Warning: Permanently added '10.128.0.56' (ED25519) to the list of known hosts. 2026/03/14 18:40:50 parsed 1 programs [ 99.063423][ T5842] cgroup: Unknown subsys name 'net' [ 99.169773][ T5842] cgroup: Unknown subsys name 'cpuset' [ 99.177975][ T5842] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 100.570583][ T5842] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 103.415473][ T5853] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 103.842163][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 103.944096][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.952221][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.959633][ T5863] bridge_slave_0: entered allmulticast mode [ 103.968271][ T5863] bridge_slave_0: entered promiscuous mode [ 103.978065][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.985404][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.992738][ T5863] bridge_slave_1: entered allmulticast mode [ 104.000927][ T5863] bridge_slave_1: entered promiscuous mode [ 104.060892][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.075189][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.119001][ T5863] team0: Port device team_slave_0 added [ 104.130786][ T5863] team0: Port device team_slave_1 added [ 104.157659][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.164611][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.190611][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.203667][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.210658][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.236676][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.282489][ T5863] hsr_slave_0: entered promiscuous mode [ 104.289757][ T5863] hsr_slave_1: entered promiscuous mode [ 104.445494][ T5863] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.458840][ T5863] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.470120][ T5863] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.480926][ T5863] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.515954][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.523507][ T5863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.531522][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.538686][ T5863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.604776][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.630367][ T1023] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.638965][ T1023] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.653881][ T5863] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.670938][ T1023] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.678148][ T1023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.698851][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.706057][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.888522][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.948291][ T5863] veth0_vlan: entered promiscuous mode [ 104.963501][ T5863] veth1_vlan: entered promiscuous mode [ 105.001151][ T5863] veth0_macvtap: entered promiscuous mode [ 105.011991][ T5863] veth1_macvtap: entered promiscuous mode [ 105.035445][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.052695][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.070927][ T1023] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.082543][ T1023] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.100447][ T1023] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.109682][ T1023] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.273577][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.350102][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.451416][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.558382][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.931188][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 105.940196][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 105.947985][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 105.955864][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 105.964056][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.695055][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.709890][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.741212][ T1023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.749132][ T1023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.680316][ T12] bridge_slave_1: left allmulticast mode [ 107.699836][ T12] bridge_slave_1: left promiscuous mode [ 107.707352][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.720799][ T12] bridge_slave_0: left allmulticast mode 2026/03/14 18:41:01 executed programs: 0 [ 107.726628][ T12] bridge_slave_0: left promiscuous mode [ 107.732954][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.803027][ T5152] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 107.822925][ T5152] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 107.832130][ T5152] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 107.840479][ T5152] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 107.848478][ T5152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 