Warning: Permanently added '[localhost]:46786' (ED25519) to the list of known hosts. 2025/11/10 08:39:59 parsed 1 programs syzkaller login: [ 53.948410][ T5820] cgroup: Unknown subsys name 'net' [ 54.055142][ T5820] cgroup: Unknown subsys name 'cpuset' [ 54.059087][ T5820] cgroup: Unknown subsys name 'rlimit' [ 55.654755][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 57.700668][ T5201] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.703772][ T5201] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.706703][ T5201] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.709923][ T5201] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.713184][ T5201] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 57.823369][ T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.831901][ T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.879741][ T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.882978][ T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.949246][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 58.789014][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 58.937181][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.940043][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.942891][ T5863] bridge_slave_0: entered allmulticast mode [ 58.945732][ T5863] bridge_slave_0: entered promiscuous mode [ 58.956842][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.959285][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.961867][ T5863] bridge_slave_1: entered allmulticast mode [ 58.971472][ T5863] bridge_slave_1: entered promiscuous mode [ 59.157344][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.169721][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.190053][ T5863] team0: Port device team_slave_0 added [ 59.206931][ T5863] team0: Port device team_slave_1 added [ 59.266857][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.268936][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 59.277000][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.306763][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.309272][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 59.325778][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.401806][ T5863] hsr_slave_0: entered promiscuous mode [ 59.409938][ T5863] hsr_slave_1: entered promiscuous mode [ 59.716602][ T5863] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.725342][ T5863] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.739770][ T5863] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 59.745756][ T5863] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.777365][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.779831][ T5863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.783101][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.785533][ T5863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.815605][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.825038][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.827865][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.836910][ T5863] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.844995][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.847256][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.854786][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.857165][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.948859][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.970106][ T5863] veth0_vlan: entered promiscuous mode [ 59.978595][ T5863] veth1_vlan: entered promiscuous mode [ 59.995946][ T5863] veth0_macvtap: entered promiscuous mode [ 60.000410][ T5863] veth1_macvtap: entered promiscuous mode [ 60.010395][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.016192][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.023666][ T5659] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.026821][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.029971][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.035197][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/11/10 08:40:07 executed programs: 0 [ 60.116914][ T5201] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.120183][ T5201] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.126586][ T5201] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.133946][ T5201] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.140821][ T5201] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.166713][ T5201] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.185448][ T5931] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.185622][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.188941][ T5931] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.191010][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.195893][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 60.198819][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 60.201169][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 60.203058][ T5931] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.206045][ T5931] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 60.224637][ T5659] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.316583][ T5659] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.385747][ T5659] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.513300][ T5923] chnl_net:caif_netlink_parms(): no params data found [ 60.586212][ T5928] chnl_net:caif_netlink_parms(): no params data found [ 60.627735][ T5927] chnl_net:caif_netlink_parms(): no params data found [ 60.664727][ T5923] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.666926][ T5923] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.669152][ T5923] bridge_slave_0: entered allmulticast mode [ 60.671782][ T5923] bridge_slave_0: entered promiscuous mode [ 60.698606][ T5923] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.701175][ T5923] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.703818][ T5923] bridge_slave_1: entered allmulticast mode [ 60.706396][ T5923] bridge_slave_1: entered promiscuous mode [ 60.752765][ T5928] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.755260][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.757714][ T5928] bridge_slave_0: entered allmulticast mode [ 60.760978][ T5928] bridge_slave_0: entered promiscuous mode [ 60.764413][ T5928] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.766890][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.769341][ T5928] bridge_slave_1: entered allmulticast mode [ 60.771973][ T5928] bridge_slave_1: entered promiscuous mode [ 60.783390][ T5923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.795121][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.797751][ T5927] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.800251][ T5927] bridge_slave_0: entered allmulticast mode [ 60.804393][ T5927] bridge_slave_0: entered promiscuous mode [ 60.808521][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.810957][ T5927] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.814229][ T5927] bridge_slave_1: entered allmulticast mode [ 60.817174][ T5927] bridge_slave_1: entered promiscuous mode [ 60.820542][ T5923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.856247][ T5928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.861385][ T5927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.873356][ T5923] team0: Port device team_slave_0 added [ 60.876524][ T5928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.881117][ T5927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.900751][ T5923] team0: Port device team_slave_1 added [ 60.927150][ T5927] team0: Port device team_slave_0 added [ 60.945172][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.947446][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.955491][ T5923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.960229][ T5927] team0: Port device team_slave_1 added [ 60.965657][ T5928] team0: Port device team_slave_0 added [ 60.969243][ T5928] team0: Port device team_slave_1 added [ 60.971704][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.975364][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.984785][ T5923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.024250][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.026321][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.033979][ T5927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.046087][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.048340][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.057296][ T5928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.061310][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.064059][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.072947][ T5927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.089144][ T5928] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.091241][ T5928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.099178][ T5928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.123952][ T5923] hsr_slave_0: entered promiscuous mode [ 61.126200][ T5923] hsr_slave_1: entered promiscuous mode [ 61.128486][ T5923] debugfs: 'hsr0' already exists in 'hsr' [ 61.130252][ T5923] Cannot create hsr debugfs directory [ 61.156393][ T5928] hsr_slave_0: entered promiscuous mode [ 61.158678][ T5928] hsr_slave_1: entered promiscuous mode [ 61.160695][ T5928] debugfs: 'hsr0' already exists in 'hsr' [ 61.163103][ T5928] Cannot create hsr debugfs directory [ 61.176693][ T5927] hsr_slave_0: entered promiscuous mode [ 61.179106][ T5927] hsr_slave_1: entered promiscuous mode [ 61.181090][ T5927] debugfs: 'hsr0' already exists in 'hsr' [ 61.183017][ T5927] Cannot create hsr debugfs directory [ 61.387093][ T5928] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.392721][ T5928] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.404047][ T5928] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.414031][ T5928] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.434484][ T5923] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.445034][ T5923] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.449770][ T5923] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.458396][ T5923] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 61.511216][ T5928] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.528238][ T5928] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.537628][ T27] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.539844][ T27] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.548777][ T27] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.550905][ T27] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.564705][ T5923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.584295][ T5923] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.591845][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.594115][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.603336][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.605511][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.681226][ T5928] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.718268][ T5928] veth0_vlan: entered promiscuous mode [ 61.724059][ T5923] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.728625][ T5928] veth1_vlan: entered promiscuous mode [ 61.746009][ T5928] veth0_macvtap: entered promiscuous mode [ 61.752986][ T5928] veth1_macvtap: entered promiscuous mode [ 61.761670][ T5923] veth0_vlan: entered promiscuous mode [ 61.769106][ T5923] veth1_vlan: entered promiscuous mode [ 61.773707][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.782261][ T5928] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.797114][ T5952] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.801389][ T5952] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.805679][ T5952] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.811448][ T5952] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.815760][ T5923] veth0_macvtap: entered promiscuous mode [ 61.821853][ T5923] veth1_macvtap: entered promiscuous mode [ 61.837034][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.844898][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.856957][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.859684][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.866680][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.887328][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.891020][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.896902][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.917681][ T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.921042][ T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.935957][ T4866] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.940353][ T4866] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.968191][ T4866] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.974436][ T4866] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.030199][ T5989] [ 62.030998][ T5989] ====================================================== [ 62.033197][ T5989] WARNING: possible circular locking dependency detected [ 62.035321][ T5989] syzkaller #0 Not tainted [ 62.037108][ T5989] ------------------------------------------------------ [ 62.039539][ T5989] syz.2.22/5989 is trying to acquire lock: [ 62.041306][ T5989] ffff8881bc18d318 (&hugetlbfs_i_mmap_rwsem_key){+.+.}-{4:4}, at: remove_inode_hugepages+0x972/0x1110 [ 62.044667][ T5989] [ 62.044667][ T5989] but task is already holding lock: [ 62.046886][ T5989] ffff8881ae823178 (&vma_lock->rw_sema){++++}-{4:4}, at: remove_inode_hugepages+0x96a/0x1110 [ 62.049928][ T5989] [ 62.049928][ T5989] which lock already depends on the new lock. [ 62.049928][ T5989] [ 62.053074][ T5989] [ 62.053074][ T5989] the existing dependency chain (in reverse order) is: [ 62.055768][ T5989] [ 62.055768][ T5989] -> #1 (&vma_lock->rw_sema){++++}-{4:4}: [ 62.058139][ T5989] lock_acquire+0x120/0x360 [ 62.059709][ T5989] down_write+0x96/0x1f0 [ 62.061189][ T5989] unmap_vmas+0x23d/0x580 [ 62.062658][ T5989] exit_mmap+0x23e/0xb30 [ 62.064155][ T5989] __mmput+0x118/0x430 [ 62.065557][ T5989] exit_mm+0x1da/0x2c0 [ 62.066982][ T5989] do_exit+0x648/0x2300 [ 62.068463][ T5989] do_group_exit+0x21c/0x2d0 [ 62.070006][ T5989] get_signal+0x1285/0x1340 [ 62.071547][ T5989] arch_do_signal_or_restart+0xa0/0x790 [ 62.073445][ T5989] exit_to_user_mode_loop+0x72/0x130 [ 62.075247][ T5989] do_syscall_64+0x2bd/0xfa0 [ 62.076826][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.078781][ T5989] [ 62.078781][ T5989] -> #0 (&hugetlbfs_i_mmap_rwsem_key){+.+.}-{4:4}: [ 62.081448][ T5989] validate_chain+0xb9b/0x2140 [ 62.083279][ T5989] __lock_acquire+0xab9/0xd20 [ 62.084906][ T5989] lock_acquire+0x120/0x360 [ 62.086457][ T5989] down_write+0x96/0x1f0 [ 62.087940][ T5989] remove_inode_hugepages+0x972/0x1110 [ 62.089898][ T5989] hugetlbfs_fallocate+0xbc2/0x1100 [ 62.091683][ T5989] vfs_fallocate+0x669/0x7e0 [ 62.093450][ T5989] madvise_vma_behavior+0x341a/0x3d70 [ 62.095364][ T5989] madvise_walk_vmas+0x51c/0xa30 [ 62.097036][ T5989] madvise_do_behavior+0x38e/0x550 [ 62.098713][ T5989] do_madvise+0x1bc/0x270 [ 62.100245][ T5989] __x64_sys_madvise+0xa7/0xc0 [ 62.101955][ T5989] do_syscall_64+0xfa/0xfa0 [ 62.103523][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.105501][ T5989] [ 62.105501][ T5989] other info that might help us debug this: [ 62.105501][ T5989] [ 62.108890][ T5989] Possible unsafe locking scenario: [ 62.108890][ T5989] [ 62.111225][ T5989] CPU0 CPU1 [ 62.113191][ T5989] ---- ---- [ 62.114934][ T5989] lock(&vma_lock->rw_sema); [ 62.116405][ T5989] lock(&hugetlbfs_i_mmap_rwsem_key); [ 62.118939][ T5989] lock(&vma_lock->rw_sema); [ 62.121164][ T5989] lock(&hugetlbfs_i_mmap_rwsem_key); [ 62.123027][ T5989] [ 62.123027][ T5989] *** DEADLOCK *** [ 62.123027][ T5989] [ 62.125865][ T5989] 4 locks held by syz.2.22/5989: [ 62.127591][ T5989] #0: ffff8881056ac420 (sb_writers#12){.