Warning: Permanently added '10.128.1.140' (ED25519) to the list of known hosts. [ 35.545200][ T6416] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 35.547298][ T6416] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 35.549507][ T6416] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 35.553209][ T6416] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 35.555216][ T6416] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 35.556861][ T6416] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 35.612629][ T6415] chnl_net:caif_netlink_parms(): no params data found [ 35.654213][ T6415] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.655817][ T6415] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.657369][ T6415] bridge_slave_0: entered allmulticast mode [ 35.659132][ T6415] bridge_slave_0: entered promiscuous mode [ 35.662510][ T6415] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.664069][ T6415] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.665554][ T6415] bridge_slave_1: entered allmulticast mode [ 35.667315][ T6415] bridge_slave_1: entered promiscuous mode [ 35.679044][ T6415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.683286][ T6415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.695692][ T6415] team0: Port device team_slave_0 added [ 35.698602][ T6415] team0: Port device team_slave_1 added [ 35.708374][ T6415] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.710018][ T6415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.715854][ T6415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.719851][ T6415] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.721435][ T6415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.726848][ T6415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.792712][ T6415] hsr_slave_0: entered promiscuous mode [ 35.831557][ T6415] hsr_slave_1: entered promiscuous mode [ 35.941420][ T6415] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 35.945530][ T6415] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 35.948953][ T6415] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 35.952487][ T6415] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 35.967371][ T6415] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.969051][ T6415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.971179][ T6415] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.972752][ T6415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.998989][ T6415] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.009369][ T704] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.012790][ T704] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.024031][ T6415] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.030411][ T519] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.032083][ T519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.037855][ T519] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.039304][ T519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.075908][ T6415] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.095777][ T6415] veth0_vlan: entered promiscuous mode [ 36.099735][ T6415] veth1_vlan: entered promiscuous mode [ 36.113974][ T6415] veth0_macvtap: entered promiscuous mode [ 36.117192][ T6415] veth1_macvtap: entered promiscuous mode [ 36.125281][ T6415] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.130323][ T6415] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.134020][ T6415] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.135815][ T6415] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.137554][ T6415] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.139361][ T6415] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 36.411155][ T6240] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 36.563119][ T6240] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 36.565075][ T6240] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 36.567292][ T6240] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid maxpacket 255, setting to 64 [ 36.569465][ T6240] usb 1-1: config 1 interface 0 has no altsetting 0 [ 36.571255][ T6240] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 36.573304][ T6240] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.582074][ T6240] ums-sddr09 1-1:1.0: USB Mass Storage device detected [ 36.782422][ T6240] scsi host0: usb-storage 1-1:1.0 [ 37.601836][ T6416] Bluetooth: hci0: command tx timeout [ 37.843660][ T704] scsi 0:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 37.960810][ T704] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 38.162480][ T6429] sddr09: could not read card info [ 38.164799][ T2269] usb 1-1: USB disconnect, device number 2 [ 38.201916][ T519] sd 0:0:0:0: [sda] 0 512-byte logical blocks: (0 B/0 B) [ 38.203538][ T519] sd 0:0:0:0: [sda] 0-byte physical blocks [ 38.205077][ T519] sd 0:0:0:0: [sda] Write Protect is off [ 38.206379][ T519] sd 0:0:0:0: [sda] Asking for cache data failed [ 38.207669][ T519] sd 0:0:0:0: [sda] Assuming drive cache: write through [ 38.216853][ T519] sd 0:0:0:0: [sda] Attached SCSI removable disk [ 38.226057][ T2269] [ 38.226606][ T2269] ====================================================== [ 38.228034][ T2269] WARNING: possible circular locking dependency detected [ 38.229414][ T2269] 6.13.0-rc3-syzkaller-g573067a5a685 #0 Not tainted [ 38.230654][ T2269] ------------------------------------------------------ [ 38.232183][ T2269] kworker/1:2/2269 is trying to acquire lock: [ 38.233527][ T2269] ffff0000dfbc03e0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: touch_work_lockdep_map+0x74/0x11c [ 38.236042][ T2269] [ 38.236042][ T2269] but task is already holding lock: [ 38.237683][ T2269] ffff0000cad4e260 (&q->q_usage_counter(queue)#37){++++}-{0:0}, at: sd_remove+0x8c/0x118 [ 38.239673][ T2269] [ 38.239673][ T2269] which lock already depends on the new lock. [ 38.239673][ T2269] [ 38.242095][ T2269] [ 38.242095][ T2269] the existing dependency chain (in reverse order) is: [ 38.244238][ T2269] [ 38.244238][ T2269] -> #3 (&q->q_usage_counter(queue)#37){++++}-{0:0}: [ 38.246113][ T2269] blk_queue_enter+0xf0/0x538 [ 38.247331][ T2269] blk_mq_alloc_request+0x3d8/0x8f0 [ 38.248509][ T2269] scsi_execute_cmd+0x144/0xd94 [ 38.249575][ T2269] read_capacity_10+0x1f4/0x764 [ 38.250846][ T2269] sd_revalidate_disk+0xd1c/0x98a4 [ 38.251992][ T2269] sd_probe+0x6f0/0xcec [ 38.252890][ T2269] really_probe+0x38c/0x8fc [ 38.253970][ T2269] __driver_probe_device+0x194/0x374 [ 38.255306][ T2269] driver_probe_device+0x78/0x330 [ 38.256502][ T2269] __device_attach_driver+0x2a8/0x4f4 [ 38.257646][ T2269] bus_for_each_drv+0x228/0x2bc [ 38.258777][ T2269] __device_attach_async_helper+0x210/0x2c0 [ 38.260188][ T2269] async_run_entry_fn+0x98/0x3b4 [ 38.261343][ T2269] process_one_work+0x7a8/0x15cc [ 38.262481][ T2269] worker_thread+0x97c/0xeec [ 38.263508][ T2269] kthread+0x288/0x310 [ 38.264393][ T2269] ret_from_fork+0x10/0x20 [ 38.265461][ T2269] [ 38.265461][ T2269] -> #2 (&q->limits_lock){+.