[ 95.921990][ T40] audit: type=1400 audit(1765578179.404:61): avc: denied { siginh } for pid=5864 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:50301' (ED25519) to the list of known hosts. [ 109.411583][ T40] audit: type=1400 audit(1765578192.944:62): avc: denied { execute } for pid=5941 comm="sh" name="syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 109.428281][ T40] audit: type=1400 audit(1765578192.954:63): avc: denied { execute_no_trans } for pid=5941 comm="sh" path="/syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 2025/12/12 22:23:15 parsed 1 programs [ 112.434964][ T40] audit: type=1400 audit(1765578195.964:64): avc: denied { node_bind } for pid=5941 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 113.592986][ T1339] cfg80211: failed to load regulatory.db [ 117.294250][ T40] audit: type=1400 audit(1765578200.824:65): avc: denied { mounton } for pid=5950 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 117.318531][ T5950] cgroup: Unknown subsys name 'net' [ 117.319132][ T40] audit: type=1400 audit(1765578200.844:66): avc: denied { mount } for pid=5950 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 117.383900][ T40] audit: type=1400 audit(1765578200.914:67): avc: denied { unmount } for pid=5950 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 117.619108][ T5950] cgroup: Unknown subsys name 'cpuset' [ 117.672049][ T5950] cgroup: Unknown subsys name 'rlimit' [ 117.898529][ T40] audit: type=1400 audit(1765578201.434:68): avc: denied { setattr } for pid=5950 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 117.924769][ T40] audit: type=1400 audit(1765578201.444:69): avc: denied { create } for pid=5950 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 117.967237][ T40] audit: type=1400 audit(1765578201.444:70): avc: denied { write } for pid=5950 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 118.007674][ T40] audit: type=1400 audit(1765578201.444:71): avc: denied { read } for pid=5950 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 118.071835][ T40] audit: type=1400 audit(1765578201.464:72): avc: denied { mounton } for pid=5950 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 118.082238][ T40] audit: type=1400 audit(1765578201.464:73): avc: denied { mount } for pid=5950 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 118.121460][ T40] audit: type=1400 audit(1765578201.514:74): avc: denied { read } for pid=5650 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 118.148485][ T5962] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 119.345712][ T5950] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 121.471991][ T5969] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 122.784578][ T40] kauditd_printk_skb: 31 callbacks suppressed [ 122.784853][ T40] audit: type=1400 audit(1765578206.314:106): avc: denied { module_request } for pid=6016 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 122.805725][ T6016] chnl_net:caif_netlink_parms(): no params data found [ 122.895998][ T6016] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.899228][ T6016] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.901655][ T6016] bridge_slave_0: entered allmulticast mode [ 122.905002][ T6016] bridge_slave_0: entered promiscuous mode [ 122.909688][ T6016] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.912236][ T6016] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.914819][ T6016] bridge_slave_1: entered allmulticast mode [ 122.917496][ T6016] bridge_slave_1: entered promiscuous mode [ 122.936302][ T6016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.941745][ T6016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.963437][ T6016] team0: Port device team_slave_0 added [ 122.967724][ T6016] team0: Port device team_slave_1 added [ 122.987599][ T6016] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.990317][ T6016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 123.000561][ T6016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 123.006659][ T6016] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 123.009414][ T6016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 123.019350][ T6016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 123.095958][ T6016] hsr_slave_0: entered promiscuous mode [ 123.098651][ T6016] hsr_slave_1: entered promiscuous mode [ 123.246418][ T6016] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 123.253845][ T6016] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 123.258826][ T6016] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 123.264706][ T6016] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 123.285157][ T6016] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.287412][ T6016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.290464][ T6016] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.292909][ T6016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.329530][ T6016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.342758][ T340] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.346139][ T340] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.353429][ T6016] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.363032][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.365438][ T340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.371590][ T4980] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.374182][ T4980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.451702][ T40] audit: type=1400 audit(1765578206.984:107): avc: denied { sys_module } for pid=6016 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 123.545312][ T6016] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.576668][ T6016] veth0_vlan: entered promiscuous mode [ 123.587604][ T6016] veth1_vlan: entered promiscuous mode [ 123.610775][ T6016] veth0_macvtap: entered promiscuous mode [ 123.616530][ T6016] veth1_macvtap: entered promiscuous mode [ 123.631530][ T6016] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.640518][ T6016] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.652098][ T3631] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.655416][ T3631] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.659192][ T3631] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.663687][ T3631] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.750826][ T40] audit: type=1400 audit(1765578207.274:108): avc: denied { create } for pid=6038 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 123.761088][ T40] audit: type=1400 audit(1765578207.284:109): avc: denied { read write } for pid=6038 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 123.769763][ T40] audit: type=1400 audit(1765578207.284:110): avc: denied { open } for pid=6038 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 123.770058][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 123.778917][ T40] audit: type=1400 audit(1765578207.284:111): avc: denied { ioctl } for pid=6038 comm="syz-executor" path="socket:[8670]" dev="sockfs" ino=8670 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 123.791217][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 123.795087][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 123.799583][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 123.804451][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 123.814443][ T4980] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.935719][ T4980] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.009090][ T4980] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.038149][ T340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.042432][ T340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.059657][ T340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.065649][ T340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.073436][ T4980] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/12/12 22:23:28 executed programs: 0 [ 124.672069][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 124.675076][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 124.678457][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 124.682760][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 124.686092][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 124.810425][ T6059] chnl_net:caif_netlink_parms(): no params data found [ 124.894007][ T6059] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.896564][ T6059] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.899003][ T6059] bridge_slave_0: entered allmulticast mode [ 124.902151][ T6059] bridge_slave_0: entered promiscuous mode [ 124.905857][ T6059] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.908188][ T6059] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.910477][ T6059] bridge_slave_1: entered allmulticast mode [ 124.913550][ T6059] bridge_slave_1: entered promiscuous mode [ 124.929933][ T6059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.934473][ T6059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 124.950464][ T6059] team0: Port device team_slave_0 added [ 124.954128][ T6059] team0: Port device team_slave_1 added [ 124.975777][ T6059] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 124.978609][ T6059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 124.989037][ T6059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 124.994167][ T6059] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 124.996922][ T6059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 125.005639][ T6059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 125.045339][ T6059] hsr_slave_0: entered promiscuous mode [ 125.048360][ T6059] hsr_slave_1: entered promiscuous mode [ 125.052121][ T6059] debugfs: 'hsr0' already exists in 'hsr' [ 125.054555][ T6059] Cannot create hsr debugfs directory [ 126.711994][ T5297] Bluetooth: hci0: command tx timeout [ 126.971828][ T4980] bridge_slave_1: left allmulticast mode [ 126.973932][ T4980] bridge_slave_1: left promiscuous mode [ 126.976252][ T4980] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.982310][ T4980] bridge_slave_0: left allmulticast mode [ 126.984181][ T4980] bridge_slave_0: left promiscuous mode [ 126.986032][ T4980] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.159082][ T4980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 127.163341][ T4980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 127.166684][ T4980] bond0 (unregistering): Released all slaves [ 127.240268][ T40] audit: type=1400 audit(1765578210.764:112): avc: denied { create } for pid=6068 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 127.251112][ T40] audit: type=1400 