Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts. 2026/04/16 02:08:59 parsed 1 programs [ 99.080839][ T4601] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 100.786883][ T4633] chnl_net:caif_netlink_parms(): no params data found [ 100.824452][ T4633] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.832003][ T4633] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.840493][ T4633] device bridge_slave_0 entered promiscuous mode [ 100.849624][ T4633] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.857872][ T4633] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.866099][ T4633] device bridge_slave_1 entered promiscuous mode [ 100.890952][ T4633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.902284][ T4633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.930855][ T4633] team0: Port device team_slave_0 added [ 100.939164][ T4633] team0: Port device team_slave_1 added [ 100.960626][ T4633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.970432][ T4633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.998165][ T4633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.011295][ T4633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.018779][ T4633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.047208][ T4633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.084636][ T4633] device hsr_slave_0 entered promiscuous mode [ 101.091795][ T4633] device hsr_slave_1 entered promiscuous mode [ 101.727958][ T4633] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.748663][ T4633] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.769125][ T4633] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.792185][ T4633] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.911549][ T4633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.934831][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.948263][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.970370][ T4633] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.990478][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.009021][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.029780][ T4224] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.036962][ T4224] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.047622][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 102.069808][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.083461][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.096038][ T4224] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.103641][ T4224] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.114588][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.130650][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.153730][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.178918][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.199451][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 102.217567][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.226871][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.242646][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.254013][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.266666][ T4633] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 102.280728][ T4633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 102.294752][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 102.310177][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.450615][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 102.459574][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 102.471544][ T4633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.542467][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 102.568362][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 102.618463][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 102.628306][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 102.641409][ T4633] device veth0_vlan entered promiscuous mode [ 102.650318][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 102.659182][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 102.671223][ T4633] device veth1_vlan entered promiscuous mode [ 102.696396][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 102.707059][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 102.716787][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 102.726997][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 102.739175][ T4633] device veth0_macvtap entered promiscuous mode [ 102.749801][ T4633] device veth1_macvtap entered promiscuous mode [ 102.767190][ T4633] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.776117][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 102.786164][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 