Warning: Permanently added '10.128.1.192' (ED25519) to the list of known hosts.
1970/01/01 00:00:48 ignoring optional flag "type"="gce"
1970/01/01 00:00:48 parsed 1 programs
[   48.832930][ T4272] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
1970/01/01 00:00:48 executed programs: 0
[   48.911931][ T4288] chnl_net:caif_netlink_parms(): no params data found
[   48.930903][ T4288] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.932119][ T4288] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.933726][ T4288] device bridge_slave_0 entered promiscuous mode
[   48.935798][ T4288] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.936937][ T4288] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.938704][ T4288] device bridge_slave_1 entered promiscuous mode
[   48.947247][ T4288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.950210][ T4288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.958694][ T4288] team0: Port device team_slave_0 added
[   48.960682][ T4288] team0: Port device team_slave_1 added
[   48.967810][ T4288] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.969135][ T4288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.973391][ T4288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   48.975911][ T4288] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.976982][ T4288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.981256][ T4288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   49.019525][ T4288] device hsr_slave_0 entered promiscuous mode
[   49.068570][ T4288] device hsr_slave_1 entered promiscuous mode
[   49.611089][ T4288] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   49.649680][ T4288] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   49.669707][ T4288] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   49.700792][ T4288] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   49.735569][ T4288] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.736907][ T4288] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.738176][ T4288] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.739451][ T4288] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.761582][ T4288] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.766579][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.769406][ T1640] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.770999][ T1640] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.772907][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   49.777963][ T4288] 8021q: adding VLAN 0 to HW filter on device team0
[   49.784563][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.786140][ T1640] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.787287][ T1640] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.791839][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   49.793387][ T1640] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.794577][ T1640] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.803700][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   49.805415][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   49.808968][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   49.812565][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   49.815871][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   49.821924][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   49.867062][ T4288] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.869148][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   49.870457][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   49.878071][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   49.886761][  T402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   49.888459][  T402] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   49.889797][  T402] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   49.892766][ T4288] device veth0_vlan entered promiscuous mode
[   49.896365][ T4288] device veth1_vlan entered promiscuous mode
[   49.907367][  T402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   49.909406][  T402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   49.913353][ T4288] device veth0_macvtap entered promiscuous mode
[   49.916648][ T4288] device veth1_macvtap entered promiscuous mode
[   49.922847][ T4288] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.924047][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   49.925635][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   49.927220][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   49.929219][ T1640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   49.932372][ T4288] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.934427][  T402] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   49.936057][  T402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   49.943310][ T4288] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.944717][ T4288] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.946157][ T4288] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.947651][ T4288] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.006177][ T4418] 
[   50.006595][ T4418] ======================================================
[   50.007774][ T4418] WARNING: possible circular locking dependency detected
[   50.008945][ T4418] syzkaller #0 Not tainted
[   50.009708][ T4418] ------------------------------------------------------
[   50.010839][ T4418] syz-executor.0/4418 is trying to acquire lock:
[   50.011887][ T4418] ffff0000d0aa0c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xe4/0x1ec
[   50.013776][ T4418] 
[   50.013776][ T4418] but task is already holding lock:
[   50.015028][ T4418] ffff80001664a428 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x240/0x5dc
[   50.016639][ T4418] 
[   50.016639][ T4418] which lock already depends on the new lock.