+.+}-{0:0}, at: vfs_fallocate+0x5f0/0x7e0 [ 62.130433][ T5989] #1: ffff8881bc18d048 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: hugetlbfs_fallocate+0x3cc/0x1100 [ 62.134284][ T5989] #2: ffff888103e8e4e8 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: remove_inode_hugepages+0x332/0x1110 [ 62.137782][ T5989] #3: ffff8881ae823178 (&vma_lock->rw_sema){++++}-{4:4}, at: remove_inode_hugepages+0x96a/0x1110 [ 62.141141][ T5989] [ 62.141141][ T5989] stack backtrace: [ 62.142994][ T5989] CPU: 1 UID: 0 PID: 5989 Comm: syz.2.22 Not tainted syzkaller #0 PREEMPT(full) [ 62.143004][ T5989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 62.143014][ T5989] Call Trace: [ 62.143019][ T5989] [ 62.143023][ T5989] dump_stack_lvl+0x189/0x250 [ 62.143036][ T5989] ? __pfx_dump_stack_lvl+0x10/0x10 [ 62.143046][ T5989] ? __pfx__printk+0x10/0x10 [ 62.143054][ T5989] ? print_lock_name+0xde/0x100 [ 62.143061][ T5989] print_circular_bug+0x2ee/0x310 [ 62.143071][ T5989] check_noncircular+0x134/0x160 [ 62.143081][ T5989] validate_chain+0xb9b/0x2140 [ 62.143090][ T5989] ? rwsem_down_write_slowpath+0xa72/0xfe0 [ 62.143101][ T5989] ? rwsem_down_write_slowpath+0x472/0xfe0 [ 62.143111][ T5989] __lock_acquire+0xab9/0xd20 [ 62.143119][ T5989] ? remove_inode_hugepages+0x972/0x1110 [ 62.143128][ T5989] lock_acquire+0x120/0x360 [ 62.143134][ T5989] ? remove_inode_hugepages+0x972/0x1110 [ 62.143145][ T5989] down_write+0x96/0x1f0 [ 62.143154][ T5989] ? remove_inode_hugepages+0x972/0x1110 [ 62.143163][ T5989] ? __pfx_down_write+0x10/0x10 [ 62.143172][ T5989] ? hugetlb_vma_trylock_write+0x89/0x150 [ 62.143182][ T5989] remove_inode_hugepages+0x972/0x1110 [ 62.143194][ T5989] ? __pfx_remove_inode_hugepages+0x10/0x10 [ 62.143207][ T5989] ? hugetlbfs_fallocate+0xbaa/0x1100 [ 62.143216][ T5989] ? up_write+0x1c4/0x420 [ 62.143226][ T5989] hugetlbfs_fallocate+0xbc2/0x1100 [ 62.143235][ T5989] ? aa_file_perm+0x13a/0x1550 [ 62.143247][ T5989] ? __pfx_hugetlbfs_fallocate+0x10/0x10 [ 62.143260][ T5989] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 62.143272][ T5989] vfs_fallocate+0x669/0x7e0 [ 62.143281][ T5989] ? __pfx_vfs_fallocate+0x10/0x10 [ 62.143291][ T5989] madvise_vma_behavior+0x341a/0x3d70 [ 62.143300][ T5989] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 62.143306][ T5989] ? get_page_from_freelist+0x2365/0x2440 [ 62.143321][ T5989] ? mas_prev_slot+0xb31/0xbb0 [ 62.143331][ T5989] ? find_vma_prev+0xe3/0x150 [ 62.143340][ T5989] ? __pfx_find_vma_prev+0x10/0x10 [ 62.143352][ T5989] madvise_walk_vmas+0x51c/0xa30 [ 62.143360][ T5989] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 62.143368][ T5989] ? blk_start_plug+0x6f/0x1b0 [ 62.143377][ T5989] madvise_do_behavior+0x38e/0x550 [ 62.143384][ T5989] ? __pfx_madvise_do_behavior+0x10/0x10 [ 62.143392][ T5989] ? down_read+0x1ad/0x2e0 [ 62.143401][ T5989] do_madvise+0x1bc/0x270 [ 62.143408][ T5989] ? __pfx_do_madvise+0x10/0x10 [ 62.143438][ T5989] ? do_user_addr_fault+0xc85/0x1380 [ 62.143447][ T5989] __x64_sys_madvise+0xa7/0xc0 [ 62.143454][ T5989] do_syscall_64+0xfa/0xfa0 [ 62.143462][ T5989] ? lockdep_hardirqs_on+0x9c/0x150 [ 62.143469][ T5989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.143476][ T5989] ? exc_page_fault+0xab/0x100 [ 62.143483][ T5989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.143490][ T5989] RIP: 0033:0x7fca36b8efc9 [ 62.143498][ T5989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.143504][ T5989] RSP: 002b:00007fca37a80038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 62.143513][ T5989] RAX: ffffffffffffffda RBX: 00007fca36de6090 RCX: 00007fca36b8efc9 [ 62.143519][ T5989] RDX: 0000000000000009 RSI: 0000000000600000 RDI: 0000200000bc0000 [ 62.143524][ T5989] RBP: 00007fca36c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 62.143528][ T5989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.143532][ T5989] R13: 00007fca36de6128 R14: 00007fca36de6090 R15: 00007ffeef05aaf8 [ 62.143539][ T5989] [ 62.259749][ T5659] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.260494][ T55] Bluetooth: hci0: command tx timeout [ 62.265016][ T55] Bluetooth: hci2: command tx timeout [ 62.266697][ T55] Bluetooth: hci1: command tx timeout [ 63.945392][ T5659] bridge_slave_1: left allmulticast mode [ 63.947664][ T5659] bridge_slave_1: left promiscuous mode [ 63.949723][ T5659] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.964031][ T5659] bridge_slave_0: left allmulticast mode [ 63.965778][ T5659] bridge_slave_0: left promiscuous mode [ 63.967552][ T5659] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.086567][ T5659] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 64.097649][ T5659] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 64.101947][ T5659] bond0 (unregistering): Released all slaves [ 64.182215][ T5659] hsr_slave_0: left promiscuous mode [ 64.194834][ T5659] hsr_slave_1: left promiscuous mode [ 64.200241][ T5659] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.207754][ T5659] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 64.219707][ T5659] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.222086][ T5659] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.233729][ T5659] veth1_macvtap: left