no interfaces have a carrier [ 40.487666][ T3854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.499190][ T3854] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.63' (ED25519) to the list of known hosts. 2025/11/09 13:50:23 parsed 1 programs syzkaller login: [ 72.667807][ T4190] cgroup: Unknown subsys name 'net' [ 72.815485][ T4190] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.367160][ T4190] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 76.185695][ T4212] chnl_net:caif_netlink_parms(): no params data found [ 76.237807][ T4212] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.245696][ T4212] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.254067][ T4212] device bridge_slave_0 entered promiscuous mode [ 76.265387][ T4212] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.272695][ T4212] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.280821][ T4212] device bridge_slave_1 entered promiscuous mode [ 76.303688][ T4212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.317286][ T4212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.343429][ T4212] team0: Port device team_slave_0 added [ 76.351136][ T4212] team0: Port device team_slave_1 added [ 76.372222][ T4212] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.379280][ T4212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.405470][ T4212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.420769][ T4212] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.427753][ T4212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.454292][ T4212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.486192][ T4212] device hsr_slave_0 entered promiscuous mode [ 76.493692][ T4212] device hsr_slave_1 entered promiscuous mode [ 76.644548][ T4212] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.656741][ T4212] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.669438][ T4212] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.681004][ T4212] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.714449][ T4212] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.721752][ T4212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.730114][ T4212] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.737214][ T4212] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.801241][ T4212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.815433][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.829502][ T1245] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.840228][ T1245] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.850700][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 76.865352][ T4212] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.880518][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.891267][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.898426][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.919791][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.930108][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.937201][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.957208][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.982413][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.990803][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.000824][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.010242][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.020710][ T4212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.153760][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.163978][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.179826][ T4212] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.202149][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 77.216552][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.238999][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.248992][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.258706][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.266626][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.300198][ T4212] device veth0_vlan entered promiscuous mode [ 77.315691][ T4212] device veth1_vlan entered promiscuous mode [ 77.343948][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.353707][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.363077][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.372300][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.384608][ T4212] device veth0_macvtap entered promiscuous mode [ 77.397842][ T4212] device veth1_macvtap entered promiscuous mode [ 77.417712][ T4212] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.429470][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.438467][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.446625][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.456108][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.469780][ T4212] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.479518][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.489162][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.500682][ T4212] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.511623][ T4212] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.522473][ T4212] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.533091][ T4212] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.669647][ T4212] syz-executor (4212) used greatest stack depth: 20768 bytes left [ 77.867435][ T562] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.837757][ T3070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.847094][ T3070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.862069][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.874887][ T3070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.883204][ T3070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.892530][ T3070] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/11/09 13:50:32 executed programs: 0 [ 79.973015][ T4285] chnl_net:caif_netlink_parms(): no params data found [ 80.018419][ T4285] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.025574][ T4285] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.033609][ T4285] device bridge_slave_0 entered promiscuous mode [ 80.041736][ T4285] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.049343][ T4285] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.057337][ T4285] device bridge_slave_1 entered promiscuous mode [ 80.081007][ T4285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.092644][ T4285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.120334][ T4285] team0: Port device team_slave_0 added [ 80.128036][ T4285] team0: Port device team_slave_1 added [ 80.148882][ T4285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.155869][ T4285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.182148][ T4285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.194987][ T4285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.202000][ T4285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.228236][ T4285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.248793][ T562] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.277971][ T4285] device hsr_slave_0 entered promiscuous mode [ 80.286146][ T4285] device hsr_slave_1 entered promiscuous mode [ 80.294300][ T4285] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.302373][ T4285] Cannot create hsr debugfs directory [ 81.929231][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 82.514850][ T562] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.576248][ T562] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.394998][ T4285] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.406267][ T4285] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.422656][ T4285] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.432380][ T4285] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.464398][ T562] device hsr_slave_0 left promiscuous mode [ 83.472329][ T562] device hsr_slave_1 left promiscuous mode [ 83.480034][ T562] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 83.487601][ T562] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 83.496299][ T562] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 83.503767][ T562] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 83.511808][ T562] device bridge_slave_1 left promiscuous mode [ 83.519263][ T562] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.535288][ T562] device bridge_slave_0 left promiscuous mode [ 83.542527][ T562] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.562222][ T562] device veth1_macvtap left promiscuous mode [ 83.568616][ T562] device veth0_macvtap left promiscuous mode [ 83.574665][ T562] device veth1_vlan left promiscuous mode [ 83.581083][ T562] device veth0_vlan left promiscuous mode [ 83.742164][ T562] team0 (unregistering): Port device team_slave_1 removed [ 83.756102][ T562] team0 (unregistering): Port device team_slave_0 removed [ 83.770267][ T562] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.786443][ T562] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.846493][ T562] bond0 (unregistering): Released all slaves [ 83.922725][ T4285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.944848][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 83.953977][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.970823][ T4285] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.982795][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.991591][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.000399][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.007468][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.008411][ T4299] Bluetooth: hci0: command 0x041b tx timeout [ 