Warning: Permanently added '10.128.0.101' (ED25519) to the list of known hosts. 2025/08/21 03:15:46 parsed 1 programs syzkaller login: [ 66.320653][ T4189] cgroup: Unknown subsys name 'net' [ 66.444011][ T4189] cgroup: Unknown subsys name 'rlimit' [ 67.948797][ T4189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 69.944264][ T4213] chnl_net:caif_netlink_parms(): no params data found [ 69.994849][ T4213] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.002571][ T4213] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.012166][ T4213] device bridge_slave_0 entered promiscuous mode [ 70.022141][ T4213] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.030872][ T4213] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.039327][ T4213] device bridge_slave_1 entered promiscuous mode [ 70.070737][ T4213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.083464][ T4213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.116244][ T4213] team0: Port device team_slave_0 added [ 70.128354][ T4213] team0: Port device team_slave_1 added [ 70.154598][ T4213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.163144][ T4213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.190675][ T4213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.204787][ T4213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.213014][ T4213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.240326][ T4213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.282349][ T4213] device hsr_slave_0 entered promiscuous mode [ 70.291167][ T4213] device hsr_slave_1 entered promiscuous mode [ 70.427369][ T4213] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.439993][ T4213] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.451347][ T4213] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.461514][ T4213] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.496506][ T4213] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.503785][ T4213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.511992][ T4213] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.519111][ T4213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.576001][ T4213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.591639][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.604326][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.613160][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.622861][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 70.638581][ T4213] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.652145][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.661262][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.668390][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.688252][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.698302][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.705639][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.731228][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.740847][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.751183][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.762130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.772421][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.784094][ T4213] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.921562][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 70.931374][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 70.948330][ T4213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.972189][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 70.983804][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.004918][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 71.016545][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.028723][ T4213] device veth0_vlan entered promiscuous mode [ 71.038586][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.046628][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.058758][ T4213] device veth1_vlan entered promiscuous mode [ 71.084190][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.093865][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.103395][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 71.113839][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.126783][ T4213] device veth0_macvtap entered promiscuous mode [ 71.137739][ T4213] device veth1_macvtap entered promiscuous mode [ 71.156524][ T4213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.168071][ T4213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.176150][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.184896][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 71.193353][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.202219][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.211727][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 71.221185][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.235431][ T4213] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.244832][ T4213] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.254804][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.260386][ T4213] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.263982][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.273022][ T4213] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.400758][ T4213] syz-executor (4213) used greatest stack depth: 21088 bytes left [ 71.551294][ T367] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.639599][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.648029][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.659658][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 71.679365][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.687361][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.696772][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.784036][ T367] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.012996][ T367] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.065509][ T367] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/08/21 03:15:59 executed programs: 0 [ 76.986616][ T4310] chnl_net:caif_netlink_parms(): no params data found [ 77.072494][ T4310] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.080100][ T4310] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.088734][ T4310] device bridge_slave_0 entered promiscuous mode [ 77.097167][ T4310] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.104954][ T4310] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.114063][ T4310] device bridge_slave_1 entered promiscuous mode [ 77.150515][ T4310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.163844][ T4310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.198046][ T4310] team0: Port device team_slave_0 added [ 77.210619][ T367] device hsr_slave_0 left promiscuous mode [ 77.218179][ T367] device hsr_slave_1 left promiscuous mode [ 77.224959][ T367] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.233110][ T367] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.243125][ T367] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.250830][ T367] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.259037][ T367] device bridge_slave_1 left promiscuous mode [ 77.266055][ T367] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.284582][ T367] device bridge_slave_0 left promiscuous mode [ 77.290957][ T367] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.314293][ T367] device veth1_macvtap left promiscuous mode [ 77.328031][ T367] device veth0_macvtap left promiscuous mode [ 77.334164][ T367] device veth1_vlan left promiscuous mode [ 77.342059][ T367] device veth0_vlan left promiscuous mode [ 77.552114][ T367] team0 (unregistering): Port device team_slave_1 removed [ 77.567087][ T367] team0 (unregistering): Port device team_slave_0 removed [ 77.580864][ T367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.595142][ T367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.653380][ T367] bond0 (unregistering): Released all slaves [ 77.699263][ T4310] team0: Port device team_slave_1 added [ 77.735094][ T4310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.742417][ T4310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.768503][ T4310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.780856][ T4310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.788526][ T4310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.814724][ T4310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.848910][ T4310] device hsr_slave_0 entered promiscuous mode [ 77.855934][ T4310] device hsr_slave_1 entered promiscuous mode [ 78.379277][ T4310] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.389838][ T4310] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.400234][ T4310] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.410601][ T4310] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.531219][ T4310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.547061][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.556828][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.573848][ T4310] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.592007][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 78.608668][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.631603][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.638720][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.654639][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 78.670499][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.688221][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.707794][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.714881][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.749664][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.768573][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.789084][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.808978][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.823720][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.833085][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.842209][ T1107] Bluetooth: hci0: command 0x0409 tx timeout [ 78.852834][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.874670][ T4310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 78.887155][ T4310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.901958][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.918238][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.935439][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.952393][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.963096][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.176607][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.195012][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.216160][ T4310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.240267][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 79.254632][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.276624][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.285670][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.296872][ T4310] device veth0_vlan entered promiscuous mode [ 79.304863][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.313876][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.327118][ T4310] device veth1_vlan entered promiscuous mode [ 79.374161][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.389139][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.408160][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 79.434482][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.448306][ T4310] device veth0_macvtap entered promiscuous mode [ 79.458354][ T4310] device veth1_macvtap entered promiscuous mode [ 79.483136][ T4310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.508150][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.526799][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 79.535804][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 79.544561][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.557187][ T4310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.569973][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.580725][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.592506][ T4310] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.601836][ T4310] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.610828][ T4310] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.620720][ T4310] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.716538][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.738140][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.747131][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.781940][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.792377][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.804853][ T1126] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.942293][ T4404] loop0: detected capacity change from 0 to 4096 [ 79.989939][ T4404] ======================================================= [ 79.989939][ T4404] WARNING: The mand mount option has been deprecated and [ 79.989939][ T4404] and is ignored by this kernel. Remove the mand [ 79.989939][ T4404] option from the mount to silence this warning. [ 79.989939][ T4404] ======================================================= [ 80.117294][ T26] audit: type=1800 audit(1755746163.140:2): pid=4404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 80.170655][ T4404] [ 80.173025][ T4404] ====================================================== [ 80.180051][ T4404] WARNING: possible circular locking dependency detected [ 80.187089][ T4404] 5.15.189-syzkaller #0 Not tainted [ 80.192298][ T4404] ------------------------------------------------------ [ 80.199321][ T4404] syz.0.17/4404 is trying to acquire lock: [ 80.205138][ T4404] ffff88806055fb40 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_fault+0x68b/0x13b0 [ 80.215188][ T4404] [ 80.215188][ T4404] but task is already holding lock: [ 80.222555][ T4404] ffff88802b7d0128 (&mm->mmap_lock){++++}-{3:3}, at: get_user_pages_unlocked+0x3b1/0x6f0 [ 80.232413][ T4404] [ 80.232413][ T4404] which lock already depends on the new lock. [ 80.232413][ T4404] [ 80.242829][ T4404] [ 80.242829][ T4404] the existing dependency chain (in reverse order) is: [ 80.251860][ T4404] [ 80.251860][ T4404] -> #2 (&mm->mmap_lock){++++}-{3:3}: [ 80.259452][ T4404] __might_fault+0xb3/0x110 [ 80.264502][ T4404] _copy_to_user+0x29/0x130 [ 80.269542][ T4404] fiemap_fill_next_extent+0x19d/0x360 [ 80.275545][ T4404] ni_fiemap+0x878/0xc20 [ 80.280329][ T4404] ntfs_fiemap+0xd7/0x130 [ 80.285199][ T4404] do_vfs_ioctl+0x1464/0x1de0 [ 80.290419][ T4404] __se_sys_ioctl+0x83/0x170 [ 80.295548][ T4404] do_syscall_64+0x4c/0xa0 [ 80.300510][ T4404] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.306964][ T4404] [ 80.306964][ T4404] -> #1 (&ni->file.run_lock){++++}-{3:3}: [ 80.314874][ T4404] down_read+0x44/0x2e0 [ 80.319573][ T4404] attr_data_get_block+0x10d/0x1880 [ 80.325314][ T4404] ntfs_get_block_vbo+0x2f6/0xc60 [ 80.330873][ T4404] do_mpage_readpage+0x820/0x1e30 [ 80.336448][ T4404] mpage_readahead+0x3a6/0x8a0 [ 80.341749][ T4404] read_pages+0x165/0x920 [ 80.346612][ T4404] page_cache_ra_unbounded+0x830/0x930 [ 80.352601][ T4404] filemap_read+0x589/0x2480 [ 80.357727][ T4404] __kernel_read+0x4eb/0x910 [ 80.362849][ T4404] integrity_kernel_read+0x86/0xd0 [ 80.368510][ T4404] ima_calc_file_hash+0x1546/0x18e0 [ 80.374248][ T4404] ima_collect_measurement+0x2ef/0x760 [ 80.380247][ T4404] process_measurement+0xfb9/0x1a10 [ 80.386007][ T4404] ima_file_check+0xc1/0x100 [ 80.391142][ T4404] path_openat+0x2735/0x2f30 [ 80.396270][ T4404] do_filp_open+0x1b3/0x3e0 [ 80.401307][ T4404] do_sys_openat2+0x142/0x4a0 [ 80.406522][ T4404] __x64_sys_openat+0x135/0x160 [ 80.411914][ T4404] do_syscall_64+0x4c/0xa0 [ 80.416873][ T4404] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.423307][ T4404] [ 80.423307][ T4404] -> #0 (mapping.invalidate_lock#3){.+.+}-{3:3}: [ 80.431847][ T4404] __lock_acquire+0x2c33/0x7c60 [ 80.437243][ T4404] lock_acquire+0x197/0x3f0 [ 80.442323][ T4404] down_read+0x44/0x2e0 [ 80.447028][ T4404] filemap_fault+0x68b/0x13b0 [ 80.452247][ T4404] __do_fault+0x141/0x330 [ 80.457115][ T4404] handle_mm_fault+0x2949/0x43c0 [ 80.462592][ T4404] __get_user_pages+0x93e/0x11c0 [ 80.468071][ T4404] get_user_pages_unlocked+0x248/0x6f0 [ 80.474071][ T4404] internal_get_user_pages_fast+0x1c9d/0x2080 [ 80.480681][ T4404] iov_iter_get_pages+0x225/0x5b0 [ 80.486255][ T4404] __blockdev_direct_IO+0x1060/0x3c90 [ 80.492172][ T4404] ntfs_direct_IO+0x194/0x390 [ 80.497395][ T4404] generic_file_direct_write+0x22c/0x490 [ 80.503567][ T4404] __generic_file_write_iter+0x2b1/0x4e0 [ 80.509743][ T4404] ntfs_file_write_iter+0x4d5/0x590 [ 80.515482][ T4404] vfs_write+0x712/0xd00 [ 80.520261][ T4404] ksys_write+0x14d/0x250 [ 80.525125][ T4404] do_syscall_64+0x4c/0xa0 [ 80.530079][ T4404] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.536519][ T4404] [ 80.536519][ T4404] other info that might help us debug this: [ 80.536519][ T4404] [ 80.546752][ T4404] Chain exists of: [ 80.546752][ T4404] mapping.invalidate_lock#3 --> &ni->file.run_lock --> &mm->mmap_lock [ 80.546752][ T4404] [ 80.560851][ T4404] Possible unsafe locking scenario: [ 80.560851][ T4404] [ 80.568308][ T4404] CPU0 CPU1 [ 80.573678][ T4404] ---- ---- [ 80.579050][ T4404] lock(&mm->mmap_lock); [ 80.583391][ T4404] lock(&ni->file.run_lock); [ 80.590598][ T4404] lock(&mm->mmap_lock); [ 80.597465][ T4404] lock(mapping.invalidate_lock#3); [ 80.602775][ T4404] [ 80.602775][ T4404] *** DEADLOCK *** [ 80.602775][ T4404] [ 80.610927][ T4404] 4 locks held by syz.0.17/4404: [ 80.615879][ T4404] #0: ffff8880782bd770 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2bf/0x370 [ 80.625138][ T4404] #1: ffff888071f98460 (sb_writers#13){.+.