Warning: Permanently added '10.128.1.5' (ED25519) to the list of known hosts. 2026/03/14 16:37:15 parsed 1 programs [ 71.422103][ T5830] cgroup: Unknown subsys name 'net' [ 71.548496][ T5830] cgroup: Unknown subsys name 'cpuset' [ 71.556721][ T5830] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 72.881453][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.770213][ T5844] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 76.874205][ T5872] chnl_net:caif_netlink_parms(): no params data found [ 76.988695][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.996426][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.003924][ T5872] bridge_slave_0: entered allmulticast mode [ 77.011741][ T5872] bridge_slave_0: entered promiscuous mode [ 77.024126][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.031574][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.038888][ T5872] bridge_slave_1: entered allmulticast mode [ 77.046556][ T5872] bridge_slave_1: entered promiscuous mode [ 77.077501][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.090995][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.128592][ T5872] team0: Port device team_slave_0 added [ 77.139319][ T5872] team0: Port device team_slave_1 added [ 77.165132][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.172073][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.198025][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.211443][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.218394][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.244285][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.288586][ T5872] hsr_slave_0: entered promiscuous mode [ 77.296299][ T5872] hsr_slave_1: entered promiscuous mode [ 77.441599][ T5872] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.453567][ T5872] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.463807][ T5872] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.473633][ T5872] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.505550][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.512837][ T5872] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.520751][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.527875][ T5872] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.592489][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.614929][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.623298][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.638022][ T5872] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.653349][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.660532][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.677591][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.684768][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.855842][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.909049][ T5872] veth0_vlan: entered promiscuous mode [ 77.922424][ T5872] veth1_vlan: entered promiscuous mode [ 77.958053][ T5872] veth0_macvtap: entered promiscuous mode [ 77.969558][ T5872] veth1_macvtap: entered promiscuous mode [ 77.995598][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.012092][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.032599][ T78] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.042369][ T78] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.053805][ T78] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.064240][ T78] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.212261][ T78] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.325223][ T78] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.403321][ T78] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.469919][ T78] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.100956][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.113182][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.149236][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.157235][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.489992][ T5920] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.499773][ T5920] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.507700][ T5920] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.516726][ T5920] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.526176][ T5920] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 2026/03/14 16:37:26 executed programs: 0 [ 80.426705][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.436204][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.443764][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.453690][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.462386][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.597480][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 80.668620][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.675921][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.683079][ T5942] bridge_slave_0: entered allmulticast mode [ 80.690701][ T5942] bridge_slave_0: entered promiscuous mode [ 80.698912][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.706447][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.713616][ T5942] bridge_slave_1: entered allmulticast mode [ 80.721160][ T5942] bridge_slave_1: entered promiscuous mode [ 80.751923][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.765686][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.796559][ T5942] team0: Port device team_slave_0 added [ 80.805122][ T5942] team0: Port device team_slave_1 added [ 80.831962][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.838941][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.864849][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.877353][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.884769][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.910845][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.957044][ T5942] hsr_slave_0: entered promiscuous mode [ 80.963706][ T5942] hsr_slave_1: entered promiscuous mode [ 80.970326][ T5942] debugfs: 'hsr0' already exists in 'hsr' [ 80.976905][ T5942] Cannot create hsr debugfs directory [ 81.212689][ T78] bridge_slave_1: left allmulticast mode [ 81.219360][ T78] bridge_slave_1: left promiscuous mode [ 81.225896][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.237755][ T78] bridge_slave_0: left allmulticast mode [ 81.243596][ T78] bridge_slave_0: left promiscuous mode [ 81.249508][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.403239][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 81.414460][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 81.424312][ T78] bond0 (unregistering): Released all slaves [ 81.460451][ T9] cfg80211: failed to load regulatory.db [ 81.513032][ T78] hsr_slave_0: left promiscuous mode [ 81.526112][ T78] hsr_slave_1: left promiscuous mode [ 81.532302][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 81.541124][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 81.549783][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 81.557604][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 81.574741][ T78] veth1_macvtap: left promiscuous mode [ 81.581200][ T78] veth0_macvtap: left promiscuous mode [ 81.586973][ T78] veth1_vlan: left promiscuous mode [ 81.592357][ T78] veth0_vlan: left promiscuous mode [ 81.880372][ T78] team0 (unregistering): Port device team_slave_1 removed [ 81.912731][ T78] team0 (unregistering): Port device team_slave_0 removed [ 82.332905][ T5942] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.349036][ T5942] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.367646][ T5942] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.386749][ T5942] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.495859][ T5151] Bluetooth: hci0: command tx timeout [ 82.858920][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.927365][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.948120][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.955342][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.008320][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.015535][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.542217][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.687735][ T5942] veth0_vlan: entered promiscuous mode [ 83.709257][ T5942] veth1_vlan: entered promiscuous mode [ 83.764469][ T5942] veth0_macvtap: entered promiscuous mode [ 83.782480][ T5942] veth1_macvtap: entered promiscuous mode [ 83.819269][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.842570][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.867713][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.890095][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.910391][ T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.923296][ T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.006085][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.024182][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.068524][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.079541][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.151915][ T6020] [ 84.154282][ T6020] ====================================================== [ 84.161283][ T6020] WARNING: possible circular locking dependency detected [ 84.168299][ T6020] syzkaller #0 Not tainted [ 84.172692][ T6020] ------------------------------------------------------ [ 84.179682][ T6020] syz.0.17/6020 is trying to acquire lock: [ 84.185464][ T6020] ffff888033779c38 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 84.194317][ T6020] [ 84.194317][ T6020] but task is already holding lock: [ 84.201659][ T6020] ffff888034b98cf0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 84.211379][ T6020] [ 84.211379][ T6020] which lock already depends on the new lock. [ 84.211379][ T6020] [ 84.221768][ T6020] [ 84.221768][ T6020] the existing dependency chain (in reverse order) is: [ 84.230766][ T6020] [ 84.230766][ T6020] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}: [ 84.239094][ T6020] down_read+0x47/0x2e0 [ 84.243771][ T6020] mfill_get_vma+0x162/0x660 [ 84.248880][ T6020] mfill_atomic_continue+0x189/0x12c0 [ 84.254763][ T6020] userfaultfd_ioctl+0x232d/0x4c70 [ 