Warning: Permanently added '10.128.0.16' (ED25519) to the list of known hosts. 1970/01/01 00:01:01 ignoring optional flag "type"="gce" 1970/01/01 00:01:02 parsed 1 programs [ 63.389532][ T4352] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 64.823546][ T4473] chnl_net:caif_netlink_parms(): no params data found [ 64.840304][ T4473] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.841499][ T4473] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.842991][ T4473] device bridge_slave_0 entered promiscuous mode [ 64.844950][ T4473] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.846058][ T4473] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.847431][ T4473] device bridge_slave_1 entered promiscuous mode [ 64.854928][ T4473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.857191][ T4473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.864316][ T4473] team0: Port device team_slave_0 added [ 64.865881][ T4473] team0: Port device team_slave_1 added [ 64.872481][ T4473] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.873556][ T4473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.877429][ T4473] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.879941][ T4473] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.880954][ T4473] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.885294][ T4473] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.939553][ T4473] device hsr_slave_0 entered promiscuous mode [ 64.978823][ T4473] device hsr_slave_1 entered promiscuous mode [ 65.463364][ T4473] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.489617][ T4473] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.539714][ T4473] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.580245][ T4473] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.627426][ T4473] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.628660][ T4473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.629882][ T4473] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.631079][ T4473] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.649605][ T4473] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.653220][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.655050][ T136] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.656444][ T136] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.658205][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 65.663367][ T4473] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.667947][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.669712][ T1605] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.670814][ T1605] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.672191][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.673708][ T1605] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.674848][ T1605] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.680763][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.682361][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.690756][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.693122][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.694683][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.699169][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.739674][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.740969][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.744380][ T4473] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.750699][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.761526][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.763114][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.764557][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.766810][ T4473] device veth0_vlan entered promiscuous mode [ 65.770797][ T4473] device veth1_vlan entered promiscuous mode [ 65.777397][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.779030][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.780499][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.783101][ T4473] device veth0_macvtap entered promiscuous mode [ 65.786521][ T4473] device veth1_macvtap entered promiscuous mode [ 65.792731][ T4473] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.794044][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.796018][ T1605] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.799470][ T4473] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.801660][ T4473] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.802965][ T4473] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.804304][ T4473] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.805854][ T4473] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.807922][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.081424][ T1605] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.711288][ T1605] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.619822][ T7] cfg80211: failed to load regulatory.db [ 69.620338][ T2064] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.622194][ T2064] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.301420][ T1605] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.351945][ T1605] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.868822][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.870148][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.872812][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 71.878188][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.880750][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.882334][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:12 executed programs: 0 [ 72.128474][ T4936] chnl_net:caif_netlink_parms(): no params data found [ 72.157650][ T4936] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.159086][ T4936] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.160678][ T4936] device bridge_slave_0 entered promiscuous mode [ 72.162737][ T4936] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.163959][ T4936] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.165414][ T4936] device bridge_slave_1 entered promiscuous mode [ 72.174531][ T4936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.177045][ T4936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.187005][ T4936] team0: Port device team_slave_0 added [ 72.189367][ T4936] team0: Port device team_slave_1 added [ 72.203195][ T4936] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.204249][ T4936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.208202][ T4936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.211230][ T4936] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.212217][ T4936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.216055][ T4936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.249937][ T4936] device hsr_slave_0 entered promiscuous mode [ 72.288941][ T4936] device hsr_slave_1 entered promiscuous mode [ 72.308996][ T4936] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.310221][ T4936] Cannot create hsr debugfs directory [ 72.445308][ T1605] device hsr_slave_0 left promiscuous mode [ 72.481003][ T1605] device hsr_slave_1 left promiscuous mode [ 72.558650][ T1605] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 72.559929][ T1605] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 72.561322][ T1605] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 72.562440][ T1605] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 72.563741][ T1605] device bridge_slave_1 left promiscuous mode [ 72.564727][ T1605] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.599156][ T1605] device bridge_slave_0 left promiscuous mode [ 72.600151][ T1605] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.718720][ T1605] device veth1_macvtap left promiscuous mode [ 72.719714][ T1605] device veth0_macvtap left promiscuous mode [ 72.720616][ T1605] device veth1_vlan left promiscuous mode [ 72.721465][ T1605] device veth0_vlan left promiscuous mode [ 72.804120][ T1605] team0 (unregistering): Port device team_slave_1 removed [ 72.808566][ T1605] team0 (unregistering): Port device team_slave_0 removed [ 72.813565][ T1605] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 72.861599][ T1605] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 72.952351][ T1605] bond0 (unregistering): Released all slaves [ 73.321433][ T4936] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.361152][ T4936] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.390535][ T4936] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.429768][ T4936] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.492498][ T4936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.496407][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.497878][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.501253][ T4936] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.504443][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.505913][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.507545][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.508651][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.514497][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.516137][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.517570][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.519825][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.521099][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.522457][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.524110][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.536252][ T4936] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.537933][ T4936] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.541269][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.543412][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.545231][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.546872][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.548497][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.554249][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.555727][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.557271][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.561069][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.562596][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.596519][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.597819][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.602453][ T4936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.608430][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 73.610467][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.623107][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.624585][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.626528][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.627901][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.630761][ T4936] device veth0_vlan entered promiscuous mode [ 73.634086][ T4936] device veth1_vlan entered promiscuous mode [ 73.683091][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.684659][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.686062][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.687645][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.693134][ T4936] device veth0_macvtap entered promiscuous mode [ 73.695736][ T4936] device veth1_macvtap entered promiscuous mode [ 73.703272][ T4936] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.704571][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.706119][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.707580][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.709277][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.712120][ T4936] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.714419][ T4936] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.715724][ T4936] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.719358][ T4936] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.720733][ T4936] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.729947][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.731618][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.768282][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.769998][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.771472][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.789789][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.791014][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.792638][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.821110][ T144] BUG: sleeping function called from invalid context at net/core/sock.c:3258 [ 73.822565][ T144] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 144, name: kworker/u5:0 [ 73.823906][ T144] 6 locks held by kworker/u5:0/144: [ 73.824706][ T144] #0: ffff0000c1afb938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x678/0x1140 [ 73.826418][ T144] #1: ffff80001bdc7c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6b8/0x1140 [ 73.828359][ T144] #2: ffff0000d5a98078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xb0/0x89c [ 73.830370][ T144] #3: ffff8000163ef788 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x400/0x89c [ 73.831946][ T144] #4: ffff0000c0fc0820 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x25c/0x8c0 [ 73.833370][ T144] #5: ffff0000d6b0a120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3cc/0x8c0 [ 73.835012][ T144] Preemption disabled at: [ 73.835028][ T144] [] sco_connect_cfm+0x25c/0x8c0 [ 73.836625][ T144] CPU: 1 PID: 144 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 73.837806][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 73.839348][ T144] Workqueue: hci0 hci_rx_work [ 73.840066][ T144] Call trace: [ 73.840595][ T144] dump_backtrace+0x0/0x43c [ 73.841323][ T144] show_stack+0x2c/0x3c [ 73.841965][ T144] __dump_stack+0x30/0x40 [ 73.842708][ T144] dump_stack_lvl+0xf8/0x160 [ 73.843445][ T144] dump_stack+0x1c/0x5c [ 73.844090][ T144] ___might_sleep+0x358/0x4d4 [ 73.844749][ T144] __might_sleep+0x98/0x124 [ 73.845418][ T144] lock_sock_nested+0xec/0x1d4 [ 73.846131][ T144] sco_connect_cfm+0x3cc/0x8c0 [ 73.846875][ T144] hci_sync_conn_complete_evt+0x468/0x89c [ 73.847738][ T144] hci_event_packet+0xa24/0x11bc [ 73.848450][ T144] hci_rx_work+0x1cc/0x880 [ 73.849113][ T144] process_one_work+0x79c/0x1140 [ 73.849866][ T144] worker_thread+0x8f4/0x101c [ 73.850507][ T144] kthread+0x374/0x454 [ 73.851166][ T144] ret_from_fork+0x10/0x20 [ 73.854466][ T5069] [ 73.854818][ T5069] ====================================================== [ 73.855846][ T5069] WARNING: possible circular locking dependency detected [ 73.856922][ T5069] syzkaller #0 Tainted: G W [ 73.857779][ T5069] ------------------------------------------------------ [ 73.858868][ T5069] syz.0.15/5069 is trying to acquire lock: [ 73.859700][ T5069] ffff0000c0fc0820 (&conn->lock#2){+.+.