Warning: Permanently added '10.128.1.78' (ED25519) to the list of known hosts. 2025/04/23 19:15:33 ignoring optional flag "sandboxArg"="0" 2025/04/23 19:15:34 parsed 1 programs [ 105.402336][ T4552] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 107.322352][ T1281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.332085][ T1281] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.349313][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 107.361858][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.370621][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.379508][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 108.175304][ T4600] chnl_net:caif_netlink_parms(): no params data found [ 108.241736][ T4600] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.249045][ T4600] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.259007][ T4600] device bridge_slave_0 entered promiscuous mode [ 108.269156][ T4600] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.277913][ T4600] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.286653][ T4600] device bridge_slave_1 entered promiscuous mode [ 108.318980][ T4600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.332841][ T4600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.369779][ T4600] team0: Port device team_slave_0 added [ 108.379540][ T4600] team0: Port device team_slave_1 added [ 108.406850][ T4600] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.413840][ T4600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.441692][ T4600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.455966][ T4600] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.462949][ T4600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.490841][ T4600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.537157][ T4600] device hsr_slave_0 entered promiscuous mode [ 108.544181][ T4600] device hsr_slave_1 entered promiscuous mode [ 109.243137][ T4600] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 109.257826][ T4600] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 109.269199][ T4600] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 109.281486][ T4600] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 109.359596][ T4600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.380366][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 109.388962][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 109.401717][ T4600] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.413546][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 109.425655][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 109.434316][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.441506][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.467154][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 109.475922][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 109.487424][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 109.496255][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.503567][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.515819][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 109.527609][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 109.536879][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 109.548809][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 109.558609][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 109.603473][ T4600] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 109.618567][ T4600] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 109.631099][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 109.642906][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 109.653474][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 109.663847][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 109.673832][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 109.684566][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 109.693896][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 109.829594][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 109.837999][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 109.852149][ T4600] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.897919][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 109.907579][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 109.952226][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 109.964026][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 109.973936][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 109.983105][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 109.996353][ T4600] device veth0_vlan entered promiscuous mode [ 110.009385][ T4600] device