Warning: Permanently added '10.128.0.250' (ED25519) to the list of known hosts. 2025/07/23 19:23:39 ignoring optional flag "sandboxArg"="0" 2025/07/23 19:23:40 parsed 1 programs [ 81.389498][ T4195] cgroup: Unknown subsys name 'net' [ 81.507456][ T4195] cgroup: Unknown subsys name 'rlimit' [ 83.271697][ T4195] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 86.087034][ T4225] chnl_net:caif_netlink_parms(): no params data found [ 86.175941][ T4225] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.191005][ T4225] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.208633][ T4225] device bridge_slave_0 entered promiscuous mode [ 86.222566][ T4225] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.232775][ T4225] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.243166][ T4225] device bridge_slave_1 entered promiscuous mode [ 86.286294][ T4225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.301878][ T4225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.337123][ T4225] team0: Port device team_slave_0 added [ 86.347193][ T4225] team0: Port device team_slave_1 added [ 86.376306][ T4225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.384895][ T4225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.416342][ T4225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.432026][ T4225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.441837][ T4225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.473323][ T4225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.519280][ T4225] device hsr_slave_0 entered promiscuous mode [ 86.526992][ T4225] device hsr_slave_1 entered promiscuous mode [ 86.687041][ T4225] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.701426][ T4225] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.713007][ T4225] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.724300][ T4225] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.767692][ T4225] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.775273][ T4225] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.784795][ T4225] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.796697][ T4225] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.878514][ T4225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.895858][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.908792][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.922911][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.934028][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 86.952665][ T4225] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.972602][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.988283][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.996931][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.024549][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.037034][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.045333][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.073310][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 87.085638][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 87.099211][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 87.110176][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 87.122740][ T156] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 87.139486][ T4225] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 87.162749][ T4225] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.176330][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 87.186610][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 87.200864][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 87.210227][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 87.228855][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 87.359677][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 87.368165][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 87.384851][ T4225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.405728][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 87.417014][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.443716][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 87.453928][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.469636][ T4225] device veth0_vlan entered promiscuous mode [ 87.478382][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.487679][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.508144][ T4225] device veth1_vlan entered promiscuous mode [ 87.553549][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 87.562286][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 87.572323][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 87.581747][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 87.594337][ T4225] device veth0_macvtap entered promiscuous mode [ 87.604117][ T4225] device veth1_macvtap entered promiscuous mode [ 87.625125][ T4225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.637862][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 87.647934][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 87.670323][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 87.680998][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 87.694303][ T4225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.715657][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 87.725572][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 87.737081][ T4225] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.746635][ T4225] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.756379][ T4225] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.765712][ T4225] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.884193][ T4225] syz-executor (4225) used greatest stack depth: 20448 bytes left [ 89.558770][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.576608][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.601866][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 89.619759][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.628649][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.638807][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/07/23 19:23:51 executed programs: 0 [ 90.165977][ T140] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.317737][ T4292] chnl_net:caif_netlink_parms(): no params data found [ 90.370510][ T4292] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.377972][ T4292] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.386838][ T4292] device bridge_slave_0 entered promiscuous mode [ 90.396004][ T4292] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.404255][ T4292] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.413982][ T4292] device bridge_slave_1 entered promiscuous mode [ 90.441881][ T4292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.454162][ T4292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.485156][ T4292] team0: Port device team_slave_0 added [ 90.494418][ T4292] team0: Port device team_slave_1 added [ 90.516839][ T4292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.525332][ T4292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.556282][ T4292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.569622][ T4292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.578251][ T4292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.606186][ T4292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.642968][ T4292] device hsr_slave_0 entered promiscuous mode [ 90.650576][ T4292] device hsr_slave_1 entered promiscuous mode [ 90.659844][ T4292] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.669079][ T4292] Cannot create hsr debugfs directory [ 92.271198][ T23] Bluetooth: hci0: command 0x0409 tx timeout [ 92.353539][ T1111] cfg80211: failed to load regulatory.db [ 92.908669][ T140] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.967251][ T140] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.018310][ T140] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.861505][ T4292] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.873750][ T4292] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.917482][ T4292] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.932401][ T4292] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.051642][ T4292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.069364][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.081797][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.094020][ T4292] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.113283][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.123327][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.132847][ T4239] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.141540][ T4239] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.174535][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.189934][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.199801][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.210141][ T4239] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.218423][ T4239] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.235896][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.249332][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.267322][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.281406][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.290521][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.304290][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.314915][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.350650][ T23] Bluetooth: hci0: command 0x041b tx timeout [ 94.362599][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.375735][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.392710][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.402674][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.447555][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.593305][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 94.601554][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 94.615370][ T4292] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.655393][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 94.665512][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.699414][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 94.710065][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.720525][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.728451][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 94.745821][ T4292] device veth0_vlan entered promiscuous mode [ 94.760017][ T4292] device veth1_vlan entered promiscuous mode [ 94.790155][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 94.804029][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 94.813589][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 94.825140][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 94.846051][ T140] device hsr_slave_0 left promiscuous mode [ 94.858397][ T140] device hsr_slave_1 left promiscuous mode [ 94.867228][ T140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.878320][ T140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 94.894894][ T140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 94.914531][ T140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 94.928047][ T140] device bridge_slave_1 left promiscuous mode [ 94.949174][ T140] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.972136][ T140] device bridge_slave_0 left promiscuous mode [ 94.980787][ T140] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.005913][ T140] device veth1_macvtap left promiscuous mode [ 95.013453][ T140] device veth0_macvtap left promiscuous mode [ 95.021967][ T140] device veth1_vlan left promiscuous mode [ 95.032109][ T140] device veth0_vlan left promiscuous mode [ 95.365383][ T140] team0 (unregistering): Port device team_slave_1 removed [ 95.384022][ T140] team0 (unregistering): Port device team_slave_0 removed [ 95.404593][ T140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 95.421974][ T140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 95.487477][ T140] bond0 (unregistering): Released all slaves [ 95.531152][ T4292] device veth0_macvtap entered promiscuous mode [ 95.539660][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.561338][ T4292] device veth1_macvtap entered promiscuous mode [ 95.593608][ T4292] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.607558][ T4292] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.617102][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.627885][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.639042][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.648257][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 95.666677][ T4292] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.676754][ T4292] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.686747][ T4292] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.699103][ T4292] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.769628][ T4344] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 2025/07/23 19:23:57 executed programs: 2 [ 95.822762][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.824535][ T4344] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.836872][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.847015][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 95.862155][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 95.945408][ T154] [ 95.948926][ T154] ====================================================== [ 95.956567][ T154] WARNING: possible circular locking dependency detected [ 95.964875][ T154] 5.15.189-syzkaller #0 Not tainted [ 95.970471][ T154] ------------------------------------------------------ [ 95.978057][ T154] kworker/u4:2/154 is trying to acquire lock: [ 95.985098][ T154] ffff888024b7f1b8 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x90/0x710 [ 95.994695][ T154] [ 95.994695][ T154] but task is already holding lock: [ 96.003031][ T154] ffff8880b9128098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 96.011937][ T154] [ 96.011937][ T154] which lock already depends on the new lock. [ 96.011937][ T154] [ 96.024598][ T154] [ 96.024598][ T154] the existing dependency chain (in reverse order) is: [ 96.035311][ T154] [ 96.035311][ T154] -> #2 (&base->lock){-.-.}-{2:2}: [ 96.043113][ T154] _raw_spin_lock_irqsave+0xa4/0xf0 [ 96.049265][ T154] lock_timer_base+0x123/0x270 [ 96.054939][ T154] __mod_timer+0x117/0xd20 [ 96.060001][ T154] queue_delayed_work_on+0x126/0x1e0 [ 96.066748][ T154] kvfree_call_rcu+0x4a9/0x7c0 [ 96.072071][ T154] rtnl_register_internal+0x44e/0x540 [ 96.078625][ T154] rtnl_register+0x2e/0x70 [ 96.084673][ T154] ip_rt_init+0x2e0/0x3a0 [ 96.090744][ T154] ip_init+0xa/0x20 [ 96.095880][ T154] inet_init+0x28b/0x3a0 [ 96.100831][ T154] do_one_initcall+0x1ee/0x680 [ 96.106930][ T154] do_initcall_level+0x137/0x1f0 [ 96.113521][ T154] do_initcalls+0x4b/0x90 [ 96.118762][ T154] kernel_init_freeable+0x3ce/0x560 [ 96.125341][ T154] kernel_init+0x19/0x1b0 [ 96.130698][ T154] ret_from_fork+0x1f/0x30 [ 96.137450][ T154] [ 96.137450][ T154] -> #1 (krc.lock){..-.}-{2:2}: [ 96.144637][ T154] _raw_spin_lock+0x2a/0x40 [ 96.149887][ T154] kvfree_call_rcu+0x186/0x7c0 [ 96.155194][ T154] trie_update_elem+0x86e/0xc50 [ 96.160793][ T154] bpf_map_update_value+0x57d/0x650 [ 96.166569][ T154] generic_map_update_batch+0x525/0x7c0 [ 96.172790][ T154] bpf_map_do_batch+0x466/0x600 [ 96.178463][ T154] __sys_bpf+0x601/0x670 [ 96.183625][ T154] __x64_sys_bpf+0x78/0x90 [ 96.190622][ T154] do_syscall_64+0x4c/0xa0 [ 96.197089][ T154] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 96.204259][ T154] [ 96.204259][ T154] -> #0 (&trie->lock){....