Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts. 2025/07/31 13:49:26 ignoring optional flag "sandboxArg"="0" 2025/07/31 13:49:27 parsed 1 programs [ 71.026649][ T5790] cgroup: Unknown subsys name 'net' [ 71.193261][ T5790] cgroup: Unknown subsys name 'rlimit' [ 71.682338][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.688985][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.614795][ T5790] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.537266][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 75.623263][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.632604][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.640085][ T5830] bridge_slave_0: entered allmulticast mode [ 75.647533][ T5830] bridge_slave_0: entered promiscuous mode [ 75.655970][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.663579][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.670935][ T5830] bridge_slave_1: entered allmulticast mode [ 75.677944][ T5830] bridge_slave_1: entered promiscuous mode [ 75.711502][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.722796][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.761868][ T5830] team0: Port device team_slave_0 added [ 75.770238][ T5830] team0: Port device team_slave_1 added [ 75.793606][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.800668][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.826924][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.850076][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.857092][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.883626][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.921147][ T5830] hsr_slave_0: entered promiscuous mode [ 75.929798][ T5830] hsr_slave_1: entered promiscuous mode [ 76.082504][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.093420][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.104203][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.115472][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.149311][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.156545][ T5830] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.164970][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.172133][ T5830] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.233471][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.262277][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.271375][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.285461][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.304266][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.311409][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.327474][ T2947] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.334605][ T2947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.528709][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.570714][ T5830] veth0_vlan: entered promiscuous mode [ 76.587360][ T5830] veth1_vlan: entered promiscuous mode [ 76.613030][ T5830] veth0_macvtap: entered promiscuous mode [ 76.626723][ T5830] veth1_macvtap: entered promiscuous mode [ 76.650903][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.668584][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.680340][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.689484][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.698592][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.709549][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.245059][ T3490] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.263478][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.274964][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.302540][ T2947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.312399][ T2947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.973821][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.983626][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.991991][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.001458][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.012121][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.019509][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 2025/07/31 13:49:36 executed programs: 0 [ 78.567889][ T5105] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.576111][ T5105] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.585492][ T5105] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.594178][ T5105] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.602425][ T5105] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.610219][ T5105] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.738822][ T5892] chnl_net:caif_netlink_parms(): no params data found [ 78.793351][ T5892] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.800609][ T5892] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.807881][ T5892] bridge_slave_0: entered allmulticast mode [ 78.814591][ T5892] bridge_slave_0: entered promiscuous mode [ 78.822850][ T5892] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.830362][ T5892] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.837709][ T5892] bridge_slave_1: entered allmulticast mode [ 78.844395][ T5892] bridge_slave_1: entered promiscuous mode [ 78.869975][ T5892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.881952][ T5892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.909466][ T5892] team0: Port device