[   50.016639][ T4418] 
[   50.018359][ T4418] 
[   50.018359][ T4418] the existing dependency chain (in reverse order) is:
[   50.019875][ T4418] 
[   50.019875][ T4418] -> #4 (rfkill_global_mutex){+.+.}-{3:3}:
[   50.021246][ T4418]        __mutex_lock_common+0x194/0x1f14
[   50.022251][ T4418]        mutex_lock_nested+0xac/0x11c
[   50.023105][ T4418]        rfkill_register+0x44/0x77c
[   50.023989][ T4418]        hci_register_dev+0x3d8/0x850
[   50.024824][ T4418]        vhci_create_device+0x2bc/0x54c
[   50.025623][ T4418]        vhci_write+0x30c/0x3ac
[   50.026470][ T4418]        vfs_write+0x590/0xa60
[   50.027280][ T4418]        ksys_write+0x12c/0x224
[   50.028175][ T4418]        __arm64_sys_write+0x7c/0x90
[   50.029007][ T4418]        invoke_syscall+0x98/0x2b0
[   50.029867][ T4418]        el0_svc_common+0x138/0x258
[   50.030684][ T4418]        do_el0_svc+0x58/0x13c
[   50.031489][ T4418]        el0_svc+0x78/0x1d0
[   50.032274][ T4418]        el0t_64_sync_handler+0xcc/0xe4
[   50.033223][ T4418]        el0t_64_sync+0x1a0/0x1a4
[   50.034072][ T4418] 
[   50.034072][ T4418] -> #3 (&data->open_mutex){+.+.}-{3:3}:
[   50.035408][ T4418]        __mutex_lock_common+0x194/0x1f14
[   50.036441][ T4418]        mutex_lock_nested+0xac/0x11c
[   50.037342][ T4418]        vhci_send_frame+0x88/0x118
[   50.038235][ T4418]        hci_send_frame+0x194/0x2ec
[   50.039086][ T4418]        hci_tx_work+0x7e0/0x1378
[   50.039928][ T4418]        process_one_work+0x79c/0x1138
[   50.040807][ T4418]        worker_thread+0x8f4/0x1034
[   50.041649][ T4418]        kthread+0x374/0x454
[   50.042430][ T4418]        ret_from_fork+0x10/0x20
[   50.043297][ T4418] 
[   50.043297][ T4418] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}:
[   50.044906][ T4418]        __flush_work+0x10c/0x1ec
[   50.045770][ T4418]        flush_work+0x24/0x38
[   50.046562][ T4418]        hci_dev_do_close+0x164/0xfe4
[   50.047490][ T4418]        hci_unregister_dev+0x234/0x4a8
[   50.048362][ T4418]        vhci_release+0x74/0xc4
[   50.049177][ T4418]        __fput+0x1c0/0x7e8
[   50.049944][ T4418]        ____fput+0x20/0x30
[   50.050694][ T4418]        task_work_run+0x12c/0x1d8
[   50.051554][ T4418]        do_exit+0x688/0x1f50
[   50.052368][ T4418]        do_group_exit+0x100/0x268
[   50.053220][ T4418]        get_signal+0x73c/0x1334
[   50.054005][ T4418]        do_notify_resume+0x354/0x309c
[   50.054927][ T4418]        el0_svc+0xf0/0x1d0
[   50.055699][ T4418]        el0t_64_sync_handler+0xcc/0xe4
[   50.056628][ T4418]        el0t_64_sync+0x1a0/0x1a4
[   50.057484][ T4418] 
[   50.057484][ T4418] -> #1 (&hdev->req_lock){+.+.}-{3:3}:
[   50.058762][ T4418]        __mutex_lock_common+0x194/0x1f14
[   50.059690][ T4418]        mutex_lock_nested+0xac/0x11c
[   50.060536][ T4418]        bg_scan_update+0x48/0x3d0
[   50.061373][ T4418]        process_one_work+0x79c/0x1138
[   50.062261][ T4418]        worker_thread+0x8f4/0x1034
[   50.063157][ T4418]        kthread+0x374/0x454
[   50.063937][ T4418]        ret_from_fork+0x10/0x20
[   50.064766][ T4418] 
[   50.064766][ T4418] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}:
[   50.066479][ T4418]        __lock_acquire+0x2870/0x67ec
[   50.067372][ T4418]        lock_acquire+0x1f4/0x618
[   50.068229][ T4418]        __flush_work+0x10c/0x1ec
[   50.069089][ T4418]        __cancel_work_timer+0x300/0x458
[   50.070042][ T4418]        cancel_work_sync+0x24/0x38
