Warning: Permanently added '10.128.1.43' (ED25519) to the list of known hosts. 2025/07/01 09:22:02 ignoring optional flag "sandboxArg"="0" 2025/07/01 09:22:03 parsed 1 programs [ 52.872828][ T4175] cgroup: Unknown subsys name 'net' [ 52.986446][ T4175] cgroup: Unknown subsys name 'rlimit' [ 54.206088][ T4175] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 56.074173][ T4202] chnl_net:caif_netlink_parms(): no params data found [ 56.118238][ T4202] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.125815][ T4202] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.133733][ T4202] device bridge_slave_0 entered promiscuous mode [ 56.142998][ T4202] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.150073][ T4202] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.158048][ T4202] device bridge_slave_1 entered promiscuous mode [ 56.181854][ T4202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.193138][ T4202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.221521][ T4202] team0: Port device team_slave_0 added [ 56.229130][ T4202] team0: Port device team_slave_1 added [ 56.252492][ T4202] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.259459][ T4202] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.285938][ T4202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.299171][ T4202] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.306210][ T4202] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.332276][ T4202] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.370332][ T4202] device hsr_slave_0 entered promiscuous mode [ 56.377204][ T4202] device hsr_slave_1 entered promiscuous mode [ 56.494722][ T4202] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.507379][ T4202] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.517413][ T4202] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.527065][ T4202] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.560993][ T4202] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.568240][ T4202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.576324][ T4202] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.583429][ T4202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.638461][ T4202] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.653398][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.665026][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.674308][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.683389][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.697791][ T4202] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.711403][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.720380][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.727548][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.746424][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.755955][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.763073][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.782835][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.801173][ T4202] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.812631][ T4202] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.827757][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.836752][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.845441][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.856710][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.870489][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.978910][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.988803][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.004214][ T4202] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.026470][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.049659][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.060158][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.068719][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.079253][ T4202] device veth0_vlan entered promiscuous mode [ 57.091571][ T4202] device veth1_vlan entered promiscuous mode [ 57.114113][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.123945][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.135111][ T4202] device veth0_macvtap entered promiscuous mode [ 57.146221][ T4202] device veth1_macvtap entered promiscuous mode [ 57.168835][ T4202] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.176890][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.185415][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.193733][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.202923][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.224048][ T4202] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.235753][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.245891][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.257306][ T4202] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.267439][ T4202] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.276477][ T4202] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.286510][ T4202] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.364651][ T4202] syz-executor (4202) used greatest stack depth: 21056 bytes left [ 57.594332][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.605914][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.618272][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.637571][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.645986][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.654951][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/07/01 09:22:11 executed programs: 0 [ 59.113531][ T4269] chnl_net:caif_netlink_parms(): no params data found [ 59.169627][ T4269] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.176868][ T4269] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.185021][ T4269] device bridge_slave_0 entered promiscuous mode [ 59.193480][ T4269] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.200602][ T4269] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.208779][ T4269] device bridge_slave_1 entered promiscuous mode [ 59.230571][ T4269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.252136][ T4269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.284117][ T4269] team0: Port device team_slave_0 added [ 59.292229][ T4269] team0: Port device team_slave_1 added [ 59.312188][ T4269] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.319147][ T4269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.345207][ T4269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.359926][ T4269] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.367095][ T4269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.395924][ T4269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.436446][ T4269] device hsr_slave_0 entered promiscuous mode [ 59.443355][ T4269] device hsr_slave_1 entered promiscuous mode [ 59.450114][ T4269] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.458370][ T4269] Cannot create hsr debugfs directory [ 59.543347][ T4269] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.002058][ T4282] Bluetooth: hci0: command 0x0409 tx timeout [ 62.177181][ T4269] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.233204][ T4269] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.307029][ T4269] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.425536][ T4269] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.434591][ T4269] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.445428][ T4269] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.454136][ T4269] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.507488][ T4269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.520239][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.529659][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.540273][ T4269] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.565076][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.573723][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.582537][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.589589][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.600034][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.612419][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.621019][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.630253][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.637356][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.662603][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.675781][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.686841][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.695593][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.711039][ T4269] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 62.722507][ T4269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.734331][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.742307][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.750978][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.759920][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.769019][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.777892][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.786330][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.794496][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.875061][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.883742][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.907602][ T4269] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.923442][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 62.932384][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.948314][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 62.957972][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.968450][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.976523][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.986204][ T4269] device veth0_vlan entered promiscuous mode [ 63.010401][ T4269] device veth1_vlan entered promiscuous mode [ 63.027649][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.035610][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.043750][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.052905][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.070970][ T4269] device veth0_macvtap entered promiscuous mode [ 63.082872][ T1108] Bluetooth: hci0: command 0x041b tx timeout [ 63.085788][ T4269] device veth1_macvtap entered promiscuous mode [ 63.110944][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.123001][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.134036][ T4269] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.141746][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.149828][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.158470][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.167877][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.181334][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.192014][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.204574][ T4269] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.213947][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.223123][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.236819][ T404] device hsr_slave_0 left promiscuous mode [ 63.244162][ T404] device hsr_slave_1 left promiscuous mode [ 63.250440][ T404] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.257911][ T404] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 63.265974][ T404] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 63.273678][ T404] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 63.281316][ T404] device bridge_slave_1 left promiscuous mode [ 63.288147][ T404] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.300361][ T404] device bridge_slave_0 left promiscuous mode [ 63.307519][ T404] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.324430][ T404] device veth1_macvtap left promiscuous mode [ 63.330609][ T404] device veth0_macvtap left promiscuous mode [ 63.336695][ T404] device veth1_vlan left promiscuous mode [ 63.343146][ T404] device veth0_vlan left promiscuous mode [ 63.471019][ T404] team0 (unregistering): Port device team_slave_1 removed [ 63.489730][ T404] team0 (unregistering): Port device team_slave_0 removed [ 63.502131][ T404] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 63.515708][ T404] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 63.563692][ T404] bond0 (unregistering): Released all slaves [ 63.606130][ T4269] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.614910][ T4269] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.623962][ T4269] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.633283][ T4269] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.698437][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.707065][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.723736][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 63.734780][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.743560][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.760939][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.219721][ T4294] loop0: detected capacity change from 0 to 65536 [ 64.387704][ T4294] XFS (loop0): Mounting V5 Filesystem [ 64.450328][ T4294] XFS (loop0): Ending clean mount [ 64.490636][ T4294] block device autoloading is deprecated and will be removed. [ 64.536765][ T4269] XFS (loop0): Unmounting Filesystem [ 64.742517][ T4269] [ 64.744876][ T4269] ====================================================== [ 64.751880][ T4269] WARNING: possible circular locking dependency detected [ 64.758890][ T4269] 5.15.186-syzkaller #0 Not tainted [ 64.764063][ T4269] ------------------------------------------------------ [ 64.771054][ T4269] syz-executor/4269 is trying to acquire lock: [ 64.777180][ T4269] ffff88807e3a1938 ((wq_completion)loop0){+.