last executing test programs: 519.78111ms ago: executing program 2 (id=3): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) madvise$auto(0x0, 0x6, 0x3) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) read$auto(r0, 0x0, 0x8000) fstatfs$auto(r0, &(0x7f00000000c0)={0x400000000000000, 0x6, 0x3, 0xfffffffffffffff7, 0x5c1, 0xd9, 0x100, {[0x74, 0x313]}, 0x2, 0x100000001, 0xe, [0x0, 0x4, 0x6, 0x710d09cb]}) r1 = socket(0x22, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x80184947, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) pwritev$auto(0x3, &(0x7f0000001000)={0x0, 0x8}, 0x5, 0x3, 0x9) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) flock$auto(r2, 0x5) r3 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) flock$auto(r3, 0x2) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x103742, 0x0) socket(0xa, 0x2, 0x0) socket(0x5, 0x6, 0x106) close_range$auto(0x2, r1, 0x0) r4 = socket(0x10, 0x2, 0xc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/audit\x00', 0xb02, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000000), r4) 346.771136ms ago: executing program 3 (id=4): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x8, 0x4, 0x80000c) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, r0, 0x300000000000) mremap$auto(0x0, 0xfffffffffffffff9, 0x3fd6, 0x3, 0x20000000) r1 = semctl$auto_GETPID(0x728, 0x6, 0xb, 0x90c) pidfd_send_signal$auto_PIDFD_SIGNAL_THREAD_GROUP(r0, 0x9, &(0x7f0000000000)={@siginfo_0_0={0x2, 0x6, 0x2, @_rt={r1, 0xffffffffffffffff, @sival_ptr=&(0x7f00000001c0)="27ff13ee72e1c0efc0bf0880687793ab97fbedfa9e01"}}}, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/audit\x00', 0xb02, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 35.430183ms ago: executing program 3 (id=5): mmap$auto(0x0, 0x400008, 0x2800000, 0x15, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x1, 0x0) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0xe6b01, 0x90) bind$auto(0x3, &(0x7f0000000180)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x6c) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) sysfs$auto(0x2, 0xe, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80100, 0x0) prctl$auto_PR_SCHED_CORE_CREATE(0x1, 0x1, 0x0, 0x0, 0x4) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) ioctl$auto_dvb_demux_fops_dmxdev(r2, 0x40146f2c, 0x0) recvfrom$auto(r0, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) sendfile$auto(r3, r3, 0x0, 0x400000000003) socket(0x1d, 0x3, 0x7ffd) mmap$auto(0x900000000000, 0x400008, 0xdf, 0x9b7a, r1, 0x7ffe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x86c3, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r5 = prctl$auto(0x3a, 0x5, 0x0, 0x10, 0x4) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mknod$auto(&(0x7f0000000080)='./file0\x00', 0x2, 0x80000004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/i8042/serio1/resetafter\x00', 0x129102, 0x0) write$auto(r1, &(0x7f0000000100)='q\x8c', 0x1) socket(0x22, 0x80000, 0x84) listen$auto(0x3, 0x81) accept$auto(r5, 0xffffffffffffffff, 0xffffffffffffffff) shutdown$auto(0x200000003, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 0s ago: executing program 2 (id=6): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop12/queue/nr_requests\x00', 0x80302, 0x0) read$auto(r0, 0x0, 0xf30) write$auto(0x3, 0x0, 0xffd8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.5' (ED25519) to the list of known hosts. [ 93.449231][ T5818] cgroup: Unknown subsys name 'net' [ 93.560059][ T5818] cgroup: Unknown subsys name 'cpuset' [ 93.569631][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 95.396226][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.937331][ T974] cfg80211: failed to load regulatory.db [ 97.775316][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.808775][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.817154][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.822140][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.826170][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.839658][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.848338][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.850728][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.857008][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.865151][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.873461][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.877990][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.883467][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.898918][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.900941][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.914173][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.928543][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.939517][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.947293][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.958938][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 98.407975][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 98.658453][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 