Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts. 2026/03/14 14:45:03 parsed 1 programs [ 88.888160][ T5835] cgroup: Unknown subsys name 'net' [ 89.026521][ T5835] cgroup: Unknown subsys name 'cpuset' [ 89.035469][ T5835] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.825956][ T5835] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.964869][ T29] cfg80211: failed to load regulatory.db [ 94.157712][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 94.259489][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.267367][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.274860][ T5850] bridge_slave_0: entered allmulticast mode [ 94.282843][ T5850] bridge_slave_0: entered promiscuous mode [ 94.294451][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.302050][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.309463][ T5850] bridge_slave_1: entered allmulticast mode [ 94.317493][ T5850] bridge_slave_1: entered promiscuous mode [ 94.358765][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.373633][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.412720][ T5850] team0: Port device team_slave_0 added [ 94.422254][ T5850] team0: Port device team_slave_1 added [ 94.456000][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.463045][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.489202][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.502914][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.510006][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.536544][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.593241][ T5850] hsr_slave_0: entered promiscuous mode [ 94.601293][ T5850] hsr_slave_1: entered promiscuous mode [ 94.801787][ T5850] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.816392][ T5850] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.828376][ T5850] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.840613][ T5850] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.884143][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.891811][ T5850] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.899743][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.906893][ T5850] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.994751][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.020836][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.029939][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.051344][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.068089][ T4592] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.075272][ T4592] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.093648][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.100965][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.345357][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.418012][ T5850] veth0_vlan: entered promiscuous mode [ 95.435429][ T5850] veth1_vlan: entered promiscuous mode [ 95.482385][ T5850] veth0_macvtap: entered promiscuous mode [ 95.495088][ T5850] veth1_macvtap: entered promiscuous mode [ 95.525723][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.544692][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.565005][ T4592] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.577660][ T4592] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.589201][ T4592] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.598533][ T4592] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.684992][ T5850] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.848866][ T166] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.927528][ T166] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.998216][ T166] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.074195][ T166] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.277303][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.286232][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.296237][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.305467][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.314544][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 98.513480][ T166] bridge_slave_1: left allmulticast mode [ 98.527771][ T166] bridge_slave_1: left promiscuous mode [ 98.550611][ T166] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.596447][ T166] bridge_slave_0: left allmulticast mode [ 98.610591][ T166] bridge_slave_0: left promiscuous mode [ 98.633489][ T166] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.923459][ T166] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.942308][ T166] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.953277][ T166] bond0 (unregistering): Released all slaves [ 99.111368][ T166] hsr_slave_0: left promiscuous mode [ 99.122720][ T166] hsr_slave_1: left promiscuous mode [ 99.131899][ T166] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.149062][ T166] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 99.160394][ T166] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.168143][ T166] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 99.183970][ T166] veth1_macvtap: left promiscuous mode [ 99.190318][ T166] veth0_macvtap: left promiscuous mode [ 99.196685][ T166] veth1_vlan: left promiscuous mode [ 99.202247][ T166] veth0_vlan: left promiscuous mode [ 99.415160][ T166] team0 (unregistering): Port device team_slave_1 removed [ 99.432124][ T166] team0 (unregistering): Port device team_slave_0 removed [ 99.596954][ T4592] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.619053][ T4592] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.686436][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.705780][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/03/14 14:45:19 executed programs: 0 [ 101.055655][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.068354][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.083936][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.096569][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.106121][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.187220][ T5983] chnl_net:caif_netlink_parms(): no params data found [ 102.373100][ T5983] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.380744][ T5983] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.388124][ T5983] bridge_slave_0: entered allmulticast mode [ 102.397474][ T5983] bridge_slave_0: entered promiscuous mode [ 102.408558][ T5983] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.417216][ T5983] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.424992][ T5983] bridge_slave_1: entered allmulticast mode [ 102.434061][ T5983] bridge_slave_1: entered promiscuous mode [ 102.494593][ T5983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.512402][ T5983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.607367][ T5983] team0: Port device team_slave_0 added [ 102.623894][ T5983] team0: Port device team_slave_1 added [ 102.680702][ T5983] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.687678][ T5983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.714084][ T5983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.754522][ T5983] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.761872][ T5983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.788255][ T5983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.860680][ T5983] hsr_slave_0: entered promiscuous mode [ 102.867771][ T5983] hsr_slave_1: entered promiscuous mode [ 103.161638][ T51] Bluetooth: hci0: command tx timeout [ 103.499810][ T5983] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.515811][ T5983] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.529421][ T5983] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.545860][ T5983] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.698230][ T5983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.733201][ T5983] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.754093][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.761375][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.783246][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.790566][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.116843][ T5983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.223219][ T5983] veth0_vlan: entered promiscuous mode [ 104.246005][ T5983] veth1_vlan: entered promiscuous mode [ 104.317220][ T5983] veth0_macvtap: entered promiscuous mode [ 104.333167][ T5983] veth1_macvtap: entered promiscuous mode [ 104.376729][ T5983] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.404345][ T5983] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.427375][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.445542][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.457074][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.479500][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.608553][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.627306][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.667257][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.677316][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.773970][ T6066] [ 104.776365][ T6066] ====================================================== [ 104.783419][ T6066] WARNING: possible circular locking dependency detected [ 104.790500][ T6066] syzkaller #0 Not tainted [ 104.794943][ T6066] ------------------------------------------------------ [ 104.801975][ T6066] syz.0.17/6066 is trying to acquire lock: [ 104.807796][ T6066] ffff888033d91c38 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 104.816712][ T6066] [ 104.816712][ T6066] but task is already holding lock: [ 104.824089][ T6066] ffff8880778d0cf0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 104.833860][ T6066] [ 104.833860][ T6066] which lock already depends on the new lock. [ 104.833860][ T6066] [ 104.844278][ T6066] [ 104.844278][ T6066] the existing dependency chain (in reverse order) is: [ 104.853311][ T6066] [ 104.853311][ T6066] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}: [ 104.861671][ T6066] down_read+0x47/0x2e0 [ 104.866368][ T6066] mfill_get_vma+0x162/0x660 [ 104.871497][ T6066] mfill_atomic_continue+0x189/0x12c0 [ 104.877406][ T6066] userfaultfd_ioctl+0x232d/0x4c70 [ 104.883061][ T6066] __se_sys_ioctl+0xfc/0x170 [ 104.888193][ T6066] do_syscall_64+0x14d/0xf80 [ 104.893754][ T6066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.900200][ T6066] [ 104.900200][ T6066] -> #1 (vm_lock){++++}-{0:0}: [ 104.907167][ T6066] __vma_start_exclude_readers+0x28a/0x940 [ 104.913549][ T6066] __vma_start_write+0xdc/0x290 [ 104.918948][ T6066] mprotect_fixup+0x5eb/0xa80 [ 104.924160][ T6066] setup_arg_pages+0x565/0xac0 [ 104.929466][ T6066] load_elf_binary+0xc5e/0x2980 [ 104.934857][ T6066] bprm_execve+0x949/0x1470 [ 104.939907][ T6066] kernel_execve+0x844/0x930 [ 104.945040][ T6066] try_to_run_init_process+0x13/0x60 [ 104.950868][ T6066] kernel_init+0xad/0x1d0 [ 104.955738][ T6066] ret_from_fork+0x51e/0xb90 [ 104.960872][ T6066] ret_from_fork_asm+0x1a/0x30 [ 104.966170][ T6066] [ 104.966170][ T6066] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 104.973753][ T6066] __lock_acquire+0x15a5/0x2cf0 [ 104.979153][ T6066] lock_acquire+0xf0/0x2e0 [ 104.984110][ T6066] __might_fault+0xcb/0x130 [ 104.989173][ T6066] userfaultfd_ioctl+0x2372/0x4c70 [ 104.994826][ T6066] __se_sys_ioctl+0xfc/0x170 [ 105.000063][ T6066] do_syscall_64+0x14d/0xf80 [ 105.005189][ T6066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.011627][ T6066] [ 105.011627][ T6066] other info that might help us debug this: [ 105.011627][ T6066] [ 105.021877][ T6066] Chain exists of: [ 105.021877][ T6066] &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock [ 105.021877][ T6066] [ 105.034845][ T6066] Possible unsafe locking scenario: [ 105.034845][ T6066] [ 105.042309][ T6066] CPU0 CPU1 [ 105.047687][ T6066] ---- ---- [ 105.053071][ T6066] rlock(&ctx->map_changing_lock); [ 105.058287][ T6066] lock(vm_lock); [ 105.064544][ T6066] lock(&ctx->map_changing_lock); [ 105.072219][ T6066] rlock(&mm->mmap_lock); [ 105.076652][ T6066] [ 105.076652][ T6066] *** DEADLOCK *** [ 105.076652][ T6066] [ 105.084807][ T6066] 2 locks held by syz.0.17/6066: [ 105.089757][ T6066] #0: ffff88807bdd4bc8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 105.099104][ T6066] #1: ffff8880778d0cf0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 105.109318][ T6066] [ 105.109318][ T6066] stack backtrace: [ 105.115338][ T6066] CPU: 1 UID: 0 PID: 6066 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 105.115358][ T6066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 105.115375][ T6066] Call Trace: [ 105.115382][ T6066] [ 105.115389][ T6066] dump_stack_lvl+0xe8/0x150 [ 105.115417][ T6066] print_circular_bug+0x2e1/0x300 [ 105.115437][ T6066] check_noncircular+0x12e/0x150 [ 105.115457][ T6066] __lock_acquire+0x15a5/0x2cf0 [ 105.115484][ T6066] ? mfill_get_vma+0x392/0x660 [ 105.115503][ T6066] ? mfill_atomic_continue+0x1054/0x12c0 [ 105.115519][ T6066] ? unwind_get_return_address+0x4d/0x90 [ 105.115536][ T6066] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 105.115558][ T6066] ? arch_stack_walk+0xfb/0x150 [ 105.115577][ T6066] lock_acquire+0xf0/0x2e0 [ 105.115606][ T6066] ? __might_fault+0xaf/0x130 [ 105.115633][ T6066] ? __might_fault+0xaf/0x130 [ 105.115656][ T6066] __might_fault+0xcb/0x130 [ 105.115678][ T6066] ? __might_fault+0xaf/0x130 [ 105.115702][ T6066] userfaultfd_ioctl+0x2372/0x4c70 [ 105.115726][ T6066] ? __kasan_slab_free+0x5c/0x80 [ 105.115740][ T6066] ? kfree+0x1c5/0x650 [ 105.115767][ T6066] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 105.115801][ T6066] ? kasan_quarantine_put+0xbb/0x1f0 [ 105.115829][ T6066] ? tomoyo_path_number_perm+0x219/0x630 [ 105.115851][ T6066] ? tomoyo_path_number_perm+0x219/0x630 [ 105.115872][ T6066] ? do_vfs_ioctl+0x1166/0x1530 [ 105.115890][ T6066] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 105.115911][ T6066] ? do_futex+0x395/0x420 [ 105.115932][ T6066] ? __se_sys_futex+0x3a8/0x450 [ 105.115948][ T6066] ? exc_page_fault+0x6a/0xc0 [ 105.115973][ T6066] ? __pfx___se_sys_futex+0x10/0x10 [ 105.115989][ T6066] ? bpf_lsm_file_ioctl+0x9/0x20 [ 105.116005][ T6066] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 105.116028][ T6066] __se_sys_ioctl+0xfc/0x170 [ 105.116045][ T6066] do_syscall_64+0x14d/0xf80 [ 105.116059][ T6066] ? trace_irq_disable+0x3b/0x150 [ 105.116079][ T6066] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.116097][ T6066] ? clear_bhb_loop+0x40/0x90 [ 105.116116][ T6066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.116133][ T6066] RIP: 0033:0x7fd4c9b9c799 [ 105.116152][ T6066] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.116166][ T6066] RSP: 002b:00007ffe85229d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.116183][ T6066] RAX: ffffffffffffffda RBX: 00007fd4c9e15fa0 RCX: 00007fd4c9b9c799 [ 105.116195][ T6066] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000003 [ 105.116206][ T6066] RBP: 00007fd4c9c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 105.116217][ T6066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.116226][ T6066] R13: 00007fd4c9e15fac R14: 00007fd4c9e15fa0 R15: 00007fd4c9e15fa0 [ 105.116245][ T6066] [ 105.421784][ T51] Bluetooth: hci0: command tx timeout [ 107.489134][ T51] Bluetooth: hci0: command tx timeout [ 109.559667][ T51] Bluetooth: hci0: command tx timeout