veth1_vlan entered promiscuous mode [ 110.058406][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 110.068678][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 110.077727][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 110.087233][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 110.099807][ T4600] device veth0_macvtap entered promiscuous mode [ 110.136022][ T4600] device veth1_macvtap entered promiscuous mode [ 110.157055][ T4600] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.164417][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 110.174005][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 110.184001][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 110.194442][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 110.207294][ T4600] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.216873][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 110.236274][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 110.250081][ T4600] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.259722][ T4600] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.271381][ T4600] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.281168][ T4600] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/04/23 19:15:45 executed programs: 0 [ 112.499409][ T4753] chnl_net:caif_netlink_parms(): no params data found [ 112.604497][ T4753] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.614255][ T4753] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.637462][ T4753] device bridge_slave_0 entered promiscuous mode [ 112.653847][ T4753] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.661109][ T4753] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.675489][ T4753] device bridge_slave_1 entered promiscuous mode [ 112.716863][ T4753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.728958][ T4753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.800339][ T4753] team0: Port device team_slave_0 added [ 112.817701][ T4753] team0: Port device team_slave_1 added [ 112.873674][ T4753] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.880902][ T4753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.907161][ T4753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.919450][ T4753] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.926439][ T4753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.952555][ T4753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.003121][ T4753] device hsr_slave_0 entered promiscuous mode [ 113.010060][ T4753] device hsr_slave_1 entered promiscuous mode [ 113.019401][ T4753] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.027332][ T4753] Cannot create hsr debugfs directory [ 113.055628][ T649] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.324966][ T1111] Bluetooth: hci0: command 0x0409 tx timeout [ 114.931102][ T649] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.005053][ T649] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.063461][ T649] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.977564][ T4753] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 115.987478][ T4753] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 115.997333][ T4753] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 116.008541][ T4753] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 116.073021][ T649] device hsr_slave_0 left promiscuous mode [ 116.081120][ T649] device hsr_slave_1 left promiscuous mode [ 116.088346][ T649] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.096808][ T649] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 116.105743][ T649] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.113161][ T649] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 116.121080][ T649] device bridge_slave_1 left promiscuous mode [ 116.127404][ T649] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.136482][ T649] device bridge_slave_0 left promiscuous mode [ 116.142658][ T649] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.154535][ T649] device veth1_macvtap left promiscuous mode [ 116.160934][ T649] device veth0_macvtap left promiscuous mode [ 116.167147][ T649] device veth1_vlan left promiscuous mode [ 116.172937][ T649] device veth0_vlan left promiscuous mode [ 116.330193][ T649] team0 (unregistering): Port device team_slave_1 removed [ 116.343152][ T649] team0 (unregistering): Port device team_slave_0 removed [ 116.358068][ T649] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.371370][ T649] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 116.394765][ T4181] Bluetooth: hci0: command 0x041b tx timeout [ 116.431124][ T649] bond0 (unregistering): Released all slaves [ 116.471160][ T4753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.484612][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 116.493177][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.505150][ T4753] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.516869][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 116.527434][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 116.536090][ T1281] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.543307][ T1281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.551669][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.580835][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 116.589836][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 116.598543][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.605949][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.613844][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 116.627832][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 116.649435][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 116.659418][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 116.668454][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 116.678904][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 116.688068][ T1281] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 116.703886][ T4753] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 116.716910][ T4753] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 116.728887][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 116.737783][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 116.746839][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 116.755306][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 116.763719][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 116.849224][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 116.857789][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 116.872004][ T4753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.897536][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 116.907542][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 116.930633][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 116.941532][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 116.952721][ T4753] device veth0_vlan entered promiscuous mode [ 116.962172][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 116.970956][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 116.986969][ T4753] device veth1_vlan entered promiscuous mode [ 117.011208][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 117.022794][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 117.031672][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 117.041980][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 117.055183][ T4753] device veth0_macvtap entered promiscuous mode [ 117.066430][ T4753] device veth1_macvtap entered promiscuous mode [ 117.086799][ T4753] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.094156][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 117.104407][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 117.120939][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 117.131389][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 117.143179][ T4753] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.153671][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 117.162646][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 117.176698][ T4753] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.187218][ T4753] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.196593][ T4753] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.206601][ T4753] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.281301][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.303777][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.326241][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 117.342415][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.352475][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.363823][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/04/23 19:15:50 executed programs: 2 [ 117.471365][ T4980] loop0: detected capacity change from 0 to 4096 [ 117.662268][ T26] audit: type=1800 audit(1745435750.593:2): pid=4980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 117.690815][ T4980] [ 117.693181][ T4980] ====================================================== [ 117.700217][ T4980] WARNING: possible circular locking dependency detected [ 117.707243][ T4980] 5.15.180-syzkaller #0 Not tainted [ 117.712442][ T4980] ------------------------------------------------------ [ 117.719465][ T4980] syz.0.16/4980 is trying to acquire lock: [ 117.725383][ T4980] ffff888024a44e28 (&mm->mmap_lock){++++}-{3:3}, at: internal_get_user_pages_fast+0x1c7/0x2810 [ 117.735876][ T4980] [ 117.735876][ T4980] but task is already holding lock: [ 117.743332][ T4980] ffff888068c7f9a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: __blockdev_direct_IO+0x3db/0x4f40 [ 117.754159][ T4980] [ 117.754159][ T4980] which lock already depends on the new lock. [ 117.754159][ T4980] [ 117.764666][ T4980] [ 117.764666][ T4980] the existing dependency chain (in reverse order) is: [ 117.773688][ T4980] [ 117.773688][ T4980] -> #1 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}: [ 117.782411][ T4980] lock_acquire+0x1db/0x4f0 [ 117.787444][ T4980] down_write+0x38/0x60 [ 117.792118][ T4980] ntfs_file_mmap+0x589/0x7e0 [ 117.797311][ T4980] mmap_file+0x5a/0xb0 [ 117.801893][ T4980] mmap_region+0x1035/0x1870 [ 117.807015][ T4980] do_mmap+0x78d/0xe00 [ 117.811687][ T4980] vm_mmap_pgoff+0x1ca/0x2d0 [ 117.816887][ T4980] ksys_mmap_pgoff+0x559/0x780 [ 117.822168][ T4980] do_syscall_64+0x3b/0x80 [ 117.827105][ T4980] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 117.833706][ T4980] [ 117.833706][ T4980] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 117.841458][ T4980] validate_chain+0x1649/0x5930 [ 117.846934][ T4980] __lock_acquire+0x1295/0x1ff0 [ 117.852307][ T4980] lock_acquire+0x1db/0x4f0 [ 117.857328][ T4980] internal_get_user_pages_fast+0x212/0x2810 [ 117.863825][ T4980] iov_iter_get_pages+0x25a/0x570 [ 117.869378][ T4980] __blockdev_direct_IO+0x1419/0x4f40 [ 117.875274][ T4980] ntfs_direct_IO+0x193/0x360 [ 117.880558][ T4980] generic_file_read_iter+0x28d/0x460 [ 117.886483][ T4980] vfs_read+0xa93/0xe10 [ 117.891181][ T4980] ksys_read+0x1a2/0x2c0 [ 117.896065][ T4980] do_syscall_64+0x3b/0x80 [ 117.901012][ T4980] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 117.907863][ T4980] [ 117.907863][ T4980] other info that might help us debug this: [ 117.907863][ T4980] [ 117.918183][ T4980] Possible unsafe locking scenario: [ 117.918183][ T4980] [ 117.925643][ T4980] CPU0 CPU1 [ 117.931005][ T4980] ---- ---- [ 117.936364][ T4980] lock(&sb->s_type->i_mutex_key#21); [ 117.941837][ T4980] lock(&mm->mmap_lock); [ 117.948679][ T4980] lock(&sb->s_type->i_mutex_key#21); [ 117.956664][ T4980] lock(&mm->mmap_lock); [ 117.960985][ T4980] [ 117.960985][ T4980] *** DEADLOCK *** [ 117.960985][ T4980] [ 117.969123][ T4980] 2 locks held by syz.0.16/4980: [ 117.974059][ T4980] #0: ffff88802b27b270 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2cb/0x380 [ 117.983318][ T4980] #1: ffff888068c7f9a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: __blockdev_direct_IO+0x3db/0x4f40 [ 117.994648][ T4980] [ 117.994648][ T4980] stack backtrace: [ 118.000571][ T4980] CPU: 0 PID: 4980 Comm: syz.0.16 Not tainted 5.15.180-syzkaller #0 [ 118.008630][ T4980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 118.018688][ T4980] Call Trace: [ 118.021968][ T4980] [ 118.024896][ T4980] dump_stack_lvl+0x1e3/0x2d0 [ 118.029579][ T4980] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 118.035219][ T4980] ? print_circular_bug+0x12b/0x1a0 [ 118.040424][ T4980] check_noncircular+0x2f8/0x3b0 [ 118.045362][ T4980] ? add_chain_block+0x850/0x850 [ 118.050490][ T4980] ? lockdep_lock+0x11f/0x2a0 [ 118.055259][ T4980] ? stack_trace_save+0x1c0/0x1c0 [ 118.060539][ T4980] ? is_bpf_text_address+0x24f/0x260 [ 118.065822][ T4980] ? __lock_acquire+0x1ff0/0x1ff0 [ 118.070854][ T4980] validate_chain+0x1649/0x5930 [ 118.075715][ T4980] ? deref_stack_reg+0xbe/0x110 [ 118.080569][ T4980] ? unwind_get_return_address+0x49/0x80 [ 118.086198][ T4980] ? arch_stack_walk+0xf3/0x140 [ 118.091047][ T4980] ? reacquire_held_locks+0x660/0x660 [ 118.096439][ T4980] ? stack_trace_save+0x113/0x1c0 [ 118.101464][ T4980] ? stack_trace_snprint+0xe0/0xe0 [ 118.106575][ T4980] ? check_noncircular+0x1e1/0x3b0 [ 118.111694][ T4980] ? add_chain_block+0x850/0x850 [ 118.116716][ T4980] ? mark_lock+0x98/0x340 [ 118.121038][ T4980] __lock_acquire+0x1295/0x1ff0 [ 118.125895][ T4980] lock_acquire+0x1db/0x4f0 [ 118.130395][ T4980] ? internal_get_user_pages_fast+0x1c7/0x2810 [ 118.136552][ T4980] ? read_lock_is_recursive+0x10/0x10 [ 118.141930][ T4980] ? reacquire_held_locks+0x660/0x660 [ 118.147295][ T4980] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 118.153371][ T4980] ? _raw_spin_unlock+0x40/0x40 [ 118.158215][ T4980] ? stack_trace_save+0x113/0x1c0 [ 118.163265][ T4980] internal_get_user_pages_fast+0x212/0x2810 [ 118.169419][ T4980] ? internal_get_user_pages_fast+0x1c7/0x2810 [ 118.175581][ T4980] ? __kasan_slab_alloc+0xa5/0xc0 [ 118.180613][ T4980] ? mark_lock+0x98/0x340 [ 118.184938][ T4980] ? do_syscall_64+0x3b/0x80 [ 118.189540][ T4980] ? __lock_acquire+0x1295/0x1ff0 [ 118.194679][ T4980] ? get_user_pages_fast_only+0x40/0x40 [ 118.200224][ T4980] ? memset+0x1f/0x40 [ 118.204202][ T4980] ? lockdep_init_map_type+0x9d/0x8d0 [ 118.209569][ T4980] ? lockdep_softirqs_off+0x420/0x420 [ 118.214951][ T4980] ? rwsem_write_trylock+0x166/0x210 [ 118.220247][ T4980] ? clear_nonspinnable+0x60/0x60 [ 118.225508][ T4980] iov_iter_get_pages+0x25a/0x570 [ 118.230543][ T4980] __blockdev_direct_IO+0x1419/0x4f40 [ 118.235934][ T4980] ? ntfs_get_block_direct_IO_W+0xb0/0xb0 [ 118.241835][ T4980] ? sb_init_dio_done_wq+0x80/0x80 [ 118.246950][ T4980] ? ntfs_get_block_direct_IO_W+0xb0/0xb0 [ 118.252671][ T4980] ? rcu_read_lock_bh_held+0x110/0x110 [ 118.258129][ T4980] ? rcu_is_watching+0x11/0xa0 [ 118.262887][ T4980] ? generic_file_read_iter+0x235/0x460 [ 118.268426][ T4980] ? generic_file_read_iter+0x235/0x460 [ 118.273965][ T4980] ? touch_atime+0x50f/0x680 [ 118.278551][ T4980] ? ntfs_get_block_direct_IO_W+0xb0/0xb0 [ 118.284262][ T4980] ntfs_direct_IO+0x193/0x360 [ 118.288944][ T4980] generic_file_read_iter+0x28d/0x460 [ 118.294324][ T4980] vfs_read+0xa93/0xe10 [ 118.298486][ T4980] ? kernel_read+0x1f0/0x1f0 [ 118.303162][ T4980] ? __fget_files+0x413/0x480 [ 118.307840][ T4980] ? mutex_lock_nested+0x17/0x20 [ 118.312772][ T4980] ? __fdget_pos+0x2cb/0x380 [ 118.317355][ T4980] ? ksys_read+0x77/0x2c0 [ 118.321679][ T4980] ksys_read+0x1a2/0x2c0 [ 118.325916][ T4980] ? print_irqtrace_events+0x210/0x210 [ 118.331373][ T4980] ? vfs_write+0xe50/0xe50 [ 118.335783][ T4980] ? syscall_enter_from_user_mode+0x2e/0x240 [ 118.341759][ T4980] ? lockdep_hardirqs_on+0x94/0x130 [ 118.346951][ T4980] ? syscall_enter_from_user_mode+0x2e/0x240 [ 118.352930][ T4980] do_syscall_64+0x3b/0x80 [ 118.357344][ T4980] ? clear_bhb_loop+0x15/0x70 [ 118.362115][ T4980] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 118.368029][ T4980] RIP: 0033:0x7fe840ce2d29 [ 118.372460][ T4980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.392076][ T4980] RSP: 002b:00007fe83ff5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 118.400583][ T4980] RAX: ffffffffffffffda RBX: 00007fe840ed2fa0 RCX: 00007fe840ce2d29 [ 118.408575][ T4980] RDX: 0000000000002000 RSI: 0000000020000000 RDI: 0000000000000005 [ 118.416627][ T4980] RBP: 00007fe840d5eb08 R08: 0000000000000000 R09: 0000000000000000 [ 118.424701][ T4980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.432672][ T4980] R13: 0000000000000000 R14: 00007fe840ed2fa0 R15: 00007ffdeff10478 [ 118.440645][ T4980] [ 118.462016][ T26] audit: type=1800 audit(1745435750.623:3): pid=4980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 118.485126][ T4215] Bluetooth: hci0: command 0x040f tx timeout [ 118.587785][ T4982] loop0: detected capacity change from 0 to 4096 [ 118.695272][ T26] audit: type=1800 audit(1745435751.633:4): pid=4982 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 118.716816][ T26] audit: type=1800 audit(1745435751.633:5): pid=4982 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 118.809055][ T4984] loop0: detected capacity change from 0 to 4096 [ 118.908144][ T26] audit: type=1800 audit(1745435751.843:6): pid=4984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 118.928928][ T26] audit: type=1800 audit(1745435751.843:7): pid=4984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 119.041510][ T4986] loop0: detected capacity change from 0 to 4096 [ 119.135616][ T26] audit: type=1800 audit(1745435752.073:8): pid=4986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 119.156077][ T26] audit: type=1800 audit(1745435752.073:9): pid=4986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 119.232532][ T4988] loop0: detected capacity change from 0 to 4096 [ 119.315959][ T26] audit: type=1800 audit(1745435752.253:10): pid=4988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.20" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 119.336260][ T26] audit: type=1800 audit(1745435752.253:11): pid=4988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.20" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 119.422072][ T4990] loop0: detected capacity change from 0 to 4096 [ 119.625877][ T4992] loop0: detected capacity change from 0 to 4096 [ 119.792354][ T4994] loop0: detected capacity change from 0 to 4096 [ 119.998554][ T4996] loop0: detected capacity change from 0 to 4096 [ 120.192908][ T4998] loop0: detected capacity change from 0 to 4096 [ 120.343358][ T5000] loop0: detected capacity change from 0 to 4096 [ 120.513260][ T5002] loop0: detected capacity change from 0 to 4096 [ 120.554848][ T7] Bluetooth: hci0: command 0x0419 tx timeout [ 120.652350][ T5004] loop0: detected capacity change from 0 to 4096 [ 