Warning: Permanently added '10.128.1.192' (ED25519) to the list of known hosts. 2026/03/21 19:15:23 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 119.076697][ T6193] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 122.935100][ T114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.948705][ T114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.982556][ T114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.995867][ T114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.887047][ T5166] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 123.895667][ T5166] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 123.904952][ T5166] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 123.914272][ T5166] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 123.921906][ T5166] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 124.483176][ T6254] chnl_net:caif_netlink_parms(): no params data found [ 124.627857][ T6254] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.635821][ T6254] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.643877][ T6254] bridge_slave_0: entered allmulticast mode [ 124.651365][ T6254] bridge_slave_0: entered promiscuous mode [ 124.667479][ T6254] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.675420][ T6254] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.683052][ T6254] bridge_slave_1: entered allmulticast mode [ 124.690878][ T6254] bridge_slave_1: entered promiscuous mode [ 124.728332][ T6254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.741509][ T6254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 124.774760][ T6254] team0: Port device team_slave_0 added [ 124.785207][ T6254] team0: Port device team_slave_1 added [ 124.815210][ T6254] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 124.823024][ T6254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 124.850658][ T6254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 124.864699][ T6254] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 124.871856][ T6254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 124.899342][ T6254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 124.947148][ T6254] hsr_slave_0: entered promiscuous mode [ 124.955026][ T6254] hsr_slave_1: entered promiscuous mode [ 125.529186][ T6254] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 125.542458][ T6254] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 125.557078][ T6254] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 125.570381][ T6254] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 125.711599][ T6254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.747949][ T6254] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.765273][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.772484][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.800052][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.807534][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.090306][ T6254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.175569][ T6254] veth0_vlan: entered promiscuous mode [ 126.192550][ T6254] veth1_vlan: entered promiscuous mode [ 126.250278][ T6254] veth0_macvtap: entered promiscuous mode [ 126.267355][ T6254] veth1_macvtap: entered promiscuous mode [ 126.301978][ T6254] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.336232][ T6254] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.361021][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.389046][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.434659][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.471397][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.646629][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.749007][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.829902][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.964947][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/03/21 19:15:37 executed programs: 0 [ 128.360298][ T5166] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 128.369706][ T5166] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 128.379127][ T5166] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 128.388405][ T5166] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 128.396663][ T5166] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 128.594961][ T36] bridge_slave_1: left allmulticast mode [ 128.600800][ T36] bridge_slave_1: left promiscuous mode [ 128.608279][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.618995][ T36] bridge_slave_0: left allmulticast mode [ 128.625147][ T36] bridge_slave_0: left promiscuous mode [ 128.631503][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.790748][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 128.801350][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 128.811481][ T36] bond0 (unregistering): Released all slaves [ 128.929880][ T36] hsr_slave_0: left promiscuous mode [ 128.937782][ T36] hsr_slave_1: left promiscuous mode [ 128.945118][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 128.952562][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 128.961083][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 128.970875][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 128.985025][ T36] veth1_macvtap: left promiscuous mode [ 128.990809][ T36] veth0_macvtap: left promiscuous mode [ 128.996488][ T36] veth1_vlan: left promiscuous mode [ 129.002346][ T36] veth0_vlan: left promiscuous mode [ 129.310441][ T36] team0 (unregistering): Port device team_slave_1 removed [ 129.336670][ T36] team0 (unregistering): Port device team_slave_0 removed [ 129.641522][ T6380] chnl_net:caif_netlink_parms(): no params data found [ 130.000895][ T6380] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.008420][ T6380] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.017524][ T6380] bridge_slave_0: entered allmulticast mode [ 130.032531][ T6380] bridge_slave_0: entered promiscuous mode [ 130.044169][ T6380] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.051612][ T6380] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.059458][ T6380] bridge_slave_1: entered allmulticast mode [ 130.068140][ T6380] bridge_slave_1: entered promiscuous mode [ 130.257310][ T6380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.271107][ T6380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.316661][ T6380] team0: Port device team_slave_0 added [ 130.340991][ T6380] team0: Port device team_slave_1 added [ 130.430241][ T6380] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.454867][ T51] Bluetooth: hci0: command tx timeout [ 130.461058][ T6380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 130.487282][ T6380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 130.507481][ T6380] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 130.514624][ T6380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 130.540758][ T6380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.633467][ T6380] hsr_slave_0: entered promiscuous mode [ 130.641988][ T6380] hsr_slave_1: entered promiscuous mode [ 131.203645][ T6380] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 131.219019][ T6380] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 131.236987][ T6380] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 131.258833][ T6380] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 131.388657][ T6380] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.421241][ T6380] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.444989][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.452203][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.487155][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.494389][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.760813][ T6380] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.810945][ T6380] veth0_vlan: entered promiscuous mode [ 131.823634][ T6380] veth1_vlan: entered promiscuous mode [ 131.857716][ T6380] veth0_macvtap: entered promiscuous mode [ 131.868372][ T6380] veth1_macvtap: entered promiscuous mode [ 131.891700][ T6380] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 131.908279][ T6380] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 131.924511][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.934197][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.945226][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.955041][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.026992][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.035774][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.064403][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.074252][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.178012][ T6483] netlink: 'syz.0.17': attribute type 2 has an invalid length. [ 132.190358][ C0] [ 132.192687][ C0] ================================ [ 132.197859][ C0] WARNING: inconsistent lock state [ 132.203045][ C0] syzkaller #0 Not tainted [ 132.207455][ C0] -------------------------------- [ 132.212548][ C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 132.219378][ C0] syz.0.17/6481 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 132.225783][ C0] ffff888036da9be8 (slock-AF_PHONET/1){+.?.}-{3:3}, at: __sk_receive_skb+0x23c/0xa90 [ 132.235289][ C0] {SOFTIRQ-ON-W} state was registered at: [ 132.241010][ C0] lock_acquire+0x106/0x350 [ 132.245618][ C0] _raw_spin_lock_nested+0x32/0x50 [ 132.250868][ C0] __sk_receive_skb+0x23c/0xa90 [ 132.255803][ C0] pep_do_rcv+0x685/0xaa0 [ 132.260300][ C0] __release_sock+0x297/0x3a0 [ 132.265051][ C0] release_sock+0x190/0x260 [ 132.269670][ C0] pep_sock_accept+0xed3/0x1410 [ 132.274871][ C0] pn_socket_accept+0xc9/0x2e0 [ 132.279801][ C0] do_accept+0x6ba/0x920 [ 132.284152][ C0] __sys_accept4+0x139/0x230 [ 132.288819][ C0] __x64_sys_accept4+0x9a/0xb0 [ 132.293717][ C0] do_syscall_64+0x14d/0xf80 [ 132.298571][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.304678][ C0] irq event stamp: 1546 [ 132.308832][ C0] hardirqs last enabled at (1546): [] _raw_spin_unlock_irq+0x23/0x50 [ 132.319011][ C0] hardirqs last disabled at (1545): [] _raw_spin_lock_irq+0x17/0x50 [ 132.328578][ C0] softirqs last enabled at (1540): [] netif_rx+0x79/0x90 [ 132.337434][ C0] softirqs last disabled at (1541): [] do_softirq+0x76/0xd0 [ 132.346291][ C0] [ 132.346291][ C0] other info that might help us debug this: [ 132.354354][ C0] Possible unsafe locking scenario: [ 132.354354][ C0] [ 132.361966][ C0] CPU0 [ 132.365246][ C0] ---- [ 132.368513][ C0] lock(slock-AF_PHONET/1); [ 132.373112][ C0] [ 132.376706][ C0] lock(slock-AF_PHONET/1); [ 132.381488][ C0] [ 132.381488][ C0] *** DEADLOCK *** [ 132.381488][ C0] [ 132.389807][ C0] 5 locks held by syz.0.17/6481: [ 132.395421][ C0] #0: ffff8880721f8e40 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250 [ 132.405936][ C0] #1: ffff88807e9f4360 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0 [ 132.415694][ C0] #2: ffffffff8e95d7e0 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x3eb/0x1950 [ 132.425255][ C0] #3: ffff88807e9f4968 (slock-AF_PHONET){+.