102.794818][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 102.804554][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 102.818891][ T4633] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.829122][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 102.839858][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 102.851028][ T4633] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.862109][ T4633] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.873052][ T4633] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.883219][ T4633] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.459047][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.468783][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.478996][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 103.514360][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.523966][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.535147][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 105.671118][ T155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/04/16 02:09:08 executed programs: 0 [ 105.966997][ T4862] chnl_net:caif_netlink_parms(): no params data found [ 106.023530][ T4862] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.031238][ T4862] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.039987][ T4862] device bridge_slave_0 entered promiscuous mode [ 106.049106][ T4862] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.056502][ T4862] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.064940][ T4862] device bridge_slave_1 entered promiscuous mode [ 106.090336][ T4862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.102026][ T4862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.129321][ T4862] team0: Port device team_slave_0 added [ 106.137925][ T4862] team0: Port device team_slave_1 added [ 106.159603][ T4862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.167872][ T4862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.195441][ T4862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.208579][ T4862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.215827][ T4862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.243211][ T4862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.278390][ T4862] device hsr_slave_0 entered promiscuous mode [ 106.285504][ T4862] device hsr_slave_1 entered promiscuous mode [ 106.292777][ T4862] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 106.300539][ T4862] Cannot create hsr debugfs directory [ 107.263085][ T155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.305132][ T155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.375472][ T155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.847665][ T4309] Bluetooth: hci0: command 0x0409 tx timeout [ 108.227797][ T4862] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 108.237067][ T4862] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 108.246587][ T4862] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 108.256008][ T4862] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.304643][ T4862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.328527][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 108.336556][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 108.347916][ T4862] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.357299][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 108.366217][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 108.375675][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.382995][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.392146][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 108.410810][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 108.421123][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 108.431194][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.438582][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.446374][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 108.455312][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 108.465396][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 108.474742][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 108.483564][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 108.493249][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 108.502499][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 108.527104][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 108.536175][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 108.548548][ T4862] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 108.560577][ T4862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 108.569919][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 