Warning: Permanently added '[localhost]:4342' (ED25519) to the list of known hosts.
2026/01/16 10:56:00 parsed 1 programs
syzkaller login: [   83.526177][ T5321] cgroup: Unknown subsys name 'net'
[   83.593496][ T5321] cgroup: Unknown subsys name 'cpuset'
[   83.598721][ T5321] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   85.257434][ T5321] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.308901][   T79] ODEBUG: Out of memory. ODEBUG disabled
[   90.109988][ T5339] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   90.279902][ T5347] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   90.283718][ T5347] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   90.286959][ T5347] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   90.291944][ T5347] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   90.296444][ T5347] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   91.808835][    T9] cfg80211: failed to load regulatory.db
[   94.922471][ T5394] chnl_net:caif_netlink_parms(): no params data found
[   95.074523][ T5394] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.087670][ T5394] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.090975][ T5394] bridge_slave_0: entered allmulticast mode
[   95.094819][ T5394] bridge_slave_0: entered promiscuous mode
[   95.110152][ T5394] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.113261][ T5394] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.116409][ T5394] bridge_slave_1: entered allmulticast mode
[   95.128246][ T5394] bridge_slave_1: entered promiscuous mode
[   95.179146][ T5394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.185174][ T5394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.230611][ T5394] team0: Port device team_slave_0 added
[   95.239419][ T5394] team0: Port device team_slave_1 added
[   95.280707][ T5394] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.283798][ T5394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.318094][ T5394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.325186][ T5394] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.337439][ T5394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   95.357861][ T5394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.422215][ T5394] hsr_slave_0: entered promiscuous mode
[   95.437765][ T5394] hsr_slave_1: entered promiscuous mode
[   95.580172][ T5394] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.590179][ T5394] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.595343][ T5394] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.602655][ T5394] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.627410][ T5394] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.630764][ T5394] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.634169][ T5394] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.637395][ T5394] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.644927][ T2622] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.650762][ T2622] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.699534][ T5394] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.712996][ T5394] 8021q: adding VLAN 0 to HW filter on device team0
[   95.721374][ T3020] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.724595][ T3020] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.741026][ T3020] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.744067][ T3020] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.889202][ T5394] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.930039][ T5394] veth0_vlan: entered promiscuous mode
[   95.939126][ T5394] veth1_vlan: entered promiscuous mode
[   95.971666][ T5394] veth0_macvtap: entered promiscuous mode
[   95.979124][ T5394] veth1_macvtap: entered promiscuous mode
[   95.992440][ T5394] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.004084][ T5394] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.015417][  T720] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.029219][  T720] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.032643][  T720] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.035994][  T720] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.220331][ T2622] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.280136][ T2622] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.331108][ T2622] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.381635][ T2622] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.395031][  T720] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.406479][  T720] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.428512][ T3426] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.431920][ T3426] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/01/16 10:56:17 executed programs: 0
[   97.968661][   T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.972289][   T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.975426][   T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.988723][   T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.992030][   T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.170284][ T5434] chnl_net:caif_netlink_parms(): no params data found
[   98.243139][ T5434] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.246099][ T5434] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.249004][ T5434] bridge_slave_0: entered allmulticast mode
[   98.252109][ T5434] bridge_slave_0: entered promiscuous mode
