Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts. 2026/02/04 23:32:30 parsed 1 programs [ 93.110932][ T4928] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 94.864297][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.872509][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.898988][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 94.912264][ T400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.920663][ T400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.929944][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 96.424384][ T5004] chnl_net:caif_netlink_parms(): no params data found [ 96.458521][ T5004] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.465727][ T5004] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.473306][ T5004] device bridge_slave_0 entered promiscuous mode [ 96.482189][ T5004] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.489372][ T5004] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.497065][ T5004] device bridge_slave_1 entered promiscuous mode [ 96.515239][ T5004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.526016][ T5004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.545513][ T5004] team0: Port device team_slave_0 added [ 96.553263][ T5004] team0: Port device team_slave_1 added [ 96.569058][ T5004] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.576139][ T5004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.602317][ T5004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.614526][ T5004] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.621668][ T5004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.647703][ T5004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.673277][ T5004] device hsr_slave_0 entered promiscuous mode [ 96.680416][ T5004] device hsr_slave_1 entered promiscuous mode [ 97.143637][ T5004] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.153126][ T5004] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.163333][ T5004] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.173006][ T5004] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.289996][ T5004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.303461][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.316009][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.327907][ T5004] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.355911][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.366120][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.375152][ T1234] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.382400][ T1234] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.399600][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 97.408105][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.418236][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.429222][ T1234] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.436355][ T1234] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.446083][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 97.476492][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 97.487401][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.497982][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.515156][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.524962][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.533469][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 97.543585][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.552579][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 97.575994][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 97.593950][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.614900][ T5004] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 97.758260][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 97.767306][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 97.779718][ T5004] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.801274][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 97.811597][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 97.832531][ T5004] device veth0_vlan entered promiscuous mode [ 97.841280][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 97.850325][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 97.860552][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 97.869421][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 97.883609][ T5004] device veth1_vlan entered promiscuous mode [ 97.908201][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 97.935724][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 97.947009][ T5004] device veth0_macvtap entered promiscuous mode [ 97.958830][ T5004] device veth1_macvtap