Warning: Permanently added '10.128.1.143' (ED25519) to the list of known hosts. 2025/08/02 19:07:25 ignoring optional flag "sandboxArg"="0" 2025/08/02 19:07:26 parsed 1 programs syzkaller login: [ 57.738410][ T4266] cgroup: Unknown subsys name 'net' [ 57.895409][ T4266] cgroup: Unknown subsys name 'rlimit' [ 59.156296][ T4266] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 60.856833][ T4290] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.866244][ T4290] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.874091][ T4290] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.882330][ T4290] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.889805][ T4290] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 60.897311][ T4290] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.064876][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.077481][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.094354][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.094876][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.104121][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.120280][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.221950][ T4323] chnl_net:caif_netlink_parms(): no params data found [ 62.261215][ T4323] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.268400][ T4323] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.277084][ T4323] device bridge_slave_0 entered promiscuous mode [ 62.286437][ T4323] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.293853][ T4323] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.301645][ T4323] device bridge_slave_1 entered promiscuous mode [ 62.326828][ T4323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.338308][ T4323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.367716][ T4323] team0: Port device team_slave_0 added [ 62.375310][ T4323] team0: Port device team_slave_1 added [ 62.394107][ T4323] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.401148][ T4323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.427089][ T4323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.440243][ T4323] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.447745][ T4323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.473922][ T4323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.506312][ T4323] device hsr_slave_0 entered promiscuous mode [ 62.513372][ T4323] device hsr_slave_1 entered promiscuous mode [ 62.640343][ T4323] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.649970][ T4323] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.658829][ T4323] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.667359][ T4323] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.688335][ T4323] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.695521][ T4323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.703401][ T4323] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.710513][ T4323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.747562][ T4323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.760034][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.768847][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.777358][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.789553][ T4323] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.801568][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.809837][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.817071][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.836455][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.845264][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.852451][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.871509][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.879872][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.905632][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.919460][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.933653][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.954113][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.091486][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.098967][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.112301][ T4323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.137721][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.146758][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.166697][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 63.176550][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.189854][ T4323] device veth0_vlan entered promiscuous mode [ 63.206489][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.215265][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.226498][ T4323] device veth1_vlan entered promiscuous mode [ 63.243067][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.253008][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.261454][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.271040][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.281245][ T4323] device veth0_macvtap entered promiscuous mode [ 63.289554][ T4323] device veth1_macvtap entered promiscuous mode [ 