Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. 2026/05/25 08:28:24 parsed 1 programs [ 52.314295][ T4200] cgroup: Unknown subsys name 'net' [ 52.456199][ T4200] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 53.667701][ T4200] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 55.853700][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.869759][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.882026][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 55.910482][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.918768][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.927641][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 56.318828][ T4254] chnl_net:caif_netlink_parms(): no params data found [ 56.380956][ T4254] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.390236][ T4254] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.398721][ T4254] device bridge_slave_0 entered promiscuous mode [ 56.408079][ T4254] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.415256][ T4254] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.422987][ T4254] device bridge_slave_1 entered promiscuous mode [ 56.442821][ T4254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.454755][ T4254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.479911][ T4254] team0: Port device team_slave_0 added [ 56.487526][ T4254] team0: Port device team_slave_1 added [ 56.505748][ T4254] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.512905][ T4254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.539126][ T4254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.552254][ T4254] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.559188][ T4254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.585144][ T4254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.619486][ T4254] device hsr_slave_0 entered promiscuous mode [ 56.626333][ T4254] device hsr_slave_1 entered promiscuous mode [ 56.723584][ T4254] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.733682][ T4254] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.742718][ T4254] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.753103][ T4254] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.839365][ T4254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.886476][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.914074][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.927144][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.946343][ T4254] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.966167][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.975039][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.985608][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.992784][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.002639][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.011505][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.019789][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.026847][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.035261][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.045416][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.060461][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.069180][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.080471][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.092409][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.103357][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.114894][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.181705][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.189144][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.200754][ T4254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.216613][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.234053][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.243703][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.252146][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.275332][ T4254] device veth0_vlan entered promiscuous mode [ 57.285457][ T4254] device veth1_vlan entered promiscuous mode [ 57.302586][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.310467][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 57.318804][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.330360][ T4254] device veth0_macvtap entered promiscuous mode [ 57.356044][ T4254] device veth1_macvtap entered promiscuous mode [ 57.369800][ T4254] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.377564][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.386557][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.398478][ T4254] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.406408][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.440334][ T4254] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.449265][ T4254] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.458184][ T4254] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.466974][ T4254] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.555958][ T4254] syz-executor (4254) used greatest stack depth: 20528 bytes left 2026/05/25 08:28:32 executed programs: 0 [ 58.403392][ T4299] chnl_net:caif_netlink_parms(): no params data found [ 58.456268][ T4299] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.463461][ T4299] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.471586][ T4299] device bridge_slave_0 entered promiscuous mode [ 58.480374][ T4299] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.495131][ T4299] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.503619][ T4299] device bridge_slave_1 entered promiscuous mode [ 58.526778][ T4299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.537869][ T4299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.562107][ T4299] team0: Port device team_slave_0 added [ 58.573233][ T4299] team0: Port device team_slave_1 added [ 58.596481][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.605740][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.634374][ T4299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.648589][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.657961][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.687110][ T4299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.728847][ T4299] device hsr_slave_0 entered promiscuous mode [ 58.735938][ T4299] device hsr_slave_1 entered promiscuous mode [ 