Warning: Permanently added '10.128.1.178' (ED25519) to the list of known hosts.
1970/01/01 00:00:37 parsed 1 programs
syzkaller login: [   38.462971][ T6534] cgroup: Unknown subsys name 'net'
[   38.570179][ T6534] cgroup: Unknown subsys name 'cpuset'
[   38.573053][ T6534] cgroup: Unknown subsys name 'rlimit'
[   38.697532][ T6534] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SS
[   45.410597][ T6545] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   45.514604][ T6551] chnl_net:caif_netlink_parms(): no params data found
[   45.537220][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.537630][ T6551] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.537711][ T6551] bridge_slave_0: entered allmulticast mode
[   45.538620][ T6551] bridge_slave_0: entered promiscuous mode
[   45.541267][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.541395][ T6551] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.541450][ T6551] bridge_slave_1: entered allmulticast mode
[   45.541877][ T6551] bridge_slave_1: entered promiscuous mode
[   45.554143][ T6551] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   45.555039][ T6551] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   45.562641][ T6551] team0: Port device team_slave_0 added
[   45.563369][ T6551] team0: Port device team_slave_1 added
[   45.570759][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_0
[   45.570783][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   45.570799][ T6551] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   45.571586][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_1
[   45.571594][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   45.571605][ T6551] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   45.603976][ T6551] hsr_slave_0: entered promiscuous mode
[   45.604420][ T6551] hsr_slave_1: entered promiscuous mode
[   45.645633][ T6551] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   45.649097][ T6551] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   45.651514][ T6551] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   45.653724][ T6551] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   45.663513][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.663576][ T6551] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.663778][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.663803][ T6551] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.676371][ T6551] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.681042][ T6551] 8021q: adding VLAN 0 to HW filter on device team0
[   45.694680][ T6551] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   45.694720][ T6551] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   45.734096][ T6551] 8021q: adding VLAN 0 to HW filter on device batadv0
[   45.745095][ T6551] veth0_vlan: entered promiscuous mode
[   45.751913][ T6551] veth1_vlan: entered promiscuous mode
[   45.759314][ T6551] veth0_macvtap: entered promiscuous mode
[   45.760309][ T6551] veth1_macvtap: entered promiscuous mode
[   45.764615][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_0
[   45.765673][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_1
[   45.767488][ T1959] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   45.768967][ T1959] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   45.769038][ T1959] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   45.769099][ T1959] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   45.844052][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   45.844384][ T6575] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   45.844592][ T6575] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   45.844905][ T6575] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   45.845115][ T6575] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   46.032778][   T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.076310][   T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.123053][   T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.126580][ T1959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.128715][ T1959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.138718][  T679] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.138749][  T679] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.152491][   T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:00:46 executed programs: 0