84.260389][ T6020] __se_sys_ioctl+0xfc/0x170 [ 84.265486][ T6020] do_syscall_64+0x14d/0xf80 [ 84.270587][ T6020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.276990][ T6020] [ 84.276990][ T6020] -> #1 (vm_lock){++++}-{0:0}: [ 84.283931][ T6020] __vma_start_exclude_readers+0x28a/0x940 [ 84.290251][ T6020] __vma_start_write+0xdc/0x290 [ 84.295611][ T6020] mprotect_fixup+0x5eb/0xa80 [ 84.300792][ T6020] setup_arg_pages+0x565/0xac0 [ 84.306071][ T6020] load_elf_binary+0xc5e/0x2980 [ 84.311431][ T6020] bprm_execve+0x949/0x1470 [ 84.316447][ T6020] kernel_execve+0x844/0x930 [ 84.321547][ T6020] try_to_run_init_process+0x13/0x60 [ 84.327346][ T6020] kernel_init+0xad/0x1d0 [ 84.332186][ T6020] ret_from_fork+0x51e/0xb90 [ 84.337288][ T6020] ret_from_fork_asm+0x1a/0x30 [ 84.342557][ T6020] [ 84.342557][ T6020] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 84.350101][ T6020] __lock_acquire+0x15a5/0x2cf0 [ 84.355463][ T6020] lock_acquire+0xf0/0x2e0 [ 84.360389][ T6020] __might_fault+0xcb/0x130 [ 84.365404][ T6020] userfaultfd_ioctl+0x2372/0x4c70 [ 84.371037][ T6020] __se_sys_ioctl+0xfc/0x170 [ 84.376148][ T6020] do_syscall_64+0x14d/0xf80 [ 84.381256][ T6020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.387659][ T6020] [ 84.387659][ T6020] other info that might help us debug this: [ 84.387659][ T6020] [ 84.397883][ T6020] Chain exists of: [ 84.397883][ T6020] &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock [ 84.397883][ T6020] [ 84.410826][ T6020] Possible unsafe locking scenario: [ 84.410826][ T6020] [ 84.418260][ T6020] CPU0 CPU1 [ 84.423607][ T6020] ---- ---- [ 84.428954][ T6020] rlock(&ctx->map_changing_lock); [ 84.434136][ T6020] lock(vm_lock); [ 84.440363][ T6020] lock(&ctx->map_changing_lock); [ 84.447979][ T6020] rlock(&mm->mmap_lock); [ 84.452380][ T6020] [ 84.452380][ T6020] *** DEADLOCK *** [ 84.452380][ T6020] [ 84.460505][ T6020] 2 locks held by syz.0.17/6020: [ 84.465421][ T6020] #0: ffff88807ed66808 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 84.474640][ T6020] #1: ffff888034b98cf0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 84.484806][ T6020] [ 84.484806][ T6020] stack backtrace: [ 84.490702][ T6020] CPU: 1 UID: 0 PID: 6020 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 84.490722][ T6020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 84.490739][ T6020] Call Trace: [ 84.490747][ T6020] [ 84.490754][ T6020] dump_stack_lvl+0xe8/0x150 [ 84.490779][ T6020] print_circular_bug+0x2e1/0x300 [ 84.490797][ T6020] check_noncircular+0x12e/0x150 [ 84.490814][ T6020] __lock_acquire+0x15a5/0x2cf0 [ 84.490836][ T6020] ? mfill_get_vma+0x392/0x660 [ 84.490853][ T6020] ? mfill_atomic_continue+0x1054/0x12c0 [ 84.490867][ T6020] ? unwind_get_return_address+0x4d/0x90 [ 84.490882][ T6020] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 84.490901][ T6020] ? arch_stack_walk+0xfb/0x150 [ 84.490918][ T6020] lock_acquire+0xf0/0x2e0 [ 84.490938][ T6020] ? __might_fault+0xaf/0x130 [ 84.490959][ T6020] ? __might_fault+0xaf/0x130 [ 84.490978][ T6020] __might_fault+0xcb/0x130 [ 84.490996][ T6020] ? __might_fault+0xaf/0x130 [ 84.491015][ T6020] userfaultfd_ioctl+0x2372/0x4c70 [ 84.491035][ T6020] ? __kasan_slab_free+0x5c/0x80 [ 84.491047][ T6020] ? kfree+0x1c5/0x650 [ 84.491069][ T6020] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 84.491097][ T6020] ? kasan_quarantine_put+0xbb/0x1f0 [ 84.491120][ T6020] ? tomoyo_path_number_perm+0x219/0x630 [ 84.491138][ T6020] ? tomoyo_path_number_perm+0x219/0x630 [ 84.491156][ T6020] ? do_vfs_ioctl+0x1166/0x1530 [ 84.491172][ T6020] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 84.491189][ T6020] ? do_futex+0x395/0x420 [ 84.491207][ T6020] ? __se_sys_futex+0x3a8/0x450 [ 84.491221][ T6020] ? exc_page_fault+0x6a/0xc0 [ 84.491241][ T6020] ? __pfx___se_sys_futex+0x10/0x10 [ 84.491255][ T6020] ? bpf_lsm_file_ioctl+0x9/0x20 [ 84.491269][ T6020] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 84.491288][ T6020] __se_sys_ioctl+0xfc/0x170 [ 84.491302][ T6020] do_syscall_64+0x14d/0xf80 [ 84.491315][ T6020] ? trace_irq_disable+0x3b/0x150 [ 84.491332][ T6020] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.491347][ T6020] ? clear_bhb_loop+0x40/0x90 [ 84.491362][ T6020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.491384][ T6020] RIP: 0033:0x7f18d919c799 [ 84.491401][ T6020] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.491414][ T6020] RSP: 002b:00007ffc1ba8e098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.491429][ T6020] RAX: ffffffffffffffda RBX: 00007f18d9415fa0 RCX: 00007f18d919c799 [ 84.491440][ T6020] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000003 [ 84.491449][ T6020] RBP: 00007f18d9232c99 R08: 0000000000000000 R09: 0000000000000000 [ 84.491458][ T6020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.491467][ T6020] R13: 00007f18d9415fac R14: 00007f18d9415fa0 R15: 00007f18d9415fa0 [ 84.491483][ T6020] [ 84.768810][ T5151] Bluetooth: hci0: command tx timeout [ 86.814632][ T5151] Bluetooth: hci0: command tx timeout [ 88.894933][ T5151] Bluetooth: hci0: command tx timeout