last executing test programs: 0s ago: executing program 1 (id=2): mmap$auto(0x7, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r1 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/devices/virtual/block/loop1/queue/wbt_lat_usec\x00', 0x2062, 0x0) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x9) ioctl$auto(r1, 0x400454ca, 0x38) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20a01, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x80, 0x0) mmap$auto(0xb2, 0x14, 0xffb, 0x8000000008015, r0, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0xfffffdef) io_uring_setup$auto(0x3500, &(0x7f0000000080)={0x80, 0x1000, 0x8, 0x5, 0x3, 0xfffffff1, r0, [0xbc, 0xffff, 0x40], {0x81, 0x9, 0x0, 0x80000000, 0x3, 0x101, 0xffff, 0x0, 0x10000}, {0x7, 0xa, 0xf, 0x7fff, 0x8, 0x0, 0x1, 0xfffffffa, 0xc}}) ioctl$auto_BLKTRACETEARDOWN(r3, 0x1276, 0x0) mmap$auto(0x8000000000002001, 0x20009, 0xdf, 0x15, r4, 0x8000) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x11, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = socket(0xa, 0x3, 0x41) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty48\x00', 0x880, 0x0) ioctl$auto(r7, 0x5609, r6) madvise$auto(0x0, 0x20499d, 0x9) open_tree$auto(0xffffffffffffffff, 0x0, 0x74ee) ioctl$auto_NS_GET_PID_FROM_PIDNS(r4, 0x8004b706, &(0x7f0000000180)=0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="000229bd0080fbdbdf350a0000000800fbffffffff"], 0x24}, 0x1, 0x0, 0x0, 0xc64d306fdacabd54}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.135' (ED25519) to the list of known hosts. [ 97.780439][ T5821] cgroup: Unknown subsys name 'net' [ 97.894126][ T5821] cgroup: Unknown subsys name 'cpuset' [ 97.903974][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 99.827426][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.050591][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.060453][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.068764][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.080703][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.100805][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.153955][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.162435][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.171947][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.190477][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.198617][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.259007][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.282236][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.300625][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.309166][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 102.318656][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 102.335923][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.344338][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.352840][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.370948][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.381225][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 102.422472][ T24] cfg80211: failed to load regulatory.db [ 102.625626][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 102.864076][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.873439][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.881543][ T5830] bridge_slave_0: entered allmulticast mode [ 102.891014][ T5830] bridge_slave_0: entered promiscuous mode [ 102.907211][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.915523][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.923290][ T5830] bridge_slave_1: entered allmulticast mode [ 102.932497][ T5830] bridge_slave_1: entered promiscuous mode [ 102.971486][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 103.035437][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.071302][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.157649][ T5830] team0: Port device team_slave_0 added [ 103.168089][ T5830] team0: Port device team_slave_1 added [ 103.257990][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.265480][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.273359][ T5834] bridge_slave_0: entered allmulticast mode [ 103.280800][ T5834] bridge_slave_0: entered promiscuous mode [ 103.309680][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.316703][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.343131][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.361181][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.368411][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.376347][ T5834] bridge_slave_1: entered allmulticast mode [ 103.384094][ T5834] bridge_slave_1: entered promiscuous mode [ 103.391322][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 