[ 481.905696][ T142] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.113996][ T142] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.306335][ T142] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.513951][ T142] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.170858][ T142] bridge_slave_1: left allmulticast mode [ 483.170883][ T142] bridge_slave_1: left promiscuous mode [ 483.171098][ T142] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.231500][ T142] bridge_slave_0: left allmulticast mode [ 483.231524][ T142] bridge_slave_0: left promiscuous mode [ 483.231709][ T142] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.881475][ T142] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 483.941643][ T142] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 483.962416][ T142] bond0 (unregistering): Released all slaves [ 484.006650][ T5492] 8021q: adding VLAN 0 to HW filter on device eth1 [ 484.544143][ T5492] 8021q: adding VLAN 0 to HW filter on device eth2 [ 484.984353][ T5492] 8021q: adding VLAN 0 to HW filter on device eth3 [ 485.240633][ T142] hsr_slave_0: left promiscuous mode [ 485.282070][ T142] hsr_slave_1: left promiscuous mode [ 485.283225][ T142] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 485.283251][ T142] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 485.321699][ T142] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 485.321724][ T142] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 485.405971][ T142] veth1_macvtap: left promiscuous mode [ 485.406035][ T142] veth0_macvtap: left promiscuous mode [ 485.406199][ T142] veth1_vlan: left promiscuous mode [ 485.406306][ T142] veth0_vlan: left promiscuous mode [ 486.091074][ T142] team0 (unregistering): Port device team_slave_1 removed [ 486.131099][ T142] team0 (unregistering): Port device team_slave_0 removed [ 486.303870][ T5492] 8021q: adding VLAN 0 to HW filter on device eth4 Warning: Permanently added '10.128.1.191' (ED25519) to the list of known hosts. [ 487.219835][ T8462] chnl_net:caif_netlink_parms(): no params data found [ 487.320019][ T8462] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.320230][ T8462] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.320381][ T8462] bridge_slave_0: entered allmulticast mode [ 487.323632][ T8462] bridge_slave_0: entered promiscuous mode [ 487.332912][ T8462] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.333277][ T8462] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.333515][ T8462] bridge_slave_1: entered allmulticast mode [ 487.336507][ T8462] bridge_slave_1: entered promiscuous mode [ 487.387923][ T8462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 487.401670][ T8462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 487.437839][ T8462] team0: Port device team_slave_0 added [ 487.446665][ T8462] team0: Port device team_slave_1 added [ 487.476286][ T8462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 487.476297][ T8462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 487.476310][ T8462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 487.478101][ T8462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 487.478109][ T8462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 487.478122][ T8462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 487.563851][ T8462] hsr_slave_0: entered promiscuous mode [ 487.566043][ T8462] hsr_slave_1: entered promiscuous mode [ 489.310252][ T8462] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 489.348306][ T8462] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 489.349637][ T8462] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 489.388820][ T8462] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 489.390313][ T8462] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 489.426816][ T8462] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 489.428273][ T8462] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 489.469580][ T8462] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 489.623064][ T8462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 489.682002][ T8462] 8021q: adding VLAN 0 to HW filter on device team0 [ 489.699069][ T8397] bridge0: port 1(bridge_slave_0) entered blocking state [ 489.699289][ T8397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 489.720268][ T8397] bridge0: port 2(bridge_slave_1) entered blocking state [ 489.720901][ T8397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 489.893063][ T8462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 489.998163][ T8462] veth0_vlan: entered promiscuous mode [ 490.017251][ T8462] veth1_vlan: entered promiscuous mode [ 490.110110][ T8462] veth0_macvtap: entered promiscuous mode [ 490.122919][ T8462] veth1_macvtap: entered promiscuous mode [ 490.173389][ T8462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 490.196936][ T8462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 490.220932][ T3281] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.222123][ T3281] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.222603][ T3281] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.222640][ T3281] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 490.667284][ T8558] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 490.957813][ T8572] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 491.240277][ T8586] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 491.521025][ T8597] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 491.610852][ C0] [ 491.610863][ C0] ====================================================== [ 491.610871][ C0] WARNING: possible circular locking dependency detected [ 491.610896][ C0] syzkaller #0 Not tainted [ 491.610906][ C0] ------------------------------------------------------ [ 491.610912][ C0] syz-executor150/8596 is trying to acquire lock: [ 491.610923][ C0] ffff888039b2c8a0 (slock-AF_PHONET/1){+.