Warning: Permanently added '10.128.0.188' (ED25519) to the list of known hosts. 2025/10/25 14:13:41 parsed 1 programs syzkaller login: [ 73.145562][ T4195] cgroup: Unknown subsys name 'net' [ 73.274853][ T4195] cgroup: Unknown subsys name 'rlimit' [ 74.774548][ T4195] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 78.172115][ T4243] chnl_net:caif_netlink_parms(): no params data found [ 78.236019][ T4243] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.243971][ T4243] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.252106][ T4243] device bridge_slave_0 entered promiscuous mode [ 78.261114][ T4243] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.268301][ T4243] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.276281][ T4243] device bridge_slave_1 entered promiscuous mode [ 78.307888][ T4243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.321334][ T4243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.447219][ T4243] team0: Port device team_slave_0 added [ 78.465588][ T4243] team0: Port device team_slave_1 added [ 78.488435][ T4243] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.495394][ T4243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.521872][ T4243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.534814][ T4243] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.542129][ T4243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.568481][ T4243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.599075][ T4243] device hsr_slave_0 entered promiscuous mode [ 78.605830][ T4243] device hsr_slave_1 entered promiscuous mode [ 78.716130][ T4243] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.726704][ T4243] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.736404][ T4243] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.745576][ T4243] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.794137][ T4243] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.801379][ T4243] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.809391][ T4243] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.816469][ T4243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.881077][ T4243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.894933][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.906178][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.914752][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.922818][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 78.937088][ T4243] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.969586][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.978410][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.985566][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.997009][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.005661][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.012850][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.054497][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.063449][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.075488][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.087588][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.100894][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.133062][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.234649][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.242981][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.257438][ T4243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.295300][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 79.304303][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.322841][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.332129][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.343176][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.351171][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.378306][ T4243] device veth0_vlan entered promiscuous mode [ 79.389748][ T4243] device veth1_vlan entered promiscuous mode [ 79.412087][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.420472][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.428640][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 79.437152][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.467149][ T4243] device veth0_macvtap entered promiscuous mode [ 79.477246][ T4243] device veth1_macvtap entered promiscuous mode [ 79.493030][ T4243] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.500871][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.509139][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 79.517022][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 79.526360][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.539583][ T4243] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.551039][ T4243] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.561549][ T4243] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.571284][ T4243] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.580374][ T4243] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.591331][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.608764][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 80.150580][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.169063][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.180221][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 80.192822][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.201252][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.210857][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/10/25 14:13:51 executed programs: 0 [ 81.035018][ T4299] chnl_net:caif_netlink_parms(): no params data found [ 81.105387][ T4299] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.112899][ T4299] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.121254][ T4299] device bridge_slave_0 entered promiscuous mode [ 81.130438][ T4299] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.137623][ T4299] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.146470][ T4299] device bridge_slave_1 entered promiscuous mode [ 81.170928][ T4299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.183789][ T4299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.214405][ T4299] team0: Port device team_slave_0 added [ 81.222738][ T4299] team0: Port device team_slave_1 added [ 81.247059][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.254138][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.280513][ T4299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.294719][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.302512][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.329513][ T4299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.369671][ T4299] device hsr_slave_0 entered promiscuous mode [ 81.376491][ T4299] device hsr_slave_1 entered promiscuous mode [ 81.383528][ T4299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.391558][ T4299] Cannot create hsr debugfs directory [ 81.465611][ T4299] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.939169][ T4258] Bluetooth: hci0: command 0x0409 tx timeout [ 84.895284][ T4299] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.965052][ T4299] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.018442][ T4258] Bluetooth: hci0: command 0x041b tx timeout [ 85.031231][ T4299] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.138749][ T4299] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.147654][ T4299] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.157497][ T4299] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.179889][ T4299] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.242459][ T4299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.254908][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.264542][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.285459][ T4299] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.295050][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.304849][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.314934][ T301] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.322072][ T301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.331220][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.357040][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.365809][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.375544][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.382641][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.392515][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.419686][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.433754][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 85.442563][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.451390][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.462326][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 85.471380][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.495537][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.504202][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.521287][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.530099][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.542063][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.656078][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.664154][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.684734][ T4299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.704023][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 85.713114][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.740447][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.749018][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.757340][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.767180][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.777353][ T4299] device veth0_vlan entered promiscuous mode [ 85.790054][ T1241] device hsr_slave_0 left promiscuous mode [ 85.796618][ T1241] device hsr_slave_1 left promiscuous mode [ 85.805109][ T1241] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.812635][ T1241] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.821391][ T1241] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.829272][ T1241] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.836837][ T1241] device bridge_slave_1 left promiscuous mode [ 85.844085][ T1241] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.856997][ T1241] device bridge_slave_0 left promiscuous mode [ 85.863539][ T1241] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.881555][ T1241] device veth1_macvtap left promiscuous mode [ 85.887756][ T1241] device veth0_macvtap left promiscuous mode [ 85.893942][ T1241] device veth1_vlan left promiscuous mode [ 85.899981][ T1241] device veth0_vlan left promiscuous mode [ 86.055468][ T1241] team0 (unregistering): Port device team_slave_1 removed [ 86.073364][ T1241] team0 (unregistering): Port device team_slave_0 removed [ 86.087460][ T1241] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 86.103493][ T1241] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 86.166236][ T1241] bond0 (unregistering): Released all slaves [ 86.235772][ T4299] device veth1_vlan entered promiscuous mode [ 86.256483][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 86.265004][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 86.273571][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 86.283280][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 86.294205][ T4299] device veth0_macvtap entered promiscuous mode [ 86.305208][ T4299] device veth1_macvtap entered promiscuous mode [ 86.324478][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.336830][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.344973][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 86.354015][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 86.362852][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 86.372019][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 86.381188][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 86.393353][ T4299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.402370][ T4299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.411677][ T4299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.420685][ T4299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.490851][ T301] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.499625][ T301] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.521690][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 86.546345][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.554575][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.564266][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.620682][ T1111] cfg80211: failed to load regulatory.db [ 86.639257][ T154] [ 86.641622][ T154] ====================================================== [ 86.648638][ T154] WARNING: possible circular locking dependency detected [ 86.655659][ T154] syzkaller #0 Not tainted [ 86.660067][ T154] ------------------------------------------------------ [ 86.667081][ T154] kworker/u4:2/154 is trying to acquire lock: [ 86.673142][ T154] ffff88802abf4a38 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x90/0x710 [ 86.682033][ T154] [ 86.682033][ T154] but task is already holding lock: [ 86.689393][ T154] ffff8880b90280d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 86.698267][ T154] [ 86.698267][ T154] which lock already depends on the new lock. [ 86.698267][ T154] [ 86.708704][ T154] [ 86.708704][ T154] the existing dependency chain (in reverse order) is: [ 86.717712][ T154] [ 86.717712][ T154] -> #2 (&base->lock){-.