108.578593][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 108.672348][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 108.680491][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 108.692850][ T4862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.709057][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 108.718489][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 108.745446][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 108.754052][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 108.763709][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 108.771774][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 108.781929][ T4862] device veth0_vlan entered promiscuous mode [ 108.798825][ T4862] device veth1_vlan entered promiscuous mode [ 108.815732][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 108.824498][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 108.833378][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 108.843231][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 108.855920][ T4862] device veth0_macvtap entered promiscuous mode [ 108.868820][ T4862] device veth1_macvtap entered promiscuous mode [ 108.886290][ T4862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.898727][ T4862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.911172][ T4862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.920427][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 108.929354][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 108.938802][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 108.948379][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 108.965456][ T4862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.977714][ T4862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.989451][ T4862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.000852][ T4862] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.010144][ T4862] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.019915][ T4862] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.029031][ T4862] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.040019][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 109.049278][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 109.079998][ T155] device hsr_slave_0 left promiscuous mode [ 109.086382][ T155] device hsr_slave_1 left promiscuous mode [ 109.093424][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.102813][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 109.111392][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.119098][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 109.127081][ T155] device bridge_slave_1 left promiscuous mode [ 109.134056][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.143157][ T155] device bridge_slave_0 left promiscuous mode [ 109.150659][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.161533][ T155] device veth1_macvtap left promiscuous mode [ 109.169913][ T155] device veth0_macvtap left promiscuous mode [ 109.176379][ T155] device veth1_vlan left promiscuous mode [ 109.182674][ T155] device veth0_vlan left promiscuous mode [ 109.294121][ T155] team0 (unregistering): Port device team_slave_1 removed [ 109.307094][ T155] team0 (unregistering): Port device team_slave_0 removed [ 109.319956][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 109.332358][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 109.379062][ T155] bond0 (unregistering): Released all slaves [ 109.469887][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.477982][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.485863][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 109.511596][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.520364][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.528549][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 109.594712][ T5047] loop0: detected capacity change from 0 to 4096 [ 109.659511][ T5047] ======================================================= [ 109.659511][ T5047] WARNING: The mand mount option has been deprecated and [ 109.659511][ T5047] and is ignored by this kernel. Remove the mand [ 109.659511][ T5047] option from the mount to silence this warning. [ 109.659511][ T5047] ======================================================= [ 109.749666][ T26] audit: type=1800 audit(1776305352.940:2): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 109.783466][ T5047] [ 109.785832][ T5047] ====================================================== [ 109.793005][ T5047] WARNING: possible circular locking dependency detected [ 109.800277][ T5047] syzkaller #0 Not tainted [ 109.804864][ T5047] ------------------------------------------------------ [ 