+.}-{0:0}, at: flush_workqueue+0x126/0x1380 [ 64.786909][ T4269] [ 64.786909][ T4269] but task is already holding lock: [ 64.794245][ T4269] ffff8881474f9468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 64.803004][ T4269] [ 64.803004][ T4269] which lock already depends on the new lock. [ 64.803004][ T4269] [ 64.813383][ T4269] [ 64.813383][ T4269] the existing dependency chain (in reverse order) is: [ 64.822376][ T4269] [ 64.822376][ T4269] -> #7 (&lo->lo_mutex){+.+.}-{3:3}: [ 64.829821][ T4269] __mutex_lock_common+0x1eb/0x2390 [ 64.835526][ T4269] mutex_lock_killable_nested+0x17/0x20 [ 64.841570][ T4269] lo_open+0x6a/0x100 [ 64.846053][ T4269] blkdev_get_whole+0x90/0x390 [ 64.851313][ T4269] blkdev_get_by_dev+0x2d0/0xa60 [ 64.856746][ T4269] blkdev_open+0x12d/0x2c0 [ 64.861660][ T4269] do_dentry_open+0x7ff/0xf80 [ 64.866835][ T4269] path_openat+0x2682/0x2f30 [ 64.871932][ T4269] do_filp_open+0x1b3/0x3e0 [ 64.876935][ T4269] do_sys_openat2+0x142/0x4a0 [ 64.882110][ T4269] __x64_sys_openat+0x135/0x160 [ 64.887460][ T4269] do_syscall_64+0x4c/0xa0 [ 64.892379][ T4269] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.898775][ T4269] [ 64.898775][ T4269] -> #6 (&disk->open_mutex){+.+.}-{3:3}: [ 64.906569][ T4269] __mutex_lock_common+0x1eb/0x2390 [ 64.912272][ T4269] mutex_lock_nested+0x17/0x20 [ 64.917534][ T4269] blkdev_get_by_dev+0x157/0xa60 [ 64.922971][ T4269] swsusp_check+0x9b/0x2a0 [ 64.927888][ T4269] software_resume+0xc6/0x3b0 [ 64.933064][ T4269] resume_store+0xe4/0x130 [ 64.937978][ T4269] kernfs_fop_write_iter+0x379/0x4c0 [ 64.943758][ T4269] vfs_write+0x712/0xd00 [ 64.949826][ T4269] ksys_write+0x14d/0x250 [ 64.954667][ T4269] do_syscall_64+0x4c/0xa0 [ 64.959592][ T4269] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.965992][ T4269] [ 64.965992][ T4269] -> #5 (system_transition_mutex/1){+.+.}-{3:3}: [ 64.974486][ T4269] __mutex_lock_common+0x1eb/0x2390 [ 64.980184][ T4269] mutex_lock_nested+0x17/0x20 [ 64.985446][ T4269] software_resume+0x7c/0x3b0 [ 64.990623][ T4269] resume_store+0xe4/0x130 [ 64.995537][ T4269] kernfs_fop_write_iter+0x379/0x4c0 [ 65.001328][ T4269] vfs_write+0x712/0xd00 [ 65.006083][ T4269] ksys_write+0x14d/0x250 [ 65.010926][ T4269] do_syscall_64+0x4c/0xa0 [ 65.015844][ T4269] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.022235][ T4269] [ 65.022235][ T4269] -> #4 (&of->mutex){+.+.}-{3:3}: [ 65.029422][ T4269] __mutex_lock_common+0x1eb/0x2390 [ 65.035125][ T4269] mutex_lock_nested+0x17/0x20 [ 65.040389][ T4269] kernfs_seq_start+0x51/0x3c0 [ 65.045652][ T4269] seq_read_iter+0x3c4/0xd50 [ 65.050739][ T4269] vfs_read+0x725/0xcf0 [ 65.055393][ T4269] ksys_read+0x14d/0x250 [ 65.060135][ T4269] do_syscall_64+0x4c/0xa0 [ 65.065060][ T4269] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.071468][ T4269] [ 65.071468][ T4269] -> #3 (&p->lock){+.+.}-{3:3}: [ 65.078489][ T4269] __mutex_lock_common+0x1eb/0x2390 [ 65.084192][ T4269] mutex_lock_nested+0x17/0x20 [ 65.089452][ T4269] seq_read_iter+0xad/0xd50 [ 65.094454][ T4269] generic_file_splice_read+0x3a2/0x590 [ 65.100498][ T4269] splice_direct_to_actor+0x413/0xb50 [ 65.106367][ T4269] do_splice_direct+0x1b9/0x2c0 [ 65.111721][ T4269] do_sendfile+0x5d5/0xec0 [ 65.116655][ T4269] __se_sys_sendfile64+0x13b/0x190 [ 65.122267][ T4269] do_syscall_64+0x4c/0xa0 [ 65.127187][ T4269] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.133580][ T4269] [ 65.133580][ T4269] -> #2 (sb_writers#3){.+.+}-{0:0}: [ 65.140950][ T4269] lo_write_bvec+0x193/0x770 [ 65.146045][ T4269] loop_process_work+0x1d62/0x2480 [ 65.151657][ T4269] process_one_work+0x863/0x1000 [ 65.157098][ T4269] worker_thread+0xaa8/0x12a0 [ 65.162275][ T4269] kthread+0x436/0x520 [ 65.166841][ T4269] ret_from_fork+0x1f/0x30 [ 65.171758][ T4269] [ 65.171758][ T4269] -> #1 ((work_completion)(&lo->rootcg_work)){+.+.}-{0:0}: [ 65.181114][ T4269] process_one_work+0x7bf/0x1000 [ 65.186555][ T4269] worker_thread+0xaa8/0x12a0 [ 65.191733][ T4269] kthread+0x436/0x520 [ 65.196300][ T4269] ret_from_fork+0x1f/0x30 [ 65.201213][ T4269] [ 65.201213][ T4269] -> #0 ((wq_completion)loop0){+.+.