Warning: Permanently added '10.128.0.93' (ED25519) to the list of known hosts. 2026/01/03 05:13:47 parsed 1 programs [ 57.253725][ T4186] cgroup: Unknown subsys name 'net' [ 57.412963][ T4186] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.913174][ T4186] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 61.088531][ T1218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.096511][ T1218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.109986][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.125483][ T4209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.134056][ T4209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.142461][ T4209] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.305987][ T4236] chnl_net:caif_netlink_parms(): no params data found [ 62.368901][ T4236] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.376643][ T4236] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.384813][ T4236] device bridge_slave_0 entered promiscuous mode [ 62.394139][ T4236] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.401420][ T4236] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.409318][ T4236] device bridge_slave_1 entered promiscuous mode [ 62.436361][ T4236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.449377][ T4236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.478944][ T4236] team0: Port device team_slave_0 added [ 62.487622][ T4236] team0: Port device team_slave_1 added [ 62.507189][ T4236] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.514394][ T4236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.541059][ T4236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.553821][ T4236] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.560794][ T4236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.586744][ T4236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.625601][ T4236] device hsr_slave_0 entered promiscuous mode [ 62.633202][ T4236] device hsr_slave_1 entered promiscuous mode [ 62.741641][ T4236] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.752017][ T4236] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.762385][ T4236] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.774688][ T4236] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.859673][ T4236] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.866889][ T4236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.874866][ T4236] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.881941][ T4236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.984332][ T4236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.002851][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.011986][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.020607][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.032751][ T4236] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.044158][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.052807][ T145] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.059932][ T145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.071890][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.082243][ T145] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.089741][ T145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.108099][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.117255][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.130010][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.142571][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.154565][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.169710][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.251399][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.259325][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.272453][ T4236] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.290692][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.299875][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.332049][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 63.341278][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.350889][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.358988][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.370656][ T4236] device veth0_vlan entered promiscuous mode [ 63.400048][ T4236] device veth1_vlan entered promiscuous mode [ 63.423279][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.431532][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.440115][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.449220][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.460841][ T4236] device veth0_macvtap entered promiscuous mode [ 63.471408][ T4236] device veth1_macvtap entered promiscuous mode [ 63.503391][ T4236] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.511018][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.521027][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.529327][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.538644][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.550032][ T4236] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.557322][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.566263][ T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.592867][ T4236] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.602592][ T4236] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.612642][ T4236] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.621624][ T4236] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.721829][ T4236] syz-executor (4236) used greatest stack depth: 21000 bytes left 2026/01/03 05:13:56 executed programs: 0 [ 65.020868][ T4296] chnl_net:caif_netlink_parms(): no params data found [ 65.090130][ T4296] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.097314][ T4296] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.105560][ T4296] device bridge_slave_0 entered promiscuous mode [ 65.114388][ T4296] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.122597][ T4296] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.131066][ T4296] device bridge_slave_1 entered promiscuous mode [ 65.168665][ T4296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.181523][ T4296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.212682][ T4296] team0: Port device team_slave_0 added [ 65.222058][ T4296] team0: Port device team_slave_1 added [ 65.253117][ T4296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.260182][ T4296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.289332][ T4296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.302244][ T4296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.312723][ T4296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.343259][ T4296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.386016][ T4296] device hsr_slave_0 entered promiscuous mode [ 65.395650][ T4296] device hsr_slave_1 entered promiscuous mode [ 65.403418][ T4296] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.414180][ T4296] Cannot create hsr debugfs directory [ 65.522171][ T4296] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.918341][ T4265] Bluetooth: hci0: command 0x0409 tx timeout [ 68.695352][ T4296] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.756036][ T4296] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.844582][ T4296] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.008360][ T1108] Bluetooth: hci0: command 0x041b tx timeout [ 69.102592][ T4296] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.112224][ T4296] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.122153][ T4296] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.131851][ T4296] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.203121][ T4296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.215361][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 69.223503][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.233348][ T4296] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.250354][ T144] device hsr_slave_0 left promiscuous mode [ 69.256961][ T144] device hsr_slave_1 left promiscuous mode [ 69.263777][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.271697][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.280730][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.288304][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.295845][ T144] device bridge_slave_1 left promiscuous mode [ 69.303066][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.316168][ T144] device bridge_slave_0 left promiscuous mode [ 69.322403][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.338558][ T144] device veth1_macvtap left promiscuous mode [ 69.344832][ T144] device veth0_macvtap left promiscuous mode [ 69.351085][ T144] device veth1_vlan left promiscuous mode [ 69.356978][ T144] device veth0_vlan left promiscuous mode [ 69.495092][ T144] team0 (unregistering): Port device team_slave_1 removed [ 69.508946][ T144] team0 (unregistering): Port device team_slave_0 removed [ 69.521851][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 69.534583][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 69.584013][ T144] bond0 (unregistering): Released all slaves [ 69.646499][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 69.656388][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.664988][ T145] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.672130][ T145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.680758][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.705442][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.722523][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.731690][ T145] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.738954][ T145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.747201][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 69.756844][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.766119][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.775451][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.796597][ T4296] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 69.807039][ T4296] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 