audit(1765578210.774:113): avc: denied { write } for pid=6068 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth2.link" dev="tmpfs" ino=2090 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 127.262080][ T40] audit: type=1400 audit(1765578210.774:114): avc: denied { append } for pid=6068 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" dev="tmpfs" ino=2090 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 127.284082][ T4980] hsr_slave_0: left promiscuous mode [ 127.287063][ T4980] hsr_slave_1: left promiscuous mode [ 127.289518][ T4980] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.294272][ T4980] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.297797][ T4980] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.300354][ T4980] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.305716][ T40] audit: type=1400 audit(1765578210.834:115): avc: denied { unlink } for pid=6071 comm="rm" name="resolv.conf.eth2.link" dev="tmpfs" ino=2090 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 127.318872][ T4980] veth1_macvtap: left promiscuous mode [ 127.320820][ T4980] veth0_macvtap: left promiscuous mode [ 127.323586][ T4980] veth1_vlan: left promiscuous mode [ 127.325422][ T4980] veth0_vlan: left promiscuous mode [ 127.573883][ T4980] team0 (unregistering): Port device team_slave_1 removed [ 127.588538][ T4980] team0 (unregistering): Port device team_slave_0 removed [ 128.096496][ T6059] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 128.103370][ T6059] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 128.111232][ T6059] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 128.116106][ T6059] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 128.164345][ T6059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.173610][ T6059] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.178699][ T3631] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.181107][ T3631] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.186278][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.188520][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.288868][ T6059] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.377911][ T6059] veth0_vlan: entered promiscuous mode [ 128.384973][ T6059] veth1_vlan: entered promiscuous mode [ 128.398978][ T6059] veth0_macvtap: entered promiscuous mode [ 128.409497][ T6059] veth1_macvtap: entered promiscuous mode [ 128.425000][ T6059] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.432081][ T6059] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.442370][ T340] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.445625][ T340] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.451399][ T340] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.457621][ T340] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.509100][ T340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.512399][ T340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.526025][ T3631] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.529630][ T3631] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.601341][ T6095] [ 128.602349][ T6095] ====================================================== [ 128.604669][ T6095] WARNING: possible circular locking dependency detected [ 128.606847][ T6095] syzkaller #0 Not tainted [ 128.608258][ T6095] ------------------------------------------------------ [ 128.610439][ T6095] syz.0.17/6095 is trying to acquire lock: [ 128.612323][ T6095] ffff88801c68fa20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0 [ 128.615547][ T6095] [ 128.615547][ T6095] but task is already holding lock: [ 128.617828][ T6095] ffff88802657cca0 (&q->q_usage_counter(io)#26){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 128.621341][ T6095] [ 128.621341][ T6095] which lock already depends on the new lock. [ 128.621341][ T6095] [ 128.624629][ T6095] [ 128.624629][ T6095] the existing dependency chain (in reverse order) is: [ 128.627460][ T6095] [ 128.627460][ T6095] -> #2 (&q->q_usage_counter(io)#26){++++}-{0:0}: [ 128.630179][ T6095] blk_alloc_queue+0x610/0x750 [ 128.631860][ T6095] blk_mq_alloc_queue+0x172/0x280 [ 128.633646][ T6095] __blk_mq_alloc_disk+0x29/0x120 [ 128.635445][ T6095] loop_add+0x490/0xb70 [ 128.636971][ T6095] loop_init+0x164/0x270 [ 128.638541][ T6095] do_one_initcall+0x123/0x680 [ 128.640249][ T6095] kernel_init_freeable+0x5c8/0x920 [ 128.642173][ T6095] kernel_init+0x1c/0x2b0 [ 128.643781][ T6095] ret_from_fork+0x983/0xb10 [ 128.645416][ T6095] ret_from_fork_asm+0x1a/0x30 [ 128.647102][ T6095] [ 128.647102][ T6095] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 128.649423][ T6095] fs_reclaim_acquire+0x102/0x150 [ 128.651212][ T6095] kmem_cache_alloc_noprof+0x5b/0x770 [ 128.653084][ T6095] __kernfs_iattrs+0x124/0x3e0 [ 128.654794][ T6095] __kernfs_setattr+0x4d/0x3c0 [ 128.656483][ T6095] kernfs_iop_setattr+0xda/0x120 [ 128.658217][ T6095] notify_change+0x6d2/0x1290 [ 128.659911][ T6095] do_truncate+0x1d7/0x230 [ 128.661573][ T6095] path_openat+0x2a1a/0x3140 [ 128.663466][ T6095] do_filp_open+0x20b/0x470 [ 128.665325][ T6095] do_sys_openat2+0x11f/0x280 [ 128.667181][ T6095] __x64_sys_openat+0x174/0x210 [ 128.669132][ T6095] do_syscall_64+0xcd/0xf80 [ 128.671003][ T6095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.673333][ T6095] [ 128.673333][ T6095] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 128.676423][ T6095] __lock_acquire+0x1669/0x2890 [ 128.678394][ T6095] lock_acquire+0x179/0x330 [ 128.680200][ T6095] down_read+0x9b/0x460 [ 128.681889][ T6095] kernfs_iop_getattr+0x9c/0xf0 [ 128.683823][ T6095] vfs_getattr_nosec+0x2ac/0x430 [ 128.685788][ T6095] vfs_getattr+0x4a/0x60 [ 128.687539][ T6095] loop_query_min_dio_size.isra.0+0x117/0x250 [ 128.689916][ T6095] lo_ioctl+0x1430/0x1cb0 [ 128.691664][ T6095] blkdev_ioctl+0x5b0/0x6e0 [ 128.693510][ T6095] __x64_sys_ioctl+0x18e/0x210 [ 128.695453][ T6095] do_syscall_64+0xcd/0xf80 [ 128.697260][ T6095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.699552][ T6095] [ 128.699552][ T6095] other info that might help us debug this: [ 128.699552][ T6095] [ 128.703276][ T6095] Chain exists of: [ 128.703276][ T6095] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#26 [ 128.703276][ T6095] [ 128.708346][ T6095] Possible unsafe locking scenario: [ 128.708346][ T6095] [ 128.710985][ T6095] CPU0 CPU1 [ 128.712948][ T6095] ---- ---- [ 128.714907][ T6095] lock(&q->q_usage_counter(io)#26); [ 128.716844][ T6095] lock(fs_reclaim); [ 128.719161][ T6095] lock(&q->q_usage_counter(io)#26); [ 128.721954][ T6095] rlock(&root->kernfs_iattr_rwsem); [ 128.723914][ T6095] [ 128.723914][ T6095] *** DEADLOCK *** [ 128.723914][ T6095] [ 128.726788][ T6095] 3 locks held by syz.0.17/6095: [ 128.728567][ T6095] #0: ffff888102f96448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0 [ 128.732204][ T6095] #1: ffff88802657cca0 (&q->q_usage_counter(io)#26){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 128.736378][ T6095] #2: ffff88802657ccd8 (&q->q_usage_counter(queue)#10){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 128.740654][ T6095] [ 128.740654][ T6095] stack backtrace: [ 128.742838][ T6095] CPU: 2 UID: 0 PID: 6095 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 128.742854][ T6095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.742862][ T6095] Call Trace: [ 128.742868][ T6095] [ 128.742873][ T6095] dump_stack_lvl+0x116/0x1f0 [ 128.742888][ T6095] print_circular_bug+0x275/0x340 [ 128.742903][ T6095] check_noncircular+0x146/0x160 [ 128.742918][ T6095] __lock_acquire+0x1669/0x2890 [ 128.742935][ T6095] lock_acquire+0x179/0x330 [ 128.742948][ T6095] ? kernfs_iop_getattr+0x9c/0xf0 [ 128.742962][ T6095] ? __pfx___might_resched+0x10/0x10 [ 128.742976][ T6095] down_read+0x9b/0x460 [ 128.742990][ T6095] ? kernfs_iop_getattr+0x9c/0xf0 [ 128.743002][ T6095] ? find_held_lock+0x2b/0x80 [ 128.743019][ T6095] ? __pfx_down_read+0x10/0x10 [ 128.743032][ T6095] ? kernfs_root+0xee/0x2a0 [ 128.743046][ T6095] kernfs_iop_getattr+0x9c/0xf0 [ 128.743060][ T6095] vfs_getattr_nosec+0x2ac/0x430 [ 128.743081][ T6095] ? __pfx_kernfs_iop_getattr+0x10/0x10 [ 128.743097][ T6095] vfs_getattr+0x4a/0x60 [ 128.743116][ T6095] loop_query_min_dio_size.isra.0+0x117/0x250 [ 128.743132][ T6095] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 128.743147][ T6095] ? mark_held_locks+0x49/0x80 [ 128.743167][ T6095] ? blk_freeze_queue_start+0xec/0x140 [ 128.743182][ T6095] lo_ioctl+0x1430/0x1cb0 [ 128.743196][ T6095] ? __pfx_lo_ioctl+0x10/0x10 [ 128.743208][ T6095] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 128.743226][ T6095] ? lockdep_hardirqs_on+0x7c/0x110 [ 128.743238][ T6095] ? blk_get_meta_cap+0xbc/0x700 [ 128.743254][ T6095] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 128.743272][ T6095] ? blkdev_common_ioctl+0x190/0x2b60 [ 128.743289][ T6095] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 128.743307][ T6095] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 128.743321][ T6095] ? do_vfs_ioctl+0x128/0x14f0 [ 128.743334][ T6095] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 128.743347][ T6095] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 128.743362][ T6095] ? find_held_lock+0x2b/0x80 [ 128.743380][ T6095] ? __pfx_lo_ioctl+0x10/0x10 [ 128.743392][ T6095] blkdev_ioctl+0x5b0/0x6e0 [ 128.743408][ T6095] ? __pfx_blkdev_ioctl+0x10/0x10 [ 128.743423][ T6095] ? selinux_file_ioctl+0x180/0x270 [ 128.743435][ T6095] ? selinux_file_ioctl+0xb4/0x270 [ 128.743447][ T6095] ? __pfx_blkdev_ioctl+0x10/0x10 [ 128.743463][ T6095] __x64_sys_ioctl+0x18e/0x210 [ 128.743477][ T6095] do_syscall_64+0xcd/0xf80 [ 128.743490][ T6095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.743502][ T6095] RIP: 0033:0x7f99bd18f7c9 [ 128.743513][ T6095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.743524][ T6095] RSP: 002b:00007ffeb9539e28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.743537][ T6095] RAX: ffffffffffffffda RBX: 00007f99bd3e5fa0 RCX: 00007f99bd18f7c9 [ 128.743545][ T6095] RDX: 0000000000000005 RSI: 0000000000004c06 RDI: 0000000000000003 [ 128.743552][ T6095] RBP: 00007f99bd213f91 R08: 0000000000000000 R09: 0000000000000000 [ 128.743560][ T6095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.743567][ T6095] R13: 00007f99bd3e5fa0 R14: 00007f99bd3e5fa0 R15: 0000000000000003 [ 128.743578][ T6095] [ 128.801081][ T5297] Bluetooth: hci0: command tx timeout 2025/12/12 22:23:33 executed programs: 15 [ 130.871012][ T5297] Bluetooth: hci0: command tx timeout [ 132.951021][ T5297] Bluetooth: hci0: command tx timeout 2025/12/12 22:23:38 executed programs: 87