Warning: Permanently added '10.128.0.14' (ED25519) to the list of known hosts. 2025/10/26 10:32:17 parsed 1 programs syzkaller login: [ 80.372121][ T4272] cgroup: Unknown subsys name 'net' [ 80.531856][ T4272] cgroup: Unknown subsys name 'rlimit' [ 82.267750][ T4272] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 84.661719][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.677090][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.688058][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.701357][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.710667][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.721024][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.974305][ T4323] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.983471][ T4323] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.991559][ T4323] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.000345][ T4323] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.009146][ T4323] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.016632][ T4323] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.305480][ T4347] chnl_net:caif_netlink_parms(): no params data found [ 86.361446][ T4347] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.369412][ T4347] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.377774][ T4347] device bridge_slave_0 entered promiscuous mode [ 86.396116][ T4347] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.403296][ T4347] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.412153][ T4347] device bridge_slave_1 entered promiscuous mode [ 86.436213][ T4347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.447888][ T4347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.507748][ T4347] team0: Port device team_slave_0 added [ 86.515035][ T4347] team0: Port device team_slave_1 added [ 86.535634][ T4347] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.542645][ T4347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.568711][ T4347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.585177][ T4347] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.592178][ T4347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.618752][ T4347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.677203][ T4347] device hsr_slave_0 entered promiscuous mode [ 86.684038][ T4347] device hsr_slave_1 entered promiscuous mode [ 86.707124][ T41] cfg80211: failed to load regulatory.db [ 86.826784][ T4347] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.838286][ T4347] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.849092][ T4347] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.859992][ T4347] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.897711][ T4347] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.905012][ T4347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.913199][ T4347] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.920384][ T4347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.968944][ T4347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.001496][ T4347] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.010121][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 87.039952][ T32] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.049585][ T32] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.058331][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 87.075034][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.084418][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.091673][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.104465][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.113490][ T32] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.120753][ T32] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.142817][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 87.159783][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 87.173935][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 87.187558][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 87.209792][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 87.221205][ T4347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 87.419796][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 87.428000][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 87.444217][ T4347] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.468402][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 87.477410][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.496084][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 87.504586][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.513720][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.522120][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.536903][ T4347] device veth0_vlan entered promiscuous mode [ 87.548477][ T4347] device veth1_vlan entered promiscuous mode [ 87.576265][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 87.584394][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 87.593037][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 87.601796][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 87.614014][ T4347] device veth0_macvtap entered promiscuous mode [ 87.624757][ T4347] device veth1_macvtap entered promiscuous mode [ 87.647886][ T4347] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.655929][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 87.664699][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 87.674904][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 87.684951][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 87.697849][ T4347] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.705568][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 87.714238][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 87.728084][ T4347] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.737799][ T4347] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.747903][ T4347] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.756782][ T4347] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.902984][ T75] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/10/26 10:32:28 executed programs: 0 [ 88.831578][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.841715][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.849562][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.858766][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.869835][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 88.877282][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.023224][ T4378] chnl_net:caif_netlink_parms(): no params data found [ 89.075445][ T4378] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.082678][ T4378] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.090773][ T4378] device bridge_slave_0 entered promiscuous mode [ 89.099338][ T4378] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.107032][ T4378] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.115041][ T4378] device bridge_slave_1 entered promiscuous mode [ 89.140827][ T4378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.152150][ T4378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.178092][ T4378] team0: Port device team_slave_0 added [ 89.186322][ T4378] team0: Port device team_slave_1 added [ 89.208666][ T4378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.215719][ T4378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.242197][ T4378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.255050][ T4378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.262443][ T4378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.289667][ T4378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.329600][ T4378] device hsr_slave_0 entered promiscuous mode [ 89.336716][ T4378] device hsr_slave_1 entered promiscuous mode [ 89.344204][ T4378] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.352377][ T4378] Cannot create hsr debugfs directory [ 90.226818][ T75] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.947097][ T48] Bluetooth: hci0: command 0x0409 tx timeout [ 92.494477][ T75] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.569896][ T75] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.025342][ T4323] Bluetooth: hci0: command 0x041b tx timeout [ 93.441991][ T4378] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.459347][ T75] device hsr_slave_0 left promiscuous mode [ 93.469572][ T75] device hsr_slave_1 left promiscuous mode [ 93.476707][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.484198][ T75] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.495855][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.503304][ T75] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.514124][ T75] device bridge_slave_1 left promiscuous mode [ 93.523284][ T75] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.538370][ T75] device bridge_slave_0 left promiscuous mode [ 93.544728][ T75] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.576698][ T75] device veth1_macvtap left promiscuous mode [ 93.583117][ T75] device veth0_macvtap left promiscuous mode [ 93.590937][ T75] device veth1_vlan left promiscuous mode [ 93.598235][ T75] device veth0_vlan left promiscuous mode [ 94.019013][ T75] team0 (unregistering): Port device team_slave_1 removed [ 94.048336][ T75] team0 (unregistering): Port device team_slave_0 removed [ 94.078890][ T75] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 94.110637][ T75] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 94.381681][ T75] bond0 (unregistering): Released all slaves [ 94.464385][ T4378] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.476175][ T4378] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.485537][ T4378] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.582813][ T4378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.596327][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.604331][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.627327][ T4378] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.644232][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.653296][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.662361][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.669548][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.678817][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.688331][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.697264][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.704376][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.712205][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.733743][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.741904][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.750757][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.760959][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.771286][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.789053][ T4378] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.801221][ T4378] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.812894][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.821958][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.831171][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.839838][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.849220][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.858107][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.866880][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 95.080112][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.089224][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.107794][ T48] Bluetooth: hci0: command 0x040f tx timeout [ 95.111771][ T4378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.142480][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 95.151457][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 95.170010][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 95.178842][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 95.188228][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 95.197491][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 95.208204][ T4378] device veth0_vlan entered promiscuous mode [ 95.219861][ T4378] device veth1_vlan entered promiscuous mode [ 95.239169][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 95.247635][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 95.256413][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 95.264912][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.283909][ T4378] device veth0_macvtap entered promiscuous mode [ 95.293835][ T4378] device veth1_macvtap entered promiscuous mode [ 95.309837][ T4378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.318976][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.327148][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.335033][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.344226][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.363367][ T4378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.373130][ T4378] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.382296][ T4378] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.391331][ T4378] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.400341][ T4378] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.412225][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.421985][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 95.488539][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.497557][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.519106][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 95.528205][ T4359] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 2025/10/26 10:32:35 executed programs: 2 [ 95.537857][ T4359] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.552147][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 95.904467][ T4312] [ 95.906842][ T4312] ====================================================== [ 95.913891][ T4312] WARNING: possible circular locking dependency detected [ 95.920924][ T4312] syzkaller #0 Not tainted [ 95.925347][ T4312] ------------------------------------------------------ [ 95.932361][ T4312] kworker/1:7/4312 is trying to acquire lock: [ 95.938428][ T4312] ffff8880b8f281d8 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x184/0x870 [ 95.947071][ T4312] [ 95.947071][ T4312] but task is already holding lock: [ 95.954465][ T4312] ffff8880b8f28418 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 95.963386][ T4312] [ 95.963386][ T4312] which lock already depends on the new lock. [ 95.963386][ T4312] [ 95.973805][ T4312] [ 95.973805][ T4312] the existing dependency chain (in reverse order) is: [ 95.982838][ T4312] [ 95.982838][ T4312] -> #1 (&base->lock){-.-.}-{2:2}: [ 95.990157][ T4312] _raw_spin_lock_irqsave+0xa4/0xf0 [ 95.996332][ T4312] lock_timer_base+0x123/0x270 [ 96.001636][ T4312] __mod_timer+0x117/0xd20 [ 96.006591][ T4312] queue_delayed_work_on+0x126/0x1e0 [ 96.012438][ T4312] kvfree_call_rcu+0x4cb/0x870 [ 96.017760][ T4312] rtnl_register_internal+0x489/0x590 [ 96.023666][ T4312] rtnl_register+0x2e/0x70 [ 96.028621][ T4312] ip_rt_init+0x323/0x3b5 [ 96.033491][ T4312] ip_init+0xa/0x14 [ 96.037843][ T4312] inet_init+0x2bd/0x3cf [ 96.042611][ T4312] do_one_initcall+0x214/0x7a0 [ 96.047914][ T4312] do_initcall_level+0x137/0x1e4 [ 96.053406][ T4312] do_initcalls+0x4b/0x8a [ 96.058273][ T4312] kernel_init_freeable+0x3fa/0x5ac [ 96.064003][ T4312] kernel_init+0x19/0x1b0 [ 96.068868][ T4312] ret_from_fork+0x1f/0x30 [ 96.073819][ T4312] [ 96.073819][ T4312] -> #0 (krc.lock){..-.