last executing test programs: 1.017251984s ago: executing program 1 (id=2): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0xa, 0x0, 0x7fffffff}]}) r1 = socket$unix(0x1, 0x5, 0x0) r2 = dup2(r1, r0) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) bind$inet(r3, &(0x7f0000e15000)={0x2, 0x4e20, @multicast1}, 0x10) listen(r3, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) bind$inet(r4, &(0x7f0000e15000)={0x2, 0x4e20, @multicast1}, 0x10) listen(r4, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 853.3857ms ago: executing program 1 (id=6): r0 = socket(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x1000000}, 0x1c) 696.004031ms ago: executing program 3 (id=4): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000700)={'veth1_to_hsr\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x11, 0x5, r1, 0x1, 0x6, 0x6, @broadcast}, 0x14) 504.475173ms ago: executing program 1 (id=7): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x1, 0x8, 0x8}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x19, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000005000000000000001000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000400)={r3}, 0xc) 504.257172ms ago: executing program 2 (id=3): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000880)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r2, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef289a63"], 0xffdd) write$cgroup_devices(r1, &(0x7f0000000840)=ANY=[], 0xffdd) 404.689536ms ago: executing program 3 (id=8): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000000)=0x2, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000040)=0x9d5, 0x4) socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="0000aaaaaaaa0000080e000086dd690000ff001406fffe800000000000000000000bfe8000"], 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffe84}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x9f69a7a086f70ae8, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 325.694872ms ago: executing program 1 (id=9): r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_int(r0, 0x1, 0x26, 0x0, &(0x7f0000000080)) 272.397165ms ago: executing program 3 (id=10): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x40) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) 206.922367ms ago: executing program 1 (id=11): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x401, 0x4) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x31e5}, 0x1c) listen(r0, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000100)=0x401, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x31e5}, 0x1c) listen(r1, 0x1) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 81.059922ms ago: executing program 1 (id=12): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x195d, 0xec4d2770249a3ef5) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82803, 0x8e) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1d, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5d69098c8b534464c516bdd8a0f350000e35abdb80e38f5eb010001", "32d8cc263d9e234b30c50997d3bef4cd4a5d83cdd3dfe7800b2d7b6aa54cc5001fcaed1e831fa79a0000000200", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x8, 0x5]}}) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x4fb) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 271.805µs ago: executing program 3 (id=13): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 0s ago: executing program 4 (id=5): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800900, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="7b87f20f", @ANYBLOB="01", @ANYRESOCT=0x0], &(0x7f0000000340)='syzkaller\x00', 0x597, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.217' (ED25519) to the list of known hosts. [ 75.994928][ T5610] cgroup: Unknown subsys name 'net' [ 76.111312][ T5610] cgroup: Unknown subsys name 'cpuset' [ 76.121081][ T5610] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.625887][ T5610] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.209342][ T5626] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.219850][ T5633] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.229056][ T5633] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.236768][ T5633] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.245153][ T5633] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 81.253442][ T5635] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.262120][ T5635] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.269560][ T5635] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 81.272614][ T5636] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.278218][ T5635] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.293823][ T5635] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 81.301055][ T5637] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.301475][ T5638] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.312992][ T5635] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.320486][ T5638] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.330756][ T5638] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.332109][ T5635] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 81.341553][ T5638] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.345451][ T5637] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.353718][ T5638] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.367777][ T5635] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.375414][ T5635] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 81.383353][ T5637] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.392304][ T5635] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.400877][ T5635] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.216321][ T5640] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.223544][ T5640] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.231703][ T5640] bridge_slave_0: entered allmulticast mode [ 82.239743][ T5640] bridge_slave_0: entered promiscuous mode [ 82.288868][ T5640] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.307778][ T5640] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.315300][ T5640] bridge_slave_1: entered allmulticast mode [ 82.322423][ T5640] bridge_slave_1: entered promiscuous mode [ 82.474897][ T5642] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.482331][ T5642] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.490005][ T5642] bridge_slave_0: entered allmulticast mode [ 82.497497][ T5642] bridge_slave_0: entered promiscuous mode [ 82.509555][ T5640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.540331][ T5642] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.547553][ T5642] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.554718][ T5642] bridge_slave_1: entered allmulticast mode [ 82.562352][ T5642] bridge_slave_1: entered promiscuous mode [ 82.571707][ T5640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.684083][ T5644] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.691452][ T5644] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.698697][ T5644] bridge_slave_0: entered allmulticast mode [ 82.705912][ T5644] bridge_slave_0: entered promiscuous mode [ 82.718900][ T5639] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.726004][ T5639] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.733433][ T5639] bridge_slave_0: entered allmulticast mode [ 82.740707][ T5639] bridge_slave_0: entered promiscuous mode [ 82.751150][ T5642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.762383][ T5640] team0: Port device team_slave_0 added [ 82.768638][ T5644] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.775794][ T5644] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.783842][ T5644] bridge_slave_1: entered allmulticast mode [ 82.790912][ T5644] bridge_slave_1: entered promiscuous mode [ 82.803148][ T5639] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.810399][ T5639] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.818027][ T5639] bridge_slave_1: entered allmulticast mode [ 82.825202][ T5639] bridge_slave_1: entered promiscuous mode [ 82.834109][ T5642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.844932][ T5640] team0: Port device team_slave_1 added [ 82.951620][ T5644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.961358][ T5643] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.968819][ T5643] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.975958][ T5643] bridge_slave_0: entered allmulticast mode [ 82.983491][ T5643] bridge_slave_0: entered promiscuous mode [ 82.993294][ T5639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.004733][ T5642] team0: Port device team_slave_0 added [ 83.011912][ T5640] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.019097][ T5640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.045257][ T5640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.059324][ T5644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.068670][ T5643] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.075874][ T5643] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.083110][ T5643] bridge_slave_1: entered allmulticast mode [ 83.091969][ T5643] bridge_slave_1: entered promiscuous mode [ 83.101739][ T5639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.112637][ T5642] team0: Port device team_slave_1 added [ 83.119178][ T5640] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.126145][ T5640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.152283][ T5640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.253287][ T5642] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.260287][ T5642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.286279][ T5642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.299885][ T5644] team0: Port device team_slave_0 added [ 83.309013][ T5643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.320262][ T5639] team0: Port device team_slave_0 added [ 83.336259][ T5642] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.343510][ T5642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.369607][ T5642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.392074][ T5644] team0: Port device team_slave_1 added [ 83.410133][ T5643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.421251][ T5639] team0: Port device team_slave_1 added [ 83.473756][ T5640] hsr_slave_0: entered promiscuous mode [ 83.480141][ T5640] hsr_slave_1: entered promiscuous mode [ 83.488594][ T4941] Bluetooth: hci3: command tx timeout [ 83.488600][ T50] Bluetooth: hci0: command tx timeout [ 83.488851][ T50] Bluetooth: hci4: command tx timeout [ 83.494650][ T5630] Bluetooth: hci1: command tx timeout [ 83.500219][ T5635] Bluetooth: hci2: command tx timeout [ 83.523707][ T5644] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.530764][ T5644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.556724][ T5644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.589996][ T5639] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.596966][ T5639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.623302][ T5639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.646842][ T5644] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.654088][ T5644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.680042][ T5644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.693391][ T5643] team0: Port device team_slave_0 added [ 83.701978][ T5639] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.709114][ T5639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.735039][ T5639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.750948][ T5642] hsr_slave_0: entered promiscuous mode [ 83.757410][ T5642] hsr_slave_1: entered promiscuous mode [ 83.763485][ T5642] debugfs: 'hsr0' already exists in 'hsr' [ 83.769338][ T5642] Cannot create hsr debugfs directory [ 83.783397][ T5643] team0: Port device team_slave_1 added [ 83.904927][ T5643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.911990][ T5643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.938638][ T5643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.982184][ T5643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.989406][ T5643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.015835][ T5643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.032476][ T5639] hsr_slave_0: entered promiscuous mode [ 84.039039][ T5639] hsr_slave_1: entered promiscuous mode [ 84.045074][ T5639] debugfs: 'hsr0' already exists in 'hsr' [ 84.051325][ T5639] Cannot create hsr debugfs directory [ 84.078204][ T5644] hsr_slave_0: entered promiscuous mode [ 84.084755][ T5644] hsr_slave_1: entered promiscuous mode [ 84.091188][ T5644] debugfs: 'hsr0' already exists in 'hsr' [ 84.096972][ T5644] Cannot create hsr debugfs directory [ 84.259719][ T5643] hsr_slave_0: entered promiscuous mode [ 84.266108][ T5643] hsr_slave_1: entered promiscuous mode [ 84.274358][ T5643] debugfs: 'hsr0' already exists in 'hsr' [ 84.280177][ T5643] Cannot create hsr debugfs directory [ 84.609584][ T5640] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.622213][ T5640] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.643050][ T5640] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.652681][ T5640] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.660594][ T5640] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.671515][ T5640] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.693096][ T5640] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.702120][ T5640] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.760246][ T5639] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.773427][ T5639] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.783023][ T5639] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.793613][ T5639] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.801589][ T5639] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.811319][ T5639] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.819214][ T5639] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.829335][ T5639] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.910627][ T5644] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.920603][ T5644] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.929659][ T5644] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.939817][ T5644] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.949329][ T5644] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.959312][ T5644] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.969870][ T5644] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.979954][ T5644] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.061933][ T5642] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 85.072247][ T5642] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.091742][ T5642] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 85.100970][ T5642] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.109370][ T5642] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 85.119723][ T5642] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.128201][ T5642] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 85.136920][ T5642] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.226096][ T5640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.265317][ T5643] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.275287][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.283657][ T5643] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.293987][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.308723][ T5643] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.318668][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.326764][ T5643] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.335985][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.355543][ T5640] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.396585][ T149] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.403998][ T149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.414957][ T149] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.422054][ T149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.439003][ T5639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.455395][ T5644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.497151][ T5644] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.517534][ T5639] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.532783][ T1333] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.539919][ T1333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.568006][ T5635] Bluetooth: hci1: command tx timeout [ 85.568318][ T50] Bluetooth: hci3: command tx timeout [ 85.573440][ T5630] Bluetooth: hci0: command tx timeout [ 85.579708][ T50] Bluetooth: hci2: command tx timeout [ 85.585338][ T4941] Bluetooth: hci4: command tx timeout [ 85.604317][ T149] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.611475][ T149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.626061][ T1333] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.633190][ T1333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.665041][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.672160][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.746647][ T5642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.801535][ T5643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.821049][ T5642] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.840464][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.847661][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.869296][ T5640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.893676][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.900789][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.915777][ T5643] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.940945][ T5644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.949578][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.956681][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.965924][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.973032][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.046651][ T5639] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.080237][ T5640] veth0_vlan: entered promiscuous mode [ 86.129756][ T5640] veth1_vlan: entered promiscuous mode [ 86.156920][ T5644] veth0_vlan: entered promiscuous mode [ 86.188895][ T5639] veth0_vlan: entered promiscuous mode [ 86.206347][ T5644] veth1_vlan: entered promiscuous mode [ 86.243228][ T5640] veth0_macvtap: entered promiscuous mode [ 86.251109][ T5639] veth1_vlan: entered promiscuous mode [ 86.270648][ T5642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.285755][ T5640] veth1_macvtap: entered promiscuous mode [ 86.309804][ T5643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.344191][ T5644] veth0_macvtap: entered promiscuous mode [ 86.363697][ T5640] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.376335][ T5644] veth1_macvtap: entered promiscuous mode [ 86.389975][ T5639] veth0_macvtap: entered promiscuous mode [ 86.408458][ T5639] veth1_macvtap: entered promiscuous mode [ 86.418730][ T5640] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.451775][ T5644] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.474011][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.483157][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.502581][ T5639] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.510157][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.522016][ T5644] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.530332][ T5642] veth0_vlan: entered promiscuous mode [ 86.561986][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.585835][ T5639] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.616877][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.636072][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.653582][ T5642] veth1_vlan: entered promiscuous mode [ 86.675298][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.706089][ T5643] veth0_vlan: entered promiscuous mode [ 