107.916663][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 107.928648][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 107.940901][ T12] bond0 (unregistering): Released all slaves [ 108.083359][ T12] hsr_slave_0: left promiscuous mode [ 108.091936][ T12] hsr_slave_1: left promiscuous mode [ 108.100159][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.107978][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.118623][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.126053][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 108.145528][ T12] veth1_macvtap: left promiscuous mode [ 108.153631][ T12] veth0_macvtap: left promiscuous mode [ 108.160005][ T12] veth1_vlan: left promiscuous mode [ 108.165370][ T12] veth0_vlan: left promiscuous mode [ 108.468346][ T12] team0 (unregistering): Port device team_slave_1 removed [ 108.483628][ T12] team0 (unregistering): Port device team_slave_0 removed [ 108.748558][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 109.036057][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.043526][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.050898][ T5947] bridge_slave_0: entered allmulticast mode [ 109.059373][ T5947] bridge_slave_0: entered promiscuous mode [ 109.069728][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.077814][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.085092][ T5947] bridge_slave_1: entered allmulticast mode [ 109.093592][ T5947] bridge_slave_1: entered promiscuous mode [ 109.140165][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.154978][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.192570][ T5947] team0: Port device team_slave_0 added [ 109.201711][ T5947] team0: Port device team_slave_1 added [ 109.238814][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.245790][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.271843][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.568707][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.575667][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.602508][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.690508][ T5947] hsr_slave_0: entered promiscuous mode [ 109.697924][ T5947] hsr_slave_1: entered promiscuous mode [ 109.888290][ T51] Bluetooth: hci0: command tx timeout [ 110.626432][ T5947] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 110.641858][ T5947] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 110.655185][ T5947] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 110.670790][ T5947] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 110.805291][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.843279][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.859425][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.866680][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.894615][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.901871][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.188839][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.284102][ T5947] veth0_vlan: entered promiscuous mode [ 111.304828][ T5947] veth1_vlan: entered promiscuous mode [ 111.368824][ T5947] veth0_macvtap: entered promiscuous mode [ 111.383950][ T5947] veth1_macvtap: entered promiscuous mode [ 111.423508][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.446460][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.472762][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.495318][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.520264][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.550942][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.629646][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.650407][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.685557][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.694323][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.746160][ T6048] [ 111.748588][ T6048] ====================================================== [ 111.755585][ T6048] WARNING: possible circular locking dependency detected [ 111.762620][ T6048] syzkaller #0 Not tainted [ 111.767026][ T6048] ------------------------------------------------------ [ 111.774038][ T6048] syz.0.17/6048 is trying to acquire lock: [ 111.779823][ T6048] ffff88803624ce38 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 111.788705][ T6048] [ 111.788705][ T6048] but task is already holding lock: [ 111.796064][ T6048] ffff8880124cccf0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 111.805819][ T6048] [ 111.805819][ T6048] which lock already depends on the new lock. [ 111.805819][ T6048] [ 111.816216][ T6048] [ 111.816216][ T6048] the existing dependency chain (in reverse order) is: [ 111.825220][ T6048] [ 111.825220][ T6048] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}: [ 111.833550][ T6048] down_read+0x47/0x2e0 [ 111.838223][ T6048] mfill_get_vma+0x162/0x660 [ 111.843322][ T6048] mfill_atomic_continue+0x189/0x12c0 [ 111.849200][ T6048] userfaultfd_ioctl+0x232d/0x4c70 [ 111.854830][ T6048] __se_sys_ioctl+0xfc/0x170 [ 111.859938][ T6048] do_syscall_64+0x14d/0xf80 [ 111.865034][ T6048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.871431][ T6048] [ 111.871431][ T6048] -> #1 (vm_lock){++++}-{0:0}: [ 111.878547][ T6048] __vma_start_exclude_readers+0x28a/0x940 [ 111.884890][ T6048] __vma_start_write+0xdc/0x290 [ 111.890253][ T6048] mprotect_fixup+0x5eb/0xa80 [ 111.895453][ T6048] setup_arg_pages+0x565/0xac0 [ 111.900740][ T6048] load_elf_binary+0xc5e/0x2980 [ 111.906099][ T6048] bprm_execve+0x949/0x1470 [ 111.911113][ T6048] kernel_execve+0x844/0x930 [ 111.916211][ T6048] try_to_run_init_process+0x13/0x60 [ 111.922008][ T6048] kernel_init+0xad/0x1d0 [ 111.926846][ T6048] ret_from_fork+0x51e/0xb90 [ 111.932030][ T6048] ret_from_fork_asm+0x1a/0x30 [ 111.937298][ T6048] [ 111.937298][ T6048] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 111.944866][ T6048] __lock_acquire+0x15a5/0x2cf0 [ 111.950232][ T6048] lock_acquire+0xf0/0x2e0 [ 111.955165][ T6048] __might_fault+0xcb/0x130 [ 111.960183][ T6048] userfaultfd_ioctl+0x2372/0x4c70 [ 111.965806][ T6048] __se_sys_ioctl+0xfc/0x170 [ 111.970907][ T6048] do_syscall_64+0x14d/0xf80 [ 111.976004][ T6048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.982402][ T6048] [ 111.982402][ T6048] other info that might help us debug this: [ 111.982402][ T6048] [ 111.992621][ T6048] Chain exists of: [ 111.992621][ T6048] &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock [ 111.992621][ T6048] [ 112.005551][ T6048] Possible unsafe locking scenario: [ 112.005551][ T6048] [ 112.012992][ T6048] CPU0 CPU1 [ 112.018347][ T6048] ---- ---- [ 112.023698][ T6048] rlock(&ctx->map_changing_lock); [ 112.028881][ T6048] lock(vm_lock); [ 112.035102][ T6048] lock(&ctx->map_changing_lock); [ 112.042746][ T6048] rlock(&mm->mmap_lock); [ 112.047154][ T6048] [ 112.047154][ T6048] *** DEADLOCK *** [ 112.047154][ T6048] [ 112.055293][ T6048] 2 locks held by syz.0.17/6048: [ 112.060212][ T6048] #0: ffff888034c55e48 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 112.069422][ T6048] #1: ffff8880124cccf0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 112.079580][ T6048] [ 112.079580][ T6048] stack backtrace: [ 112.085468][ T6048] CPU: 1 UID: 0 PID: 6048 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 112.085482][ T6048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.085493][ T6048] Call Trace: [ 112.085499][ T6048] [ 112.085504][ T6048] dump_stack_lvl+0xe8/0x150 [ 112.085522][ T6048] print_circular_bug+0x2e1/0x300 [ 112.085535][ T6048] check_noncircular+0x12e/0x150 [ 112.085546][ T6048] __lock_acquire+0x15a5/0x2cf0 [ 112.085562][ T6048] ? mfill_get_vma+0x392/0x660 [ 112.085574][ T6048] ? mfill_atomic_continue+0x1054/0x12c0 [ 112.085583][ T6048] ? unwind_get_return_address+0x4d/0x90 [ 112.085593][ T6048] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 112.085606][ T6048] ? arch_stack_walk+0xfb/0x150 [ 112.085616][ T6048] lock_acquire+0xf0/0x2e0 [ 112.085630][ T6048] ? __might_fault+0xaf/0x130 [ 112.085646][ T6048] ? __might_fault+0xaf/0x130 [ 112.085659][ T6048] __might_fault+0xcb/0x130 [ 112.085671][ T6048] ? __might_fault+0xaf/0x130 [ 112.085685][ T6048] userfaultfd_ioctl+0x2372/0x4c70 [ 112.085699][ T6048] ? __kasan_slab_free+0x5c/0x80 [ 112.085707][ T6048] ? kfree+0x1c5/0x650 [ 112.085723][ T6048] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 112.085741][ T6048] ? kasan_quarantine_put+0xbb/0x1f0 [ 112.085757][ T6048] ? tomoyo_path_number_perm+0x219/0x630 [ 112.085770][ T6048] ? tomoyo_path_number_perm+0x219/0x630 [ 112.085782][ T6048] ? do_vfs_ioctl+0x1166/0x1530 [ 112.085792][ T6048] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 112.085803][ T6048] ? do_futex+0x395/0x420 [ 112.085814][ T6048] ? __se_sys_futex+0x3a8/0x450 [ 112.085823][ T6048] ? exc_page_fault+0x6a/0xc0 [ 112.085838][ T6048] ? __pfx___se_sys_futex+0x10/0x10 [ 112.085847][ T6048] ? bpf_lsm_file_ioctl+0x9/0x20 [ 112.085857][ T6048] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 112.085870][ T6048] __se_sys_ioctl+0xfc/0x170 [ 112.085879][ T6048] do_syscall_64+0x14d/0xf80 [ 112.085888][ T6048] ? trace_irq_disable+0x3b/0x150 [ 112.085899][ T6048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.085909][ T6048] ? clear_bhb_loop+0x40/0x90 [ 112.085920][ T6048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.085929][ T6048] RIP: 0033:0x7f50fa99c799 [ 112.085942][ T6048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 112.085951][ T6048] RSP: 002b:00007ffdc4e919f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 112.085962][ T6048] RAX: ffffffffffffffda RBX: 00007f50fac15fa0 RCX: 00007f50fa99c799 [ 112.085969][ T6048] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000003 [ 112.085975][ T6048] RBP: 00007f50faa32c99 R08: 0000000000000000 R09: 0000000000000000 [ 112.085981][ T6048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.085987][ T6048] R13: 00007f50fac15fac R14: 00007f50fac15fa0 R15: 00007f50fac15fa0 [ 112.085997][ T6048] [ 112.362816][ T51] Bluetooth: hci0: command tx timeout [ 114.446646][ T51] Bluetooth: hci0: command tx timeout [ 116.527624][ T51] Bluetooth: hci0: command tx timeout