[ 44.077653][ T40] audit: type=1400 audit(1768865776.764:60): avc: denied { rlimitinh } for pid=5837 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 44.083580][ T40] audit: type=1400 audit(1768865776.764:61): avc: denied { siginh } for pid=5837 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:34487' (ED25519) to the list of known hosts. [ 52.327953][ T40] audit: type=1400 audit(1768865785.034:62): avc: denied { execute } for pid=5928 comm="sh" name="syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 52.335092][ T40] audit: type=1400 audit(1768865785.044:63): avc: denied { execute_no_trans } for pid=5928 comm="sh" path="/syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 2026/01/19 23:36:26 parsed 1 programs [ 53.538653][ T40] audit: type=1400 audit(1768865786.244:64): avc: denied { node_bind } for pid=5928 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 55.538818][ T40] audit: type=1400 audit(1768865788.244:65): avc: denied { mounton } for pid=5941 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 55.547344][ T40] audit: type=1400 audit(1768865788.254:66): avc: denied { mount } for pid=5941 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 55.549460][ T5941] cgroup: Unknown subsys name 'net' [ 55.557733][ T40] audit: type=1400 audit(1768865788.264:67): avc: denied { unmount } for pid=5941 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 55.767611][ T5941] cgroup: Unknown subsys name 'cpuset' [ 55.772392][ T5941] cgroup: Unknown subsys name 'rlimit' [ 55.923737][ T40] audit: type=1400 audit(1768865788.624:68): avc: denied { setattr } for pid=5941 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 55.933130][ T40] audit: type=1400 audit(1768865788.634:69): avc: denied { create } for pid=5941 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 55.942730][ T40] audit: type=1400 audit(1768865788.634:70): avc: denied { write } for pid=5941 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 55.951911][ T40] audit: type=1400 audit(1768865788.634:71): avc: denied { read } for pid=5941 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 55.993016][ T5943] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 56.702346][ T5941] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.156688][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 58.156699][ T40] audit: type=1400 audit(1768865790.864:82): avc: denied { execmem } for pid=5948 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 58.166800][ T40] audit: type=1400 audit(1768865790.864:83): avc: denied { read } for pid=5949 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 58.175300][ T40] audit: type=1400 audit(1768865790.864:84): avc: denied { open } for pid=5949 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 58.183522][ T40] audit: type=1400 audit(1768865790.864:85): avc: denied { mounton } for pid=5949 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 58.205133][ T40] audit: type=1400 audit(1768865790.914:86): avc: denied { mount } for pid=5949 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 58.221051][ T40] audit: type=1400 audit(1768865790.924:87): avc: denied { mounton } for pid=5949 comm="syz-executor" path="/syzkaller.Hxaz5F/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 58.228909][ T40] audit: type=1400 audit(1768865790.924:88): avc: denied { mount } for pid=5949 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 58.236126][ T40] audit: type=1400 audit(1768865790.924:89): avc: denied { mounton } for pid=5949 comm="syz-executor" path="/syzkaller.Hxaz5F/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 58.244415][ T40] audit: type=1400 audit(1768865790.924:90): avc: denied { mounton } for pid=5949 comm="syz-executor" path="/syzkaller.Hxaz5F/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6795 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 58.252771][ T40] audit: type=1400 audit(1768865790.924:91): avc: denied { unmount } for pid=5949 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 58.262486][ T5949] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 58.955408][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.957958][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.980765][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.983261][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.337281][ T5981] chnl_net:caif_netlink_parms(): no params data found [ 59.397252][ T5981] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.400116][ T5981] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.402530][ T5981] bridge_slave_0: entered allmulticast mode [ 59.405431][ T5981] bridge_slave_0: entered promiscuous mode [ 59.409908][ T5981] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.412245][ T5981] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.414803][ T5981] bridge_slave_1: entered allmulticast mode [ 59.417651][ T5981] bridge_slave_1: entered promiscuous mode [ 59.470048][ T5981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.474657][ T5981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.491781][ T5981] team0: Port device team_slave_0 added [ 59.499768][ T5981] team0: Port device team_slave_1 added [ 59.513187][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.519313][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 59.528388][ T5981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.534593][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.537386][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 59.550900][ T5981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.582908][ T5981] hsr_slave_0: entered promiscuous mode [ 59.585579][ T5981] hsr_slave_1: entered promiscuous mode [ 59.695137][ T5981] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.701670][ T5981] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.711429][ T5981] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.719848][ T5981] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.756018][ T5981] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.758404][ T5981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.761330][ T5981] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.763629][ T5981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.794534][ T5981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.803399][ T1167] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.808671][ T1167] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.822237][ T5981] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.838467][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.841704][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.850056][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.853095][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.010241][ T5981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.049913][ T5981] veth0_vlan: entered promiscuous mode [ 60.059452][ T5981] veth1_vlan: entered promiscuous mode [ 60.083382][ T5981] veth0_macvtap: entered promiscuous mode [ 60.091105][ T5981] veth1_macvtap: entered promiscuous mode [ 60.103438][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.115170][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.125256][ T1144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.128206][ T1144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.131656][ T1144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.135849][ T1144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.262649][ T1167] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.370600][ T1167] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.445369][ T1167] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.512565][ T1167] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.750517][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.756408][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.760179][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.767716][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.771324][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 2026/01/19 23:36:33 executed programs: 0 [ 61.236404][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.240243][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.244588][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.247948][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.251414][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.357593][ T6042] chnl_net:caif_netlink_parms(): no params data found [ 61.431931][ T6042] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.434721][ T6042] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.437456][ T6042] bridge_slave_0: entered allmulticast mode [ 61.440377][ T6042] bridge_slave_0: entered promiscuous mode [ 61.444687][ T6042] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.447375][ T6042] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.449822][ T6042] bridge_slave_1: entered allmulticast mode [ 61.452643][ T6042] bridge_slave_1: entered promiscuous mode [ 61.479841][ T6042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.486064][ T6042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.512540][ T6042] team0: Port device team_slave_0 added [ 61.517911][ T6042] team0: Port device team_slave_1 added [ 61.542478][ T6042] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.545877][ T6042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.556371][ T6042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.560600][ T6042] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.562789][ T6042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.570644][ T6042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.601907][ T6042] hsr_slave_0: entered promiscuous mode [ 61.605345][ T6042] hsr_slave_1: entered promiscuous mode [ 61.608183][ T6042] debugfs: 'hsr0' already exists in 'hsr' [ 61.610583][ T6042] Cannot create hsr debugfs directory [ 63.334486][ T5295] Bluetooth: hci0: command tx timeout [ 63.574569][ T1167] bridge_slave_1: left allmulticast mode [ 63.576729][ T1167] bridge_slave_1: left promiscuous mode [ 63.579209][ T1167] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.585810][ T1167] bridge_slave_0: left allmulticast mode [ 63.588162][ T1167] bridge_slave_0: left promiscuous mode [ 63.590633][ T1167] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.823376][ T1167] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 63.827703][ T1167] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 63.831050][ T1167] bond0 (unregistering): Released all slaves [ 63.916317][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 63.916334][ T40] audit: type=1400 audit(1768865796.624:112): avc: denied { create } for pid=6052 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 63.928658][ T40] audit: type=1400 audit(1768865796.624:113): avc: denied { write } for pid=6052 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth2.link" dev="tmpfs" ino=2079 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 63.939874][ T40] audit: type=1400 audit(1768865796.624:114): avc: denied { append } for pid=6052 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" dev="tmpfs" ino=2079 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 63.954992][ T1167] hsr_slave_0: left promiscuous mode [ 63.958048][ T1167] hsr_slave_1: left promiscuous mode [ 63.958050][ T40] audit: type=1400 audit(1768865796.664:115): avc: denied { unlink } for pid=6055 comm="rm" name="resolv.conf.eth2.link" dev="tmpfs" ino=2079 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 63.960217][ T1167] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.972029][ T1167] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 63.976294][ T1167] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 63.978910][ T1167] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 63.988926][ T1167] veth1_macvtap: left promiscuous mode [ 63.990985][ T1167] veth0_macvtap: left promiscuous mode [ 63.993243][ T1167] veth1_vlan: left promiscuous mode [ 63.995588][ T1167] veth0_vlan: left promiscuous mode [ 64.243871][ T1167] team0 (unregistering): Port device team_slave_1 removed [ 64.259604][ T1167] team0 (unregistering): Port device team_slave_0 removed [ 64.841097][ T6042] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.845706][ T6042] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.850182][ T6042] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.860566][ T6042] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.920164][ T6042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.933747][ T6042] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.941293][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.944325][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.954990][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.957833][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.229705][ T6042] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.271193][ T6042] veth0_vlan: entered promiscuous mode [ 65.279899][ T6042] veth1_vlan: entered promiscuous mode [ 65.299592][ T6042] veth0_macvtap: entered promiscuous mode [ 65.303859][ T6042] veth1_macvtap: entered promiscuous mode [ 65.337070][ T6042] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.345218][ T6042] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.352626][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.356021][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.359291][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.362037][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.399424][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.405183][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.419056][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.421530][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.424320][ T5295] Bluetooth: hci0: command tx timeout [ 65.449532][ T40] audit: type=1400 audit(1768865798.154:116): avc: denied { read write } for pid=6086 comm="syz.0.17" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 65.452872][ T6086] [ 65.457417][ T40] audit: type=1400 audit(1768865798.154:117): avc: denied { open } for pid=6086 comm="syz.0.17" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 65.457527][ T6086] ====================================================== [ 65.464438][ T40] audit: type=1400 audit(1768865798.154:118): avc: denied { map } for pid=6086 comm="syz.0.17" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 65.466855][ T6086] WARNING: possible circular locking dependency detected [ 65.472908][ T40] audit: type=1400 audit(1768865798.154:119): avc: denied { execute } for pid=6086 comm="syz.0.17" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 65.475197][ T6086] syzkaller #0 Not tainted [ 65.475210][ T6086] ------------------------------------------------------ [ 65.475216][ T6086] syz.0.17/6086 is trying to acquire lock: [ 65.475224][ T6086] ffff888104df9328 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_read_iter+0x19e/0x500 [ 65.490720][ T6086] [ 65.490720][ T6086] but task is already holding lock: [ 65.493017][ T6086] ffff888031490808 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x10e/0xed0 [ 65.495882][ T6086] [ 65.495882][ T6086] which lock already depends on the new lock. [ 65.495882][ T6086] [ 65.499111][ T6086] [ 65.499111][ T6086] the existing dependency chain (in reverse order) is: [ 65.501997][ T6086] [ 65.501997][ T6086] -> #2 (vm_lock){++++}-{0:0}: [ 65.504277][ T6086] __vma_enter_locked+0x260/0x770 [ 65.506284][ T6086] __vma_start_write+0x21/0x160 [ 65.508098][ T6086] mprotect_fixup+0x4e3/0xb80 [ 65.509793][ T6086] setup_arg_pages+0x4a2/0xbb0 [ 65.511506][ T6086] load_elf_binary+0xb5b/0x4fe0 [ 65.513220][ T6086] bprm_execve+0x8c2/0x1620 [ 65.514913][ T6086] kernel_execve+0x2ef/0x3b0 [ 65.516582][ T6086] kernel_init+0x14a/0x2b0 [ 65.518184][ T6086] ret_from_fork+0x983/0xb10 [ 65.519888][ T6086] ret_from_fork_asm+0x1a/0x30 [ 65.521617][ T6086] [ 65.521617][ T6086] -> #1 (&mm->mmap_lock){++++}-{4:4}: [ 65.524107][ T6086] __might_fault+0x113/0x190 [ 65.525685][ T6086] _copy_to_iter+0x1c2/0x1710 [ 65.527318][ T6086] copy_page_to_iter+0x12a/0x1e0 [ 65.529144][ T6086] filemap_read+0x6b1/0xe40 [ 65.530847][ T6086] blkdev_read_iter+0x1ac/0x500 [ 65.532589][ T6086] vfs_read+0x8bf/0xcf0 [ 65.534139][ T6086] ksys_read+0x12a/0x250 [ 65.535728][ T6086] do_syscall_64+0xcd/0xf80 [ 65.537366][ T6086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.539452][ T6086] [ 65.539452][ T6086] -> #0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}: [ 65.542297][ T6086] __lock_acquire+0x1669/0x2890 [ 65.544090][ T6086] lock_acquire+0x179/0x330 [ 65.545730][ T6086] down_read+0x9b/0x460 [ 65.547469][ T6086] blkdev_read_iter+0x19e/0x500 [ 65.549713][ T6086] __kernel_read+0x3f3/0xbf0 [ 65.551640][ T6086] freader_fetch+0x1d7/0x9d0 [ 65.553323][ T6086] __build_id_parse.isra.0+0xdd/0x6c0 [ 65.555363][ T6086] do_procmap_query+0xb0e/0x1080 [ 65.557271][ T6086] procfs_procmap_ioctl+0x9d/0xe0 [ 65.559055][ T6086] __x64_sys_ioctl+0x18e/0x210 [ 65.560825][ T6086] do_syscall_64+0xcd/0xf80 [ 65.562527][ T6086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.564623][ T6086] [ 65.564623][ T6086] other info that might help us debug this: [ 65.564623][ T6086] [ 65.567924][ T6086] Chain exists of: [ 65.567924][ T6086] &sb->s_type->i_mutex_key#8 --> &mm->mmap_lock --> vm_lock [ 65.567924][ T6086] [ 65.572095][ T6086] Possible unsafe locking scenario: [ 65.572095][ T6086] [ 65.574487][ T6086] CPU0 CPU1 [ 65.576263][ T6086] ---- ---- [ 65.577999][ T6086] rlock(vm_lock); [ 65.579221][ T6086] lock(&mm->mmap_lock); [ 65.581444][ T6086] lock(vm_lock); [ 65.583577][ T6086] rlock(&sb->s_type->i_mutex_key#8); [ 65.585309][ T6086] [ 65.585309][ T6086] *** DEADLOCK *** [ 65.585309][ T6086] [ 65.587924][ T6086] 1 lock held by syz.0.17/6086: [ 65.589513][ T6086] #0: ffff888031490808 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x10e/0xed0 [ 