last executing test programs: 0s ago: executing program 0 (id=2): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)={0x94, 0x0, 0x0, 0x70bd27, 0x25dfdbfe, {}, [@HWSIM_ATTR_SIGNAL={0x8, 0x6, 0x2}, @HWSIM_ATTR_TX_INFO_FLAGS={0x39, 0x15, "890743a1d8a2063ecac22003b4bf6386d4b41b00cd5a1cd5a49ed0a66d17cc206d6636b9ddc8aa9c9dded9d3be32f51efe869a9328"}, @HWSIM_ATTR_ADDR_RECEIVER={0x3a, 0x1, "c0d006911cf619d430c6b42dc79ff6b7953087a9a52d4b8d4092092fc8930e78eb9df2ee8f26eb49e445aa5ac04c75ccd383abb225a5"}]}, 0x94}, 0x1, 0x0, 0x0, 0x40047}, 0x40001) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000001c0), 0x88e00, 0x0) r1 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r0) sendmsg$auto_IPVS_CMD_SET_SERVICE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f0000000840)={0x174, r1, 0x329, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_SERVICE={0x138, 0x1, 0x0, 0x1, [@typed={0x8, 0x6d, 0x0, 0x0, @u32}, @typed={0x8, 0x3, 0x0, 0x0, @uid}, @generic="da607bb295171b5b3b1692910f31c7b5127ce5f6801a846cfe097f1103d4820b2a39b2720f0a05d7fae94765aaa135735529d80dfe7df2a75ad87cb7d06e3808d74c98fe60a94f0b45dd96cc1b1c2fd286f91117b4703f2d80", @generic="5ab96fb2bc33a8479904c5933a65ae08aff96317b23b220f9b0897c432d9e5ab74421cae2bc1a44071b672207cbe18ca7d518141c76484d6acfc3da864a4a1eed7eca6e7e082da8cf6c0af8e303bea84872d102e8891293ebbd15ec74eb41f1917c8b0d2f20caade536d83fc53686158a9c906bc486f7135a5ac32222730d87d8ffa1938d892a84c1e134296fca187a97b70c72da7edd74c2fab2fb9248db49fcd1e203cb163cc6da44d04d300658d5148a1a0ff78803bc0f4709526f9800475596a9f922ff5f367ac5278"]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}]}, 0x174}, 0x1, 0x0, 0x0, 0x80}, 0x20008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r2, 0x400454ca, 0x38) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r4, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, 0xffffffffffffffff, 0x8001) write$auto(0x3, 0x0, 0xfffffdef) io_uring_setup$auto(0x3501, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, 0xffffffffffffffff, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x6}, {0x7, 0xa, 0xf, 0x7fff, 0x3, 0x0, 0x0, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r4, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r5, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r6, 0x5609, 0xffffffffffffffff) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.9' (ED25519) to the list of known hosts. [ 89.977387][ T5821] cgroup: Unknown subsys name 'net' [ 90.110093][ T5821] cgroup: Unknown subsys name 'cpuset' [ 90.119458][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.946633][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 94.319029][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 94.332868][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 94.341170][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 94.348829][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 94.357457][ T5838] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 94.365352][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 94.373882][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 94.385839][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 94.424005][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 94.432295][ T5155] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 94.440943][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 94.448453][ T5155] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 94.465600][ T5155] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 94.481510][ T5155] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 94.489679][ T5155] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 94.512759][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 94.525535][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 94.533948][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 94.551363][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 94.564770][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.124916][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 95.146278][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 95.285777][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 95.359169][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 95.453741][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.461845][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.469453][ T5834] bridge_slave_0: entered allmulticast mode [ 95.477698][ T5834] bridge_slave_0: entered promiscuous mode [ 95.501978][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.509279][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.516730][ T5830] bridge_slave_0: entered allmulticast mode [ 95.524079][ T5830] bridge_slave_0: entered promiscuous mode [ 95.532732][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.539989][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.547298][ T5834] bridge_slave_1: entered allmulticast mode [ 95.554731][ T5834] bridge_slave_1: entered promiscuous mode [ 