[   47.006983][ T6122] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   47.008679][ T6122] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   47.009952][ T6122] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   47.011288][ T6122] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   47.011573][ T6122] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   47.057206][ T6642] chnl_net:caif_netlink_parms(): no params data found
[   47.078840][ T6642] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.078913][ T6642] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.078988][ T6642] bridge_slave_0: entered allmulticast mode
[   47.079450][ T6642] bridge_slave_0: entered promiscuous mode
[   47.080460][ T6642] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.080483][ T6642] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.080537][ T6642] bridge_slave_1: entered allmulticast mode
[   47.080934][ T6642] bridge_slave_1: entered promiscuous mode
[   47.094360][ T6642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.095766][ T6642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.103232][ T6642] team0: Port device team_slave_0 added
[   47.103992][ T6642] team0: Port device team_slave_1 added
[   47.111222][ T6642] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.111245][ T6642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.111260][ T6642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.111764][ T6642] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.111771][ T6642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.111786][ T6642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.130830][ T6642] hsr_slave_0: entered promiscuous mode
[   47.131148][ T6642] hsr_slave_1: entered promiscuous mode
[   47.131351][ T6642] debugfs: 'hsr0' already exists in 'hsr'
[   47.131401][ T6642] Cannot create hsr debugfs directory
[   49.058151][ T6575] Bluetooth: hci0: command tx timeout
[   49.521220][   T42] bridge_slave_1: left allmulticast mode
[   49.521259][   T42] bridge_slave_1: left promiscuous mode
[   49.521785][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.524915][   T42] bridge_slave_0: left allmulticast mode
[   49.524945][   T42] bridge_slave_0: left promiscuous mode
[   49.525035][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.740245][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   49.769300][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   49.818927][   T42] bond0 (unregistering): Released all slaves
[   49.931078][   T42] hsr_slave_0: left promiscuous mode
[   49.932405][   T42] hsr_slave_1: left promiscuous mode
[   49.933620][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   49.934863][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[   49.936454][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   49.937684][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[   49.944557][   T42] veth1_macvtap: left promiscuous mode
[   49.945622][   T42] veth0_macvtap: left promiscuous mode
[   49.946678][   T42] veth1_vlan: left promiscuous mode
[   49.946841][   T42] veth0_vlan: left promiscuous mode
[   50.063024][   T42] team0 (unregistering): Port device team_slave_1 removed
[   50.071968][   T42] team0 (unregistering): Port device team_slave_0 removed
[   50.272625][ T6642] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   50.275767][ T6642] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   50.279943][ T6642] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   50.282537][ T6642] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   50.307422][ T6642] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.311795][ T6642] 8021q: adding VLAN 0 to HW filter on device team0
[   50.313780][ T2171] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.313845][ T2171] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.321479][   T14] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.321567][   T14] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.388682][ T6642] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.400626][ T6642] veth0_vlan: entered promiscuous mode
