Warning: Permanently added '10.128.0.94' (ED25519) to the list of known hosts. 2025/11/30 15:38:58 parsed 1 programs [ 65.261256][ T4188] cgroup: Unknown subsys name 'net' [ 65.395678][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.844857][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 69.087208][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.108817][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.114715][ T371] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.117878][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.126646][ T371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.143335][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.721740][ T4271] chnl_net:caif_netlink_parms(): no params data found [ 70.788600][ T4271] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.796455][ T4271] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.804962][ T4271] device bridge_slave_0 entered promiscuous mode [ 70.814051][ T4271] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.821274][ T4271] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.829696][ T4271] device bridge_slave_1 entered promiscuous mode [ 70.853827][ T4271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.883390][ T4271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.906996][ T4271] team0: Port device team_slave_0 added [ 70.914968][ T4271] team0: Port device team_slave_1 added [ 70.952332][ T4271] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.959457][ T4271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.986375][ T4271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.000619][ T4271] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.007756][ T4271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.034092][ T4271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.081169][ T4271] device hsr_slave_0 entered promiscuous mode [ 71.088148][ T4271] device hsr_slave_1 entered promiscuous mode [ 71.141449][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.147938][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.235796][ T4271] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.247574][ T4271] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.256786][ T4271] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.266516][ T4271] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.304954][ T4271] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.312155][ T4271] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.319976][ T4271] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.327037][ T4271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.383899][ T4271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.415060][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.425272][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.433856][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.442586][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 71.455935][ T4271] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.470030][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.478493][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.485569][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.501395][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.515004][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.522332][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.549805][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.558459][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.570605][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.587005][ T4271] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 71.598031][ T4271] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.610830][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.620428][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.676529][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.736331][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.744600][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.759995][ T4271] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.790406][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 71.799875][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.818798][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 71.827471][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.837777][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.846531][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.859764][ T4271] device veth0_vlan entered promiscuous mode [ 71.872589][ T4271] device veth1_vlan entered promiscuous mode [ 71.895239][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.903628][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.913291][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 71.922339][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.934670][ T4271] device veth0_macvtap entered promiscuous mode [ 71.945844][ T4271] device veth1_macvtap entered promiscuous mode [ 71.962708][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.973005][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.981913][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 71.990845][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.999947][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.011113][ T4271] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.019029][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 72.027942][ T4283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.040660][ T4271] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.051265][ T4271] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.061890][ T4271] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.071988][ T4271] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.171798][ T4271] syz-executor (4271) used greatest stack depth: 20864 bytes left 2025/11/30 15:39:08 executed programs: 0 [ 72.970206][ T4299] chnl_net:caif_netlink_parms(): no params data found [ 73.031177][ T4299] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.038320][ T4299] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.046290][ T4299] device bridge_slave_0 entered promiscuous mode [ 73.055152][ T4299] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.064197][ T4299] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.072012][ T4299] device bridge_slave_1 entered promiscuous mode [ 73.102114][ T4299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.113789][ T4299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.146327][ T4299] team0: Port device team_slave_0 added [ 73.157744][ T4299] team0: Port device team_slave_1 added [ 73.183452][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.190782][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.217142][ T4299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.230200][ T4299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.237160][ T4299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.263850][ T4299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.302275][ T4299] device hsr_slave_0 entered promiscuous mode [ 73.309488][ T4299] device hsr_slave_1 entered promiscuous mode [ 73.316072][ T4299] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.323925][ T4299] Cannot create hsr debugfs directory [ 73.404187][ T4299] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.899806][ T4311] Bluetooth: hci0: command 0x0409 tx timeout [ 76.106217][ T4299] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.989116][ T4313] Bluetooth: hci0: command 0x041b tx timeout [ 77.324348][ T4299] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.375540][ T4299] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.532067][ T4299] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.541746][ T4299] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.551538][ T4299] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.562197][ T4299] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.644324][ T4299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.655916][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.664258][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.685559][ T4299] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.695980][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.706097][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.715229][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.722330][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.730821][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.743758][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.752581][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.761558][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.768924][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.785442][ T1444] device hsr_slave_0 left promiscuous mode [ 77.792380][ T1444] device hsr_slave_1 left promiscuous mode [ 77.799781][ T1444] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.807227][ T1444] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.815469][ T1444] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.823199][ T1444] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.832330][ T1444] device bridge_slave_1 left promiscuous mode [ 77.839031][ T1444] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.852715][ T1444] device bridge_slave_0 left promiscuous mode [ 77.859081][ T1444] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.876200][ T1444] device veth1_macvtap left promiscuous mode [ 77.882737][ T1444] device veth0_macvtap left promiscuous mode [ 77.889415][ T1444] device veth1_vlan left promiscuous mode [ 77.895302][ T1444] device veth0_vlan left promiscuous mode [ 78.051734][ T1444] team0 (unregistering): Port device team_slave_1 removed [ 78.065614][ T1444] team0 (unregistering): Port device team_slave_0 removed [ 