Warning: Permanently added '10.128.1.175' (ED25519) to the list of known hosts. 2025/08/20 03:47:16 ignoring optional flag "sandboxArg"="0" 2025/08/20 03:47:17 parsed 1 programs [ 90.213773][ T4599] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 92.685681][ T1507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.698341][ T1507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.710758][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 92.734806][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.743751][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.754901][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 93.145150][ T4656] chnl_net:caif_netlink_parms(): no params data found [ 93.201932][ T4656] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.209534][ T4656] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.217418][ T4656] device bridge_slave_0 entered promiscuous mode [ 93.226447][ T4656] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.233694][ T4656] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.242005][ T4656] device bridge_slave_1 entered promiscuous mode [ 93.260500][ T4656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.272661][ T4656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.302495][ T4656] team0: Port device team_slave_0 added [ 93.316822][ T4656] team0: Port device team_slave_1 added [ 93.420503][ T4656] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.427486][ T4656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.455564][ T4656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.468649][ T4656] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.476508][ T4656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.504165][ T4656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.554952][ T4656] device hsr_slave_0 entered promiscuous mode [ 93.562832][ T4656] device hsr_slave_1 entered promiscuous mode [ 94.148141][ T4656] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.160740][ T4656] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.171518][ T4656] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.191471][ T4656] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.320848][ T4656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.337018][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.345190][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.375741][ T4656] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.386100][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.396413][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.405399][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.412659][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.422660][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.435919][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.446535][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.455377][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.462612][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.519257][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.528852][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.542491][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.554517][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.563480][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.574974][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.584201][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.600251][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.609945][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.618690][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.628922][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.640413][ T4656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.776191][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 94.785775][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 94.799738][ T4656] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.822221][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 94.832347][ T1507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.876391][ T4656] device veth0_vlan entered promiscuous mode [ 94.884664][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 94.893979][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.908999][ T4656] device veth1_vlan entered promiscuous mode [ 94.920204][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.929732][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 94.937920][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 94.968828][ T3062] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 94.978968][ T3062] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 94.988880][ T3062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 95.003065][ T4656] device veth0_macvtap entered promiscuous mode [ 95.032488][ T4656] device veth1_macvtap entered promiscuous mode [ 95.061367][ T4656] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.071764][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 