98.691448][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.699878][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.708152][ T5838] bridge_slave_0: entered allmulticast mode [ 98.717453][ T5838] bridge_slave_0: entered promiscuous mode [ 98.765293][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.772474][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.779847][ T5838] bridge_slave_1: entered allmulticast mode [ 98.788807][ T5838] bridge_slave_1: entered promiscuous mode [ 98.861085][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 98.925412][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.952278][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 98.981352][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.068981][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.076348][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.083537][ T5830] bridge_slave_0: entered allmulticast mode [ 99.091147][ T5830] bridge_slave_0: entered promiscuous mode [ 99.108678][ T5838] team0: Port device team_slave_0 added [ 99.149254][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.156734][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.163933][ T5830] bridge_slave_1: entered allmulticast mode [ 99.171677][ T5830] bridge_slave_1: entered promiscuous mode [ 99.181593][ T5838] team0: Port device team_slave_1 added [ 99.267858][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.275180][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.282381][ T5828] bridge_slave_0: entered allmulticast mode [ 99.290323][ T5828] bridge_slave_0: entered promiscuous mode [ 99.320847][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.327977][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.354455][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.368359][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.375843][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.401899][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.414023][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.421542][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.429056][ T5828] bridge_slave_1: entered allmulticast mode [ 99.436640][ T5828] bridge_slave_1: entered promiscuous mode [ 99.452623][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.505847][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.613800][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.623242][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.631422][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.638854][ T5829] bridge_slave_0: entered allmulticast mode [ 99.647936][ T5829] bridge_slave_0: entered promiscuous mode [ 99.658346][ T5830] team0: Port device team_slave_0 added [ 99.664550][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.671918][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.679223][ T5829] bridge_slave_1: entered allmulticast mode [ 99.687343][ T5829] bridge_slave_1: entered promiscuous mode [ 99.700278][ T5838] hsr_slave_0: entered promiscuous mode [ 99.706960][ T5838] hsr_slave_1: entered promiscuous mode [ 99.717830][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.729629][ T5830] team0: Port device team_slave_1 added [ 99.831071][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.864539][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.872632][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.899152][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.922633][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.934789][ T5828] team0: Port device team_slave_0 added [ 99.943089][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.950098][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.976467][ T5844] Bluetooth: hci2: command tx timeout [ 99.976473][ T5834] Bluetooth: hci3: command tx timeout [ 99.976998][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.027416][ T5828] team0: Port device team_slave_1 added [ 100.055679][ T5844] Bluetooth: hci0: command tx timeout [ 100.055687][ T5834] Bluetooth: hci1: command tx timeout [ 100.082806][ T5829] team0: Port device team_slave_0 added [ 100.119773][ T5829] team0: Port device team_slave_1 added [ 100.156517][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.163510][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.189602][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.244247][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.252183][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.278887][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.336824][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.343809][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.369805][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.388583][ T5830] hsr_slave_0: entered promiscuous mode [ 100.395365][ T5830] hsr_slave_1: entered promiscuous mode [ 100.401875][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.410041][ T5830] Cannot create hsr debugfs directory [ 100.438689][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.449193][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.475762][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.574613][ T5829] hsr_slave_0: entered promiscuous mode [ 100.582026][ T5829] hsr_slave_1: entered promiscuous mode [ 100.589417][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.597440][ T5829] Cannot create hsr debugfs directory [ 100.679231][ T5828] hsr_slave_0: entered promiscuous mode [ 100.686315][ T5828] hsr_slave_1: entered promiscuous mode [ 100.692774][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.700928][ T5828] Cannot create hsr debugfs directory [ 100.876320][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 100.930202][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 100.962490][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 101.021992][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 101.202724][ T5830] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 101.215701][ T5830] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 101.239485][ T5830] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 101.262909][ T5830] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 101.339288][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 101.350928][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 101.363709][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 101.391531][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 101.500782][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.527799][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.541982][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.553095][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.597552][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.676732][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.688510][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.719445][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.726771][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.747529][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.754668][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.794564][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.837531][ T1083] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.844690][ T1083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.882788][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.890041][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.969270][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.029567][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.055648][ T5844] Bluetooth: hci2: command tx timeout [ 102.055906][ T5834] Bluetooth: hci3: command tx timeout [ 102.075057][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.113609][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.120847][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.136543][ T5834] Bluetooth: hci0: command tx timeout [ 102.136553][ T5844] Bluetooth: hci1: command tx timeout [ 102.143824][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.154549][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.252028][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.324563][ T4174] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.331861][ T4174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.408281][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.415522][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.540326][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.647812][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.734301][ T5838] veth0_vlan: entered promiscuous mode [ 102.794755][ T5838] veth1_vlan: entered promiscuous mode [ 102.863791][ T5830] veth0_vlan: entered promiscuous mode [ 102.903250][ T5838] veth0_macvtap: entered promiscuous mode [ 102.928593][ T5830] veth1_vlan: entered promiscuous mode [ 102.948677][ T5838] veth1_macvtap: entered promiscuous mode [ 103.012241][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.044409][ T5830] veth0_macvtap: entered promiscuous mode [ 103.063747][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.080948][ T5830] veth1_macvtap: entered promiscuous mode [ 103.099025][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.133436][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.143632][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.152602][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.161426][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.183474][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.210699][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.225805][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.293803][ T5830] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.309338][ T5830] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.318627][ T5830] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.327591][ T5830] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.347201][ T5828] veth0_vlan: entered promiscuous mode [ 103.420477][ T5828] veth1_vlan: entered promiscuous mode [ 103.430408][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.439556][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.531120][ T5829] veth0_vlan: entered promiscuous mode [ 103.559026][ T4174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.571965][ T4174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.572168][ T5829] veth1_vlan: entered promiscuous mode [ 103.605691][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.613793][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.669851][ T5828] veth0_macvtap: entered promiscuous mode [ 103.714432][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 103.732768][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.735035][ T5829] veth0_macvtap: entered promiscuous mode [ 103.758779][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.762098][ T5828] veth1_macvtap: entered promiscuous mode [ 103.783801][ T5829] veth1_macvtap: entered promiscuous mode [ 103.868475][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.903478][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.933692][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.954920][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.968140][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.982714][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.994724][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.022635][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.094705][ T5828] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.116574][ T5828] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.131235][ T5828] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.136425][ T5834] Bluetooth: hci3: command tx timeout [ 104.140753][ T5844] Bluetooth: hci2: command tx timeout [ 104.154130][ T5828] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.215961][ T5844] Bluetooth: hci1: command tx timeout [ 104.216232][ T5834] Bluetooth: hci0: command tx timeout [ 104.464044][ T4174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.474616][ T5907] [ 104.476998][ T5907] ====================================================== [ 104.484222][ T5907] WARNING: possible circular locking dependency detected [ 104.491290][ T5907] 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 Not tainted [ 104.498440][ T5907] ------------------------------------------------------ [ 104.505487][ T5907] syz.2.6/5907 is trying to acquire lock: [ 104.511242][ T5907] ffff8880259f9958 (&q->elevator_lock){+.+.}-{4:4}, at: queue_requests_store+0x1c7/0x310 [ 104.521161][ T5907] [ 104.521161][ T5907] but task is already holding lock: [ 104.527400][ T4174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.528532][ T5907] ffff8880259f9428 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 104.547172][ T5907] [ 104.547172][ T5907] which lock already depends on the new lock. [ 104.547172][ T5907] [ 104.557590][ T5907] [ 104.557590][ T5907] the existing dependency chain (in reverse order) is: [ 104.566614][ T5907] [ 104.566614][ T5907] -> #2 (&q->q_usage_counter(io)#29){++++}-{0:0}: [ 104.575263][ T5907] blk_alloc_queue+0x619/0x760 [ 104.580680][ T5907] blk_mq_alloc_queue+0x179/0x290 [ 104.586264][ T5907] __blk_mq_alloc_disk+0x29/0x120 [ 104.591849][ T5907] loop_add+0x496/0xb70 [ 104.596560][ T5907] loop_init+0x164/0x270 [ 104.601362][ T5907] do_one_initcall+0x120/0x6e0 [ 104.606710][ T5907] kernel_init_freeable+0x5c2/0x900 [ 104.612554][ T5907] kernel_init+0x1c/0x2b0 [ 104.617434][ T5907] ret_from_fork+0x48/0x80 [ 104.622394][ T5907] ret_from_fork_asm+0x1a/0x30 [ 104.627712][ T5907] [ 104.627712][ T5907] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 104.635043][ T5907] fs_reclaim_acquire+0x102/0x150 [ 104.640641][ T5907] kmem_cache_alloc_noprof+0x53/0x3b0 [ 104.646559][ T5907] __kernfs_new_node+0xd2/0x8a0 [ 104.651948][ T5907] kernfs_new_node+0x13c/0x1e0 [ 104.657254][ T5907] kernfs_create_dir_ns+0x4c/0x1a0 [ 104.662913][ T5907] sysfs_create_dir_ns+0x13a/0x2b0 [ 104.668584][ T5907] kobject_add_internal+0x2c4/0x9b0 [ 104.674324][ T5907] kobject_add+0x16e/0x240 [ 104.679284][ T5907] elv_register_queue+0xd3/0x2a0 [ 104.684779][ T5907] blk_register_queue+0x3c4/0x560 [ 104.690352][ T5907] add_disk_fwnode+0x911/0x13a0 [ 104.695759][ T5907] nbd_dev_add+0x78e/0xbb0 [ 104.700722][ T5907] nbd_init+0x181/0x320 [ 104.705438][ T5907] do_one_initcall+0x120/0x6e0 [ 104.710850][ T5907] kernel_init_freeable+0x5c2/0x900 [ 104.716613][ T5907] kernel_init+0x1c/0x2b0 [ 104.721498][ T5907] ret_from_fork+0x48/0x80 [ 104.726459][ T5907] ret_from_fork_asm+0x1a/0x30 [ 104.731780][ T5907] [ 104.731780][ T5907] -> #0 (&q->elevator_lock){+.+.