Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts. 2026/03/15 01:08:42 parsed 1 programs [ 71.071974][ T5831] cgroup: Unknown subsys name 'net' [ 71.179465][ T5831] cgroup: Unknown subsys name 'cpuset' [ 71.189417][ T5831] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 72.592830][ T5831] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.315771][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 75.833170][ T3570] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.841956][ T3570] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.879555][ T3570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.888936][ T3570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.163700][ T5867] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.180712][ T5867] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.191360][ T5867] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.201439][ T5867] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.209514][ T5867] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.440546][ T5913] chnl_net:caif_netlink_parms(): no params data found [ 78.546152][ T5913] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.554284][ T5913] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.561768][ T5913] bridge_slave_0: entered allmulticast mode [ 78.570355][ T5913] bridge_slave_0: entered promiscuous mode [ 78.582222][ T5913] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.589632][ T5913] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.597425][ T5913] bridge_slave_1: entered allmulticast mode [ 78.604832][ T5913] bridge_slave_1: entered promiscuous mode [ 78.640662][ T5913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.653206][ T5913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.683787][ T5913] team0: Port device team_slave_0 added [ 78.692448][ T5913] team0: Port device team_slave_1 added [ 78.718310][ T5913] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.725254][ T5913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.751207][ T5913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.764559][ T5913] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.771532][ T5913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.797461][ T5913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.840306][ T5913] hsr_slave_0: entered promiscuous mode [ 78.848566][ T5913] hsr_slave_1: entered promiscuous mode [ 79.007602][ T5913] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.020456][ T5913] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.031653][ T5913] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.042433][ T5913] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.075237][ T5913] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.082691][ T5913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.090565][ T5913] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.097875][ T5913] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.167272][ T5913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.188391][ T3570] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.197281][ T3570] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.214682][ T5913] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.230189][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.237391][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.253352][ T3570] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.260537][ T3570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.438130][ T5913] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.495761][ T5913] veth0_vlan: entered promiscuous mode [ 79.509273][ T5913] veth1_vlan: entered promiscuous mode [ 79.545222][ T5913] veth0_macvtap: entered promiscuous mode [ 79.559358][ T5913] veth1_macvtap: entered promiscuous mode [ 79.582229][ T5913] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.598856][ T5913] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.615049][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.624599][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.641688][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.650479][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.793277][ T3570] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.904827][ T3570] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.007816][ T3570] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.077351][ T3570] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/03/15 01:08:54 executed programs: 0 [ 80.346901][ T5867] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.356857][ T5867] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.364912][ T5867] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.374185][ T5867] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.382627][ T5867] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.521941][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 80.601685][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.609328][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.616770][ T5944] bridge_slave_0: entered allmulticast mode [ 80.624091][ T5944] bridge_slave_0: entered