last executing test programs: 760.985619ms ago: executing program 1 (id=2): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/bond0/bonding/downdelay\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x5) 652.307366ms ago: executing program 1 (id=5): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x4, 0x200}) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) ioperm$auto(0x2, 0x31c, 0x4) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_S_MODE(r1, 0x40046109, &(0x7f0000002c40)=0x10) membarrier$auto(0x2, 0x0, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/ieee80211/phy5/netdev:wlan0/stations/08:02:11:00:00:01/vht_capa\x00', 0x101800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x80000000009b72, 0x2, 0x8000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$auto(r3, 0x5456, r3) mremap$auto(0x200000000000, 0x4, 0x4, 0x3, 0x100000000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto(0x0, 0x594d0417, 0x0, 0x1000004, &(0x7f0000000080)={{0x7, 0x4}, {0x4, 0xfffffffffffffff9}, 0x3ff, 0x281, 0x8000000000000000, 0xffffffffffffffff, 0x7f, 0x9, 0x1, 0x0, 0x4, 0x8000, 0x4, 0x6, 0x8, 0x12}) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400009135bbbeae587ec12de619ed3735a28deb39df8ddc922ae199bb55f7fca59fad768f2ad2b3e47bf9ee19735caad40ced2fd1fab1b153a59e84fe7ddaf98e7336d94520dc2dd784662abd45a8593faed22767c7ad3605e25953880372b986831761438ef28ca29a946720c5c008a1156239fc3eec515a22b6f6954c21abec26119060d8af894dc807629163b50291ac36582799f50fae224ba757653f077fe042a6845f91ff786b4ecc0811c5ec6b8500f2d58a561e3a566fdc718fd31e6905d2ee05360323ec88fa28e52ea1ff775b258c686b39c2aaf1ec57c6a73f740226fcce02531900b6cc4939b1160bf9474cd9c919ffffffffffffff80b2587d807cc1cd072c4f370bcdae1a709dbb21e42ed8f8e4e5a3e7b22435dd452c022d8626d5d1bbf91061bf5de4ef942f6eff5201f4b80008321cecb63beb", @ANYRES16=r4, @ANYBLOB="01002bbd7008fcdbdf2506000000"], 0x14}, 0x1, 0x0, 0x0, 0x4008010}, 0x20000000) mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000) readv$auto(0xffffffffffffffff, 0x0, 0x8) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x12bc00, 0x0) read$auto(r5, 0x0, 0x20) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/pcmC1D1p\x00', 0x181002, 0x0) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r6, &(0x7f0000000200)={0x0, 0x9}, 0xb) 0s ago: executing program 0 (id=1): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd9/queue/wbt_lat_usec\x00', 0x102e82, 0x0) write$auto(r0, &(0x7f0000000240)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\x03\x00\x00\x00\x00\x00\x00\x00\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x801) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.77' (ED25519) to the list of known hosts. [ 97.095285][ T9] cfg80211: failed to load regulatory.db [ 99.961284][ T5818] cgroup: Unknown subsys name 'net' [ 100.139693][ T5818] cgroup: Unknown subsys name 'cpuset' [ 100.150258][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 101.996932][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 104.330252][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 104.338280][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 104.346571][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 104.354771][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 104.362520][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 104.371180][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 104.379088][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.381183][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 104.386497][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 104.394598][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 104.404479][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 104.412443][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 104.415678][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 104.429879][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 104.430118][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 104.455054][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 104.462941][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 104.483392][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 104.495518][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 104.502783][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 105.079583][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 105.110483][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 105.221730][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 105.320302][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 105.416484][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.423904][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.431542][ T5836] bridge_slave_0: entered allmulticast mode [ 105.442208][ T5836] bridge_slave_0: entered promiscuous mode [ 105.465521][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.472720][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.480002][ T5835] bridge_slave_0: entered allmulticast mode [ 