+}-{0:0}, at: vfs_write+0x28a/0xd00 [ 80.634143][ T4404] #2: ffff88806055f9a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_file_write_iter+0x1d1/0x590 [ 80.645323][ T4404] #3: ffff88802b7d0128 (&mm->mmap_lock){++++}-{3:3}, at: get_user_pages_unlocked+0x3b1/0x6f0 [ 80.655645][ T4404] [ 80.655645][ T4404] stack backtrace: [ 80.661536][ T4404] CPU: 1 PID: 4404 Comm: syz.0.17 Not tainted 5.15.189-syzkaller #0 [ 80.669507][ T4404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 80.679564][ T4404] Call Trace: [ 80.682859][ T4404] [ 80.685787][ T4404] dump_stack_lvl+0x168/0x230 [ 80.690472][ T4404] ? load_image+0x3b0/0x3b0 [ 80.694977][ T4404] ? show_regs_print_info+0x20/0x20 [ 80.700184][ T4404] ? print_circular_bug+0x12b/0x1a0 [ 80.705466][ T4404] check_noncircular+0x274/0x310 [ 80.710400][ T4404] ? add_chain_block+0x940/0x940 [ 80.715339][ T4404] ? lockdep_lock+0xdc/0x1e0 [ 80.719927][ T4404] ? mark_lock+0x94/0x320 [ 80.724264][ T4404] __lock_acquire+0x2c33/0x7c60 [ 80.729129][ T4404] ? __lock_acquire+0x12d9/0x7c60 [ 80.734166][ T4404] ? verify_lock_unused+0x140/0x140 [ 80.739375][ T4404] ? rcu_lock_release+0x5/0x20 [ 80.744151][ T4404] lock_acquire+0x197/0x3f0 [ 80.748692][ T4404] ? filemap_fault+0x68b/0x13b0 [ 80.753556][ T4404] ? pagecache_get_page+0xc1a/0xef0 [ 80.758776][ T4404] ? __might_sleep+0xf0/0xf0 [ 80.763378][ T4404] ? read_lock_is_recursive+0x10/0x10 [ 80.768919][ T4404] ? page_cache_prev_miss+0x360/0x360 [ 80.774367][ T4404] ? __lock_acquire+0x7c60/0x7c60 [ 80.779403][ T4404] down_read+0x44/0x2e0 [ 80.783580][ T4404] ? filemap_fault+0x68b/0x13b0 [ 80.788443][ T4404] filemap_fault+0x68b/0x13b0 [ 80.793227][ T4404] ? mapping_seek_hole_data+0x12d0/0x12d0 [ 80.798951][ T4404] ? filemap_read_page+0x4c0/0x4c0 [ 80.804057][ T4404] ? count_memcg_event_mm+0x311/0x360 [ 80.809424][ T4404] __do_fault+0x141/0x330 [ 80.813749][ T4404] handle_mm_fault+0x2949/0x43c0 [ 80.818686][ T4404] ? get_page+0xe0/0xe0 [ 80.822843][ T4404] ? follow_page_mask+0xa6e/0x12d0 [ 80.827962][ T4404] __get_user_pages+0x93e/0x11c0 [ 80.832916][ T4404] ? populate_vma_page_range+0x290/0x290 [ 80.838548][ T4404] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 80.844464][ T4404] ? lockdep_hardirqs_on+0x94/0x140 [ 80.849668][ T4404] ? preempt_count_add+0x8d/0x190 [ 80.854709][ T4404] ? down_read_killable+0x1ce/0x340 [ 80.859926][ T4404] get_user_pages_unlocked+0x248/0x6f0 [ 80.865410][ T4404] ? get_user_pages_locked+0x690/0x690 [ 80.870894][ T4404] ? __kasan_slab_alloc+0xb3/0xd0 [ 80.875931][ T4404] ? internal_get_user_pages_fast+0x1b17/0x2080 [ 80.882643][ T4404] internal_get_user_pages_fast+0x1c9d/0x2080 [ 80.888742][ T4404] ? get_user_pages_fast_only+0x40/0x40 [ 80.894297][ T4404] ? lockdep_softirqs_off+0x420/0x420 [ 80.899675][ T4404] ? slab_post_alloc_hook+0x68/0x380 [ 80.904986][ T4404] ? __blockdev_direct_IO+0x271/0x3c90 [ 80.910453][ T4404] iov_iter_get_pages+0x225/0x5b0 [ 80.915493][ T4404] ? iov_iter_npages+0x264/0x5e0 [ 80.918480][ T4289] Bluetooth: hci0: command 0x041b tx timeout [ 80.920438][ T4404] __blockdev_direct_IO+0x1060/0x3c90 [ 80.931815][ T4404] ? sb_init_dio_done_wq+0x80/0x80 [ 80.936952][ T4404] ? ntfs_get_block_bmap+0xd0/0xd0 [ 80.942097][ T4404] ? invalidate_mapping_pagevec+0x30/0x30 [ 80.947836][ T4404] ? filemap_write_and_wait_range+0x1e1/0x380 [ 80.953950][ T4404] ? ntfs_get_block_bmap+0xd0/0xd0 [ 80.959105][ T4404] ntfs_direct_IO+0x194/0x390 [ 80.963785][ T4404] generic_file_direct_write+0x22c/0x490 [ 80.969420][ T4404] __generic_file_write_iter+0x2b1/0x4e0 [ 80.975050][ T4404] ntfs_file_write_iter+0x4d5/0x590 [ 80.980252][ T4404] vfs_write+0x712/0xd00 [ 80.984496][ T4404] ? file_end_write+0x250/0x250 [ 80.989345][ T4404] ? __context_tracking_exit+0x4c/0x80 [ 80.994815][ T4404] ? mutex_lock_nested+0x17/0x20 [ 80.999755][ T4404] ? __fdget_pos+0x2bf/0x370 [ 81.004345][ T4404] ksys_write+0x14d/0x250 [ 81.008671][ T4404] ? __ia32_sys_read+0x80/0x80 [ 81.013430][ T4404] ? lockdep_hardirqs_on+0x94/0x140 [ 81.018624][ T4404] do_syscall_64+0x4c/0xa0 [ 81.023037][ T4404] ? clear_bhb_loop+0x30/0x80 [ 81.027713][ T4404] ? clear_bhb_loop+0x30/0x80 [ 81.032401][ T4404] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 81.038303][ T4404] RIP: 0033:0x7fecb2e25be9 [ 81.042712][ T4404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.062438][ T4404] RSP: 002b:00007ffc2dc92d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 81.071371][ T4404] RAX: ffffffffffffffda RBX: 00007fecb304cfa0 RCX: 00007fecb2e25be9 [ 81.079343][ T4404] RDX: 0000000000032600 RSI: 0000200000000000 RDI: 0000000000000005 [ 81.087315][ T4404] RBP: 00007fecb2ea8e19 R08: 0000000000000000 R09: 0000000000000000 [ 81.095291][ T4404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.103261][ T4404] R13: 00007fecb304cfa0 R14: 00007fecb304cfa0 R15: 0000000000000003 [ 81.111242][ T4404]