last executing test programs: 1.165229519s ago: executing program 0 (id=1): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto(0x3, 0xc0104d03, r0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) move_pages$auto(0x0, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00", @ANYRES64], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x53, 0x9) 1.063420712s ago: executing program 3 (id=4): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001f80), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000ffd5df93ef0a03", @ANYRES16=r1, @ANYBLOB="7d3f2dbd7000fddbdf250b000000"], 0x14}, 0x1, 0x0, 0x0, 0x48018}, 0x400c880) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0x1000, 0xfffffffffffffffd, 0x7ffffffb, 0x9, 0xffffffff7ffffffc, 0x9, 0x7, 0x200000100103}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r2 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r2, 0x0, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 595.834935ms ago: executing program 2 (id=3): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) keyctl$auto(0x5, 0xffffffffffffffff, 0x0, 0x5, 0x6) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x24}, 0x0, 0x0, 0x0, 0x0}, 0x58) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x169000, 0x0) ioctl$auto(r1, 0x40085618, r1) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0xa17, 0xfffffffffffffff9, 0x9f, 0x12, r0, 0x8006) r2 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x6e) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) r3 = io_uring_setup$auto(0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) openat$dir(0xffffffffffffff9c, 0x0, 0x381000, 0x100) mmap$auto(0x0, 0x402000a, 0xdf, 0x10000000000eb1, 0xffffffffffffffff, 0x8000) capset$auto(0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r4, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) ioctl$auto_RNDADDENTROPY2(r3, 0x40085203, &(0x7f0000000080)=[0x3, 0x4010]) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x169000, 0x0) 482.31717ms ago: executing program 3 (id=5): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000000)='\'\x00', 0x4) mmap$auto(0x2138, 0x2, 0x3, 0xeb4, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) sendto$auto(0x3, 0x0, 0x13, 0xfffffff8, &(0x7f0000000440)=@tipc=@name={0x1e, 0x2, 0x3, {{0x1, 0x1}}}, 0x20) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) preadv2$auto(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x80000080000000}, 0x2, 0xffffffffffffffff, 0x2, 0x1) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) fsopen$auto(0x0, 0x1) preadv2$auto(r0, &(0x7f0000000480)={&(0x7f0000000040)="f46995bba11ff0cc2ffc7fbd9371faa63585449a108fd55891434d115a58d47acea0d0b0d9012d8ccf2a2de2bab35a1f5475039fc4f16819bd0bf9c567c619a76a66063eb95236680e3e1542776bf4d820e13c82c4ffa1b137873ff64c14692f9f281b53806cfae5c3320a00"/123, 0x2766}, 0xfffffffffffffff7, 0x6, 0x8, 0x3ff) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001500), 0xffffffffffffffff) statmount$auto(0x0, &(0x7f00000004c0)={0x8, 0x1, 0x0, 0x8, 0x9, 0x3, 0x81, 0xffffffff, 0x2000000040000002, 0x0, 0xffff, 0x1, 0x2, 0x80000001, 0xffffffffffffff49, 0x9, 0x20000900001, 0xffffffff, 0x5, 0x7, 0x6, 0x7, 0x0, 0xffffffee, 0x2a17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000009, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1800000000, 0x7fffffffffffffff]}, 0x9, 0xfffff001) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2b, 0x1, 0x1) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000200)='5', 0x1) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xfffffffffffffffd, 0x40000008000) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0xf0) socket(0xa, 0x801, 0x84) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x3) 167.11936ms ago: executing program 1 (id=2): semctl$auto_SEM_STAT(0x0, 0x8000, 0x12, 0x18000000) mmap$auto(0x0, 0x400008, 0xb, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0x200007, 0x8) 0s ago: executing program 1 (id=6): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop13/queue/wbt_lat_usec\x00', 0x206a1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)='-', 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xc2481, 0x0) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x40081, 0x0) r1 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci4\x00', 0x20001, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.4/usb5/5-0:1.0/usb5-port1/power/pm_qos_no_power_off\x00', 0x20a42, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r3, 0x0, 0x1ff) write$auto(0x3, 0x0, 0xfdef) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB], 0x14}}, 0x10040) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) semctl$auto(0x211, 0xfffffffffffffffa, 0x80000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r4, 0x8955, 0x0) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000000), r2) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r4) shmctl$auto_IPC_INFO(0x6, 0x3, &(0x7f0000000440)={{0x0, 0xffffffffffffffff, 0xee00, 0x9, 0xc1e, 0x0, 0x7}, 0x7fff, 0xe9, 0x5, 0x100, @inferred=0xffffffffffffffff, @inferred, 0xfffc, 