84.024637][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.033220][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.042036][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.051363][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.058494][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.066328][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.075256][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.087708][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.116222][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.125824][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.136726][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.146711][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.164365][ T4285] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 84.177299][ T4285] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.191698][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.201175][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.210227][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.218762][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.230711][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.336155][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.344384][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.361238][ T4285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.383174][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 84.394051][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.416750][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 84.426116][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.435533][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.443785][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.455057][ T4285] device veth0_vlan entered promiscuous mode [ 84.468581][ T4285] device veth1_vlan entered promiscuous mode [ 84.495245][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 84.504049][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 84.512904][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 84.522399][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.533376][ T4285] device veth0_macvtap entered promiscuous mode [ 84.545485][ T4285] device veth1_macvtap entered promiscuous mode [ 84.564488][ T4285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.582613][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 84.593325][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 84.601587][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.610683][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.623460][ T4285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.631863][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.641439][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.652783][ T4285] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.662851][ T4285] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.673161][ T4285] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.682870][ T4285] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.741502][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.762015][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.775235][ T1245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.777378][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.788200][ T1245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.801297][ T3070] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.894359][ T4336] loop0: detected capacity change from 0 to 512 [ 85.047186][ T4336] [ 85.049576][ T4336] ====================================================== [ 85.056601][ T4336] WARNING: possible circular locking dependency detected [ 85.063646][ T4336] syzkaller #0 Not tainted [ 85.068067][ T4336] ------------------------------------------------------ [ 85.075090][ T4336] syz.0.17/4336 is trying to acquire lock: [ 85.080898][ T4336] ffff88807db28bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 85.091039][ T4336] [ 85.091039][ T4336] but task is already holding lock: [ 85.098852][ T4336] ffff88806254ee70 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 85.108715][ T4336] [ 85.108715][ T4336] which lock already depends on the new lock. [ 85.108715][ T4336] [ 85.119132][ T4336] [ 85.119132][ T4336] the existing dependency chain (in reverse order) is: [ 85.128166][ T4336] [ 85.128166][ T4336] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 85.135751][ T4336] down_read+0x44/0x2e0 [ 85.140456][ T4336] ext4_setattr+0x71d/0x19e0 [ 85.145587][ T4336] notify_change+0xbcd/0xee0 [ 85.150720][ T4336] chown_common+0x483/0x610 [ 85.155767][ T4336] do_fchownat+0x164/0x270 [ 85.160725][ T4336] __x64_sys_chown+0x7e/0x90 [ 85.165990][ T4336] do_syscall_64+0x4c/0xa0 [ 85.170993][ T4336] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.177427][ T4336] [ 85.177427][ T4336] -> #1 (jbd2_handle){++++}-{0:0}: [ 85.184743][ T4336] start_this_handle+0x1338/0x15a0 [ 85.190391][ T4336] jbd2__journal_start+0x2b7/0x5a0 [ 85.196031][ T4336] __ext4_journal_start_sb+0x167/0x360 [ 85.202013][ T4336] ext4_writepages+0xdc2/0x2d20 [ 85.207394][ T4336] do_writepages+0x48d/0x6d0 [ 85.212512][ T4336] __writeback_single_inode+0x153/0xda0 [ 85.218585][ T4336] writeback_sb_inodes+0x9fe/0x1610 [ 85.224311][ T4336] __writeback_inodes_wb+0x12a/0x3f0 [ 85.230148][ T4336] wb_writeback+0x455/0xb90 [ 85.235172][ T4336] wb_workfn+0xaaa/0xe60 [ 85.239947][ T4336] process_one_work+0x863/0x1000 [ 85.245416][ T4336] worker_thread+0xaa8/0x12a0 [ 85.250614][ T4336] kthread+0x436/0x520 [ 85.255206][ T4336] ret_from_fork+0x1f/0x30 [ 85.260146][ T4336] [ 85.260146][ T4336] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 85.268591][ T4336] __lock_acquire+0x2c33/0x7c60 [ 85.273973][ T4336] lock_acquire+0x197/0x3f0 [ 85.279004][ T4336] percpu_down_read+0x46/0x1b0 [ 85.284313][ T4336] ext4_writepages+0x1c0/0x2d20 [ 85.289686][ T4336] do_writepages+0x48d/0x6d0 [ 85.294799][ T4336] __writeback_single_inode+0x153/0xda0 [ 85.300879][ T4336] writeback_single_inode+0x221/0x8b0 [ 85.306783][ T4336] write_inode_now+0x217/0x280 [ 85.312075][ T4336] iput+0x5ab/0x8a0 [ 85.316496][ T4336] ext4_xattr_set_entry+0x10ff/0x3d30 [ 85.322395][ T4336] ext4_xattr_block_set+0x4f7/0x2d30 [ 85.328207][ T4336] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 85.334801][ T4336] __ext4_expand_extra_isize+0x301/0x3e0 [ 85.340963][ T4336] __ext4_mark_inode_dirty+0x469/0x700 [ 85.346943][ T4336] ext4_evict_inode+0xa81/0x1080 [ 85.352414][ T4336] evict+0x485/0x870 [ 85.356856][ T4336] ext4_orphan_cleanup+0xaa9/0x12e0 [ 85.362594][ T4336] ext4_fill_super+0x92f0/0x9a60 [ 85.368081][ T4336] mount_bdev+0x287/0x3c0 [ 85.372938][ T4336] legacy_get_tree+0xe6/0x180 [ 85.378145][ T4336] vfs_get_tree+0x88/0x270 [ 85.383083][ T4336] do_new_mount+0x24a/0xa40 [ 85.388110][ T4336] __se_sys_mount+0x2d6/0x3c0 [ 85.393310][ T4336] do_syscall_64+0x4c/0xa0 [ 85.398245][ T4336] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.404665][ T4336] [ 85.404665][ T4336] other info that might help us debug this: [ 85.404665][ T4336] [ 85.414887][ T4336] Chain exists of: [ 85.414887][ T4336] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 85.414887][ T4336] [ 85.428271][ T4336] Possible unsafe locking scenario: [ 85.428271][ T4336] [ 85.435723][ T4336] CPU0 CPU1 [ 85.441092][ T4336] ---- ---- [ 85.446466][ T4336] lock(&ei->xattr_sem); [ 85.450807][ T4336] lock(jbd2_handle); [ 85.457395][ T4336] lock(&ei->xattr_sem); [ 85.464244][ T4336] lock(&sbi->s_writepages_rwsem); [ 85.469539][ T4336] [ 85.469539][ T4336] *** DEADLOCK *** [ 85.469539][ T4336] [ 85.477680][ T4336] 3 locks held by syz.0.17/4336: [ 85.482622][ T4336] #0: ffff88807dd900e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 85.492731][ T4336] #1: ffff88807dd90650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 85.502227][ T4336] #2: ffff88806254ee70 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 85.512494][ T4336] [ 85.512494][ T4336] stack backtrace: [ 85.518474][ T4336] CPU: 0 PID: 4336 Comm: syz.0.17 Not tainted syzkaller #0 [ 85.525669][ T4336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 85.535732][ T4336] Call Trace: [ 85.539019][ T4336] [ 85.541953][ T4336] dump_stack_lvl+0x168/0x230 [ 85.546643][ T4336] ? load_image+0x3b0/0x3b0 [ 85.551147][ T4336] ? show_regs_print_info+0x20/0x20 [ 85.556375][ T4336] ? print_circular_bug+0x12b/0x1a0 [ 85.561600][ T4336] check_noncircular+0x274/0x310 [ 85.566544][ T4336] ? add_chain_block+0x940/0x940 [ 85.571913][ T4336] ? lockdep_lock+0xdc/0x1e0 [ 85.576510][ T4336] ? lockdep_unlock+0x134/0x2d0 [ 85.581361][ T4336] ? mark_lock+0x94/0x320 [ 85.585691][ T4336] __lock_acquire+0x2c33/0x7c60 [ 85.590589][ T4336] ? verify_lock_unused+0x140/0x140 [ 85.595795][ T4336] ? verify_lock_unused+0x140/0x140 [ 85.601007][ T4336] lock_acquire+0x197/0x3f0 [ 85.605627][ T4336] ? ext4_writepages+0x1c0/0x2d20 [ 85.610672][ T4336] ? check_path+0x40/0x40 [ 85.615103][ T4336] ? __might_sleep+0xf0/0xf0 [ 85.619699][ T4336] ? read_lock_is_recursive+0x10/0x10 [ 85.625076][ T4336] ? mark_lock+0x94/0x320 [ 85.629412][ T4336] ? __lock_acquire+0x13ad/0x7c60 [ 85.634441][ T4336] percpu_down_read+0x46/0x1b0 [ 85.639212][ T4336] ? ext4_writepages+0x1c0/0x2d20 [ 85.644244][ T4336] ext4_writepages+0x1c0/0x2d20 [ 85.649100][ T4336] ? rcu_is_watching+0x11/0xa0 [ 85.653879][ T4336] ? lock_release+0xba/0x870 [ 85.658491][ T4336] ? rcu_lock_release+0x5/0x20 [ 85.663268][ T4336] ? mark_lock+0x94/0x320 [ 85.667614][ T4336] ? verify_lock_unused+0x140/0x140 [ 85.672832][ T4336] ? mark_lock+0x94/0x320 [ 85.677191][ T4336] ? ext4_readpage+0x2e0/0x2e0 [ 85.681996][ T4336] ? __lock_acquire+0x13ad/0x7c60 [ 85.687132][ T4336] ? rcu_lock_release+0x5/0x20 [ 85.692037][ T4336] ? __lock_acquire+0x7c60/0x7c60 [ 85.697077][ T4336] ? do_raw_spin_lock+0x11d/0x280 [ 85.702123][ T4336] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 85.707502][ T4336] ? do_raw_spin_unlock+0x11d/0x230 [ 85.712699][ T4336] ? ext4_readpage+0x2e0/0x2e0 [ 85.717475][ T4336] do_writepages+0x48d/0x6d0 [ 85.722078][ T4336] ? __writepage+0x130/0x130 [ 85.726671][ T4336] ? writeback_single_inode+0x216/0x8b0 [ 85.732229][ T4336] ? __lock_acquire+0x7c60/0x7c60 [ 85.737259][ T4336] ? do_raw_spin_lock+0x11d/0x280 [ 85.742292][ T4336] __writeback_single_inode+0x153/0xda0 [ 85.747926][ T4336] writeback_single_inode+0x221/0x8b0 [ 85.753307][ T4336] ? write_inode_now+0x280/0x280 [ 85.758281][ T4336] write_inode_now+0x217/0x280 [ 85.763051][ T4336] ? bdi_split_work_to_wbs+0x820/0x820 [ 85.768526][ T4336] ? do_raw_spin_unlock+0x11d/0x230 [ 85.773728][ T4336] iput+0x5ab/0x8a0 [ 85.777545][ T4336] ext4_xattr_set_entry+0x10ff/0x3d30 [ 85.783093][ T4336] ? ext4_xattr_ibody_set+0x330/0x330 [ 85.788491][ T4336] ? rcu_is_watching+0x11/0xa0 [ 85.793266][ T4336] ? kmem_cache_free+0x14c/0x210 [ 85.798221][ T4336] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 85.804294][ T4336] ext4_xattr_block_set+0x4f7/0x2d30 [ 85.809581][ T4336] ? do_raw_spin_unlock+0x11d/0x230 [ 85.814788][ T4336] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 85.820514][ T4336] ? ext4_xattr_block_find+0x500/0x500 [ 85.825976][ T4336] ? ext4_xattr_block_find+0x433/0x500 [ 85.831441][ T4336] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 85.837273][ T4336] __ext4_expand_extra_isize+0x301/0x3e0 [ 85.842919][ T4336] __ext4_mark_inode_dirty+0x469/0x700 [ 85.848396][ T4336] ext4_evict_inode+0xa81/0x1080 [ 85.853334][ T4336] ? _raw_spin_unlock+0x24/0x40 [ 85.858196][ T4336] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 85.864093][ T4336] ? do_raw_spin_unlock+0x11d/0x230 [ 85.869294][ T4336] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 85.875193][ T4336] evict+0x485/0x870 [ 85.879103][ T4336] ? __lock_acquire+0x7c60/0x7c60 [ 85.884134][ T4336] ? proc_nr_inodes+0x320/0x320 [ 85.888992][ T4336] ? do_raw_spin_unlock+0x11d/0x230 [ 85.894196][ T4336] ? _raw_spin_unlock+0x24/0x40 [ 85.899060][ T4336] ? iput+0x706/0x8a0 [ 85.903079][ T4336] ext4_orphan_cleanup+0xaa9/0x12e0 [ 85.908290][ T4336] ? ext4_orphan_del+0xb90/0xb90 [ 85.913233][ T4336] ? errseq_check_and_advance+0x62/0x120 [ 85.918869][ T4336] ext4_fill_super+0x92f0/0x9a60 [ 85.923949][ T4336] ? ext4_mount+0x40/0x40 [ 85.928302][ T4336] ? set_blocksize+0x1f1/0x370 [ 85.933105][ T4336] ? sb_set_blocksize+0xa5/0xe0 [ 85.937965][ T4336] mount_bdev+0x287/0x3c0 [ 85.942477][ T4336] ? ext4_mount+0x40/0x40 [ 85.946814][ T4336] legacy_get_tree+0xe6/0x180 [ 85.951584][ T4336] ? ext4_errno_to_code+0x160/0x160 [ 85.956821][ T4336] vfs_get_tree+0x88/0x270 [ 85.961245][ T4336] do_new_mount+0x24a/0xa40 [ 85.965754][ T4336] __se_sys_mount+0x2d6/0x3c0 [ 85.970450][ T4336] ? __x64_sys_mount+0xc0/0xc0 [ 85.975235][ T4336] ? lockdep_hardirqs_on+0x94/0x140 [ 85.980550][ T4336] ? __x64_sys_mount+0x1c/0xc0 [ 85.985341][ T4336] do_syscall_64+0x4c/0xa0 [ 85.989800][ T4336] ? clear_bhb_loop+0x30/0x80 [ 85.994499][ T4336] ? clear_bhb_loop+0x30/0x80 [ 85.999197][ T4336] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.005123][ T4336] RIP: 0033:0x7f7c3bce1e6a [ 86.009544][ T4336] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.029163][ T4336] RSP: 002b:00007ffe8007e868 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.037578][ T4336] RAX: ffffffffffffffda RBX: 00007ffe8007e8f0 RCX: 00007f7c3bce1e6a [ 86.045643][ T4336] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffe8007e8b0 [ 86.053612][ T4336] RBP: 0000200000000180 R08: 00007ffe8007e8f0 R09: 0000000000800700 [ 86.061589][ T4336] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 86.069648][ T4336] R13: 00007ffe8007e8b0 R14: 000000000000046f R15: 000000000000002c [ 86.077636][ T4336] [ 86.089260][ T4299] Bluetooth: hci0: command 0x040f tx timeout [ 86.093933][ T4336] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.118754][ T4336] EXT4-fs (loop0): Remounting filesystem read-only [ 86.125799][ T4336] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 86.138979][ T4336] EXT4-fs (loop0): Remounting filesystem read-only [ 86.145768][ T4336] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 86.159803][ T4336] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.175086][ T4336] EXT4-fs (loop0): Remounting filesystem read-only [ 86.183078][ T4336] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 86.196597][ T4336] EXT4-fs (loop0): Remounting filesystem read-only [ 86.203611][ T4336] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.217614][ T4336] EXT4-fs (loop0): Remounting filesystem read-only [ 86.224476][ T4336] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 86.237330][ T4336] EXT4-fs (loop0): Remounting filesystem read-only [ 86.244719][ T4336] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.258665][ T4336] EXT4-fs (loop0): Remounting filesystem read-only [ 86.265365][ T4336] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 86.277866][ T4336] EXT4-fs (loop0): Remounting filesystem read-only [ 86.285041][ T4336] EXT4-fs (loop0): 1 orphan inode deleted [ 86.291011][ T4336] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none.