entered promiscuous mode [ 97.976794][ T5004] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.995101][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 98.004929][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 98.019672][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 98.033253][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 98.046195][ T5004] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.054393][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 98.074071][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 98.096507][ T5004] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.113768][ T5004] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.122537][ T5004] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.153735][ T5004] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2026/02/04 23:32:38 executed programs: 0 [ 98.972995][ T5111] chnl_net:caif_netlink_parms(): no params data found [ 99.087307][ T5111] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.100302][ T5111] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.111253][ T5111] device bridge_slave_0 entered promiscuous mode [ 99.120851][ T5111] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.130356][ T5111] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.139905][ T5111] device bridge_slave_1 entered promiscuous mode [ 99.187945][ T5111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.218866][ T5111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.278973][ T5111] team0: Port device team_slave_0 added [ 99.286816][ T5111] team0: Port device team_slave_1 added [ 99.328058][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.337664][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.391920][ T5111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.417789][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.427639][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.457008][ T5111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.488433][ T5111] device hsr_slave_0 entered promiscuous mode [ 99.495425][ T5111] device hsr_slave_1 entered promiscuous mode [ 99.501851][ T5111] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.510503][ T5111] Cannot create hsr debugfs directory [ 99.678906][ T5111] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.867405][ T4431] Bluetooth: hci0: command 0x0409 tx timeout [ 102.943914][ T4428] Bluetooth: hci0: command 0x041b tx timeout [ 102.953285][ T5111] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.199142][ T5111] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.269070][ T5111] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.360506][ T5111] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.369276][ T5111] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.378010][ T5111] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.387061][ T5111] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.437621][ T5111] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.449492][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.457703][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.468957][ T5111] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.481663][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.491555][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.500363][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.507619][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.516468][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.532847][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.542078][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.550918][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.557995][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.568205][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 103.591502][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 103.603199][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 103.611968][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 103.625311][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 103.633024][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 103.642004][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 103.661639][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 103.670793][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 103.682504][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 103.690934][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 103.709313][ T5111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 103.787649][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 103.795775][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 