}-{2:2}: [ 96.080861][ T4312] __lock_acquire+0x2cf8/0x7c50 [ 96.086242][ T4312] lock_acquire+0x1b4/0x490 [ 96.091278][ T4312] _raw_spin_lock+0x2a/0x40 [ 96.096416][ T4312] kvfree_call_rcu+0x184/0x870 [ 96.101728][ T4312] trie_delete_elem+0x52d/0x690 [ 96.107123][ T4312] bpf_prog_5186c38a4019a4cb+0x42/0x46 [ 96.113135][ T4312] bpf_trace_run3+0x1e3/0x400 [ 96.118352][ T4312] enqueue_timer+0x411/0x5c0 [ 96.123472][ T4312] __mod_timer+0x8e1/0xd20 [ 96.128426][ T4312] schedule_timeout+0x157/0x280 [ 96.133812][ T4312] rcu_exp_sel_wait_wake+0x742/0x1db0 [ 96.139722][ T4312] process_one_work+0x898/0x1160 [ 96.145190][ T4312] worker_thread+0xaa2/0x1250 [ 96.150393][ T4312] kthread+0x29d/0x330 [ 96.154996][ T4312] ret_from_fork+0x1f/0x30 [ 96.159953][ T4312] [ 96.159953][ T4312] other info that might help us debug this: [ 96.159953][ T4312] [ 96.170182][ T4312] Possible unsafe locking scenario: [ 96.170182][ T4312] [ 96.177634][ T4312] CPU0 CPU1 [ 96.183008][ T4312] ---- ---- [ 96.188403][ T4312] lock(&base->lock); [ 96.192485][ T4312] lock(krc.lock); [ 96.198822][ T4312] lock(&base->lock); [ 96.205416][ T4312] lock(krc.lock); [ 96.209254][ T4312] [ 96.209254][ T4312] *** DEADLOCK *** [ 96.209254][ T4312] [ 96.217399][ T4312] 4 locks held by kworker/1:7/4312: [ 96.222598][ T4312] #0: ffff888017472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 96.232969][ T4312] #1: ffffc900040e7d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 96.244383][ T4312] #2: ffff8880b8f28418 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 96.253801][ T4312] #3: ffffffff8cb2aca0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf0/0x400 [ 96.263128][ T4312] [ 96.263128][ T4312] stack backtrace: [ 96.269039][ T4312] CPU: 1 PID: 4312 Comm: kworker/1:7 Not tainted syzkaller #0 [ 96.276501][ T4312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 96.286564][ T4312] Workqueue: rcu_gp wait_rcu_exp_gp [ 96.291790][ T4312] Call Trace: [ 96.295080][ T4312] [ 96.298022][ T4312] dump_stack_lvl+0x168/0x22e [ 96.302713][ T4312] ? load_image+0x3b0/0x3b0 [ 96.307230][ T4312] ? show_regs_print_info+0x12/0x12 [ 96.312442][ T4312] ? print_circular_bug+0x12b/0x1a0 [ 96.317658][ T4312] check_noncircular+0x274/0x310 [ 96.322611][ T4312] ? add_chain_block+0x940/0x940 [ 96.327560][ T4312] ? lockdep_lock+0xdc/0x1e0 [ 96.332165][ T4312] ? _find_first_zero_bit+0xcf/0x100 [ 96.337471][ T4312] __lock_acquire+0x2cf8/0x7c50 [ 96.342337][ T4312] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 96.348253][ T4312] ? verify_lock_unused+0x140/0x140 [ 96.353559][ T4312] ? kasan_save_stack+0x4c/0x60 [ 96.358426][ T4312] ? kasan_save_stack+0x3a/0x60 [ 96.363287][ T4312] ? __kasan_record_aux_stack+0xb2/0xc0 [ 96.368844][ T4312] ? kvfree_call_rcu+0x108/0x870 [ 96.373802][ T4312] ? trie_delete_elem+0x52d/0x690 [ 96.378844][ T4312] ? bpf_prog_5186c38a4019a4cb+0x42/0x46 [ 96.384484][ T4312] ? bpf_trace_run3+0x1e3/0x400 [ 96.389353][ T4312] ? enqueue_timer+0x411/0x5c0 [ 96.394125][ T4312] ? __mod_timer+0x8e1/0xd20 [ 96.398728][ T4312] ? schedule_timeout+0x157/0x280 [ 96.403766][ T4312] ? rcu_exp_sel_wait_wake+0x742/0x1db0 [ 96.409343][ T4312] ? process_one_work+0x898/0x1160 [ 96.414464][ T4312] ? worker_thread+0xaa2/0x1250 [ 96.419320][ T4312] ? kthread+0x29d/0x330 [ 96.423594][ T4312] ? ret_from_fork+0x1f/0x30 [ 96.428199][ T4312] lock_acquire+0x1b4/0x490 [ 96.432723][ T4312] ? kvfree_call_rcu+0x184/0x870 [ 96.437678][ T4312] ? read_lock_is_recursive+0x10/0x10 [ 96.443069][ T4312] ? __phys_addr+0xb6/0x170 [ 96.447587][ T4312] _raw_spin_lock+0x2a/0x40 [ 96.452108][ T4312] ? kvfree_call_rcu+0x184/0x870 [ 96.457059][ T4312] kvfree_call_rcu+0x184/0x870 [ 96.461841][ T4312] ? rcu_leak_callback+0x10/0x10 [ 96.466799][ T4312] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 96.472737][ T4312] ? _raw_spin_unlock+0x40/0x40 [ 96.477606][ T4312] trie_delete_elem+0x52d/0x690 [ 96.482474][ T4312] bpf_prog_5186c38a4019a4cb+0x42/0x46 [ 96.487937][ T4312] bpf_trace_run3+0x1e3/0x400 [ 96.492635][ T4312] ? bpf_trace_run3+0xf0/0x400 [ 96.497417][ T4312] ? bpf_trace_run2+0x3b0/0x3b0 [ 96.502282][ T4312] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 96.508195][ T4312] ? _raw_spin_unlock+0x40/0x40 [ 96.513058][ T4312] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 96.519055][ T4312] enqueue_timer+0x411/0x5c0 [ 96.523655][ T4312] __mod_timer+0x8e1/0xd20 [ 96.528096][ T4312] schedule_timeout+0x157/0x280 [ 96.532981][ T4312] ? console_conditional_schedule+0x40/0x40 [ 96.538894][ T4312] ? update_process_times+0x1b0/0x1b0 [ 96.544293][ T4312] rcu_exp_sel_wait_wake+0x742/0x1db0 [ 96.549871][ T4312] ? rcu_check_gp_start_stall+0x460/0x460 [ 96.555610][ T4312] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 96.561536][ T4312] ? _raw_spin_unlock_irq+0x1f/0x40 [ 96.566754][ T4312] ? process_one_work+0x7a1/0x1160 [ 96.571888][ T4312] process_one_work+0x898/0x1160 [ 96.576869][ T4312] ? worker_detach_from_pool+0x240/0x240 [ 96.582542][ T4312] ? _raw_spin_lock_irq+0xab/0xe0 [ 96.587597][ T4312] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 96.592997][ T4312] ? kthread_data+0x4b/0xc0 [ 96.597537][ T4312] worker_thread+0xaa2/0x1250 [ 96.602254][ T4312] kthread+0x29d/0x330 [ 96.606351][ T4312] ? worker_clr_flags+0x1a0/0x1a0 [ 96.611393][ T4312] ? kthread_blkcg+0xd0/0xd0 [ 96.616008][ T4312] ret_from_fork+0x1f/0x30 [ 96.620449][ T4312] [ 97.185362][ T4323] Bluetooth: hci0: command 0x0419 tx timeout 2025/10/26 10:32:40 executed programs: 208 2025/10/26 10:32:45 executed programs: 455