109.812328][ T5047] syz.0.17/5047 is trying to acquire lock: [ 109.818272][ T5047] ffff88805c495660 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_fault+0x699/0x1370 [ 109.828720][ T5047] [ 109.828720][ T5047] but task is already holding lock: [ 109.836874][ T5047] ffff888077982b28 (&mm->mmap_lock){++++}-{3:3}, at: get_user_pages_unlocked+0x3c1/0x700 [ 109.847126][ T5047] [ 109.847126][ T5047] which lock already depends on the new lock. [ 109.847126][ T5047] [ 109.858654][ T5047] [ 109.858654][ T5047] the existing dependency chain (in reverse order) is: [ 109.868100][ T5047] [ 109.868100][ T5047] -> #2 (&mm->mmap_lock){++++}-{3:3}: [ 109.876092][ T5047] __might_fault+0xb3/0x110 [ 109.881210][ T5047] _copy_to_user+0x29/0x130 [ 109.886410][ T5047] fiemap_fill_next_extent+0x1ba/0x390 [ 109.892683][ T5047] ni_fiemap+0x858/0xc50 [ 109.897533][ T5047] ntfs_fiemap+0xd7/0x130 [ 109.902655][ T5047] do_vfs_ioctl+0x152d/0x1ef0 [ 109.908364][ T5047] __se_sys_ioctl+0x83/0x170 [ 109.913667][ T5047] do_syscall_64+0x4c/0xa0 [ 109.918779][ T5047] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 109.925479][ T5047] [ 109.925479][ T5047] -> #1 (&ni->file.run_lock){++++}-{3:3}: [ 109.933626][ T5047] down_read+0x44/0x2e0 [ 109.938397][ T5047] attr_data_get_block+0x148/0x18d0 [ 109.944544][ T5047] ntfs_get_block_vbo+0x329/0xca0 [ 109.950342][ T5047] do_mpage_readpage+0x83a/0x1e50 [ 109.956168][ T5047] mpage_readahead+0x3ef/0x920 [ 109.961870][ T5047] read_pages+0x175/0x930 [ 109.966881][ T5047] page_cache_ra_unbounded+0x838/0x940 [ 109.972842][ T5047] filemap_read+0x5de/0x2540 [ 109.978030][ T5047] __kernel_read+0x517/0x960 [ 109.983299][ T5047] integrity_kernel_read+0x86/0xd0 [ 109.989018][ T5047] ima_calc_file_hash+0x931/0x1920 [ 109.994894][ T5047] ima_collect_measurement+0x337/0x7c0 [ 110.000880][ T5047] process_measurement+0x113a/0x1ba0 [ 110.007116][ T5047] ima_file_check+0xc7/0x110 [ 110.012256][ T5047] path_openat+0x27a8/0x2fa0 [ 110.017448][ T5047] do_filp_open+0x1e2/0x410 [ 110.022732][ T5047] do_sys_openat2+0x150/0x4b0 [ 110.028094][ T5047] __x64_sys_openat+0x135/0x160 [ 110.034006][ T5047] do_syscall_64+0x4c/0xa0 [ 110.039107][ T5047] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 110.045690][ T5047] [ 110.045690][ T5047] -> #0 (mapping.invalidate_lock#3){.+.+}-{3:3}: [ 110.054358][ T5047] __lock_acquire+0x2c42/0x7d10 [ 110.059798][ T5047] lock_acquire+0x19e/0x400 [ 110.064956][ T5047] down_read+0x44/0x2e0 [ 110.069977][ T5047] filemap_fault+0x699/0x1370 [ 110.075549][ T5047] __do_fault+0x141/0x330 [ 110.080478][ T5047] handle_mm_fault+0x2985/0x4410 [ 110.086012][ T5047] __get_user_pages+0x94b/0x11e0 [ 110.091640][ T5047] get_user_pages_unlocked+0x258/0x700 [ 110.097864][ T5047] internal_get_user_pages_fast+0x1cd1/0x20b0 [ 110.104870][ T5047] iov_iter_get_pages+0x228/0x5c0 [ 110.110667][ T5047] __blockdev_direct_IO+0xfcf/0x3a70 [ 110.116467][ T5047] ntfs_direct_IO+0x194/0x390 [ 110.121821][ T5047] generic_file_direct_write+0x22c/0x490 [ 110.128054][ T5047] __generic_file_write_iter+0x2b1/0x4e0 [ 110.134383][ T5047] ntfs_file_write_iter+0x4d5/0x590 [ 110.140221][ T5047] vfs_write+0x745/0xd60 [ 110.145051][ T5047] ksys_write+0x152/0x260 [ 110.150053][ T5047] do_syscall_64+0x4c/0xa0 [ 110.154969][ T5047] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 110.161366][ T5047] [ 110.161366][ T5047] other info that might help us debug this: [ 110.161366][ T5047] [ 110.172350][ T5047] Chain exists of: [ 110.172350][ T5047] mapping.invalidate_lock#3 --> &ni->file.run_lock --> &mm->mmap_lock [ 110.172350][ T5047] [ 110.187027][ T5047] Possible unsafe locking scenario: [ 110.187027][ T5047] [ 110.195176][ T5047] CPU0 CPU1 [ 110.200540][ T5047] ---- ---- [ 110.206175][ T5047] lock(&mm->mmap_lock); [ 110.210506][ T5047] lock(&ni->file.run_lock); [ 110.217863][ T5047] lock(&mm->mmap_lock); [ 110.224781][ T5047] lock(mapping.invalidate_lock#3); [ 110.230529][ T5047] [ 110.230529][ T5047] *** DEADLOCK *** [ 110.230529][ T5047] [ 110.238668][ T5047] 4 locks held by syz.0.17/5047: [ 110.243676][ T5047] #0: ffff88802b581270 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2bf/0x370 [ 110.253410][ T5047] #1: ffff88806a11a460 (sb_writers#13){.+.