63.310259][ T4323] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.318108][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.326322][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.334496][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.343433][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.364333][ T4323] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.372204][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.381513][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.392331][ T4323] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.401332][ T4323] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.410028][ T4323] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.420075][ T4323] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.689497][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/08/02 19:07:35 executed programs: 0 [ 64.419584][ T4290] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.427575][ T4290] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.436964][ T4290] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.445354][ T4290] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.455439][ T4290] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.463498][ T4290] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.576048][ T4361] chnl_net:caif_netlink_parms(): no params data found [ 64.614691][ T4361] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.622315][ T4361] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.629923][ T4361] device bridge_slave_0 entered promiscuous mode [ 64.638791][ T4361] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.648034][ T4361] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.656792][ T4361] device bridge_slave_1 entered promiscuous mode [ 64.677952][ T4361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.688769][ T4361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.714847][ T4361] team0: Port device team_slave_0 added [ 64.723316][ T4361] team0: Port device team_slave_1 added [ 64.740298][ T4361] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.747386][ T4361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.773595][ T4361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.787067][ T4361] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.794432][ T4361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.820561][ T4361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.852154][ T4361] device hsr_slave_0 entered promiscuous mode [ 64.858885][ T4361] device hsr_slave_1 entered promiscuous mode [ 64.865650][ T4361] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.873801][ T4361] Cannot create hsr debugfs directory [ 66.140037][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.531497][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 68.478258][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.532285][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.610514][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 69.383653][ T4361] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.408689][ T4361] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.418140][ T4361] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.426862][ T4361] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.465046][ T9] device hsr_slave_0 left promiscuous mode [ 69.472871][ T9] device hsr_slave_1 left promiscuous mode [ 69.479112][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.486693][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.498659][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.506127][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.513847][ T9] device bridge_slave_1 left promiscuous mode [ 69.520783][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.531635][ T9] device bridge_slave_0 left promiscuous mode [ 69.537795][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.555674][ T9] device veth1_macvtap left promiscuous mode [ 69.561898][ T9] device veth0_macvtap left promiscuous mode [ 69.567919][ T9] device veth1_vlan left promiscuous mode [ 69.574021][ T9] device veth0_vlan left promiscuous mode [ 69.819412][ T9] team0 (unregistering): Port device team_slave_1 removed [ 69.843423][ T9] team0 (unregistering): Port device team_slave_0 removed [ 69.866342][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 69.891699][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 70.103816][ T9] bond0 (unregistering): Released all slaves [ 70.198794][ T4361] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.209772][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.219631][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.232251][ T4361] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.247356][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.261243][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.269615][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.276739][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.284504][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 