95.583056][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.590576][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.597944][ T5830] bridge_slave_1: entered allmulticast mode [ 95.605288][ T5830] bridge_slave_1: entered promiscuous mode [ 95.688111][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.695357][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.705447][ T5840] bridge_slave_0: entered allmulticast mode [ 95.713504][ T5840] bridge_slave_0: entered promiscuous mode [ 95.744584][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.755930][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.763144][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.770583][ T5840] bridge_slave_1: entered allmulticast mode [ 95.778618][ T5840] bridge_slave_1: entered promiscuous mode [ 95.794266][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.807653][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.847582][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.929639][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.942820][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.952464][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.962253][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.969613][ T5843] bridge_slave_0: entered allmulticast mode [ 95.977478][ T5843] bridge_slave_0: entered promiscuous mode [ 96.002164][ T5834] team0: Port device team_slave_0 added [ 96.013454][ T5834] team0: Port device team_slave_1 added [ 96.040403][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.047743][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.054919][ T5843] bridge_slave_1: entered allmulticast mode [ 96.062586][ T5843] bridge_slave_1: entered promiscuous mode [ 96.072057][ T5830] team0: Port device team_slave_0 added [ 96.082093][ T5830] team0: Port device team_slave_1 added [ 96.156190][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.163204][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.189289][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.203881][ T5840] team0: Port device team_slave_0 added [ 96.214114][ T5840] team0: Port device team_slave_1 added [ 96.249997][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.257211][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.284331][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.313242][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.323579][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.330855][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.357598][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.370718][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.377789][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.403799][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.439446][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.449182][ T5155] Bluetooth: hci0: command tx timeout [ 96.490648][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.497999][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.524795][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.526493][ T5155] Bluetooth: hci2: command tx timeout [ 96.538083][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.540995][ T5839] Bluetooth: hci1: command tx timeout [ 96.547820][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.579353][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.608655][ T5843] team0: Port device team_slave_0 added [ 96.654151][ T5843] team0: Port device team_slave_1 added [ 96.666616][ T5834] hsr_slave_0: entered promiscuous mode [ 96.673230][ T5834] hsr_slave_1: entered promiscuous mode [ 96.685842][ T5839] Bluetooth: hci3: command tx timeout [ 96.760955][ T5830] hsr_slave_0: entered promiscuous mode [ 96.767888][ T5830] hsr_slave_1: entered promiscuous mode [ 96.774274][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.782370][ T5830] Cannot create hsr debugfs directory [ 96.809876][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.816904][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.843259][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.860971][ T5840] hsr_slave_0: entered promiscuous mode [ 96.867976][ T5840] hsr_slave_1: entered promiscuous mode [ 96.874130][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.881775][ T5840] Cannot create hsr debugfs directory [ 96.905300][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.912412][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.937673][ T9] cfg80211: failed to load regulatory.db [ 96.942674][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.140399][ T5843] hsr_slave_0: entered promiscuous mode [ 97.147040][ T5843] hsr_slave_1: entered promiscuous mode [ 97.153069][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.160701][ T5843] Cannot create hsr debugfs directory [ 97.511334][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.524233][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.543254][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.554986][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.631483][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 