promiscuous mode [ 80.633321][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.640710][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.648061][ T5944] bridge_slave_1: entered allmulticast mode [ 80.655773][ T5944] bridge_slave_1: entered promiscuous mode [ 80.694644][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.708071][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.745645][ T5944] team0: Port device team_slave_0 added [ 80.754990][ T5944] team0: Port device team_slave_1 added [ 80.786171][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.793115][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.819297][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.832726][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.840097][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.866806][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.923567][ T5944] hsr_slave_0: entered promiscuous mode [ 80.930310][ T5944] hsr_slave_1: entered promiscuous mode [ 80.937464][ T5944] debugfs: 'hsr0' already exists in 'hsr' [ 80.943264][ T5944] Cannot create hsr debugfs directory [ 81.488730][ T988] cfg80211: failed to load regulatory.db [ 82.446007][ T5153] Bluetooth: hci0: command tx timeout [ 82.546345][ T3570] bridge_slave_1: left allmulticast mode [ 82.553978][ T3570] bridge_slave_1: left promiscuous mode [ 82.561228][ T3570] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.572412][ T3570] bridge_slave_0: left allmulticast mode [ 82.579688][ T3570] bridge_slave_0: left promiscuous mode [ 82.586069][ T3570] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.751237][ T3570] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 82.761979][ T3570] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 82.772314][ T3570] bond0 (unregistering): Released all slaves [ 82.917931][ T3570] hsr_slave_0: left promiscuous mode [ 82.924317][ T3570] hsr_slave_1: left promiscuous mode [ 82.933248][ T3570] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.942939][ T3570] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.952409][ T3570] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.960307][ T3570] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.979640][ T3570] veth1_macvtap: left promiscuous mode [ 82.986439][ T3570] veth0_macvtap: left promiscuous mode [ 82.992094][ T3570] veth1_vlan: left promiscuous mode [ 82.998037][ T3570] veth0_vlan: left promiscuous mode [ 83.292426][ T3570] team0 (unregistering): Port device team_slave_1 removed [ 83.310731][ T3570] team0 (unregistering): Port device team_slave_0 removed [ 83.672230][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.695149][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.710297][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.730849][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.009796][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.032726][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.051896][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.059062][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.076118][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.083366][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.267877][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.321862][ T5944] veth0_vlan: entered promiscuous mode [ 84.334613][ T5944] veth1_vlan: entered promiscuous mode [ 84.370541][ T5944] veth0_macvtap: entered promiscuous mode [ 84.381740][ T5944] veth1_macvtap: entered promiscuous mode [ 84.404676][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.422044][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.439671][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.450315][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.459628][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.476564][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.526544][ T5153] Bluetooth: hci0: command tx timeout [ 84.541791][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.550162][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.579183][ T3570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.588374][ T3570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.627690][ T5990] [ 84.630059][ T5990] ====================================================== [ 84.637073][ T5990] WARNING: possible circular locking dependency detected [ 84.644080][ T5990] syzkaller #0 Not tainted [ 84.648472][ T5990] ------------------------------------------------------ [ 84.655471][ T5990] syz.0.17/5990 is trying to acquire lock: [ 84.661263][ T5990] ffff88802caef3b8 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 [ 84.670120][ T5990] [ 84.670120][ T5990] but task is already holding lock: [ 84.677636][ T5990] ffff88807cdbccf0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 84.687356][ T5990] [ 84.687356][ T5990] which lock already depends on the new lock. [ 84.687356][ T5990] [ 84.697739][ T5990] [ 84.697739][ T5990] the existing dependency chain (in reverse order) is: [ 84.706746][ T5990] [ 84.706746][ T5990] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}: [ 84.715057][ T5990] down_read+0x47/0x2e0 [ 84.719716][ T5990] mfill_get_vma+0x162/0x660 [ 84.724809][ T5990] mfill_atomic_continue+0x189/0x12c0 [ 84.730677][ T5990] userfaultfd_ioctl+0x232d/0x4c70 [ 84.736296][ T5990] __se_sys_ioctl+0xfc/0x170 [ 84.741384][ T5990] do_syscall_64+0x14d/0xf80 [ 84.746476][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.752872][ T5990] [ 84.752872][ T5990] -> #1 (vm_lock){++++}-{0:0}: [ 84.759797][ T5990] __vma_start_exclude_readers+0x28a/0x940 [ 84.766115][ T5990] __vma_start_write+0xdc/0x290 [ 84.771477][ T5990] mprotect_fixup+0x5eb/0xa80 [ 84.776662][ T5990] setup_arg_pages+0x565/0xac0 [ 84.781936][ T5990] load_elf_binary+0xc5e/0x2980 [ 84.787291][ T5990] bprm_execve+0x949/0x1470 [ 84.792306][ T5990] kernel_execve+0x844/0x930 [ 84.797421][ T5990] try_to_run_init_process+0x13/0x60 [ 84.803218][ T5990] kernel_init+0xad/0x1d0 [ 84.808052][ T5990] ret_from_fork+0x51e/0xb90 [ 84.813160][ T5990] ret_from_fork_asm+0x1a/0x30 [ 84.818436][ T5990] [ 84.818436][ T5990] -> #0 (&mm->mmap_lock){++++}-{4:4}: [ 84.825978][ T5990] __lock_acquire+0x15a5/0x2cf0 [ 84.831343][ T5990] lock_acquire+0xf0/0x2e0 [ 84.836265][ T5990] __might_fault+0xcb/0x130 [ 84.841277][ T5990] userfaultfd_ioctl+0x2372/0x4c70 [ 84.846899][ T5990] __se_sys_ioctl+0xfc/0x170 [ 84.851992][ T5990] do_syscall_64+0x14d/0xf80 [ 84.857086][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.863483][ T5990] [ 84.863483][ T5990] other info that might help us debug this: [ 84.863483][ T5990] [ 84.873691][ T5990] Chain exists of: [ 84.873691][ T5990] &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock [ 84.873691][ T5990] [ 84.886624][ T5990] Possible unsafe locking scenario: [ 84.886624][ T5990] [ 84.894075][ T5990] CPU0 CPU1 [ 84.899420][ T5990] ---- ---- [ 84.904762][ T5990] rlock(&ctx->map_changing_lock); [ 84.909946][ T5990] lock(vm_lock); [ 84.916172][ T5990] lock(&ctx->map_changing_lock); [ 84.923786][ T5990] rlock(&mm->mmap_lock); [ 84.928186][ T5990] [ 84.928186][ T5990] *** DEADLOCK *** [ 84.928186][ T5990] [ 84.936305][ T5990] 2 locks held by syz.0.17/5990: [ 84.941218][ T5990] #0: ffff88807c119d08 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 84.950434][ T5990] #1: ffff88807cdbccf0 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660 [ 84.960599][ T5990] [ 84.960599][ T5990] stack backtrace: [ 84.966484][ T5990] CPU: 0 UID: 0 PID: 5990 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 84.966501][ T5990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 84.966517][ T5990] Call Trace: [ 84.966523][ T5990] [ 84.966529][ T5990] dump_stack_lvl+0xe8/0x150 [ 84.966551][ T5990] print_circular_bug+0x2e1/0x300 [ 84.966568][ T5990] check_noncircular+0x12e/0x150 [ 84.966585][ T5990] __lock_acquire+0x15a5/0x2cf0 [ 84.966606][ T5990] ? mfill_get_vma+0x392/0x660 [ 84.966622][ T5990] ? mfill_atomic_continue+0x1054/0x12c0 [ 84.966636][ T5990] ? unwind_get_return_address+0x4d/0x90 [ 84.966650][ T5990] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 84.966667][ T5990] ? arch_stack_walk+0xfb/0x150 [ 84.966683][ T5990] lock_acquire+0xf0/0x2e0 [ 84.966702][ T5990] ? __might_fault+0xaf/0x130 [ 84.966723][ T5990] ? __might_fault+0xaf/0x130 [ 84.966740][ T5990] __might_fault+0xcb/0x130 [ 84.966757][ T5990] ? __might_fault+0xaf/0x130 [ 84.966776][ T5990] userfaultfd_ioctl+0x2372/0x4c70 [ 84.966795][ T5990] ? __kasan_slab_free+0x5c/0x80 [ 84.966807][ T5990] ? kfree+0x1c5/0x650 [ 84.966829][ T5990] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 84.966859][ T5990] ? kasan_quarantine_put+0xbb/0x1f0 [ 84.966881][ T5990] ? tomoyo_path_number_perm+0x219/0x630 [ 84.966899][ T5990] ? tomoyo_path_number_perm+0x219/0x630 [ 84.966916][ T5990] ? do_vfs_ioctl+0x1166/0x1530 [ 84.966931][ T5990] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 84.966947][ T5990] ? do_futex+0x395/0x420 [ 84.966965][ T5990] ? __se_sys_futex+0x3a8/0x450 [ 84.966978][ T5990] ? exc_page_fault+0x6a/0xc0 [ 84.966997][ T5990] ? __pfx___se_sys_futex+0x10/0x10 [ 84.967015][ T5990] ? bpf_lsm_file_ioctl+0x9/0x20 [ 84.967030][ T5990] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 84.967048][ T5990] __se_sys_ioctl+0xfc/0x170 [ 84.967062][ T5990] do_syscall_64+0x14d/0xf80 [ 84.967074][ T5990] ? trace_irq_disable+0x3b/0x150 [ 84.967090][ T5990] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.967104][ T5990] ? clear_bhb_loop+0x40/0x90 [ 84.967119][ T5990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.967133][ T5990] RIP: 0033:0x7f478759c799 [ 84.967150][ T5990] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.967161][ T5990] RSP: 002b:00007ffcc2bbac28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 84.967176][ T5990] RAX: ffffffffffffffda RBX: 00007f4787815fa0 RCX: 00007f478759c799 [ 84.967186][ T5990] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000003 [ 84.967195][ T5990] RBP: 00007f4787632c99 R08: 0000000000000000 R09: 0000000000000000 [ 84.967204][ T5990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.967212][ T5990] R13: 00007f4787815fac R14: 00007f4787815fa0 R15: 00007f4787815fa0 [ 84.967227][ T5990] [ 86.605567][ T5153] Bluetooth: hci0: command tx timeout [ 88.685600][ T5153] Bluetooth: hci0: command tx timeout