95.082247][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 95.091387][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 95.100361][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 95.112547][ T4656] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.120974][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 95.131717][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 95.145588][ T4656] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.158089][ T4656] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.168793][ T4656] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.178202][ T4656] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/08/20 03:47:26 executed programs: 0 [ 96.612825][ T4804] chnl_net:caif_netlink_parms(): no params data found [ 96.730768][ T4804] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.738007][ T4804] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.746584][ T4804] device bridge_slave_0 entered promiscuous mode [ 96.756435][ T4804] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.764112][ T4804] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.772566][ T4804] device bridge_slave_1 entered promiscuous mode [ 96.812570][ T4804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.831666][ T4804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.893785][ T4804] team0: Port device team_slave_0 added [ 96.908620][ T4804] team0: Port device team_slave_1 added [ 96.964945][ T4804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.988245][ T4804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.039480][ T4804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.060933][ T4804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.067910][ T4804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.126508][ T4804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.192758][ T4804] device hsr_slave_0 entered promiscuous mode [ 97.200140][ T4804] device hsr_slave_1 entered promiscuous mode [ 97.206763][ T4804] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.214765][ T4804] Cannot create hsr debugfs directory [ 97.342559][ T4804] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.419179][ T4664] Bluetooth: hci0: command 0x0409 tx timeout [ 100.454140][ T4804] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.509469][ T21] Bluetooth: hci0: command 0x041b tx timeout [ 100.554003][ T4804] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.615714][ T4804] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.786766][ T4804] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.796821][ T4804] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.806072][ T4804] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.822587][ T4804] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.878010][ T4804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.892368][ T4804] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.900285][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 100.909984][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.920526][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 100.929683][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.938136][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.946027][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.972284][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 100.980730][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 100.991697][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.002558][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.010512][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.020183][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.028815][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.037927][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.047815][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.056983][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.066570][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.075471][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 101.092090][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 101.100729][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.112209][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 101.121741][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.132939][ T4804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.184801][ T145] device hsr_slave_0 left promiscuous mode [ 101.191881][ T145] device hsr_slave_1 left promiscuous mode [ 101.198468][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.206215][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.214925][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.225770][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.234357][ T145] device bridge_slave_1 left promiscuous mode [ 101.241188][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.249925][ T145] device bridge_slave_0 left promiscuous mode [ 101.256295][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.267309][ T145] device veth1_macvtap left