97.651895][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 97.664247][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 97.675066][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.797867][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.833184][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.844438][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.878266][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.947916][ T5843] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.960692][ T5843] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.980203][ T5843] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 97.994039][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.008572][ T5843] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.071878][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.105966][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.113407][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.140145][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.147384][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.244424][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.294819][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.335035][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.381664][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.404290][ T3489] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.411572][ T3489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.424834][ T3489] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.432214][ T3489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.478307][ T3489] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.485553][ T3489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.498364][ T3489] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.505526][ T3489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.525999][ T5839] Bluetooth: hci0: command tx timeout [ 98.608812][ T5839] Bluetooth: hci1: command tx timeout [ 98.614316][ T5839] Bluetooth: hci2: command tx timeout [ 98.645153][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.741513][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.766256][ T5839] Bluetooth: hci3: command tx timeout [ 98.811460][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.834000][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.841297][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.883965][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.891247][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.120822][ T5834] veth0_vlan: entered promiscuous mode [ 99.161296][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.182835][ T5834] veth1_vlan: entered promiscuous mode [ 99.268213][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.342473][ T5834] veth0_macvtap: entered promiscuous mode [ 99.374627][ T5830] veth0_vlan: entered promiscuous mode [ 99.397380][ T5834] veth1_macvtap: entered promiscuous mode [ 99.448414][ T5830] veth1_vlan: entered promiscuous mode [ 99.459983][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.501701][ T5840] veth0_vlan: entered promiscuous mode [ 99.521218][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.533562][ T5834] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.544022][ T5834] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.553961][ T5834] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.563696][ T5834] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.609945][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.618675][ T5840] veth1_vlan: entered promiscuous mode [ 99.680555][ T5830] veth0_macvtap: entered promiscuous mode [ 99.739888][ T5830] veth1_macvtap: entered promiscuous mode [ 99.785168][ T5840] veth0_macvtap: entered promiscuous mode [ 99.798614][ T5840] veth1_macvtap: entered promiscuous mode [ 99.811969][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.821058][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.839644][ T5843] veth0_vlan: entered promiscuous mode [ 99.870568][ T5843] veth1_vlan: entered promiscuous mode [ 99.906576][ T3489] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.915353][ T3489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.924885][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.952063][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.972209][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.993573][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.021042][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.031143][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 100.031260][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.056376][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.065130][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.082646][ T5840] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.093001][ T5840] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.103129][ T5840] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.112289][ T5840] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.150680][ T5843] veth0_macvtap: entered promiscuous mode [ 100.174811][ T5843] veth1_macvtap: entered promiscuous mode [ 100.304097][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.380197][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.396987][ T3489] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.417792][ T394] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.428952][ T394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.439318][ T3489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.455543][ T5843] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.466888][ T5843] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.475806][ T5843] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.484566][ T5843] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.573389][ T5920] [ 100.575793][ T5920] ====================================================== [ 100.582836][ T5920] WARNING: possible circular locking dependency detected [ 100.589930][ T5920] 6.16.0-rc1-syzkaller #0 Not tainted [ 100.595333][ T5920] ------------------------------------------------------ [ 100.602373][ T5920] syz.0.2/5920 is trying to acquire lock: [ 100.608128][ T5920] ffffffff8e2666d0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 100.617720][ T5920] [ 100.617720][ T5920] but task is already holding lock: [ 100.618583][ T5839] Bluetooth: hci0: command tx timeout [ 100.625098][ T5920] ffff888142f5a9c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 100.639291][ T5920] [ 100.639291][ T5920] which lock already depends on the new lock. [ 100.639291][ T5920] [ 100.649731][ T5920] [ 100.649731][ T5920] the existing dependency chain (in reverse order) is: [ 100.658784][ T5920] [ 100.658784][ T5920] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 100.667024][ T5920] __mutex_lock+0x199/0xb90 [ 100.672103][ T5920] wbt_init+0x393/0x540 [ 100.676852][ T5920] queue_wb_lat_store+0x354/0x3d0 [ 100.682553][ T5920] queue_attr_store+0x279/0x320 [ 100.687989][ T5920] sysfs_kf_write+0xf2/0x150 [ 100.693161][ T5920] kernfs_fop_write_iter+0x351/0x510 [ 100.699106][ T5920] vfs_write+0x6c4/0x1150 [ 100.704023][ T5920] ksys_write+0x12a/0x250 [ 100.708944][ T5920] do_syscall_64+0xcd/0x490 [ 100.714014][ T5920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.715944][ T5155] Bluetooth: hci1: command tx timeout [ 100.720460][ T5920] [ 100.720460][ T5920] -> #2 (&q->q_usage_counter(io) [ 100.725879][ T5839] Bluetooth: hci2: command tx timeout [ 100.738409][ T5920] #18){++++}-{0:0}: [ 100.742272][ T5920] blk_alloc_queue+0x619/0x760 [ 100.747607][ T5920] blk_mq_alloc_queue+0x175/0x290 [ 100.753211][ T5920] __blk_mq_alloc_disk+0x29/0x120 [ 100.758812][ T5920] loop_add+0x49e/0xb70 [ 100.763535][ T5920] loop_init+0x164/0x270 [ 100.768357][ T5920] do_one_initcall+0x120/0x6e0 [ 100.773846][ T5920] kernel_init_freeable+0x5c2/0x900 [ 100.779640][ T5920] kernel_init+0x1c/0x2b0 [ 100.784537][ T5920] ret_from_fork+0x5d4/0x6f0 [ 100.789700][ T5920] ret_from_fork_asm+0x1a/0x30 [ 100.795040][ T5920] [ 100.795040][ T5920] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 100.802324][ T5920] fs_reclaim_acquire+0x102/0x150 [ 100.807918][ T5920] __kmalloc_cache_node_noprof+0x53/0x420 [ 100.814232][ T5920] create_worker+0x10f/0x7e0 [ 100.819400][ T5920] workqueue_prepare_cpu+0xb5/0x160 [ 100.825180][ T5920] cpuhp_invoke_callback+0x3d5/0xa10 [ 100.831059][ T5920] __cpuhp_invoke_callback_range+0x101/0x210 [ 100.837632][ T5920] _cpu_up+0x3f5/0x930 [ 100.842263][ T5920] cpu_up+0x1dc/0x240 [ 100.846810][ T5920] cpuhp_bringup_mask+0xd8/0x210 [ 100.852336][ T5920] bringup_nonboot_cpus+0x176/0x1c0 [ 100.858102][ T5920] smp_init+0x34/0x160 [ 100.862735][ T5920] kernel_init_freeable+0x3a8/0x900 [ 100.865870][ T5155] Bluetooth: hci3: command tx timeout [ 100.868564][ T5920] kernel_init+0x1c/0x2b0 [ 100.878920][ T5920] ret_from_fork+0x5d4/0x6f0 [ 100.884077][ T5920] ret_from_fork_asm+0x1a/0x30 [ 100.889406][ T5920] [ 100.889406][ T5920] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 100.897215][ T5920] __lock_acquire+0x126f/0x1c90 [ 100.902634][ T5920] lock_acquire+0x179/0x350 [ 100.907699][ T5920] cpus_read_lock+0x42/0x160 [ 100.912851][ T5920] static_key_slow_inc+0x12/0x30 [ 100.918364][ T5920] rq_qos_add+0x2f8/0x4b0 [ 100.923262][ T5920] wbt_init+0x3a9/0x540 [ 100.927974][ T5920] queue_wb_lat_store+0x354/0x3d0 [ 100.933569][ T5920] queue_attr_store+0x279/0x320 [ 100.938999][ T5920] sysfs_kf_write+0xf2/0x150 [ 100.944158][ T5920] kernfs_fop_write_iter+0x351/0x510 [ 100.950006][ T5920] vfs_write+0x6c4/0x1150 [ 100.954921][ T5920] ksys_write+0x12a/0x250 [ 100.959820][ T5920] do_syscall_64+0xcd/0x490 [ 100.964881][ T5920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.971340][ T5920] [ 100.971340][ T5920] other