}-{4:4}: [ 104.739636][ T5907] __lock_acquire+0x1173/0x1ba0 [ 104.745043][ T5907] lock_acquire+0x179/0x350 [ 104.750100][ T5907] __mutex_lock+0x199/0xb90 [ 104.755159][ T5907] queue_requests_store+0x1c7/0x310 [ 104.760900][ T5907] queue_attr_store+0x273/0x310 [ 104.766296][ T5907] sysfs_kf_write+0xf2/0x150 [ 104.771444][ T5907] kernfs_fop_write_iter+0x351/0x510 [ 104.777292][ T5907] vfs_write+0x5ba/0x1180 [ 104.782163][ T5907] ksys_write+0x12a/0x240 [ 104.787030][ T5907] do_syscall_64+0xcd/0x230 [ 104.792091][ T5907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.798529][ T5907] [ 104.798529][ T5907] other info that might help us debug this: [ 104.798529][ T5907] [ 104.808852][ T5907] Chain exists of: [ 104.808852][ T5907] &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#29 [ 104.808852][ T5907] [ 104.822638][ T5907] Possible unsafe locking scenario: [ 104.822638][ T5907] [ 104.830113][ T5907] CPU0 CPU1 [ 104.835497][ T5907] ---- ---- [ 104.840875][ T5907] lock(&q->q_usage_counter(io)#29); [ 104.846283][ T5907] lock(fs_reclaim); [ 104.852810][ T5907] lock(&q->q_usage_counter(io)#29); [ 104.860745][ T5907] lock(&q->elevator_lock); [ 104.865364][ T5907] [ 104.865364][ T5907] *** DEADLOCK *** [ 104.865364][ T5907] [ 104.873516][ T5907] 6 locks held by syz.2.6/5907: [ 104.878375][ T5907] #0: ffff888031889438 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 104.887475][ T5907] #1: ffff888034ec4420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x240 [ 104.896501][ T5907] #2: ffff888062906888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 104.906319][ T5907] #3: ffff88802598e4b8 (kn->active#60){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 104.916409][ T5907] #4: ffff8880259f9428 (&q->q_usage_counter(io)#29){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 104.928134][ T5907] #5: ffff8880259f9460 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 104.940117][ T5907] [ 104.940117][ T5907] stack backtrace: [ 104.946033][ T5907] CPU: 1 UID: 0 PID: 5907 Comm: syz.2.6 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full) [ 104.946066][ T5907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.946085][ T5907] Call Trace: [ 104.946093][ T5907] [ 104.946106][ T5907] dump_stack_lvl+0x116/0x1f0 [ 104.946150][ T5907] print_circular_bug+0x275/0x350 [ 104.946185][ T5907] check_noncircular+0x14c/0x170 [ 104.946222][ T5907] __lock_acquire+0x1173/0x1ba0 [ 104.946262][ T5907] lock_acquire+0x179/0x350 [ 104.946296][ T5907] ? queue_requests_store+0x1c7/0x310 [ 104.946324][ T5907] ? __pfx___might_resched+0x10/0x10 [ 104.946353][ T5907] ? do_raw_spin_lock+0x12c/0x2b0 [ 104.946413][ T5907] __mutex_lock+0x199/0xb90 [ 104.946454][ T5907] ? queue_requests_store+0x1c7/0x310 [ 104.946482][ T5907] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 104.946519][ T5907] ? queue_requests_store+0x1c7/0x310 [ 104.946545][ T5907] ? lockdep_hardirqs_on+0x7c/0x110 [ 104.946591][ T5907] ? __pfx___mutex_lock+0x10/0x10 [ 104.946636][ T5907] ? __pfx_autoremove_wake_function+0x10/0x10 [ 104.946673][ T5907] ? queue_requests_store+0x1c7/0x310 [ 104.946700][ T5907] queue_requests_store+0x1c7/0x310 [ 104.946727][ T5907] ? __pfx_queue_requests_store+0x10/0x10 [ 104.946757][ T5907] ? __mutex_trylock_common+0xe9/0x250 [ 104.946794][ T5907] ? __pfx_queue_requests_store+0x10/0x10 [ 104.946822][ T5907] queue_attr_store+0x273/0x310 [ 104.946850][ T5907] ? __pfx_queue_attr_store+0x10/0x10 [ 104.946883][ T5907] ? find_held_lock+0x2b/0x80 [ 104.946908][ T5907] ? sysfs_file_kobj+0xe4/0x290 [ 104.946948][ T5907] ? __pfx_queue_attr_store+0x10/0x10 [ 104.946973][ T5907] sysfs_kf_write+0xf2/0x150 [ 104.947013][ T5907] kernfs_fop_write_iter+0x351/0x510 [ 104.947047][ T5907] ? __pfx_sysfs_kf_write+0x10/0x10 [ 104.947088][ T5907] vfs_write+0x5ba/0x1180 [ 104.947114][ T5907] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 104.947163][ T5907] ? __pfx___mutex_lock+0x10/0x10 [ 104.947202][ T5907] ? __pfx_vfs_write+0x10/0x10 [ 104.947236][ T5907] ksys_write+0x12a/0x240 [ 104.947261][ T5907] ? __pfx_ksys_write+0x10/0x10 [ 104.947285][ T5907] ? rcu_is_watching+0x12/0xc0 [ 104.947314][ T5907] do_syscall_64+0xcd/0x230 [ 104.947355][ T5907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.947381][ T5907] RIP: 0033:0x7fd86658e969 [ 104.947402][ T5907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.947426][ T5907] RSP: 002b:00007fd86744f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 104.947449][ T5907] RAX: ffffffffffffffda RBX: 00007fd8667b5fa0 RCX: 00007fd86658e969 [ 104.947466][ T5907] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 104.947481][ T5907] RBP: 00007fd866610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 104.947496][ T5907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.947511][ T5907] R13: 0000000000000000 R14: 00007fd8667b5fa0 R15: 00007ffcdfd46148 [ 104.947535][ T5907] [ 105.243546][ T5829] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' [ 105.261130][ T1083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.269253][ T1083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.303670][ T5828] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 105.331956][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.341284][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.343756][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.349562][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.215271][ T5834] Bluetooth: hci2: command tx timeout [ 106.215693][ T5844] Bluetooth: hci3: command tx timeout [ 106.295927][ T5844] Bluetooth: hci0: command tx timeout [ 106.300018][ T5834] Bluetooth: hci1: command tx timeout