Warning: Permanently added '10.128.1.189' (ED25519) to the list of known hosts. 2026/01/16 15:58:40 parsed 1 programs syzkaller login: [ 89.455167][ T5776] cgroup: Unknown subsys name 'net' [ 89.600732][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.354309][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.154336][ T27] cfg80211: failed to load regulatory.db [ 95.019720][ T5817] chnl_net:caif_netlink_parms(): no params data found [ 95.122801][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.130992][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.139060][ T5817] bridge_slave_0: entered allmulticast mode [ 95.146736][ T5817] bridge_slave_0: entered promiscuous mode [ 95.156266][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.163534][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.170757][ T5817] bridge_slave_1: entered allmulticast mode [ 95.179297][ T5817] bridge_slave_1: entered promiscuous mode [ 95.225151][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.237329][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.287327][ T5817] team0: Port device team_slave_0 added [ 95.297284][ T5817] team0: Port device team_slave_1 added [ 95.325745][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.333741][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.359936][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.388723][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.396361][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.423846][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.480601][ T5817] hsr_slave_0: entered promiscuous mode [ 95.488082][ T5817] hsr_slave_1: entered promiscuous mode [ 95.690993][ T5817] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.704122][ T5817] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.716564][ T5817] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.736916][ T5817] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.769809][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.777108][ T5817] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.785400][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.792563][ T5817] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.867769][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.895614][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.155899][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.203984][ T5817] veth0_vlan: entered promiscuous mode [ 96.217799][ T5817] veth1_vlan: entered promiscuous mode [ 96.248024][ T5817] veth0_macvtap: entered promiscuous mode [ 96.258340][ T5817] veth1_macvtap: entered promiscuous mode [ 96.279598][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.294698][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.308682][ T5817] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.317628][ T5817] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.326629][ T5817] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.335982][ T5817] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.488291][ T5817] syz-executor (5817) used greatest stack depth: 19976 bytes left [ 96.521150][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.845689][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.854289][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.863213][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.871524][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.880532][ T5849] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 96.888502][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.345231][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.362029][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.393944][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.403419][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/01/16 15:58:52 executed programs: 0 [ 99.006726][ T5086] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.015874][ T5086] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.024980][ T5086] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.034362][ T5086] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.042601][ T5086] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 99.050038][ T5086] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.221284][ T5885] chnl_net:caif_netlink_parms(): no params data found [ 99.244728][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.326524][ T5885] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.334222][ T5885] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.341454][ T5885] bridge_slave_0: entered allmulticast mode [ 99.348738][ T5885] bridge_slave_0: entered promiscuous mode [ 99.358267][ T5885] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.366030][ T5885] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.374840][ T5885] bridge_slave_1: entered allmulticast mode [ 99.383320][ T5885] bridge_slave_1: entered promiscuous mode [ 99.416816][ T5885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.428751][ T5885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.467869][ T5885] team0: Port device team_slave_0 added [ 99.476254][ T5885] team0: Port device team_slave_1 added [ 99.508206][ T5885] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.515940][ T5885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.542875][ T5885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.555513][ T5885] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.562561][ T5885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.588586][ T5885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.635260][ T5885] hsr_slave_0: entered promiscuous mode [ 99.642805][ T5885] hsr_slave_1: entered promiscuous mode [ 99.649548][ T5885] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.658609][ T5885] Cannot create hsr debugfs directory [ 101.112715][ T5849] Bluetooth: hci0: command tx timeout [ 101.834996][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.898593][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.878206][ T5885] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.893028][ T5885] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.908506][ T5885] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.921438][ T5885] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.948935][ T11] hsr_slave_0: left promiscuous mode [ 102.955873][ T11] hsr_slave_1: left promiscuous mode [ 102.965477][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 102.973731][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 102.985970][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 102.993653][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.004860][ T11] bridge_slave_1: left allmulticast mode [ 103.010577][ T11] bridge_slave_1: left promiscuous mode [ 103.017673][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.036365][ T11] bridge_slave_0: left allmulticast mode [ 103.044671][ T11] bridge_slave_0: left promiscuous mode [ 103.050506][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.088315][ T11] veth1_macvtap: left promiscuous mode [ 103.094524][ T11] veth0_macvtap: left promiscuous mode [ 103.100223][ T11] veth1_vlan: left promiscuous mode [ 103.106480][ T11] veth0_vlan: left promiscuous mode [ 103.192591][ T5849] Bluetooth: hci0: command tx timeout [ 103.715462][ T11] team0 (unregistering): Port device team_slave_1 removed [ 103.750446][ T11] team0 (unregistering): Port device team_slave_0 removed [ 103.788936][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.827659][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.211166][ T11] bond0 (unregistering): Released all slaves [ 104.376991][ T5885] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.399205][ T5885] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.431519][ T2977] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.438885][ T2977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.476331][ T2977] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.483577][ T2977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.784244][ T5885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.875277][ T5885] veth0_vlan: entered promiscuous mode [ 104.891348][ T5885] veth1_vlan: entered promiscuous mode [ 104.940715][ T5885] veth0_macvtap: entered promiscuous mode [ 104.951241][ T5885] veth1_macvtap: entered promiscuous mode [ 104.977156][ T5885] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.991253][ T5885] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.004608][ T5885] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.014154][ T5885] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.023839][ T5885] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.032795][ T5885] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.100011][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.113754][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.177449][ T2956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.189166][ T2956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.272860][ T5849] Bluetooth: hci0: command tx timeout [ 105.317763][ C1] [ 105.317773][ C1] ================================ [ 105.317779][ C1] WARNING: inconsistent lock state [ 105.317792][ C1] syzkaller #0 Not tainted [ 105.317802][ C1] -------------------------------- [ 105.317807][ C1] inconsistent {INITIAL USE} -> {IN-NMI} usage. [ 105.317815][ C1] syz.0.17/5931 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 105.317836][ C1] ffff88807a404a38 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x96/0x6a0 [ 105.317904][ C1] {INITIAL USE} state was registered at: [ 105.317911][ C1] lock_acquire+0x197/0x410 [ 105.317932][ C1] _raw_spin_lock_irqsave+0xa8/0xf0 [ 105.317954][ C1] trie_delete_elem+0x96/0x6a0 [ 105.317978][ C1] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 105.317998][ C1] bpf_overflow_handler+0x1f9/0x520 [ 105.318023][ C1] __perf_event_overflow+0x447/0x630 [ 105.318041][ C1] perf_swevent_event+0x4de/0x5c0 [ 105.318060][ C1] perf_bp_event+0x252/0x300 [ 105.318078][ C1] hw_breakpoint_exceptions_notify+0x23e/0x670 [ 105.318099][ C1] notifier_call_chain+0x197/0x390 [ 105.318121][ C1] atomic_notifier_call_chain+0xda/0x180 [ 105.318142][ C1] notify_die+0x131/0x180 [ 105.318163][ C1] notify_debug+0x2e/0x50 [ 105.318190][ C1] noist_exc_debug+0x77/0x120 [ 105.318207][ C1] asm_exc_debug+0x33/0x40 [ 105.318227][ C1] irq event stamp: 2456 [ 105.318233][ C1] hardirqs last enabled at (2455): [] exc_debug+0xfd/0x140 [ 105.318256][ C1] hardirqs last disabled at (2456): [] exc_debug+0x7b/0x140 [ 105.318276][ C1] softirqs last enabled at (2152): [] bpf_prog_load+0x12f2/0x16d0 [ 105.318299][ C1] softirqs last disabled at (2150): [] bpf_ksym_add+0x2d/0x340 [ 105.318324][ C1] [ 105.318324][ C1] other info that might help us debug this: [ 105.318329][ C1] Possible unsafe locking scenario: [ 105.318329][ C1] [ 105.318333][ C1] CPU0 [ 105.318337][ C1] ---- [ 105.318340][ C1] lock(&trie->lock); [ 105.318352][ C1] [ 105.318355][ C1] lock(&trie->lock); [ 105.318366][ C1] [ 105.318366][ C1] *** DEADLOCK *** [ 105.318366][ C1] [ 105.318370][ C1] no locks held by syz.0.17/5931. [ 105.318377][ C1] [ 105.318377][ C1] stack backtrace: [ 105.318393][ C1] CPU: 1 PID: 5931 Comm: syz.0.17 Not tainted syzkaller #0 [ 105.318411][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 105.318428][ C1] Call Trace: [ 105.318440][ C1] <#DB> [ 105.318448][ C1] dump_stack_lvl+0x16c/0x230 [ 105.318469][ C1] ? show_regs_print_info+0x20/0x20 [ 105.318490][ C1] ? print_usage_bug+0x475/0x690 [ 105.318511][ C1] ? verify_lock_unused+0x18/0x140 [ 105.318533][ C1] lock_acquire+0x2b1/0x410 [ 105.318558][ C1] ? perf_output_begin_forward+0xa4/0xa20 [ 105.318590][ C1] ? trie_delete_elem+0x96/0x6a0 [ 105.318616][ C1] ? read_lock_is_recursive+0x20/0x20 [ 105.318644][ C1] _raw_spin_lock_irqsave+0xa8/0xf0 [ 105.318667][ C1] ? trie_delete_elem+0x96/0x6a0 [ 105.318692][ C1] ? _raw_spin_lock+0x40/0x40 [ 105.318712][ C1] ? lock_acquire+0x2b1/0x410 [ 105.318731][ C1] ? perf_prepare_sample+0x13f/0x1d20 [ 105.318753][ C1] trie_delete_elem+0x96/0x6a0 [ 105.318777][ C1] ? __cant_sleep+0x210/0x210 [ 105.318806][ C1] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 105.318825][ C1] bpf_overflow_handler+0x1f9/0x520 [ 105.318851][ C1] ? perf_prepare_header+0x1e0/0x1e0 [ 105.318871][ C1] ? bpf_overflow_handler+0xcf/0x520 [ 105.318897][ C1] ? tp_perf_event_destroy+0x20/0x20 [ 105.318926][ C1] ? __perf_event_account_interrupt+0x187/0x280 [ 105.318950][ C1] __perf_event_overflow+0x447/0x630 [ 105.318979][ C1] perf_swevent_event+0x4de/0x5c0 [ 105.319001][ C1] ? perf_tp_event+0x13a0/0x13a0 [ 105.319026][ C1] perf_bp_event+0x252/0x300 [ 105.319050][ C1] ? perf_event_free_bpf_prog+0x120/0x120 [ 105.319087][ C1] ? lock_acquire+0x2b1/0x410 [ 105.319111][ C1] hw_breakpoint_exceptions_notify+0x23e/0x670 [ 105.319137][ C1] notifier_call_chain+0x197/0x390 [ 105.319161][ C1] ? atomic_notifier_call_chain+0x26/0x180 [ 105.319185][ C1] atomic_notifier_call_chain+0xda/0x180 [ 105.319210][ C1] notify_die+0x131/0x180 [ 105.319234][ C1] ? srcu_init_notifier_head+0x90/0x90 [ 105.319263][ C1] ? rcu_is_watching+0x15/0xb0 [ 105.319289][ C1] notify_debug+0x2e/0x50 [ 105.319318][ C1] exc_debug+0xe6/0x140 [ 105.319339][ C1] asm_exc_debug+0x1e/0x40 [ 105.319360][ C1] RIP: 0010:rep_movs_alternative+0x15/0x90 [ 105.319380][ C1] Code: 8b 1c 24 4c 8b 64 24 08 48 83 c4 10 c3 cc cc cc cc cc cc cc cc f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 66 2e 0f 1f 84 00 00 00 [ 105.319398][ C1] RSP: 0018:ffffc90003377cb8 EFLAGS: 00040206 [ 105.319414][ C1] RAX: ffffffff841f8300 RBX: 0000000000000004 RCX: 0000000000000003 [ 105.319426][ C1] RDX: 0000000000000001 RSI: 0000200000000301 RDI: ffff888075bb70f1 [ 105.319439][ C1] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 105.319450][ C1] R10: dffffc0000000000 R11: ffffed100eb76e1e R12: 0000200000000304 [ 105.319464][ C1] R13: ffff88802d4a1900 R14: ffff888075bb70f0 R15: 0000200000000300 [ 105.319482][ C1] ? rcuref_put_slowpath+0xd0/0x150 [ 105.319510][ C1] [ 105.319516][ C1] [ 105.319521][ C1] _copy_from_user+0x8b/0xe0 [ 105.319557][ C1] ___bpf_copy_key+0xb0/0x100 [ 105.319579][ C1] map_update_elem+0x260/0x700 [ 105.319602][ C1] __sys_bpf+0x652/0x800 [ 105.319621][ C1] ? bpf_link_show_fdinfo+0x350/0x350 [ 105.319640][ C1] ? atomic_notifier_call_chain+0x26/0x180 [ 105.319670][ C1] ? lock_chain_count+0x20/0x20 [ 105.319694][ C1] __x64_sys_bpf+0x7c/0x90 [ 105.319713][ C1] do_syscall_64+0x55/0xb0 [ 105.319729][ C1] ? clear_bhb_loop+0x40/0x90 [ 105.319752][ C1] ? clear_bhb_loop+0x40/0x90 [ 105.319777][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 105.319800][ C1] RIP: 0033:0x7f427ab8f749 [ 105.319816][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.319831][ C1] RSP: 002b:00007ffd1b9edb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 105.319852][ C1] RAX: ffffffffffffffda RBX: 00007f427ade5fa0 RCX: 00007f427ab8f749 [ 105.319866][ C1] RDX: 0000000000000020 RSI: 0000200000004080 RDI: 0000000000000002 [ 105.319878][ C1] RBP: 00007f427ac13f91 R08: 0000000000000000 R09: 0000000000000000 [ 105.319890][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.319901][ C1] R13: 00007f427ade5fa0 R14: 00007f427ade5fa0 R15: 0000000000000003 [ 105.319921][ C1]