[   98.256081][ T5434] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.259310][ T5434] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.262271][ T5434] bridge_slave_1: entered allmulticast mode
[   98.265800][ T5434] bridge_slave_1: entered promiscuous mode
[   98.286738][ T5434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.299362][ T5434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.389212][ T5434] team0: Port device team_slave_0 added
[   98.415609][ T5434] team0: Port device team_slave_1 added
[   98.476692][ T5434] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.507432][ T5434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.546111][ T5434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.552607][ T5434] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.555498][ T5434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.570811][ T5434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.599797][ T5434] hsr_slave_0: entered promiscuous mode
[   98.603570][ T5434] hsr_slave_1: entered promiscuous mode
[   98.607706][ T5434] debugfs: 'hsr0' already exists in 'hsr'
[   98.610172][ T5434] Cannot create hsr debugfs directory
[   98.993342][ T2622] bridge_slave_1: left allmulticast mode
[   98.996116][ T2622] bridge_slave_1: left promiscuous mode
[   99.001177][ T2622] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.006592][ T2622] bridge_slave_0: left allmulticast mode
[   99.011076][ T2622] bridge_slave_0: left promiscuous mode
[   99.013779][ T2622] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.209112][ T2622] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.215210][ T2622] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   99.221106][ T2622] bond0 (unregistering): Released all slaves
[   99.322793][ T2622] hsr_slave_0: left promiscuous mode
[   99.327400][ T2622] hsr_slave_1: left promiscuous mode
[   99.336096][ T2622] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.341788][ T2622] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.358110][ T2622] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.361324][ T2622] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.383647][ T2622] veth1_macvtap: left promiscuous mode
[   99.387701][ T2622] veth0_macvtap: left promiscuous mode
[   99.390146][ T2622] veth1_vlan: left promiscuous mode
[   99.392345][ T2622] veth0_vlan: left promiscuous mode
[   99.804489][ T2622] team0 (unregistering): Port device team_slave_1 removed
[   99.828945][ T2622] team0 (unregistering): Port device team_slave_0 removed
[  100.038625][   T46] Bluetooth: hci0: command tx timeout
[  100.236511][ T5434] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.271777][ T5434] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.282928][ T5434] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.300486][ T5434] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.684600][ T5434] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.745801][ T5434] 8021q: adding VLAN 0 to HW filter on device team0
[  100.753630][ T3020] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.756792][ T3020] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.766346][ T3020] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.769233][ T3020] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.011840][ T5434] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.045023][ T5434] veth0_vlan: entered promiscuous mode
[  101.053259][ T5434] veth1_vlan: entered promiscuous mode
[  101.080486][ T5434] veth0_macvtap: entered promiscuous mode
[  101.086246][ T5434] veth1_macvtap: entered promiscuous mode
[  101.100892][ T5434] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.111900][ T5434] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.124158][  T720] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.132736][  T720] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.136566][  T720] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.156291][  T720] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.198704][  T720] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.202252][  T720] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.233533][  T720] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.243755][  T720] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.326754][ T5468] loop0: detected capacity change from 0 to 1024
[  101.368365][   T25] audit: type=1800 audit(1768560980.972:2): pid=5468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="bus" dev="loop0" ino=26 res=0 errno=0
[  101.381610][ T5468] 
[  101.382660][ T5468] ============================================
[  101.385167][ T5468] WARNING: possible recursive locking detected
[  101.387721][ T5468] syzkaller #0 Not tainted
[  101.389416][ T5468] --------------------------------------------
[  101.391850][ T5468] syz.0.17/5468 is trying to acquire lock:
[  101.394382][ T5468] ffff8880460280b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0
[  101.398607][ T5468] 
[  101.398607][ T5468] but task is already holding lock:
[  101.401837][ T5468] ffff8880460280b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0
[  101.405974][ T5468] 
[  101.405974][ T5468] other info that might help us debug this:
[  101.409360][ T5468]  Possible unsafe locking scenario:
[  101.409360][ T5468] 
[  101.412586][ T5468]        CPU0
[  101.413999][ T5468]        ----
[  101.415404][ T5468]   lock(&tree->tree_lock/1);
[  101.417307][ T5468]   lock(&tree->tree_lock/1);
[  101.419217][ T5468] 
[  101.419217][ T5468]  *** DEADLOCK ***
[  101.419217][ T5468] 
[  101.422616][ T5468]  May be due to missing lock nesting notation
