Warning: Permanently added '10.128.1.34' (ED25519) to the list of known hosts. 2026/03/11 20:19:55 parsed 1 programs [ 76.177315][ T5829] cgroup: Unknown subsys name 'net' [ 76.299298][ T5829] cgroup: Unknown subsys name 'cpuset' [ 76.308746][ T5829] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.753196][ T5829] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.886581][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 80.966314][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.974553][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.982343][ T5850] bridge_slave_0: entered allmulticast mode [ 80.990122][ T5850] bridge_slave_0: entered promiscuous mode [ 80.999784][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.007134][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.014399][ T5850] bridge_slave_1: entered allmulticast mode [ 81.022279][ T5850] bridge_slave_1: entered promiscuous mode [ 81.053686][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.066642][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.095980][ T5850] team0: Port device team_slave_0 added [ 81.104351][ T5850] team0: Port device team_slave_1 added [ 81.129045][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.136197][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.163669][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.177686][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.185078][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.211543][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.254643][ T5850] hsr_slave_0: entered promiscuous mode [ 81.262000][ T5850] hsr_slave_1: entered promiscuous mode [ 81.412395][ T5850] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.424921][ T5850] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.437146][ T5850] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.447589][ T5850] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.485641][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.493344][ T5850] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.501431][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.508983][ T5850] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.577483][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.600838][ T84] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.609520][ T84] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.628407][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.649752][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.657148][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.680767][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.688008][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.940710][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.998352][ T5850] veth0_vlan: entered promiscuous mode [ 82.013812][ T5850] veth1_vlan: entered promiscuous mode [ 82.049283][ T5850] veth0_macvtap: entered promiscuous mode [ 82.059664][ T5850] veth1_macvtap: entered promiscuous mode [ 82.083430][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.102018][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.122246][ T1026] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.138257][ T1026] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.148307][ T1026] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.162422][ T1026] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.234312][ T5850] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 82.359672][ T48] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.419243][ T48] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.484398][ T48] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.571568][ T48] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.603988][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.612568][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.622408][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.632421][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.640292][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.339342][ T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.350971][ T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.382426][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.390794][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.661648][ T48] bridge_slave_1: left allmulticast mode [ 84.670054][ T48] bridge_slave_1: left promiscuous mode [ 84.679925][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.694359][ T48] bridge_slave_0: left allmulticast mode [ 84.702732][ T48] bridge_slave_0: left promiscuous mode [ 84.709319][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.884104][ T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.897556][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.910278][ T48] bond0 (unregistering): Released all slaves [ 85.086832][ T48] hsr_slave_0: left promiscuous mode [ 85.108014][ T48] hsr_slave_1: left promiscuous mode [ 85.130924][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.139477][ T48] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.151801][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.164107][ T48] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.180848][ T48] veth1_macvtap: left promiscuous mode [ 85.187414][ T48] veth0_macvtap: left promiscuous mode [ 85.193473][ T48] veth1_vlan: left promiscuous mode [ 85.201930][ T48] veth0_vlan: left promiscuous mode [ 85.671905][ T48] team0 (unregistering): Port device team_slave_1 removed [ 85.694621][ T48] team0 (unregistering): Port device team_slave_0 removed 2026/03/11 20:20:08 executed programs: 0 [ 86.489670][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.504979][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.512925][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.522116][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.530973][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.766450][ T24] cfg80211: failed to load regulatory.db [ 87.242011][ T5971] chnl_net:caif_netlink_parms(): no params data found [ 87.555857][ T5971] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.563168][ T5971] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.571469][ T5971] bridge_slave_0: entered allmulticast mode [ 87.579067][ T5971] bridge_slave_0: entered promiscuous mode [ 87.587655][ T5971] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.594912][ T5971] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.603180][ T5971] bridge_slave_1: entered allmulticast mode [ 87.611102][ T5971] bridge_slave_1: entered promiscuous mode [ 87.674066][ T5971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.692547][ T5971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.741400][ T5971] team0: Port device team_slave_0 added [ 87.751652][ T5971] team0: Port device team_slave_1 added [ 87.797106][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.804245][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.830811][ T5971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.845651][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.853532][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.881964][ T5971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.998364][ T5971] hsr_slave_0: entered promiscuous mode [ 88.006083][ T5971] hsr_slave_1: entered promiscuous mode [ 88.586113][ T5148] Bluetooth: hci0: command tx timeout [ 88.827812][ T5971] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.844552][ T5971] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.861780][ T5971] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.874768][ T5971] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.009937][ T5971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.039571][ T5971] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.059025][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.066629][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.090491][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.097752][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.382407][ T5971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.469455][ T5971] veth0_vlan: entered promiscuous mode [ 89.490917][ T5971] veth1_vlan: entered promiscuous mode [ 89.548899][ T5971] veth0_macvtap: entered promiscuous mode [ 89.562754][ T5971] veth1_macvtap: entered promiscuous mode [ 89.594625][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.620322][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.643466][ T1026] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.671298][ T1026] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.694295][ T1026] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.717860][ T1026] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.783493][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.800890][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.835182][ T1026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.847402][ T1026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.916759][ T6067] [ 89.919222][ T6067] ====================================================== [ 89.926328][ T6067] WARNING: possible circular locking dependency detected [ 89.933385][ T6067] syzkaller #0 Not tainted [ 89.937810][ T6067] ------------------------------------------------------ [ 89.944812][ T6067] syz.0.17/6067 is trying to acquire lock: [ 89.950636][ T6067] ffff888036701000 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 89.959712][ T6067] [ 89.959712][ T6067] but task is already holding lock: [ 89.967155][ T6067] ffff88802c65ccf8 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 89.977157][ T6067] [ 89.977157][ T6067] which lock already depends on the new lock. [ 89.977157][ T6067] [ 89.987718][ T6067] [ 89.987718][ T6067] the existing dependency chain (in reverse order) is: [ 89.996718][ T6067] [ 89.996718][ T6067] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}: [ 90.005040][ T6067] down_read+0x47/0x2e0 [ 90.009723][ T6067] mfill_get_vma+0x162/0x660 [ 90.014995][ T6067] mfill_atomic_copy+0x1c5/0x1330 [ 90.020980][ T6067] userfaultfd_ioctl+0x2b8a/0x4b00 [ 90.026713][ T6067] __se_sys_ioctl+0xfc/0x170 [ 90.031990][ T6067] do_syscall_64+0x14d/0xf80 [ 90.037089][ T6067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.043664][ T6067] [ 90.043664][ T6067] -> #1 (vm_lock){++++}-{0:0}: [ 90.050603][ T6067] __vma_start_exclude_readers+0x28a/0x940 [ 90.057009][ T6067] __vma_start_write+0xdc/0x290 [ 90.062452][ T6067] mprotect_fixup+0x5ee/0xa80 [ 90.067803][ T6067] setup_arg_pages+0x565/0xac0 [ 90.073081][ T6067] load_elf_binary+0xc5e/0x2980 [ 90.078437][ T6067] bprm_execve+0x949/0x1470 [ 90.083450][ T6067] kernel_execve+0x844/0x930 [ 90.088550][ T6067] try_to_run_init_process+0x13/0x60 [ 90.094369][ T6067] kernel_init+0xad/0x1d0 [ 90.099398][ T6067] ret_from_fork+0x51e/0xb90 [ 90.104499][ T6067] ret_from_fork_asm+0x1a/0x30 [ 90.109768][ T6067] [ 90.109768][ T6067] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 90.117411][ T6067] __lock_acquire+0x15a5/0x2cf0 [ 90.122827][ T6067] lock_acquire+0xf0/0x2e0 [ 90.127759][ T6067] __might_fault+0xcb/0x130 [ 90.132955][ T6067] userfaultfd_ioctl+0x2bcd/0x4b00 [ 90.138614][ T6067] __se_sys_ioctl+0xfc/0x170 [ 90.143920][ T6067] do_syscall_64+0x14d/0xf80 [ 90.149040][ T6067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.155446][ T6067] [ 90.155446][ T6067] other info that might help us debug this: [ 90.155446][ T6067] [ 90.165685][ T6067] Chain exists of: [ 90.165685][ T6067] &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock [ 90.165685][ T6067] [ 90.178716][ T6067] Possible unsafe locking scenario: [ 90.178716][ T6067] [ 90.186156][ T6067] CPU0 CPU1 [ 90.191558][ T6067] ---- ---- [ 90.196987][ T6067] rlock(&ctx->map_changing_lock); [ 90.202227][ T6067] lock(vm_lock); [ 90.208476][ T6067] lock(&ctx->map_changing_lock); [ 90.216196][ T6067] rlock(&mm->mmap_lock); [ 90.220618][ T6067] [ 90.220618][ T6067] *** DEADLOCK *** [ 90.220618][ T6067] [ 90.228950][ T6067] 2 locks held by syz.0.17/6067: [ 90.233964][ T6067] #0: ffff88802b844948 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 90.243874][ T6067] #1: ffff88802c65ccf8 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 90.254767][ T6067] [ 90.254767][ T6067] stack backtrace: [ 90.260676][ T6067] CPU: 0 UID: 0 PID: 6067 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 90.260694][ T6067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 90.260709][ T6067] Call Trace: [ 90.260717][ T6067] [ 90.260723][ T6067] dump_stack_lvl+0xe8/0x150 [ 90.260746][ T6067] print_circular_bug+0x2e1/0x300 [ 90.260761][ T6067] check_noncircular+0x12e/0x150 [ 90.260776][ T6067] __lock_acquire+0x15a5/0x2cf0 [ 90.260795][ T6067] ? __kernel_text_address+0xd/0x30 [ 90.260810][ T6067] ? arch_stack_walk+0xfb/0x150 [ 90.260824][ T6067] lock_acquire+0xf0/0x2e0 [ 90.260840][ T6067] ? __might_fault+0xaf/0x130 [ 90.260858][ T6067] ? __might_fault+0xaf/0x130 [ 90.260873][ T6067] __might_fault+0xcb/0x130 [ 90.260887][ T6067] ? __might_fault+0xaf/0x130 [ 90.260903][ T6067] userfaultfd_ioctl+0x2bcd/0x4b00 [ 90.260919][ T6067] ? __kasan_slab_free+0x5c/0x80 [ 90.260936][ T6067] ? kfree+0x1c5/0x640 [ 90.260955][ T6067] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 90.260984][ T6067] ? kasan_quarantine_put+0xbb/0x1f0 [ 90.261002][ T6067] ? tomoyo_path_number_perm+0x219/0x630 [ 90.261017][ T6067] ? tomoyo_path_number_perm+0x219/0x630 [ 90.261031][ T6067] ? do_vfs_ioctl+0x1166/0x1530 [ 90.261044][ T6067] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 90.261058][ T6067] ? do_futex+0x395/0x420 [ 90.261080][ T6067] ? __se_sys_futex+0x3a8/0x450 [ 90.261097][ T6067] ? __pfx___se_sys_futex+0x10/0x10 [ 90.261115][ T6067] ? bpf_lsm_file_ioctl+0x9/0x20 [ 90.261127][ T6067] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 90.261142][ T6067] __se_sys_ioctl+0xfc/0x170 [ 90.261154][ T6067] do_syscall_64+0x14d/0xf80 [ 90.261170][ T6067] ? trace_irq_disable+0x3b/0x150 [ 90.261183][ T6067] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.261196][ T6067] ? clear_bhb_loop+0x40/0x90 [ 90.261210][ T6067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.261222][ T6067] RIP: 0033:0x7f9d6259c799 [ 90.261238][ T6067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 90.261248][ T6067] RSP: 002b:00007ffeea0f7338 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 90.261263][ T6067] RAX: ffffffffffffffda RBX: 00007f9d62815fa0 RCX: 00007f9d6259c799 [ 90.261272][ T6067] RDX: 0000200000000080 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 90.261280][ T6067] RBP: 00007f9d62632c99 R08: 0000000000000000 R09: 0000000000000000 [ 90.261287][ T6067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.261295][ T6067] R13: 00007f9d62815fac R14: 00007f9d62815fa0 R15: 00007f9d62815fa0 [ 90.261308][ T6067] [ 90.665536][ T5148] Bluetooth: hci0: command tx timeout [ 92.745383][ T5148] Bluetooth: hci0: command tx timeout [ 94.825698][ T5148] Bluetooth: hci0: command tx timeout