promiscuous mode [ 101.273589][ T145] device veth0_macvtap left promiscuous mode [ 101.279897][ T145] device veth1_vlan left promiscuous mode [ 101.285835][ T145] device veth0_vlan left promiscuous mode [ 101.402375][ T145] team0 (unregistering): Port device team_slave_1 removed [ 101.416396][ T145] team0 (unregistering): Port device team_slave_0 removed [ 101.427240][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.440548][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.496373][ T145] bond0 (unregistering): Released all slaves [ 101.537417][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.545181][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.557463][ T4804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.577024][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.586980][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.606871][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 101.615278][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.624087][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.632139][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.642265][ T4804] device veth0_vlan entered promiscuous mode [ 101.655214][ T4804] device veth1_vlan entered promiscuous mode [ 101.681227][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 101.690667][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 101.698874][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 101.708692][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.721341][ T4804] device veth0_macvtap entered promiscuous mode [ 101.732624][ T4804] device veth1_macvtap entered promiscuous mode [ 101.754733][ T4804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.764343][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 101.772857][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 101.780973][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 101.790069][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.802307][ T4804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.810081][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 101.819469][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.834170][ T4804] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.844030][ T4804] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.853056][ T4804] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.862340][ T4804] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.920585][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.928631][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.951886][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 2025/08/20 03:47:32 executed programs: 2 [ 101.966752][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.977122][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.988805][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 102.095658][ T5046] loop0: detected capacity change from 0 to 4096 [ 102.284560][ T26] audit: type=1800 audit(1755661652.699:2): pid=5046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 102.332670][ T26] audit: type=1800 audit(1755661652.699:3): pid=5046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 102.380794][ T26] audit: type=1800 audit(1755661652.719:4): pid=5046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.16" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 102.427618][ T5049] loop0: detected capacity change from 0 to 4096 [ 102.522699][ T26] audit: type=1800 audit(1755661652.939:5): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 102.546758][ T26] audit: type=1800 audit(1755661652.959:6): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 102.579578][ T4262] Bluetooth: hci0: command 0x040f tx timeout [ 102.591872][ T5049] [ 102.594229][ T5049] ====================================================== [ 102.598980][ T26] audit: type=1800 audit(1755661652.999:7): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 102.601416][ T5049] WARNING: possible circular locking dependency detected [ 102.601437][ T5049] syzkaller #0 Not tainted [ 102.601445][ T5049] ------------------------------------------------------ [ 102.601449][ T5049] syz.0.17/5049 is trying to acquire lock: [ 102.601456][ T5049] ffff888077539d28 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x90/0x110 [ 102.656147][ T5049] [ 102.656147][ T5049] but task is already holding lock: [ 102.663601][ T5049] ffff88805d04b550 (&ni->file.run_lock#3){++++}-{3:3}, at: ni_fiemap+0x2de/0xc20 [ 102.672935][ T5049] [ 102.672935][ T5049] which lock already depends on the new lock. [ 102.672935][ T5049] [ 102.683436][ T5049] [ 102.683436][ T5049] the existing dependency chain (in reverse order) is: [ 102.692436][ T5049] [ 102.692436][ T5049] -> #1 (&ni->file.run_lock#3){++++}-{3:3}: [ 102.700686][ T5049] down_read+0x44/0x2e0 [ 102.705415][ T5049] attr_data_get_block+0x10d/0x1880 [ 102.711445][ T5049] ntfs_file_mmap+0x457/0x720 [ 102.716636][ T5049] mmap_file+0x5d/0xb0 [ 102.721480][ T5049] mmap_region+0xd0d/0x15e0 [ 102.726587][ T5049] do_mmap+0x77a/0xdf0 [ 