86.735718][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.755108][ T5643] veth1_vlan: entered promiscuous mode [ 86.779090][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.805140][ T1333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.811211][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.825827][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.837101][ T1333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.865268][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.925245][ T5642] veth0_macvtap: entered promiscuous mode [ 86.956873][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.966075][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.001167][ T5642] veth1_macvtap: entered promiscuous mode [ 87.048538][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.063971][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.094031][ T5643] veth0_macvtap: entered promiscuous mode [ 87.111682][ T5640] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 87.133882][ T5642] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.161371][ T5643] veth1_macvtap: entered promiscuous mode [ 87.183001][ T1333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.191117][ T1333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.195497][ T5642] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.292402][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.303274][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.313355][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.321844][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.352127][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.362486][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.392723][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.402996][ T5643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.412953][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.468734][ T5643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.557040][ T67] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.583251][ T67] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.613239][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.614894][ T67] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.636663][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.649896][ T4941] Bluetooth: hci2: command tx timeout [ 87.655375][ T5630] Bluetooth: hci3: command tx timeout [ 87.662278][ T67] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.662600][ T5635] Bluetooth: hci4: command tx timeout [ 87.671687][ T50] Bluetooth: hci0: command tx timeout [ 87.678401][ T4941] Bluetooth: hci1: command tx timeout [ 87.821353][ T149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.840525][ T149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.330412][ T5748] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.344639][ T5747] loop3: detected capacity change from 0 to 7 [ 88.384835][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 88.395698][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 88.407076][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 88.416283][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 88.457601][ T5750] Invalid logical block size (1275) [ 88.470881][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 88.480077][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 88.540713][ T5751] [ 88.543079][ T5751] ====================================================== [ 88.550120][ T5751] WARNING: possible circular locking dependency detected [ 88.557163][ T5751] syzkaller #0 Not tainted [ 88.561679][ T5751] ------------------------------------------------------ [ 88.568705][ T5751] syz.1.12/5751 is trying to acquire lock: [ 88.574513][ T5751] ffff88801be8d210 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450 [ 88.584820][ T5751] [ 88.584820][ T5751] but task is already holding lock: [ 88.592190][ T5751] ffff888026a81c50 (&q->q_usage_counter(io)#20){++++}-{0:0}, at: lo_ioctl+0x1a51/0x1fb0 [ 88.601986][ T5751] [ 88.601986][ T5751] which lock already depends on the new lock. [ 88.601986][ T5751] [ 88.612392][ T5751] [ 88.612392][ T5751] the existing dependency chain (in reverse order) is: [ 88.621400][ T5751] [ 88.621400][ T5751] -> #2 (&q->q_usage_counter(io)#20){++++}-{0:0}: [ 88.630014][ T5751] blk_alloc_queue+0x546/0x680 [ 88.635324][ T5751] __blk_mq_alloc_disk+0x197/0x390 [ 88.640966][ T5751] loop_add+0x482/0xb40 [ 88.645645][ T5751] loop_init+0xd9/0x170 [ 88.650337][ T5751] do_one_initcall+0x250/0x870 [ 88.655640][ T5751] do_initcall_level+0x104/0x190 [ 88.661105][ T5751] do_initcalls+0x59/0xa0 [ 88.665960][ T5751] kernel_init_freeable+0x2a6/0x3e0 [ 88.671689][ T5751] kernel_init+0x1d/0x1d0 [ 88.676556][ T5751] ret_from_fork+0x514/0xb70 [ 88.681681][ T5751] ret_from_fork_asm+0x1a/0x30 [ 88.686984][ T5751] [ 88.686984][ T5751] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 88.694206][ T5751] fs_reclaim_acquire+0x71/0x100 [ 88.699700][ T5751] kmem_cache_alloc_noprof+0x40/0x650 [ 88.705608][ T5751] __kernfs_iattrs+0xdf/0x320 [ 88.710809][ T5751] kernfs_iop_setattr+0xea/0x3f0 [ 88.716284][ T5751] notify_change+0xc1a/0xf40 [ 88.721395][ T5751] do_truncate+0x1c2/0x250 [ 88.726340][ T5751] path_openat+0x2f89/0x3860 [ 88.731460][ T5751] do_file_open+0x23e/0x4a0 [ 88.736495][ T5751] do_sys_openat2+0x113/0x200 [ 88.741694][ T5751] __x64_sys_openat+0x138/0x170 [ 88.747072][ T5751] do_syscall_64+0x15f/0xf80 [ 88.752216][ T5751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.758638][ T5751] [ 88.758638][ T5751] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}: [ 88.767159][ T5751] __lock_acquire+0x15a5/0x2cf0 [ 88.772543][ T5751] lock_acquire+0x106/0x350 [ 88.777588][ T5751] down_read+0x47/0x2e0 [ 88.782304][ T5751] kernfs_iop_getattr+0x9e/0x450 [ 88.787781][ T5751] vfs_getattr_nosec+0x2e1/0x430 [ 88.793256][ T5751] loop_assign_backing_file+0x27a/0x4b0 [ 88.799333][ T5751] lo_ioctl+0x1acb/0x1fb0 [ 88.804197][ T5751] lo_compat_ioctl+0x324/0x3f0 [ 88.809497][ T5751] compat_blkdev_ioctl+0x5ea/0x7c0 [ 88.815136][ T5751] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 88.821142][ T5751] __do_fast_syscall_32+0x229/0x6e0 [ 88.826905][ T5751] do_fast_syscall_32+0x33/0x70 [ 88.832316][ T5751] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 88.839195][ T5751] [ 88.839195][ T5751] other info that might help us debug this: [ 88.839195][ T5751] [ 88.849477][ T5751] Chain exists of: [ 88.849477][ T5751] &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#20 [ 88.849477][ T5751] [ 88.863933][ T5751] Possible unsafe locking scenario: [ 88.863933][ T5751] [ 88.871389][ T5751] CPU0 CPU1 [ 88.876777][ T5751] ---- ---- [ 88.882159][ T5751] lock(&q->q_usage_counter(io)#20); [ 88.887551][ T5751] lock(fs_reclaim); [ 88.894068][ T5751] lock(&q->q_usage_counter(io)#20); [ 88.901972][ T5751] rlock(&root->kernfs_iattr_rwsem); [ 88.907358][ T5751] [ 88.907358][ T5751] *** DEADLOCK *** [ 88.907358][ T5751] [ 88.915519][ T5751] 3 locks held by syz.1.12/5751: [ 88.920472][ T5751] #0: ffff888026b75430 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x14c7/0x1fb0 [ 88.929544][ T5751] #1: ffff888026a81c50 (&q->q_usage_counter(io)#20){++++}-{0:0}, at: lo_ioctl+0x1a51/0x1fb0 [ 88.939768][ T5751] #2: ffff888026a81c88 (&q->q_usage_counter(queue)#4){+.+.}-{0:0}, at: lo_ioctl+0x1a51/0x1fb0 [ 88.950137][ T5751] [ 88.950137][ T5751] stack backtrace: [ 88.956127][ T5751] CPU: 0 UID: 0 PID: 5751 Comm: syz.1.12 Not tainted syzkaller #0 PREEMPT(full) [ 88.956146][ T5751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 88.956162][ T5751] Call Trace: [ 88.956171][ T5751] [ 88.956178][ T5751] dump_stack_lvl+0xe8/0x150 [ 88.956198][ T5751] print_circular_bug+0x2e1/0x300 [ 88.956221][ T5751] check_noncircular+0x12e/0x150 [ 88.956247][ T5751] __lock_acquire+0x15a5/0x2cf0 [ 88.956271][ T5751] ? kernfs_iop_getattr+0x9e/0x450 [ 88.956288][ T5751] lock_acquire+0x106/0x350 [ 88.956302][ T5751] ? kernfs_iop_getattr+0x9e/0x450 [ 88.956323][ T5751] down_read+0x47/0x2e0 [ 88.956343][ T5751] ? kernfs_iop_getattr+0x9e/0x450 [ 88.956361][ T5751] kernfs_iop_getattr+0x9e/0x450 [ 88.956380][ T5751] vfs_getattr_nosec+0x2e1/0x430 [ 88.956397][ T5751] loop_assign_backing_file+0x27a/0x4b0 [ 88.956421][ T5751] ? __pfx_loop_assign_backing_file+0x10/0x10 [ 88.956453][ T5751] lo_ioctl+0x1acb/0x1fb0 [ 88.956475][ T5751] ? __pfx_lo_ioctl+0x10/0x10 [ 88.956511][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.956529][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.956544][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.956562][ T5751] ? ktime_get+0x45/0x220 [ 88.956582][ T5751] ? lock_acquire+0x106/0x350 [ 88.956600][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.956617][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.956633][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.956649][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.956669][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.956684][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.956702][ T5751] ? unwind_next_frame+0xa6/0x2550 [ 88.956721][ T5751] ? unwind_next_frame+0xa6/0x2550 [ 88.956739][ T5751] ? is_bpf_text_address+0x26/0x2b0 [ 88.956757][ T5751] ? is_bpf_text_address+0x26/0x2b0 [ 88.956796][ T5751] ? is_bpf_text_address+0x292/0x2b0 [ 88.956812][ T5751] ? is_bpf_text_address+0x26/0x2b0 [ 88.956829][ T5751] ? kernel_text_address+0xa5/0xe0 [ 88.956854][ T5751] ? __kernel_text_address+0xd/0x30 [ 88.956878][ T5751] ? unwind_get_return_address+0x4d/0x90 [ 88.956898][ T5751] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 88.956925][ T5751] ? arch_stack_walk+0xfb/0x150 [ 88.956950][ T5751] ? stack_trace_save+0xa9/0x100 [ 88.956975][ T5751] ? __pfx_stack_trace_save+0x10/0x10 [ 88.956999][ T5751] ? kasan_save_free_info+0x46/0x50 [ 88.957020][ T5751] ? stack_depot_save_flags+0x33/0x810 [ 88.957044][ T5751] ? kasan_save_track+0x4f/0x80 [ 88.957065][ T5751] ? kasan_save_track+0x3e/0x80 [ 88.957086][ T5751] ? kasan_save_free_info+0x46/0x50 [ 88.957104][ T5751] ? __kasan_slab_free+0x5c/0x80 [ 88.957126][ T5751] ? kfree+0x1c5/0x640 [ 88.957145][ T5751] ? tomoyo_path_number_perm+0x501/0x630 [ 88.957164][ T5751] ? security_file_ioctl_compat+0xc3/0x2a0 [ 88.957181][ T5751] ? __ia32_compat_sys_ioctl+0x139/0x950 [ 88.957212][ T5751] ? __asan_memset+0x22/0x50 [ 88.957234][ T5751] ? blk_get_meta_cap+0x16d/0x7a0 [ 88.957267][ T5751] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 88.957295][ T5751] ? blkdev_common_ioctl+0x14b7/0x3240 [ 88.957313][ T5751] lo_compat_ioctl+0x324/0x3f0 [ 88.957338][ T5751] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 88.957361][ T5751] ? kasan_quarantine_put+0xbb/0x1f0 [ 88.957387][ T5751] ? tomoyo_path_number_perm+0x219/0x630 [ 88.957406][ T5751] ? tomoyo_path_number_perm+0x219/0x630 [ 88.957426][ T5751] ? do_vfs_ioctl+0x1166/0x1530 [ 88.957452][ T5751] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 88.957482][ T5751] ? __lock_acquire+0x6b5/0x2cf0 [ 88.957506][ T5751] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 88.957530][ T5751] compat_blkdev_ioctl+0x5ea/0x7c0 [ 88.957546][ T5751] ? __fget_files+0x2a/0x420 [ 88.957567][ T5751] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 88.957583][ T5751] ? __fget_files+0x2a/0x420 [ 88.957603][ T5751] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 88.957631][ T5751] __ia32_compat_sys_ioctl+0x5ea/0x950 [ 88.957658][ T5751] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 88.957685][ T5751] ? _raw_spin_unlock_irq+0x23/0x50 [ 88.957702][ T5751] ? lockdep_hardirqs_on+0x7a/0x110 [ 88.957722][ T5751] ? _raw_spin_unlock_irq+0x2e/0x50 [ 88.957738][ T5751] ? __ia32_compat_sys_rt_sigprocmask+0x2c6/0x340 [ 88.957759][ T5751] ? __pfx___ia32_compat_sys_rt_sigprocmask+0x10/0x10 [ 88.957780][ T5751] ? exc_page_fault+0x6a/0xc0 [ 88.957803][ T5751] __do_fast_syscall_32+0x229/0x6e0 [ 88.957825][ T5751] ? do_fast_syscall_32+0x33/0x70 [ 88.957846][ T5751] ? irqentry_exit+0x10f/0x730 [ 88.957865][ T5751] ? trace_irq_disable+0x3b/0x140 [ 88.957892][ T5751] do_fast_syscall_32+0x33/0x70 [ 88.957914][ T5751] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 88.957950][ T5751] RIP: 0023:0xf70bf01c [ 88.957972][ T5751] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 [ 88.957997][ T5751] RSP: 002b:00000000f546b50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 88.958013][ T5751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c06 [ 88.958034][ T5751] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.958043][ T5751] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 88.958051][ T5751] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 88.958060][ T5751] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 88.958074][ T5751] [ 89.509450][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.518686][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 89.550241][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.559443][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 89.574902][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.584094][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 89.592139][ T5747] ldm_validate_partition_table(): Disk read failed. [ 89.600081][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.609268][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 89.619772][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.628935][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 89.638114][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.647370][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 89.655802][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 89.665057][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 89.672990][ T5747] Dev loop3: unable to read RDB block 0 [ 89.679068][ T5747] loop3: unable to read partition table [ 89.684813][ T5747] loop3: partition table beyond EOD, truncated [ 89.691262][ T5747] loop_reread_partitions: partition scan of loop3 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 89.719243][ T5751] ldm_validate_partition_table(): Disk read failed. [ 89.730459][ T50] Bluetooth: hci4: command tx timeout [ 89.732596][ T5635] Bluetooth: hci1: command tx timeout [ 89.739246][ T50] Bluetooth: hci0: command tx timeout [ 89.741979][ T4941] Bluetooth: hci3: command tx timeout [ 89.746892][ T5624] Bluetooth: hci2: command tx timeout [ 89.758265][ T5751] Dev loop3: unable to read RDB block 0 [ 89.840150][ T5751] loop3: unable to read partition table [ 89.845961][ T5751] loop3: partition table beyond EOD, truncated [ 89.863453][ T5751] loop_reread_partitions: partition scan of loop3 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 90.549771][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.560713][ T5643] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' [ 90.568504][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.596049][ T1333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.614013][ T1333] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.647810][ T993] cfg80211: failed to load regulatory.db