Warning: Permanently added '10.128.1.98' (ED25519) to the list of known hosts. 2025/12/03 09:54:15 parsed 1 programs [ 63.442465][ T4188] cgroup: Unknown subsys name 'net' [ 63.552840][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 64.972559][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 67.237694][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.250963][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.268318][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.283165][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.291817][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.301155][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.569791][ T4257] chnl_net:caif_netlink_parms(): no params data found [ 68.623215][ T4257] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.631385][ T4257] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.639563][ T4257] device bridge_slave_0 entered promiscuous mode [ 68.648859][ T4257] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.656189][ T4257] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.664097][ T4257] device bridge_slave_1 entered promiscuous mode [ 68.684684][ T4257] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.695457][ T4257] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.718779][ T4257] team0: Port device team_slave_0 added [ 68.725944][ T4257] team0: Port device team_slave_1 added [ 68.743976][ T4257] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.750913][ T4257] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.776919][ T4257] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.789759][ T4257] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.796831][ T4257] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.823030][ T4257] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.853942][ T4257] device hsr_slave_0 entered promiscuous mode [ 68.861132][ T4257] device hsr_slave_1 entered promiscuous mode [ 68.970376][ T4257] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.981100][ T4257] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.991145][ T4257] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.000268][ T4257] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.048135][ T4257] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.055367][ T4257] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.063216][ T4257] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.070332][ T4257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.112757][ T4257] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.128634][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.138425][ T155] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.146564][ T155] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.160837][ T4257] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.193211][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.202103][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.209211][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.224945][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.233425][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.240510][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.275237][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.284893][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.293296][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.304433][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.313118][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.327837][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.336285][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.362009][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 69.370887][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.382012][ T4257] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.497227][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.504940][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 69.534901][ T4257] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.552152][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 69.560912][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.596542][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 69.605757][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.615476][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.623728][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 69.631840][ T4257] device veth0_vlan entered promiscuous mode [ 69.664197][ T4257] device veth1_vlan entered promiscuous mode [ 69.683063][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 69.691422][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 69.700108][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 69.709908][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 69.721877][ T4257] device veth0_macvtap entered promiscuous mode [ 69.740182][ T4257] device veth1_macvtap