120.771601][ T5006] loop0: detected capacity change from 0 to 4096 [ 120.948919][ T5008] loop0: detected capacity change from 0 to 4096 [ 121.174455][ T5010] loop0: detected capacity change from 0 to 4096 [ 121.337257][ T5012] loop0: detected capacity change from 0 to 4096 [ 121.486109][ T5014] loop0: detected capacity change from 0 to 4096 [ 121.577436][ T5016] loop0: detected capacity change from 0 to 4096 [ 121.706571][ T5018] loop0: detected capacity change from 0 to 4096 [ 121.823458][ T5020] loop0: detected capacity change from 0 to 4096 [ 121.965965][ T5022] loop0: detected capacity change from 0 to 4096 [ 122.127242][ T5024] loop0: detected capacity change from 0 to 4096 [ 122.311711][ T5026] loop0: detected capacity change from 0 to 4096 [ 122.422570][ T5028] loop0: detected capacity change from 0 to 4096 2025/04/23 19:15:55 executed programs: 27 [ 122.605671][ T5030] loop0: detected capacity change from 0 to 4096 [ 122.706099][ T26] kauditd_printk_skb: 40 callbacks suppressed [ 122.706115][ T26] audit: type=1800 audit(1745435755.643:52): pid=5030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.41" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 122.732940][ T26] audit: type=1800 audit(1745435755.643:53): pid=5030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.41" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 122.823370][ T5032] loop0: detected capacity change from 0 to 4096 [ 122.915697][ T26] audit: type=1800 audit(1745435755.853:54): pid=5032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.42" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 122.936667][ T26] audit: type=1800 audit(1745435755.853:55): pid=5032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.42" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 123.026941][ T5034] loop0: detected capacity change from 0 to 4096 [ 123.139731][ T26] audit: type=1800 audit(1745435756.073:56): pid=5034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.43" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 123.160108][ T26] audit: type=1800 audit(1745435756.083:57): pid=5034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.43" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 123.230611][ T5036] loop0: detected capacity change from 0 to 4096 [ 123.326261][ T26] audit: type=1800 audit(1745435756.263:58): pid=5036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.44" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 123.347530][ T26] audit: type=1800 audit(1745435756.273:59): pid=5036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.44" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 123.462576][ T5038] loop0: detected capacity change from 0 to 4096 [ 123.576346][ T26] audit: type=1800 audit(1745435756.513:60): pid=5038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.45" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 123.597171][ T26] audit: type=1800 audit(1745435756.523:61): pid=5038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.45" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 123.694157][ T5040] loop0: detected capacity change from 0 to 4096 [ 123.883971][ T5042] loop0: detected capacity change from 0 to 4096 [ 124.048365][ T5044] loop0: detected capacity change from 0 to 4096 [ 124.245536][ T5046] loop0: detected capacity change from 0 to 4096 [ 124.367098][ T5048] loop0: detected capacity change from 0 to 4096 [ 124.537906][ T5050] loop0: detected capacity change from 0 to 4096 [ 124.700961][ T5052] loop0: detected capacity change from 0 to 4096 [ 124.834391][ T5054] loop0: detected capacity change from 0 to 4096 [ 125.019084][ T5056] loop0: detected capacity change from 0 to 4096 [ 125.216307][ T5058] loop0: detected capacity change from 0 to 4096 [ 125.396033][ T5060] loop0: detected capacity change from 0 to 4096 [ 125.566989][ T5062] loop0: detected capacity change from 0 to 4096 [ 125.757240][ T5064] loop0: detected capacity change from 0 to 4096 [ 125.942825][ T5066] loop0: detected capacity change from 0 to 4096 [ 126.162688][ T5068] loop0: detected capacity change from 0 to 4096 [ 126.300039][ T5070] loop0: detected capacity change from 0 to 4096 [ 126.468952][ T5072] loop0: detected capacity change from 0 to 4096 [ 126.671362][ T5074] loop0: detected capacity change from 0 to 4096 [ 126.846532][ T5076] loop0: detected capacity change from 0 to 4096 [ 127.007859][ T5078] loop0: detected capacity change from 0 to 4096 [ 127.182546][ T5080] loop0: detected capacity change from 0 to 4096 [ 127.365859][ T5082] loop0: detected capacity change from 0 to 4096 [ 127.542637][ T5084] loop0: detected capacity change from 0 to 4096 2025/04/23 19:16:00 executed programs: 55