102.731260][ T5049] vm_mmap_pgoff+0x1b2/0x2b0 [ 102.736534][ T5049] ksys_mmap_pgoff+0x542/0x780 [ 102.742008][ T5049] do_syscall_64+0x4c/0xa0 [ 102.747101][ T5049] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 102.753612][ T5049] [ 102.753612][ T5049] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 102.761161][ T5049] __lock_acquire+0x2c33/0x7c60 [ 102.766528][ T5049] lock_acquire+0x197/0x3f0 [ 102.771531][ T5049] __might_fault+0xb3/0x110 [ 102.776684][ T5049] _copy_to_user+0x29/0x130 [ 102.781855][ T5049] fiemap_fill_next_extent+0x19d/0x360 [ 102.788044][ T5049] ni_fiemap+0x92d/0xc20 [ 102.792880][ T5049] ntfs_fiemap+0xd7/0x130 [ 102.797712][ T5049] do_vfs_ioctl+0x1464/0x1de0 [ 102.802986][ T5049] __se_sys_ioctl+0x83/0x170 [ 102.808085][ T5049] do_syscall_64+0x4c/0xa0 [ 102.813037][ T5049] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 102.819443][ T5049] [ 102.819443][ T5049] other info that might help us debug this: [ 102.819443][ T5049] [ 102.830010][ T5049] Possible unsafe locking scenario: [ 102.830010][ T5049] [ 102.837447][ T5049] CPU0 CPU1 [ 102.842791][ T5049] ---- ---- [ 102.848135][ T5049] lock(&ni->file.run_lock#3); [ 102.852985][ T5049] lock(&mm->mmap_lock); [ 102.859923][ T5049] lock(&ni->file.run_lock#3); [ 102.867295][ T5049] lock(&mm->mmap_lock); [ 102.871690][ T5049] [ 102.871690][ T5049] *** DEADLOCK *** [ 102.871690][ T5049] [ 102.880002][ T5049] 2 locks held by syz.0.17/5049: [ 102.884912][ T5049] #0: ffff88805d04b4a0 (&ni->ni_lock/5){+.+.}-{3:3}, at: ntfs_fiemap+0xc4/0x130 [ 102.894034][ T5049] #1: ffff88805d04b550 (&ni->file.run_lock#3){++++}-{3:3}, at: ni_fiemap+0x2de/0xc20 [ 102.903688][ T5049] [ 102.903688][ T5049] stack backtrace: [ 102.909784][ T5049] CPU: 1 PID: 5049 Comm: syz.0.17 Not tainted syzkaller #0 [ 102.917081][ T5049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.927665][ T5049] Call Trace: [ 102.930955][ T5049] [ 102.933884][ T5049] dump_stack_lvl+0x168/0x230 [ 102.938666][ T5049] ? load_image+0x3b0/0x3b0 [ 102.943364][ T5049] ? show_regs_print_info+0x20/0x20 [ 102.948708][ T5049] ? print_circular_bug+0x12b/0x1a0 [ 102.954121][ T5049] check_noncircular+0x274/0x310 [ 102.959710][ T5049] ? add_chain_block+0x940/0x940 [ 102.964766][ T5049] ? lockdep_lock+0xdc/0x1e0 [ 102.969448][ T5049] ? mark_lock+0x94/0x320 [ 102.973850][ T5049] ? mark_lock+0x94/0x320 [ 102.978164][ T5049] __lock_acquire+0x2c33/0x7c60 [ 102.983098][ T5049] ? look_up_lock_class+0x71/0x110 [ 102.988371][ T5049] ? is_dynamic_key+0x1f0/0x1f0 [ 102.993208][ T5049] ? mark_lock+0x94/0x320 [ 102.997609][ T5049] ? verify_lock_unused+0x140/0x140 [ 103.002800][ T5049] ? __lock_acquire+0x13ad/0x7c60 [ 103.007922][ T5049] lock_acquire+0x197/0x3f0 [ 103.012494][ T5049] ? __might_fault+0x90/0x110 [ 103.017178][ T5049] ? read_lock_is_recursive+0x10/0x10 [ 103.022548][ T5049] ? mark_lock+0x94/0x320 [ 103.026953][ T5049] ? __lock_acquire+0x13ad/0x7c60 [ 103.031977][ T5049] __might_fault+0xb3/0x110 [ 103.036464][ T5049] ? __might_fault+0x90/0x110 [ 103.041122][ T5049] _copy_to_user+0x29/0x130 [ 103.045610][ T5049] fiemap_fill_next_extent+0x19d/0x360 [ 103.051148][ T5049] ? vfs_ioctl+0xb0/0xb0 [ 103.055547][ T5049] ? stack_trace_save+0x98/0xe0 [ 103.060418][ T5049] ? run_lookup_entry+0x3c8/0x560 [ 103.065525][ T5049] ni_fiemap+0x92d/0xc20 [ 103.069852][ T5049] ? ni_parse_reparse+0x680/0x680 [ 103.075034][ T5049] ? fiemap_prep+0x1a8/0x240 [ 103.079614][ T5049] ntfs_fiemap+0xd7/0x130 [ 103.084100][ T5049] ? ntfs_file_open+0x210/0x210 [ 103.089126][ T5049] ? __might_fault+0xb3/0x110 [ 103.093990][ T5049] ? _copy_from_user+0x111/0x170 [ 103.099045][ T5049] do_vfs_ioctl+0x1464/0x1de0 [ 103.103820][ T5049] ? __ia32_compat_sys_ioctl+0x850/0x850 [ 103.109461][ T5049] ? rcu_lock_release+0x5/0x20 [ 103.114258][ T5049] ? __lock_acquire+0x7c60/0x7c60 [ 103.119311][ T5049] ? kfree+0xef/0x2a0 [ 103.123369][ T5049] ? tomoyo_path_number_perm+0x4d4/0x5d0 [ 103.128990][ T5049] ? verify_lock_unused+0x140/0x140 [ 103.134178][ T5049] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 103.139715][ T5049] ? __mm_populate+0x343/0x3a0 [ 103.144590][ T5049] ? bpf_lsm_file_ioctl+0x5/0x10 [ 103.149603][ T5049] ? security_file_ioctl+0x7c/0xa0 [ 103.154715][ T5049] __se_sys_ioctl+0x83/0x170 [ 103.159376][ T5049] do_syscall_64+0x4c/0xa0 [ 103.163794][ T5049] ? clear_bhb_loop+0x30/0x80 [ 103.168775][ T5049] ? clear_bhb_loop+0x30/0x80 [ 103.173433][ T5049] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 103.179524][ T5049] RIP: 0033:0x7f406cd3a969 [ 103.184028][ T5049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.203611][ T5049] RSP: 002b:00007f406bfaa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 103.212194][ T5049] RAX: ffffffffffffffda RBX: 00007f406cf61fa0 RCX: 00007f406cd3a969 [ 103.220436][ T5049] RDX: 0000200000000180 RSI: 00000000c020660b RDI: 0000000000000005 [ 103.228478][ T5049] RBP: 00007f406cdbcab1 R08: 0000000000000000 R09: 0000000000000000 [ 103.236429][ T5049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.244390][ T5049] R13: 0000000000000000 