entered promiscuous mode [ 69.762600][ T4257] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.770918][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 69.779414][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 69.788620][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 69.797677][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 69.840416][ T4257] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.848309][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 69.861523][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 69.872372][ T4257] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.882168][ T4257] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.890939][ T4257] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.899770][ T4257] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.034639][ T4257] syz-executor (4257) used greatest stack depth: 20448 bytes left 2025/12/03 09:54:24 executed programs: 0 [ 70.574981][ T4301] chnl_net:caif_netlink_parms(): no params data found [ 70.636945][ T4301] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.644151][ T4301] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.652353][ T4301] device bridge_slave_0 entered promiscuous mode [ 70.661204][ T4301] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.668637][ T4301] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.677080][ T4301] device bridge_slave_1 entered promiscuous mode [ 70.706632][ T4301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.718288][ T4301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.750298][ T4301] team0: Port device team_slave_0 added [ 70.760809][ T4301] team0: Port device team_slave_1 added [ 70.784489][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.791596][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.818263][ T4301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.830895][ T4301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.838400][ T4301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.864702][ T4301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.904296][ T4301] device hsr_slave_0 entered promiscuous mode [ 70.911177][ T4301] device hsr_slave_1 entered promiscuous mode [ 70.918287][ T4301] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.926721][ T4301] Cannot create hsr debugfs directory [ 71.017607][ T4301] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.158124][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.165184][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.514301][ T4279] Bluetooth: hci0: command 0x0409 tx timeout [ 73.569806][ T4301] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.594444][ T4259] Bluetooth: hci0: command 0x041b tx timeout [ 74.758688][ T4301] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.826924][ T4301] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.075529][ T4301] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.085512][ T4301] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.103891][ T4301] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.113198][ T4301] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.177963][ T4301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.190418][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.198878][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.209763][ T4301] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.222170][ T154] device hsr_slave_0 left promiscuous mode [ 75.229300][ T154] device hsr_slave_1 left promiscuous mode [ 75.236905][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.245485][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.253613][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.261021][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.269130][ T154] device bridge_slave_1 left promiscuous mode [ 75.276368][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.289860][ T154] device bridge_slave_0 left promiscuous mode [ 75.296155][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.317080][ T154] device veth1_macvtap left promiscuous mode [ 75.323357][ T154] device veth0_macvtap left promiscuous mode [ 75.329574][ T154] device veth1_vlan left promiscuous mode [ 75.336134][ T154] device veth0_vlan left promiscuous mode [ 75.481705][ T154] team0 (unregistering): Port device team_slave_1 removed [ 75.495373][ T154] team0 (unregistering): Port device team_slave_0 removed [ 75.508953][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 75.523834][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 75.580041][ T154] bond0 (unregistering): Released all slaves [ 75.655769][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.664767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.673152][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.680242][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.688874][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 