promiscuous mode [ 64.235535][ T5659] veth0_macvtap: left promiscuous mode [ 64.247921][ T5659] veth1_vlan: left promiscuous mode [ 64.249668][ T5659] veth0_vlan: left promiscuous mode [ 64.322443][ T55] Bluetooth: hci2: command tx timeout [ 64.324085][ T55] Bluetooth: hci0: command tx timeout [ 64.326031][ T5931] Bluetooth: hci1: command tx timeout [ 64.415841][ T5659] team0 (unregistering): Port device team_slave_1 removed [ 64.432711][ T5659] team0 (unregistering): Port device team_slave_0 removed [ 64.690757][ T5927] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 64.709116][ T5927] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 64.721181][ T5927] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 64.731291][ T5927] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 64.828841][ T5927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.846929][ T5927] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.850897][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.853194][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.864466][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.866695][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.877819][ T5927] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 64.881031][ T5927] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.972086][ T5927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.011843][ T5927] veth0_vlan: entered promiscuous mode [ 65.018025][ T5927] veth1_vlan: entered promiscuous mode [ 65.040844][ T5927] veth0_macvtap: entered promiscuous mode [ 65.045391][ T5927] veth1_macvtap: entered promiscuous mode [ 65.052481][ T5927] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.057816][ T5927] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.075372][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.088061][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.090838][ T5927] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' [ 65.100590][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.107963][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.126560][ T5927] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' [ 65.129473][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.132190][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/11/10 08:40:12 executed programs: 289 [ 65.154161][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.156528][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.402604][ T5931] Bluetooth: hci1: command tx timeout [ 66.402794][ T5201] Bluetooth: hci0: command tx timeout [ 66.404331][ T5931] Bluetooth: hci2: command tx timeout [ 68.482520][ T5931] Bluetooth: hci0: command tx timeout [ 68.482661][ T55] Bluetooth: hci1: command tx timeout [ 68.484311][ T5931] Bluetooth: hci2: command tx timeout 2025/11/10 08:40:17 executed programs: 1032 [ 71.445876][ T1361] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.448564][ T1361] ieee802154 phy1 wpan1: encryption failed: -22 VM DIAGNOSIS: 08:40:09 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000000 RCX=0000000000000000 RDX=0000000000000000 RSI=ffffffff8bbf12c0 RDI=ffffffff8bbf1280 RBP=ffffffff819b9083 RSP=ffffc90003c37818 R8 =0000000000000001 R9 =0000000000000000 R10=dffffc0000000000 R11=ffffed102e3d43a1 R12=0000000000000000 R13=ffff888121224048 R14=0000000000000000 R15=0000000000000001 RIP=ffffffff8b47bb36 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000000c00007a098 ffffffff 00c00000 GS =0000 ffff88818eb32000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2ee63fff CR3=000000017434c000 CR4=000006f0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=9740a1ed9740a1ed 9740a1ed9740a1ed XMM01=36175d1536175d15 36175d1536175d15 XMM02=6e5648686e564868 6e5648686e564868 XMM03=55795dd355795dd3 55795dd355795dd3 XMM04=b9119c2c94d78d63 c178478b936c2626 XMM05=991beb3d0c482426 43ba15177616a633 XMM06=ad891c1df68a4237 92fd372dad5bfc0b XMM07=12227d69b888e590 483af95c891d8e74 XMM08=3daf1388c88efe30 6ef699424b660eed XMM09=b7ee9b9f8ad27e14 69c97f3edb0899b3 XMM10=1381570773d8e5d6 a73651a6d719569a XMM11=ea5bfab7b2f71ecc b1dfa050e46e4fad XMM12=af3cf5c4af3cf5c4 af3cf5c4af3cf5c4 XMM13=022172f5022172f5 022172f5022172f5 XMM14=9d748a379d748a37 9d748a379d748a37 XMM15=0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000005b RBX=000000000000005b RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90005cee570 R8 =ffff888169a00237 R9 =1ffff1102d340046 R10=dffffc0000000000 R11=ffffffff851601f0 R12=dffffc0000000000 R13=ffffffff997e2901 R14=ffffffff99af5f20 R15=0000000000000000 RIP=ffffffff8516026c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fca37a806c0 ffffffff 00c00000 GS =0000 ffff8882a9f32000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffe50136c98 CR3=00000001bef7a000 CR4=000006f0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000 ff000000000000ff XMM01=2525252525252525 2525252525252525 XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000 XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000 XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000 XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007ffb5101315a XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000 XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000 XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000