-.}-{3:3}, at: __sk_receive_skb+0x26e/0xa90 [ 132.435274][ C0] #4: ffff88807e9f49e0 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40 [ 132.445388][ C0] [ 132.445388][ C0] stack backtrace: [ 132.451310][ C0] CPU: 0 UID: 0 PID: 6481 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 132.451325][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 132.451337][ C0] Call Trace: [ 132.451343][ C0] [ 132.451349][ C0] dump_stack_lvl+0xe8/0x150 [ 132.451373][ C0] print_usage_bug+0x28b/0x2e0 [ 132.451388][ C0] mark_lock_irq+0x410/0x420 [ 132.451400][ C0] mark_lock+0x115/0x190 [ 132.451409][ C0] __lock_acquire+0x689/0x2cf0 [ 132.451426][ C0] ? sk_filter_trim_cap+0x1e1/0xd90 [ 132.451443][ C0] ? sk_filter_trim_cap+0x957/0xd90 [ 132.451456][ C0] ? __pfx___smp_call_single_queue+0x10/0x10 [ 132.451470][ C0] ? __sk_receive_skb+0x23c/0xa90 [ 132.451480][ C0] lock_acquire+0x106/0x350 [ 132.451493][ C0] ? __sk_receive_skb+0x23c/0xa90 [ 132.451506][ C0] _raw_spin_lock_nested+0x32/0x50 [ 132.451517][ C0] ? __sk_receive_skb+0x23c/0xa90 [ 132.451527][ C0] __sk_receive_skb+0x23c/0xa90 [ 132.451551][ C0] ? __pfx___sk_receive_skb+0x10/0x10 [ 132.451561][ C0] ? sk_filter_trim_cap+0x957/0xd90 [ 132.451581][ C0] pep_do_rcv+0x685/0xaa0 [ 132.451596][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 132.451610][ C0] ? phonet_rcv+0x781/0xc40 [ 132.451621][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 132.451633][ C0] __sk_receive_skb+0xa07/0xa90 [ 132.451644][ C0] ? __pfx___sk_receive_skb+0x10/0x10 [ 132.451655][ C0] ? pn_find_sock_by_sa+0x420/0x510 [ 132.451667][ C0] phonet_rcv+0x781/0xc40 [ 132.451678][ C0] ? __asan_memset+0x22/0x50 [ 132.451694][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 132.451706][ C0] ? process_backlog+0x3eb/0x1950 [ 132.451717][ C0] ? process_backlog+0x3eb/0x1950 [ 132.451727][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 132.451738][ C0] ? process_backlog+0x3eb/0x1950 [ 132.451748][ C0] process_backlog+0xc66/0x1950 [ 132.451762][ C0] __napi_poll+0xae/0x340 [ 132.451771][ C0] ? skb_defer_free_flush+0x233/0x260 [ 132.451782][ C0] net_rx_action+0x627/0xf70 [ 132.451795][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 132.451808][ C0] ? sched_clock+0x3f/0x60 [ 132.451822][ C0] handle_softirqs+0x22a/0x840 [ 132.451837][ C0] ? do_softirq+0x76/0xd0 [ 132.451851][ C0] ? netif_rx+0x79/0x90 [ 132.451875][ C0] do_softirq+0x76/0xd0 [ 132.451889][ C0] [ 132.451892][ C0] [ 132.451895][ C0] __local_bh_enable_ip+0xf8/0x130 [ 132.451909][ C0] netif_rx+0x83/0x90 [ 132.451922][ C0] pn_send+0x62a/0x8e0 [ 132.451934][ C0] pn_skb_send+0x218/0x530 [ 132.451947][ C0] pep_sock_close+0x2c1/0x5b0 [ 132.451960][ C0] pn_socket_release+0x9b/0xc0 [ 132.451971][ C0] __sock_release+0xb9/0x250 [ 132.451980][ C0] ? __pfx_sock_close+0x10/0x10 [ 132.451995][ C0] sock_close+0x1c/0x30 [ 132.452009][ C0] __fput+0x451/0x8c0 [ 132.452023][ C0] task_work_run+0x1d9/0x270 [ 132.452037][ C0] ? __pfx_task_work_run+0x10/0x10 [ 132.452050][ C0] exit_to_user_mode_loop+0xed/0x480 [ 132.452065][ C0] ? rcu_is_watching+0x15/0xb0 [ 132.452074][ C0] do_syscall_64+0x32d/0xf80 [ 132.452086][ C0] ? trace_irq_disable+0x3b/0x140 [ 132.452098][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.452107][ C0] ? clear_bhb_loop+0x40/0x90 [ 132.452118][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.452129][ C0] RIP: 0033:0x7f974d99c799 [ 132.452144][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 132.452152][ C0] RSP: 002b:00007ffc3ad21728 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 132.452164][ C0] RAX: 0000000000000000 RBX: 00007f974dc17da0 RCX: 00007f974d99c799 [ 132.452171][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 132.452177][ C0] RBP: 00007f974dc17da0 R08: 00007f974dc16038 R09: 0000000000000000 [ 132.452184][ C0] R10: 000000000003fda8 R11: 0000000000000246 R12: 0000000000020730 [ 132.452190][ C0] R13: 00007f974dc1609c R14: 0000000000020461 R15: 00007f974dc16090 [ 132.452200][ C0] [ 132.859190][ T51] Bluetooth: hci0: command tx timeout [ 132.865405][ T1318] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.871739][ T1318] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.948639][ T6486] netlink: 'syz.0.18': attribute type 2 has an invalid length. 2026/03/21 19:15:42 executed programs: 4 [ 133.797948][ T6489] netlink: 'syz.0.19': attribute type 2 has an invalid length. [ 134.642817][ T6492] netlink: 'syz.0.20': attribute type 2 has an invalid length. [ 134.932904][ T51] Bluetooth: hci0: command tx timeout [ 135.488973][ T6495] netlink: 'syz.0.21': attribute type 2 has an invalid length. [ 136.335664][ T6498] netlink: 'syz.0.22': attribute type 2 has an invalid length. [ 137.022928][ T51] Bluetooth: hci0: command tx timeout [ 137.179813][ T6501] netlink: 'syz.0.23': attribute type 2 has an invalid length. [ 138.026866][ T6504] netlink: 'syz.0.24': attribute type 2 has an invalid length. 2026/03/21 19:15:48 executed programs: 10 [ 138.871821][ T6507] netlink: 'syz.0.25': attribute type 2 has an invalid length. [ 138.944757][ T6510] netlink: 'syz.0.26': attribute type 2 has an invalid length. [ 139.790652][ T6513] netlink: 'syz.0.27': attribute type 2 has an invalid length. [ 140.635628][ T6516] netlink: 'syz.0.28': attribute type 2 has an invalid length. [ 141.479629][ T6519] netlink: 'syz.0.29': attribute type 2 has an invalid length.