[   50.402227][ T6642] veth1_vlan: entered promiscuous mode
[   50.595937][ T6642] veth0_macvtap: entered promiscuous mode
[   50.596925][ T6642] veth1_macvtap: entered promiscuous mode
[   50.601455][ T6642] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.602302][ T6642] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.608831][ T1959] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.609053][ T1959] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.609068][ T1959] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.609082][ T1959] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.636597][  T679] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.636633][  T679] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.652061][ T2171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.652091][ T2171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.707898][ T6691] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input2
[   50.935652][ T6691] loop0: detected capacity change from 0 to 40427
[   50.936361][ T6691] =======================================================
[   50.936361][ T6691] WARNING: The mand mount option has been deprecated and
[   50.936361][ T6691]          and is ignored by this kernel. Remove the mand
[   50.936361][ T6691]          option from the mount to silence this warning.
[   50.936361][ T6691] =======================================================
[   50.946205][ T6691] F2FS-fs (loop0): invalid crc value
[   50.966763][ T6691] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   50.968483][ T6691] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   50.971447][ T6642] F2FS-fs (loop0): Inconsistent error blkaddr:5633, sit bitmap:0
[   50.971478][ T6642] CPU: 0 UID: 0 PID: 6642 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
[   50.971491][ T6642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[   50.971495][ T6642] Call trace:
[   50.971498][ T6642]  show_stack+0x2c/0x3c (C)
[   50.971511][ T6642]  __dump_stack+0x30/0x40
[   50.971518][ T6642]  dump_stack_lvl+0xd8/0x12c
[   50.971523][ T6642]  dump_stack+0x1c/0x28
[   50.971528][ T6642]  __f2fs_is_valid_blkaddr+0xa50/0x107c
[   50.971536][ T6642]  f2fs_is_valid_blkaddr+0x12c/0x294
[   50.971541][ T6642]  f2fs_get_read_data_folio+0x344/0x6d0
[   50.971549][ T6642]  f2fs_find_data_folio+0x84/0x390
[   50.971555][ T6642]  f2fs_readdir+0x36c/0x8d4
[   50.971562][ T6642]  iterate_dir+0x2dc/0x478
[   50.971569][ T6642]  __arm64_sys_getdents64+0x110/0x2fc
[   50.971575][ T6642]  invoke_syscall+0x98/0x254
[   50.971581][ T6642]  el0_svc_common+0x130/0x23c
[   50.971586][ T6642]  do_el0_svc+0x48/0x58
[   50.971591][ T6642]  el0_svc+0x5c/0x254
[   50.971599][ T6642]  el0t_64_sync_handler+0x84/0x12c
[   50.971605][ T6642]  el0t_64_sync+0x198/0x19c
[   51.137877][ T6575] Bluetooth: hci0: command tx timeout
[   51.159336][ T6697] 
[   51.159741][ T6697] ======================================================
[   51.160740][ T6697] WARNING: possible circular locking dependency detected
[   51.161757][ T6697] syzkaller #0 Not tainted
[   51.162404][ T6697] ------------------------------------------------------
[   51.163475][ T6697] syz.0.17/6697 is trying to acquire lock:
[   51.164261][ T6697] ffff0000d463f040 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: touch_work_lockdep_map+0x70/0x118
[   51.166092][ T6697] 
[   51.166092][ T6697] but task is already holding lock:
[   51.167138][ T6697] ffff0000d463f338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x74/0x5f0
[   51.168472][ T6697] 
[   51.168472][ T6697] which lock already depends on the new lock.
[   51.168472][ T6697] 
[   51.170015][ T6697] 
[   51.170015][ T6697] the existing dependency chain (in reverse order) is:
[   51.171271][ T6697] 
[   51.171271][ T6697] -> #1 (&conn->lock#2){+.+.}-{4:4}:
[   51.172401][ T6697]        __mutex_lock_common+0x1d0/0x2678
[   51.173275][ T6697]        mutex_lock_nested+0x2c/0x38
[   51.174075][ T6697]        l2cap_info_timeout+0x70/0xb0
[   51.174875][ T6697]        process_one_work+0x7e8/0x155c
[   51.175711][ T6697]        worker_thread+0x958/0xed8
[   51.176557][ T6697]        kthread+0x5fc/0x75c
[   51.177282][ T6697]        ret_from_fork+0x10/0x20
[   51.178086][ T6697] 