78.081197][ T1444] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 78.094233][ T1444] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 78.163249][ T1444] bond0 (unregistering): Released all slaves [ 78.229755][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.239054][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.251164][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.261440][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.271253][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.279852][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.292052][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.308312][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.317733][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.332154][ T4299] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.343682][ T4299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.376280][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.385361][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.567086][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.575396][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.589244][ T4299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.610239][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.619721][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.636263][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.644651][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.653948][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.661895][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.674193][ T4299] device veth0_vlan entered promiscuous mode [ 78.686957][ T4299] device veth1_vlan entered promiscuous mode [ 78.714846][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.723602][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.735398][ T4299] device veth0_macvtap entered promiscuous mode [ 78.748617][ T4299] device veth1_macvtap entered promiscuous mode [ 78.767128][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.774981][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.783513][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.793188][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.802409][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.815737][ T4299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.824089][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.834328][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.846447][ T4299] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.855707][ T4299] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.864672][ T4299] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.873601][ T4299] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.938135][ T4321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.950156][ T4321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.961727][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.976423][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.985814][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.997371][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.056465][ T4326] loop0: detected capacity change from 0 to 512 [ 79.059481][ T4257] Bluetooth: hci0: command 0x040f tx timeout [ 79.107732][ T4326] [ 79.110098][ T4326] ====================================================== [ 79.117117][ T4326] WARNING: possible circular locking dependency detected [ 79.124140][ T4326] syzkaller #0 Not tainted [ 79.128557][ T4326] ------------------------------------------------------ [ 79.135573][ T4326] syz.0.17/4326 is trying to acquire lock: [ 79.141373][ T4326] ffff888077252bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 79.151651][ T4326] [ 79.151651][ T4326] but task is already holding lock: [ 79.159030][ T4326] ffff88805c8280c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 79.168901][ T4326] [ 79.168901][ T4326] which lock already depends on the new lock. [ 79.168901][ T4326] [ 79.179309][ T4326] [ 79.179309][ T4326] the existing dependency chain (in reverse order) is: [ 79.188383][ T4326] [ 79.188383][ T4326] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 79.195979][ T4326] down_read+0x44/0x2e0 [ 79.200680][ T4326] ext4_setattr+0x71d/0x19e0 [ 79.205803][ T4326] notify_change+0xbcd/0xee0 [ 79.210936][ T4326] chown_common+0x483/0x610 [ 79.215991][ T4326] do_fchownat+0x164/0x270 [ 79.220940][ T4326] __x64_sys_chown+0x7e/0x90 [ 79.226077][ T4326] do_syscall_64+0x4c/0xa0 [ 79.231027][ T4326] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 79.237455][ T4326] [ 79.237455][ T4326] -> #1 (jbd2_handle){++++}-{0:0}: [ 79.244765][ T4326] start_this_handle+0x1338/0x15a0 [ 79.250406][ T4326] jbd2__journal_start+0x2b7/0x5a0 [ 79.256077][ T4326] __ext4_journal_start_sb+0x167/0x360 [ 79.262312][ T4326] ext4_writepages+0xdc2/0x2d20 [ 79.267705][ T4326] do_writepages+0x48d/0x6d0 [ 79.272823][ T4326] filemap_fdatawrite_wbc+0x1eb/0x240 [ 79.278726][ T4326] file_write_and_wait_range+0x129/0x1e0 [ 79.284901][ T4326] ext4_sync_file+0x1ff/0xae0 [ 79.290121][ T4326] __x64_sys_fsync+0x1a5/0x1e0 [ 79.295418][ T4326] do_syscall_64+0x4c/0xa0 [ 79.300368][ T4326] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 79.306798][ T4326] [ 79.306798][ T4326] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 79.315242][ T4326] __lock_acquire+0x2c33/0x7c60 [ 79.320638][ T4326] lock_acquire+0x197/0x3f0 [ 79.325681][ T4326] percpu_down_read+0x46/0x1b0 [ 79.330984][ T4326] ext4_writepages+0x1c0/0x2d20 [ 79.336365][ T4326] do_writepages+0x48d/0x6d0 [ 79.341492][ T4326] __writeback_single_inode+0x153/0xda0 [ 79.347564][ T4326] writeback_single_inode+0x221/0x8b0 [ 79.353476][ T4326] write_inode_now+0x217/0x280 [ 79.358777][ T4326] iput+0x5ab/0x8a0 [ 79.363106][ T4326] ext4_xattr_set_entry+0x10ff/0x3d30 [ 79.369003][ T4326] ext4_xattr_block_set+0x4f7/0x2d30 [ 79.374813][ T4326] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 79.381139][ T4326] __ext4_expand_extra_isize+0x301/0x3e0 [ 79.387301][ T4326] __ext4_mark_inode_dirty+0x469/0x700 [ 79.393277][ T4326] ext4_evict_inode+0xa81/0x1080 [ 79.398841][ T4326] evict+0x485/0x870 [ 79.403256][ T4326] ext4_orphan_cleanup+0xaa9/0x12e0 [ 79.408976][ T4326] ext4_fill_super+0x92f0/0x9a60 [ 79.414426][ T4326] mount_bdev+0x287/0x3c0 [ 79.419267][ T4326] legacy_get_tree+0xe6/0x180 [ 79.424471][ T4326] vfs_get_tree+0x88/0x270 [ 79.429503][ T4326] do_new_mount+0x24a/0xa40 [ 79.434528][ T4326] __se_sys_mount+0x2d6/0x3c0 [ 79.439723][ T4326] do_syscall_64+0x4c/0xa0 [ 79.444678][ T4326] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 79.451092][ T4326] [ 79.451092][ T4326] other info that might help us debug this: [ 79.451092][ T4326] [ 79.461399][ T4326] Chain exists of: [ 79.461399][ T4326] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 79.461399][ T4326] [ 79.474776][ T4326] Possible unsafe locking scenario: [ 79.474776][ T4326] [ 79.482220][ T4326] CPU0 CPU1 [ 79.487579][ T4326] ---- ---- [ 79.492960][ T4326] lock(&ei->xattr_sem); [ 79.497284][ T4326] lock(jbd2_handle); [ 79.503866][ T4326] lock(&ei->xattr_sem); [ 79.510712][ T4326] lock(&sbi->s_writepages_rwsem); [ 79.515921][ T4326] [ 79.515921][ T4326] *** DEADLOCK *** [ 79.515921][ T4326] [ 79.524057][ T4326] 3 locks held by syz.0.17/4326: [ 79.528987][ T4326] #0: ffff8880772500e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 79.539093][ T4326] #1: ffff888077250650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 79.548596][ T4326] #2: ffff88805c8280c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 79.558863][ T4326] [ 79.558863][ T4326] stack backtrace: [ 79.564755][ T4326] CPU: 1 PID: 4326 Comm: syz.0.17 Not tainted syzkaller #0 [ 79.571950][ T4326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 79.582011][ T4326] Call Trace: [ 79.585301][ T4326] [ 79.588231][ T4326] dump_stack_lvl+0x168/0x230 [ 79.592913][ T4326] ? load_image+0x3b0/0x3b0 [ 79.597422][ T4326] ? show_regs_print_info+0x20/0x20 [ 79.602978][ T4326] ? print_circular_bug+0x12b/0x1a0 [ 79.608194][ T4326] check_noncircular+0x274/0x310 [ 79.613135][ T4326] ? add_chain_block+0x940/0x940 [ 79.618068][ T4326] ? lockdep_lock+0xdc/0x1e0 [ 79.622664][ T4326] ? lockdep_unlock+0x134/0x2d0 [ 79.627535][ T4326] ? mark_lock+0x94/0x320 [ 79.631866][ T4326] __lock_acquire+0x2c33/0x7c60 [ 79.636733][ T4326] ? verify_lock_unused+0x140/0x140 [ 79.641937][ T4326] ? verify_lock_unused+0x140/0x140 [ 79.647140][ T4326] ? mark_lock+0x94/0x320 [ 79.651473][ T4326] ? verify_lock_unused+0x140/0x140 [ 79.656674][ T4326] ? __lock_acquire+0x13ad/0x7c60 [ 79.661707][ T4326] lock_acquire+0x197/0x3f0 [ 79.666220][ T4326] ? ext4_writepages+0x1c0/0x2d20 [ 79.671245][ T4326] ? deref_stack_reg+0xd0/0x120 [ 79.676096][ T4326] ? __might_sleep+0xf0/0xf0 [ 79.680684][ T4326] ? read_lock_is_recursive+0x10/0x10 [ 79.686057][ T4326] ? mark_lock+0x94/0x320 [ 79.690389][ T4326] ? __lock_acquire+0x13ad/0x7c60 [ 79.695416][ T4326] percpu_down_read+0x46/0x1b0 [ 79.700179][ T4326] ? ext4_writepages+0x1c0/0x2d20 [ 79.705204][ T4326] ext4_writepages+0x1c0/0x2d20 [ 79.710056][ T4326] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 79.715971][ T4326] ? _raw_spin_unlock+0x40/0x40 [ 79.720826][ T4326] ? stack_trace_save+0x98/0xe0 [ 79.725678][ T4326] ? verify_lock_unused+0x140/0x140 [ 79.730888][ T4326] ? mark_lock+0x94/0x320 [ 79.735219][ T4326] ? ext4_readpage+0x2e0/0x2e0 [ 79.739983][ T4326] ? __lock_acquire+0x13ad/0x7c60 [ 79.745013][ T4326] ? rcu_lock_release+0x5/0x20 [ 79.749793][ T4326] ? __lock_acquire+0x7c60/0x7c60 [ 79.754822][ T4326] ? do_raw_spin_lock+0x11d/0x280 [ 79.759847][ T4326] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 79.765222][ T4326] ? do_raw_spin_unlock+0x11d/0x230 [ 79.770440][ T4326] ? ext4_readpage+0x2e0/0x2e0 [ 79.775226][ T4326] do_writepages+0x48d/0x6d0 [ 79.779823][ T4326] ? __writepage+0x130/0x130 [ 