+}-{0:0}, at: vfs_write+0x295/0xd60 [ 110.262695][ T5047] #2: ffff88805c4954c0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_file_write_iter+0x1d1/0x590 [ 110.274163][ T5047] #3: ffff888077982b28 (&mm->mmap_lock){++++}-{3:3}, at: get_user_pages_unlocked+0x3c1/0x700 [ 110.284460][ T5047] [ 110.284460][ T5047] stack backtrace: [ 110.290427][ T5047] CPU: 1 PID: 5047 Comm: syz.0.17 Not tainted syzkaller #0 [ 110.297698][ T5047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 110.308410][ T5047] Call Trace: [ 110.311782][ T5047] [ 110.314723][ T5047] dump_stack_lvl+0x188/0x250 [ 110.319471][ T5047] ? load_image+0x400/0x400 [ 110.323965][ T5047] ? show_regs_print_info+0x20/0x20 [ 110.329238][ T5047] ? print_circular_bug+0x12b/0x1a0 [ 110.334423][ T5047] check_noncircular+0x296/0x330 [ 110.339347][ T5047] ? add_chain_block+0x940/0x940 [ 110.344350][ T5047] ? lockdep_lock+0xf1/0x1f0 [ 110.348945][ T5047] ? mark_lock+0x94/0x320 [ 110.353561][ T5047] __lock_acquire+0x2c42/0x7d10 [ 110.359273][ T5047] ? __lock_acquire+0x12e8/0x7d10 [ 110.364474][ T5047] ? verify_lock_unused+0x140/0x140 [ 110.369830][ T5047] ? rcu_lock_release+0x5/0x20 [ 110.374763][ T5047] lock_acquire+0x19e/0x400 [ 110.379377][ T5047] ? filemap_fault+0x699/0x1370 [ 110.384305][ T5047] ? pagecache_get_page+0xc42/0xf10 [ 110.389706][ T5047] ? __might_sleep+0xf0/0xf0 [ 110.394464][ T5047] ? read_lock_is_recursive+0x10/0x10 [ 110.399915][ T5047] ? page_cache_prev_miss+0x380/0x380 [ 110.405358][ T5047] ? __lock_acquire+0x7d10/0x7d10 [ 110.410713][ T5047] down_read+0x44/0x2e0 [ 110.414940][ T5047] ? filemap_fault+0x699/0x1370 [ 110.420003][ T5047] filemap_fault+0x699/0x1370 [ 110.424859][ T5047] ? mapping_seek_hole_data+0x1300/0x1300 [ 110.430563][ T5047] ? filemap_read_page+0x4c0/0x4c0 [ 110.435765][ T5047] ? count_memcg_event_mm+0x324/0x370 [ 110.441227][ T5047] __do_fault+0x141/0x330 [ 110.445815][ T5047] handle_mm_fault+0x2985/0x4410 [ 110.451353][ T5047] ? get_page+0xe0/0xe0 [ 110.455694][ T5047] ? follow_page_mask+0xa6e/0x12d0 [ 110.461014][ T5047] __get_user_pages+0x94b/0x11e0 [ 110.465946][ T5047] ? populate_vma_page_range+0x290/0x290 [ 110.471952][ T5047] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 110.478255][ T5047] ? lockdep_hardirqs_on+0x94/0x140 [ 110.483562][ T5047] ? get_user_pages_unlocked+0x3c1/0x700 [ 110.489186][ T5047] ? down_read_killable+0x1ce/0x340 [ 110.494369][ T5047] get_user_pages_unlocked+0x258/0x700 [ 110.500075][ T5047] ? get_user_pages_locked+0x690/0x690 [ 110.505779][ T5047] ? __kasan_slab_alloc+0xb3/0xd0 [ 110.511211][ T5047] ? internal_get_user_pages_fast+0x1b2f/0x20b0 [ 110.517527][ T5047] internal_get_user_pages_fast+0x1cd1/0x20b0 [ 110.523848][ T5047] ? get_user_pages_fast_only+0x40/0x40 [ 110.529739][ T5047] ? lockdep_softirqs_off+0x430/0x430 [ 110.535273][ T5047] ? slab_post_alloc_hook+0x68/0x380 [ 110.540642][ T5047] ? __blockdev_direct_IO+0x308/0x3a70 [ 110.546597][ T5047] iov_iter_get_pages+0x228/0x5c0 [ 110.551715][ T5047] __blockdev_direct_IO+0xfcf/0x3a70 [ 110.557256][ T5047] ? sb_init_dio_done_wq+0x80/0x80 [ 110.562434][ T5047] ? ntfs_get_block_bmap+0xd0/0xd0 [ 110.567530][ T5047] ? invalidate_mapping_pagevec+0x30/0x30 [ 110.573321][ T5047] ? filemap_write_and_wait_range+0x228/0x3d0 [ 110.579616][ T5047] ? ntfs_get_block_bmap+0xd0/0xd0 [ 110.584992][ T5047] ntfs_direct_IO+0x194/0x390 [ 110.589746][ T5047] generic_file_direct_write+0x22c/0x490 [ 110.595724][ T5047] __generic_file_write_iter+0x2b1/0x4e0 [ 110.601792][ T5047] ntfs_file_write_iter+0x4d5/0x590 [ 110.606995][ T5047] vfs_write+0x745/0xd60 [ 110.611606][ T5047] ? file_end_write+0x250/0x250 [ 110.616636][ T5047] ? __fget_files+0x40f/0x480 [ 110.621557][ T5047] ? mutex_lock_nested+0x17/0x20 [ 110.626662][ T5047] ? __fdget_pos+0x2bf/0x370 [ 110.631409][ T5047] ? ksys_write+0x71/0x260 [ 110.636155][ T5047] ksys_write+0x152/0x260 [ 110.640480][ T5047] ? __ia32_sys_read+0x80/0x80 [ 110.645508][ T5047] ? lockdep_hardirqs_on+0x94/0x140 [ 110.650863][ T5047] do_syscall_64+0x4c/0xa0 [ 110.655261][ T5047] ? clear_bhb_loop+0x30/0x80 [ 110.659919][ T5047] ? clear_bhb_loop+0x30/0x80 [ 110.664578][ T5047] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 110.670654][ T5047] RIP: 0033:0x7f676781f339 [ 110.675236][ T5047] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 110.695873][ T5047] RSP: 002b:00007f6766e83028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.704364][ T5047] RAX: ffffffffffffffda RBX: 00007f6767a5afa0 RCX: 00007f676781f339 [ 110.712964][ T5047] RDX: 0000000000032600 RSI: 0000200000000000 RDI: 0000000000000005 [ 110.721032][ T5047] RBP: 00007f67678b2d68 R08: 0000000000000000 R09: 0000000000000000 [ 110.729278][ T5047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.737701][ T5047] R13: 00007f6767a5b038 R14: 00007f6767a5afa0 R15: 00007ffe48a438a8 [ 110.746136][ T5047] [ 110.752747][ T4999] Bluetooth: hci0: command 0x041b tx timeout 2026/04/16 02:09:14 executed programs: 3 [ 110.857300][ T5049] loop0: detected capacity change from 0 to 4096 [ 110.963002][ T26] audit: type=1800 audit(1776305354.150:3): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 111.056226][ T5051] loop0: detected capacity change from 0 to 4096 [ 111.089779][ T26] audit: type=1800 