0x0, &(0x7f0000000240)="140ecc14221384adf3da1575e6f23f863c15d5b50c853fb945618b52aa938224086741359696e56e3d333a58808b2669e210d0b030a1f266e6be5685cf52e8b6997c35fc51d11183abdb3d74e4d3c0c70c780399eb6588d3356a69d7cfffe6bac6927ce0ea22f0ec0b5cb18de50e6518ae20afd6765fea1b41e9b286bc", &(0x7f0000000340)="f4a331fad52ae43ebc3440ce9d2d9e058714df2d86e3b81944195601692f2018cea2253265e4d1923f472041e568861fffbb64e4b58b875ae19017b6acbd5ad5a3210f2d2590b4c79f7aad6a382c5860e2c744cc1ee46cd16cb3e8870659f609b781e74ee1fac93bfdfec606bfcca6bc84d80f6641970b78ed344ed1233c6e84cd36b1e6efae9259a0b86029ad77d4f0d4074003e26a7bcc1a01faefeb56c74da48891cfb4b46750b2e1f8b279ebd27131ff9c7c7d1f835f2dd82c5cc202fff358a3529010619a53f732922ab38e59920f646e2fcd723fbec7e2d96e56ac4cd4ffb2b482394aa1c8"}) ioctl$auto_XFS_IOC_FREE_EOFBLOCKS(r1, 0x8080583a, &(0x7f00000004c0)={0x205, 0x1b59, 0x0, r5, 0x9, 0x0, 0x4}) r6 = socket(0x2, 0x5, 0x0) mmap$auto(0xfffffffffffffffd, 0x20009, 0xe2, 0xeb1, 0x405, 0x7) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x3, 0x0, 0x4) io_uring_register$auto_IORING_REGISTER_ZCRX_IFQ(r6, 0x20, &(0x7f0000000180)="0c8702781fde14ff273ef7b57147584ef09e97942ac9657e4c22d669a638acce7bfcd9af843661e2af2215ebed431e5ae9eb9b5db04aaf72d7278110eed8dcab67c2a3dfd975b3cad762498dcb4901341e5ea30dca44db96440ed10c198be3455a4b1884d54d4572a498dca27b09e480b9614d5344738b2bd7b29e2b56b7d9520804b6a15d20988cabb4f8c32c8ecca892758c486265ef04444d3619a757fa6d49add83ed8406dfe65d19ca01567", 0xd) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f00000002c0)="4f1be9d411b1a47c3207e121dd49cc897ebca3ca93ffd37fe8cbbf71b6564641b3d08eec248c7d300f4bbe487b2ae56aebe99b1162fc206138afdf72de5abbf5d8628839b5c65e7b36", 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0x8000b}, 0xfff}, 0x1, 0x311) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8001, 0x0) ioctl$auto(r7, 0x4, r7) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.155' (ED25519) to the list of known hosts. [ 92.597800][ T5820] cgroup: Unknown subsys name 'net' [ 92.735920][ T5820] cgroup: Unknown subsys name 'cpuset' [ 92.745193][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 94.565173][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.910326][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.918703][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.927327][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.935539][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 96.944012][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 96.952519][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.964790][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.972398][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.972773][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.988651][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.988953][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.998032][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.004308][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.021327][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.028895][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.037686][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.046920][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.057759][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.076443][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.084593][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.094627][ T1225] cfg80211: failed to load regulatory.db [ 97.652512][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 97.737553][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 97.856193][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 97.954361][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 97.984561][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.992603][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.999968][ T5831] bridge_slave_0: entered allmulticast mode [ 98.009248][ T5831] bridge_slave_0: entered promiscuous mode [ 98.018812][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.026143][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.033528][ T5831] bridge_slave_1: entered allmulticast mode [ 98.041084][ T5831] bridge_slave_1: entered promiscuous mode [ 98.105556][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.113581][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.121322][ T5832] bridge_slave_0: entered allmulticast mode [ 98.128658][ T5832] bridge_slave_0: entered promiscuous mode [ 98.136762][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.144842][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.152158][ T5832] bridge_slave_1: entered allmulticast mode [ 98.159502][ T5832] bridge_slave_1: entered promiscuous mode [ 98.185631][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.198248][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.331351][ T5831] team0: Port device team_slave_0 added [ 98.341078][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.353877][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.369954][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.377439][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.384837][ T5829] bridge_slave_0: entered allmulticast mode [ 98.393175][ T5829] bridge_slave_0: entered promiscuous mode [ 98.403065][ T5831] team0: Port device team_slave_1 added [ 98.430184][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.437822][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.445807][ T5829] bridge_slave_1: entered allmulticast mode [ 98.454251][ T5829] bridge_slave_1: entered promiscuous mode [ 98.549548][ T5832] team0: Port device team_slave_0 added [ 98.579573][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.591547][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.598530][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.624569][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.638407][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.645460][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.671533][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.685078][ T5832] team0: Port device team_slave_1 added [ 98.691449][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.698636][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.706365][ T5830] bridge_slave_0: entered allmulticast mode [ 98.713870][ T5830] bridge_slave_0: entered promiscuous mode [ 98.722712][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.729866][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.737181][ T5830] bridge_slave_1: entered allmulticast mode [ 98.744825][ T5830] bridge_slave_1: entered promiscuous mode [ 98.755542][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.864029][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.873860][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.901454][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.915659][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.928587][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.941478][ T5829] team0: Port device team_slave_0 added [ 98.948249][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.955311][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.981408][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.025250][ T5829] team0: Port device team_slave_1 added [ 99.080922][ T5836] Bluetooth: hci0: command tx timeout [ 99.080959][ T5843] Bluetooth: hci1: command tx timeout [ 99.093163][ T55] Bluetooth: hci2: command tx timeout [ 99.101249][ T5831] hsr_slave_0: entered promiscuous mode [ 99.107855][ T5831] hsr_slave_1: entered promiscuous mode [ 99.118847][ T5830] team0: Port device team_slave_0 added [ 99.161077][ T55] Bluetooth: hci3: command tx timeout [ 99.174840][ T5830] team0: Port device team_slave_1 added [ 99.196218][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.203428][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.229885][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.243002][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.249994][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.276047][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.293605][ T5832] hsr_slave_0: entered promiscuous mode [ 99.300171][ T5832] hsr_slave_1: entered promiscuous mode [ 99.306765][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.314722][ T5832] Cannot create hsr debugfs directory [ 99.358552][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.365784][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.392265][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.434675][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.442148][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.468376][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.566071][ T5829] hsr_slave_0: entered promiscuous mode [ 99.572845][ T5829] hsr_slave_1: entered promiscuous mode [ 99.579105][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.586846][ T5829] Cannot create hsr debugfs directory [ 99.696290][ T5830] hsr_slave_0: entered promiscuous mode [ 99.703794][ T5830] hsr_slave_1: entered promiscuous mode [ 99.710110][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.718475][ T5830] Cannot create hsr debugfs directory [ 100.121996][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 100.137892][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.157942][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.180997][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 100.222388][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.243441][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.273022][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.302319][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.381620][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.419002][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.435984][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.447565][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.565473][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 100.588383][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 100.611453][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 100.622976][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 