79.784421][ T4326] ? writeback_single_inode+0x216/0x8b0 [ 79.789974][ T4326] ? __lock_acquire+0x7c60/0x7c60 [ 79.794999][ T4326] ? do_raw_spin_lock+0x11d/0x280 [ 79.800020][ T4326] __writeback_single_inode+0x153/0xda0 [ 79.805568][ T4326] writeback_single_inode+0x221/0x8b0 [ 79.810944][ T4326] ? write_inode_now+0x280/0x280 [ 79.815886][ T4326] write_inode_now+0x217/0x280 [ 79.820659][ T4326] ? bdi_split_work_to_wbs+0x820/0x820 [ 79.826144][ T4326] ? do_raw_spin_unlock+0x11d/0x230 [ 79.831346][ T4326] iput+0x5ab/0x8a0 [ 79.835162][ T4326] ext4_xattr_set_entry+0x10ff/0x3d30 [ 79.840567][ T4326] ? ext4_xattr_ibody_set+0x330/0x330 [ 79.845950][ T4326] ? rcu_is_watching+0x11/0xa0 [ 79.850719][ T4326] ? kmem_cache_free+0x14c/0x210 [ 79.855662][ T4326] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 79.861737][ T4326] ext4_xattr_block_set+0x4f7/0x2d30 [ 79.867026][ T4326] ? do_raw_spin_unlock+0x11d/0x230 [ 79.872227][ T4326] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 79.877964][ T4326] ? ext4_xattr_block_find+0x500/0x500 [ 79.883429][ T4326] ? ext4_xattr_block_find+0x433/0x500 [ 79.888912][ T4326] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 79.894940][ T4326] __ext4_expand_extra_isize+0x301/0x3e0 [ 79.900811][ T4326] __ext4_mark_inode_dirty+0x469/0x700 [ 79.906285][ T4326] ext4_evict_inode+0xa81/0x1080 [ 79.911223][ T4326] ? _raw_spin_unlock+0x24/0x40 [ 79.916074][ T4326] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 79.921967][ T4326] ? do_raw_spin_unlock+0x11d/0x230 [ 79.927170][ T4326] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 79.933068][ T4326] evict+0x485/0x870 [ 79.936963][ T4326] ? __lock_acquire+0x7c60/0x7c60 [ 79.941999][ T4326] ? proc_nr_inodes+0x320/0x320 [ 79.946847][ T4326] ? do_raw_spin_unlock+0x11d/0x230 [ 79.952044][ T4326] ? _raw_spin_unlock+0x24/0x40 [ 79.956893][ T4326] ? iput+0x706/0x8a0 [ 79.960972][ T4326] ext4_orphan_cleanup+0xaa9/0x12e0 [ 79.966193][ T4326] ? ext4_orphan_del+0xb90/0xb90 [ 79.971147][ T4326] ? errseq_check_and_advance+0x62/0x120 [ 79.976805][ T4326] ext4_fill_super+0x92f0/0x9a60 [ 79.981749][ T4326] ? ext4_mount+0x40/0x40 [ 79.986084][ T4326] ? set_blocksize+0x1f1/0x370 [ 79.990854][ T4326] ? sb_set_blocksize+0xa5/0xe0 [ 79.995709][ T4326] mount_bdev+0x287/0x3c0 [ 80.000037][ T4326] ? ext4_mount+0x40/0x40 [ 80.004473][ T4326] legacy_get_tree+0xe6/0x180 [ 80.009151][ T4326] ? ext4_errno_to_code+0x160/0x160 [ 80.014349][ T4326] vfs_get_tree+0x88/0x270 [ 80.018783][ T4326] do_new_mount+0x24a/0xa40 [ 80.023306][ T4326] __se_sys_mount+0x2d6/0x3c0 [ 80.027986][ T4326] ? __x64_sys_mount+0xc0/0xc0 [ 80.032748][ T4326] ? lockdep_hardirqs_on+0x94/0x140 [ 80.037952][ T4326] ? __x64_sys_mount+0x1c/0xc0 [ 80.042718][ T4326] do_syscall_64+0x4c/0xa0 [ 80.047132][ T4326] ? clear_bhb_loop+0x30/0x80 [ 80.051808][ T4326] ? clear_bhb_loop+0x30/0x80 [ 80.056483][ T4326] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 80.062384][ T4326] RIP: 0033:0x7f9e45a1feea [ 80.066798][ T4326] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.086401][ T4326] RSP: 002b:00007ffd178e1698 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 80.094815][ T4326] RAX: ffffffffffffffda RBX: 00007ffd178e1720 RCX: 00007f9e45a1feea [ 80.102792][ T4326] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffd178e16e0 [ 80.110765][ T4326] RBP: 0000200000000180 R08: 00007ffd178e1720 R09: 0000000000800700 [ 80.118735][ T4326] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 80.126708][ T4326] R13: 00007ffd178e16e0 R14: 000000000000046f R15: 000000000000002c [ 80.134687][ T4326] [ 80.148296][ T4326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 80.167788][ T4326] EXT4-fs (loop0): Remounting filesystem read-only [ 80.174873][ T4326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 80.188504][ T4326] EXT4-fs (loop0): Remounting filesystem read-only [ 80.195298][ T4326] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 80.210237][ T4326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 80.223968][ T4326] EXT4-fs (loop0): Remounting filesystem read-only [ 80.231064][ T4326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 80.243726][ T4326] EXT4-fs (loop0): Remounting filesystem read-only [ 80.251387][ T4326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 80.264884][ T4326] EXT4-fs (loop0): Remounting filesystem read-only [ 80.272070][ T4326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 80.284489][ T4326] EXT4-fs (loop0): Remounting filesystem read-only [ 80.291200][ T4326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 80.304801][ T4326] EXT4-fs (loop0): Remounting filesystem read-only [ 80.311544][ T4326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 80.324098][ T4326] EXT4-fs (loop0): Remounting filesystem read-only [ 80.332251][ T4326] EXT4-fs (loop0): 1 orphan inode deleted [ 80.338105][ T4326] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000020,. Quota mode: none.