Warning: Permanently added '10.128.0.123' (ED25519) to the list of known hosts. 2026/01/06 15:56:28 parsed 1 programs [ 71.833109][ T4186] cgroup: Unknown subsys name 'net' [ 71.966013][ T4186] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.549831][ T4186] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 74.933815][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.948467][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.959455][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.972615][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.981174][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.989913][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.353807][ T4234] chnl_net:caif_netlink_parms(): no params data found [ 76.420616][ T4234] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.428478][ T4234] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.436833][ T4234] device bridge_slave_0 entered promiscuous mode [ 76.447126][ T4234] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.454495][ T4234] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.462812][ T4234] device bridge_slave_1 entered promiscuous mode [ 76.492555][ T4234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.504263][ T4234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.535314][ T4234] team0: Port device team_slave_0 added [ 76.543549][ T4234] team0: Port device team_slave_1 added [ 76.569586][ T4234] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.576595][ T4234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.602724][ T4234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.616141][ T4234] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.623367][ T4234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.649436][ T4234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.691516][ T4234] device hsr_slave_0 entered promiscuous mode [ 76.698491][ T4234] device hsr_slave_1 entered promiscuous mode [ 76.835021][ T4234] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.848149][ T4234] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.859196][ T4234] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.870942][ T4234] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.908077][ T4234] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.915460][ T4234] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.923785][ T4234] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.930933][ T4234] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.996215][ T4234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.005812][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.016803][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.038792][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.047279][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.060545][ T4234] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.071686][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.081367][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.091699][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.098923][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.123314][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.134806][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.145096][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.152237][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.162351][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.172866][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.183265][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.193263][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.203878][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.217329][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.228557][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.245843][ T4234] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 77.258849][ T4234] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.290060][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.311485][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.331485][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.348171][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.358295][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.433312][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.441833][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.457543][ T4234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.480484][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 77.490820][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.511991][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 77.520734][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.529748][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.537645][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.549953][ T4234] device