58.745742][ T4299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.753827][ T4299] Cannot create hsr debugfs directory [ 58.845818][ T4299] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.058989][ T9] ODEBUG: Out of memory. ODEBUG disabled [ 60.311981][ T4277] Bluetooth: hci0: command 0x0409 tx timeout [ 61.226137][ T4299] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.391950][ T4230] Bluetooth: hci0: command 0x041b tx timeout [ 62.734669][ T4299] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.826757][ T4299] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.987533][ T4299] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.995934][ T4299] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.005739][ T4299] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.016443][ T9] device hsr_slave_0 left promiscuous mode [ 63.022913][ T9] device hsr_slave_1 left promiscuous mode [ 63.029267][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.037059][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 63.045294][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 63.052728][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 63.060140][ T9] device bridge_slave_1 left promiscuous mode [ 63.066833][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.077782][ T9] device bridge_slave_0 left promiscuous mode [ 63.083980][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.099853][ T9] device veth1_macvtap left promiscuous mode [ 63.106004][ T9] device veth0_macvtap left promiscuous mode [ 63.112128][ T9] device veth1_vlan left promiscuous mode [ 63.117922][ T9] device veth0_vlan left promiscuous mode [ 63.225714][ T9] team0 (unregistering): Port device team_slave_1 removed [ 63.237156][ T9] team0 (unregistering): Port device team_slave_0 removed [ 63.248717][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 63.260587][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 63.301335][ T9] bond0 (unregistering): Released all slaves [ 63.365828][ T4299] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.411521][ T4299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.426349][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.434383][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.444465][ T4299] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.453289][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.462658][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.470904][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.477958][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.485933][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.511661][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.520366][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.529024][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.536112][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.543948][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.553040][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.568376][ T4299] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.578945][ T4299] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.594232][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.613401][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.621885][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.630457][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.639324][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.647949][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.656984][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.665421][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.678420][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.686201][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.725453][ T4299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.734870][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.742446][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.761283][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.770291][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.789517][ T4299] device veth0_vlan entered promiscuous mode [ 63.797484][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 63.806570][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.819947][ T4299] device veth1_vlan entered promiscuous mode [ 63.827846][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.837422][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.846816][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.868495][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.878774][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.887554][ T1183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.899200][ T4299] device veth0_macvtap entered promiscuous mode [ 63.909623][ T4299] device veth1_macvtap entered promiscuous mode [ 63.925672][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.933365][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.942980][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.950882][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.961656][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.974063][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.983259][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.992640][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.003405][ T4299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.013792][ T4299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.023229][ T4299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.033267][ T4299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.085551][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.097114][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.113006][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.134678][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.142623][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.150069][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.227522][ T4317] [ 64.229874][ T4317] ====================================================== [ 64.236875][ T4317] WARNING: possible circular locking dependency detected [ 64.243887][ T4317] syzkaller #0 Not tainted [ 64.248285][ T4317] ------------------------------------------------------ [ 64.255288][ T4317] syz.0.17/4317 is trying to acquire lock: [ 64.261079][ T4317] ffff88807e021f98 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0xfa/0x210 [ 64.272481][ T4317] [ 64.272481][ T4317] but task is already holding lock: [ 64.279829][ T4317] ffff88807e020120 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x251/0x530 [ 64.288791][ T4317] [ 64.288791][ T4317] which lock already depends on the new lock. [ 64.288791][ T4317] [ 64.299178][ T4317] [ 64.299178][ T4317] the existing dependency chain (in reverse order) is: [ 64.308184][ T4317] [ 64.308184][ T4317] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 64.315918][ T4317] lock_sock_nested+0x44/0x100 [ 64.321201][ T4317] smc_listen_out+0x109/0x3d0 [ 64.326393][ T4317] smc_listen_work+0x526/0xd00 [ 64.331667][ T4317] process_one_work+0x85f/0x1010 [ 64.337120][ T4317] worker_thread+0xaa6/0x1290 [ 64.342310][ T4317] kthread+0x436/0x520 [ 64.346888][ T4317] ret_from_fork+0x1f/0x30 [ 64.351807][ T4317] [ 64.351807][ T4317] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 64.361945][ T4317] __lock_acquire+0x2c42/0x7d10 [ 64.367298][ T4317] lock_acquire+0x19e/0x400 [ 64.372303][ T4317] __flush_work+0x116/0x210 [ 64.377304][ T4317] __cancel_work_timer+0x3f4/0x560 [ 64.382913][ T4317] smc_clcsock_release+0x5c/0xe0 [ 64.388353][ T4317] __smc_release+0x661/0x7d0 [ 64.393445][ T4317] smc_close_non_accepted+0xd1/0x1f0 [ 64.399230][ T4317] smc_close_active+0xb00/0xea0 [ 64.404580][ T4317] __smc_release+0x8d/0x7d0 [ 64.409582][ T4317] smc_release+0x2ca/0x530 [ 64.414496][ T4317] sock_close+0xd5/0x240 [ 64.419235][ T4317] __fput+0x234/0x930 [ 64.423715][ T4317] task_work_run+0x125/0x1a0 [ 64.428823][ T4317] exit_to_user_mode_loop+0x10f/0x130 [ 64.434692][ T4317] exit_to_user_mode_prepare+0xee/0x180 [ 64.440853][ T4317] syscall_exit_to_user_mode+0x16/0x40 [ 64.446824][ T4317] do_syscall_64+0x58/0xa0 [ 64.451749][ T4317] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.458146][ T4317] [ 64.458146][ T4317] other info that might help us debug this: [ 64.458146][ T4317] [ 64.468359][ T4317] Possible unsafe locking scenario: [ 64.468359][ T4317] [ 64.475790][ T4317] CPU0 CPU1 [ 64.481135][ T4317] ---- ---- [ 64.486484][ T4317] lock(sk_lock-AF_SMC/1); [ 64.490978][ T4317] lock((work_completion)(&new_smc->smc_listen_work)); [ 64.500416][ T4317] lock(sk_lock-AF_SMC/1); [ 64.507431][ T4317] lock((work_completion)(&new_smc->smc_listen_work)); [ 64.514347][ T4317] [ 64.514347][ T4317] *** DEADLOCK *** [ 64.514347][ T4317] [ 64.522468][ T4317] 2 locks held by syz.0.17/4317: [ 64.527384][ T4317] #0: ffff888068e96210 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240 [ 64.537542][ T4317] #1: ffff88807e020120 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x251/0x530 [ 64.546918][ T4317] [ 64.546918][ T4317] stack backtrace: [ 64.552798][ T4317] CPU: 1 PID: 4317 Comm: syz.0.17 Not tainted syzkaller #0 [ 64.559983][ T4317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 64.570026][ T4317] Call Trace: [ 64.573296][ T4317] [ 64.576215][ T4317] dump_stack_lvl+0x188/0x250 [ 64.580879][ T4317] ? load_image+0x400/0x400 [ 64.585369][ T4317] ? show_regs_print_info+0x20/0x20 [ 64.590550][ T4317] ? print_circular_bug+0x12b/0x1a0 [ 64.595731][ T4317] check_noncircular+0x296/0x330 [ 64.600649][ T4317] ? look_up_lock_class+0x71/0x110 [ 64.605747][ T4317] ? add_chain_block+0x940/0x940 [ 64.610665][ T4317] ? lockdep_lock+0xf1/0x1f0 [ 64.615237][ T4317] ? rcu_is_watching+0x11/0xa0 [ 64.619982][ T4317] ? mark_lock+0x94/0x320 [ 64.624294][ T4317] __lock_acquire+0x2c42/0x7d10 [ 64.629134][ T4317] ? deref_stack_reg+0xd0/0x120 [ 64.633970][ T4317] ? __bfs+0x2a3/0x5c0 [ 64.638021][ T4317] ? verify_lock_unused+0x140/0x140 [ 64.643200][ T4317] ? mark_lock+0x94/0x320 [ 64.647510][ T4317] ? __lock_acquire+0x13bc/0x7d10 [ 64.652516][ T4317] ? lockdep_lock+0xf1/0x1f0 [ 64.657087][ T4317] lock_acquire+0x19e/0x400 [ 64.661573][ T4317] ? __flush_work+0xfa/0x210 [ 64.666148][ T4317] ? verify_lock_unused+0x140/0x140 [ 64.671329][ T4317] ? read_lock_is_recursive+0x10/0x10 [ 64.676684][ T4317] __flush_work+0x116/0x210 [ 64.681165][ T4317] ? __flush_work+0xfa/0x210 [ 64.685734][ T4317] ? flush_work+0x20/0x20 [ 64.690040][ T4317] ? try_to_grab_pending+0xfa/0x7f0 [ 64.695218][ T4317] ? mark_lock+0x94/0x320 [ 64.699533][ T4317] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 64.705497][ T4317] ? lock_chain_count+0x20/0x20 [ 64.710331][ T4317] ? __cancel_work_timer+0x36a/0x560 [ 64.715600][ T4317] __cancel_work_timer+0x3f4/0x560 [ 64.720691][ T4317] ? cancel_work_sync+0x20/0x20 [ 64.725519][ T4317] ? __local_bh_enable_ip+0x136/0x1c0 [ 64.730871][ T4317] ? lockdep_hardirqs_on+0x94/0x140 [ 64.736050][ T4317] ? __local_bh_enable_ip+0x136/0x1c0 [ 64.741402][ T4317] ? _local_bh_enable+0xa0/0xa0 [ 64.746232][ T4317] smc_clcsock_release+0x5c/0xe0 [ 64.751151][ T4317] __smc_release+0x661/0x7d0 [ 64.755721][ T4317] ? do_raw_spin_unlock+0x11d/0x230 [ 64.760899][ T4317] smc_close_non_accepted+0xd1/0x1f0 [ 64.766164][ T4317] smc_close_active+0xb00/0xea0 [ 64.770995][ T4317] ? sock_no_sendpage_locked+0x1a0/0x1a0 [ 64.776611][ T4317] __smc_release+0x8d/0x7d0 [ 64.781094][ T4317] ? do_raw_spin_unlock+0x11d/0x230 [ 64.786276][ T4317] smc_release+0x2ca/0x530 [ 64.790674][ T4317] sock_close+0xd5/0x240 [ 64.794897][ T4317] ? sock_mmap+0x90/0x90 [ 64.799118][ T4317] __fput+0x234/0x930 [ 64.803090][ T4317] task_work_run+0x125/0x1a0 [ 64.807661][ T4317] exit_to_user_mode_loop+0x10f/0x130 [ 64.813012][ T4317] exit_to_user_mode_prepare+0xee/0x180 [ 64.818539][ T4317] syscall_exit_to_user_mode+0x16/0x40 [ 64.823982][ T4317] do_syscall_64+0x58/0xa0 [ 64.828377][ T4317] ? clear_bhb_loop+0x30/0x80 [ 64.833036][ T4317] ? clear_bhb_loop+0x30/0x80 [ 64.837692][ T4317] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.843576][ T4317] RIP: 0033:0x7f181c542e59 [ 64.847975][ T4317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 64.867561][ T4317] RSP: 002b:00007ffc0cd0d4f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 64.875952][ T4317] RAX: 0000000000000000 RBX: 00007ffc0cd0d5e0 RCX: 00007f181c542e59 [ 64.883903][ T4317] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 64.891856][ T4317] RBP: 000000000000fabb R08: 0000000000000001 R09: 0000000000000000 [ 64.899808][ T4317] R10: 0000001b30a20000 R11: 0000000000000246 R12: 0000000000000000 [ 64.907760][ T4317] R13: 00007f181c7bbfac R14: 00007f181c7bbfa8 R15: 00007f181c7bbfa0 [ 64.915717][ T4317] [ 64.920821][ T26] Bluetooth: hci0: command 0x040f tx timeout