}-{2:2}, at: __sco_sock_close+0x344/0x768 [ 73.861065][ T5069] [ 73.861065][ T5069] but task is already holding lock: [ 73.862215][ T5069] ffff0000d0337120 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: __sco_sock_close+0x19c/0x768 [ 73.863733][ T5069] [ 73.863733][ T5069] which lock already depends on the new lock. [ 73.863733][ T5069] [ 73.865327][ T5069] [ 73.865327][ T5069] the existing dependency chain (in reverse order) is: [ 73.866803][ T5069] [ 73.866803][ T5069] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 73.868055][ T5069] lock_sock_nested+0xd8/0x1d4 [ 73.868874][ T5069] bt_accept_dequeue+0xe8/0x57c [ 73.869693][ T5069] __sco_sock_close+0x178/0x768 [ 73.870550][ T5069] sco_sock_release+0xb4/0x2c4 [ 73.871389][ T5069] sock_close+0xb4/0x1f8 [ 73.872114][ T5069] __fput+0x1c0/0x7f8 [ 73.872836][ T5069] ____fput+0x20/0x30 [ 73.873549][ T5069] task_work_run+0x12c/0x1e0 [ 73.874302][ T5069] do_notify_resume+0x24b4/0x3128 [ 73.875171][ T5069] el0_svc+0xf0/0x1e0 [ 73.875906][ T5069] el0t_64_sync_handler+0xcc/0xe4 [ 73.876745][ T5069] el0t_64_sync+0x1a0/0x1a4 [ 73.877542][ T5069] [ 73.877542][ T5069] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 73.878946][ T5069] lock_sock_nested+0xd8/0x1d4 [ 73.879749][ T5069] sco_connect_cfm+0x3cc/0x8c0 [ 73.880530][ T5069] hci_sync_conn_complete_evt+0x468/0x89c [ 73.881424][ T5069] hci_event_packet+0xa24/0x11bc [ 73.882201][ T5069] hci_rx_work+0x1cc/0x880 [ 73.882882][ T5069] process_one_work+0x79c/0x1140 [ 73.883668][ T5069] worker_thread+0x8f4/0x101c [ 73.884401][ T5069] kthread+0x374/0x454 [ 73.885042][ T5069] ret_from_fork+0x10/0x20 [ 73.885748][ T5069] [ 73.885748][ T5069] -> #0 (&conn->lock#2){+.+.}-{2:2}: [ 73.886832][ T5069] __lock_acquire+0x2928/0x651c [ 73.887597][ T5069] lock_acquire+0x1f4/0x620 [ 73.888304][ T5069] _raw_spin_lock+0xb0/0x10c [ 73.889028][ T5069] __sco_sock_close+0x344/0x768 [ 73.889784][ T5069] __sco_sock_close+0x1f0/0x768 [ 73.890627][ T5069] sco_sock_release+0xb4/0x2c4 [ 73.891487][ T5069] sock_close+0xb4/0x1f8 [ 73.892230][ T5069] __fput+0x1c0/0x7f8 [ 73.892984][ T5069] ____fput+0x20/0x30 [ 73.893749][ T5069] task_work_run+0x12c/0x1e0 [ 73.894558][ T5069] do_notify_resume+0x24b4/0x3128 [ 73.895468][ T5069] el0_svc+0xf0/0x1e0 [ 73.896190][ T5069] el0t_64_sync_handler+0xcc/0xe4 [ 73.897111][ T5069] el0t_64_sync+0x1a0/0x1a4 [ 73.897944][ T5069] [ 73.897944][ T5069] other info that might help us debug this: [ 73.897944][ T5069] [ 73.899559][ T5069] Chain exists of: [ 73.899559][ T5069] &conn->lock#2 --> sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> sk_lock-AF_BLUETOOTH [ 73.899559][ T5069] [ 73.901912][ T5069] Possible unsafe locking scenario: [ 73.901912][ T5069] [ 73.903137][ T5069] CPU0 CPU1 [ 73.903994][ T5069] ---- ---- [ 73.904863][ T5069] lock(sk_lock-AF_BLUETOOTH); [ 73.905667][ T5069] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 73.907010][ T5069] lock(sk_lock-AF_BLUETOOTH); [ 73.908197][ T5069] lock(&conn->lock#2); [ 73.908842][ T5069] [ 73.908842][ T5069] *** DEADLOCK *** [ 73.908842][ T5069] [ 73.910018][ T5069] 3 locks held by syz.0.15/5069: [ 73.910795][ T5069] #0: ffff0000e2766810 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x7c/0x1f8 [ 73.912452][ T5069] #1: ffff0000d6b0a120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_sock_release+0x60/0x2c4 [ 73.914277][ T5069] #2: ffff0000d0337120 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: __sco_sock_close+0x19c/0x768 [ 73.915862][ T5069] [ 73.915862][ T5069] stack backtrace: [ 73.916746][ T5069] CPU: 1 PID: 5069 Comm: syz.0.15 Tainted: G W syzkaller #0 [ 73.918087][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 73.919550][ T5069] Call trace: [ 73.920026][ T5069] dump_backtrace+0x0/0x43c [ 73.920725][ T5069] show_stack+0x2c/0x3c [ 73.921389][ T5069] __dump_stack+0x30/0x40 [ 73.922066][ T5069] dump_stack_lvl+0xf8/0x160 [ 73.922755][ T5069] dump_stack+0x1c/0x5c [ 73.923411][ T5069] print_circular_bug+0x148/0x1b0 [ 73.924204][ T5069] check_noncircular+0x240/0x2d4 [ 73.924996][ T5069] __lock_acquire+0x2928/0x651c [ 73.925708][ T5069] lock_acquire+0x1f4/0x620 [ 73.926399][ T5069] _raw_spin_lock+0xb0/0x10c [ 73.927128][ T5069] __sco_sock_close+0x344/0x768 [ 73.927875][ T5069] __sco_sock_close+0x1f0/0x768 [ 73.928619][ T5069] sco_sock_release+0xb4/0x2c4 [ 73.929360][ T5069] sock_close+0xb4/0x1f8 [ 73.930027][ T5069] __fput+0x1c0/0x7f8 [ 73.930629][ T5069] ____fput+0x20/0x30 [ 73.931228][ T5069] task_work_run+0x12c/0x1e0 [ 73.931896][ T5069] do_notify_resume+0x24b4/0x3128 [ 73.932629][ T5069] el0_svc+0xf0/0x1e0 [ 73.933228][ T5069] el0t_64_sync_handler+0xcc/0xe4 [ 73.933920][ T5069] el0t_64_sync+0x1a0/0x1a4 [ 74.098834][ T4160] Bluetooth: hci0: command 0x0409 tx timeout [ 76.178652][ T5126] Bluetooth: hci0: command 0x041b tx timeout 1970/01/01 00:01:17 executed programs: 183 [ 78.258705][ T5126] Bluetooth: hci0: command 0x040f tx timeout [ 80.338671][ T5126] Bluetooth: hci0: command 0x0419 tx timeout 1970/01/01 00:01:22 executed programs: 477 [ 82.418660][ T5125] Bluetooth: hci0: command 0x0409 tx timeout