team_slave_0 added [ 78.917575][ T5892] team0: Port device team_slave_1 added [ 78.940696][ T5892] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.948066][ T5892] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.976715][ T5892] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.990610][ T5892] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.997697][ T5892] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.023774][ T5892] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.059901][ T5892] hsr_slave_0: entered promiscuous mode [ 79.067169][ T5892] hsr_slave_1: entered promiscuous mode [ 79.073320][ T5892] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.081565][ T5892] Cannot create hsr debugfs directory [ 79.387381][ T3490] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.637597][ T50] Bluetooth: hci0: command tx timeout [ 81.676047][ T3490] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.731630][ T3490] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.935162][ T23] cfg80211: failed to load regulatory.db [ 82.626313][ T5892] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.637432][ T5892] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.647504][ T5892] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.668766][ T5892] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.705123][ T3490] hsr_slave_0: left promiscuous mode [ 82.711587][ T3490] hsr_slave_1: left promiscuous mode [ 82.718651][ T3490] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.726082][ T3490] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.729014][ T50] Bluetooth: hci0: command tx timeout [ 82.740889][ T3490] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.749035][ T3490] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.756841][ T3490] bridge_slave_1: left allmulticast mode [ 82.762609][ T3490] bridge_slave_1: left promiscuous mode [ 82.769552][ T3490] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.780237][ T3490] bridge_slave_0: left allmulticast mode [ 82.785915][ T3490] bridge_slave_0: left promiscuous mode [ 82.792838][ T3490] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.814495][ T3490] veth1_macvtap: left promiscuous mode [ 82.820468][ T3490] veth0_macvtap: left promiscuous mode [ 82.826943][ T3490] veth1_vlan: left promiscuous mode [ 82.832399][ T3490] veth0_vlan: left promiscuous mode [ 83.184816][ T3490] team0 (unregistering): Port device team_slave_1 removed [ 83.214417][ T3490] team0 (unregistering): Port device team_slave_0 removed [ 83.244706][ T3490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.275436][ T3490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.544880][ T3490] bond0 (unregistering): Released all slaves [ 83.665155][ T5892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.690743][ T5892] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.710514][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.717745][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.735093][ T2947] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.742280][ T2947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.956648][ T5892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.990764][ T5892] veth0_vlan: entered promiscuous mode [ 84.009223][ T5892] veth1_vlan: entered promiscuous mode [ 84.068256][ T5892] veth0_macvtap: entered promiscuous mode [ 84.083040][ T5892] veth1_macvtap: entered promiscuous mode [ 84.125034][ T5892] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.141848][ T5892] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.155561][ T5892] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.164677][ T5892] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.173677][ T5892] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.183212][ T5892] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.236675][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.248094][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.273432][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 2025/07/31 13:49:42 executed programs: 2 [ 84.281457][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.358489][ T48] [ 84.360869][ T48] ====================================================== [ 84.367866][ T48] WARNING: possible circular locking dependency detected [ 84.374897][ T48] 6.6.100-syzkaller #0 Not tainted [ 84.379985][ T48] ------------------------------------------------------ [ 84.386981][ T48] kworker/u4:3/48 is trying to acquire lock: [ 84.392936][ T48] ffff8880b8f295a8 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x15a/0x780 [ 84.401559][ T48] [ 84.401559][ T48] but task is already holding lock: [ 84.409080][ T48] ffff8880b8f297d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 84.417944][ T48] [ 84.417944][ T48] which lock already depends on the new lock. [ 84.417944][ T48] [ 84.428328][ T48] [ 84.428328][ T48] the existing dependency chain (in reverse order) is: [ 84.437325][ T48] [ 84.437325][ T48] -> #1 (&base->lock){-.-.