105.487362][ T5835] bridge_slave_0: entered promiscuous mode [ 105.496096][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.503673][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.510854][ T5836] bridge_slave_1: entered allmulticast mode [ 105.519061][ T5836] bridge_slave_1: entered promiscuous mode [ 105.547890][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.555313][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.562656][ T5835] bridge_slave_1: entered allmulticast mode [ 105.570293][ T5835] bridge_slave_1: entered promiscuous mode [ 105.680906][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.694684][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.710747][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.718191][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.725404][ T5837] bridge_slave_0: entered allmulticast mode [ 105.732715][ T5837] bridge_slave_0: entered promiscuous mode [ 105.742061][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.749270][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.756547][ T5837] bridge_slave_1: entered allmulticast mode [ 105.764480][ T5837] bridge_slave_1: entered promiscuous mode [ 105.775475][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.801146][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.894437][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.901565][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.909474][ T5838] bridge_slave_0: entered allmulticast mode [ 105.918412][ T5838] bridge_slave_0: entered promiscuous mode [ 105.943824][ T5835] team0: Port device team_slave_0 added [ 105.953071][ T5836] team0: Port device team_slave_0 added [ 105.959718][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.967648][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.975328][ T5838] bridge_slave_1: entered allmulticast mode [ 105.982765][ T5838] bridge_slave_1: entered promiscuous mode [ 105.992828][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.005171][ T5835] team0: Port device team_slave_1 added [ 106.012964][ T5836] team0: Port device team_slave_1 added [ 106.041070][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.139051][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.168265][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.175586][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.202303][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.216450][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.223612][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.249644][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.261702][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.268747][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.295121][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.308891][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.340971][ T5837] team0: Port device team_slave_0 added [ 106.358167][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.365249][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.391590][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.426912][ T5837] team0: Port device team_slave_1 added [ 106.454640][ T5838] team0: Port device team_slave_0 added [ 106.489640][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.496838][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.523478][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.534649][ T5841] Bluetooth: hci1: command tx timeout [ 106.536216][ T5846] Bluetooth: hci2: command tx timeout [ 106.546199][ T5841] Bluetooth: hci3: command tx timeout [ 106.546345][ T5841] Bluetooth: hci0: command tx timeout [ 106.563106][ T5838] team0: Port device team_slave_1 added [ 106.576652][ T5835] hsr_slave_0: entered promiscuous mode [ 106.583366][ T5835] hsr_slave_1: entered promiscuous mode [ 106.605214][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.612174][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.638465][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.701300][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.708638][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.735553][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.755088][ T5836] hsr_slave_0: entered promiscuous mode [ 106.761567][ T5836] hsr_slave_1: entered promiscuous mode [ 106.768151][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.776113][ T5836] Cannot create hsr debugfs directory [ 106.805568][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.812652][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.839118][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.958590][ T5837] hsr_slave_0: entered promiscuous mode [ 106.965136][ T5837] hsr_slave_1: entered promiscuous mode [ 106.971291][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.979753][ T5837] Cannot create hsr debugfs directory [ 107.040593][ T5838] hsr_slave_0: entered promiscuous mode [ 107.047994][ T5838] hsr_slave_1: entered promiscuous mode [ 107.055275][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 