[   50.070932][ T4418]        hci_request_cancel_all+0xbc/0x2c8
[   50.071911][ T4418]        hci_dev_do_close+0x54/0xfe4
[   50.072783][ T4418]        hci_rfkill_set_block+0xdc/0x1bc
[   50.073723][ T4418]        rfkill_set_block+0x18c/0x374
[   50.074576][ T4418]        rfkill_fop_write+0x4ac/0x5dc
[   50.075478][ T4418]        vfs_write+0x284/0xa60
[   50.076262][ T4418]        ksys_write+0x12c/0x224
[   50.077055][ T4418]        __arm64_sys_write+0x7c/0x90
[   50.077965][ T4418]        invoke_syscall+0x98/0x2b0
[   50.078865][ T4418]        el0_svc_common+0x138/0x258
[   50.079746][ T4418]        do_el0_svc+0x58/0x13c
[   50.080573][ T4418]        el0_svc+0x78/0x1d0
[   50.081372][ T4418]        el0t_64_sync_handler+0xcc/0xe4
[   50.082353][ T4418]        el0t_64_sync+0x1a0/0x1a4
[   50.083207][ T4418] 
[   50.083207][ T4418] other info that might help us debug this:
[   50.083207][ T4418] 
[   50.084935][ T4418] Chain exists of:
[   50.084935][ T4418]   (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex
[   50.084935][ T4418] 
[   50.087673][ T4418]  Possible unsafe locking scenario:
[   50.087673][ T4418] 
[   50.088934][ T4418]        CPU0                    CPU1
[   50.089802][ T4418]        ----                    ----
[   50.090689][ T4418]   lock(rfkill_global_mutex);
[   50.091511][ T4418]                                lock(&data->open_mutex);
[   50.092745][ T4418]                                lock(rfkill_global_mutex);
[   50.094003][ T4418]   lock((work_completion)(&hdev->bg_scan_update));
[   50.095088][ T4418] 
[   50.095088][ T4418]  *** DEADLOCK ***
[   50.095088][ T4418] 
[   50.096462][ T4418] 1 lock held by syz-executor.0/4418:
[   50.097317][ T4418]  #0: ffff80001664a428 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x240/0x5dc
[   50.099051][ T4418] 
[   50.099051][ T4418] stack backtrace:
[   50.099967][ T4418] CPU: 0 PID: 4418 Comm: syz-executor.0 Not tainted syzkaller #0
[   50.101252][ T4418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   50.103025][ T4418] Call trace:
[   50.103580][ T4418]  dump_backtrace+0x0/0x458
[   50.104291][ T4418]  show_stack+0x2c/0x3c
[   50.105002][ T4418]  __dump_stack+0x30/0x40
[   50.105747][ T4418]  dump_stack_lvl+0xf4/0x15c
[   50.106493][ T4418]  dump_stack+0x1c/0x5c
[   50.107169][ T4418]  print_circular_bug+0x148/0x1b0
[   50.107992][ T4418]  check_noncircular+0x264/0x2f8
[   50.108783][ T4418]  __lock_acquire+0x2870/0x67ec
[   50.109621][ T4418]  lock_acquire+0x1f4/0x618
[   50.110360][ T4418]  __flush_work+0x10c/0x1ec
[   50.111127][ T4418]  __cancel_work_timer+0x300/0x458
[   50.111994][ T4418]  cancel_work_sync+0x24/0x38
[   50.112837][ T4418]  hci_request_cancel_all+0xbc/0x2c8
[   50.113739][ T4418]  hci_dev_do_close+0x54/0xfe4
[   50.114573][ T4418]  hci_rfkill_set_block+0xdc/0x1bc
[   50.115398][ T4418]  rfkill_set_block+0x18c/0x374
[   50.116188][ T4418]  rfkill_fop_write+0x4ac/0x5dc
[   50.116953][ T4418]  vfs_write+0x284/0xa60
[   50.117646][ T4418]  ksys_write+0x12c/0x224
[   50.118368][ T4418]  __arm64_sys_write+0x7c/0x90
[   50.119163][ T4418]  invoke_syscall+0x98/0x2b0
[   50.119886][ T4418]  el0_svc_common+0x138/0x258
[   50.120616][ T4418]  do_el0_svc+0x58/0x13c
[   50.121335][ T4418]  el0_svc+0x78/0x1d0
[   50.121962][ T4418]  el0t_64_sync_handler+0xcc/0xe4
[   50.122792][ T4418]  el0t_64_sync+0x1a0/0x1a4
1970/01/01 00:00:53 executed programs: 277
1970/01/01 00:00:58 executed programs: 743