100.665758][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.688314][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.743889][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.794119][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.822132][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.829461][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.848473][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.855689][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.881668][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.888831][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.904815][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.912091][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.062999][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.118035][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.138717][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.160739][ T55] Bluetooth: hci0: command tx timeout [ 101.166217][ T55] Bluetooth: hci2: command tx timeout [ 101.171953][ T5843] Bluetooth: hci1: command tx timeout [ 101.208041][ T1095] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.215305][ T1095] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.242900][ T55] Bluetooth: hci3: command tx timeout [ 101.262549][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.318579][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.325844][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.374194][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.381393][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.428253][ T1095] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.435525][ T1095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.745981][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.818724][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.927589][ T5829] veth0_vlan: entered promiscuous mode [ 102.017747][ T5832] veth0_vlan: entered promiscuous mode [ 102.028296][ T5829] veth1_vlan: entered promiscuous mode [ 102.072078][ T5832] veth1_vlan: entered promiscuous mode [ 102.124155][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.167490][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.179658][ T5832] veth0_macvtap: entered promiscuous mode [ 102.207153][ T5829] veth0_macvtap: entered promiscuous mode [ 102.222505][ T5832] veth1_macvtap: entered promiscuous mode [ 102.236447][ T5829] veth1_macvtap: entered promiscuous mode [ 102.286944][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.318560][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.355573][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.367637][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.379327][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.387673][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.399929][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.408855][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.418690][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.429744][ T5830] veth0_vlan: entered promiscuous mode [ 102.449774][ T5831] veth0_vlan: entered promiscuous mode [ 102.470962][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.483023][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.495206][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.509413][ T5830] veth1_vlan: entered promiscuous mode [ 102.527766][ T5831] veth1_vlan: entered promiscuous mode [ 102.537885][ T5832] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.546871][ T5832] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.556122][ T5832] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.568624][ T5832] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.690172][ T5830] veth0_macvtap: entered promiscuous mode [ 102.713488][ T5831] veth0_macvtap: entered promiscuous mode [ 102.738686][ T5830] veth1_macvtap: entered promiscuous mode [ 102.765573][ T5831] veth1_macvtap: entered promiscuous mode [ 102.821391][ T2962] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.829399][ T2962] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.839096][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.857721][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.868184][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.878739][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.889860][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.899371][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.913152][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.924836][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.935722][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.948053][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.958860][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.971933][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.997315][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.008071][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.018296][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.029219][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.041437][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.053472][ T5830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.062722][ T5830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.063387][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.071888][ T5830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.088650][ T5830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.097771][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.119915][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.136966][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.150755][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.161760][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.172902][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 103.183486][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 103.195650][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.214681][ T5831] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.224234][ T5831] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.233866][ T5831] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.241158][ T55] Bluetooth: hci2: command tx timeout [ 103.243983][ T5831] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.247994][ T55] Bluetooth: hci1: command tx timeout [ 103.263950][ T5843] Bluetooth: hci0: command tx timeout [ 103.286774][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.300528][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.322445][ T55] Bluetooth: hci3: command tx timeout [ 103.347930][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.356361][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.399171][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 103.653846][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.672599][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.698822][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.708028][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.792723][ T3025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.825876][ T3025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.855382][ T3025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.870028][ T3025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.879765][ T5899] Zero length message leads to an empty skb [ 103.903132][ T5903] bridge0: port 3(team0) entered blocking state [ 103.910044][ T5903] bridge0: port 3(team0) entered disabled state [ 103.920156][ T5903] team0: entered allmulticast mode [ 103.927500][ T5903] team_slave_0: entered allmulticast mode [ 103.935257][ T5903] team_slave_1: entered allmulticast mode [ 103.945688][ T5903] team0: entered promiscuous mode [ 103.950962][ T5903] team_slave_0: entered promiscuous mode [ 103.958120][ T5903] team_slave_1: entered promiscuous mode [ 103.966501][ T5903] bridge0: port 3(team0) entered blocking state [ 103.973074][ T5903] bridge0: port 3(team0) entered forwarding state [ 104.811287][ T5914] [ 104.813687][ T5914] ====================================================== [ 104.820739][ T5914] WARNING: possible circular locking dependency detected [ 104.827813][ T5914] 6.15.0-rc5-syzkaller-00207-g1a33418a69cc #0 Not tainted [ 104.834964][ T5914] ------------------------------------------------------ [ 104.842018][ T5914] syz.1.6/5914 is trying to acquire lock: [ 104.847870][ T5914] ffff88814379a318 (&q->elevator_lock){+.+.}-{4:4}, at: queue_wb_lat_store+0x187/0x3d0 [ 104.857631][ T5914] [ 104.857631][ T5914] but task is already holding lock: [ 104.865031][ T5914] ffff888143799de8 (&q->q_usage_counter(io)#30){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 104.876353][ T5914] [ 104.876353][ T5914] which lock already depends on the new lock. [ 104.876353][ T5914] [ 104.886796][ T5914] [ 104.886796][ T5914] the existing dependency chain (in reverse order) is: [ 104.895852][ T5914] [ 104.895852][ T5914] -> #2 (&q->q_usage_counter(io)#30){++++}-{0:0}: [ 104.904619][ T5914] blk_alloc_queue+0x619/0x760 [ 104.909969][ T5914] blk_mq_alloc_queue+0x179/0x290 [ 104.915596][ T5914] __blk_mq_alloc_disk+0x29/0x120 [ 104.921214][ T5914] loop_add+0x496/0xb70 [ 104.925946][ T5914] loop_init+0x164/0x270 [ 104.930740][ T5914] do_one_initcall+0x120/0x6e0 [ 104.936057][ T5914] kernel_init_freeable+0x5c2/0x900 [ 104.941814][ T5914] kernel_init+0x1c/0x2b0 [ 104.946683][ T5914] ret_from_fork+0x45/0x80 [ 104.951657][ T5914] ret_from_fork_asm+0x1a/0x30 [ 104.957015][ T5914] [ 104.957015][ T5914] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 104.964270][ T5914] fs_reclaim_acquire+0x102/0x150 [ 104.969936][ T5914] kmem_cache_alloc_noprof+0x53/0x3b0 [ 104.975852][ T5914] __kernfs_new_node+0xd2/0x8a0 [ 104.981264][ T5914] kernfs_new_node+0x13c/0x1e0 [ 104.986570][ T5914] kernfs_create_dir_ns+0x4c/0x1a0 [ 104.992230][ T5914] sysfs_create_dir_ns+0x13a/0x2b0 [ 104.997898][ T5914] kobject_add_internal+0x2c4/0x9b0 [ 105.003654][ T5914] kobject_add+0x16e/0x240 [ 105.008623][ T5914] elv_register_queue+0xd3/0x2a0 [ 105.014112][ T5914] blk_register_queue+0x3c4/0x560 [ 105.019691][ T5914] add_disk_fwnode+0x911/0x13a0 [ 105.025114][ T5914] nbd_dev_add+0x78e/0xbb0 [ 105.030085][ T5914] nbd_init+0x181/0x320 [ 105.034797][ T5914] do_one_initcall+0x120/0x6e0 [ 105.040124][ T5914] kernel_init_freeable+0x5c2/0x900 [ 105.045876][ T5914] kernel_init+0x1c/0x2b0 [ 105.050748][ T5914] ret_from_fork+0x45/0x80 [ 105.055725][ T5914] ret_from_fork_asm+0x1a/0x30 [ 105.061044][ T5914] [ 105.061044][ T5914] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 