107.062852][ T5838] Cannot create hsr debugfs directory [ 107.489865][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.506048][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.524100][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.535682][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.616860][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.630239][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.641052][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.666429][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.766226][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 107.802577][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 107.815013][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 107.828067][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 107.932799][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.940422][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.956026][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.969847][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.981399][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.052184][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.095407][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.102695][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.114857][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.122003][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.140193][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.232803][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.261848][ T5835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 108.294825][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.302064][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.330929][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.338171][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.360517][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.438779][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.501224][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.508430][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.539354][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.549514][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.556769][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.611012][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.617861][ T5846] Bluetooth: hci0: command tx timeout [ 108.617942][ T5846] Bluetooth: hci3: command tx timeout [ 108.626148][ T5845] Bluetooth: hci1: command tx timeout [ 108.635253][ T5846] Bluetooth: hci2: command tx timeout [ 108.707359][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.714562][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.745542][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.752736][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.873026][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.027287][ T5835] veth0_vlan: entered promiscuous mode [ 109.065684][ T5835] veth1_vlan: entered promiscuous mode [ 109.163120][ T5835] veth0_macvtap: entered promiscuous mode [ 109.204683][ T5835] veth1_macvtap: entered promiscuous mode [ 109.231001][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.280552][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.309121][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.347258][ T5835] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.373945][ T5835] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.382720][ T5835] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.407997][ T5835] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.506678][ T5836] veth0_vlan: entered promiscuous mode [ 109.520241][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.550040][ T5836] veth1_vlan: entered promiscuous mode [ 109.577418][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.701964][ T5836] veth0_macvtap: entered promiscuous mode [ 109.704583][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.740697][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.772323][ T5836] veth1_macvtap: entered promiscuous mode [ 109.791960][ T5838] veth0_vlan: entered promiscuous mode [ 109.830063][ T5837] veth0_vlan: entered promiscuous mode [ 109.842148][ T5838] veth1_vlan: entered promiscuous mode [ 109.853038][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.862295][ T5837] veth1_vlan: entered promiscuous mode [ 109.868490][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.888847][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.938554][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.988608][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.992805][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 110.000976][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.024335][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.035146][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.052437][ T5838] veth0_macvtap: entered promiscuous mode [ 110.091577][ T5837] veth0_macvtap: entered promiscuous mode [ 110.119040][ T5838] veth1_macvtap: entered promiscuous mode [ 110.152064][ T5837] veth1_macvtap: entered promiscuous mode [ 110.252363][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.325159][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.357213][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.388690][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.398293][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.409575][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.419619][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.449809][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.476834][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.499844][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.525910][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.543040][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.555774][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.565323][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.659219][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.694169][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.694626][ T5846] Bluetooth: hci2: command tx timeout [ 110.701546][ T5841] Bluetooth: hci1: command tx timeout [ 110.707934][ T5846] Bluetooth: hci3: command tx timeout [ 110.714738][ T5845] Bluetooth: hci0: command tx timeout [ 110.765414][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.774717][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.884106][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.920369][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.991913][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.019312][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.035031][ T5907] [ 111.037415][ T5907] ====================================================== [ 111.044466][ T5907] WARNING: possible circular locking dependency detected [ 111.051530][ T5907] 6.15.0-syzkaller-07774-g90b83efa6701 #0 Not tainted [ 111.058314][ T5907] ------------------------------------------------------ [ 111.065346][ T5907] syz.0.1/5907 is trying to acquire lock: [ 111.071077][ T5907] ffffffff8e264eb0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_inc+0x12/0x30 [ 111.080635][ T5907] [ 111.080635][ T5907] but task is already holding lock: [ 111.088006][ T5907] ffff8880267c9638 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 111.096751][ T5907] [ 111.096751][ T5907] which lock already depends on the new lock. [ 111.096751][ T5907] [ 111.107162][ T5907] [ 111.107162][ T5907] the existing dependency chain (in reverse order) is: [ 111.116199][ T5907] [ 111.116199][ T5907] -> #3 (&q->rq_qos_mutex){+.+.}-{4:4}: [ 111.123955][ T5907] __mutex_lock+0x199/0xb90 [ 111.129004][ T5907] wbt_init+0x393/0x540 [ 111.133694][ T5907] queue_wb_lat_store+0x354/0x3d0 [ 111.139252][ T5907] queue_attr_store+0x276/0x320 [ 111.144640][ T5907] sysfs_kf_write+0xef/0x150 [ 111.149803][ T5907] kernfs_fop_write_iter+0x354/0x510 [ 111.155638][ T5907] vfs_write+0x6c7/0x1150 [ 111.160524][ T5907] ksys_write+0x12a/0x250 [ 111.165399][ T5907] do_syscall_64+0xcd/0x490 [ 111.170454][ T5907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.176886][ T5907] [ 111.176886][ T5907] -> #2 (&q->q_usage_counter(io)#58){++++}-{0:0}: [ 111.185532][ T5907] blk_alloc_queue+0x619/0x760 [ 111.190864][ T5907] blk_mq_alloc_queue+0x175/0x290 [ 111.196453][ T5907] __blk_mq_alloc_disk+0x29/0x120 [ 111.202040][ T5907] nbd_dev_add+0x4a0/0xbc0 [ 111.207012][ T5907] nbd_init+0x181/0x320 [ 111.211722][ T5907] do_one_initcall+0x120/0x6e0 [ 111.217038][ T5907] kernel_init_freeable+0x5c2/0x900 [ 111.222790][ T5907] kernel_init+0x1c/0x2b0 [ 111.227686][ T5907] ret_from_fork+0x5d7/0x6f0 [ 111.232828][ T5907] ret_from_fork_asm+0x1a/0x30 [ 111.238131][ T5907] [ 111.238131][ T5907] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 111.245379][ T5907] fs_reclaim_acquire+0x102/0x150 [ 111.250955][ T5907] __kmalloc_cache_node_noprof+0x53/0x420 [ 111.257275][ T5907] create_worker+0x10f/0x7e0 [ 111.262419][ T5907] workqueue_prepare_cpu+0xb5/0x160 [ 111.268164][ T5907] cpuhp_invoke_callback+0x3d2/0xa10 [ 111.274021][ T5907] __cpuhp_invoke_callback_range+0x101/0x210 [ 111.280563][ T5907] _cpu_up+0x3f5/0x930 [ 111.285180][ T5907] cpu_up+0x1dc/0x240 [ 111.289728][ T5907] cpuhp_bringup_mask+0xd8/0x210 [ 111.295220][ T5907] bringup_nonboot_cpus+0x176/0x1c0 [ 111.300967][ T5907] smp_init+0x34/0x160 [ 111.305571][ T5907] kernel_init_freeable+0x3a8/0x900 [ 111.311315][ T5907] kernel_init+0x1c/0x2b0 [ 111.316181][ T5907] ret_from_fork+0x5d7/0x6f0 [ 111.321312][ T5907] ret_from_fork_asm+0x1a/0x30 [ 111.326612][ T5907] [ 111.326612][ T5907] -> #0 (cpu_hotplug_lock){++++}-{0:0}: [ 111.334376][ T5907] __lock_acquire+0x126f/0x1c90 [ 111.339764][ T5907] lock_acquire+0x179/0x350 [ 111.344813][ T5907] cpus_read_lock+0x42/0x160 [ 111.349936][ T5907] static_key_slow_inc+0x12/0x30 [ 111.355418][ T5907] rq_qos_add+0x2f8/0x4b0 [ 111.360299][ T5907] wbt_init+0x3a9/0x540 [ 111.364998][ T5907] queue_wb_lat_store+0x354/0x3d0 [ 111.370559][ T5907] queue_attr_store+0x276/0x320 [ 111.375947][ T5907] sysfs_kf_write+0xef/0x150 [ 111.381075][ T5907] kernfs_fop_write_iter+0x354/0x510 [ 111.386914][ T5907] vfs_write+0x6c7/0x1150 [ 111.391785][ T5907] ksys_write+0x12a/0x250 [ 111.396657][ T5907] do_syscall_64+0xcd/0x490 [ 111.401704][ T5907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.408132][ T5907] [ 111.408132][ T5907] other info that might help us debug this: [ 111.408132][ T5907] [ 111.418365][ T5907] Chain exists of: [ 111.418365][ T5907] cpu_hotplug_lock --> &q->q_usage_counter(io)#58 --> &q->rq_qos_mutex [ 111.418365][ T5907] [ 111.432574][ T5907] Possible unsafe locking scenario: [ 111.432574][ T5907] [ 111.440029][ T5907] CPU0 CPU1 [ 111.445402][ T5907] ---- ---- [ 111.450769][ T5907] lock(&q->rq_qos_mutex); [ 111.455286][ T5907] lock(&q->q_usage_counter(io)#58); [ 111.463216][ T5907] lock(&q->rq_qos_mutex); [ 111.470271][ T5907] rlock(cpu_hotplug_lock); [ 111.474884][ T5907] [ 111.474884][ T5907] *** DEADLOCK *** [ 111.474884][ T5907] [ 111.483033][ T5907] 7 locks held by syz.0.1/5907: [ 111.487894][ T5907] #0: ffff888035155cf8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 111.496999][ T5907] #1: ffff88803682e428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 111.506016][ T5907] #2: ffff888035b77488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 111.515815][ T5907] #3: ffff888142fa8b48 (kn->active#60){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 111.525874][ T5907] #4: ffff8880267c9438 (&q->q_usage_counter(io)#58){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 111.537591][ T5907] #5: ffff8880267c9470 (&q->q_usage_counter(queue)#10){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 111.549577][ T5907] #6: ffff8880267c9638 (&q->rq_qos_mutex){+.+.}-{4:4}, at: wbt_init+0x393/0x540 [ 111.558773][ T5907] [ 111.558773][ T5907] stack backtrace: [ 111.564690][ T5907] CPU: 0 UID: 0 PID: 5907 Comm: syz.0.1 Not tainted 6.15.0-syzkaller-07774-g90b83efa6701 #0 PREEMPT(full) [ 111.564724][ T5907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.564741][ T5907] Call Trace: [ 111.564748][ T5907] [ 111.564758][ T5907] dump_stack_lvl+0x116/0x1f0 [ 111.564798][ T5907] print_circular_bug+0x275/0x350 [ 111.564829][ T5907] check_noncircular+0x14c/0x170 [ 111.564862][ T5907] __lock_acquire+0x126f/0x1c90 [ 111.564900][ T5907] lock_acquire+0x179/0x350 [ 111.564929][ T5907] ? static_key_slow_inc+0x12/0x30 [ 111.564964][ T5907] ? __pfx___might_resched+0x10/0x10 [ 111.564992][ T5907] cpus_read_lock+0x42/0x160 [ 111.565015][ T5907] ? static_key_slow_inc+0x12/0x30 [ 111.565048][ T5907] static_key_slow_inc+0x12/0x30 [ 111.565080][ T5907] rq_qos_add+0x2f8/0x4b0 [ 111.565120][ T5907] wbt_init+0x3a9/0x540 [ 111.565151][ T5907] queue_wb_lat_store+0x354/0x3d0 [ 111.565177][ T5907] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 111.565204][ T5907] ? __mutex_trylock_common+0xe9/0x250 [ 111.565237][ T5907] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 111.565261][ T5907] queue_attr_store+0x276/0x320 [ 111.565287][ T5907] ? __pfx_queue_attr_store+0x10/0x10 [ 111.565311][ T5907] ? __lock_acquire+0x622/0x1c90 [ 111.565348][ T5907] ? find_held_lock+0x2b/0x80 [ 111.565388][ T5907] ? sysfs_file_kobj+0xe4/0x290 [ 111.565415][ T5907] ? __pfx_queue_attr_store+0x10/0x10 [ 111.565440][ T5907] sysfs_kf_write+0xef/0x150 [ 111.565467][ T5907] kernfs_fop_write_iter+0x354/0x510 [ 111.565508][ T5907] ? __pfx_sysfs_kf_write+0x10/0x10 [ 111.565535][ T5907] vfs_write+0x6c7/0x1150 [ 111.565566][ T5907] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 111.565609][ T5907] ? __pfx___mutex_lock+0x10/0x10 [ 111.565650][ T5907] ? __pfx_vfs_write+0x10/0x10 [ 111.565691][ T5907] ksys_write+0x12a/0x250 [ 111.565721][ T5907] ? __pfx_ksys_write+0x10/0x10 [ 111.565756][ T5907] do_syscall_64+0xcd/0x490 [ 111.565793][ T5907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.565820][ T5907] RIP: 0033:0x7f054e98e969 [ 111.565845][ T5907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.565884][ T5907] RSP: 002b:00007f054f84e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.565907][ T5907] RAX: ffffffffffffffda RBX: 00007f054ebb5fa0 RCX: 00007f054e98e969 [ 111.565923][ T5907] RDX: 0000000000000801 RSI: 0000200000000240 RDI: 0000000000000003 [ 111.565939][ T5907] RBP: 00007f054ea10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 111.565954][ T5907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 111.565969][ T5907] R13: 0000000000000000 R14: 00007f054ebb5fa0 R15: 00007ffd30f8e498 [ 111.565993][ T5907] [ 111.862469][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.891971][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.773558][ T5845] Bluetooth: hci0: command tx timeout [ 112.778821][ T5846] Bluetooth: hci2: command tx timeout [ 112.778991][ T5845] Bluetooth: hci3: command tx timeout [ 112.784451][ T5848] Bluetooth: hci1: command tx timeout