103.807180][ T144] device hsr_slave_0 left promiscuous mode [ 103.813385][ T144] device hsr_slave_1 left promiscuous mode [ 103.820004][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.828177][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.835890][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.843299][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.851058][ T144] device bridge_slave_1 left promiscuous mode [ 103.857627][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.866300][ T144] device bridge_slave_0 left promiscuous mode [ 103.872468][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.884186][ T144] device veth1_macvtap left promiscuous mode [ 103.890211][ T144] device veth0_macvtap left promiscuous mode [ 103.896360][ T144] device veth1_vlan left promiscuous mode [ 103.902149][ T144] device veth0_vlan left promiscuous mode [ 104.011676][ T144] team0 (unregistering): Port device team_slave_1 removed [ 104.022656][ T144] team0 (unregistering): Port device team_slave_0 removed [ 104.034998][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.048839][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.092986][ T144] bond0 (unregistering): Released all slaves [ 104.153124][ T5111] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.169832][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 104.178848][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 104.198564][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 104.211525][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 104.220748][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 104.229924][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 104.239163][ T5111] device veth0_vlan entered promiscuous mode [ 104.249887][ T5111] device veth1_vlan entered promiscuous mode [ 104.266731][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 104.277939][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 104.286209][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 104.296877][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 104.306996][ T5111] device veth0_macvtap entered promiscuous mode [ 104.316743][ T5111] device veth1_macvtap entered promiscuous mode [ 104.329701][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.338837][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 104.347466][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 104.355594][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 104.364993][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 104.376591][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.384301][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 104.395383][ T400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 104.408865][ T5111] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.418032][ T5111] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.426813][ T5111] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.435518][ T5111] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.480562][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.497009][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.505053][ T400] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.507365][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 104.513022][ T400] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/02/04 23:32:44 executed programs: 2 [ 104.528587][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 104.638502][ T5385] loop0: detected capacity change from 0 to 4096 [ 104.685151][ T5385] ======================================================= [ 104.685151][ T5385] WARNING: The mand mount option has been deprecated and [ 104.685151][ T5385] and is ignored by this kernel. Remove the mand [ 104.685151][ T5385] option from the mount to silence this warning. [ 104.685151][ T5385] ======================================================= [ 104.822128][ T26] audit: type=1800 audit(1770247964.363:2): pid=5385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 104.874485][ T5385] [ 104.876957][ T5385] ====================================================== [ 104.884074][ T5385] WARNING: possible circular locking dependency detected [ 104.891110][ T5385] syzkaller #0 Not tainted [ 104.895518][ T5385] ------------------------------------------------------ [ 104.902524][ T5385] syz.0.17/5385 is trying to acquire lock: [ 104.908369][ T5385] ffff88805bc97b40 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_fault+0x699/0x1370 [ 104.918406][ T5385] [ 104.918406][ T5385] but task is already holding lock: [ 104.925779][ T5385] ffff88802ad77128 (&mm->mmap_lock){++++}-{3:3}, at: get_user_pages_unlocked+0x3c1/0x700 [ 