veth0_vlan entered promiscuous mode [ 77.564215][ T4234] device veth1_vlan entered promiscuous mode [ 77.586616][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.594950][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.603774][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 77.614103][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.625101][ T4234] device veth0_macvtap entered promiscuous mode [ 77.638132][ T4234] device veth1_macvtap entered promiscuous mode [ 77.664854][ T4234] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.675788][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.685332][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 77.695916][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.705436][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.734208][ T4234] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.744362][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.754872][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.767802][ T4234] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.777133][ T4234] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.786671][ T4234] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.798168][ T4234] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.959344][ T4234] syz-executor (4234) used greatest stack depth: 20320 bytes left 2026/01/06 15:56:38 executed programs: 0 [ 79.702491][ T4290] chnl_net:caif_netlink_parms(): no params data found [ 79.774761][ T4290] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.782009][ T4290] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.793561][ T4290] device bridge_slave_0 entered promiscuous mode [ 79.803531][ T4290] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.813591][ T4290] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.822209][ T4290] device bridge_slave_1 entered promiscuous mode [ 79.856322][ T4290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.868893][ T4290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.898851][ T4290] team0: Port device team_slave_0 added [ 79.906940][ T4290] team0: Port device team_slave_1 added [ 79.931801][ T4290] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.941438][ T4290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.970709][ T4290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.983717][ T4290] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.993365][ T4290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.023078][ T4290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.072625][ T4290] device hsr_slave_0 entered promiscuous mode [ 80.079935][ T4290] device hsr_slave_1 entered promiscuous mode [ 80.086854][ T4290] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.097815][ T4290] Cannot create hsr debugfs directory [ 80.197311][ T4290] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.559647][ T4301] Bluetooth: hci0: command 0x0409 tx timeout [ 82.996718][ T4290] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.125099][ T4290] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.186772][ T4290] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.372972][ T4290] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.382801][ T4290] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.392560][ T4290] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.404443][ T4290] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.477110][ T4290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.491868][ T9] device hsr_slave_0 left promiscuous mode [ 83.498742][ T9] device hsr_slave_1 left promiscuous mode [ 83.505801][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 83.514489][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 83.522781][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 83.530401][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 83.538063][ T9] device bridge_slave_1 left promiscuous mode [ 83.545351][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.560414][ T9] device bridge_slave_0 left promiscuous mode [ 83.566839][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.585213][ T9] device veth1_macvtap left promiscuous mode [ 83.591856][ T9] device veth0_macvtap left promiscuous mode [ 83.597918][ T9] device veth1_vlan left promiscuous mode [ 83.604060][ T9] device veth0_vlan left promiscuous mode [ 83.629451][ T21] Bluetooth: hci0: command 0x041b tx timeout [ 83.781481][ T9] team0 (unregistering): Port device team_slave_1 removed [ 83.795957][ T9] team0 (unregistering): Port device team_slave_0 removed [ 83.812930][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.826200][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.886460][ T9] bond0 (unregistering): Released all slaves [ 83.969623][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 83.977449][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.987812][ T4290] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.997547][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.006433][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.015145][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.022337][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.033507][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.041572][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.050404][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.059508][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.066986][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.081827][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.094181][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.109023][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.120730][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.140313][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.148594][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.158117][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.169044][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.178363][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.187922][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.196645][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.207855][ T4290] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.317184][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.326644][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.345656][ T4290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.363230][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 84.372610][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.403449][ T4290] device veth0_vlan entered promiscuous mode [ 84.410747][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 84.420932][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.436424][ T4290] device veth1_vlan entered promiscuous mode [ 84.445804][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.454451][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.464199][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 84.491778][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 84.501874][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 84.512454][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.525391][ T4290] device veth0_macvtap entered promiscuous mode [ 84.536339][ T4290] device veth1_macvtap entered promiscuous mode [ 84.555980][ T4290] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.564118][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 84.573951][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 84.582123][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.591259][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.603185][ T4290] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.612689][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.622078][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.633089][ T4290] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.643184][ T4290] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.654217][ T4290] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.663367][ T4290] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.734913][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.748104][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.775295][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 84.790093][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.798857][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.807793][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.860833][ T4314] loop0: detected capacity change from 0 to 512 [ 84.926066][ T4314] [ 84.928445][ T4314] ====================================================== [ 84.935478][ T4314] WARNING: possible circular locking dependency detected [ 84.942612][ T4314] syzkaller #0 Not tainted [ 84.947035][ T4314] ------------------------------------------------------ [ 84.954061][ T4314] syz.0.17/4314 is trying to acquire lock: [ 84.959881][ T4314] ffff88807467cbd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 84.970021][ T4314] [ 84.970021][ T4314] but task is already holding lock: [ 84.977398][ T4314] ffff888069ea9eb0 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 84.987252][ T4314] [ 84.987252][ T4314] which lock already depends on the new lock. [ 84.987252][ T4314] [ 84.997669][ T4314] [ 84.997669][ T4314] the existing dependency chain (in reverse order) is: [ 85.006697][ T4314] [ 85.006697][ T4314] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 85.014275][ T4314] down_read+0x44/0x2e0 [ 85.018979][ T4314] ext4_setattr+0x71d/0x19e0 [ 85.024118][ T4314] notify_change+0xbcd/0xee0 [ 85.029251][ T4314] chown_common+0x483/0x610 [ 85.034300][ T4314] do_fchownat+0x164/0x270 [ 85.039261][ T4314] __x64_sys_chown+0x7e/0x90 [ 