70.295230][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.304055][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.313629][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.320706][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.336976][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.361413][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.369953][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 70.379896][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.388815][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 70.397940][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.406381][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 70.414634][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.423200][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.444466][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 70.453117][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.463255][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.629557][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 70.637714][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 70.649461][ T4361] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.672765][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 70.683982][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 70.692240][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 70.719142][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 70.728095][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 70.737836][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 70.745983][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 70.755997][ T4361] device veth0_vlan entered promiscuous mode [ 70.767373][ T4361] device veth1_vlan entered promiscuous mode [ 70.784490][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 70.792474][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 70.800308][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 70.809682][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.819988][ T4361] device veth0_macvtap entered promiscuous mode [ 70.829360][ T4361] device veth1_macvtap entered promiscuous mode [ 70.843552][ T4361] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.851591][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 70.859556][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 70.867758][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 70.876972][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.894752][ T4361] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.902544][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 70.911412][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 70.922431][ T4361] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.931684][ T4361] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.940376][ T4361] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.949637][ T4361] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.000674][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.010516][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.024099][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 71.041662][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 2025/08/02 19:07:41 executed programs: 2 [ 71.049616][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.058329][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 71.174555][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.183004][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.332058][ T16] [ 71.334428][ T16] ====================================================== [ 71.341425][ T16] WARNING: possible circular locking dependency detected [ 71.348432][ T16] 6.1.147-syzkaller #0 Not tainted [ 71.353530][ T16] ------------------------------------------------------ [ 71.360530][ T16] rcu_preempt/16 is trying to acquire lock: [ 71.366396][ T16] ffff8880b8f281d8 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x184/0x870 [ 71.375001][ T16] [ 71.375001][ T16] but task is already holding lock: [ 71.382341][ T16] ffff8880b8f28418 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 71.391194][ T16] [ 71.391194][ T16] which lock already depends on the new lock. [ 71.391194][ T16] [ 71.401573][ T16] [ 71.401573][ T16] the existing dependency chain (in reverse order) is: [ 71.410563][ T16] [ 71.410563][ T16] -> #1 (&base->lock){-.-.}-{2:2}: [ 71.417837][ T16] _raw_spin_lock_irqsave+0xa4/0xf0 [ 71.423543][ T16] lock_timer_base+0x123/0x270 [ 71.428832][ T16] __mod_timer+0x117/0xd20 [ 71.433752][ T16] queue_delayed_work_on+0x126/0x1e0 [ 71.439547][ T16] kvfree_call_rcu+0x4cb/0x870 [ 71.444814][ T16] rtnl_register_internal+0x489/0x590 [ 71.450736][ T16] rtnl_register+0x2e/0x70 [ 71.455668][ T16] ip_rt_init+0x323/0x3b5 [ 71.460498][ T16] ip_init+0xa/0x14 [ 71.464806][ T16] inet_init+0x2bd/0x3cf [ 71.469546][ T16] do_one_initcall+0x214/0x7a0 [ 71.474815][ T16] do_initcall_level+0x137/0x1e4 [ 71.480254][ T16] do_initcalls+0x4b/0x8a [ 71.485084][ T16] kernel_init_freeable+0x3fa/0x5ac [ 71.490785][ T16] kernel_init+0x19/0x1b0 [ 71.495619][ T16] ret_from_fork+0x1f/0x30 [ 71.500541][ T16] [ 71.500541][ T16] -> #0 (krc.lock){..-.