65.592346][ T6086] [ 65.592346][ T6086] stack backtrace: [ 65.594324][ T6086] CPU: 3 UID: 0 PID: 6086 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 65.594337][ T6086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.594344][ T6086] Call Trace: [ 65.594348][ T6086] [ 65.594352][ T6086] dump_stack_lvl+0x116/0x1f0 [ 65.594370][ T6086] print_circular_bug+0x275/0x340 [ 65.594383][ T6086] check_noncircular+0x146/0x160 [ 65.594395][ T6086] __lock_acquire+0x1669/0x2890 [ 65.594408][ T6086] lock_acquire+0x179/0x330 [ 65.594419][ T6086] ? blkdev_read_iter+0x19e/0x500 [ 65.594430][ T6086] ? __pfx___might_resched+0x10/0x10 [ 65.594440][ T6086] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 65.594452][ T6086] down_read+0x9b/0x460 [ 65.594461][ T6086] ? blkdev_read_iter+0x19e/0x500 [ 65.594469][ T6086] ? register_lock_class+0x41/0x4b0 [ 65.594481][ T6086] ? __pfx_down_read+0x10/0x10 [ 65.594491][ T6086] blkdev_read_iter+0x19e/0x500 [ 65.594501][ T6086] __kernel_read+0x3f3/0xbf0 [ 65.594514][ T6086] ? __pfx___kernel_read+0x10/0x10 [ 65.594529][ T6086] ? __pfx_vma_start_read+0x10/0x10 [ 65.594545][ T6086] freader_fetch+0x1d7/0x9d0 [ 65.594557][ T6086] ? reacquire_held_locks+0xcd/0x1f0 [ 65.594568][ T6086] ? lock_next_vma+0x10e/0xed0 [ 65.594583][ T6086] ? __pfx_freader_fetch+0x10/0x10 [ 65.594595][ T6086] ? __asan_memset+0x23/0x50 [ 65.594606][ T6086] __build_id_parse.isra.0+0xdd/0x6c0 [ 65.594618][ T6086] ? query_matching_vma+0x48e/0x7d0 [ 65.594630][ T6086] ? __pfx___build_id_parse.isra.0+0x10/0x10 [ 65.594647][ T6086] do_procmap_query+0xb0e/0x1080 [ 65.594659][ T6086] ? __pfx_do_procmap_query+0x10/0x10 [ 65.594671][ T6086] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 65.594683][ T6086] ? do_vfs_ioctl+0x128/0x14f0 [ 65.594694][ T6086] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 65.594713][ T6086] ? selinux_file_ioctl+0x180/0x270 [ 65.594726][ T6086] ? selinux_file_ioctl+0xb4/0x270 [ 65.594739][ T6086] procfs_procmap_ioctl+0x9d/0xe0 [ 65.594754][ T6086] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 65.594766][ T6086] __x64_sys_ioctl+0x18e/0x210 [ 65.594777][ T6086] do_syscall_64+0xcd/0xf80 [ 65.594791][ T6086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.594801][ T6086] RIP: 0033:0x7fa236d8f7c9 [ 65.594810][ T6086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.594819][ T6086] RSP: 002b:00007ffe52ef1178 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 65.594829][ T6086] RAX: ffffffffffffffda RBX: 00007fa236fe5fa0 RCX: 00007fa236d8f7c9 [ 65.594835][ T6086] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000004 [ 65.594841][ T6086] RBP: 00007fa236e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 65.594846][ T6086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.594851][ T6086] R13: 00007fa236fe5fa0 R14: 00007fa236fe5fa0 R15: 0000000000000003 [ 65.594860][ T6086] [ 67.277632][ T1167] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.836169][ T1167] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.876594][ T1167] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.917208][ T1167] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.976792][ T1167] bridge_slave_1: left allmulticast mode [ 68.978900][ T1167] bridge_slave_1: left promiscuous mode [ 68.980866][ T1167] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.985225][ T1167] bridge_slave_0: left allmulticast mode [ 68.987073][ T1167] bridge_slave_0: left promiscuous mode [ 68.989145][ T1167] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.068070][ T1167] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 69.071704][ T1167] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 69.075148][ T1167] bond0 (unregistering): Released all slaves [ 69.328881][ T1167] hsr_slave_0: left promiscuous mode [ 69.331630][ T1167] hsr_slave_1: left promiscuous mode [ 69.334442][ T1167] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.337086][ T1167] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.339783][ T1167] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.342119][ T1167] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.346595][ T1167] veth1_macvtap: left promiscuous mode [ 69.348388][ T1167] veth0_macvtap: left promiscuous mode [ 69.350151][ T1167] veth1_vlan: left promiscuous mode [ 69.351859][ T1167] veth0_vlan: left promiscuous mode [ 69.440768][ T1167] team0 (unregistering): Port device team_slave_1 removed [ 69.449884][ T1167] team0 (unregistering): Port device team_slave_0 removed