Warning: Permanently added '[localhost]:23243' (ED25519) to the list of known hosts. [ 50.603203][ T40] audit: type=1400 audit(1765052805.078:62): avc: denied { execute } for pid=5923 comm="sh" name="syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 50.612131][ T40] audit: type=1400 audit(1765052805.078:63): avc: denied { execute_no_trans } for pid=5923 comm="sh" path="/syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 2025/12/06 20:26:46 parsed 1 programs [ 51.853767][ T40] audit: type=1400 audit(1765052806.328:64): avc: denied { node_bind } for pid=5923 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 54.305763][ T40] audit: type=1400 audit(1765052808.778:65): avc: denied { mounton } for pid=5936 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 54.316985][ T40] audit: type=1400 audit(1765052808.788:66): avc: denied { mount } for pid=5936 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 54.319127][ T5936] cgroup: Unknown subsys name 'net' [ 54.329202][ T40] audit: type=1400 audit(1765052808.808:67): avc: denied { unmount } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 54.474113][ T5936] cgroup: Unknown subsys name 'cpuset' [ 54.478855][ T5936] cgroup: Unknown subsys name 'rlimit' [ 54.654130][ T40] audit: type=1400 audit(1765052809.128:68): avc: denied { setattr } for pid=5936 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 54.664043][ T40] audit: type=1400 audit(1765052809.128:69): avc: denied { create } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 54.672298][ T40] audit: type=1400 audit(1765052809.128:70): avc: denied { write } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 54.688057][ T40] audit: type=1400 audit(1765052809.128:71): avc: denied { read } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 54.701901][ T5940] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 55.416190][ T5936] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 57.113151][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 57.113163][ T40] audit: type=1400 audit(1765052811.588:82): avc: denied { execmem } for pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 57.121480][ T40] audit: type=1400 audit(1765052811.588:83): avc: denied { read } for pid=5946 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.128307][ T40] audit: type=1400 audit(1765052811.588:84): avc: denied { open } for pid=5946 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.135630][ T40] audit: type=1400 audit(1765052811.588:85): avc: denied { mounton } for pid=5946 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 57.192526][ T40] audit: type=1400 audit(1765052811.668:86): avc: denied { mount } for pid=5946 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 57.202312][ T40] audit: type=1400 audit(1765052811.668:87): avc: denied { mounton } for pid=5946 comm="syz-executor" path="/syzkaller.jB8ues/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 57.210475][ T40] audit: type=1400 audit(1765052811.668:88): avc: denied { mount } for pid=5946 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 57.218125][ T40] audit: type=1400 audit(1765052811.678:89): avc: denied { mounton } for pid=5946 comm="syz-executor" path="/syzkaller.jB8ues/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 57.227211][ T40] audit: type=1400 audit(1765052811.678:90): avc: denied { mounton } for pid=5946 comm="syz-executor" path="/syzkaller.jB8ues/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=5981 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 57.238100][ T40] audit: type=1400 audit(1765052811.678:91): avc: denied { unmount } for pid=5946 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 57.250036][ T5946] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 57.474518][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.477489][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.500692][ T91] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.503197][ T91] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.353170][ T5973] chnl_net:caif_netlink_parms(): no params data found [ 58.422705][ T5973] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.425358][ T5973] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.427563][ T5973] bridge_slave_0: entered allmulticast mode [ 58.431938][ T5973] bridge_slave_0: entered promiscuous mode [ 58.438380][ T5973] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.441293][ T5973] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.443624][ T5973] bridge_slave_1: entered allmulticast mode [ 58.446570][ T5973] bridge_slave_1: entered promiscuous mode [ 58.472203][ T5973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.478581][ T5973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.501324][ T5973] team0: Port device team_slave_0 added [ 58.513787][ T5973] team0: Port device team_slave_1 added [ 58.532588][ T5973] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.535409][ T5973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 58.545320][ T5973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.550135][ T5973] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.552251][ T5973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 58.560559][ T5973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.591762][ T5973] hsr_slave_0: entered promiscuous mode [ 58.594235][ T5973] hsr_slave_1: entered promiscuous mode [ 58.700675][ T5973] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.708083][ T5973] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.712366][ T5973] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.716778][ T5973] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.760227][ T5973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.770129][ T5973] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.775868][ T4060] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.779065][ T4060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.788823][ T4144] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.791433][ T4144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.918226][ T5973] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.942372][ T5973] veth0_vlan: entered promiscuous mode [ 58.947083][ T5973] veth1_vlan: entered promiscuous mode [ 58.963401][ T5973] veth0_macvtap: entered promiscuous mode [ 58.966995][ T5973] veth1_macvtap: entered promiscuous mode [ 58.976743][ T5973] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.984100][ T5973] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.991575][ T1144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.995366][ T1144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.001936][ T1144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.005563][ T1144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.090757][ T4144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.188648][ T4144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.232565][ T6001] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.236704][ T6001] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.242229][ T6001] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.248423][ T6001] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.252229][ T4144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.252396][ T6001] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.372663][ T4144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/12/06 20:26:54 executed programs: 0 [ 60.457074][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.461150][ T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.464573][ T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.469053][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.472064][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.580590][ T6042] chnl_net:caif_netlink_parms(): no params data found [ 60.659460][ T6042] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.662566][ T6042] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.665544][ T6042] bridge_slave_0: entered allmulticast mode [ 60.669629][ T6042] bridge_slave_0: entered promiscuous mode [ 60.675372][ T6042] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.678484][ T6042] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.681661][ T6042] bridge_slave_1: entered allmulticast mode [ 60.685523][ T6042] bridge_slave_1: entered promiscuous mode [ 60.713431][ T6042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.720103][ T6042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.747293][ T6042] team0: Port device team_slave_0 added [ 60.753883][ T6042] team0: Port device team_slave_1 added [ 60.778091][ T6042] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.780850][ T6042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.791259][ T6042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.797302][ T6042] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.800246][ T6042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.810576][ T6042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.851657][ T6042] hsr_slave_0: entered promiscuous mode [ 60.854850][ T6042] hsr_slave_1: entered promiscuous mode [ 60.857723][ T6042] debugfs: 'hsr0' already exists in 'hsr' [ 60.860632][ T6042] Cannot create hsr debugfs directory [ 62.417465][ T4144] bridge_slave_1: left allmulticast mode [ 62.419543][ T4144] bridge_slave_1: left promiscuous mode [ 62.422133][ T4144] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.426786][ T4144] bridge_slave_0: left allmulticast mode [ 62.429270][ T4144] bridge_slave_0: left promiscuous mode [ 62.431088][ T4144] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.508629][ T65] Bluetooth: hci0: command tx timeout [ 62.656270][ T4144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 62.660616][ T4144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 62.664080][ T4144] bond0 (unregistering): Released all slaves [ 62.723366][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 62.723379][ T40] audit: type=1400 audit(1765052817.198:112): avc: denied { create } for pid=6051 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 62.732358][ T40] audit: type=1400 audit(1765052817.198:113): avc: denied { write } for pid=6051 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth2.link" dev="tmpfs" ino=2087 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 62.741119][ T40] audit: type=1400 audit(1765052817.198:114): avc: denied { append } for pid=6051 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" dev="tmpfs" ino=2087 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 62.784364][ T40] audit: type=1400 audit(1765052817.258:115): avc: denied { unlink } for pid=6054 comm="rm" name="resolv.conf.eth2.link" dev="tmpfs" ino=2087 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 62.811004][ T4144] hsr_slave_0: left promiscuous mode [ 62.819378][ T4144] hsr_slave_1: left promiscuous mode [ 62.822260][ T4144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 62.825360][ T4144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 62.829819][ T4144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 62.832930][ T4144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 62.846635][ T4144] veth1_macvtap: left promiscuous mode [ 62.849276][ T4144] veth0_macvtap: left promiscuous mode [ 62.852175][ T4144] veth1_vlan: left promiscuous mode [ 62.854575][ T4144] veth0_vlan: left promiscuous mode [ 63.110002][ T4144] team0 (unregistering): Port device team_slave_1 removed [ 63.127714][ T4144] team0 (unregistering): Port device team_slave_0 removed [ 63.549673][ T6042] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.556213][ T6042] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.563219][ T6042] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.571308][ T6042] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.629675][ T6042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.644511][ T6042] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.656328][ T91] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.658664][ T91] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.666108][ T4060] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.668420][ T4060] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.934505][ T6042] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.964011][ T6042] veth0_vlan: entered promiscuous mode [ 63.969230][ T6042] veth1_vlan: entered promiscuous mode [ 63.986543][ T6042] veth0_macvtap: entered promiscuous mode [ 63.992121][ T6042] veth1_macvtap: entered promiscuous mode [ 64.000295][ T6042] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.008297][ T6042] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.015540][ T5079] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.019568][ T4060] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.024854][ T4060] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.030089][ T4060] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.115073][ T5079] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.118864][ T5079] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.161517][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.164559][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.429569][ T6079] [ 64.430692][ T6079] ====================================================== [ 64.433125][ T6079] WARNING: possible circular locking dependency detected [ 64.435318][ T6079] syzkaller #0 Not tainted [ 64.437136][ T6079] ------------------------------------------------------ [ 64.439942][ T6079] syz.0.17/6079 is trying to acquire lock: [ 64.442635][ T6079] ffffffff8e53b568 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb5a/0x1470 [ 64.446490][ T6079] [ 64.446490][ T6079] but task is already holding lock: [ 64.449471][ T6079] ffff8880278dc318 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: blk_mq_update_nr_hw_queues+0x8ad/0x1280 [ 64.453958][ T6079] [ 64.453958][ T6079] which lock already depends on the new lock. [ 64.453958][ T6079] [ 64.458123][ T6079] [ 64.458123][ T6079] the existing dependency chain (in reverse order) is: [ 64.461740][ T6079] [ 64.461740][ T6079] -> #2 (&q->q_usage_counter(io)#49){++++}-{0:0}: [ 64.465260][ T6079] blk_alloc_queue+0x610/0x750 [ 64.467493][ T6079] blk_mq_alloc_queue+0x172/0x280 [ 64.469818][ T6079] __blk_mq_alloc_disk+0x29/0x120 [ 64.472089][ T6079] nbd_dev_add+0x492/0xbb0 [ 64.474174][ T6079] nbd_init+0x181/0x320 [ 64.476116][ T6079] do_one_initcall+0x123/0x680 [ 64.478331][ T6079] kernel_init_freeable+0x5c8/0x920 [ 64.480697][ T6079] kernel_init+0x1c/0x2b0 [ 64.482789][ T6079] ret_from_fork+0x983/0xb10 [ 64.484965][ T6079] ret_from_fork_asm+0x1a/0x30 [ 64.487337][ T6079] [ 64.487337][ T6079] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 64.490299][ T6079] fs_reclaim_acquire+0x102/0x150 [ 64.492583][ T6079] prepare_alloc_pages+0x162/0x670 [ 64.494914][ T6079] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 64.497583][ T6079] __alloc_pages_noprof+0xa/0x30 [ 64.499887][ T6079] pcpu_populate_chunk+0x110/0xb10 [ 64.502167][ T6079] pcpu_alloc_noprof+0x86b/0x1470 [ 64.504392][ T6079] iommu_dma_init_fq+0x202/0x8a0 [ 64.506611][ T6079] iommu_setup_dma_ops+0x1336/0x1700 [ 64.508956][ T6079] iommu_device_register+0x3e3/0x7d0 [ 64.511292][ T6079] intel_iommu_init+0x25e7/0x3780 [ 64.513622][ T6079] pci_iommu_init+0x31/0x90 [ 64.515663][ T6079] do_one_initcall+0x123/0x680 [ 64.517832][ T6079] kernel_init_freeable+0x5c8/0x920 [ 64.520120][ T6079] kernel_init+0x1c/0x2b0 [ 64.522141][ T6079] ret_from_fork+0x983/0xb10 [ 64.524251][ T6079] ret_from_fork_asm+0x1a/0x30 [ 64.526466][ T6079] [ 64.526466][ T6079] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 64.529701][ T6079] __lock_acquire+0x1542/0x22f0 [ 64.531886][ T6079] lock_acquire+0x179/0x330 [ 64.533996][ T6079] __mutex_lock+0x1aa/0x1b10 [ 64.536073][ T6079] pcpu_alloc_noprof+0xb5a/0x1470 [ 64.538379][ T6079] sbitmap_init_node+0x2ff/0x770 [ 64.540971][ T6079] sbitmap_queue_init_node+0x40/0x4a0 [ 64.543485][ T6079] blk_mq_init_tags+0x17f/0x320 [ 64.545754][ T6079] blk_mq_alloc_map_and_rqs+0x222/0xeb0 [ 64.548331][ T6079] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 64.551059][ T6079] blk_mq_update_nr_hw_queues+0xad5/0x1280 [ 64.553685][ T6079] nbd_start_device+0x1b0/0xd70 [ 64.555884][ T6079] nbd_ioctl+0x219/0xda0 [ 64.558136][ T6079] blkdev_ioctl+0x5b0/0x6e0 [ 64.560187][ T6079] __x64_sys_ioctl+0x18e/0x210 [ 64.562397][ T6079] do_syscall_64+0xcd/0xf80 [ 64.564510][ T6079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.567221][ T6079] [ 64.567221][ T6079] other info that might help us debug this: [ 64.567221][ T6079] [ 64.571406][ T6079] Chain exists of: [ 64.571406][ T6079] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#49 [ 64.571406][ T6079] [ 64.576851][ T6079] Possible unsafe locking scenario: [ 64.576851][ T6079] [ 64.579892][ T6079] CPU0 CPU1 [ 64.582043][ T6079] ---- ---- [ 64.584209][ T6079] lock(&q->q_usage_counter(io)#49); [ 64.586352][ T6079] lock(fs_reclaim); [ 64.588885][ T6079] lock(&q->q_usage_counter(io)#49); [ 64.591957][ T6079] lock(pcpu_alloc_mutex); [ 64.593796][ T6079] [ 64.593796][ T6079] *** DEADLOCK *** [ 64.593796][ T6079] [ 64.596988][ T6079] 4 locks held by syz.0.17/6079: [ 64.598968][ T6079] #0: ffff888027a739d0 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x91/0x1280 [ 64.603471][ T6079] #1: ffff888027a738d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa4/0x1280 [ 64.607723][ T6079] #2: ffff8880278dc318 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: blk_mq_update_nr_hw_queues+0x8ad/0x1280 [ 64.612287][ T6079] #3: ffff8880278dc350 (&q->q_usage_counter(queue)#33){+.+.}-{0:0}, at: blk_mq_update_nr_hw_queues+0x8ad/0x1280 [ 64.616888][ T6079] [ 64.616888][ T6079] stack backtrace: [ 64.618085][ T65] Bluetooth: hci0: command tx timeout [ 64.619288][ T6079] CPU: 3 UID: 0 PID: 6079 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 64.619309][ T6079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 64.619321][ T6079] Call Trace: [ 64.619327][ T6079] [ 64.619334][ T6079] dump_stack_lvl+0x116/0x1f0 [ 64.619359][ T6079] print_circular_bug+0x2db/0x410 [ 64.619384][ T6079] check_noncircular+0x146/0x160 [ 64.619410][ T6079] __lock_acquire+0x1542/0x22f0 [ 64.619438][ T6079] lock_acquire+0x179/0x330 [ 64.619461][ T6079] ? pcpu_alloc_noprof+0xb5a/0x1470 [ 64.619483][ T6079] ? __pfx___might_resched+0x10/0x10 [ 64.619504][ T6079] ? find_held_lock+0x2b/0x80 [ 64.619524][ T6079] __mutex_lock+0x1aa/0x1b10 [ 64.619547][ T6079] ? pcpu_alloc_noprof+0xb5a/0x1470 [ 64.619567][ T6079] ? lockdep_hardirqs_on+0x7c/0x110 [ 64.619588][ T6079] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 64.619608][ T6079] ? pcpu_alloc_noprof+0xb5a/0x1470 [ 64.619630][ T6079] ? __pfx___mutex_lock+0x10/0x10 [ 64.619652][ T6079] ? kasan_save_stack+0x42/0x60 [ 64.619667][ T6079] ? kasan_save_stack+0x33/0x60 [ 64.619682][ T6079] ? kasan_save_track+0x14/0x30 [ 64.619698][ T6079] ? __kasan_kmalloc+0xaa/0xb0 [ 64.619714][ T6079] ? blk_mq_init_tags+0x87/0x320 [ 64.619740][ T6079] ? blk_mq_alloc_map_and_rqs+0x222/0xeb0 [ 64.619762][ T6079] ? __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 64.619787][ T6079] ? nbd_ioctl+0x219/0xda0 [ 64.619810][ T6079] ? blkdev_ioctl+0x5b0/0x6e0 [ 64.619835][ T6079] ? pcpu_alloc_noprof+0xb5a/0x1470 [ 64.619854][ T6079] pcpu_alloc_noprof+0xb5a/0x1470 [ 64.619881][ T6079] sbitmap_init_node+0x2ff/0x770 [ 64.619914][ T6079] sbitmap_queue_init_node+0x40/0x4a0 [ 64.619940][ T6079] blk_mq_init_tags+0x17f/0x320 [ 64.619967][ T6079] blk_mq_alloc_map_and_rqs+0x222/0xeb0 [ 64.619991][ T6079] ? kfree+0x2f8/0x6e0 [ 64.620015][ T6079] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 64.620040][ T6079] blk_mq_update_nr_hw_queues+0xad5/0x1280 [ 64.620068][ T6079] ? __pfx_blk_mq_update_nr_hw_queues+0x10/0x10 [ 64.620098][ T6079] nbd_start_device+0x1b0/0xd70 [ 64.620125][ T6079] ? bpf_lsm_capable+0x9/0x10 [ 64.620151][ T6079] nbd_ioctl+0x219/0xda0 [ 64.620174][ T6079] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 64.620193][ T6079] ? __pfx_nbd_ioctl+0x10/0x10 [ 64.620215][ T6079] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 64.620240][ T6079] ? __pfx_nbd_ioctl+0x10/0x10 [ 64.620263][ T6079] blkdev_ioctl+0x5b0/0x6e0 [ 64.620285][ T6079] ? __pfx_blkdev_ioctl+0x10/0x10 [ 64.620307][ T6079] ? selinux_file_ioctl+0x180/0x270 [ 64.620323][ T6079] ? selinux_file_ioctl+0xb4/0x270 [ 64.620341][ T6079] ? __pfx_blkdev_ioctl+0x10/0x10 [ 64.620363][ T6079] __x64_sys_ioctl+0x18e/0x210 [ 64.620382][ T6079] do_syscall_64+0xcd/0xf80 [ 64.620405][ T6079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.620424][ T6079] RIP: 0033:0x7f2ccd38f7c9 [ 64.620438][ T6079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.620454][ T6079] RSP: 002b:00007ffc01c968a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.620472][ T6079] RAX: ffffffffffffffda RBX: 00007f2ccd5e5fa0 RCX: 00007f2ccd38f7c9 [ 64.620483][ T6079] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 64.620494][ T6079] RBP: 00007f2ccd413f91 R08: 0000000000000000 R09: 0000000000000000 [ 64.620504][ T6079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 64.620515][ T6079] R13: 00007f2ccd5e5fa0 R14: 00007f2ccd5e5fa0 R15: 0000000000000002 [ 64.620532][ T6079] [ 66.828636][ T5294] Bluetooth: hci0: command tx timeout [ 67.189766][ T6079] block nbd0: shutting down sockets SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 67.897994][ T4144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.972329][ T4144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.092742][ T4144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.162744][ T4144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.242147][ T4144] bridge_slave_1: left allmulticast mode [ 68.244534][ T4144] bridge_slave_1: left promiscuous mode [ 68.246968][ T4144] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.251398][ T4144] bridge_slave_0: left allmulticast mode [ 68.253808][ T4144] bridge_slave_0: left promiscuous mode [ 68.255994][ T4144] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.361358][ T4144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 68.366029][ T4144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 68.370621][ T4144] bond0 (unregistering): Released all slaves [ 68.655150][ T4144] hsr_slave_0: left promiscuous mode [ 68.657651][ T4144] hsr_slave_1: left promiscuous mode [ 68.660712][ T4144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 68.663675][ T4144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 68.666865][ T4144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 68.671727][ T4144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 68.676961][ T4144] veth1_macvtap: left promiscuous mode [ 68.679268][ T4144] veth0_macvtap: left promiscuous mode [ 68.681508][ T4144] veth1_vlan: left promiscuous mode [ 68.683617][ T4144] veth0_vlan: left promiscuous mode [ 68.793514][ T4144] team0 (unregistering): Port device team_slave_1 removed [ 68.805037][ T4144] team0 (unregistering): Port device team_slave_0 removed