+.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0 [ 491.610983][ C0] [ 491.610983][ C0] but task is already holding lock: [ 491.610989][ C0] ffff888034c5b720 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0 [ 491.611029][ C0] [ 491.611029][ C0] which lock already depends on the new lock. [ 491.611029][ C0] [ 491.611036][ C0] [ 491.611036][ C0] the existing dependency chain (in reverse order) is: [ 491.611042][ C0] [ 491.611042][ C0] -> #1 (slock-AF_PHONET){+...}-{3:3}: [ 491.611066][ C0] rt_spin_lock+0x83/0x400 [ 491.611098][ C0] __sk_receive_skb+0x1f1/0x9e0 [ 491.611115][ C0] phonet_rcv+0x781/0xc40 [ 491.611139][ C0] process_backlog+0x5e1/0xc60 [ 491.611158][ C0] __napi_poll+0xab/0x550 [ 491.611171][ C0] net_rx_action+0x696/0xe00 [ 491.611185][ C0] handle_softirqs+0x1de/0x6d0 [ 491.611199][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 491.611212][ C0] netif_rx+0xb9/0xf0 [ 491.611231][ C0] pn_send+0x62a/0x8e0 [ 491.611249][ C0] pn_skb_send+0x218/0x530 [ 491.611267][ C0] pipe_snd_status+0x1f1/0x320 [ 491.611287][ C0] pipe_do_rcv+0xf15/0x16a0 [ 491.611308][ C0] __sk_receive_skb+0x962/0x9e0 [ 491.611322][ C0] pep_do_rcv+0x685/0xaa0 [ 491.611343][ C0] __release_sock+0x2a9/0x3d0 [ 491.611363][ C0] release_sock+0x1be/0x290 [ 491.611377][ C0] pep_sock_accept+0xd47/0x11e0 [ 491.611398][ C0] pn_socket_accept+0xc1/0x310 [ 491.611415][ C0] do_accept+0x6ca/0x930 [ 491.611430][ C0] __sys_accept4+0x139/0x230 [ 491.611444][ C0] __x64_sys_accept4+0x9a/0xb0 [ 491.611459][ C0] do_syscall_64+0x15f/0xf80 [ 491.611475][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.611490][ C0] [ 491.611490][ C0] -> #0 (slock-AF_PHONET/1){+.+.}-{3:3}: [ 491.611514][ C0] __lock_acquire+0x15a5/0x2cf0 [ 491.611532][ C0] lock_acquire+0x106/0x350 [ 491.611549][ C0] rt_spin_lock_nested+0x81/0x3f0 [ 491.611570][ C0] __sk_receive_skb+0x1bf/0x9e0 [ 491.611584][ C0] pep_do_rcv+0x685/0xaa0 executing program [ 491.611605][ C0] __sk_receive_skb+0x962/0x9e0 [ 491.611619][ C0] phonet_rcv+0x781/0xc40 [ 491.611637][ C0] process_backlog+0x5e1/0xc60 [ 491.611651][ C0] __napi_poll+0xab/0x550 [ 491.611664][ C0] net_rx_action+0x696/0xe00 [ 491.611678][ C0] handle_softirqs+0x1de/0x6d0 [ 491.611691][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 491.611704][ C0] netif_rx+0xb9/0xf0 [ 491.611728][ C0] pn_send+0x62a/0x8e0 [ 491.611746][ C0] pn_skb_send+0x218/0x530 [ 491.611765][ C0] pep_sock_close+0x2c1/0x5b0 [ 491.611785][ C0] pn_socket_release+0x9b/0xc0 [ 491.611801][ C0] __sock_release+0xb9/0x250 [ 491.611822][ C0] sock_close+0x1c/0x30 [ 491.611842][ C0] __fput+0x461/0xa70 [ 491.611858][ C0] fput_close_sync+0x11f/0x240 [ 491.611874][ C0] __x64_sys_close+0x7e/0x110 [ 491.611891][ C0] do_syscall_64+0x15f/0xf80 [ 491.611906][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.611920][ C0] [ 491.611920][ C0] other info that might help us debug this: [ 491.611920][ C0] [ 491.611925][ C0] Possible unsafe locking scenario: [ 491.611925][ C0] [ 491.611930][ C0] CPU0 CPU1 [ 491.611934][ C0] ---- ---- [ 491.611939][ C0] lock(slock-AF_PHONET); [ 491.611950][ C0] lock(slock-AF_PHONET/1); [ 491.611968][ C0] lock(slock-AF_PHONET); [ 491.611980][ C0] lock(slock-AF_PHONET/1); [ 491.611993][ C0] [ 491.611993][ C0] *** DEADLOCK *** [ 491.611993][ C0] [ 491.611998][ C0] 7 locks held by syz-executor150/8596: [ 491.612007][ C0] #0: ffff88805a1fc638 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250 [ 491.612057][ C0] #1: ffff888039b2dad8 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0 [ 491.612099][ C0] #2: ffffffff8e3c8140 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 491.612135][ C0] #3: ffffffff8e3c8140 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x271/0xc60 [ 491.612171][ C0] #4: ffff888034c5b720 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0 [ 491.612207][ C0] #5: ffffffff8e3c8140 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 491.612248][ C0] #6: ffff888034c5b7d8 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40 [ 491.612289][ C0] [ 491.612289][ C0] stack backtrace: [ 491.612309][ C0] CPU: 0 UID: 0 PID: 8596 Comm: syz-executor150 Not tainted syzkaller #0 PREEMPT_{RT,(full)} executing program [ 491.612328][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 491.612344][ C0] Call Trace: [ 491.612350][ C0] [ 491.612357][ C0] dump_stack_lvl+0xe8/0x150 [ 491.612377][ C0] print_circular_bug+0x2e1/0x300 [ 491.612402][ C0] check_noncircular+0x12e/0x150 [ 491.612426][ C0] __lock_acquire+0x15a5/0x2cf0 [ 491.612447][ C0] ? try_to_take_rt_mutex+0x840/0xb00 [ 491.612466][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 491.612481][ C0] lock_acquire+0x106/0x350 [ 491.612499][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 491.612528][ C0] ? sk_filter_trim_cap+0x8f1/0xce0 [ 491.612554][ C0] rt_spin_lock_nested+0x81/0x3f0 [ 491.612576][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 491.612592][ C0] ? __pfx_sk_filter_trim_cap+0x10/0x10 [ 491.612613][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 491.612631][ C0] ? __pfx_rt_spin_lock_nested+0x10/0x10 [ 491.612654][ C0] ? rt_spin_lock+0x1e0/0x400 [ 491.612677][ C0] __sk_receive_skb+0x1bf/0x9e0 [ 491.612695][ C0] pep_do_rcv+0x685/0xaa0 [ 491.612723][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 491.612748][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 491.612770][ C0] ? phonet_rcv+0x781/0xc40 [ 491.612790][ C0] __sk_receive_skb+0x962/0x9e0 [ 491.612808][ C0] phonet_rcv+0x781/0xc40 [ 491.612828][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 491.612849][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 491.612870][ C0] ? process_backlog+0x271/0xc60 [ 491.612886][ C0] ? process_backlog+0x271/0xc60 [ 491.612901][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 491.612921][ C0] process_backlog+0x5e1/0xc60 [ 491.612942][ C0] __napi_poll+0xab/0x550 [ 491.612957][ C0] net_rx_action+0x696/0xe00 [ 491.612978][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 491.612993][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 491.613013][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 491.613036][ C0] ? enqueue_to_backlog+0x340/0xcb0 [ 491.613063][ C0] handle_softirqs+0x1de/0x6d0 [ 491.613081][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 491.613097][ C0] netif_rx+0xb9/0xf0 [ 491.613117][ C0] pn_send+0x62a/0x8e0 [ 491.613139][ C0] pn_skb_send+0x218/0x530 [ 491.613161][ C0] pep_sock_close+0x2c1/0x5b0 [ 491.613185][ C0] pn_socket_release+0x9b/0xc0 [ 491.613203][ C0] __sock_release+0xb9/0x250 [ 491.613225][ C0] ? __pfx_sock_close+0x10/0x10 [ 491.613248][ C0] sock_close+0x1c/0x30 [ 491.613269][ C0] __fput+0x461/0xa70 [ 491.613289][ C0] fput_close_sync+0x11f/0x240 [ 491.613306][ C0] ? __pfx_fput_close_sync+0x10/0x10 [ 491.613325][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.613341][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.613357][ C0] __x64_sys_close+0x7e/0x110 [ 491.613375][ C0] do_syscall_64+0x15f/0xf80 [ 491.613392][ C0] ? trace_irq_disable+0x3b/0x140 [ 491.613409][ C0] ? clear_bhb_loop+0x40/0x90 [ 491.613426][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.613447][ C0] RIP: 0033:0x7fd3c4acf98e [ 491.613467][ C0] Code: 08 0f 85 65 e1 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 90 41 57 41 56 4d 89 c6 41 55 4d 89 cd 41 54 55 53 48 83 ec 08 executing program [ 491.613481][ C0] RSP: 002b:00007ffcc0cf80b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 491.613497][ C0] RAX: ffffffffffffffda RBX: 00005555771d0400 RCX: 00007fd3c4acf98e [ 491.613509][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 491.613519][ C0] RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000 [ 491.613528][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000077f63 [ 491.613538][ C0] R13: 0000000000077f95 R14: 00007fd3c4b6ab6c R15: 00007fd3c4b6ab60 [ 491.613554][ C0] [ 491.664806][ T8600] netlink: 'syz-executor150': attribute type 2 has an invalid length. [ 491.908738][ T8604] netlink: 'syz-executor150': attribute type 2 has an invalid length. [ 492.165141][ T8608] netlink: 'syz-executor150': attribute type 2 has an invalid length. [ 492.431208][ T8612] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 492.685094][ T8616] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 492.950917][ T8620] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 495.791534][ T8666] validate_nla: 11 callbacks suppressed [ 495.791547][ T8666] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 496.046244][ T8670] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 496.311718][ T8674] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 496.567048][ T8678] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 496.832241][ T8682] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 497.087392][ T8686] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 497.353304][ T8690] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 497.486511][ T8693] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 497.751971][ T8697] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 498.006791][ T8701] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 501.029605][ T8753] validate_nla: 11 callbacks suppressed [ 501.029617][ T8753] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 501.284076][ T8757] netlink: 'syz-executor150': attribute type 2 has an invalid length. executing program [ 501.386921][ T8760] netlink: 'syz-executor150': attribute type 2 has an invalid length. [ 501.522571][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.522653][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 executing program