+.}-{4:4}: [ 38.267182][ T2269] __mutex_lock_common+0x218/0x28f4 [ 38.268370][ T2269] mutex_lock_nested+0x2c/0x38 [ 38.269389][ T2269] nvme_update_ns_info_block+0x5b4/0x2848 [ 38.270634][ T2269] nvme_update_ns_info+0xdc/0xed0 [ 38.271745][ T2269] nvme_scan_ns+0x2028/0x36ec [ 38.272879][ T2269] nvme_scan_ns_sequential+0x198/0x250 [ 38.274169][ T2269] nvme_scan_work+0x9e0/0xd18 [ 38.275282][ T2269] process_one_work+0x7a8/0x15cc [ 38.276370][ T2269] worker_thread+0x97c/0xeec [ 38.277483][ T2269] kthread+0x288/0x310 [ 38.278486][ T2269] ret_from_fork+0x10/0x20 [ 38.279558][ T2269] [ 38.279558][ T2269] -> #1 (&q->q_usage_counter(io)#50){++++}-{0:0}: [ 38.281433][ T2269] blk_mq_submit_bio+0x1254/0x2070 [ 38.282705][ T2269] __submit_bio+0x1a0/0x4f8 [ 38.283909][ T2269] submit_bio_noacct_nocheck+0x3bc/0xcbc [ 38.285162][ T2269] submit_bio_noacct+0xc6c/0x166c [ 38.286420][ T2269] submit_bio+0x374/0x564 [ 38.287352][ T2269] submit_bh_wbc+0x3f8/0x4c8 [ 38.288509][ T2269] __block_write_full_folio+0x840/0xd74 [ 38.289795][ T2269] block_write_full_folio+0x2fc/0x3c4 [ 38.291108][ T2269] write_cache_pages+0xc8/0x20c [ 38.292242][ T2269] blkdev_writepages+0xac/0x100 [ 38.293369][ T2269] do_writepages+0x304/0x7d0 [ 38.294462][ T2269] __writeback_single_inode+0x15c/0x15a4 [ 38.295830][ T2269] writeback_sb_inodes+0x650/0x1088 [ 38.296937][ T2269] __writeback_inodes_wb+0xec/0x234 [ 38.298171][ T2269] wb_writeback+0x3f4/0xe9c [ 38.299310][ T2269] wb_workfn+0xc28/0x1048 [ 38.300362][ T2269] process_one_work+0x7a8/0x15cc [ 38.301374][ T2269] worker_thread+0x97c/0xeec [ 38.302377][ T2269] kthread+0x288/0x310 [ 38.303365][ T2269] ret_from_fork+0x10/0x20 [ 38.304438][ T2269] [ 38.304438][ T2269] -> #0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}: [ 38.306484][ T2269] __lock_acquire+0x34f0/0x7904 [ 38.307547][ T2269] lock_acquire+0x23c/0x724 [ 38.308537][ T2269] touch_work_lockdep_map+0x9c/0x11c [ 38.309764][ T2269] __flush_work+0x578/0x954 [ 38.310805][ T2269] flush_delayed_work+0xcc/0xf8 [ 38.311931][ T2269] wb_shutdown+0x154/0x1d0 [ 38.312973][ T2269] bdi_unregister+0x160/0x4f8 [ 38.314105][ T2269] del_gendisk+0x39c/0x870 [ 38.315178][ T2269] sd_remove+0x8c/0x118 [ 38.316160][ T2269] device_release_driver_internal+0x440/0x698 [ 38.317599][ T2269] device_release_driver+0x28/0x38 [ 38.318879][ T2269] bus_remove_device+0x314/0x3b4 [ 38.320187][ T2269] device_del+0x480/0x828 [ 38.321157][ T2269] __scsi_remove_device+0x178/0x368 [ 38.322387][ T2269] scsi_forget_host+0xe0/0x128 [ 38.323405][ T2269] scsi_remove_host+0x13c/0x6c8 [ 38.324521][ T2269] usb_stor_disconnect+0x13c/0x218 [ 38.325670][ T2269] usb_unbind_interface+0x22c/0x7ec [ 38.326910][ T2269] device_release_driver_internal+0x440/0x698 [ 38.328193][ T2269] device_release_driver+0x28/0x38 [ 38.329402][ T2269] bus_remove_device+0x314/0x3b4 [ 38.330559][ T2269] device_del+0x480/0x828 [ 38.331691][ T2269] usb_disable_device+0x354/0x760 [ 38.333019][ T2269] usb_disconnect+0x290/0x808 [ 38.334151][ T2269] hub_event+0x1918/0x4280 [ 38.335278][ T2269] process_one_work+0x7a8/0x15cc [ 38.336595][ T2269] worker_thread+0x97c/0xeec [ 38.337670][ T2269] kthread+0x288/0x310 [ 38.338697][ T2269] ret_from_fork+0x10/0x20 [ 38.339771][ T2269] [ 38.339771][ T2269] other info that might help us debug this: [ 38.339771][ T2269] [ 38.341700][ T2269] Chain exists of: [ 38.341700][ T2269] (work_completion)(&(&wb->dwork)->work) --> &q->limits_lock --> &q->q_usage_counter(queue)#37 [ 38.341700][ T2269] [ 38.345213][ T2269] Possible unsafe locking scenario: [ 38.345213][ T2269] [ 38.346911][ T2269] CPU0 CPU1 [ 38.348006][ T2269] ---- ---- [ 38.349243][ T2269] lock(&q->q_usage_counter(queue)#37); [ 38.350415][ T2269] lock(&q->limits_lock); [ 38.352030][ T2269] lock(&q->q_usage_counter(queue)#37); [ 38.353965][ T2269] lock((work_completion)(&(&wb->dwork)->work)); [ 38.355429][ T2269] [ 38.355429][ T2269] *** DEADLOCK *** [ 38.355429][ T2269] [ 38.357085][ T2269] 9 locks held by kworker/1:2/2269: [ 38.358241][ T2269] #0: ffff0000c2772148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x60c/0x15cc [ 38.360717][ T2269] #1: ffff8000a0a67c20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x6a4/0x15cc [ 38.363085][ T2269] #2: ffff0000cca1d190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1bc/0x4280 [ 38.364880][ T2269] #3: ffff0000dfae4190 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xec/0x808 [ 38.366754][ T2269] #4: ffff0000d8cc5160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xbc/0x698 [ 38.369000][ T2269] #5: ffff0000df90c0e0 (&shost->scan_mutex){+.+.}-{4:4}, at: scsi_remove_host+0x44/0x6c8 [ 38.371160][ T2269] #6: ffff0000c72d6378 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xbc/0x698 [ 38.373500][ T2269] #7: ffff0000cad4e260 (&q->q_usage_counter(queue)#37){++++}-{0:0}, at: sd_remove+0x8c/0x118 [ 38.375854][ T2269] #8: ffff80008fb82560 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c [ 38.377972][ T2269] [ 38.377972][ T2269] stack backtrace: [ 38.379247][ T2269] CPU: 1 UID: 0 PID: 2269 Comm: kworker/1:2 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0 [ 38.381475][ T2269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 38.383679][ T2269] Workqueue: usb_hub_wq hub_event [ 38.384743][ T2269] Call trace: [ 38.385366][ T2269] show_stack+0x2c/0x3c (C) [ 38.386309][ T2269] dump_stack_lvl+0xe4/0x150 [ 38.387416][ T2269] dump_stack+0x1c/0x28 [ 38.388208][ T2269] print_circular_bug+0x154/0x1c0 [ 38.389311][ T2269] check_noncircular+0x310/0x404 [ 38.390445][ T2269] __lock_acquire+0x34f0/0x7904 [ 38.391365][ T2269] lock_acquire+0x23c/0x724 [ 38.392381][ T2269] touch_work_lockdep_map+0x9c/0x11c [ 38.393414][ T2269] __flush_work+0x578/0x954 [ 38.394363][ T2269] flush_delayed_work+0xcc/0xf8 [ 38.395507][ T2269] wb_shutdown+0x154/0x1d0 [ 38.396418][ T2269] bdi_unregister+0x160/0x4f8 [ 38.397360][ T2269] del_gendisk+0x39c/0x870 [ 38.398343][ T2269] sd_remove+0x8c/0x118 [ 38.399182][ T2269] device_release_driver_internal+0x440/0x698 [ 38.400498][ T2269] device_release_driver+0x28/0x38 [ 38.401580][ T2269] bus_remove_device+0x314/0x3b4 [ 38.402715][ T2269] device_del+0x480/0x828 [ 38.403627][ T2269] __scsi_remove_device+0x178/0x368 [ 38.404699][ T2269] scsi_forget_host+0xe0/0x128 [ 38.405683][ T2269] scsi_remove_host+0x13c/0x6c8 [ 38.406739][ T2269] usb_stor_disconnect+0x13c/0x218 [ 38.407804][ T2269] usb_unbind_interface+0x22c/0x7ec [ 38.408962][ T2269] device_release_driver_internal+0x440/0x698 [ 38.410298][ T2269] device_release_driver+0x28/0x38 [ 38.411396][ T2269] bus_remove_device+0x314/0x3b4 [ 38.412410][ T2269] device_del+0x480/0x828 [ 38.413310][ T2269] usb_disable_device+0x354/0x760 [ 38.414358][ T2269] usb_disconnect+0x290/0x808 [ 38.415373][ T2269] hub_event+0x1918/0x4280 [ 38.416303][ T2269] process_one_work+0x7a8/0x15cc [ 38.417387][ T2269] worker_thread+0x97c/0xeec [ 38.418427][ T2269] kthread+0x288/0x310 [ 38.419292][ T2269] ret_from_fork+0x10/0x20