Warning: Permanently added '10.128.1.115' (ED25519) to the list of known hosts. 2025/12/29 09:56:26 parsed 1 programs [ 69.853548][ T4187] cgroup: Unknown subsys name 'net' [ 69.969536][ T4187] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.486338][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.492937][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.578327][ T4187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 74.732435][ T4238] chnl_net:caif_netlink_parms(): no params data found [ 74.802019][ T4238] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.810297][ T4238] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.820154][ T4238] device bridge_slave_0 entered promiscuous mode [ 74.830630][ T4238] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.838597][ T4238] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.846618][ T4238] device bridge_slave_1 entered promiscuous mode [ 74.874040][ T4238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.886800][ T4238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.920232][ T4238] team0: Port device team_slave_0 added [ 74.928473][ T4238] team0: Port device team_slave_1 added [ 74.954001][ T4238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.961001][ T4238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.987072][ T4238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.001244][ T4238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.008559][ T4238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.035230][ T4238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.074404][ T4238] device hsr_slave_0 entered promiscuous mode [ 75.081419][ T4238] device hsr_slave_1 entered promiscuous mode [ 75.215987][ T4238] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.240154][ T4238] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.311480][ T4238] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.330870][ T4238] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.386091][ T4238] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.393366][ T4238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.401308][ T4238] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.408472][ T4238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.451033][ T4238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.464754][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.476137][ T1271] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.484814][ T1271] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.492978][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 75.508394][ T4238] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.519183][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.527935][ T1271] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.535070][ T1271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.547959][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.557534][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.565106][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.585990][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.594695][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.608472][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.620498][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.632415][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.643692][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.760019][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.768223][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.781277][ T4238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.820457][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 75.829793][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.849777][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 75.858643][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.868535][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.876435][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.901755][ T4238] device veth0_vlan entered promiscuous mode [ 75.913571][ T4238] device veth1_vlan entered promiscuous mode [ 75.934844][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.944898][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.954102][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 75.962597][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.974138][ T4238] device veth0_macvtap entered promiscuous mode [ 75.999381][ T4238] device veth1_macvtap entered promiscuous mode [ 76.015711][ T4238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.024856][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.034318][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.042411][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.051671][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.065173][ T4238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.073282][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.082295][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.095378][ T4238] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.104401][ T4238] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.114138][ T4238] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.124204][ T4238] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.244211][ T4238] syz-executor (4238) used greatest stack depth: 21152 bytes left [ 76.337823][ T1271] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.361970][ T1271] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.388153][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.398330][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.406985][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.416360][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/12/29 09:56:37 executed programs: 0 [ 78.036394][ T405] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.129795][ T4295] chnl_net:caif_netlink_parms(): no params data found [ 78.172633][ T4295] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.179862][ T4295] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.188362][ T4295] device bridge_slave_0 entered promiscuous mode [ 78.196818][ T4295] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.204344][ T4295] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.212186][ T4295] device bridge_slave_1 entered promiscuous mode [ 78.234726][ T4295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.246036][ T4295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.269985][ T4295] team0: Port device team_slave_0 added [ 78.277428][ T4295] team0: Port device team_slave_1 added [ 78.297492][ T4295] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.304789][ T4295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.331122][ T4295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.343560][ T4295] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.350531][ T4295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.377075][ T4295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.407635][ T4295] device hsr_slave_0 entered promiscuous mode [ 78.414609][ T4295] device hsr_slave_1 entered promiscuous mode [ 78.421419][ T4295] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.429316][ T4295] Cannot create hsr debugfs directory [ 80.043679][ T23] Bluetooth: hci0: command 0x0409 tx timeout [ 80.629403][ T405] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.749097][ T405] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.819863][ T405] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.617032][ T4295] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.629465][ T4295] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.655181][ T4295] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.664463][ T4295] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.740594][ T4295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.776164][ T4295] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.786312][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.795183][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.853033][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.861767][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.871762][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.878903][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.889780][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.899103][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.908013][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.915138][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.923173][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.932504][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.953595][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 81.961795][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 81.973560][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.982219][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 81.994453][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.003516][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 82.012211][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.024734][ T4295] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.036309][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 82.047953][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.056393][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 82.065932][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.123169][ T4250] Bluetooth: hci0: command 0x041b tx timeout [ 82.275274][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 82.284498][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 82.296768][ T4295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.341191][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 82.350195][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 