ T5846] hsr_slave_1: entered promiscuous mode [ 105.992267][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.001265][ T5846] Cannot create hsr debugfs directory [ 106.103970][ T5845] hsr_slave_0: entered promiscuous mode [ 106.111000][ T5845] hsr_slave_1: entered promiscuous mode [ 106.117438][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.125025][ T5845] Cannot create hsr debugfs directory [ 106.136712][ T5841] hsr_slave_0: entered promiscuous mode [ 106.143206][ T5841] hsr_slave_1: entered promiscuous mode [ 106.149566][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.157275][ T5841] Cannot create hsr debugfs directory [ 106.630953][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.644960][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.658342][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.680198][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.753791][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 106.770686][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 106.783234][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 106.812135][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.889823][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 106.921523][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 106.934227][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 106.947869][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 107.069833][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.080927][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.111798][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.131495][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.196728][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.285922][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.301899][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.327626][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.342786][ T1092] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.350146][ T1092] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.380865][ T1092] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.388101][ T1092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.420227][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.463187][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.481963][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.494776][ T4907] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.502025][ T4907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.526871][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.534049][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.564288][ T4907] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.571754][ T4907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.596455][ T5843] Bluetooth: hci0: command tx timeout [ 107.610694][ T1092] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.618025][ T1092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.675928][ T5843] Bluetooth: hci1: command tx timeout [ 107.679201][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.758680][ T5843] Bluetooth: hci3: command tx timeout [ 107.758737][ T5844] Bluetooth: hci2: command tx timeout [ 107.778181][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.785408][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.801965][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.809197][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.104782][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.261073][ T5838] veth0_vlan: entered promiscuous mode [ 108.295462][ T5838] veth1_vlan: entered promiscuous mode [ 108.398874][ T5838] veth0_macvtap: entered promiscuous mode [ 108.435510][ T5838] veth1_macvtap: entered promiscuous mode [ 108.522825][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.544250][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.560385][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.592036][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.601660][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.610910][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.620439][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.672266][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.712559][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.837404][ T4907] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.845440][ T4907] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.899568][ T5846] veth0_vlan: entered promiscuous mode [ 108.931086][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.931170][ T5846] veth1_vlan: entered promiscuous mode [ 108.950544][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.969906][ T5841] veth0_vlan: entered promiscuous mode [ 108.989173][ T5845] veth0_vlan: entered promiscuous mode [ 109.002915][ T5841] veth1_vlan: entered promiscuous mode [ 109.056598][ T5846] veth0_macvtap: entered promiscuous mode [ 109.084506][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 109.103918][ T5845] veth1_vlan: entered promiscuous mode [ 109.131619][ T5841] veth0_macvtap: entered promiscuous mode [ 109.145069][ T5846] veth1_macvtap: entered promiscuous mode [ 109.175135][ T5841] veth1_macvtap: entered promiscuous mode [ 109.233974][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.283947][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.302480][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.318417][ T5845] veth0_macvtap: entered promiscuous mode [ 109.335238][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.362646][ T5841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.372677][ T5841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.382160][ T5841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.391658][ T5841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.419285][ T5845] veth1_macvtap: entered promiscuous mode [ 109.431901][ T5846] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.446955][ T5846] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.456221][ T5846] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.464996][ T5846] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.544588][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.559998][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.572127][ T5845] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.581797][ T5845] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.583222][ T5921] [ 109.590986][ T5845] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.592870][ T5921] ====================================================== [ 109.601988][ T5845] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.608582][ T5921] WARNING: possible circular locking dependency detected [ 109.608610][ T5921] 6.16.0-rc1-syzkaller #0 Not tainted [ 109.608629][ T5921] ------------------------------------------------------ [ 109.636956][ T5921] syz.0.1/5921 is trying to acquire lock: [ 109.642705][ T5921] ffffffff8e2666d0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 109.652228][ T5921] [ 109.652228][ T5921] but task is already holding lock: [ 109.659607][ T5921] ffff888025ce29c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 109.668348][ T5921] [ 109.668348][ T5921] which lock already depends on the new lock. [ 109.668348][ T5921] [ 109.678778][ T5921] [ 109.678778][ T5921] the existing dependency chain (in reverse order) is: [ 109.687836][ T5921] [ 109.687836][ T5921] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 109.695657][ T5921] __mutex_lock+0x199/0xb90 [ 109.700764][ T5921] wbt_init+0x393/0x540 [ 109.705588][ T5921] queue_wb_lat_store+0x354/0x3d0 [ 109.711213][ T5921] queue_attr_store+0x279/0x320 [ 109.716635][ T5921] sysfs_kf_write+0xf2/0x150 [ 109.721778][ T5921] kernfs_fop_write_iter+0x351/0x510 [ 109.727610][ T5921] vfs_write+0x6c4/0x1150 [ 109.732497][ T5921] ksys_write+0x12a/0x250 [ 109.737389][ T5921] do_syscall_64+0xcd/0x490 [ 109.742444][ T5921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.748899][ T5921] [ 109.748899][ T5921] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 109.757549][ T5921] blk_alloc_queue+0x619/0x760 [ 109.762868][ T5921] blk_mq_alloc_queue+0x175/0x290 [ 109.768447][ T5921] __blk_mq_alloc_disk+0x29/0x120 [ 109.774043][ T5921] loop_add+0x49e/0xb70 [ 109.778757][ T5921] loop_init+0x164/0x270 [ 109.783553][ T5921] do_one_initcall+0x120/0x6e0 [ 109.788861][ T5921] kernel_init_freeable+0x5c2/0x900 [ 109.794623][ T5921] kernel_init+0x1c/0x2b0 [ 109.799502][ T5921] ret_from_fork+0x5d4/0x6f0 [ 109.804648][ T5921] ret_from_fork_asm+0x1a/0x30 [ 109.809962][ T5921] [ 109.809962][ T5921] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 109.817213][ T5921] fs_reclaim_acquire+0x102/0x150 [ 109.822788][ T5921] __kmalloc_cache_node_noprof+0x53/0x420 [ 109.829076][ T5921] create_worker+0x10f/0x7e0 [ 109.834225][ T5921] workqueue_prepare_cpu+0xb5/0x160 [ 109.839975][ T5921] cpuhp_invoke_callback+0x3d5/0xa10 [ 109.845812][ T5921] __cpuhp_invoke_callback_range+0x101/0x210 [ 109.852344][ T5921] _cpu_up+0x3f5/0x930 [ 109.856958][ T5921] cpu_up+0x1dc/0x240 [ 109.861487][ T5921] cpuhp_bringup_mask+0xd8/0x210 [ 109.866979][ T5921] bringup_nonboot_cpus+0x176/0x1c0 [ 109.872731][ T5921] smp_init+0x34/0x160 [ 109.877342][ T5921] kernel_init_freeable+0x3a8/0x900 [ 109.883094][ T5921] kernel_init+0x1c/0x2b0 [ 109.887976][ T5921] ret_from_fork+0x5d4/0x6f0 [ 109.893141][ T5921] ret_from_fork_asm+0x1a/0x30 [ 109.898466][ T5921] [ 109.898466][ T5921] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 109.906255][ T5921] __lock_acquire+0x126f/0x1c90 [ 109.911668][ T5921] lock_acquire+0x179/0x350 [ 109.916727][ T5921] cpus_read_lock+0x42/0x160 [ 109.921872][ T5921] static_key_slow_inc+0x12/0x30 [ 109.927367][ T5921] rq_qos_add+0x2f8/0x4b0 [ 109.932253][ T5921] wbt_init+0x3a9/0x540 [ 109.936953][ T5921] queue_wb_lat_store+0x354/0x3d0 [ 109.942539][ T5921] queue_attr_store+0x279/0x320 [ 109.947951][ T5921] sysfs_kf_write+0xf2/0x150 [ 109.953091][ T5921] kernfs_fop_write_iter+0x351/0x510 [ 109.958926][ T5921] vfs_write+0x6c4/0x1150 [ 109.963814][ T5921] ksys_write+0x12a/0x250 [ 109.968709][ T5921] do_syscall_64+0xcd/0x490 [ 109.973767][ T5921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.980226][ T5921] [ 109.980226][ T5921] other info that might help us debug this: [ 109.980226][ T5921] [ 109.990467][ T5921] Chain exists of: [ 109.990467][ T5921] cpu_hotplug_lock --> &q->q_usage_counter(io)#18 --> &q->rq_qos_mutex [ 109.990467][ T5921] [ 110.004684][ T5921] Possible unsafe locking scenario: [ 110.004684][ T5921] [ 110.012168][ T5921] CPU0 CPU1 [ 110.017545][ T5921] ---- ---- [ 110.022924][ T5921] lock(&q->rq_qos_mutex); [ 110.027453][ T5921] lock(&q->q_usage_counter(io)#18); [ 