75.701392][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.710823][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.719953][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.727055][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.734922][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.745699][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.761228][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.770897][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.780137][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.790417][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.799542][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.817977][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.828388][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.839660][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.848102][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.858607][ T4301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.954169][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.961691][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.976610][ T4301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.999114][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.007969][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.029139][ T4301] device veth0_vlan entered promiscuous mode [ 76.037634][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.045974][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.055874][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.064547][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.076353][ T4301] device veth1_vlan entered promiscuous mode [ 76.099744][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.110940][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.119491][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.129050][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.140848][ T4301] device veth0_macvtap entered promiscuous mode [ 76.151037][ T4301] device veth1_macvtap entered promiscuous mode [ 76.170573][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.178554][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.187570][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.196462][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.205410][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.218864][ T4301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.226858][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.236283][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.249278][ T4301] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.259058][ T4301] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.268392][ T4301] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.277909][ T4301] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.336335][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.353678][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.362801][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.376364][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.385667][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.395411][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.460737][ T4319] loop0: detected capacity change from 0 to 512 [ 76.619458][ T4319] [ 76.621837][ T4319] ====================================================== [ 76.628858][ T4319] WARNING: possible circular locking dependency detected [ 76.635892][ T4319] syzkaller #0 Not tainted [ 76.640309][ T4319] ------------------------------------------------------ [ 76.647325][ T4319] syz.0.17/4319 is trying to acquire lock: [ 76.653127][ T4319] ffff88807d45abd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 76.663245][ T4319] [ 76.663245][ T4319] but task is already holding lock: [ 76.670614][ T4319] ffff88806ff0a8a8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 76.673865][ T1334] Bluetooth: hci0: command 0x040f tx timeout [ 76.680457][ T4319] [ 76.680457][ T4319] which lock already depends on the new lock. [ 76.680457][ T4319] [ 76.680463][ T4319] [ 76.680463][ T4319] the existing dependency chain (in reverse order) is: [ 76.705843][ T4319] [ 76.705843][ T4319] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 76.713416][ T4319] down_read+0x44/0x2e0 [ 76.718103][ T4319] ext4_setattr+0x71d/0x19e0 [ 76.723229][ T4319] notify_change+0xbcd/0xee0 [ 76.728367][ T4319] chown_common+0x483/0x610 [ 76.733412][ T4319] do_fchownat+0x164/0x270 [ 76.738369][ T4319] __x64_sys_chown+0x7e/0x90 [ 76.743499][ T4319] do_syscall_64+0x4c/0xa0 [ 76.748450][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.754889][ T4319] [ 76.754889][ T4319] -> #1 (jbd2_handle){.+.