82.407527][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 82.418457][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 82.431880][ T4295] device veth0_vlan entered promiscuous mode [ 82.447649][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 82.462172][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 82.485938][ T4295] device veth1_vlan entered promiscuous mode [ 82.537365][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 82.545651][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 82.555627][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 82.564978][ T1271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 82.575335][ T4295] device veth0_macvtap entered promiscuous mode [ 82.586334][ T4295] device veth1_macvtap entered promiscuous mode [ 82.610927][ T405] device hsr_slave_0 left promiscuous mode [ 82.618606][ T405] device hsr_slave_1 left promiscuous mode [ 82.626583][ T405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.635825][ T405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.644310][ T405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.651782][ T405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.660465][ T405] device bridge_slave_1 left promiscuous mode [ 82.667916][ T405] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.682119][ T405] device bridge_slave_0 left promiscuous mode [ 82.689684][ T405] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.709033][ T405] device veth1_macvtap left promiscuous mode [ 82.715439][ T405] device veth0_macvtap left promiscuous mode [ 82.721540][ T405] device veth1_vlan left promiscuous mode [ 82.728903][ T405] device veth0_vlan left promiscuous mode [ 82.894723][ T405] team0 (unregistering): Port device team_slave_1 removed [ 82.909490][ T405] team0 (unregistering): Port device team_slave_0 removed [ 82.927102][ T405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 82.940743][ T405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.002015][ T405] bond0 (unregistering): Released all slaves [ 83.087405][ T4295] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.098185][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 83.106863][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 83.115122][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 83.124890][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 83.143352][ T4295] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.150786][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 83.160860][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.183001][ T4295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.191867][ T4295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.203670][ T4295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.212450][ T4295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.276987][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.294191][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.306410][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.336446][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.345041][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.354422][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.419344][ T4352] loop0: detected capacity change from 0 to 512 [ 83.471497][ T4352] ======================================================= [ 83.471497][ T4352] WARNING: The mand mount option has been deprecated and [ 83.471497][ T4352] and is ignored by this kernel. Remove the mand [ 83.471497][ T4352] option from the mount to silence this warning. [ 83.471497][ T4352] ======================================================= [ 83.547357][ T4352] [ 83.549766][ T4352] ====================================================== [ 83.556801][ T4352] WARNING: possible circular locking dependency detected [ 83.563853][ T4352] syzkaller #0 Not tainted [ 83.568330][ T4352] ------------------------------------------------------ [ 83.575367][ T4352] syz.0.17/4352 is trying to acquire lock: [ 83.581202][ T4352] ffff88807bc66bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 83.591352][ T4352] [ 83.591352][ T4352] but task is already holding lock: [ 83.598750][ T4352] ffff88806ef0da80 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 83.608738][ T4352] [ 83.608738][ T4352] which lock already depends on the new lock. [ 83.608738][ T4352] [ 83.619175][ T4352] [ 83.619175][ T4352] the existing dependency chain (in reverse order) is: [ 83.628225][ T4352] [ 83.628225][ T4352] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 83.635831][ T4352] down_read+0x44/0x2e0 [ 83.640544][ T4352] ext4_setattr+0x71d/0x19e0 [ 83.645683][ T4352] notify_change+0xbcd/0xee0 [ 83.650824][ T4352] chown_common+0x483/0x610 [ 83.655879][ T4352] do_fchownat+0x164/0x270 [ 83.660853][ T4352] __x64_sys_chown+0x7e/0x90 [ 83.666003][ T4352] do_syscall_64+0x4c/0xa0 [ 83.670961][ T4352] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 83.677417][ T4352] [ 83.677417][ T4352] -> #1 (jbd2_handle){++++}-{0:0}: [ 83.684751][ T4352] start_this_handle+0x1338/0x15a0 [ 83.690416][ T4352] jbd2__journal_start+0x2b7/0x5a0 [ 83.696073][ T4352] __ext4_journal_start_sb+0x167/0x360 [ 83.702087][ T4352] ext4_writepages+0xdc2/0x2d20 [ 83.707487][ T4352] do_writepages+0x48d/0x6d0 [ 83.712624][ T4352] filemap_fdatawrite_wbc+0x1eb/0x240 [ 83.718553][ T4352] file_write_and_wait_range+0x129/0x1e0 [ 83.724752][ T4352] ext4_sync_file+0x1ff/0xae0 [ 83.729988][ T4352] __x64_sys_fsync+0x1a5/0x1e0 [ 83.735294][ T4352] do_syscall_64+0x4c/0xa0 [ 83.740256][ T4352] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 83.746694][ T4352] [ 83.746694][ T4352] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 83.755160][ T4352] __lock_acquire+0x2c33/0x7c60 [ 83.760562][ T4352] lock_acquire+0x197/0x3f0 [ 83.765621][ T4352] percpu_down_read+0x46/0x1b0 [ 83.770936][ T4352] ext4_writepages+0x1c0/0x2d20 [ 83.776342][ T4352] do_writepages+0x48d/0x6d0 [ 83.781486][ T4352] __writeback_single_inode+0x153/0xda0 [ 83.787586][ T4352] writeback_single_inode+0x221/0x8b0 [ 83.793515][ T4352] write_inode_now+0x217/0x280 [ 83.798832][ T4352] iput+0x5ab/0x8a0 [ 83.803197][ T4352] ext4_xattr_set_entry+0x10ff/0x3d30 [ 83.809122][ T4352] ext4_xattr_block_set+0x4f7/0x2d30 [ 83.814955][ T4352] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 83.821316][ T4352] __ext4_expand_extra_isize+0x301/0x3e0 [ 83.827495][ T4352] __ext4_mark_inode_dirty+0x469/0x700 [ 83.833500][ T4352] ext4_evict_inode+0xa81/0x1080 [ 83.838992][ T4352] evict+0x485/0x870 [ 83.843439][ T4352] ext4_orphan_cleanup+0xaa9/0x12e0 [ 83.849183][ T4352] ext4_fill_super+0x92f0/0x9a60 [ 83.854668][ T4352] mount_bdev+0x287/0x3c0 [ 83.859555][ T4352] legacy_get_tree+0xe6/0x180 [ 83.864793][ T4352] vfs_get_tree+0x88/0x270 [ 83.869771][ T4352] do_new_mount+0x24a/0xa40 [ 83.874822][ T4352] __se_sys_mount+0x2d6/0x3c0 [ 83.880043][ T4352] do_syscall_64+0x4c/0xa0 [ 83.885007][ T4352] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 83.891449][ T4352] [ 83.891449][ T4352] other info that might help us debug this: [ 83.891449][ T4352] [ 83.901706][ T4352] Chain exists of: [ 83.901706][ T4352] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 83.901706][ T4352] [ 83.915131][ T4352] Possible unsafe locking scenario: [ 83.915131][ T4352] [ 83.922737][ T4352] CPU0 CPU1 [ 83.928122][ T4352] ---- ---- [ 83.933505][ T4352] lock(&ei->xattr_sem); [ 83.937877][ T4352] lock(jbd2_handle); [ 83.944504][ T4352] lock(&ei->xattr_sem); [ 83.951386][ T4352] lock(&sbi->s_writepages_rwsem); [ 83.956619][ T4352] [ 83.956619][ T4352] *** DEADLOCK *** [ 83.956619][ T4352] [ 83.964782][ T4352] 3 locks held by syz.0.17/4352: [ 83.969748][ T4352] #0: ffff88807bc640e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 83.979900][ T4352] #1: ffff88807bc64650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 83.989425][ T4352] #2: ffff88806ef0da80 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 83.999763][ T4352] [ 83.999763][ T4352] stack backtrace: [ 84.005707][ T4352] CPU: 1 PID: 4352 Comm: syz.0.17 Not tainted syzkaller #0 [ 84.012941][ T4352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 84.023039][ T4352] Call Trace: [ 84.026342][ T4352] [ 84.029290][ T4352] dump_stack_lvl+0x168/0x230 [ 84.034001][ T4352] ? load_image+0x3b0/0x3b0 [ 84.038527][ T4352] ? show_regs_print_info+0x20/0x20 [ 84.043764][ T4352] ? print_circular_bug+0x12b/0x1a0 [ 84.049017][ T4352] check_noncircular+0x274/0x310 [ 84.053992][ T4352] ? add_chain_block+0x940/0x940 [ 84.058958][ T4352] ? lockdep_lock+0xdc/0x1e0 [ 84.063582][ T4352] ? lockdep_unlock+0x134/0x2d0 [ 84.068459][ T4352] ? mark_lock+0x94/0x320 [ 84.072819][ T4352] __lock_acquire+0x2c33/0x7c60 [ 84.077709][ T4352] ? verify_lock_unused+0x140/0x140 [ 84.082935][ T4352] ? verify_lock_unused+0x140/0x140 [ 84.088165][ T4352] ? mark_lock+0x94/0x320 [ 84.092535][ T4352] lock_acquire+0x197/0x3f0 [ 84.097065][ T4352] ? ext4_writepages+0x1c0/0x2d20 [ 84.102121][ T4352] ? check_path+0x40/0x40 [ 84.106477][ T4352] ? __might_sleep+0xf0/0xf0 [ 84.111094][ T4352] ? read_lock_is_recursive+0x10/0x10 [ 84.116499][ T4352] ? mark_lock+0x94/0x320 [ 84.120909][ T4352] ? __lock_acquire+0x13ad/0x7c60 [ 84.125996][ T4352] percpu_down_read+0x46/0x1b0 [ 84.130842][ T4352] ? ext4_writepages+0x1c0/0x2d20 [ 84.135901][ T4352] ext4_writepages+0x1c0/0x2d20 [ 84.140783][ T4352] ? rcu_is_watching+0x11/0xa0 [ 84.145574][ T4352] ? lock_release+0xba/0x870 [ 84.150209][ T4352] ? rcu_lock_release+0x5/0x20 [ 84.155005][ T4352] ? mark_lock+0x94/0x320 [ 84.159368][ T4352] ? verify_lock_unused+0x140/0x140 [ 84.164594][ T4352] ? mark_lock+0x94/0x320 [ 84.168996][ T4352] ? ext4_readpage+0x2e0/0x2e0 [ 84.173789][ T4352] ? __lock_acquire+0x13ad/0x7c60 [ 84.178849][ T4352] ? rcu_lock_release+0x5/0x20 [ 84.183651][ T4352] ? __lock_acquire+0x7c60/0x7c60 [ 84.188706][ T4352] ? do_raw_spin_lock+0x11d/0x280 [ 84.193764][ T4352] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 84.199171][ T4352] ? do_raw_spin_unlock+0x11d/0x230 [ 84.203002][ T4250] Bluetooth: hci0: command 0x040f tx timeout [ 84.204388][ T4352] ? ext4_readpage+0x2e0/0x2e0 [ 84.215150][ T4352] do_writepages+0x48d/0x6d0 [ 84.219792][ T4352] ? __writepage+0x130/0x130 [ 84.224410][ T4352] ? writeback_single_inode+0x216/0x8b0 [ 84.230007][ T4352] ? __lock_acquire+0x7c60/0x7c60 [ 84.235172][ T4352] ? do_raw_spin_lock+0x11d/0x280 [ 84.240291][ T4352] __writeback_single_inode+0x153/0xda0 [ 84.245887][ T4352] writeback_single_inode+0x221/0x8b0 [ 84.251297][ T4352] ? write_inode_now+0x280/0x280 [ 84.256277][ T4352] write_inode_now+0x217/0x280 [ 84.261082][ T4352] ? bdi_split_work_to_wbs+0x820/0x820 [ 84.266577][ T4352] ? do_raw_spin_unlock+0x11d/0x230 [ 84.271806][ T4352] iput+0x5ab/0x8a0 [ 84.275645][ T4352] ext4_xattr_set_entry+0x10ff/0x3d30 [ 84.281064][ T4352] ? ext4_xattr_ibody_set+0x330/0x330 [ 84.286466][ T4352] ? rcu_is_watching+0x11/0xa0 [ 84.291265][ T4352] ? kmem_cache_free+0x14c/0x210 [ 84.296239][ T4352] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 84.302359][ T4352] ext4_xattr_block_set+0x4f7/0x2d30 [ 84.307681][ T4352] ? do_raw_spin_unlock+0x11d/0x230 [ 84.313025][ T4352] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 84.318792][ T4352] ? ext4_xattr_block_find+0x500/0x500 [ 84.324289][ T4352] ? ext4_xattr_block_find+0x433/0x500 [ 84.329812][ T4352] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 84.335815][ T4352] __ext4_expand_extra_isize+0x301/0x3e0 [ 84.341499][ T4352] __ext4_mark_inode_dirty+0x469/0x700 [ 84.347002][ T4352] ext4_evict_inode+0xa81/0x1080 [ 84.351984][ T4352] ? _raw_spin_unlock+0x24/0x40 [ 84.356897][ T4352] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 84.362836][ T4352] ? do_raw_spin_unlock+0x11d/0x230 [ 84.368070][ T4352] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 84.373988][ T4352] evict+0x485/0x870 [ 84.377914][ T4352] ? __lock_acquire+0x7c60/0x7c60 [ 84.382976][ T4352] ? proc_nr_inodes+0x320/0x320 [ 84.387854][ T4352] ? do_raw_spin_unlock+0x11d/0x230 [ 84.393083][ T4352] ? _raw_spin_unlock+0x24/0x40 [ 84.397962][ T4352] ? iput+0x706/0x8a0 [ 84.401978][ T4352] ext4_orphan_cleanup+0xaa9/0x12e0 [ 84.407215][ T4352] ? ext4_orphan_del+0xb90/0xb90 [ 84.412185][ T4352] ? errseq_check_and_advance+0x62/0x120 [ 84.417850][ T4352] ext4_fill_super+0x92f0/0x9a60 [ 84.422828][ T4352] ? ext4_mount+0x40/0x40 [ 84.427185][ T4352] ? set_blocksize+0x1f1/0x370 [ 84.431978][ T4352] ? sb_set_blocksize+0xa5/0xe0 [ 84.436856][ T4352] mount_bdev+0x287/0x3c0 [ 84.441214][ T4352] ? ext4_mount+0x40/0x40 [ 84.445571][ T4352] legacy_get_tree+0xe6/0x180 [ 84.450295][ T4352] ? ext4_errno_to_code+0x160/0x160 [ 84.455563][ T4352] vfs_get_tree+0x88/0x270 [ 84.460016][ T4352] do_new_mount+0x24a/0xa40 [ 84.464562][ T4352] __se_sys_mount+0x2d6/0x3c0 [ 84.469406][ T4352] ? __x64_sys_mount+0xc0/0xc0 [ 84.474366][ T4352] ? lockdep_hardirqs_on+0x94/0x140 [ 84.479608][ T4352] ? __x64_sys_mount+0x1c/0xc0 [ 84.484398][ T4352] do_syscall_64+0x4c/0xa0 [ 84.488840][ T4352] ? clear_bhb_loop+0x30/0x80 [ 84.493547][ T4352] ? clear_bhb_loop+0x30/0x80 [ 84.498252][ T4352] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 84.504194][ T4352] RIP: 0033:0x7f0223672eea [ 84.508668][ T4352] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.528416][ T4352] RSP: 002b:00007ffe0059b8f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 84.536877][ T4352] RAX: ffffffffffffffda RBX: 00007ffe0059b980 RCX: 00007f0223672eea [ 84.544891][ T4352] RDX: 0000200000000180 RSI: 0000200000000080 RDI: 00007ffe0059b940 [ 84.552998][ T4352] RBP: 0000200000000180 R08: 00007ffe0059b980 R09: 0000000002808340 [ 84.561000][ T4352] R10: 0000000002808340 R11: 0000000000000246 R12: 0000200000000080 [ 84.569014][ T4352] R13: 00007ffe0059b940 R14: 000000000000047c R15: 0000200000000640 [ 84.577022][ T4352] [ 84.598453][ T4352] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 84.612022][ T4352] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 84.626630][ T4352] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 84.641446][ T4352] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 84.655721][ T4352] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 84.668647][ T4352] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 84.682271][ T4352] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 84.696825][ T4352] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 84.711200][ T4352] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 84.724496][ T4352] EXT4-fs (loop0): 1 orphan inode deleted [ 84.730266][ T4352] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nobarrier,debug_want_extra_isize=0x000000000000005a,sysvgroups,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,,errors=continue. Quota mode: none.