Warning: Permanently added '10.128.1.9' (ED25519) to the list of known hosts. 2025/12/11 12:40:20 parsed 1 programs [ 77.528615][ T4269] cgroup: Unknown subsys name 'net' [ 77.663125][ T4269] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.228392][ T4269] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 81.929029][ T4294] chnl_net:caif_netlink_parms(): no params data found [ 82.017631][ T4294] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.025527][ T4294] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.035627][ T4294] device bridge_slave_0 entered promiscuous mode [ 82.053049][ T4294] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.060857][ T4294] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.070224][ T4294] device bridge_slave_1 entered promiscuous mode [ 82.138878][ T4294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.150364][ T4294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.176832][ T4294] team0: Port device team_slave_0 added [ 82.184264][ T4294] team0: Port device team_slave_1 added [ 82.205149][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.212225][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.238186][ T4294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.255598][ T4294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.262722][ T4294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.288691][ T4294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.322490][ T4294] device hsr_slave_0 entered promiscuous mode [ 82.329483][ T4294] device hsr_slave_1 entered promiscuous mode [ 82.445297][ T4294] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.456481][ T4294] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.466728][ T4294] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.477572][ T4294] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.521543][ T4294] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.528905][ T4294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.537013][ T4294] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.544561][ T4294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.606632][ T4294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.621046][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 82.632576][ T32] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.642199][ T32] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.651761][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 82.665892][ T4294] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.688962][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 82.699172][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.706484][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.720488][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 82.729909][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.737220][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.760638][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 82.770595][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.782836][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.799180][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.810751][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.823189][ T4294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 83.024873][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.032553][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.045548][ T4294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.067582][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 83.076300][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.095835][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 83.105177][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.115964][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.124198][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 83.132776][ T4294] device veth0_vlan entered promiscuous mode [ 83.146293][ T4294] device veth1_vlan entered promiscuous mode [ 83.165593][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.173996][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 83.183490][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 83.192501][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.206531][ T4294] device veth0_macvtap entered promiscuous mode [ 83.216479][ T4294] device veth1_macvtap entered promiscuous mode [ 83.231752][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.241560][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 83.250976][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 83.259542][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 83.268385][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 83.289382][ T4294] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.298362][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 83.308690][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.325694][ T4294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.337648][ T4294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.346391][ T4294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.355517][ T4294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.504683][ T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.574098][ T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.582269][ T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.595142][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.615417][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.623731][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.633403][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.728779][ T4344] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.736898][ T4344] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.744612][ T4344] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.753991][ T4346] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.762801][ T4346] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.770213][ T4346] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 2025/12/11 12:40:31 executed programs: 0 [ 85.548853][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.557571][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.565095][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.573957][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.581852][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.589415][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.725067][ T4366] chnl_net:caif_netlink_parms(): no params data found [ 85.774203][ T4366] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.781681][ T4366] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.790293][ T4366] device bridge_slave_0 entered promiscuous mode [ 85.799197][ T4366] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.806322][ T4366] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.814632][ T4366] device bridge_slave_1 entered promiscuous mode [ 85.838602][ T4366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.849777][ T4366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.876343][ T4366] team0: Port device team_slave_0 added [ 85.884123][ T4366] team0: Port device team_slave_1 added [ 85.907228][ T4366] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.914245][ T4366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.940510][ T4366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.952534][ T4366] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.959807][ T4366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.985933][ T4366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.020592][ T4366] device hsr_slave_0 entered promiscuous mode [ 86.027712][ T4366] device hsr_slave_1 entered promiscuous mode [ 86.034362][ T4366] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.042559][ T4366] Cannot create hsr debugfs directory [ 86.068348][ T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.758657][ T7] cfg80211: failed to load regulatory.db [ 87.637824][ T4346] Bluetooth: hci0: command 0x0409 tx timeout [ 88.158542][ T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.229127][ T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.061588][ T4366] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.085511][ T46] device hsr_slave_0 left promiscuous mode [ 89.092519][ T46] device hsr_slave_1 left promiscuous mode [ 89.102670][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.110887][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 89.121909][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.130062][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 89.140439][ T46] device bridge_slave_1 left promiscuous mode [ 89.148032][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.163223][ T46] device bridge_slave_0 left promiscuous mode [ 89.171239][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.204012][ T46] device veth1_macvtap left promiscuous mode [ 89.211256][ T46] device veth0_macvtap left promiscuous mode [ 89.219958][ T46] device veth1_vlan left promiscuous mode [ 89.226690][ T46] device veth0_vlan left promiscuous mode [ 89.604955][ T46] team0 (unregistering): Port device team_slave_1 removed [ 89.634561][ T46] team0 (unregistering): Port device team_slave_0 removed [ 89.665244][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.699707][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.716875][ T4346] Bluetooth: hci0: command 0x041b tx timeout [ 89.976463][ T46] bond0 (unregistering): Released all slaves [ 90.066179][ T4366] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.076233][ T4366] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 90.089490][ T4366] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 90.173060][ T4366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.188130][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.195965][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.208678][ T4366] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.227933][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 90.237966][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 90.246501][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.253679][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.262159][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 90.273221][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 90.282230][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.289404][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.297772][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 90.309525][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 90.321331][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 90.342136][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 90.356109][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 90.365315][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 90.377892][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 90.387320][ T4323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 90.405423][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 90.415735][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 90.430230][ T4366] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.443377][ T4366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 90.453353][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 90.462717][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 90.720752][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 90.728401][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 90.743167][ T4366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.769897][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 90.780109][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 90.802250][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 90.811094][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 90.820715][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 90.829713][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 90.839132][ T4366] device veth0_vlan entered promiscuous mode [ 90.851256][ T4366] device veth1_vlan entered promiscuous mode [ 90.871076][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 90.879580][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 90.888007][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 90.896511][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 90.907976][ T4366] device veth0_macvtap entered promiscuous mode [ 90.918747][ T4366] device veth1_macvtap entered promiscuous mode [ 90.934371][ T4366] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.942098][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 90.950833][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 90.960149][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 90.968852][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 90.981095][ T4366] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.988507][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 90.997549][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 91.009376][ T4366] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.019124][ T4366] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.028251][ T4366] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.037451][ T4366] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.090305][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.104101][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.120623][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 91.134044][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.142608][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.151660][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 91.202723][ T4428] loop0: detected capacity change from 0 to 512 [ 91.254772][ T4428] [ 91.257161][ T4428] ====================================================== [ 91.264187][ T4428] WARNING: possible circular locking dependency detected [ 91.271322][ T4428] syzkaller #0 Not tainted [ 91.275743][ T4428] ------------------------------------------------------ [ 91.282765][ T4428] syz.0.17/4428 is trying to acquire lock: [ 91.288571][ T4428] ffff88801ffe0b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2e50 [ 91.298692][ T4428] [ 91.298692][ T4428] but task is already holding lock: [ 91.306054][ T4428] ffff88805e1b4700 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3fe/0x770 [ 91.315901][ T4428] [ 91.315901][ T4428] which lock already depends on the new lock. [ 91.315901][ T4428] [ 91.326340][ T4428] [ 91.326340][ T4428] the existing dependency chain (in reverse order) is: [ 91.335357][ T4428] [ 91.335357][ T4428] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 91.342922][ T4428] down_read+0x42/0x2d0 [ 91.347620][ T4428] ext4_setattr+0x92a/0x19f0 [ 91.352766][ T4428] notify_change+0xc74/0xf40 [ 91.357910][ T4428] chown_common+0x486/0x620 [ 91.362946][ T4428] do_fchownat+0x164/0x270 [ 91.367896][ T4428] __x64_sys_chown+0x7e/0x90 [ 91.373106][ T4428] do_syscall_64+0x4c/0xa0 [ 91.378069][ T4428] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.384496][ T4428] [ 91.384496][ T4428] -> #1 (jbd2_handle){++++}-{0:0}: [ 91.391806][ T4428] start_this_handle+0x1f49/0x2150 [ 91.397459][ T4428] jbd2__journal_start+0x2b7/0x5a0 [ 91.403106][ T4428] __ext4_journal_start_sb+0x187/0x3d0 [ 91.409091][ T4428] ext4_writepages+0xde7/0x2e50 [ 91.414485][ T4428] do_writepages+0x3b7/0x610 [ 91.419619][ T4428] filemap_fdatawrite_wbc+0x11e/0x180 [ 91.425525][ T4428] file_write_and_wait_range+0x137/0x200 [ 91.431694][ T4428] ext4_sync_file+0x23b/0xca0 [ 91.436914][ T4428] __x64_sys_fsync+0x1a5/0x1e0 [ 91.442218][ T4428] do_syscall_64+0x4c/0xa0 [ 91.447172][ T4428] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.453600][ T4428] [ 91.453600][ T4428] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 91.462063][ T4428] __lock_acquire+0x2cf8/0x7c50 [ 91.467450][ T4428] lock_acquire+0x1b4/0x490 [ 91.472484][ T4428] percpu_down_read+0x44/0x1a0 [ 91.477816][ T4428] ext4_writepages+0x1c0/0x2e50 [ 91.483193][ T4428] do_writepages+0x3b7/0x610 [ 91.488314][ T4428] __writeback_single_inode+0x156/0x1160 [ 91.494482][ T4428] writeback_single_inode+0x221/0x8b0 [ 91.500389][ T4428] write_inode_now+0x15d/0x1d0 [ 91.505684][ T4428] iput+0x613/0x980 [ 91.510022][ T4428] ext4_xattr_block_set+0x2736/0x32a0 [ 91.515924][ T4428] ext4_expand_extra_isize_ea+0x109b/0x19b0 [ 91.522349][ T4428] __ext4_expand_extra_isize+0x301/0x3e0 [ 91.528508][ T4428] __ext4_mark_inode_dirty+0x47f/0x770 [ 91.534508][ T4428] ext4_evict_inode+0xa73/0x1100 [ 91.539993][ T4428] evict+0x485/0x870 [ 91.544507][ T4428] ext4_orphan_cleanup+0xbd3/0x1400 [ 91.550243][ T4428] ext4_fill_super+0x7bdf/0x8150 [ 91.555710][ T4428] get_tree_bdev+0x3f1/0x610 [ 91.560831][ T4428] vfs_get_tree+0x88/0x270 [ 91.565794][ T4428] do_new_mount+0x24a/0xa40 [ 91.570826][ T4428] __se_sys_mount+0x2d6/0x3c0 [ 91.576036][ T4428] do_syscall_64+0x4c/0xa0 [ 91.580986][ T4428] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.587410][ T4428] [ 91.587410][ T4428] other info that might help us debug this: [ 91.587410][ T4428] [ 91.597643][ T4428] Chain exists of: [ 91.597643][ T4428] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 91.597643][ T4428] [ 91.611137][ T4428] Possible unsafe locking scenario: [ 91.611137][ T4428] [ 91.618595][ T4428] CPU0 CPU1 [ 91.624059][ T4428] ---- ---- [ 91.629445][ T4428] lock(&ei->xattr_sem); [ 91.633786][ T4428] lock(jbd2_handle); [ 91.640381][ T4428] lock(&ei->xattr_sem); [ 91.647259][ T4428] lock(&sbi->s_writepages_rwsem); [ 91.652461][ T4428] [ 91.652461][ T4428] *** DEADLOCK *** [ 91.652461][ T4428] [ 91.660607][ T4428] 3 locks held by syz.0.17/4428: [ 91.665577][ T4428] #0: ffff88807a0f60e0 (&type->s_umount_key#27/1){+.+.}-{3:3}, at: alloc_super+0x1fa/0x930 [ 91.675700][ T4428] #1: ffff88807a0f6650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x436/0x1100 [ 91.685206][ T4428] #2: ffff88805e1b4700 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3fe/0x770 [ 91.695491][ T4428] [ 91.695491][ T4428] stack backtrace: [ 91.701401][ T4428] CPU: 1 PID: 4428 Comm: syz.0.17 Not tainted syzkaller #0 [ 91.708601][ T4428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 91.718669][ T4428] Call Trace: [ 91.721956][ T4428] [ 91.724890][ T4428] dump_stack_lvl+0x168/0x22e [ 91.729583][ T4428] ? load_image+0x3b0/0x3b0 [ 91.734097][ T4428] ? show_regs_print_info+0x12/0x12 [ 91.739311][ T4428] ? print_circular_bug+0x12b/0x1a0 [ 91.744564][ T4428] check_noncircular+0x274/0x310 [ 91.749517][ T4428] ? add_chain_block+0x940/0x940 [ 91.754476][ T4428] ? lockdep_lock+0xdc/0x1e0 [ 91.759084][ T4428] ? verify_lock_unused+0x140/0x140 [ 91.764294][ T4428] ? _find_first_zero_bit+0xcf/0x100 [ 91.769593][ T4428] __lock_acquire+0x2cf8/0x7c50 [ 91.774465][ T4428] ? verify_lock_unused+0x140/0x140 [ 91.779680][ T4428] ? mark_lock+0x94/0x320 [ 91.784022][ T4428] ? __lock_acquire+0x13c0/0x7c50 [ 91.789068][ T4428] lock_acquire+0x1b4/0x490 [ 91.793588][ T4428] ? ext4_writepages+0x1c0/0x2e50 [ 91.798631][ T4428] ? __might_sleep+0xd0/0xd0 [ 91.803235][ T4428] ? read_lock_is_recursive+0x10/0x10 [ 91.808623][ T4428] ? __lock_acquire+0x12e5/0x7c50 [ 91.813669][ T4428] ? mark_lock+0x94/0x320 [ 91.818020][ T4428] percpu_down_read+0x44/0x1a0 [ 91.822793][ T4428] ? ext4_writepages+0x1c0/0x2e50 [ 91.827823][ T4428] ext4_writepages+0x1c0/0x2e50 [ 91.832689][ T4428] ? __lock_acquire+0x13c0/0x7c50 [ 91.837735][ T4428] ? verify_lock_unused+0x140/0x140 [ 91.842948][ T4428] ? mark_lock+0x94/0x320 [ 91.847291][ T4428] ? ext4_read_folio+0x370/0x370 [ 91.852235][ T4428] ? __lock_acquire+0x13c0/0x7c50 [ 91.857280][ T4428] ? __lock_acquire+0x7c50/0x7c50 [ 91.862317][ T4428] ? do_raw_spin_lock+0x11d/0x280 [ 91.867367][ T4428] ? do_raw_spin_unlock+0x11d/0x230 [ 91.872594][ T4428] ? ext4_read_folio+0x370/0x370 [ 91.877544][ T4428] do_writepages+0x3b7/0x610 [ 91.882146][ T4428] ? __writepage+0x130/0x130 [ 91.886747][ T4428] ? writeback_single_inode+0x216/0x8b0 [ 91.892306][ T4428] ? __lock_acquire+0x7c50/0x7c50 [ 91.897354][ T4428] ? do_raw_spin_lock+0x11d/0x280 [ 91.902397][ T4428] ? __ext4_expand_extra_isize+0x301/0x3e0 [ 91.908213][ T4428] __writeback_single_inode+0x156/0x1160 [ 91.913861][ T4428] writeback_single_inode+0x221/0x8b0 [ 91.919250][ T4428] ? write_inode_now+0x1d0/0x1d0 [ 91.924219][ T4428] write_inode_now+0x15d/0x1d0 [ 91.929001][ T4428] ? bdi_split_work_to_wbs+0x890/0x890 [ 91.934479][ T4428] ? rcu_is_watching+0x11/0xa0 [ 91.939280][ T4428] ? do_raw_spin_unlock+0x11d/0x230 [ 91.944517][ T4428] iput+0x613/0x980 [ 91.948355][ T4428] ext4_xattr_block_set+0x2736/0x32a0 [ 91.953781][ T4428] ? __might_sleep+0xd0/0xd0 [ 91.958422][ T4428] ? xattr_find_entry+0x12b/0x2f0 [ 91.963474][ T4428] ? ext4_xattr_block_find+0x2b0/0x2b0 [ 91.968966][ T4428] ? ext4_xattr_block_find+0x241/0x2b0 [ 91.974454][ T4428] ext4_expand_extra_isize_ea+0x109b/0x19b0 [ 91.980397][ T4428] __ext4_expand_extra_isize+0x301/0x3e0 [ 91.986055][ T4428] __ext4_mark_inode_dirty+0x47f/0x770 [ 91.991545][ T4428] ext4_evict_inode+0xa73/0x1100 [ 91.996533][ T4428] ? _raw_spin_unlock+0x24/0x40 [ 92.001403][ T4428] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 92.007313][ T4428] ? do_raw_spin_unlock+0x11d/0x230 [ 92.012532][ T4428] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 92.018442][ T4428] evict+0x485/0x870 [ 92.022352][ T4428] ? __lock_acquire+0x7c50/0x7c50 [ 92.027391][ T4428] ? proc_nr_inodes+0x2f0/0x2f0 [ 92.032276][ T4428] ? do_raw_spin_unlock+0x11d/0x230 [ 92.037496][ T4428] ? _raw_spin_unlock+0x24/0x40 [ 92.042359][ T4428] ? iput+0x768/0x980 [ 92.046351][ T4428] ext4_orphan_cleanup+0xbd3/0x1400 [ 92.051576][ T4428] ? ext4_orphan_del+0xb90/0xb90 [ 92.056628][ T4428] ? errseq_check_and_advance+0x62/0x120 [ 92.062363][ T4428] ext4_fill_super+0x7bdf/0x8150 [ 92.067311][ T4428] ? bdev_name+0x2c1/0x3f0 [ 92.071769][ T4428] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 92.078022][ T4428] ? snprintf+0xd7/0x120 [ 92.082280][ T4428] ? preempt_count_add+0x8d/0x190 [ 92.087403][ T4428] ? vscnprintf+0x80/0x80 [ 92.091761][ T4428] ? set_blocksize+0x1d0/0x470 [ 92.096631][ T4428] ? sb_set_blocksize+0xa5/0xe0 [ 92.101536][ T4428] get_tree_bdev+0x3f1/0x610 [ 92.106136][ T4428] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 92.112385][ T4428] vfs_get_tree+0x88/0x270 [ 92.116815][ T4428] do_new_mount+0x24a/0xa40 [ 92.121327][ T4428] __se_sys_mount+0x2d6/0x3c0 [ 92.126019][ T4428] ? __x64_sys_mount+0xc0/0xc0 [ 92.130813][ T4428] ? lockdep_hardirqs_on+0x94/0x140 [ 92.136018][ T4428] ? __x64_sys_mount+0x1c/0xc0 [ 92.140791][ T4428] do_syscall_64+0x4c/0xa0 [ 92.145226][ T4428] ? clear_bhb_loop+0x60/0xb0 [ 92.150000][ T4428] ? clear_bhb_loop+0x60/0xb0 [ 92.154689][ T4428] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 92.160599][ T4428] RIP: 0033:0x7f5829d90eea [ 92.165041][ T4428] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.184661][ T4428] RSP: 002b:00007fffe1f2c748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 92.193089][ T4428] RAX: ffffffffffffffda RBX: 00007fffe1f2c7d0 RCX: 00007f5829d90eea [ 92.201069][ T4428] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fffe1f2c790 [ 92.209050][ T4428] RBP: 0000200000000180 R08: 00007fffe1f2c7d0 R09: 0000000000800700 [ 92.217045][ T4428] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 92.225025][ T4428] R13: 00007fffe1f2c790 R14: 000000000000046f R15: 000000000000002c [ 92.233008][ T4428] [ 92.246606][ T4346] Bluetooth: hci0: command 0x040f tx timeout [ 92.265060][ T4428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 92.279784][ T4428] EXT4-fs (loop0): Remounting filesystem read-only [ 92.286452][ T4428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 92.299355][ T4428] EXT4-fs (loop0): Remounting filesystem read-only [ 92.306328][ T4428] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 92.320083][ T4428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 92.334020][ T4428] EXT4-fs (loop0): Remounting filesystem read-only [ 92.341277][ T4428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 92.353770][ T4428] EXT4-fs (loop0): Remounting filesystem read-only [ 92.360544][ T4428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 92.374177][ T4428] EXT4-fs (loop0): Remounting filesystem read-only [ 92.380832][ T4428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 92.393345][ T4428] EXT4-fs (loop0): Remounting filesystem read-only [ 92.400045][ T4428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 92.413823][ T4428] EXT4-fs (loop0): Remounting filesystem read-only [ 92.420558][ T4428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 92.433045][ T4428] EXT4-fs (loop0): Remounting filesystem read-only [ 92.440125][ T4428] EXT4-fs (loop0): 1 orphan inode deleted [ 92.445900][ T4428] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 92.468162][ T4366] EXT4-fs (loop0): unmounting filesystem.