}-{2:2}: [ 84.444614][ T48] _raw_spin_lock_irqsave+0xa8/0xf0 [ 84.450326][ T48] lock_timer_base+0x123/0x270 [ 84.455600][ T48] __mod_timer+0xf9/0xdb0 [ 84.460436][ T48] queue_delayed_work_on+0x12a/0x1e0 [ 84.466225][ T48] kvfree_call_rcu+0x541/0x780 [ 84.471505][ T48] rtnl_register_internal+0x486/0x590 [ 84.477386][ T48] rtnl_register+0x32/0x70 [ 84.482305][ T48] ip_rt_init+0x2ec/0x390 [ 84.487144][ T48] ip_init+0xe/0x20 [ 84.491461][ T48] inet_init+0x2c1/0x3e0 [ 84.496214][ T48] do_one_initcall+0x1fd/0x750 [ 84.501488][ T48] do_initcall_level+0x137/0x1f0 [ 84.506942][ T48] do_initcalls+0x69/0xd0 [ 84.511786][ T48] kernel_init_freeable+0x3d2/0x570 [ 84.517496][ T48] kernel_init+0x1d/0x1c0 [ 84.522325][ T48] ret_from_fork+0x48/0x80 [ 84.527251][ T48] ret_from_fork_asm+0x11/0x20 [ 84.532524][ T48] [ 84.532524][ T48] -> #0 (krc.lock){..-.}-{2:2}: [ 84.539544][ T48] __lock_acquire+0x2ddb/0x7c80 [ 84.544901][ T48] lock_acquire+0x197/0x410 [ 84.549908][ T48] _raw_spin_lock+0x2e/0x40 [ 84.554918][ T48] kvfree_call_rcu+0x15a/0x780 [ 84.560192][ T48] trie_delete_elem+0x535/0x6a0 [ 84.565551][ T48] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 84.571529][ T48] bpf_trace_run3+0x1e7/0x400 [ 84.576709][ T48] __bpf_trace_timer_start+0x14a/0x1b0 [ 84.582676][ T48] enqueue_timer+0x398/0x530 [ 84.587768][ T48] __mod_timer+0x977/0xdb0 [ 84.592691][ T48] queue_delayed_work_on+0x12a/0x1e0 [ 84.598479][ T48] process_scheduled_works+0xa45/0x15b0 [ 84.604533][ T48] worker_thread+0xa55/0xfc0 [ 84.609631][ T48] kthread+0x2fa/0x390 [ 84.614202][ T48] ret_from_fork+0x48/0x80 [ 84.619121][ T48] ret_from_fork_asm+0x11/0x20 [ 84.624392][ T48] [ 84.624392][ T48] other info that might help us debug this: [ 84.624392][ T48] [ 84.634600][ T48] Possible unsafe locking scenario: [ 84.634600][ T48] [ 84.642042][ T48] CPU0 CPU1 [ 84.647387][ T48] ---- ---- [ 84.652732][ T48] lock(&base->lock); [ 84.656797][ T48] lock(krc.lock); [ 84.663120][ T48] lock(&base->lock); [ 84.669692][ T48] lock(krc.lock); [ 84.673484][ T48] [ 84.673484][ T48] *** DEADLOCK *** [ 84.673484][ T48] [ 84.681605][ T48] 4 locks held by kworker/u4:3/48: [ 84.686726][ T48] #0: ffff88814c6aa138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 84.698031][ T48] #1: ffffc90000b8fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 [ 84.711151][ T48] #2: ffff8880b8f297d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 84.720453][ T48] #3: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf4/0x400 [ 84.729745][ T48] [ 84.729745][ T48] stack backtrace: [ 84.735631][ T48] CPU: 1 PID: 48 Comm: kworker/u4:3 Not tainted 6.6.100-syzkaller #0 [ 84.743677][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 84.753742][ T48] Workqueue: bat_events batadv_nc_worker [ 84.759376][ T48] Call Trace: [ 84.762642][ T48] [ 84.765664][ T48] dump_stack_lvl+0x16c/0x230 [ 84.770330][ T48] ? load_image+0x3b0/0x3b0 [ 84.774823][ T48] ? show_regs_print_info+0x20/0x20 [ 84.780012][ T48] ? print_circular_bug+0x12b/0x1a0 [ 84.785199][ T48] check_noncircular+0x2bd/0x3c0 [ 84.790384][ T48] ? print_deadlock_bug+0x5d0/0x5d0 [ 84.795572][ T48] ? lockdep_lock+0xe0/0x220 [ 84.800151][ T48] ? _find_first_zero_bit+0xd3/0x100 [ 84.805452][ T48] __lock_acquire+0x2ddb/0x7c80 [ 84.810296][ T48] ? verify_lock_unused+0x140/0x140 [ 84.815480][ T48] ? verify_lock_unused+0x140/0x140 [ 84.820669][ T48] lock_acquire+0x197/0x410 [ 84.825154][ T48] ? kvfree_call_rcu+0x15a/0x780 [ 84.830079][ T48] ? __virt_addr_valid+0x18c/0x540 [ 84.835178][ T48] ? read_lock_is_recursive+0x20/0x20 [ 84.840540][ T48] ? __virt_addr_valid+0x18c/0x540 [ 84.845643][ T48] ? __virt_addr_valid+0x18c/0x540 [ 84.850739][ T48] ? __virt_addr_valid+0x469/0x540 [ 84.855833][ T48] ? __phys_addr+0xba/0x170 [ 84.860620][ T48] _raw_spin_lock+0x2e/0x40 [ 84.865111][ T48] ? kvfree_call_rcu+0x15a/0x780 [ 84.870031][ T48] kvfree_call_rcu+0x15a/0x780 [ 84.874785][ T48] ? call_rcu+0x930/0x930 [ 84.879114][ T48] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 84.885009][ T48] ? _raw_spin_unlock+0x40/0x40 [ 84.889855][ T48] trie_delete_elem+0x535/0x6a0 [ 84.894700][ T48] bpf_prog_2c29ac5cdc6b1842+0x42/0x46 [ 84.900346][ T48] bpf_trace_run3+0x1e7/0x400 [ 84.905032][ T48] ? bpf_trace_run3+0xf4/0x400 [ 84.909790][ T48] ? bpf_trace_run2+0x3c0/0x3c0 [ 84.914635][ T48] ? __bpf_trace_timer_start+0x133/0x1b0 [ 84.920286][ T48] __bpf_trace_timer_start+0x14a/0x1b0 [ 84.925734][ T48] ? __bpf_trace_timer_class+0x100/0x100 [ 84.931359][ T48] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 84.937415][ T48] ? _raw_spin_unlock+0x40/0x40 [ 84.942257][ T48] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 84.947798][ T48] ? _raw_spin_lock+0x40/0x40 [ 84.952513][ T48] enqueue_timer+0x398/0x530 [ 84.957103][ T48] __mod_timer+0x977/0xdb0 [ 84.961650][ T48] queue_delayed_work_on+0x12a/0x1e0 [ 84.966943][ T48] ? delayed_work_timer_fn+0x80/0x80 [ 84.972216][ T48] ? batadv_nc_process_nc_paths+0xba/0x390 [ 84.978046][ T48] ? __msecs_to_jiffies+0x1e/0x50 [ 84.983076][ T48] ? batadv_nc_worker+0x4f8/0x610 [ 84.988129][ T48] ? process_scheduled_works+0x957/0x15b0 [ 84.993849][ T48] process_scheduled_works+0xa45/0x15b0 [ 84.999396][ T48] ? assign_work+0x400/0x400 [ 85.003995][ T48] ? assign_work+0x39e/0x400 [ 85.008594][ T48] worker_thread+0xa55/0xfc0 [ 85.013192][ T48] kthread+0x2fa/0x390 [ 85.017254][ T48] ? pr_cont_work+0x560/0x560 [ 85.021932][ T48] ? kthread_blkcg+0xd0/0xd0 [ 85.026505][ T48] ret_from_fork+0x48/0x80 [ 85.030916][ T48] ? kthread_blkcg+0xd0/0xd0 [ 85.035509][ T48] ret_from_fork_asm+0x11/0x20 [ 85.040283][ T48] [ 85.063282][ T50] Bluetooth: hci0: command tx timeout [ 87.116933][ T50] Bluetooth: hci0: command tx timeout 2025/07/31 13:49:47 executed programs: 210 2025/07/31 13:49:52 executed programs: 452