Warning: Permanently added '10.128.1.198' (ED25519) to the list of known hosts.
2025/07/13 00:13:50 ignoring optional flag "sandboxArg"="0"
2025/07/13 00:13:51 parsed 1 programs
[   92.094971][   T24] cfg80211: failed to load regulatory.db
[   94.779715][ T5857] cgroup: Unknown subsys name 'net'
[   94.917073][ T5857] cgroup: Unknown subsys name 'cpuset'
[   94.928829][ T5857] cgroup: Unknown subsys name 'rlimit'
[   96.714894][ T5857] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   99.955052][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.988212][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.054745][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.073046][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.123298][ T5871] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  100.752495][ T5888] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.766160][ T5888] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.774689][ T5888] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.785781][ T5888] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.796280][ T5888] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  101.527509][ T5900] chnl_net:caif_netlink_parms(): no params data found
[  101.627395][ T5900] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.637236][ T5900] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.645507][ T5900] bridge_slave_0: entered allmulticast mode
[  101.654667][ T5900] bridge_slave_0: entered promiscuous mode
[  101.666765][ T5900] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.674949][ T5900] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.682597][ T5900] bridge_slave_1: entered allmulticast mode
[  101.690234][ T5900] bridge_slave_1: entered promiscuous mode
[  101.733341][ T5900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.746827][ T5900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.786382][ T5900] team0: Port device team_slave_0 added
[  101.795247][ T5900] team0: Port device team_slave_1 added
[  101.830210][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.837567][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.866391][ T5900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.879967][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.887781][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.914815][ T5900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.969094][ T5900] hsr_slave_0: entered promiscuous mode
[  101.976274][ T5900] hsr_slave_1: entered promiscuous mode
[  102.159518][ T5900] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.173860][ T5900] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.186156][ T5900] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.198297][ T5900] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.299037][ T5900] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.324436][ T5900] 8021q: adding VLAN 0 to HW filter on device team0
[  102.338453][ T2992] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.346195][ T2992] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.365028][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.372654][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.595222][ T5900] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.650157][ T5900] veth0_vlan: entered promiscuous mode
[  102.667116][ T5900] veth1_vlan: entered promiscuous mode
[  102.707174][ T5900] veth0_macvtap: entered promiscuous mode
[  102.719074][ T5900] veth1_macvtap: entered promiscuous mode
[  102.744561][ T5900] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.761698][ T5900] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.780514][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.793714][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.809608][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.820337][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.930375][ T5900] syz-executor (5900) used greatest stack depth: 19768 bytes left
[  102.966664][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.051798][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.149114][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.227928][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.896651][   T12] bridge_slave_1: left allmulticast mode
[  105.904184][   T12] bridge_slave_1: left promiscuous mode
[  105.911058][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.928440][   T12] bridge_slave_0: left allmulticast mode
[  105.934974][   T12] bridge_slave_0: left promiscuous mode
[  105.940948][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
2025/07/13 00:14:06 executed programs: 0
[  106.299103][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.309282][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.318575][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  106.327694][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  106.349249][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  106.588705][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  106.607286][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.619329][   T12] bond0 (unregistering): Released all slaves
[  106.741418][   T12] hsr_slave_0: left promiscuous mode
[  106.749066][   T12] hsr_slave_1: left promiscuous mode
[  106.755815][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.766064][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.777145][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.785254][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.814544][   T12] veth1_macvtap: left promiscuous mode
[  106.821078][   T12] veth0_macvtap: left promiscuous mode
[  106.827750][   T12] veth1_vlan: left promiscuous mode
[  106.834677][   T12] veth0_vlan: left promiscuous mode
[  107.426330][   T12] team0 (unregistering): Port device team_slave_1 removed
[  107.481072][   T12] team0 (unregistering): Port device team_slave_0 removed
[  108.101717][ T5971] chnl_net:caif_netlink_parms(): no params data found
[  108.311904][ T5971] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.320239][ T5971] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.334372][ T5971] bridge_slave_0: entered allmulticast mode
[  108.347434][ T5971] bridge_slave_0: entered promiscuous mode
[  108.370161][ T5971] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.379165][ T5971] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.388257][ T5971] bridge_slave_1: entered allmulticast mode
[  108.400733][ T5971] bridge_slave_1: entered promiscuous mode
[  108.413707][   T51] Bluetooth: hci0: command tx timeout
[  108.931979][ T5971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.953035][ T5971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.041528][ T5971] team0: Port device team_slave_0 added
[  109.078100][ T5971] team0: Port device team_slave_1 added
[  109.180187][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.190846][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.222897][ T5971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.237163][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.250998][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.283596][ T5971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.376283][ T5971] hsr_slave_0: entered promiscuous mode
[  109.390345][ T5971] hsr_slave_1: entered promiscuous mode
[  110.231982][ T5971] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  110.251930][ T5971] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  110.268314][ T5971] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  110.283877][ T5971] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  110.417789][ T5971] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.461680][ T5971] 8021q: adding VLAN 0 to HW filter on device team0
[  110.477137][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.485656][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.494899][   T51] Bluetooth: hci0: command tx timeout
[  110.515004][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.523906][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.844609][ T5971] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.910919][ T5971] veth0_vlan: entered promiscuous mode
[  110.927611][ T5971] veth1_vlan: entered promiscuous mode
[  110.967526][ T5971] veth0_macvtap: entered promiscuous mode
[  110.981663][ T5971] veth1_macvtap: entered promiscuous mode
[  111.011511][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.034480][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.056272][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.067984][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.088185][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.098011][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.195726][ T2992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.211150][ T2992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.259841][ T2992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.271889][ T2992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/13 00:14:11 executed programs: 2
[  112.572852][   T51] Bluetooth: hci0: command tx timeout
[  114.606297][ T6400] 
[  114.608808][ T6400] =====================================
[  114.614577][ T6400] WARNING: bad unlock balance detected!