104.935613][ T5385] [ 104.935613][ T5385] which lock already depends on the new lock. [ 104.935613][ T5385] [ 104.946010][ T5385] [ 104.946010][ T5385] the existing dependency chain (in reverse order) is: [ 104.955027][ T5385] [ 104.955027][ T5385] -> #2 (&mm->mmap_lock){++++}-{3:3}: [ 104.962576][ T5385] __might_fault+0xb3/0x110 [ 104.967594][ T5385] _copy_to_user+0x29/0x130 [ 104.972610][ T5385] fiemap_fill_next_extent+0x1ba/0x390 [ 104.978595][ T5385] ni_fiemap+0x858/0xc50 [ 104.983357][ T5385] ntfs_fiemap+0xd7/0x130 [ 104.988199][ T5385] do_vfs_ioctl+0x152d/0x1ef0 [ 104.993391][ T5385] __se_sys_ioctl+0x83/0x170 [ 104.998486][ T5385] do_syscall_64+0x4c/0xa0 [ 105.003407][ T5385] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 105.009802][ T5385] [ 105.009802][ T5385] -> #1 (&ni->file.run_lock){++++}-{3:3}: [ 105.017689][ T5385] down_read+0x44/0x2e0 [ 105.022345][ T5385] attr_data_get_block+0x148/0x18d0 [ 105.028133][ T5385] ntfs_get_block_vbo+0x329/0xca0 [ 105.033657][ T5385] do_mpage_readpage+0x83a/0x1e50 [ 105.039191][ T5385] mpage_readahead+0x3ef/0x920 [ 105.044454][ T5385] read_pages+0x175/0x930 [ 105.049282][ T5385] page_cache_ra_unbounded+0x838/0x940 [ 105.055243][ T5385] filemap_read+0x5de/0x2540 [ 105.060328][ T5385] __kernel_read+0x517/0x960 [ 105.065508][ T5385] integrity_kernel_read+0x86/0xd0 [ 105.071119][ T5385] ima_calc_file_hash+0x931/0x1920 [ 105.076735][ T5385] ima_collect_measurement+0x337/0x7c0 [ 105.082701][ T5385] process_measurement+0x113a/0x1ba0 [ 105.088482][ T5385] ima_file_check+0xc7/0x110 [ 105.093566][ T5385] path_openat+0x27a8/0x2fa0 [ 105.098663][ T5385] do_filp_open+0x1e2/0x410 [ 105.103662][ T5385] do_sys_openat2+0x150/0x4b0 [ 105.108836][ T5385] __x64_sys_openat+0x135/0x160 [ 105.114180][ T5385] do_syscall_64+0x4c/0xa0 [ 105.119093][ T5385] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 105.125480][ T5385] [ 105.125480][ T5385] -> #0 (mapping.invalidate_lock#3){.+.+}-{3:3}: [ 105.133970][ T5385] __lock_acquire+0x2c42/0x7d10 [ 105.139320][ T5385] lock_acquire+0x19e/0x400 [ 105.144418][ T5385] down_read+0x44/0x2e0 [ 105.149159][ T5385] filemap_fault+0x699/0x1370 [ 105.154364][ T5385] __do_fault+0x141/0x330 [ 105.159213][ T5385] handle_mm_fault+0x2985/0x4410 [ 105.164745][ T5385] __get_user_pages+0x94b/0x11e0 [ 105.170182][ T5385] get_user_pages_unlocked+0x258/0x700 [ 105.176137][ T5385] internal_get_user_pages_fast+0x1cd1/0x20b0 [ 105.182701][ T5385] iov_iter_get_pages+0x228/0x5c0 [ 105.188224][ T5385] __blockdev_direct_IO+0xfcf/0x3a70 [ 105.194008][ T5385] ntfs_direct_IO+0x194/0x390 [ 105.199218][ T5385] generic_file_direct_write+0x22c/0x490 [ 105.205348][ T5385] __generic_file_write_iter+0x2b1/0x4e0 [ 105.211476][ T5385] ntfs_file_write_iter+0x4d5/0x590 [ 105.217167][ T5385] vfs_write+0x745/0xd60 [ 105.222080][ T5385] ksys_write+0x152/0x260 [ 105.226907][ T5385] do_syscall_64+0x4c/0xa0 [ 105.231844][ T5385] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 105.238233][ T5385] [ 105.238233][ T5385] other info that might help us debug this: [ 105.238233][ T5385] [ 105.248434][ T5385] Chain exists of: [ 105.248434][ T5385] mapping.invalidate_lock#3 --> &ni->file.run_lock --> &mm->mmap_lock [ 105.248434][ T5385] [ 105.262482][ T5385] Possible unsafe locking scenario: [ 105.262482][ T5385] [ 105.269990][ T5385] CPU0 CPU1 [ 105.275329][ T5385] ---- ---- [ 105.280677][ T5385] lock(&mm->mmap_lock); [ 105.285011][ T5385] lock(&ni->file.run_lock); [ 105.292194][ T5385] lock(&mm->mmap_lock); [ 105.299077][ T5385] lock(mapping.invalidate_lock#3); [ 105.304339][ T5385] [ 105.304339][ T5385] *** DEADLOCK *** [ 105.304339][ T5385] [ 105.312549][ T5385] 4 locks held by syz.0.17/5385: [ 105.317458][ T5385] #0: ffff8880799f8870 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2bf/0x370 [ 105.326653][ T5385] #1: ffff88807e380460 (sb_writers#13){.+.+}-{0:0}, at: vfs_write+0x295/0xd60 [ 105.335591][ T5385] #2: ffff88805bc979a0 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: ntfs_file_write_iter+0x1d1/0x590 [ 105.346693][ T5385] #3: ffff88802ad77128 (&mm->mmap_lock){++++}-{3:3}, at: get_user_pages_unlocked+0x3c1/0x700 [ 105.356928][ T5385] [ 105.356928][ T5385] stack backtrace: [ 105.362807][ T5385] CPU: 0 PID: 5385 Comm: syz.0.17 Not tainted syzkaller #0 [ 105.369977][ T5385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 105.380102][ T5385] Call Trace: [ 105.383401][ T5385] [ 105.386311][ T5385] dump_stack_lvl+0x188/0x250 [ 105.390995][ T5385] ? load_image+0x400/0x400 [ 105.395524][ T5385] ? show_regs_print_info+0x20/0x20 [ 105.400722][ T5385] ? print_circular_bug+0x12b/0x1a0 [ 105.405909][ T5385] check_noncircular+0x296/0x330 [ 105.410842][ T5385] ? add_chain_block+0x940/0x940 [ 105.415765][ T5385] ? lockdep_lock+0xf1/0x1f0 [ 105.420355][ T5385] ? mark_lock+0x94/0x320 [ 105.424678][ T5385] __lock_acquire+0x2c42/0x7d10 [ 105.429625][ T5385] ? __lock_acquire+0x12e8/0x7d10 [ 105.434721][ T5385] ? verify_lock_unused+0x140/0x140 [ 105.440088][ T5385] ? rcu_lock_release+0x5/0x20 [ 105.444841][ T5385] lock_acquire+0x19e/0x400 [ 105.449327][ T5385] ? filemap_fault+0x699/0x1370 [ 105.454155][ T5385] ? pagecache_get_page+0xc42/0xf10 [ 105.459330][ T5385] ? __might_sleep+0xf0/0xf0 [ 105.463903][ T5385] ? read_lock_is_recursive+0x10/0x10 [ 105.469255][ T5385] ? page_cache_prev_miss+0x380/0x380 [ 105.474632][ T5385] ? __lock_acquire+0x7d10/0x7d10 [ 105.479640][ T5385] down_read+0x44/0x2e0 [ 105.483777][ T5385] ? filemap_fault+0x699/0x1370 [ 105.488612][ T5385] filemap_fault+0x699/0x1370 [ 105.493307][ T5385] ? mapping_seek_hole_data+0x1300/0x1300 [ 105.499274][ T5385] ? filemap_read_page+0x4c0/0x4c0 [ 105.504370][ T5385] ? count_memcg_event_mm+0x324/0x370 [ 105.509728][ T5385] __do_fault+0x141/0x330 [ 105.514038][ T5385] handle_mm_fault+0x2985/0x4410 [ 105.518959][ T5385] ? get_page+0xe0/0xe0 [ 105.523097][ T5385] ? follow_page_mask+0xa6e/0x12d0 [ 105.528197][ T5385] __get_user_pages+0x94b/0x11e0 [ 105.533117][ T5385] ? populate_vma_page_range+0x290/0x290 [ 105.538723][ T5385] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 105.544673][ T5385] ? lockdep_hardirqs_on+0x94/0x140 [ 105.549855][ T5385] ? get_user_pages_unlocked+0x3c1/0x700 [ 105.555469][ T5385] ? down_read_killable+0x1ce/0x340 [ 105.560990][ T5385] get_user_pages_unlocked+0x258/0x700 [ 105.566468][ T5385] ? get_user_pages_locked+0x690/0x690 [ 105.571908][ T5385] ? __kasan_slab_alloc+0xb3/0xd0 [ 105.576920][ T5385] ? internal_get_user_pages_fast+0x1b2f/0x20b0 [ 105.583263][ T5385] internal_get_user_pages_fast+0x1cd1/0x20b0 [ 105.589318][ T5385] ? get_user_pages_fast_only+0x40/0x40 [ 105.594945][ T5385] ? lockdep_softirqs_off+0x430/0x430 [ 105.600324][ T5385] ? slab_post_alloc_hook+0x68/0x380 [ 105.605705][ T5385] ? __blockdev_direct_IO+0x308/0x3a70 [ 105.611142][ T5385] iov_iter_get_pages+0x228/0x5c0 [ 105.616166][ T5385] __blockdev_direct_IO+0xfcf/0x3a70 [ 105.621444][ T5385] ? sb_init_dio_done_wq+0x80/0x80 [ 105.626735][ T5385] ? ntfs_get_block_bmap+0xd0/0xd0 [ 105.631831][ T5385] ? invalidate_mapping_pagevec+0x30/0x30 [ 105.637536][ T5385] ? filemap_write_and_wait_range+0x228/0x3d0 [ 105.643587][ T5385] ? ntfs_get_block_bmap+0xd0/0xd0 [ 105.648675][ T5385] ntfs_direct_IO+0x194/0x390 [ 105.653417][ T5385] generic_file_direct_write+0x22c/0x490 [ 105.659030][ T5385] __generic_file_write_iter+0x2b1/0x4e0 [ 105.664644][ T5385] ntfs_file_write_iter+0x4d5/0x590 [ 105.669906][ T5385] vfs_write+0x745/0xd60 [ 105.674232][ T5385] ? file_end_write+0x250/0x250 [ 105.679090][ T5385] ? __fget_files+0x40f/0x480 [ 105.683765][ T5385] ? mutex_lock_nested+0x17/0x20 [ 105.688713][ T5385] ? __fdget_pos+0x2bf/0x370 [ 105.693288][ T5385] ? ksys_write+0x71/0x260 [ 105.697689][ T5385] ksys_write+0x152/0x260 [ 105.702008][ T5385] ? __ia32_sys_read+0x80/0x80 [ 105.706853][ T5385] ? lockdep_hardirqs_on+0x94/0x140 [ 105.712045][ T5385] do_syscall_64+0x4c/0xa0 [ 105.716440][ T5385] ? clear_bhb_loop+0x30/0x80 [ 105.721094][ T5385] ? clear_bhb_loop+0x30/0x80 [ 105.725746][ T5385] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 105.731634][ T5385] RIP: 0033:0x7fee3e9de339 [ 105.736061][ T5385] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.755818][ T5385] RSP: 002b:00007fee3e042028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 105.764210][ T5385] RAX: ffffffffffffffda RBX: 00007fee3ec19fa0 RCX: 00007fee3e9de339 [ 105.772166][ T5385] RDX: 0000000000032600 RSI: 0000200000000000 RDI: 0000000000000005 [ 105.780211][ T5385] RBP: 00007fee3ea71d68 R08: 0000000000000000 R09: 0000000000000000 [ 105.788166][ T5385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.796115][ T5385] R13: 00007fee3ec1a038 R14: 00007fee3ec19fa0 R15: 00007ffc744b5d88 [ 105.804067][ T5385] [ 105.809367][ T4427] Bluetooth: hci0: command 0x040f tx timeout [ 105.927966][ T5388] loop0: detected capacity change from 0 to 4096 [ 106.056921][ T26] audit: type=1800 audit(1770247965.603:3): pid=5388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.18" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 106.164850][ T5390] loop0: detected capacity change from 0 to 4096 [ 106.200002][ T26] audit: type=1800 audit(1770247965.743:4): pid=5390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.19" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 106.265528][ T5392] loop0: detected capacity change from 0 to 4096 [ 106.286064][ T26] audit: type=1800 audit(1770247965.833:5): pid=5392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.20" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 106.354995][ T5394] loop0: detected capacity change from 0 to 4096 [ 106.378648][ T26] audit: type=1800 audit(1770247965.923:6): pid=5394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.21" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 106.465388][ T5396] loop0: detected capacity change from 0 to 4096 [ 106.484787][ T26] audit: type=1800 audit(1770247966.033:7): pid=5396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.22" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 106.545298][ T5398] loop0: detected capacity change from 0 to 4096 [ 106.568393][ T26] audit: type=1800 audit(1770247966.113:8): pid=5398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.23" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 106.635128][ T5400] loop0: detected capacity change from 0 to 4096 [ 106.659144][ T26] audit: type=1800 audit(1770247966.203:9): pid=5400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.24" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 106.715727][ T5402] loop0: detected capacity change from 0 to 4096 [ 106.739959][ T26] audit: type=1800 audit(1770247966.283:10): pid=5402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.25" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 106.825339][ T5404] loop0: detected capacity change from 0 to 4096 [ 106.845906][ T26] audit: type=1800 audit(1770247966.393:11): pid=5404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.26" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 107.914156][ T4427] Bluetooth: hci0: command 0x0419 tx timeout 2026/02/04 23:32:49 executed programs: 36 [ 109.650438][ T5454] set_capacity_and_notify: 24 callbacks suppressed [ 109.650451][ T5454] loop0: detected capacity change from 0 to 4096 [ 109.739604][ T5456] loop0: detected capacity change from 0 to 4096 [ 109.818755][ T5458] loop0: detected capacity change from 0 to 4096 [ 109.841319][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 109.841332][ T26] audit: type=1800 audit(1770247969.383:38): pid=5458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.53" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 109.925007][ T5460] loop0: detected capacity change from 0 to 4096 [ 109.942598][ T26] audit: type=1800 audit(1770247969.483:39): pid=5460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.54" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 110.005026][ T5462] loop0: detected capacity change from 0 to 4096 [ 110.022351][ T26] audit: type=1800 audit(1770247969.563:40): pid=5462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.55" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 110.134918][ T5464] loop0: detected capacity change from 0 to 4096 [ 110.152875][ T26] audit: type=1800 audit(1770247969.693:41): pid=5464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.56" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 110.244914][ T5466] loop0: detected capacity change from 0 to 4096 [ 110.265462][ T26] audit: type=1800 audit(1770247969.813:42): pid=5466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.57" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 110.334934][ T5468] loop0: detected capacity change from 0 to 4096 [ 110.360563][ T26] audit: type=1800 audit(1770247969.903:43): pid=5468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.58" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 110.425277][ T5470] loop0: detected capacity change from 0 to 4096 [ 110.448824][ T26] audit: type=1800 audit(1770247969.993:44): pid=5470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.59" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 110.516994][ T5472] loop0: detected capacity change from 0 to 4096 [ 110.622633][ T26] audit: type=1800 audit(1770247970.163:45): pid=5472 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.60" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 110.763612][ T26] audit: type=1800 audit(1770247970.303:46): pid=5474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.61" name="file2" dev="loop0" ino=31 res=0 errno=0 [ 110.915583][ T26] audit: type=1800 audit(1770247970.463:47): pid=5476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.62" name="file2" dev="loop0" ino=31 res=0 errno=0 2026/02/04 23:32:54 executed programs: 81 [ 114.664818][ T5544] set_capacity_and_notify: 35 callbacks suppressed [ 114.664830][ T5544] loop0: detected capacity change from 0 to 4096 [ 114.764873][ T5546] loop0: detected capacity change from 0 to 4096 [ 114.865129][ T5548] loop0: detected capacity change from 0 to 4096