Warning: Permanently added '10.128.0.70' (ED25519) to the list of known hosts. 2025/11/20 07:25:24 parsed 1 programs [ 63.057318][ T4188] cgroup: Unknown subsys name 'net' [ 63.217097][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 64.673790][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 66.648849][ T4218] chnl_net:caif_netlink_parms(): no params data found [ 66.696878][ T4218] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.704473][ T4218] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.712383][ T4218] device bridge_slave_0 entered promiscuous mode [ 66.721613][ T4218] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.728762][ T4218] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.729746][ T4218] device bridge_slave_1 entered promiscuous mode [ 66.760135][ T4218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.774157][ T4218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.806598][ T4218] team0: Port device team_slave_0 added [ 66.814582][ T4218] team0: Port device team_slave_1 added [ 66.838857][ T4218] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.846001][ T4218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.872554][ T4218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.886098][ T4218] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.893130][ T4218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.919653][ T4218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.960716][ T4218] device hsr_slave_0 entered promiscuous mode [ 66.967933][ T4218] device hsr_slave_1 entered promiscuous mode [ 67.100342][ T4218] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.112810][ T4218] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.123812][ T4218] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.136803][ T4218] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.174004][ T4218] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.181291][ T4218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.189297][ T4218] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.196635][ T4218] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.258079][ T4218] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.274226][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.286174][ T1231] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.295862][ T1231] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.304580][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 67.318924][ T4218] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.332054][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.340619][ T1231] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.347742][ T1231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.371611][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.384252][ T1231] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.391590][ T1231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.413986][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.424711][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.444886][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.454477][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.464274][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.476623][ T4218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 67.615788][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 67.625211][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 67.643271][ T4218] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.667452][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 67.677939][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 67.703286][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 67.713112][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 67.732350][ T4218] device veth0_vlan entered promiscuous mode [ 67.738998][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 67.748970][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 67.762973][ T4218] device veth1_vlan entered promiscuous mode [ 67.788676][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 67.797274][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 67.805968][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 67.815351][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.825794][ T4218] device veth0_macvtap entered promiscuous mode [ 67.836555][ T4218] device veth1_macvtap entered promiscuous mode [ 67.855897][ T4218] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.864522][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.873741][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.882323][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.892932][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.905705][ T4218] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.914780][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.925284][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.938080][ T4218] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.947197][ T4218] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.956274][ T4218] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.965873][ T4218] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.095012][ T4218] syz-executor (4218) used greatest stack depth: 20128 bytes left [ 68.144616][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.619024][ T1231] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.627194][ T1231] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.643200][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.656460][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.664736][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.673891][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/11/20 07:25:33 executed programs: 0 [ 69.944205][ T4284] chnl_net:caif_netlink_parms(): no params data found [ 69.984653][ T4284] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.991864][ T4284] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.999647][ T4284] device bridge_slave_0 entered promiscuous mode [ 70.008173][ T4284] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.015302][ T4284] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.023276][ T4284] device bridge_slave_1 entered promiscuous mode [ 70.043341][ T4284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.055264][ T4284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.078024][ T4284] team0: Port device team_slave_0 added [ 70.086572][ T4284] team0: Port device team_slave_1 added [ 70.104230][ T4284] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.111498][ T4284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.138117][ T4284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.152601][ T4284] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.159683][ T4284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.186973][ T4284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.216748][ T4284] device hsr_slave_0 entered promiscuous mode [ 70.224485][ T4284] device hsr_slave_1 entered promiscuous mode [ 70.231318][ T4284] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.239073][ T4284] Cannot create hsr debugfs directory [ 70.827540][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.324483][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.331132][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.882049][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 73.265428][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.328196][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.961653][ T21] Bluetooth: hci0: command 0x041b tx timeout [ 74.173111][ T4284] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.182337][ T4284] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.192898][ T4284] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.204322][ T4284] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.273143][ T4284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.286521][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.294363][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.305696][ T4284] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.318168][ T9] device hsr_slave_0 left promiscuous mode [ 74.324944][ T9] device hsr_slave_1 left promiscuous mode [ 74.332316][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.339729][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 74.348723][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.356451][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 74.364603][ T9] device bridge_slave_1 left promiscuous mode [ 74.371662][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.385070][ T9] device bridge_slave_0 left promiscuous mode [ 74.393112][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.408505][ T9] device veth1_macvtap left promiscuous mode [ 74.414810][ T9] device veth0_macvtap left promiscuous mode [ 74.420840][ T9] device veth1_vlan left promiscuous mode [ 74.427475][ T9] device veth0_vlan left promiscuous mode [ 74.559342][ T9] team0 (unregistering): Port device team_slave_1 removed [ 74.572437][ T9] team0 (unregistering): Port device team_slave_0 removed [ 74.585585][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 74.600056][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 74.655940][ T9] bond0 (unregistering): Released all slaves [ 74.713417][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.722218][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.730644][ T1231] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.737782][ T1231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.748496][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.757369][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.766226][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.775731][ T1231] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.782859][ T1231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.794317][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.809379][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.820390][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.829437][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.838825][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.857746][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 74.866489][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.878405][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.887686][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.902316][ T4284] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 74.916579][ T4284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.927749][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.936512][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.041942][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.049432][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.062068][ T4284] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.082996][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 75.091964][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.113497][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.122539][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.134341][ T4284] device veth0_vlan entered promiscuous mode [ 75.142817][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.151316][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.164685][ T4284] device veth1_vlan entered promiscuous mode [ 75.187936][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.197449][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.206238][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.217380][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.228922][ T4284] device veth0_macvtap entered promiscuous mode [ 75.240140][ T4284] device veth1_macvtap entered promiscuous mode [ 75.258554][ T4284] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.266578][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.276185][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 75.285314][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 75.296324][ T1231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.309475][ T4284] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.317594][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.327754][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.338922][ T4284] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.348266][ T4284] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.359027][ T4284] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.368326][ T4284] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.445861][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.462172][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.473954][ T1231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.475036][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 75.492039][ T1231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.500977][ T1264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 75.593849][ T4338] loop0: detected capacity change from 0 to 512 [ 75.616303][ T4338] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 75.646576][ T4338] [ 75.648955][ T4338] ====================================================== [ 75.656069][ T4338] WARNING: possible circular locking dependency detected [ 75.663096][ T4338] syzkaller #0 Not tainted [ 75.667612][ T4338] ------------------------------------------------------ [ 75.674720][ T4338] syz.0.17/4338 is trying to acquire lock: [ 75.680532][ T4338] ffff88807d792bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 75.690666][ T4338] [ 75.690666][ T4338] but task is already holding lock: [ 75.698129][ T4338] ffff88805bc41eb0 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 75.708101][ T4338] [ 75.708101][ T4338] which lock already depends on the new lock. [ 75.708101][ T4338] [ 75.718511][ T4338] [ 75.718511][ T4338] the existing dependency chain (in reverse order) is: [ 75.727616][ T4338] [ 75.727616][ T4338] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 75.735366][ T4338] down_read+0x44/0x2e0 [ 75.740149][ T4338] ext4_setattr+0x71d/0x19e0 [ 75.745275][ T4338] notify_change+0xbcd/0xee0 [ 75.750398][ T4338] chown_common+0x483/0x610 [ 75.755438][ T4338] do_fchownat+0x164/0x270 [ 75.760394][ T4338] __x64_sys_chown+0x7e/0x90 [ 75.765521][ T4338] do_syscall_64+0x4c/0xa0 [ 75.770467][ T4338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 75.777240][ T4338] [ 75.777240][ T4338] -> #1 (jbd2_handle){.