110.035391][ T5921] lock(&q->rq_qos_mutex); [ 110.042442][ T5921] rlock(cpu_hotplug_lock); [ 110.047061][ T5921] [ 110.047061][ T5921] *** DEADLOCK *** [ 110.047061][ T5921] [ 110.055226][ T5921] 7 locks held by syz.0.1/5921: [ 110.060114][ T5921] #0: ffff8880768415f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 110.069232][ T5921] #1: ffff888036554428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 110.078270][ T5921] #2: ffff8880330a6c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 110.088071][ T5921] #3: ffff888025b4e008 (kn->active#59){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 110.098144][ T5921] #4: ffff888025ce27c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 110.109981][ T5921] #5: ffff888025ce2800 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 110.121980][ T5921] #6: ffff888025ce29c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 110.131174][ T5921] [ 110.131174][ T5921] stack backtrace: [ 110.137103][ T5921] CPU: 1 UID: 0 PID: 5921 Comm: syz.0.1 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 110.137135][ T5921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.137154][ T5921] Call Trace: [ 110.137167][ T5921] [ 110.137181][ T5921] dump_stack_lvl+0x116/0x1f0 [ 110.137230][ T5921] print_circular_bug+0x275/0x350 [ 110.137265][ T5921] check_noncircular+0x14c/0x170 [ 110.137302][ T5921] __lock_acquire+0x126f/0x1c90 [ 110.137343][ T5921] lock_acquire+0x179/0x350 [ 110.137376][ T5921] ? static_key_slow_inc+0x12/0x30 [ 110.137414][ T5921] ? __pfx___might_resched+0x10/0x10 [ 110.137444][ T5921] cpus_read_lock+0x42/0x160 [ 110.137469][ T5921] ? static_key_slow_inc+0x12/0x30 [ 110.137504][ T5921] static_key_slow_inc+0x12/0x30 [ 110.137539][ T5921] rq_qos_add+0x2f8/0x4b0 [ 110.137577][ T5921] wbt_init+0x3a9/0x540 [ 110.137606][ T5921] queue_wb_lat_store+0x354/0x3d0 [ 110.137650][ T5921] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 110.137693][ T5921] ? __mutex_trylock_common+0xe9/0x250 [ 110.137730][ T5921] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 110.137771][ T5921] queue_attr_store+0x279/0x320 [ 110.137814][ T5921] ? __pfx_queue_attr_store+0x10/0x10 [ 110.137855][ T5921] ? __lock_acquire+0x622/0x1c90 [ 110.137889][ T5921] ? udc_pollstall_timer_function+0x17e/0x4e0 [ 110.137938][ T5921] ? find_held_lock+0x2b/0x80 [ 110.137962][ T5921] ? sysfs_file_kobj+0xe4/0x290 [ 110.137995][ T5921] ? __pfx_queue_attr_store+0x10/0x10 [ 110.138037][ T5921] sysfs_kf_write+0xf2/0x150 [ 110.138068][ T5921] kernfs_fop_write_iter+0x351/0x510 [ 110.138104][ T5921] ? __pfx_sysfs_kf_write+0x10/0x10 [ 110.138136][ T5921] vfs_write+0x6c4/0x1150 [ 110.138175][ T5921] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 110.138203][ T5921] ? __pfx___mutex_lock+0x10/0x10 [ 110.138227][ T5921] ? __pfx_vfs_write+0x10/0x10 [ 110.138274][ T5921] ksys_write+0x12a/0x250 [ 110.138310][ T5921] ? __pfx_ksys_write+0x10/0x10 [ 110.138353][ T5921] do_syscall_64+0xcd/0x490 [ 110.138378][ T5921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.138405][ T5921] RIP: 0033:0x7fed1fd8e929 [ 110.138430][ T5921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.138456][ T5921] RSP: 002b:00007fed1dbd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.138479][ T5921] RAX: ffffffffffffffda RBX: 00007fed1ffb6080 RCX: 00007fed1fd8e929 [ 110.138497][ T5921] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000006 [ 110.138513][ T5921] RBP: 00007fed1fe10b39 R08: 0000000000000000 R09: 0000000000000000 [ 110.138529][ T5921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.138545][ T5921] R13: 0000000000000000 R14: 00007fed1ffb6080 R15: 00007fff12228708 [ 110.138569][ T5921] [ 110.152867][ T5844] Bluetooth: hci2: command tx timeout [ 110.197533][ T5843] Bluetooth: hci0: command tx timeout [ 110.202276][ T5847] Bluetooth: hci1: command tx timeout [ 110.205377][ T5155] Bluetooth: hci3: command tx timeout [ 110.505546][ T5841] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht' [ 110.589848][ T5846] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' [ 110.612935][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.629586][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.665456][ T5841] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' [ 110.692997][ T1115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.713093][ T1115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.733832][ T5845] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' [ 110.747610][ T1115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.759412][ T1115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.797857][ T5846] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' [ 110.879530][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.888899][ T5845] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 110.904041][ T1115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.907841][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.923307][ T1115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.959175][ T1115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.970807][ T1115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.236066][ T5155] Bluetooth: hci0: command tx timeout [ 112.236779][ T5843] Bluetooth: hci2: command tx timeout [ 112.241547][ T5155] Bluetooth: hci1: command tx timeout [ 112.475904][ T5155] Bluetooth: hci3: command tx timeout