R14: 00007f406cf61fa0 R15: 00007ffc60de8288 [ 103.252447][ T5049] [ 103.388186][ T5052] loop0: detected capacity change from 0 to 4096 [ 103.420041][ T26] audit: type=1800 audit(1755661653.839:8): pid=5052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 103.441724][ T26] audit: type=1800 audit(1755661653.859:9): pid=5052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 103.472569][ T26] audit: type=1800 audit(1755661653.859:10): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 103.530127][ T5055] loop0: detected capacity change from 0 to 4096 [ 103.555946][ T26] audit: type=1800 audit(1755661653.969:11): pid=5055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 103.621189][ T5058] loop0: detected capacity change from 0 to 4096 [ 103.710059][ T5061] loop0: detected capacity change from 0 to 4096 [ 103.830456][ T5064] loop0: detected capacity change from 0 to 4096 [ 103.930309][ T5067] loop0: detected capacity change from 0 to 4096 [ 104.024184][ T5070] loop0: detected capacity change from 0 to 4096 [ 104.110628][ T5073] loop0: detected capacity change from 0 to 4096 [ 104.171408][ T5076] loop0: detected capacity change from 0 to 4096 [ 104.280436][ T5079] loop0: detected capacity change from 0 to 4096 [ 104.364005][ T5082] loop0: detected capacity change from 0 to 4096 [ 104.440222][ T5085] loop0: detected capacity change from 0 to 4096 [ 104.520507][ T5088] loop0: detected capacity change from 0 to 4096 [ 104.600420][ T5091] loop0: detected capacity change from 0 to 4096 [ 104.659141][ T21] Bluetooth: hci0: command 0x0419 tx timeout [ 104.700292][ T5094] loop0: detected capacity change from 0 to 4096 [ 104.810363][ T5097] loop0: detected capacity change from 0 to 4096 [ 104.900234][ T5100] loop0: detected capacity change from 0 to 4096 [ 104.983580][ T5103] loop0: detected capacity change from 0 to 4096 [ 105.050259][ T5106] loop0: detected capacity change from 0 to 4096 [ 105.140876][ T5109] loop0: detected capacity change from 0 to 4096 [ 105.235030][ T5112] loop0: detected capacity change from 0 to 4096 [ 105.311743][ T5115] loop0: detected capacity change from 0 to 4096 [ 105.440659][ T5118] loop0: detected capacity change from 0 to 4096 [ 105.500369][ T5121] loop0: detected capacity change from 0 to 4096 [ 105.584561][ T5124] loop0: detected capacity change from 0 to 4096 [ 105.664365][ T5127] loop0: detected capacity change from 0 to 4096 [ 105.722976][ T5130] loop0: detected capacity change from 0 to 4096 [ 105.804942][ T5133] loop0: detected capacity change from 0 to 4096 [ 105.870322][ T5136] loop0: detected capacity change from 0 to 4096 [ 105.940452][ T5139] loop0: detected capacity change from 0 to 4096 [ 106.020580][ T5142] loop0: detected capacity change from 0 to 4096 [ 106.150444][ T5145] loop0: detected capacity change from 0 to 4096 [ 106.240492][ T5148] loop0: detected capacity change from 0 to 4096 [ 106.364196][ T5151] loop0: detected capacity change from 0 to 4096 [ 106.420848][ T5154] loop0: detected capacity change from 0 to 4096 [ 106.520478][ T5157] loop0: detected capacity change from 0 to 4096 [ 106.590428][ T5160] loop0: detected capacity change from 0 to 4096 [ 106.661759][ T5163] loop0: detected capacity change from 0 to 4096 [ 106.744240][ T5166] loop0: detected capacity change from 0 to 4096 [ 106.800532][ T5169] loop0: detected capacity change from 0 to 4096 [ 106.900874][ T5172] loop0: detected capacity change from 0 to 4096 [ 106.986098][ T5175] loop0: detected capacity change from 0 to 4096 2025/08/20 03:47:37 executed programs: 46 [ 107.110411][ T5178] loop0: detected capacity change from 0 to 4096 [ 107.180276][ T5181] loop0: detected capacity change from 0 to 4096 [ 107.270276][ T5184] loop0: detected capacity change from 0 to 4096 [ 107.297147][ T26] kauditd_printk_skb: 127 callbacks suppressed [ 107.297159][ T26] audit: type=1800 audit(1755661657.709:139): pid=5184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.62" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.324815][ T26] audit: type=1800 audit(1755661657.719:140): pid=5184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.62" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.346553][ T26] audit: type=1800 audit(1755661657.759:141): pid=5184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.62" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.437152][ T5187] loop0: detected capacity change from 0 to 4096 [ 107.485370][ T26] audit: type=1800 audit(1755661657.899:142): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.63" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.506932][ T26] audit: type=1800 audit(1755661657.919:143): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.63" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.528680][ T26] audit: type=1800 audit(1755661657.939:144): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.63" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.599835][ T5190] loop0: detected capacity change from 0 to 4096 [ 107.706378][ T26] audit: type=1800 