103.404638][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.411748][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.437856][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.507078][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.560484][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.693120][ T5830] hsr_slave_0: entered promiscuous mode [ 103.701785][ T5830] hsr_slave_1: entered promiscuous mode [ 103.733766][ T5834] team0: Port device team_slave_0 added [ 103.747099][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 103.781703][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.789630][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.797066][ T5837] bridge_slave_0: entered allmulticast mode [ 103.805294][ T5837] bridge_slave_0: entered promiscuous mode [ 103.816501][ T5834] team0: Port device team_slave_1 added [ 103.830662][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.837917][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.845989][ T5837] bridge_slave_1: entered allmulticast mode [ 103.853634][ T5837] bridge_slave_1: entered promiscuous mode [ 103.973893][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.985652][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.012234][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.060794][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.072715][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.079827][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.106011][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.135628][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.180368][ T5832] Bluetooth: hci0: command tx timeout [ 104.209555][ T5837] team0: Port device team_slave_0 added [ 104.259859][ T5832] Bluetooth: hci1: command tx timeout [ 104.273472][ T5837] team0: Port device team_slave_1 added [ 104.293847][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.301164][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.308357][ T5838] bridge_slave_0: entered allmulticast mode [ 104.318524][ T5838] bridge_slave_0: entered promiscuous mode [ 104.363878][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.371217][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.378435][ T5838] bridge_slave_1: entered allmulticast mode [ 104.386202][ T5838] bridge_slave_1: entered promiscuous mode [ 104.398841][ T5834] hsr_slave_0: entered promiscuous mode [ 104.406853][ T5834] hsr_slave_1: entered promiscuous mode [ 104.413285][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.420305][ T5832] Bluetooth: hci3: command tx timeout [ 104.421663][ T5834] Cannot create hsr debugfs directory [ 104.426475][ T5154] Bluetooth: hci2: command tx timeout [ 104.512598][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.520104][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.546813][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.597933][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.608082][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.615723][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.642369][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.714226][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.829529][ T5837] hsr_slave_0: entered promiscuous mode [ 104.836258][ T5837] hsr_slave_1: entered promiscuous mode [ 104.843866][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.852057][ T5837] Cannot create hsr debugfs directory [ 104.867719][ T5838] team0: Port device team_slave_0 added [ 104.917800][ T5838] team0: Port device team_slave_1 added [ 105.019465][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.026691][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.053993][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.068866][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.076378][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.105031][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.116860][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 105.155073][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 105.202134][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 105.216277][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 105.312082][ T5838] hsr_slave_0: entered promiscuous mode [ 105.318734][ T5838] hsr_slave_1: entered promiscuous mode [ 105.326529][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.334302][ T5838] Cannot create hsr debugfs directory [ 105.459271][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 105.494021][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 105.533437][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 105.565531][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 105.668414][ T5837] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.692261][ T5837] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.724129][ T5837] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.753890][ T5837] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.841555][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 