105.068897][ T5914] __lock_acquire+0x1173/0x1ba0 [ 105.074303][ T5914] lock_acquire+0x179/0x350 [ 105.079355][ T5914] __mutex_lock+0x199/0xb90 [ 105.084413][ T5914] queue_wb_lat_store+0x187/0x3d0 [ 105.089994][ T5914] queue_attr_store+0x270/0x310 [ 105.095399][ T5914] sysfs_kf_write+0xef/0x150 [ 105.100540][ T5914] kernfs_fop_write_iter+0x351/0x510 [ 105.106372][ T5914] vfs_write+0x5ba/0x1180 [ 105.111237][ T5914] ksys_write+0x12a/0x240 [ 105.116105][ T5914] do_syscall_64+0xcd/0x230 [ 105.121162][ T5914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.127598][ T5914] [ 105.127598][ T5914] other info that might help us debug this: [ 105.127598][ T5914] [ 105.137830][ T5914] Chain exists of: [ 105.137830][ T5914] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#30 [ 105.137830][ T5914] [ 105.151624][ T5914] Possible unsafe locking scenario: [ 105.151624][ T5914] [ 105.159091][ T5914] CPU0 CPU1 [ 105.164477][ T5914] ---- ---- [ 105.169844][ T5914] lock(&q->q_usage_counter(io)#30); [ 105.175243][ T5914] lock(fs_reclaim); [ 105.181764][ T5914] lock(&q->q_usage_counter(io)#30); [ 105.189683][ T5914] lock(&q->elevator_lock); [ 105.194292][ T5914] [ 105.194292][ T5914] *** DEADLOCK *** [ 105.194292][ T5914] [ 105.202439][ T5914] 6 locks held by syz.1.6/5914: [ 105.207297][ T5914] #0: ffff888034637978 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 105.216408][ T5914] #1: ffff888036386420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 105.225437][ T5914] #2: ffff888029b34088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 105.235259][ T5914] #3: ffff888025537698 (kn->active#59){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 105.245342][ T5914] #4: ffff888143799de8 (&q->q_usage_counter(io)#30){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 105.257064][ T5914] #5: ffff888143799e20 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 105.269055][ T5914] [ 105.269055][ T5914] stack backtrace: [ 105.275003][ T5914] CPU: 1 UID: 0 PID: 5914 Comm: syz.1.6 Not tainted 6.15.0-rc5-syzkaller-00207-g1a33418a69cc #0 PREEMPT(full) [ 105.275038][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.275058][ T5914] Call Trace: [ 105.275068][ T5914] [ 105.275081][ T5914] dump_stack_lvl+0x116/0x1f0 [ 105.275124][ T5914] print_circular_bug+0x275/0x350 [ 105.275159][ T5914] check_noncircular+0x14c/0x170 [ 105.275200][ T5914] __lock_acquire+0x1173/0x1ba0 [ 105.275239][ T5914] lock_acquire+0x179/0x350 [ 105.275271][ T5914] ? queue_wb_lat_store+0x187/0x3d0 [ 105.275317][ T5914] ? __pfx___might_resched+0x10/0x10 [ 105.275346][ T5914] ? do_raw_spin_lock+0x12c/0x2b0 [ 105.275386][ T5914] __mutex_lock+0x199/0xb90 [ 105.275421][ T5914] ? queue_wb_lat_store+0x187/0x3d0 [ 105.275462][ T5914] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 105.275495][ T5914] ? queue_wb_lat_store+0x187/0x3d0 [ 105.275533][ T5914] ? lockdep_hardirqs_on+0x7c/0x110 [ 105.275568][ T5914] ? __pfx___mutex_lock+0x10/0x10 [ 105.275608][ T5914] ? __pfx_autoremove_wake_function+0x10/0x10 [ 105.275642][ T5914] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 105.275682][ T5914] ? queue_wb_lat_store+0x187/0x3d0 [ 105.275721][ T5914] queue_wb_lat_store+0x187/0x3d0 [ 105.275761][ T5914] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 105.275803][ T5914] ? __mutex_trylock_common+0xe9/0x250 [ 105.275839][ T5914] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 105.275879][ T5914] queue_attr_store+0x270/0x310 [ 105.275920][ T5914] ? __pfx_queue_attr_store+0x10/0x10 [ 105.275967][ T5914] ? find_held_lock+0x2b/0x80 [ 105.275991][ T5914] ? sysfs_file_kobj+0xe4/0x290 [ 105.276029][ T5914] ? __pfx_queue_attr_store+0x10/0x10 [ 105.276070][ T5914] sysfs_kf_write+0xef/0x150 [ 105.276107][ T5914] kernfs_fop_write_iter+0x351/0x510 [ 105.276140][ T5914] ? __pfx_sysfs_kf_write+0x10/0x10 [ 105.276177][ T5914] vfs_write+0x5ba/0x1180 [ 105.276201][ T5914] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 105.276235][ T5914] ? __pfx___mutex_lock+0x10/0x10 [ 105.276271][ T5914] ? __pfx_vfs_write+0x10/0x10 [ 105.276309][ T5914] ksys_write+0x12a/0x240 [ 105.276332][ T5914] ? __pfx_ksys_write+0x10/0x10 [ 105.276355][ T5914] ? rcu_is_watching+0x12/0xc0 [ 105.276383][ T5914] do_syscall_64+0xcd/0x230 [ 105.276421][ T5914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.276447][ T5914] RIP: 0033:0x7f2796f8e969 [ 105.276468][ T5914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.276493][ T5914] RSP: 002b:00007f2797e09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 105.276516][ T5914] RAX: ffffffffffffffda RBX: 00007f27971b5fa0 RCX: 00007f2796f8e969 [ 105.276533][ T5914] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 105.276548][ T5914] RBP: 00007f2797010ab1 R08: 0000000000000000 R09: 0000000000000000 [ 105.276563][ T5914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.276578][ T5914] R13: 0000000000000000 R14: 00007f27971b5fa0 R15: 00007ffc57b590e8 [ 105.276602][ T5914] [ 105.636511][ T55] Bluetooth: hci2: command tx timeout [ 105.642266][ T5843] Bluetooth: hci1: command tx timeout [ 105.647708][ T5843] Bluetooth: hci0: command tx timeout [ 105.653342][ T5843] Bluetooth: hci3: command tx timeout