syzkaller login: [   86.848604][   T24] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:12228' (ED25519) to the list of known hosts.
2025/11/26 03:40:12 parsed 1 programs
[  103.087032][ T5835] cgroup: Unknown subsys name 'net'
[  103.196189][ T5835] cgroup: Unknown subsys name 'cpuset'
[  103.199858][ T5835] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  104.552465][ T5835] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  106.736889][ T5842] chnl_net:caif_netlink_parms(): no params data found
[  106.815224][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.817929][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.820255][ T5842] bridge_slave_0: entered allmulticast mode
[  106.822967][ T5842] bridge_slave_0: entered promiscuous mode
[  106.827068][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.829326][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.831795][ T5842] bridge_slave_1: entered allmulticast mode
[  106.835287][ T5842] bridge_slave_1: entered promiscuous mode
[  106.856773][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.861361][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.906137][ T5842] team0: Port device team_slave_0 added
[  106.909310][ T5842] team0: Port device team_slave_1 added
[  106.940038][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.942231][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.950485][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.955247][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.957404][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.965696][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.991313][ T5842] hsr_slave_0: entered promiscuous mode
[  106.993949][ T5842] hsr_slave_1: entered promiscuous mode
[  107.096466][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.102362][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.106822][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.111213][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.131501][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.133991][ T5842] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.136675][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.138971][ T5842] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.173263][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.182670][  T133] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.185889][  T133] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.196841][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[  107.202974][  T133] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.205795][  T133] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.212764][  T133] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.215137][  T133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.307022][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.331688][ T5842] veth0_vlan: entered promiscuous mode
[  107.337894][ T5842] veth1_vlan: entered promiscuous mode
[  107.356558][ T5842] veth0_macvtap: entered promiscuous mode
[  107.361008][ T5842] veth1_macvtap: entered promiscuous mode
[  107.371667][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.380775][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.387698][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.394694][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.397462][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.400194][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.441183][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  107.490378][ T5842] syz-executor (5842) used greatest stack depth: 19160 bytes left
[  107.523132][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.566330][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.640440][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.691947][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.970228][ T5888] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.972986][ T5210] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.976166][ T5210] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.978910][ T5210] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.981444][ T5210] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.983170][ T1179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.988643][ T1179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.003794][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.006263][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/26 03:40:20 executed programs: 0
[  109.253753][ T5210] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  109.256746][ T5210] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  109.259327][ T5210] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  109.262209][ T5210] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  109.267045][ T5210] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  109.363306][ T5940] chnl_net:caif_netlink_parms(): no params data found
[  109.407931][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.410218][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.412401][ T5940] bridge_slave_0: entered allmulticast mode
[  109.416076][ T5940] bridge_slave_0: entered promiscuous mode
[  109.419340][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.421593][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.424363][ T5940] bridge_slave_1: entered allmulticast mode
[  109.427011][ T5940] bridge_slave_1: entered promiscuous mode
[  109.445689][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.450069][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.468486][ T5940] team0: Port device team_slave_0 added
[  109.472575][ T5940] team0: Port device team_slave_1 added
[  109.489182][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.491305][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  109.500110][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.507335][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.509462][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  109.518093][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.543355][ T5940] hsr_slave_0: entered promiscuous mode
[  109.545996][ T5940] hsr_slave_1: entered promiscuous mode
[  109.548134][ T5940] debugfs: 'hsr0' already exists in 'hsr'
[  109.549896][ T5940] Cannot create hsr debugfs directory
[  111.010430][   T13] bridge_slave_1: left allmulticast mode
[  111.013334][   T13] bridge_slave_1: left promiscuous mode
[  111.016646][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.024493][   T13] bridge_slave_0: left allmulticast mode
[  111.026672][   T13] bridge_slave_0: left promiscuous mode
[  111.028687][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.207374][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.211519][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.215365][   T13] bond0 (unregistering): Released all slaves
[  111.291241][   T13] hsr_slave_0: left promiscuous mode
[  111.293391][   T13] hsr_slave_1: left promiscuous mode
[  111.295691][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.297967][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.301075][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.303874][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.311924][   T13] veth1_macvtap: left promiscuous mode
[  111.315764][   T13] veth0_macvtap: left promiscuous mode
[  111.317570][   T13] veth1_vlan: left promiscuous mode
[  111.319514][   T13] veth0_vlan: left promiscuous mode
[  111.324236][ T5210] Bluetooth: hci0: command tx timeout
[  111.538936][   T13] team0 (unregistering): Port device team_slave_1 removed
[  111.557717][   T13] team0 (unregistering): Port device team_slave_0 removed
[  111.891561][ T5940] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  111.898499][ T5940] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  111.910226][ T5940] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  111.915765][ T5940] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  111.981459][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.000293][ T5940] 8021q: adding VLAN 0 to HW filter on device team0
[  112.009691][ T1179] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.012544][ T1179] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.022970][ T1179] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.025906][ T1179] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.469382][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.526827][ T5940] veth0_vlan: entered promiscuous mode
[  112.535260][ T5940] veth1_vlan: entered promiscuous mode
[  112.578147][ T5940] veth0_macvtap: entered promiscuous mode
[  112.582546][ T5940] veth1_macvtap: entered promiscuous mode
[  112.592588][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.600731][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.609350][ T5972] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.612218][ T5972] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.620201][ T5972] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.627478][ T5972] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.707779][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.710261][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.731278][ T3704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.734547][ T3704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  112.868471][ T1179] 
[  112.869673][ T1179] =============================
[  112.871174][ T1179] WARNING: suspicious RCU usage
[  112.872626][ T1179] syzkaller #0 Not tainted
[  112.874394][ T1179] -----------------------------
[  112.875887][ T1179] io_uring/eventfd.c:160 suspicious rcu_dereference_protected() usage!