audit(1776305354.280:4): pid=5051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 111.148540][ T5053] loop0: detected capacity change from 0 to 4096 [ 111.169049][ T26] audit: type=1800 audit(1776305354.360:5): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.20" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 111.250551][ T5055] loop0: detected capacity change from 0 to 4096 [ 111.273986][ T26] audit: type=1800 audit(1776305354.460:6): pid=5055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.21" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 111.329085][ T5057] loop0: detected capacity change from 0 to 4096 [ 111.351273][ T26] audit: type=1800 audit(1776305354.540:7): pid=5057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.22" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 111.411895][ T5059] loop0: detected capacity change from 0 to 4096 [ 111.433484][ T26] audit: type=1800 audit(1776305354.620:8): pid=5059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.23" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 111.529349][ T5061] loop0: detected capacity change from 0 to 4096 [ 111.551800][ T26] audit: type=1800 audit(1776305354.740:9): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.24" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 111.632578][ T5063] loop0: detected capacity change from 0 to 4096 [ 111.655044][ T26] audit: type=1800 audit(1776305354.840:10): pid=5063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.25" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 111.738540][ T5065] loop0: detected capacity change from 0 to 4096 [ 111.824908][ T26] audit: type=1800 audit(1776305355.010:11): pid=5065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.26" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 112.807669][ T4999] Bluetooth: hci0: command 0x040f tx timeout [ 114.634441][ T5115] set_capacity_and_notify: 24 callbacks suppressed [ 114.634455][ T5115] loop0: detected capacity change from 0 to 4096 [ 114.698991][ T5117] loop0: detected capacity change from 0 to 4096 [ 114.759738][ T5119] loop0: detected capacity change from 0 to 4096 [ 114.782864][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 114.782876][ T26] audit: type=1800 audit(1776305357.970:38): pid=5119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.53" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 114.868543][ T5121] loop0: detected capacity change from 0 to 4096 [ 114.888212][ T4998] Bluetooth: hci0: command 0x0419 tx timeout [ 114.960126][ T26] audit: type=1800 audit(1776305358.150:39): pid=5121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.54" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 115.043317][ T5123] loop0: detected capacity change from 0 to 4096 [ 115.065100][ T26] audit: type=1800 audit(1776305358.250:40): pid=5123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.55" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 115.128016][ T5125] loop0: detected capacity change from 0 to 4096 [ 115.180105][ T26] audit: type=1800 audit(1776305358.370:41): pid=5125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.56" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 115.248537][ T5127] loop0: detected capacity change from 0 to 4096 [ 115.265052][ T26] audit: type=1800 audit(1776305358.450:42): pid=5127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.57" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 115.349617][ T5129] loop0: detected capacity change from 0 to 4096 [ 115.373034][ T26] audit: type=1800 audit(1776305358.560:43): pid=5129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.58" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 115.454504][ T5131] loop0: detected capacity change from 0 to 4096 [ 115.471936][ T26] audit: type=1800 audit(1776305358.660:44): pid=5131 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.59" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 115.542635][ T5133] loop0: detected capacity change from 0 to 4096 [ 115.562183][ T26] audit: type=1800 audit(1776305358.750:45): pid=5133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.60" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 115.736551][ T26] audit: type=1800 audit(1776305358.920:46): pid=5135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.61" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 115.917150][ T26] audit: type=1800 audit(1776305359.100:47): pid=5137 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.62" name="file2" dev="loop0" ino=31 res=0 errno=0 2026/04/16 02:09:19 executed programs: 48 [ 119.738690][ T5203] set_capacity_and_notify: 34 callbacks suppressed [ 119.738703][ T5203] loop0: detected capacity change from 0 to 4096