+.+}-{0:0}: [ 75.784560][ T4338] start_this_handle+0x1338/0x15a0 [ 75.790193][ T4338] jbd2__journal_start+0x2b7/0x5a0 [ 75.795819][ T4338] __ext4_journal_start_sb+0x167/0x360 [ 75.801801][ T4338] ext4_writepages+0xdc2/0x2d20 [ 75.807177][ T4338] do_writepages+0x48d/0x6d0 [ 75.812282][ T4338] filemap_fdatawrite_wbc+0x1eb/0x240 [ 75.818189][ T4338] file_write_and_wait_range+0x129/0x1e0 [ 75.824340][ T4338] ext4_sync_file+0x1ff/0xae0 [ 75.829555][ T4338] __x64_sys_fsync+0x1a5/0x1e0 [ 75.834837][ T4338] do_syscall_64+0x4c/0xa0 [ 75.839771][ T4338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 75.846187][ T4338] [ 75.846187][ T4338] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 75.854707][ T4338] __lock_acquire+0x2c33/0x7c60 [ 75.860074][ T4338] lock_acquire+0x197/0x3f0 [ 75.865180][ T4338] percpu_down_read+0x46/0x1b0 [ 75.870459][ T4338] ext4_writepages+0x1c0/0x2d20 [ 75.875913][ T4338] do_writepages+0x48d/0x6d0 [ 75.881125][ T4338] __writeback_single_inode+0x153/0xda0 [ 75.887186][ T4338] writeback_single_inode+0x221/0x8b0 [ 75.893081][ T4338] write_inode_now+0x217/0x280 [ 75.898363][ T4338] iput+0x5ab/0x8a0 [ 75.902697][ T4338] ext4_xattr_set_entry+0x10ff/0x3d30 [ 75.908596][ T4338] ext4_xattr_block_set+0x4f7/0x2d30 [ 75.914503][ T4338] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 75.921093][ T4338] __ext4_expand_extra_isize+0x301/0x3e0 [ 75.927421][ T4338] __ext4_mark_inode_dirty+0x469/0x700 [ 75.933482][ T4338] ext4_evict_inode+0xa81/0x1080 [ 75.939025][ T4338] evict+0x485/0x870 [ 75.943549][ T4338] ext4_orphan_cleanup+0xaa9/0x12e0 [ 75.949304][ T4338] ext4_fill_super+0x92f0/0x9a60 [ 75.954755][ T4338] mount_bdev+0x287/0x3c0 [ 75.959602][ T4338] legacy_get_tree+0xe6/0x180 [ 75.964798][ T4338] vfs_get_tree+0x88/0x270 [ 75.969731][ T4338] do_new_mount+0x24a/0xa40 [ 75.974752][ T4338] __se_sys_mount+0x2d6/0x3c0 [ 75.979957][ T4338] do_syscall_64+0x4c/0xa0 [ 75.984901][ T4338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 75.991397][ T4338] [ 75.991397][ T4338] other info that might help us debug this: [ 75.991397][ T4338] [ 76.002059][ T4338] Chain exists of: [ 76.002059][ T4338] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 76.002059][ T4338] [ 76.015431][ T4338] Possible unsafe locking scenario: [ 76.015431][ T4338] [ 76.022971][ T4338] CPU0 CPU1 [ 76.028329][ T4338] ---- ---- [ 76.033684][ T4338] lock(&ei->xattr_sem); [ 76.038015][ T4338] lock(jbd2_handle); [ 76.044599][ T4338] lock(&ei->xattr_sem); [ 76.051438][ T4338] lock(&sbi->s_writepages_rwsem); [ 76.056629][ T4338] [ 76.056629][ T4338] *** DEADLOCK *** [ 76.056629][ T4338] [ 76.064765][ T4338] 3 locks held by syz.0.17/4338: [ 76.069782][ T4338] #0: ffff88807d7900e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 76.080149][ T4338] #1: ffff88807d790650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 76.089633][ T4338] #2: ffff88805bc41eb0 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 76.099981][ T4338] [ 76.099981][ T4338] stack backtrace: [ 76.105859][ T4338] CPU: 0 PID: 4338 Comm: syz.0.17 Not tainted syzkaller #0 [ 76.113057][ T4338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 76.123285][ T4338] Call Trace: [ 76.126562][ T4338] [ 76.129570][ T4338] dump_stack_lvl+0x168/0x230 [ 76.134249][ T4338] ? load_image+0x3b0/0x3b0 [ 76.138748][ T4338] ? show_regs_print_info+0x20/0x20 [ 76.143944][ T4338] ? print_circular_bug+0x12b/0x1a0 [ 76.149221][ T4338] check_noncircular+0x274/0x310 [ 76.154180][ T4338] ? add_chain_block+0x940/0x940 [ 76.159215][ T4338] ? lockdep_lock+0xdc/0x1e0 [ 76.164154][ T4338] ? lockdep_unlock+0x134/0x2d0 [ 76.169104][ T4338] ? mark_lock+0x94/0x320 [ 76.173434][ T4338] __lock_acquire+0x2c33/0x7c60 [ 76.178295][ T4338] ? verify_lock_unused+0x140/0x140 [ 76.183491][ T4338] ? verify_lock_unused+0x140/0x140 [ 76.188696][ T4338] lock_acquire+0x197/0x3f0 [ 76.193197][ T4338] ? ext4_writepages+0x1c0/0x2d20 [ 76.198230][ T4338] ? check_path+0x40/0x40 [ 76.202560][ T4338] ? __might_sleep+0xf0/0xf0 [ 76.207160][ T4338] ? read_lock_is_recursive+0x10/0x10 [ 76.212646][ T4338] ? mark_lock+0x94/0x320 [ 76.216983][ T4338] ? __lock_acquire+0x13ad/0x7c60 [ 76.222005][ T4338] percpu_down_read+0x46/0x1b0 [ 76.226767][ T4338] ? ext4_writepages+0x1c0/0x2d20 [ 76.231788][ T4338] ext4_writepages+0x1c0/0x2d20 [ 76.236641][ T4338] ? rcu_is_watching+0x11/0xa0 [ 76.241402][ T4338] ? lock_release+0xba/0x870 [ 76.246013][ T4338] ? rcu_lock_release+0x5/0x20 [ 76.250776][ T4338] ? mark_lock+0x94/0x320 [ 76.255113][ T4338] ? verify_lock_unused+0x140/0x140 [ 76.260312][ T4338] ? mark_lock+0x94/0x320 [ 76.264639][ T4338] ? ext4_readpage+0x2e0/0x2e0 [ 76.269401][ T4338] ? __lock_acquire+0x13ad/0x7c60 [ 76.274425][ T4338] ? rcu_lock_release+0x5/0x20 [ 76.279196][ T4338] ? __lock_acquire+0x7c60/0x7c60 [ 76.284224][ T4338] ? do_raw_spin_lock+0x11d/0x280 [ 76.289245][ T4338] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 76.295083][ T4338] ? do_raw_spin_unlock+0x11d/0x230 [ 76.300282][ T4338] ? ext4_readpage+0x2e0/0x2e0 [ 76.305133][ T4338] do_writepages+0x48d/0x6d0 [ 76.309733][ T4338] ? __writepage+0x130/0x130 [ 76.314319][ T4338] ? writeback_single_inode+0x216/0x8b0 [ 76.319861][ T4338] ? __lock_acquire+0x7c60/0x7c60 [ 76.324889][ T4338] ? do_raw_spin_lock+0x11d/0x280 [ 76.329914][ T4338] __writeback_single_inode+0x153/0xda0 [ 76.335476][ T4338] writeback_single_inode+0x221/0x8b0 [ 76.340936][ T4338] ? write_inode_now+0x280/0x280 [ 76.345882][ T4338] write_inode_now+0x217/0x280 [ 76.350641][ T4338] ? bdi_split_work_to_wbs+0x820/0x820 [ 76.356100][ T4338] ? do_raw_spin_unlock+0x11d/0x230 [ 76.361414][ T4338] iput+0x5ab/0x8a0 [ 76.365249][ T4338] ext4_xattr_set_entry+0x10ff/0x3d30 [ 76.370639][ T4338] ? ext4_xattr_ibody_set+0x330/0x330 [ 76.376026][ T4338] ? rcu_is_watching+0x11/0xa0 [ 76.380878][ T4338] ? kmem_cache_free+0x14c/0x210 [ 76.385818][ T4338] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 76.391898][ T4338] ext4_xattr_block_set+0x4f7/0x2d30 [ 76.397273][ T4338] ? do_raw_spin_unlock+0x11d/0x230 [ 76.402472][ T4338] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 76.408197][ T4338] ? ext4_xattr_block_find+0x500/0x500 [ 76.413653][ T4338] ? ext4_xattr_block_find+0x433/0x500 [ 76.419113][ T4338] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 76.424925][ T4338] __ext4_expand_extra_isize+0x301/0x3e0 [ 76.430589][ T4338] __ext4_mark_inode_dirty+0x469/0x700 [ 76.436048][ T4338] ext4_evict_inode+0xa81/0x1080 [ 76.440982][ T4338] ? _raw_spin_unlock+0x24/0x40 [ 76.445829][ T4338] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 76.451809][ T4338] ? do_raw_spin_unlock+0x11d/0x230 [ 76.457104][ T4338] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 76.462992][ T4338] evict+0x485/0x870 [ 76.466895][ T4338] ? __lock_acquire+0x7c60/0x7c60 [ 76.472177][ T4338] ? proc_nr_inodes+0x320/0x320 [ 76.477029][ T4338] ? do_raw_spin_unlock+0x11d/0x230 [ 76.482222][ T4338] ? _raw_spin_unlock+0x24/0x40 [ 76.487064][ T4338] ? iput+0x706/0x8a0 [ 76.491044][ T4338] ext4_orphan_cleanup+0xaa9/0x12e0 [ 76.496241][ T4338] ? ext4_orphan_del+0xb90/0xb90 [ 76.501174][ T4338] ? errseq_check_and_advance+0x62/0x120 [ 76.506803][ T4338] ext4_fill_super+0x92f0/0x9a60 [ 76.511768][ T4338] ? ext4_mount+0x40/0x40 [ 76.516091][ T4338] ? set_blocksize+0x1f1/0x370 [ 76.520862][ T4338] ? sb_set_blocksize+0xa5/0xe0 [ 76.525713][ T4338] mount_bdev+0x287/0x3c0 [ 76.530133][ T4338] ? ext4_mount+0x40/0x40 [ 76.534545][ T4338] legacy_get_tree+0xe6/0x180 [ 76.539398][ T4338] ? ext4_errno_to_code+0x160/0x160 [ 76.544739][ T4338] vfs_get_tree+0x88/0x270 [ 76.549187][ T4338] do_new_mount+0x24a/0xa40 [ 76.553754][ T4338] __se_sys_mount+0x2d6/0x3c0 [ 76.558451][ T4338] ? __x64_sys_mount+0xc0/0xc0 [ 76.563242][ T4338] ? lockdep_hardirqs_on+0x94/0x140 [ 76.568455][ T4338] ? __x64_sys_mount+0x1c/0xc0 [ 76.573466][ T4338] do_syscall_64+0x4c/0xa0 [ 76.577887][ T4338] ? clear_bhb_loop+0x30/0x80 [ 76.582649][ T4338] ? clear_bhb_loop+0x30/0x80 [ 76.587347][ T4338] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.593412][ T4338] RIP: 0033:0x7f77663a8eea [ 76.597829][ T4338] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.617442][ T4338] RSP: 002b:00007fff64907288 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 76.625870][ T4338] RAX: ffffffffffffffda RBX: 00007fff64907310 RCX: 00007f77663a8eea [ 76.634045][ T4338] RDX: 0000200000000180 RSI: 0000200000000080 RDI: 00007fff649072d0 [ 76.642129][ T4338] RBP: 0000200000000180 R08: 00007fff64907310 R09: 0000000000800700 [ 76.650186][ T4338] R10: 0000000000800700 R11: 0000000000000246 R12: 0000200000000080 [ 76.658246][ T4338] R13: 00007fff649072d0 R14: 000000000000046f R15: 00002000000007c0 [ 76.666221][ T4338] [ 76.674205][ T4236] Bluetooth: hci0: command 0x040f tx timeout [ 76.701711][ T4338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 76.727618][ T4338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 76.772343][ T4338] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 76.799802][ T4338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 76.821704][ T4338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 76.841760][ T4338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 76.856002][ T4338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 76.869030][ T4338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 76.883260][ T4338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 76.895801][ T4338] EXT4-fs (loop0): 1 orphan inode deleted [ 76.902062][ T4338] EXT4-fs (loop0): mounted filesystem without journal. Opts: data_err=ignore,dioread_nolock,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,,errors=continue. Quota mode: none.