}-{2:2}: [ 71.507555][ T16] __lock_acquire+0x2cf8/0x7c50 [ 71.512911][ T16] lock_acquire+0x1b4/0x490 [ 71.517918][ T16] _raw_spin_lock+0x2a/0x40 [ 71.522926][ T16] kvfree_call_rcu+0x184/0x870 [ 71.528196][ T16] trie_delete_elem+0x52d/0x690 [ 71.533561][ T16] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 71.539532][ T16] bpf_trace_run3+0x1e3/0x400 [ 71.544755][ T16] enqueue_timer+0x411/0x5c0 [ 71.549857][ T16] __mod_timer+0x8e1/0xd20 [ 71.554782][ T16] schedule_timeout+0x157/0x280 [ 71.560134][ T16] rcu_gp_fqs_loop+0x2f2/0x1310 [ 71.565487][ T16] rcu_gp_kthread+0x95/0x380 [ 71.570578][ T16] kthread+0x29d/0x330 [ 71.575153][ T16] ret_from_fork+0x1f/0x30 [ 71.580075][ T16] [ 71.580075][ T16] other info that might help us debug this: [ 71.580075][ T16] [ 71.590280][ T16] Possible unsafe locking scenario: [ 71.590280][ T16] [ 71.597709][ T16] CPU0 CPU1 [ 71.603053][ T16] ---- ---- [ 71.608394][ T16] lock(&base->lock); [ 71.612443][ T16] lock(krc.lock); [ 71.618751][ T16] lock(&base->lock); [ 71.625323][ T16] lock(krc.lock); [ 71.629109][ T16] [ 71.629109][ T16] *** DEADLOCK *** [ 71.629109][ T16] [ 71.637231][ T16] 2 locks held by rcu_preempt/16: [ 71.642233][ T16] #0: ffff8880b8f28418 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 71.651524][ T16] #1: ffffffff8cb2ae20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf0/0x400 [ 71.660811][ T16] [ 71.660811][ T16] stack backtrace: [ 71.666689][ T16] CPU: 1 PID: 16 Comm: rcu_preempt Not tainted 6.1.147-syzkaller #0 [ 71.674645][ T16] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 71.684689][ T16] Call Trace: [ 71.687959][ T16] [ 71.690880][ T16] dump_stack_lvl+0x168/0x22e [ 71.695541][ T16] ? load_image+0x3b0/0x3b0 [ 71.700028][ T16] ? show_regs_print_info+0x12/0x12 [ 71.705220][ T16] ? print_circular_bug+0x12b/0x1a0 [ 71.710415][ T16] check_noncircular+0x274/0x310 [ 71.715346][ T16] ? add_chain_block+0x940/0x940 [ 71.720266][ T16] ? lockdep_lock+0xdc/0x1e0 [ 71.724859][ T16] ? _find_first_zero_bit+0xcf/0x100 [ 71.730143][ T16] __lock_acquire+0x2cf8/0x7c50 [ 71.734987][ T16] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 71.740903][ T16] ? verify_lock_unused+0x140/0x140 [ 71.746092][ T16] ? kasan_save_stack+0x4c/0x60 [ 71.750930][ T16] ? kasan_save_stack+0x3a/0x60 [ 71.755768][ T16] ? __kasan_record_aux_stack+0xb2/0xc0 [ 71.761300][ T16] ? kvfree_call_rcu+0x108/0x870 [ 71.766225][ T16] ? trie_delete_elem+0x52d/0x690 [ 71.771246][ T16] ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 71.776875][ T16] ? bpf_trace_run3+0x1e3/0x400 [ 71.781718][ T16] ? enqueue_timer+0x411/0x5c0 [ 71.786471][ T16] ? __mod_timer+0x8e1/0xd20 [ 71.791052][ T16] ? schedule_timeout+0x157/0x280 [ 71.796103][ T16] ? rcu_gp_fqs_loop+0x2f2/0x1310 [ 71.801112][ T16] ? rcu_gp_kthread+0x95/0x380 [ 71.805862][ T16] ? kthread+0x29d/0x330 [ 71.810094][ T16] ? ret_from_fork+0x1f/0x30 [ 71.814690][ T16] lock_acquire+0x1b4/0x490 [ 71.819183][ T16] ? kvfree_call_rcu+0x184/0x870 [ 71.824113][ T16] ? read_lock_is_recursive+0x10/0x10 [ 71.829494][ T16] ? __phys_addr+0xb6/0x170 [ 71.833988][ T16] _raw_spin_lock+0x2a/0x40 [ 71.838482][ T16] ? kvfree_call_rcu+0x184/0x870 [ 71.843411][ T16] kvfree_call_rcu+0x184/0x870 [ 71.848160][ T16] ? rcu_leak_callback+0x10/0x10 [ 71.853082][ T16] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 71.858959][ T16] ? _raw_spin_unlock+0x40/0x40 [ 71.863804][ T16] trie_delete_elem+0x52d/0x690 [ 71.868641][ T16] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 71.874092][ T16] bpf_trace_run3+0x1e3/0x400 [ 71.878763][ T16] ? bpf_trace_run3+0xf0/0x400 [ 71.883530][ T16] ? bpf_trace_run2+0x3b0/0x3b0 [ 71.888369][ T16] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 71.894250][ T16] ? _raw_spin_unlock+0x40/0x40 [ 71.899081][ T16] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 71.905047][ T16] enqueue_timer+0x411/0x5c0 [ 71.909627][ T16] __mod_timer+0x8e1/0xd20 [ 71.914048][ T16] schedule_timeout+0x157/0x280 [ 71.918896][ T16] ? console_conditional_schedule+0x40/0x40 [ 71.924777][ T16] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 71.930750][ T16] ? update_process_times+0x1b0/0x1b0 [ 71.936116][ T16] ? prepare_to_swait_event+0x335/0x350 [ 71.941658][ T16] rcu_gp_fqs_loop+0x2f2/0x1310 [ 71.946510][ T16] ? rcu_gp_kthread+0x380/0x380 [ 71.951353][ T16] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 71.957321][ T16] ? rcu_gp_init+0x14b0/0x14b0 [ 71.962064][ T16] ? rcu_gp_cleanup+0xb4c/0xca0 [ 71.966898][ T16] ? _raw_spin_unlock_irq+0x1f/0x40 [ 71.972087][ T16] ? lockdep_hardirqs_on+0x94/0x140 [ 71.977269][ T16] rcu_gp_kthread+0x95/0x380 [ 71.981851][ T16] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 71.986945][ T16] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 71.992827][ T16] ? __kthread_parkme+0x162/0x1c0 [ 71.997835][ T16] kthread+0x29d/0x330 [ 72.001915][ T16] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 72.007008][ T16] ? kthread_blkcg+0xd0/0xd0 [ 72.011587][ T16] ret_from_fork+0x1f/0x30 [ 72.015993][ T16] [ 72.770649][ T4290] Bluetooth: hci0: command 0x0419 tx timeout 2025/08/02 19:07:46 executed programs: 204 [ 76.291049][ T41] cfg80211: failed to load regulatory.db