[  101.422616][ T5468] 
[  101.425806][ T5468] 5 locks held by syz.0.17/5468:
[  101.428255][ T5468]  #0: ffff888011204420 (sb_writers#12){.+.+}-{0:0}, at: do_ftruncate+0x446/0x560
[  101.432414][ T5468]  #1: ffff88801a1a2b78 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: do_truncate+0x171/0x220
[  101.437307][ T5468]  #2: ffff88801a1a2988 (&hip->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30
[  101.442074][ T5468]  #3: ffff8880460280b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0
[  101.446363][ T5468]  #4: ffff88801a1a0108 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_extend+0x1f8/0x1c30
[  101.451164][ T5468] 
[  101.451164][ T5468] stack backtrace:
[  101.453403][ T5468] CPU: 0 UID: 0 PID: 5468 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  101.453418][ T5468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.453425][ T5468] Call Trace:
[  101.453431][ T5468]  <TASK>
[  101.453437][ T5468]  dump_stack_lvl+0xe8/0x150
[  101.453450][ T5468]  print_deadlock_bug+0x279/0x290
[  101.453459][ T5468]  __lock_acquire+0x2540/0x2cf0
[  101.453466][ T5468]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  101.453522][ T5468]  ? lockdep_hardirqs_on+0x7b/0x110
[  101.453530][ T5468]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  101.453549][ T5468]  ? stack_depot_save_flags+0x3f3/0x810
[  101.453565][ T5468]  ? hfsplus_find_init+0x168/0x2d0
[  101.453579][ T5468]  lock_acquire+0x107/0x340
[  101.453588][ T5468]  ? hfsplus_find_init+0x168/0x2d0
[  101.453603][ T5468]  __mutex_lock+0x187/0x1350
[  101.453612][ T5468]  ? hfsplus_find_init+0x168/0x2d0
[  101.453629][ T5468]  ? hfsplus_find_init+0x168/0x2d0
[  101.453641][ T5468]  ? __pfx___mutex_lock+0x10/0x10
[  101.453651][ T5468]  ? rcu_is_watching+0x15/0xb0
[  101.453663][ T5468]  ? trace_kmalloc+0x1f/0xb0
[  101.453678][ T5468]  ? __kmalloc_noprof+0x43e/0x800
[  101.453689][ T5468]  ? hfsplus_find_init+0x8c/0x2d0
[  101.453702][ T5468]  hfsplus_find_init+0x168/0x2d0
[  101.453718][ T5468]  hfsplus_file_extend+0x40e/0x1c30
[  101.453731][ T5468]  ? __pfx_hfsplus_file_extend+0x10/0x10
[  101.453742][ T5468]  ? __pfx___mutex_trylock_common+0x10/0x10
[  101.453756][ T5468]  ? rcu_is_watching+0x15/0xb0
[  101.453768][ T5468]  ? __asan_memset+0x22/0x50
[  101.453781][ T5468]  ? hfsplus_brec_find+0x1a9/0x510
[  101.453795][ T5468]  hfsplus_bmap_reserve+0x125/0x510
[  101.453810][ T5468]  __hfsplus_ext_write_extent+0x28d/0x5b0
[  101.453822][ T5468]  __hfsplus_ext_cache_extent+0x89/0xe30
[  101.453835][ T5468]  hfsplus_file_extend+0x437/0x1c30
[  101.453847][ T5468]  ? __pfx_hfsplus_file_extend+0x10/0x10
[  101.453859][ T5468]  ? clean_bdev_aliases+0x5d0/0x6b0
[  101.453875][ T5468]  ? __pfx_clean_bdev_aliases+0x10/0x10
[  101.453889][ T5468]  hfsplus_get_block+0x40a/0x1600
[  101.453902][ T5468]  ? __pfx_hfsplus_get_block+0x10/0x10
[  101.453912][ T5468]  ? do_raw_spin_unlock+0x4d/0x240
[  101.453924][ T5468]  ? _raw_spin_unlock+0x28/0x50
[  101.453938][ T5468]  __block_write_begin_int+0x6b5/0x1900
[  101.453955][ T5468]  ? __pfx_hfsplus_get_block+0x10/0x10
[  101.453966][ T5468]  ? __pfx___block_write_begin_int+0x10/0x10
[  101.453980][ T5468]  cont_write_begin+0x78c/0xb50
[  101.453996][ T5468]  ? __pfx_cont_write_begin+0x10/0x10
[  101.454010][ T5468]  ? folio_unlock+0x101/0x160
[  101.454023][ T5468]  hfsplus_write_begin+0x66/0xb0
[  101.454032][ T5468]  ? __pfx_hfsplus_get_block+0x10/0x10
[  101.454043][ T5468]  cont_write_begin+0x2fd/0xb50
[  101.454058][ T5468]  ? __pfx_cont_write_begin+0x10/0x10
[  101.454073][ T5468]  hfsplus_write_begin+0x66/0xb0
[  101.454081][ T5468]  ? __pfx_hfsplus_get_block+0x10/0x10
[  101.454092][ T5468]  generic_cont_expand_simple+0x13f/0x210
[  101.454106][ T5468]  ? __pfx_inode_dio_wait+0x10/0x10
[  101.454119][ T5468]  ? __pfx_generic_cont_expand_simple+0x10/0x10
[  101.454133][ T5468]  ? setattr_prepare+0x1e7/0xac0
[  101.454147][ T5468]  ? __pfx_current_time+0x10/0x10
[  101.454158][ T5468]  hfsplus_setattr+0x169/0x270
[  101.454169][ T5468]  ? __pfx_hfsplus_setattr+0x10/0x10
[  101.454179][ T5468]  notify_change+0xc1a/0xf40
[  101.454193][ T5468]  do_truncate+0x1a4/0x220
[  101.454206][ T5468]  ? __pfx_do_truncate+0x10/0x10
[  101.454222][ T5468]  do_ftruncate+0x4a5/0x560
[  101.454236][ T5468]  ? __pfx_do_ftruncate+0x10/0x10
[  101.454252][ T5468]  __x64_sys_ftruncate+0x92/0xf0
[  101.454265][ T5468]  do_syscall_64+0xec/0xf80
[  101.454275][ T5468]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.454285][ T5468]  ? trace_irq_disable+0x37/0x100
[  101.454295][ T5468]  ? clear_bhb_loop+0x60/0xb0
[  101.454302][ T5468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.454308][ T5468] RIP: 0033:0x7f046ed8f7c9
[  101.454318][ T5468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.454323][ T5468] RSP: 002b:00007ffc1aee1d68 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[  101.454332][ T5468] RAX: ffffffffffffffda RBX: 00007f046efe5fa0 RCX: 00007f046ed8f7c9
[  101.454337][ T5468] RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 0000000000000004
[  101.454342][ T5468] RBP: 00007f046ee13f91 R08: 0000000000000000 R09: 0000000000000000
[  101.454345][ T5468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.454349][ T5468] R13: 00007f046efe5fa0 R14: 00007f046efe5fa0 R15: 0000000000000002
[  101.454358][ T5468]  </TASK>
[  102.117225][   T46] Bluetooth: hci0: command tx timeout
[  104.197250][   T46] Bluetooth: hci0: command tx timeout
[  106.277721][   T46] Bluetooth: hci0: command tx timeout