+}-{0:0}: [ 76.762206][ T4319] start_this_handle+0x1338/0x15a0 [ 76.767859][ T4319] jbd2__journal_start+0x2b7/0x5a0 [ 76.773507][ T4319] __ext4_journal_start_sb+0x167/0x360 [ 76.779498][ T4319] ext4_writepages+0xdc2/0x2d20 [ 76.784877][ T4319] do_writepages+0x48d/0x6d0 [ 76.789997][ T4319] filemap_fdatawrite_wbc+0x1eb/0x240 [ 76.795892][ T4319] file_write_and_wait_range+0x129/0x1e0 [ 76.802052][ T4319] ext4_sync_file+0x1ff/0xae0 [ 76.807266][ T4319] __x64_sys_fsync+0x1a5/0x1e0 [ 76.812561][ T4319] do_syscall_64+0x4c/0xa0 [ 76.817498][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.823908][ T4319] [ 76.823908][ T4319] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 76.832325][ T4319] __lock_acquire+0x2c33/0x7c60 [ 76.837690][ T4319] lock_acquire+0x197/0x3f0 [ 76.842709][ T4319] percpu_down_read+0x46/0x1b0 [ 76.847993][ T4319] ext4_writepages+0x1c0/0x2d20 [ 76.853389][ T4319] do_writepages+0x48d/0x6d0 [ 76.858502][ T4319] __writeback_single_inode+0x153/0xda0 [ 76.864567][ T4319] writeback_single_inode+0x221/0x8b0 [ 76.870464][ T4319] write_inode_now+0x217/0x280 [ 76.875747][ T4319] iput+0x5ab/0x8a0 [ 76.880073][ T4319] ext4_xattr_set_entry+0x10ff/0x3d30 [ 76.885964][ T4319] ext4_xattr_block_set+0x4f7/0x2d30 [ 76.891767][ T4319] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 76.898090][ T4319] __ext4_expand_extra_isize+0x301/0x3e0 [ 76.904242][ T4319] __ext4_mark_inode_dirty+0x469/0x700 [ 76.910243][ T4319] ext4_evict_inode+0xa81/0x1080 [ 76.915817][ T4319] evict+0x485/0x870 [ 76.920249][ T4319] ext4_orphan_cleanup+0xaa9/0x12e0 [ 76.925985][ T4319] ext4_fill_super+0x92f0/0x9a60 [ 76.931441][ T4319] mount_bdev+0x287/0x3c0 [ 76.936290][ T4319] legacy_get_tree+0xe6/0x180 [ 76.941494][ T4319] vfs_get_tree+0x88/0x270 [ 76.946425][ T4319] do_new_mount+0x24a/0xa40 [ 76.951468][ T4319] __se_sys_mount+0x2d6/0x3c0 [ 76.956672][ T4319] do_syscall_64+0x4c/0xa0 [ 76.961610][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 76.968028][ T4319] [ 76.968028][ T4319] other info that might help us debug this: [ 76.968028][ T4319] [ 76.978252][ T4319] Chain exists of: [ 76.978252][ T4319] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 76.978252][ T4319] [ 76.991623][ T4319] Possible unsafe locking scenario: [ 76.991623][ T4319] [ 76.999062][ T4319] CPU0 CPU1 [ 77.004431][ T4319] ---- ---- [ 77.009782][ T4319] lock(&ei->xattr_sem); [ 77.014104][ T4319] lock(jbd2_handle); [ 77.020683][ T4319] lock(&ei->xattr_sem); [ 77.027523][ T4319] lock(&sbi->s_writepages_rwsem); [ 77.032712][ T4319] [ 77.032712][ T4319] *** DEADLOCK *** [ 77.032712][ T4319] [ 77.040843][ T4319] 3 locks held by syz.0.17/4319: [ 77.045767][ T4319] #0: ffff88807d4580e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 77.055863][ T4319] #1: ffff88807d458650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 77.065336][ T4319] #2: ffff88806ff0a8a8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 77.075589][ T4319] [ 77.075589][ T4319] stack backtrace: [ 77.081491][ T4319] CPU: 1 PID: 4319 Comm: syz.0.17 Not tainted syzkaller #0 [ 77.088681][ T4319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 77.098738][ T4319] Call Trace: [ 77.102012][ T4319] [ 77.104940][ T4319] dump_stack_lvl+0x168/0x230 [ 77.109616][ T4319] ? load_image+0x3b0/0x3b0 [ 77.114151][ T4319] ? show_regs_print_info+0x20/0x20 [ 77.119367][ T4319] ? print_circular_bug+0x12b/0x1a0 [ 77.124561][ T4319] check_noncircular+0x274/0x310 [ 77.129490][ T4319] ? add_chain_block+0x940/0x940 [ 77.134422][ T4319] ? lockdep_lock+0xdc/0x1e0 [ 77.139042][ T4319] ? lockdep_unlock+0x134/0x2d0 [ 77.143891][ T4319] ? mark_lock+0x94/0x320 [ 77.148249][ T4319] __lock_acquire+0x2c33/0x7c60 [ 77.153115][ T4319] ? verify_lock_unused+0x140/0x140 [ 77.158330][ T4319] ? verify_lock_unused+0x140/0x140 [ 77.163537][ T4319] lock_acquire+0x197/0x3f0 [ 77.168058][ T4319] ? ext4_writepages+0x1c0/0x2d20 [ 77.173079][ T4319] ? check_path+0x40/0x40 [ 77.177401][ T4319] ? __might_sleep+0xf0/0xf0 [ 77.181989][ T4319] ? read_lock_is_recursive+0x10/0x10 [ 77.187360][ T4319] ? mark_lock+0x94/0x320 [ 77.191691][ T4319] ? __lock_acquire+0x13ad/0x7c60 [ 77.196729][ T4319] percpu_down_read+0x46/0x1b0 [ 77.201504][ T4319] ? ext4_writepages+0x1c0/0x2d20 [ 77.206520][ T4319] ext4_writepages+0x1c0/0x2d20 [ 77.211365][ T4319] ? rcu_is_watching+0x11/0xa0 [ 77.216121][ T4319] ? lock_release+0xba/0x870 [ 77.220717][ T4319] ? rcu_lock_release+0x5/0x20 [ 77.225474][ T4319] ? mark_lock+0x94/0x320 [ 77.229798][ T4319] ? verify_lock_unused+0x140/0x140 [ 77.234998][ T4319] ? mark_lock+0x94/0x320 [ 77.239326][ T4319] ? ext4_readpage+0x2e0/0x2e0 [ 77.244083][ T4319] ? __lock_acquire+0x13ad/0x7c60 [ 77.249102][ T4319] ? rcu_lock_release+0x5/0x20 [ 77.253862][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 77.258879][ T4319] ? do_raw_spin_lock+0x11d/0x280 [ 77.263897][ T4319] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 77.269265][ T4319] ? do_raw_spin_unlock+0x11d/0x230 [ 77.274455][ T4319] ? ext4_readpage+0x2e0/0x2e0 [ 77.279229][ T4319] do_writepages+0x48d/0x6d0 [ 77.283820][ T4319] ? __writepage+0x130/0x130 [ 77.288408][ T4319] ? writeback_single_inode+0x216/0x8b0 [ 77.293952][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 77.298972][ T4319] ? do_raw_spin_lock+0x11d/0x280 [ 77.303990][ T4319] __writeback_single_inode+0x153/0xda0 [ 77.309533][ T4319] writeback_single_inode+0x221/0x8b0 [ 77.314903][ T4319] ? write_inode_now+0x280/0x280 [ 77.319851][ T4319] write_inode_now+0x217/0x280 [ 77.324608][ T4319] ? bdi_split_work_to_wbs+0x820/0x820 [ 77.330070][ T4319] ? do_raw_spin_unlock+0x11d/0x230 [ 77.335265][ T4319] iput+0x5ab/0x8a0 [ 77.339069][ T4319] ext4_xattr_set_entry+0x10ff/0x3d30 [ 77.344444][ T4319] ? ext4_xattr_ibody_set+0x330/0x330 [ 77.349814][ T4319] ? rcu_is_watching+0x11/0xa0 [ 77.354572][ T4319] ? kmem_cache_free+0x14c/0x210 [ 77.359506][ T4319] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 77.365568][ T4319] ext4_xattr_block_set+0x4f7/0x2d30 [ 77.370849][ T4319] ? do_raw_spin_unlock+0x11d/0x230 [ 77.376050][ T4319] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 77.381765][ T4319] ? ext4_xattr_block_find+0x500/0x500 [ 77.387215][ T4319] ? ext4_xattr_block_find+0x433/0x500 [ 77.392672][ T4319] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 77.398487][ T4319] __ext4_expand_extra_isize+0x301/0x3e0 [ 77.404118][ T4319] __ext4_mark_inode_dirty+0x469/0x700 [ 77.409569][ T4319] ext4_evict_inode+0xa81/0x1080 [ 77.414496][ T4319] ? _raw_spin_unlock+0x24/0x40 [ 77.419342][ T4319] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 77.425233][ T4319] ? do_raw_spin_unlock+0x11d/0x230 [ 77.430425][ T4319] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 77.436312][ T4319] evict+0x485/0x870 [ 77.440199][ T4319] ? __lock_acquire+0x7c60/0x7c60 [ 77.445223][ T4319] ? proc_nr_inodes+0x320/0x320 [ 77.450070][ T4319] ? do_raw_spin_unlock+0x11d/0x230 [ 77.455264][ T4319] ? _raw_spin_unlock+0x24/0x40 [ 77.460110][ T4319] ? iput+0x706/0x8a0 [ 77.464093][ T4319] ext4_orphan_cleanup+0xaa9/0x12e0 [ 77.469293][ T4319] ? ext4_orphan_del+0xb90/0xb90 [ 77.474227][ T4319] ? errseq_check_and_advance+0x62/0x120 [ 77.479855][ T4319] ext4_fill_super+0x92f0/0x9a60 [ 77.484802][ T4319] ? ext4_mount+0x40/0x40 [ 77.489122][ T4319] ? set_blocksize+0x1f1/0x370 [ 77.493879][ T4319] ? sb_set_blocksize+0xa5/0xe0 [ 77.498727][ T4319] mount_bdev+0x287/0x3c0 [ 77.503049][ T4319] ? ext4_mount+0x40/0x40 [ 77.507373][ T4319] legacy_get_tree+0xe6/0x180 [ 77.512055][ T4319] ? ext4_errno_to_code+0x160/0x160 [ 77.517249][ T4319] vfs_get_tree+0x88/0x270 [ 77.521663][ T4319] do_new_mount+0x24a/0xa40 [ 77.526167][ T4319] __se_sys_mount+0x2d6/0x3c0 [ 77.530850][ T4319] ? __x64_sys_mount+0xc0/0xc0 [ 77.535606][ T4319] ? lockdep_hardirqs_on+0x94/0x140 [ 77.540805][ T4319] ? __x64_sys_mount+0x1c/0xc0 [ 77.545567][ T4319] do_syscall_64+0x4c/0xa0 [ 77.549977][ T4319] ? clear_bhb_loop+0x30/0x80 [ 77.554647][ T4319] ? clear_bhb_loop+0x30/0x80 [ 77.559320][ T4319] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 77.565220][ T4319] RIP: 0033:0x7f08f3ce5eea [ 77.569651][ T4319] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.589265][ T4319] RSP: 002b:00007ffcdc98f9a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.597692][ T4319] RAX: ffffffffffffffda RBX: 00007ffcdc98fa30 RCX: 00007f08f3ce5eea [ 77.605658][ T4319] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffcdc98f9f0 [ 77.613620][ T4319] RBP: 0000200000000180 R08: 00007ffcdc98fa30 R09: 0000000000800700 [ 77.621585][ T4319] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 77.629554][ T4319] R13: 00007ffcdc98f9f0 R14: 000000000000046f R15: 000000000000002c [ 77.637524][ T4319] [ 77.662962][ T4319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 77.676928][ T4319] EXT4-fs (loop0): Remounting filesystem read-only [ 77.684757][ T4319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 77.698280][ T4319] EXT4-fs (loop0): Remounting filesystem read-only [ 77.705899][ T4319] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 77.720506][ T4319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 77.734392][ T4319] EXT4-fs (loop0): Remounting filesystem read-only [ 77.741259][ T4319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 77.754357][ T4319] EXT4-fs (loop0): Remounting filesystem read-only [ 77.761015][ T4319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 77.774852][ T4319] EXT4-fs (loop0): Remounting filesystem read-only [ 77.781419][ T4319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 77.795231][ T4319] EXT4-fs (loop0): Remounting filesystem read-only [ 77.802249][ T4319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 77.815962][ T4319] EXT4-fs (loop0): Remounting filesystem read-only [ 77.822518][ T4319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 77.834919][ T4319] EXT4-fs (loop0): Remounting filesystem read-only [ 77.841537][ T4319] EXT4-fs (loop0): 1 orphan inode deleted [ 77.847399][ T4319] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none.