}-{0:0}: [ 65.209274][ T4269] __lock_acquire+0x2c33/0x7c60 [ 65.214637][ T4269] lock_acquire+0x197/0x3f0 [ 65.219639][ T4269] flush_workqueue+0x142/0x1380 [ 65.224987][ T4269] drain_workqueue+0xcf/0x380 [ 65.230162][ T4269] destroy_workqueue+0x7b/0xb20 [ 65.235510][ T4269] __loop_clr_fd+0x234/0xb90 [ 65.240603][ T4269] blkdev_put+0x53f/0x7d0 [ 65.245433][ T4269] deactivate_locked_super+0x93/0xf0 [ 65.251219][ T4269] cleanup_mnt+0x418/0x4d0 [ 65.256142][ T4269] task_work_run+0x125/0x1a0 [ 65.261234][ T4269] exit_to_user_mode_loop+0x10f/0x130 [ 65.267109][ T4269] exit_to_user_mode_prepare+0xb1/0x140 [ 65.273154][ T4269] syscall_exit_to_user_mode+0x16/0x40 [ 65.279117][ T4269] do_syscall_64+0x58/0xa0 [ 65.284032][ T4269] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.290425][ T4269] [ 65.290425][ T4269] other info that might help us debug this: [ 65.290425][ T4269] [ 65.300629][ T4269] Chain exists of: [ 65.300629][ T4269] (wq_completion)loop0 --> &disk->open_mutex --> &lo->lo_mutex [ 65.300629][ T4269] [ 65.314068][ T4269] Possible unsafe locking scenario: [ 65.314068][ T4269] [ 65.321493][ T4269] CPU0 CPU1 [ 65.326835][ T4269] ---- ---- [ 65.332173][ T4269] lock(&lo->lo_mutex); [ 65.336393][ T4269] lock(&disk->open_mutex); [ 65.343475][ T4269] lock(&lo->lo_mutex); [ 65.350211][ T4269] lock((wq_completion)loop0); [ 65.355041][ T4269] [ 65.355041][ T4269] *** DEADLOCK *** [ 65.355041][ T4269] [ 65.363158][ T4269] 2 locks held by syz-executor/4269: [ 65.368418][ T4269] #0: ffff88801ff60518 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0 [ 65.377703][ T4269] #1: ffff8881474f9468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 65.386904][ T4269] [ 65.386904][ T4269] stack backtrace: [ 65.392790][ T4269] CPU: 1 PID: 4269 Comm: syz-executor Not tainted 5.15.186-syzkaller #0 [ 65.401094][ T4269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 65.411138][ T4269] Call Trace: [ 65.414402][ T4269] [ 65.417313][ T4269] dump_stack_lvl+0x168/0x230 [ 65.421972][ T4269] ? load_image+0x3b0/0x3b0 [ 65.426457][ T4269] ? show_regs_print_info+0x20/0x20 [ 65.431634][ T4269] ? print_circular_bug+0x12b/0x1a0 [ 65.436812][ T4269] check_noncircular+0x274/0x310 [ 65.441735][ T4269] ? add_chain_block+0x940/0x940 [ 65.446649][ T4269] ? lockdep_lock+0xdc/0x1e0 [ 65.451219][ T4269] ? lockdep_unlock+0x134/0x2d0 [ 65.456055][ T4269] ? lockdep_lock+0x1e0/0x1e0 [ 65.460709][ T4269] ? mark_lock+0x94/0x320 [ 65.465015][ T4269] ? _find_first_zero_bit+0xce/0xf0 [ 65.470192][ T4269] __lock_acquire+0x2c33/0x7c60 [ 65.475030][ T4269] ? verify_lock_unused+0x140/0x140 [ 65.480209][ T4269] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 65.486169][ T4269] ? verify_lock_unused+0x140/0x140 [ 65.491349][ T4269] ? memset+0x1e/0x40 [ 65.495310][ T4269] lock_acquire+0x197/0x3f0 [ 65.499794][ T4269] ? flush_workqueue+0x126/0x1380 [ 65.504805][ T4269] ? __mutex_trylock_common+0x14f/0x250 [ 65.510332][ T4269] ? read_lock_is_recursive+0x10/0x10 [ 65.515686][ T4269] ? __init_swait_queue_head+0xa5/0x150 [ 65.521213][ T4269] flush_workqueue+0x142/0x1380 [ 65.526046][ T4269] ? flush_workqueue+0x126/0x1380 [ 65.531053][ T4269] ? __lock_acquire+0x7c60/0x7c60 [ 65.536057][ T4269] ? lock_chain_count+0x20/0x20 [ 65.540891][ T4269] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 65.546246][ T4269] ? lockdep_hardirqs_off+0x70/0x100 [ 65.551517][ T4269] ? rcu_work_rcufn+0x110/0x110 [ 65.556349][ T4269] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 65.561965][ T4269] ? finish_wait+0xc0/0x1d0 [ 65.566454][ T4269] drain_workqueue+0xcf/0x380 [ 65.571113][ T4269] destroy_workqueue+0x7b/0xb20 [ 65.575947][ T4269] __loop_clr_fd+0x234/0xb90 [ 65.580525][ T4269] ? lo_release+0x172/0x1f0 [ 65.585012][ T4269] ? lo_open+0x100/0x100 [ 65.589235][ T4269] blkdev_put+0x53f/0x7d0 [ 65.593546][ T4269] deactivate_locked_super+0x93/0xf0 [ 65.598817][ T4269] cleanup_mnt+0x418/0x4d0 [ 65.603221][ T4269] ? lockdep_hardirqs_on+0x94/0x140 [ 65.608411][ T4269] task_work_run+0x125/0x1a0 [ 65.612991][ T4269] exit_to_user_mode_loop+0x10f/0x130 [ 65.618346][ T4269] exit_to_user_mode_prepare+0xb1/0x140 [ 65.623876][ T4269] syscall_exit_to_user_mode+0x16/0x40 [ 65.629321][ T4269] do_syscall_64+0x58/0xa0 [ 65.633720][ T4269] ? clear_bhb_loop+0x30/0x80 [ 65.638379][ T4269] ? clear_bhb_loop+0x30/0x80 [ 65.643036][ T4269] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.648919][ T4269] RIP: 0033:0x7feaf4b9dc57 [ 65.653316][ T4269] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 65.672903][ T4269] RSP: 002b:00007ffcb90034b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 65.681302][ T4269] RAX: 0000000000000000 RBX: 00007feaf4c1e925 RCX: 00007feaf4b9dc57 [ 65.689252][ T4269] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcb9003570 [ 65.697200][ T4269] RBP: 00007ffcb9003570 R08: 0000000000000000 R09: 0000000000000000 [ 65.705150][ T4269] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb9004600 [ 65.713102][ T4269] R13: 00007feaf4c1e925 R14: 000000000000fbac R15: 00007ffcb9004640 [ 65.721058][ T4269] [ 65.726258][ T4221] Bluetooth: hci0: command 0x040f tx timeout