-.}-{2:2}: [ 86.725004][ T154] _raw_spin_lock_irqsave+0xa4/0xf0 [ 86.730727][ T154] lock_timer_base+0x123/0x270 [ 86.736016][ T154] __mod_timer+0x117/0xd20 [ 86.740955][ T154] queue_delayed_work_on+0x126/0x1e0 [ 86.746763][ T154] kvfree_call_rcu+0x4a9/0x7c0 [ 86.752046][ T154] rtnl_register_internal+0x44e/0x540 [ 86.757945][ T154] rtnl_register+0x2e/0x70 [ 86.762887][ T154] ip_rt_init+0x2e0/0x3a0 [ 86.767739][ T154] ip_init+0xa/0x20 [ 86.772069][ T154] inet_init+0x28b/0x3a0 [ 86.776834][ T154] do_one_initcall+0x1ee/0x680 [ 86.782132][ T154] do_initcall_level+0x137/0x1f0 [ 86.787590][ T154] do_initcalls+0x4b/0x90 [ 86.792434][ T154] kernel_init_freeable+0x3ce/0x560 [ 86.798155][ T154] kernel_init+0x19/0x1b0 [ 86.803013][ T154] ret_from_fork+0x1f/0x30 [ 86.807949][ T154] [ 86.807949][ T154] -> #1 (krc.lock){..-.}-{2:2}: [ 86.814988][ T154] _raw_spin_lock+0x2a/0x40 [ 86.820007][ T154] kvfree_call_rcu+0x186/0x7c0 [ 86.825288][ T154] trie_update_elem+0x86e/0xc50 [ 86.830663][ T154] bpf_map_update_value+0x57d/0x650 [ 86.836379][ T154] generic_map_update_batch+0x525/0x7c0 [ 86.842560][ T154] bpf_map_do_batch+0x466/0x600 [ 86.847929][ T154] __sys_bpf+0x601/0x670 [ 86.852693][ T154] __x64_sys_bpf+0x78/0x90 [ 86.857630][ T154] do_syscall_64+0x4c/0xa0 [ 86.862563][ T154] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.868980][ T154] [ 86.868980][ T154] -> #0 (&trie->lock){....}-{2:2}: [ 86.876281][ T154] __lock_acquire+0x2c33/0x7c60 [ 86.881674][ T154] lock_acquire+0x197/0x3f0 [ 86.886698][ T154] _raw_spin_lock_irqsave+0xa4/0xf0 [ 86.892411][ T154] trie_delete_elem+0x90/0x710 [ 86.897709][ T154] bpf_prog_5186c38a4019a4cb+0x42/0xebc [ 86.903790][ T154] bpf_trace_run3+0x17e/0x320 [ 86.908984][ T154] enqueue_timer+0x394/0x520 [ 86.914106][ T154] __mod_timer+0x8e1/0xd20 [ 86.919038][ T154] queue_delayed_work_on+0x126/0x1e0 [ 86.924854][ T154] process_one_work+0x863/0x1000 [ 86.930307][ T154] worker_thread+0xaa8/0x12a0 [ 86.935506][ T154] kthread+0x436/0x520 [ 86.940106][ T154] ret_from_fork+0x1f/0x30 [ 86.945039][ T154] [ 86.945039][ T154] other info that might help us debug this: [ 86.945039][ T154] [ 86.955260][ T154] Chain exists of: [ 86.955260][ T154] &trie->lock --> krc.lock --> &base->lock [ 86.955260][ T154] [ 86.966987][ T154] Possible unsafe locking scenario: [ 86.966987][ T154] [ 86.974523][ T154] CPU0 CPU1 [ 86.979883][ T154] ---- ---- [ 86.985250][ T154] lock(&base->lock); [ 86.989316][ T154] lock(krc.lock); [ 86.995641][ T154] lock(&base->lock); [ 87.002233][ T154] lock(&trie->lock); [ 87.006329][ T154] [ 87.006329][ T154] *** DEADLOCK *** [ 87.006329][ T154] [ 87.014469][ T154] 4 locks held by kworker/u4:2/154: [ 87.019664][ T154] #0: ffff88814c7fa138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 [ 87.030371][ T154] #1: ffffc9000129fd00 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 [ 87.042893][ T154] #2: ffff8880b90280d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 87.052206][ T154] #3: ffffffff8c11c720 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 87.061599][ T154] [ 87.061599][ T154] stack backtrace: [ 87.067507][ T154] CPU: 0 PID: 154 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 87.074994][ T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 87.085142][ T154] Workqueue: bat_events batadv_nc_worker [ 87.090795][ T154] Call Trace: [ 87.094251][ T154] [ 87.097190][ T154] dump_stack_lvl+0x168/0x230 [ 87.101879][ T154] ? load_image+0x3b0/0x3b0 [ 87.106399][ T154] ? show_regs_print_info+0x20/0x20 [ 87.111604][ T154] ? print_circular_bug+0x12b/0x1a0 [ 87.116803][ T154] check_noncircular+0x274/0x310 [ 87.121741][ T154] ? add_chain_block+0x940/0x940 [ 87.126676][ T154] ? lockdep_lock+0x141/0x1e0 [ 87.131368][ T154] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 87.137370][ T154] ? mark_lock+0x94/0x320 [ 87.141702][ T154] ? mark_lock+0x94/0x320 [ 87.146037][ T154] __lock_acquire+0x2c33/0x7c60 [ 87.150987][ T154] ? __lock_acquire+0x12d9/0x7c60 [ 87.156104][ T154] ? verify_lock_unused+0x140/0x140 [ 87.161315][ T154] ? __lock_acquire+0x13ad/0x7c60 [ 87.166359][ T154] lock_acquire+0x197/0x3f0 [ 87.170865][ T154] ? trie_delete_elem+0x90/0x710 [ 87.175820][ T154] ? verify_lock_unused+0x140/0x140 [ 87.181151][ T154] ? __lock_acquire+0x12d9/0x7c60 [ 87.186331][ T154] ? read_lock_is_recursive+0x10/0x10 [ 87.191723][ T154] _raw_spin_lock_irqsave+0xa4/0xf0 [ 87.197030][ T154] ? trie_delete_elem+0x90/0x710 [ 87.201992][ T154] ? _raw_spin_lock+0x40/0x40 [ 87.206689][ T154] trie_delete_elem+0x90/0x710 [ 87.211498][ T154] ? __rwlock_init+0x140/0x140 [ 87.216301][ T154] bpf_prog_5186c38a4019a4cb+0x42/0xebc [ 87.221882][ T154] bpf_trace_run3+0x17e/0x320 [ 87.226568][ T154] ? bpf_trace_run2+0x2d0/0x2d0 [ 87.231504][ T154] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 87.237404][ T154] enqueue_timer+0x394/0x520 [ 87.242002][ T154] __mod_timer+0x8e1/0xd20 [ 87.246539][ T154] queue_delayed_work_on+0x126/0x1e0 [ 87.251843][ T154] ? delayed_work_timer_fn+0x80/0x80 [ 87.257143][ T154] ? __msecs_to_jiffies+0x1a/0x40 [ 87.262189][ T154] ? batadv_nc_worker+0x4b2/0x5c0 [ 87.267224][ T154] process_one_work+0x863/0x1000 [ 87.272171][ T154] ? worker_detach_from_pool+0x240/0x240 [ 87.277805][ T154] ? lockdep_hardirqs_off+0x70/0x100 [ 87.283106][ T154] ? _raw_spin_lock_irq+0xab/0xe0 [ 87.288155][ T154] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 87.293557][ T154] ? wq_worker_running+0x97/0x170 [ 87.298677][ T154] worker_thread+0xaa8/0x12a0 [ 87.303375][ T154] kthread+0x436/0x520 [ 87.307536][ T154] ? rcu_lock_release+0x20/0x20 [ 87.312514][ T154] ? kthread_blkcg+0xd0/0xd0 [ 87.317125][ T154] ret_from_fork+0x1f/0x30 [ 87.321556][ T154] [ 87.329015][ T4262] Bluetooth: hci0: command 0x040f tx timeout