85.044395][ T4314] do_syscall_64+0x4c/0xa0 [ 85.049350][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.055781][ T4314] [ 85.055781][ T4314] -> #1 (jbd2_handle){++++}-{0:0}: [ 85.063102][ T4314] start_this_handle+0x1338/0x15a0 [ 85.068756][ T4314] jbd2__journal_start+0x2b7/0x5a0 [ 85.074418][ T4314] __ext4_journal_start_sb+0x167/0x360 [ 85.080422][ T4314] ext4_writepages+0xdc2/0x2d20 [ 85.085919][ T4314] do_writepages+0x48d/0x6d0 [ 85.091052][ T4314] filemap_fdatawrite_wbc+0x1eb/0x240 [ 85.096965][ T4314] file_write_and_wait_range+0x129/0x1e0 [ 85.103138][ T4314] ext4_sync_file+0x1ff/0xae0 [ 85.108354][ T4314] __x64_sys_fsync+0x1a5/0x1e0 [ 85.113771][ T4314] do_syscall_64+0x4c/0xa0 [ 85.118730][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.125258][ T4314] [ 85.125258][ T4314] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 85.133712][ T4314] __lock_acquire+0x2c33/0x7c60 [ 85.139116][ T4314] lock_acquire+0x197/0x3f0 [ 85.144187][ T4314] percpu_down_read+0x46/0x1b0 [ 85.149497][ T4314] ext4_writepages+0x1c0/0x2d20 [ 85.154900][ T4314] do_writepages+0x48d/0x6d0 [ 85.160032][ T4314] __writeback_single_inode+0x153/0xda0 [ 85.166114][ T4314] writeback_single_inode+0x221/0x8b0 [ 85.172027][ T4314] write_inode_now+0x217/0x280 [ 85.177330][ T4314] iput+0x5ab/0x8a0 [ 85.181681][ T4314] ext4_xattr_set_entry+0x10ff/0x3d30 [ 85.187606][ T4314] ext4_xattr_block_set+0x4f7/0x2d30 [ 85.193556][ T4314] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 85.199912][ T4314] __ext4_expand_extra_isize+0x301/0x3e0 [ 85.206093][ T4314] __ext4_mark_inode_dirty+0x469/0x700 [ 85.212134][ T4314] ext4_evict_inode+0xa81/0x1080 [ 85.217624][ T4314] evict+0x485/0x870 [ 85.222072][ T4314] ext4_orphan_cleanup+0xaa9/0x12e0 [ 85.227820][ T4314] ext4_fill_super+0x92f0/0x9a60 [ 85.233303][ T4314] mount_bdev+0x287/0x3c0 [ 85.238180][ T4314] legacy_get_tree+0xe6/0x180 [ 85.243407][ T4314] vfs_get_tree+0x88/0x270 [ 85.248469][ T4314] do_new_mount+0x24a/0xa40 [ 85.253532][ T4314] __se_sys_mount+0x2d6/0x3c0 [ 85.258835][ T4314] do_syscall_64+0x4c/0xa0 [ 85.263794][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.270234][ T4314] [ 85.270234][ T4314] other info that might help us debug this: [ 85.270234][ T4314] [ 85.280590][ T4314] Chain exists of: [ 85.280590][ T4314] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 85.280590][ T4314] [ 85.294008][ T4314] Possible unsafe locking scenario: [ 85.294008][ T4314] [ 85.301477][ T4314] CPU0 CPU1 [ 85.306953][ T4314] ---- ---- [ 85.312324][ T4314] lock(&ei->xattr_sem); [ 85.316776][ T4314] lock(jbd2_handle); [ 85.323383][ T4314] lock(&ei->xattr_sem); [ 85.330249][ T4314] lock(&sbi->s_writepages_rwsem); [ 85.335526][ T4314] [ 85.335526][ T4314] *** DEADLOCK *** [ 85.335526][ T4314] [ 85.343692][ T4314] 3 locks held by syz.0.17/4314: [ 85.348652][ T4314] #0: ffff88807467a0e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 85.358939][ T4314] #1: ffff88807467a650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 85.368467][ T4314] #2: ffff888069ea9eb0 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 85.378773][ T4314] [ 85.378773][ T4314] stack backtrace: [ 85.384694][ T4314] CPU: 0 PID: 4314 Comm: syz.0.17 Not tainted syzkaller #0 [ 85.391920][ T4314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 85.402013][ T4314] Call Trace: [ 85.405323][ T4314] [ 85.408279][ T4314] dump_stack_lvl+0x168/0x230 [ 85.413000][ T4314] ? load_image+0x3b0/0x3b0 [ 85.417537][ T4314] ? show_regs_print_info+0x20/0x20 [ 85.422768][ T4314] ? print_circular_bug+0x12b/0x1a0 [ 85.427994][ T4314] check_noncircular+0x274/0x310 [ 85.432965][ T4314] ? add_chain_block+0x940/0x940 [ 85.437935][ T4314] ? lockdep_lock+0xdc/0x1e0 [ 85.442647][ T4314] ? lockdep_unlock+0x134/0x2d0 [ 85.447520][ T4314] ? mark_lock+0x94/0x320 [ 85.451872][ T4314] __lock_acquire+0x2c33/0x7c60 [ 85.456756][ T4314] ? verify_lock_unused+0x140/0x140 [ 85.461982][ T4314] ? verify_lock_unused+0x140/0x140 [ 85.467226][ T4314] lock_acquire+0x197/0x3f0 [ 85.471900][ T4314] ? ext4_writepages+0x1c0/0x2d20 [ 85.476957][ T4314] ? check_path+0x40/0x40 [ 85.481320][ T4314] ? __might_sleep+0xf0/0xf0 [ 85.485940][ T4314] ? read_lock_is_recursive+0x10/0x10 [ 85.491337][ T4314] ? mark_lock+0x94/0x320 [ 85.495690][ T4314] ? __lock_acquire+0x13ad/0x7c60 [ 85.500773][ T4314] percpu_down_read+0x46/0x1b0 [ 85.505566][ T4314] ? ext4_writepages+0x1c0/0x2d20 [ 85.510615][ T4314] ext4_writepages+0x1c0/0x2d20 [ 85.515490][ T4314] ? rcu_is_watching+0x11/0xa0 [ 85.520270][ T4314] ? lock_release+0xba/0x870 [ 85.524890][ T4314] ? rcu_lock_release+0x5/0x20 [ 85.529674][ T4314] ? mark_lock+0x94/0x320 [ 85.534028][ T4314] ? verify_lock_unused+0x140/0x140 [ 85.539252][ T4314] ? mark_lock+0x94/0x320 [ 85.543604][ T4314] ? ext4_readpage+0x2e0/0x2e0 [ 85.548384][ T4314] ? __lock_acquire+0x13ad/0x7c60 [ 85.553517][ T4314] ? rcu_lock_release+0x5/0x20 [ 85.558309][ T4314] ? __lock_acquire+0x7c60/0x7c60 [ 85.563358][ T4314] ? do_raw_spin_lock+0x11d/0x280 [ 85.568418][ T4314] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 85.573829][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 85.579061][ T4314] ? ext4_readpage+0x2e0/0x2e0 [ 85.584046][ T4314] do_writepages+0x48d/0x6d0 [ 85.588685][ T4314] ? __writepage+0x130/0x130 [ 85.593417][ T4314] ? writeback_single_inode+0x216/0x8b0 [ 85.599105][ T4314] ? __lock_acquire+0x7c60/0x7c60 [ 85.604152][ T4314] ? do_raw_spin_lock+0x11d/0x280 [ 85.609198][ T4314] __writeback_single_inode+0x153/0xda0 [ 85.614829][ T4314] writeback_single_inode+0x221/0x8b0 [ 85.620746][ T4314] ? write_inode_now+0x280/0x280 [ 85.625880][ T4314] write_inode_now+0x217/0x280 [ 85.630747][ T4314] ? bdi_split_work_to_wbs+0x820/0x820 [ 85.636226][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 85.641442][ T4314] iput+0x5ab/0x8a0 [ 85.645270][ T4314] ext4_xattr_set_entry+0x10ff/0x3d30 [ 85.650672][ T4314] ? ext4_xattr_ibody_set+0x330/0x330 [ 85.656058][ T4314] ? rcu_is_watching+0x11/0xa0 [ 85.660839][ T4314] ? kmem_cache_free+0x14c/0x210 [ 85.665796][ T4314] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 85.671878][ T4314] ext4_xattr_block_set+0x4f7/0x2d30 [ 85.677177][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 85.682396][ T4314] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 85.688139][ T4314] ? ext4_xattr_block_find+0x500/0x500 [ 85.693721][ T4314] ? ext4_xattr_block_find+0x433/0x500 [ 85.699195][ T4314] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 85.705035][ T4314] __ext4_expand_extra_isize+0x301/0x3e0 [ 85.710711][ T4314] __ext4_mark_inode_dirty+0x469/0x700 [ 85.716207][ T4314] ext4_evict_inode+0xa81/0x1080 [ 85.721252][ T4314] ? _raw_spin_unlock+0x24/0x40 [ 85.726126][ T4314] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 85.732038][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 85.737257][ T4314] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 85.743166][ T4314] evict+0x485/0x870 [ 85.747077][ T4314] ? __lock_acquire+0x7c60/0x7c60 [ 85.752117][ T4314] ? proc_nr_inodes+0x320/0x320 [ 85.756981][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 85.762189][ T4314] ? _raw_spin_unlock+0x24/0x40 [ 85.767052][ T4314] ? iput+0x706/0x8a0 [ 85.771049][ T4314] ext4_orphan_cleanup+0xaa9/0x12e0 [ 85.776265][ T4314] ? ext4_orphan_del+0xb90/0xb90 [ 85.781211][ T4314] ? errseq_check_and_advance+0x62/0x120 [ 85.786858][ T4314] ext4_fill_super+0x92f0/0x9a60 [ 85.791818][ T4314] ? ext4_mount+0x40/0x40 [ 85.796156][ T4314] ? set_blocksize+0x1f1/0x370 [ 85.800936][ T4314] ? sb_set_blocksize+0xa5/0xe0 [ 85.805803][ T4314] mount_bdev+0x287/0x3c0 [ 85.810144][ T4314] ? ext4_mount+0x40/0x40 [ 85.814489][ T4314] legacy_get_tree+0xe6/0x180 [ 85.819176][ T4314] ? ext4_errno_to_code+0x160/0x160 [ 85.824482][ T4314] vfs_get_tree+0x88/0x270 [ 85.828916][ T4314] do_new_mount+0x24a/0xa40 [ 85.833435][ T4314] __se_sys_mount+0x2d6/0x3c0 [ 85.838131][ T4314] ? __x64_sys_mount+0xc0/0xc0 [ 85.842907][ T4314] ? lockdep_hardirqs_on+0x94/0x140 [ 85.848121][ T4314] ? __x64_sys_mount+0x1c/0xc0 [ 85.852901][ T4314] do_syscall_64+0x4c/0xa0 [ 85.857327][ T4314] ? clear_bhb_loop+0x30/0x80 [ 85.862015][ T4314] ? clear_bhb_loop+0x30/0x80 [ 85.866710][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.872626][ T4314] RIP: 0033:0x7ff7dd12beea [ 85.877055][ T4314] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.896669][ T4314] RSP: 002b:00007fff443a8578 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 85.905102][ T4314] RAX: ffffffffffffffda RBX: 00007fff443a8600 RCX: 00007ff7dd12beea [ 85.913245][ T4314] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fff443a85c0 [ 85.921456][ T4314] RBP: 0000200000000180 R08: 00007fff443a8600 R09: 0000000000800700 [ 85.929446][ T4314] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 85.937434][ T4314] R13: 00007fff443a85c0 R14: 000000000000046f R15: 0000200000000000 [ 85.945435][ T4314] [ 85.979223][ T4233] Bluetooth: hci0: command 0x040f tx timeout [ 85.982177][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.003326][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 86.016757][ T4314] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 86.030058][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.044267][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 86.057590][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.071778][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 86.084679][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.098298][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 86.112599][ T4314] EXT4-fs (loop0): 1 orphan inode deleted [ 86.118364][ T4314] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,grpquota,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,,errors=continue. Quota mode: writeback.