105.874870][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 105.885785][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 105.903024][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.003630][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.057090][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.084784][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.113568][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.121086][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.156950][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.164198][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.195646][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.252009][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.259293][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.260637][ T5154] Bluetooth: hci0: command tx timeout [ 106.300012][ T1342] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.307655][ T1342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.326556][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.343731][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.353109][ T5154] Bluetooth: hci1: command tx timeout [ 106.408377][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.445397][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.466247][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.473494][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.500161][ T5154] Bluetooth: hci2: command tx timeout [ 106.505662][ T5154] Bluetooth: hci3: command tx timeout [ 106.536488][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.543789][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.565075][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.572352][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.615094][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.622442][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.913592][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.074584][ T5830] veth0_vlan: entered promiscuous mode [ 107.134933][ T5830] veth1_vlan: entered promiscuous mode [ 107.247362][ T5830] veth0_macvtap: entered promiscuous mode [ 107.265968][ T5830] veth1_macvtap: entered promiscuous mode [ 107.287808][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.357598][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.433017][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.461221][ T5830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.470655][ T5830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.479989][ T5830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.488742][ T5830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.507629][ T5834] veth0_vlan: entered promiscuous mode [ 107.537554][ T5834] veth1_vlan: entered promiscuous mode [ 107.563810][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.614889][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.706172][ T5834] veth0_macvtap: entered promiscuous mode [ 107.739828][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.750253][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.768371][ T5834] veth1_macvtap: entered promiscuous mode [ 107.803541][ T5838] veth0_vlan: entered promiscuous mode [ 107.841060][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.872615][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.882183][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.888492][ T5838] veth1_vlan: entered promiscuous mode [ 107.901509][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.918099][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.927386][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.937744][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.948624][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.997316][ T5837] veth0_vlan: entered promiscuous mode [ 108.072618][ T5837] veth1_vlan: entered promiscuous mode [ 108.088015][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 108.187914][ T5838] veth0_macvtap: entered promiscuous mode [ 108.233317][ T5838] veth1_macvtap: entered promiscuous mode [ 108.253530][ T2964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.271759][ T5895] [ 108.274182][ T5895] ====================================================== [ 108.281249][ T5895] WARNING: possible circular locking dependency detected [ 108.285668][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.288316][ T5895] 6.15.0-syzkaller-12141-gec7714e49479 #0 Not tainted [ 108.297938][ T5837] veth0_macvtap: entered promiscuous mode [ 108.302284][ T5895] ------------------------------------------------------ [ 108.302297][ T5895] syz.1.2/5895 is trying to acquire lock: [ 108.302314][ T5895] ffffffff8e266b50 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 108.330469][ T5895] [ 108.330469][ T5895] but task is already holding lock: [ 108.337875][ T5895] ffff8880261b02a8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 108.340087][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.346654][ T5895] [ 108.346654][ T5895] which lock already depends on the new lock. [ 108.346654][ T5895] [ 108.346667][ T5895] [ 108.346667][ T5895] the existing dependency chain (in reverse order) is: [ 108.346679][ T5895] [ 108.346679][ T5895] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 108.373675][ T5837] veth1_macvtap: entered promiscuous mode [ 108.381189][ T5895] __mutex_lock+0x199/0xb90 [ 108.381240][ T5895] wbt_init+0x393/0x540 [ 108.381273][ T5895] queue_wb_lat_store+0x354/0x3d0 [ 108.401820][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.402398][ T5895] queue_attr_store+0x279/0x320 [ 108.411395][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.416460][ T5895] sysfs_kf_write+0xef/0x150 [ 108.426350][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.430267][ T5895] kernfs_fop_write_iter+0x354/0x510 [ 108.430308][ T5895] vfs_write+0x6c4/0x1150 [ 108.430352][ T5895] ksys_write+0x12a/0x250 [ 108.430397][ T5895] do_syscall_64+0xcd/0x490 [ 108.430444][ T5895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.430477][ T5895] [ 108.430477][ T5895] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}: [ 108.430532][ T5895] blk_alloc_queue+0x619/0x760 [ 108.430573][ T5895] blk_mq_alloc_queue+0x175/0x290 [ 108.430626][ T5895] __blk_mq_alloc_disk+0x29/0x120 [ 108.430684][ T5895] loop_add+0x49e/0xb70 [ 108.430721][ T5895] loop_init+0x164/0x270 [ 108.430752][ T5895] do_one_initcall+0x120/0x6e0 [ 108.430783][ T5895] kernel_init_freeable+0x5c2/0x900 [ 108.430817][ T5895] kernel_init+0x1c/0x2b0 [ 108.430846][ T5895] ret_from_fork+0x5d7/0x6f0 [ 108.430888][ T5895] ret_from_fork_asm+0x1a/0x30 [ 108.430920][ T5895] [ 108.430920][ T5895] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 108.430963][ T5895] fs_reclaim_acquire+0x102/0x150 [ 108.444150][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.445451][ T5895] __kmalloc_cache_node_noprof+0x53/0x420 [ 108.489043][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.492240][ T5895] create_worker+0x10f/0x7e0 [ 108.510002][ T2964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.512754][ T5895] workqueue_prepare_cpu+0xb5/0x160 [ 108.581238][ T5895] cpuhp_invoke_callback+0x3d5/0xa10 [ 108.587109][ T5895] __cpuhp_invoke_callback_range+0x101/0x210 [ 108.593661][ T5895] _cpu_up+0x3f5/0x930 [ 108.598447][ T5895] cpu_up+0x1dc/0x240 [ 108.603066][ T5895] cpuhp_bringup_mask+0xd8/0x210 [ 108.608557][ T5895] bringup_nonboot_cpus+0x176/0x1c0 [ 108.614303][ T5895] smp_init+0x34/0x160 [ 108.618938][ T5895] kernel_init_freeable+0x3a8/0x900 [ 108.624705][ T5895] kernel_init+0x1c/0x2b0 [ 108.629693][ T5895] ret_from_fork+0x5d7/0x6f0 [ 108.634910][ T5895] ret_from_fork_asm+0x1a/0x30 [ 108.640221][ T5895] [ 108.640221][ T5895] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 108.647983][ T5895] __lock_acquire+0x126f/0x1c90 [ 108.653389][ T5895] lock_acquire+0x179/0x350 [ 108.658440][ T5895] cpus_read_lock+0x42/0x160 [ 108.663625][ T5895] static_key_slow_inc+0x12/0x30 [ 108.669127][ T5895] rq_qos_add+0x2f8/0x4b0 [ 108.674033][ T5895] wbt_init+0x3a9/0x540 [ 108.678734][ T5895] queue_wb_lat_store+0x354/0x3d0 [ 108.684305][ T5895] queue_attr_store+0x279/0x320 [ 108.689995][ T5895] sysfs_kf_write+0xef/0x150 [ 108.695132][ T5895] kernfs_fop_write_iter+0x354/0x510 [ 108.701307][ T5895] vfs_write+0x6c4/0x1150 [ 108.706192][ T5895] ksys_write+0x12a/0x250 [ 108.711087][ T5895] do_syscall_64+0xcd/0x490 [ 108.716168][ T5895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.722614][ T5895] [ 108.722614][ T5895] other info that might help us debug this: [ 108.722614][ T5895] [ 108.732866][ T5895] Chain exists of: [ 108.732866][ T5895] cpu_hotplug_lock --> &q->q_usage_counter(io)#18 --> &q->rq_qos_mutex [ 108.732866][ T5895] [ 108.747080][ T5895] Possible unsafe locking scenario: [ 108.747080][ T5895] [ 108.754546][ T5895] CPU0 CPU1 [ 108.759927][ T5895] ---- ---- [ 108.765300][ T5895] lock(&q->rq_qos_mutex); [ 108.769853][ T5895] lock(&q->q_usage_counter(io)#18); [ 108.777781][ T5895] lock(&q->rq_qos_mutex); [ 108.784829][ T5895] rlock(cpu_hotplug_lock); [ 108.789439][ T5895] [ 108.789439][ T5895] *** DEADLOCK *** [ 108.789439][ T5895] [ 108.797597][ T5895] 7 locks held by syz.1.2/5895: [ 108.802456][ T5895] #0: ffff8880334e8478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 108.811564][ T5895] #1: ffff888031200428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 108.820599][ T5895] #2: ffff88807e48e888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 108.830407][ T5895] #3: ffff8880261735a8 (kn->active#59){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 108.840540][ T5895] #4: ffff8880261b00a8 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 108.852306][ T5895] #5: ffff8880261b00e0 (&q->q_usage_counter(queue)#20){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 108.864400][ T5895] #6: ffff8880261b02a8 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 108.873586][ T5895] [ 108.873586][ T5895] stack backtrace: [ 108.879517][ T5895] CPU: 0 UID: 0 PID: 5895 Comm: syz.1.2 Not tainted 6.15.0-syzkaller-12141-gec7714e49479 #0 PREEMPT(full) [ 108.879557][ T5895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.879579][ T5895] Call Trace: [ 108.879592][ T5895] [ 108.879608][ T5895] dump_stack_lvl+0x116/0x1f0 [ 108.879660][ T5895] print_circular_bug+0x275/0x350 [ 108.879704][ T5895] check_noncircular+0x14c/0x170 [ 108.879751][ T5895] __lock_acquire+0x126f/0x1c90 [ 108.879802][ T5895] lock_acquire+0x179/0x350 [ 108.879840][ T5895] ? static_key_slow_inc+0x12/0x30 [ 108.879888][ T5895] ? __pfx___might_resched+0x10/0x10 [ 108.879926][ T5895] cpus_read_lock+0x42/0x160 [ 108.879960][ T5895] ? static_key_slow_inc+0x12/0x30 [ 108.880002][ T5895] static_key_slow_inc+0x12/0x30 [ 108.880047][ T5895] rq_qos_add+0x2f8/0x4b0 [ 108.880096][ T5895] wbt_init+0x3a9/0x540 [ 108.880133][ T5895] queue_wb_lat_store+0x354/0x3d0 [ 108.880162][ T5895] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 108.880218][ T5895] ? __mutex_trylock_common+0xe9/0x250 [ 108.880265][ T5895] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 108.880319][ T5895] queue_attr_store+0x279/0x320 [ 108.880360][ T5895] ? __pfx_queue_attr_store+0x10/0x10 [ 108.880389][ T5895] ? __lock_acquire+0x622/0x1c90 [ 108.880432][ T5895] ? log_dir_items+0x10a0/0x1a80 [ 108.880474][ T5895] ? find_held_lock+0x2b/0x80 [ 108.880505][ T5895] ? sysfs_file_kobj+0xe4/0x290 [ 108.880550][ T5895] ? __pfx_queue_attr_store+0x10/0x10 [ 108.880581][ T5895] sysfs_kf_write+0xef/0x150 [ 108.880623][ T5895] kernfs_fop_write_iter+0x354/0x510 [ 108.880659][ T5895] ? __pfx_sysfs_kf_write+0x10/0x10 [ 108.880701][ T5895] vfs_write+0x6c4/0x1150 [ 108.880751][ T5895] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 108.880789][ T5895] ? __pfx___mutex_lock+0x10/0x10 [ 108.880836][ T5895] ? __pfx_vfs_write+0x10/0x10 [ 108.880897][ T5895] ksys_write+0x12a/0x250 [ 108.880946][ T5895] ? __pfx_ksys_write+0x10/0x10 [ 108.881001][ T5895] do_syscall_64+0xcd/0x490 [ 108.881051][ T5895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.881086][ T5895] RIP: 0033:0x7f9052f8e929 [ 108.881118][ T5895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.881151][ T5895] RSP: 002b:00007f9053da1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 108.881181][ T5895] RAX: ffffffffffffffda RBX: 00007f90531b5fa0 RCX: 00007f9052f8e929 [ 108.881209][ T5895] RDX: 0000000000000009 RSI: 00002000000001c0 RDI: 0000000000000005 [ 108.881229][ T5895] RBP: 00007f9053010b39 R08: 0000000000000000 R09: 0000000000000000 [ 108.881248][ T5895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.881268][ T5895] R13: 0000000000000000 R14: 00007f90531b5fa0 R15: 00007ffdb88f4d08 [ 108.881302][ T5895] [ 109.167913][ T5154] Bluetooth: hci0: command tx timeout [ 109.172762][ T5834] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' [ 109.173555][ T5832] Bluetooth: hci1: command tx timeout [ 109.186502][ T5832] Bluetooth: hci3: command tx timeout [ 109.192040][ T5832] Bluetooth: hci2: command tx timeout [ 109.228814][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.279866][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.290888][ T5837] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.295280][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.299882][ T5837] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.299931][ T5837] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.299975][ T5837] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.358668][ T5838] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' [ 109.369530][ T5895] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 109.432444][ T2964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.441024][ T2964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.487142][ T5838] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' [ 109.552157][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.560103][ T5837] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' [ 109.572106][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.606216][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.616998][ T5837] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 109.626879][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.688308][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.696914][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.219768][ T5154] Bluetooth: hci0: command tx timeout [ 111.221780][ T51] Bluetooth: hci2: command tx timeout [ 111.225412][ T5154] Bluetooth: hci3: command tx timeout [ 111.230944][ T51] Bluetooth: hci1: command tx timeout