audit(1755661658.119:145): pid=5190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.64" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.727114][ T26] audit: type=1800 audit(1755661658.119:146): pid=5190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.64" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.748409][ T26] audit: type=1800 audit(1755661658.119:147): pid=5190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.64" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.800685][ T5193] loop0: detected capacity change from 0 to 4096 [ 107.824472][ T26] audit: type=1800 audit(1755661658.239:148): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.65" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 107.911123][ T5196] loop0: detected capacity change from 0 to 4096 [ 107.982360][ T5199] loop0: detected capacity change from 0 to 4096 [ 108.070263][ T5202] loop0: detected capacity change from 0 to 4096 [ 108.170602][ T5205] loop0: detected capacity change from 0 to 4096 [ 108.241451][ T5208] loop0: detected capacity change from 0 to 4096 [ 108.347666][ T5211] loop0: detected capacity change from 0 to 4096 [ 108.440660][ T5214] loop0: detected capacity change from 0 to 4096 [ 108.564578][ T5217] loop0: detected capacity change from 0 to 4096 [ 108.700211][ T5220] loop0: detected capacity change from 0 to 4096 [ 108.760535][ T5223] loop0: detected capacity change from 0 to 4096 [ 108.852401][ T5226] loop0: detected capacity change from 0 to 4096 [ 108.920952][ T5229] loop0: detected capacity change from 0 to 4096 [ 109.000652][ T5232] loop0: detected capacity change from 0 to 4096 [ 109.070509][ T5235] loop0: detected capacity change from 0 to 4096 [ 109.200529][ T5238] loop0: detected capacity change from 0 to 4096 [ 109.310742][ T5241] loop0: detected capacity change from 0 to 4096 [ 109.380572][ T5244] loop0: detected capacity change from 0 to 4096 [ 109.480566][ T5247] loop0: detected capacity change from 0 to 4096 [ 109.562694][ T5250] loop0: detected capacity change from 0 to 4096 [ 109.642167][ T5253] loop0: detected capacity change from 0 to 4096 [ 109.721453][ T5256] loop0: detected capacity change from 0 to 4096 [ 109.830298][ T5259] loop0: detected capacity change from 0 to 4096 [ 109.901331][ T5262] loop0: detected capacity change from 0 to 4096 [ 109.990404][ T5265] loop0: detected capacity change from 0 to 4096 [ 110.061208][ T5268] loop0: detected capacity change from 0 to 4096 [ 110.153011][ T5271] loop0: detected capacity change from 0 to 4096 [ 110.240143][ T5274] loop0: detected capacity change from 0 to 4096 [ 110.340565][ T5277] loop0: detected capacity change from 0 to 4096 [ 110.430753][ T5280] loop0: detected capacity change from 0 to 4096 [ 110.528941][ T5283] loop0: detected capacity change from 0 to 4096 [ 110.680402][ T5286] loop0: detected capacity change from 0 to 4096 [ 110.750822][ T5289] loop0: detected capacity change from 0 to 4096 [ 110.821788][ T5292] loop0: detected capacity change from 0 to 4096 [ 110.890570][ T5295] loop0: detected capacity change from 0 to 4096 [ 110.961157][ T5298] loop0: detected capacity change from 0 to 4096 [ 111.081312][ T5301] loop0: detected capacity change from 0 to 4096 [ 111.150688][ T5304] loop0: detected capacity change from 0 to 4096 [ 111.231460][ T5307] loop0: detected capacity change from 0 to 4096 [ 111.321337][ T5310] loop0: detected capacity change from 0 to 4096 [ 111.402498][ T5313] loop0: detected capacity change from 0 to 4096 [ 111.482020][ T5316] loop0: detected capacity change from 0 to 4096 [ 111.590449][ T5319] loop0: detected capacity change from 0 to 4096 [ 111.651084][ T5322] loop0: detected capacity change from 0 to 4096 [ 111.773861][ T5325] loop0: detected capacity change from 0 to 4096 [ 111.940937][ T5328] loop0: detected capacity change from 0 to 4096 [ 112.023064][ T5331] loop0: detected capacity change from 0 to 4096 2025/08/20 03:47:42 executed programs: 98 [ 112.090223][ T5334] loop0: detected capacity change from 0 to 4096 [ 112.192799][ T5337] loop0: detected capacity change from 0 to 4096 [ 112.260613][ T5340] loop0: detected capacity change from 0 to 4096 [ 112.343350][ T5343] loop0: detected capacity change from 0 to 4096 [ 112.368766][ T26] kauditd_printk_skb: 146 callbacks suppressed [ 112.368781][ T26] audit: type=1800 audit(1755661662.779:295): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.115" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 112.395883][ T26] audit: type=1800 audit(1755661662.779:296): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.115" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 112.421156][ T26] audit: type=1800 audit(1755661662.809:297): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.115" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 112.520323][ T5346] loop0: detected capacity change from 0 to 4096 [ 112.541215][ T26] audit: type=1800 audit(1755661662.959:298): pid=5346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.116" name="bus" dev="loop0" ino=33 res=0 errno=0