info that might help us debug this: [ 100.971340][ T5920] [ 100.981601][ T5920] Chain exists of: [ 100.981601][ T5920] cpu_hotplug_lock --> &q->q_usage_counter(io)#18 --> &q->rq_qos_mutex [ 100.981601][ T5920] [ 100.996209][ T5920] Possible unsafe locking scenario: [ 100.996209][ T5920] [ 101.003687][ T5920] CPU0 CPU1 [ 101.009086][ T5920] ---- ---- [ 101.014480][ T5920] lock(&q->rq_qos_mutex); [ 101.019039][ T5920] lock(&q->q_usage_counter(io)#18); [ 101.027012][ T5920] lock(&q->rq_qos_mutex); [ 101.034084][ T5920] rlock(cpu_hotplug_lock); [ 101.038720][ T5920] [ 101.038720][ T5920] *** DEADLOCK *** [ 101.038720][ T5920] [ 101.046887][ T5920] 7 locks held by syz.0.2/5920: [ 101.051767][ T5920] #0: ffff8880332a00f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 101.060925][ T5920] #1: ffff888035c60428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 101.069999][ T5920] #2: ffff888060c48888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 101.079846][ T5920] #3: ffff888142fe20f8 (kn->active#59){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 101.089953][ T5920] #4: ffff888142f5a7c8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 101.101720][ T5920] #5: ffff888142f5a800 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 101.113741][ T5920] #6: ffff888142f5a9c8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 101.122961][ T5920] [ 101.122961][ T5920] stack backtrace: [ 101.128896][ T5920] CPU: 0 UID: 0 PID: 5920 Comm: syz.0.2 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 101.128935][ T5920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 101.128958][ T5920] Call Trace: [ 101.128971][ T5920] [ 101.128987][ T5920] dump_stack_lvl+0x116/0x1f0 [ 101.129043][ T5920] print_circular_bug+0x275/0x350 [ 101.129084][ T5920] check_noncircular+0x14c/0x170 [ 101.129133][ T5920] __lock_acquire+0x126f/0x1c90 [ 101.129180][ T5920] lock_acquire+0x179/0x350 [ 101.129220][ T5920] ? static_key_slow_inc+0x12/0x30 [ 101.129283][ T5920] ? __pfx___might_resched+0x10/0x10 [ 101.129319][ T5920] cpus_read_lock+0x42/0x160 [ 101.129351][ T5920] ? static_key_slow_inc+0x12/0x30 [ 101.129393][ T5920] static_key_slow_inc+0x12/0x30 [ 101.129436][ T5920] rq_qos_add+0x2f8/0x4b0 [ 101.129481][ T5920] wbt_init+0x3a9/0x540 [ 101.129518][ T5920] queue_wb_lat_store+0x354/0x3d0 [ 101.129571][ T5920] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 101.129625][ T5920] ? __mutex_trylock_common+0xe9/0x250 [ 101.129670][ T5920] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 101.129720][ T5920] queue_attr_store+0x279/0x320 [ 101.129770][ T5920] ? __pfx_queue_attr_store+0x10/0x10 [ 101.129845][ T5920] ? __lock_acquire+0x622/0x1c90 [ 101.129896][ T5920] ? find_held_lock+0x2b/0x80 [ 101.129926][ T5920] ? sysfs_file_kobj+0xe4/0x290 [ 101.129966][ T5920] ? __pfx_queue_attr_store+0x10/0x10 [ 101.130018][ T5920] sysfs_kf_write+0xf2/0x150 [ 101.130056][ T5920] kernfs_fop_write_iter+0x351/0x510 [ 101.130089][ T5920] ? __pfx_sysfs_kf_write+0x10/0x10 [ 101.130134][ T5920] vfs_write+0x6c4/0x1150 [ 101.130179][ T5920] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 101.130214][ T5920] ? __pfx___mutex_lock+0x10/0x10 [ 101.130244][ T5920] ? __pfx_vfs_write+0x10/0x10 [ 101.130301][ T5920] ksys_write+0x12a/0x250 [ 101.130344][ T5920] ? __pfx_ksys_write+0x10/0x10 [ 101.130394][ T5920] do_syscall_64+0xcd/0x490 [ 101.130424][ T5920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.130457][ T5920] RIP: 0033:0x7f29ef18e929 [ 101.130486][ T5920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.130517][ T5920] RSP: 002b:00007f29effc3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 101.130548][ T5920] RAX: ffffffffffffffda RBX: 00007f29ef3b6160 RCX: 00007f29ef18e929 [ 101.130569][ T5920] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000006 [ 101.130588][ T5920] RBP: 00007f29ef210b39 R08: 0000000000000000 R09: 0000000000000000 [ 101.130608][ T5920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.130627][ T5920] R13: 0000000000000000 R14: 00007f29ef3b6160 R15: 00007ffc79e956e8 [ 101.130658][ T5920] [ 101.406871][ T3489] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.406929][ T3489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.492485][ T394] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.552271][ T394] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.569126][ T5843] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' [ 101.677301][ T394] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.710441][ T5843] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 101.723780][ T394] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.807699][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.827103][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.686045][ T5155] Bluetooth: hci0: command tx timeout [ 102.765939][ T5839] Bluetooth: hci2: command tx timeout [ 102.768628][ T5155] Bluetooth: hci1: command tx timeout [ 102.926066][ T5155] Bluetooth: hci3: command tx timeout