[  114.620533][ T6400] 6.16.0-rc5-next-20250711-syzkaller #0 Not tainted
[  114.628226][ T6400] -------------------------------------
[  114.634504][ T6400] syz.0.114/6400 is trying to release lock (vm_lock) at:
[  114.642004][ T6400] [<ffffffff825aa9e7>] query_matching_vma+0x2f7/0x5c0
[  114.649421][ T6400] but there are no more locks to release!
[  114.655347][ T6400] 
[  114.655347][ T6400] other info that might help us debug this:
[  114.663105][   T51] Bluetooth: hci0: command tx timeout
[  114.663958][ T6400] 1 lock held by syz.0.114/6400:
[  114.674754][ T6400]  #0: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: query_matching_vma+0x141/0x5c0
[  114.685645][ T6400] 
[  114.685645][ T6400] stack backtrace:
[  114.691764][ T6400] CPU: 1 UID: 0 PID: 6400 Comm: syz.0.114 Not tainted 6.16.0-rc5-next-20250711-syzkaller #0 PREEMPT(full) 
[  114.691793][ T6400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  114.691813][ T6400] Call Trace:
[  114.691822][ T6400]  <TASK>
[  114.691830][ T6400]  dump_stack_lvl+0x189/0x250
[  114.691864][ T6400]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.691898][ T6400]  ? __pfx__printk+0x10/0x10
[  114.691928][ T6400]  ? print_lock_name+0xde/0x100
[  114.691956][ T6400]  ? query_matching_vma+0x2f7/0x5c0
[  114.691981][ T6400]  print_unlock_imbalance_bug+0xdc/0xf0
[  114.692010][ T6400]  lock_release+0x269/0x3e0
[  114.692033][ T6400]  ? query_matching_vma+0x2f7/0x5c0
[  114.692058][ T6400]  ? query_matching_vma+0x141/0x5c0
[  114.692081][ T6400]  unlock_vma+0x70/0x180
[  114.692103][ T6400]  ? query_matching_vma+0x141/0x5c0
[  114.692127][ T6400]  query_matching_vma+0x2f7/0x5c0
[  114.692159][ T6400]  procfs_procmap_ioctl+0x3f9/0xd50
[  114.692186][ T6400]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  114.692214][ T6400]  ? __fget_files+0x2a/0x420
[  114.692239][ T6400]  ? __fget_files+0x2a/0x420
[  114.692261][ T6400]  ? __fget_files+0x3a0/0x420
[  114.692283][ T6400]  ? __fget_files+0x2a/0x420
[  114.692307][ T6400]  ? bpf_lsm_file_ioctl+0x9/0x20
[  114.692334][ T6400]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  114.692357][ T6400]  __se_sys_ioctl+0xf9/0x170
[  114.692388][ T6400]  do_syscall_64+0xfa/0x3b0
[  114.692409][ T6400]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.692428][ T6400]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.692447][ T6400]  ? clear_bhb_loop+0x60/0xb0
[  114.692469][ T6400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.692488][ T6400] RIP: 0033:0x7f500078e929
[  114.692510][ T6400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.692526][ T6400] RSP: 002b:00007f50015ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  114.692547][ T6400] RAX: ffffffffffffffda RBX: 00007f50009b5fa0 RCX: 00007f500078e929
[  114.692560][ T6400] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000003
[  114.692573][ T6400] RBP: 00007f5000810b39 R08: 0000000000000000 R09: 0000000000000000
[  114.692584][ T6400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  114.692595][ T6400] R13: 0000000000000000 R14: 00007f50009b5fa0 R15: 00007ffe4a427b08
[  114.692614][ T6400]  </TASK>