[  112.878378][ T1179] 
[  112.878378][ T1179] other info that might help us debug this:
[  112.878378][ T1179] 
[  112.881463][ T1179] 
[  112.881463][ T1179] rcu_scheduler_active = 2, debug_locks = 1
[  112.884297][ T1179] 2 locks held by kworker/u10:10/1179:
[  112.886281][ T1179]  #0: ffff8881686ba148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0
[  112.889868][ T1179]  #1: ffffc9000873fb80 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0
[  112.893908][ T1179] 
[  112.893908][ T1179] stack backtrace:
[  112.896140][ T1179] CPU: 1 UID: 0 PID: 1179 Comm: kworker/u10:10 Not tainted syzkaller #0 PREEMPT(full) 
[  112.896150][ T1179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  112.896155][ T1179] Workqueue: iou_exit io_ring_exit_work
[  112.896166][ T1179] Call Trace:
[  112.896170][ T1179]  <TASK>
[  112.896173][ T1179]  dump_stack_lvl+0x189/0x250
[  112.896187][ T1179]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.896198][ T1179]  ? __pfx__printk+0x10/0x10
[  112.896210][ T1179]  lockdep_rcu_suspicious+0x140/0x1d0
[  112.896223][ T1179]  io_eventfd_unregister+0x18b/0x1c0
[  112.896234][ T1179]  io_ring_ctx_free+0x18a/0x820
[  112.896241][ T1179]  ? __pfx_autoremove_wake_function+0x10/0x10
[  112.896251][ T1179]  ? __pfx_io_ring_ctx_free+0x10/0x10
[  112.896258][ T1179]  ? __pfx_io_ring_suspend_work+0x10/0x10
[  112.896271][ T1179]  ? __pfx_synchronize_rcu+0x10/0x10
[  112.896281][ T1179]  ? do_raw_spin_unlock+0x4d/0x240
[  112.896290][ T1179]  io_ring_exit_work+0xe71/0x1030
[  112.896296][ T1179]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  112.896310][ T1179]  ? __pfx_io_ring_exit_work+0x10/0x10
[  112.896316][ T1179]  ? stack_trace_save+0x9c/0xe0
[  112.896325][ T1179]  ? __pfx_stack_trace_save+0x10/0x10
[  112.896334][ T1179]  ? check_path+0x21/0x40
[  112.896341][ T1179]  ? __pfx_io_ring_suspend_work+0x10/0x10
[  112.896361][ T1179]  ? __pfx_io_tctx_exit_cb+0x10/0x10
[  112.896371][ T1179]  ? _raw_spin_unlock_irq+0x23/0x50
[  112.896381][ T1179]  ? process_one_work+0x868/0x15a0
[  112.896390][ T1179]  process_one_work+0x93a/0x15a0
[  112.896406][ T1179]  ? __pfx_process_one_work+0x10/0x10
[  112.896417][ T1179]  ? assign_work+0x3a1/0x410
[  112.896428][ T1179]  worker_thread+0x9b0/0xee0
[  112.896445][ T1179]  kthread+0x711/0x8a0
[  112.896453][ T1179]  ? __pfx_worker_thread+0x10/0x10
[  112.896462][ T1179]  ? __pfx_kthread+0x10/0x10
[  112.896470][ T1179]  ? _raw_spin_unlock_irq+0x23/0x50
[  112.896478][ T1179]  ? lockdep_hardirqs_on+0x98/0x140
[  112.896486][ T1179]  ? __pfx_kthread+0x10/0x10
[  112.896493][ T1179]  ret_from_fork+0x599/0xb30
[  112.896504][ T1179]  ? __pfx_ret_from_fork+0x10/0x10
[  112.896516][ T1179]  ? __switch_to_asm+0x39/0x70
[  112.896522][ T1179]  ? __switch_to_asm+0x33/0x70
[  112.896528][ T1179]  ? __pfx_kthread+0x10/0x10
[  112.896535][ T1179]  ret_from_fork_asm+0x1a/0x30
[  112.896548][ T1179]  </TASK>
[  114.602271][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.031398][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.091630][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.153355][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.248579][   T12] bridge_slave_1: left allmulticast mode
[  116.250827][   T12] bridge_slave_1: left promiscuous mode
[  116.260497][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.268452][   T12] bridge_slave_0: left allmulticast mode
[  116.270634][   T12] bridge_slave_0: left promiscuous mode
[  116.272949][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.441129][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.445312][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.448669][   T12] bond0 (unregistering): Released all slaves
[  116.635379][   T12] hsr_slave_0: left promiscuous mode
[  116.637483][   T12] hsr_slave_1: left promiscuous mode
[  116.639467][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.641645][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  116.644540][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.646790][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  116.654352][   T12] veth1_macvtap: left promiscuous mode
[  116.656431][   T12] veth0_macvtap: left promiscuous mode
[  116.658277][   T12] veth1_vlan: left promiscuous mode
[  116.660211][   T12] veth0_vlan: left promiscuous mode
[  116.856373][   T12] team0 (unregistering): Port device team_slave_1 removed
[  116.875888][   T12] team0 (unregistering): Port device team_slave_0 removed