}-{2:2}: [ 96.215193][ T154] __lock_acquire+0x2c33/0x7c60 [ 96.220941][ T154] lock_acquire+0x197/0x3f0 [ 96.227968][ T154] _raw_spin_lock_irqsave+0xa4/0xf0 [ 96.237012][ T154] trie_delete_elem+0x90/0x710 [ 96.242940][ T154] bpf_prog_2c29ac5cdc6b1842+0x3a/0x4f8 [ 96.253956][ T154] bpf_trace_run3+0x17e/0x320 [ 96.262705][ T154] enqueue_timer+0x394/0x520 [ 96.268228][ T154] __mod_timer+0x8e1/0xd20 [ 96.274749][ T154] queue_delayed_work_on+0x126/0x1e0 [ 96.283153][ T154] kvfree_call_rcu+0x4a9/0x7c0 [ 96.289874][ T154] ieee80211_check_fast_xmit+0x4cd/0x1070 [ 96.296494][ T154] ieee80211_ibss_rx_queued_mgmt+0x1480/0x29c0 [ 96.305918][ T154] ieee80211_iface_work+0x70e/0xc60 [ 96.312225][ T154] process_one_work+0x863/0x1000 [ 96.317744][ T154] worker_thread+0xaa8/0x12a0 [ 96.324628][ T154] kthread+0x436/0x520 [ 96.330309][ T154] ret_from_fork+0x1f/0x30 [ 96.335664][ T154] [ 96.335664][ T154] other info that might help us debug this: [ 96.335664][ T154] [ 96.346991][ T154] Chain exists of: [ 96.346991][ T154] &trie->lock --> krc.lock --> &base->lock [ 96.346991][ T154] [ 96.359026][ T154] Possible unsafe locking scenario: [ 96.359026][ T154] [ 96.367627][ T154] CPU0 CPU1 [ 96.373832][ T154] ---- ---- [ 96.381357][ T154] lock(&base->lock); [ 96.385561][ T154] lock(krc.lock); [ 96.392113][ T154] lock(&base->lock); [ 96.399406][ T154] lock(&trie->lock); [ 96.403602][ T154] [ 96.403602][ T154] *** DEADLOCK *** [ 96.403602][ T154] [ 96.414794][ T154] 8 locks held by kworker/u4:2/154: [ 96.424197][ T154] #0: ffff8880732e9138 ((wq_completion)phy5){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 [ 96.437370][ T154] #1: ffffc90002007d00 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 [ 96.449564][ T154] #2: ffff888077860d40 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_rx_queued_mgmt+0x100/0x29c0 [ 96.460977][ T154] #3: ffffffff8c11c360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 96.472557][ T154] #4: ffff88807c474128 (&sta->lock){+...}-{2:2}, at: ieee80211_check_fast_xmit+0x135/0x1070 [ 96.484047][ T154] #5: ffff8880b9127e78 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x186/0x7c0 [ 96.493887][ T154] #6: ffff8880b9128098 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 96.504150][ T154] #7: ffffffff8c11c360 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 96.514258][ T154] [ 96.514258][ T154] stack backtrace: [ 96.527326][ T154] CPU: 1 PID: 154 Comm: kworker/u4:2 Not tainted 5.15.189-syzkaller #0 [ 96.535929][ T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 96.547605][ T154] Workqueue: phy5 ieee80211_iface_work [ 96.555093][ T154] Call Trace: [ 96.558759][ T154] [ 96.562013][ T154] dump_stack_lvl+0x168/0x230 [ 96.566965][ T154] ? load_image+0x3b0/0x3b0 [ 96.572000][ T154] ? show_regs_print_info+0x20/0x20 [ 96.577336][ T154] ? print_circular_bug+0x12b/0x1a0 [ 96.582561][ T154] check_noncircular+0x274/0x310 [ 96.587906][ T154] ? add_chain_block+0x940/0x940 [ 96.593174][ T154] ? lockdep_lock+0x141/0x1e0 [ 96.599275][ T154] ? __pv_queued_spin_lock_slowpath+0x7e6/0x9c0 [ 96.606405][ T154] ? mark_lock+0x94/0x320 [ 96.610865][ T154] __lock_acquire+0x2c33/0x7c60 [ 96.616476][ T154] ? check_path+0x40/0x40 [ 96.622182][ T154] ? check_path+0x21/0x40 [ 96.626820][ T154] ? __lock_acquire+0x12d9/0x7c60 [ 96.633548][ T154] ? verify_lock_unused+0x140/0x140 [ 96.641167][ T154] ? __lock_acquire+0x289d/0x7c60 [ 96.646671][ T154] ? __bfs+0x2a3/0x5c0 [ 96.652461][ T154] lock_acquire+0x197/0x3f0 [ 96.657346][ T154] ? trie_delete_elem+0x90/0x710 [ 96.663042][ T154] ? verify_lock_unused+0x140/0x140 [ 96.668388][ T154] ? lockdep_lock+0x141/0x1e0 [ 96.673970][ T154] ? read_lock_is_recursive+0x10/0x10 [ 96.680426][ T154] _raw_spin_lock_irqsave+0xa4/0xf0 [ 96.686446][ T154] ? trie_delete_elem+0x90/0x710 [ 96.691763][ T154] ? _raw_spin_lock+0x40/0x40 [ 96.697530][ T154] trie_delete_elem+0x90/0x710 [ 96.703787][ T154] ? __rwlock_init+0x140/0x140 [ 96.709280][ T154] bpf_prog_2c29ac5cdc6b1842+0x3a/0x4f8 [ 96.715589][ T154] bpf_trace_run3+0x17e/0x320 [ 96.723737][ T154] ? bpf_trace_run2+0x2d0/0x2d0 [ 96.729290][ T154] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 96.736141][ T154] ? kasan_save_stack+0x4b/0x60 [ 96.741107][ T154] ? kasan_record_aux_stack+0xb8/0x100 [ 96.746851][ T154] ? kvfree_call_rcu+0x10a/0x7c0 [ 96.751914][ T154] ? ieee80211_check_fast_xmit+0x4cd/0x1070 [ 96.757856][ T154] enqueue_timer+0x394/0x520 [ 96.762595][ T154] __mod_timer+0x8e1/0xd20 [ 96.767218][ T154] queue_delayed_work_on+0x126/0x1e0 [ 96.772754][ T154] ? delayed_work_timer_fn+0x80/0x80 [ 96.778213][ T154] ? __rwlock_init+0x140/0x140 [ 96.783004][ T154] ? kvfree_call_rcu+0x138/0x7c0 [ 96.787960][ T154] kvfree_call_rcu+0x4a9/0x7c0 [ 96.792747][ T154] ? call_rcu+0x930/0x930 [ 96.798045][ T154] ieee80211_check_fast_xmit+0x4cd/0x1070 [ 96.803896][ T154] ? ieee80211_lookup_ra_sta+0x5f0/0x5f0 [ 96.810122][ T154] ? ieee80211_mandatory_rates+0x1c8/0x230 [ 96.816834][ T154] ieee80211_ibss_rx_queued_mgmt+0x1480/0x29c0 [ 96.823508][ T154] ? ieee80211_ibss_rx_no_sta+0x730/0x730 [ 96.829603][ T154] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 96.835786][ T154] ? lockdep_hardirqs_on+0x94/0x140 [ 96.841101][ T154] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 96.847025][ T154] ? _raw_spin_unlock+0x40/0x40 [ 96.852191][ T154] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 96.858313][ T154] ? kcov_remote_start+0xea/0x4a0 [ 96.863383][ T154] ieee80211_iface_work+0x70e/0xc60 [ 96.868878][ T154] process_one_work+0x863/0x1000 [ 96.874201][ T154] ? worker_detach_from_pool+0x240/0x240 [ 96.881177][ T154] ? lockdep_hardirqs_off+0x70/0x100 [ 96.886490][ T154] ? _raw_spin_lock_irq+0xab/0xe0 [ 96.891983][ T154] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 96.898024][ T154] ? wq_worker_running+0x97/0x170 [ 96.903877][ T154] worker_thread+0xaa8/0x12a0 [ 96.908866][ T154] kthread+0x436/0x520 [ 96.913480][ T154] ? rcu_lock_release+0x20/0x20 [ 96.918377][ T154] ? kthread_blkcg+0xd0/0xd0 [ 96.923152][ T154] ret_from_fork+0x1f/0x30 [ 96.927688][ T154] [ 96.933734][ T23] Bluetooth: hci0: command 0x040f tx timeout [ 98.990725][ T4238] Bluetooth: hci0: command 0x0419 tx timeout 2025/07/23 19:24:02 executed programs: 179 2025/07/23 19:24:07 executed programs: 415