[   51.178086][ T6697] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   51.179554][ T6697]        __lock_acquire+0x1774/0x30a4
[   51.180283][ T6697]        lock_acquire+0x14c/0x2e0
[   51.181025][ T6697]        touch_work_lockdep_map+0x98/0x118
[   51.181994][ T6697]        __flush_work+0x4fc/0x8c0
[   51.182821][ T6697]        cancel_delayed_work_sync+0xc4/0x120
[   51.183781][ T6697]        l2cap_conn_del+0x460/0x5f0
[   51.184611][ T6697]        l2cap_disconn_cfm+0x90/0xe0
[   51.185498][ T6697]        hci_conn_hash_flush+0x108/0x218
[   51.186462][ T6697]        hci_dev_close_sync+0x89c/0x1154
[   51.187412][ T6697]        hci_unregister_dev+0x204/0x4c0
[   51.188261][ T6697]        vhci_release+0x12c/0x17c
[   51.189002][ T6697]        __fput+0x340/0x75c
[   51.189661][ T6697]        ____fput+0x20/0x58
[   51.190316][ T6697]        task_work_run+0x1dc/0x260
[   51.191187][ T6697]        do_exit+0x524/0x1a14
[   51.191981][ T6697]        do_group_exit+0x194/0x22c
[   51.192729][ T6697]        get_signal+0x11dc/0x12f8
[   51.193470][ T6697]        arch_do_signal_or_restart+0x274/0x4434
[   51.194386][ T6697]        exit_to_user_mode_loop+0x7c/0x168
[   51.195238][ T6697]        el0_svc+0x170/0x254
[   51.195917][ T6697]        el0t_64_sync_handler+0x84/0x12c
[   51.196828][ T6697]        el0t_64_sync+0x198/0x19c
[   51.197645][ T6697] 
[   51.197645][ T6697] other info that might help us debug this:
[   51.197645][ T6697] 
[   51.199251][ T6697]  Possible unsafe locking scenario:
[   51.199251][ T6697] 
[   51.200453][ T6697]        CPU0                    CPU1
[   51.201310][ T6697]        ----                    ----
[   51.202144][ T6697]   lock(&conn->lock#2);
[   51.202820][ T6697]                                lock((work_completion)(&(&conn->info_timer)->work));
[   51.204393][ T6697]                                lock(&conn->lock#2);
[   51.205488][ T6697]   lock((work_completion)(&(&conn->info_timer)->work));
[   51.206548][ T6697] 
[   51.206548][ T6697]  *** DEADLOCK ***
[   51.206548][ T6697] 
[   51.207727][ T6697] 5 locks held by syz.0.17/6697:
[   51.208452][ T6697]  #0: ffff0000d4cd0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x1fc/0x4c0
[   51.209931][ T6697]  #1: ffff0000d4cd00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x4c4/0x1154
[   51.211376][ T6697]  #2: ffff800092bf0da8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xb0/0x218
[   51.212907][ T6697]  #3: ffff0000d463f338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x74/0x5f0
[   51.214341][ T6697]  #4: ffff80008f9d9620 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c
[   51.215784][ T6697] 
[   51.215784][ T6697] stack backtrace:
[   51.216673][ T6697] CPU: 1 UID: 0 PID: 6697 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT 
[   51.217922][ T6697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[   51.219461][ T6697] Call trace:
[   51.219945][ T6697]  show_stack+0x2c/0x3c (C)
[   51.220621][ T6697]  __dump_stack+0x30/0x40
[   51.221278][ T6697]  dump_stack_lvl+0xd8/0x12c
[   51.221977][ T6697]  dump_stack+0x1c/0x28
[   51.222622][ T6697]  print_circular_bug+0x324/0x32c
[   51.223409][ T6697]  check_noncircular+0x154/0x174
[   51.224131][ T6697]  __lock_acquire+0x1774/0x30a4
[   51.224877][ T6697]  lock_acquire+0x14c/0x2e0
[   51.225535][ T6697]  touch_work_lockdep_map+0x98/0x118
[   51.226320][ T6697]  __flush_work+0x4fc/0x8c0
[   51.226955][ T6697]  cancel_delayed_work_sync+0xc4/0x120
[   51.227754][ T6697]  l2cap_conn_del+0x460/0x5f0
[   51.228435][ T6697]  l2cap_disconn_cfm+0x90/0xe0
[   51.229207][ T6697]  hci_conn_hash_flush+0x108/0x218
[   51.229917][ T6697]  hci_dev_close_sync+0x89c/0x1154
[   51.230711][ T6697]  hci_unregister_dev+0x204/0x4c0
[   51.231483][ T6697]  vhci_release+0x12c/0x17c
[   51.232133][ T6697]  __fput+0x340/0x75c
[   51.232699][ T6697]  ____fput+0x20/0x58
[   51.233310][ T6697]  task_work_run+0x1dc/0x260
[   51.234004][ T6697]  do_exit+0x524/0x1a14
[   51.234594][ T6697]  do_group_exit+0x194/0x22c
[   51.235388][ T6697]  get_signal+0x11dc/0x12f8
[   51.236151][ T6697]  arch_do_signal_or_restart+0x274/0x4434
[   51.237017][ T6697]  exit_to_user_mode_loop+0x7c/0x168
[   51.237770][ T6697]  el0_svc+0x170/0x254
[   51.238338][ T6697]  el0t_64_sync_handler+0x84/0x12c
[   51.239129][ T6697]  el0t_64_sync+0x198/0x19c