69.829614][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.838633][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.847112][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.856086][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.864886][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.874242][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 69.883019][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.892597][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.986252][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.994118][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 70.004972][ T4296] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.031992][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 70.041328][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 70.053299][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 70.062343][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 70.073241][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 70.081858][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 70.090608][ T4296] device veth0_vlan entered promiscuous mode [ 70.103852][ T4296] device veth1_vlan entered promiscuous mode [ 70.128269][ T4209] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 70.136967][ T4209] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 70.145505][ T4209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 70.156309][ T4209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.170227][ T4296] device veth0_macvtap entered promiscuous mode [ 70.180865][ T4296] device veth1_macvtap entered promiscuous mode [ 70.200499][ T4296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.208350][ T4209] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 70.217041][ T4209] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 70.225686][ T4209] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 70.234857][ T4209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.247982][ T4296] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.259451][ T4296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.271007][ T4296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.281062][ T4296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.289831][ T4296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.301651][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 70.310889][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 70.375440][ T1218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.389094][ T1218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.410929][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 70.422619][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.433687][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.444999][ T1218] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.525632][ T4318] loop0: detected capacity change from 0 to 512 [ 70.541886][ T4318] ======================================================= [ 70.541886][ T4318] WARNING: The mand mount option has been deprecated and [ 70.541886][ T4318] and is ignored by this kernel. Remove the mand [ 70.541886][ T4318] option from the mount to silence this warning. [ 70.541886][ T4318] ======================================================= [ 70.615074][ T4318] [ 70.617460][ T4318] ====================================================== [ 70.624483][ T4318] WARNING: possible circular locking dependency detected [ 70.631506][ T4318] syzkaller #0 Not tainted [ 70.635927][ T4318] ------------------------------------------------------ [ 70.642944][ T4318] syz.0.17/4318 is trying to acquire lock: [ 70.648749][ T4318] ffff88807e446bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 70.658863][ T4318] [ 70.658863][ T4318] but task is already holding lock: [ 70.666238][ T4318] ffff888068b100c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 70.676087][ T4318] [ 70.676087][ T4318] which lock already depends on the new lock. [ 70.676087][ T4318] [ 70.686581][ T4318] [ 70.686581][ T4318] the existing dependency chain (in reverse order) is: [ 70.695605][ T4318] [ 70.695605][ T4318] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 70.703195][ T4318] down_read+0x44/0x2e0 [ 70.707895][ T4318] ext4_setattr+0x71d/0x19e0 [ 70.713025][ T4318] notify_change+0xbcd/0xee0 [ 70.718154][ T4318] chown_common+0x483/0x610 [ 70.723190][ T4318] do_fchownat+0x164/0x270 [ 70.728142][ T4318] __x64_sys_chown+0x7e/0x90 [ 70.733266][ T4318] do_syscall_64+0x4c/0xa0 [ 70.738207][ T4318] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 70.744622][ T4318] [ 70.744622][ T4318] -> #1 (jbd2_handle){++++}-{0:0}: [ 70.751911][ T4318] start_this_handle+0x1338/0x15a0 [ 70.757540][ T4318] jbd2__journal_start+0x2b7/0x5a0 [ 70.763173][ T4318] __ext4_journal_start_sb+0x167/0x360 [ 70.769152][ T4318] ext4_writepages+0xdc2/0x2d20 [ 70.774521][ T4318] do_writepages+0x48d/0x6d0 [ 70.779637][ T4318] filemap_fdatawrite_wbc+0x1eb/0x240 [ 70.785531][ T4318] file_write_and_wait_range+0x129/0x1e0 [ 70.791778][ T4318] ext4_sync_file+0x1ff/0xae0 [ 70.796975][ T4318] __x64_sys_fsync+0x1a5/0x1e0 [ 70.802260][ T4318] do_syscall_64+0x4c/0xa0 [ 70.807196][ T4318] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 70.813610][ T4318] [ 70.813610][ T4318] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 70.822032][ T4318] __lock_acquire+0x2c33/0x7c60 [ 70.827403][ T4318] lock_acquire+0x197/0x3f0 [ 70.832439][ T4318] percpu_down_read+0x46/0x1b0 [ 70.837718][ T4318] ext4_writepages+0x1c0/0x2d20 [ 70.843087][ T4318] do_writepages+0x48d/0x6d0 [ 70.848200][ T4318] __writeback_single_inode+0x153/0xda0 [ 70.854324][ T4318] writeback_single_inode+0x221/0x8b0 [ 70.860255][ T4318] write_inode_now+0x217/0x280 [ 70.865541][ T4318] iput+0x5ab/0x8a0 [ 70.869870][ T4318] ext4_xattr_set_entry+0x10ff/0x3d30 [ 70.875766][ T4318] ext4_xattr_block_set+0x4f7/0x2d30 [ 70.881575][ T4318] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 70.887905][ T4318] __ext4_expand_extra_isize+0x301/0x3e0 [ 70.894060][ T4318] __ext4_mark_inode_dirty+0x469/0x700 [ 70.900040][ T4318] ext4_evict_inode+0xa81/0x1080 [ 70.905498][ T4318] evict+0x485/0x870 [ 70.909921][ T4318] ext4_orphan_cleanup+0xaa9/0x12e0 [ 70.915693][ T4318] ext4_fill_super+0x92f0/0x9a60 [ 70.921182][ T4318] mount_bdev+0x287/0x3c0 [ 70.926042][ T4318] legacy_get_tree+0xe6/0x180 [ 70.931355][ T4318] vfs_get_tree+0x88/0x270 [ 70.936293][ T4318] do_new_mount+0x24a/0xa40 [ 70.941316][ T4318] __se_sys_mount+0x2d6/0x3c0 [ 70.946513][ T4318] do_syscall_64+0x4c/0xa0 [ 70.951447][ T4318] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 70.957857][ T4318] [ 70.957857][ T4318] other info that might help us debug this: [ 70.957857][ T4318] [ 70.968078][ T4318] Chain exists of: [ 70.968078][ T4318] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 70.968078][ T4318] [ 70.981459][ T4318] Possible unsafe locking scenario: [ 70.981459][ T4318] [ 70.989006][ T4318] CPU0 CPU1 [ 70.994365][ T4318] ---- ---- [ 70.999777][ T4318] lock(&ei->xattr_sem); [ 71.004202][ T4318] lock(jbd2_handle); [ 71.010785][ T4318] lock(&ei->xattr_sem); [ 71.017633][ T4318] lock(&sbi->s_writepages_rwsem); [ 71.022831][ T4318] [ 71.022831][ T4318] *** DEADLOCK *** [ 71.022831][ T4318] [ 71.030968][ T4318] 3 locks held by syz.0.17/4318: [ 71.035905][ T4318] #0: ffff88807e4440e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 71.046007][ T4318] #1: ffff88807e444650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 71.055507][ T4318] #2: ffff888068b100c8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 71.065779][ T4318] [ 71.065779][ T4318] stack backtrace: [ 71.071682][ T4318] CPU: 1 PID: 4318 Comm: syz.0.17 Not tainted syzkaller #0 [ 71.078883][ T4318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 71.088936][ T4318] Call Trace: [ 71.092214][ T4318] [ 71.095143][ T4318] dump_stack_lvl+0x168/0x230 [ 71.099825][ T4318] ? load_image+0x3b0/0x3b0 [ 71.104332][ T4318] ? show_regs_print_info+0x20/0x20 [ 71.109531][ T4318] ? print_circular_bug+0x12b/0x1a0 [ 71.114736][ T4318] check_noncircular+0x274/0x310 [ 71.119674][ T4318] ? add_chain_block+0x940/0x940 [ 71.124605][ T4318] ? lockdep_lock+0xdc/0x1e0 [ 71.129196][ T4318] ? lockdep_unlock+0x134/0x2d0 [ 71.134048][ T4318] ? mark_lock+0x94/0x320 [ 71.138376][ T4318] __lock_acquire+0x2c33/0x7c60 [ 71.143237][ T4318] ? verify_lock_unused+0x140/0x140 [ 71.148442][ T4318] ? verify_lock_unused+0x140/0x140 [ 71.153640][ T4318] ? mark_lock+0x94/0x320 [ 71.157974][ T4318] lock_acquire+0x197/0x3f0 [ 71.162483][ T4318] ? ext4_writepages+0x1c0/0x2d20 [ 71.167509][ T4318] ? check_path+0x40/0x40 [ 71.171837][ T4318] ? __might_sleep+0xf0/0xf0 [ 71.176428][ T4318] ? read_lock_is_recursive+0x10/0x10 [ 71.181798][ T4318] ? mark_lock+0x94/0x320 [ 71.186227][ T4318] ? __lock_acquire+0x13ad/0x7c60 [ 71.191250][ T4318] percpu_down_read+0x46/0x1b0 [ 71.196106][ T4318] ? ext4_writepages+0x1c0/0x2d20 [ 71.201186][ T4318] ext4_writepages+0x1c0/0x2d20 [ 71.206041][ T4318] ? rcu_is_watching+0x11/0xa0 [ 71.210805][ T4318] ? lock_release+0xba/0x870 [ 71.215396][ T4318] ? rcu_lock_release+0x5/0x20 [ 71.220162][ T4318] ? mark_lock+0x94/0x320 [ 71.224493][ T4318] ? verify_lock_unused+0x140/0x140 [ 71.229692][ T4318] ? mark_lock+0x94/0x320 [ 71.234304][ T4318] ? ext4_readpage+0x2e0/0x2e0 [ 71.239070][ T4318] ? __lock_acquire+0x13ad/0x7c60 [ 71.244096][ T4318] ? rcu_lock_release+0x5/0x20 [ 71.248867][ T4318] ? __lock_acquire+0x7c60/0x7c60 [ 71.253983][ T4318] ? do_raw_spin_lock+0x11d/0x280 [ 71.259007][ T4318] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 71.264467][ T4318] ? do_raw_spin_unlock+0x11d/0x230 [ 71.269673][ T4318] ? ext4_readpage+0x2e0/0x2e0 [ 71.274468][ T4318] do_writepages+0x48d/0x6d0 [ 71.279090][ T4318] ? __writepage+0x130/0x130 [ 71.283680][ T4318] ? writeback_single_inode+0x216/0x8b0 [ 71.289227][ T4318] ? __lock_acquire+0x7c60/0x7c60 [ 71.294247][ T4318] ? do_raw_spin_lock+0x11d/0x280 [ 71.299272][ T4318] __writeback_single_inode+0x153/0xda0 [ 71.304815][ T4318] writeback_single_inode+0x221/0x8b0 [ 71.310188][ T4318] ? write_inode_now+0x280/0x280 [ 71.315133][ T4318] write_inode_now+0x217/0x280 [ 71.319895][ T4318] ? bdi_split_work_to_wbs+0x820/0x820 [ 71.325362][ T4318] ? do_raw_spin_unlock+0x11d/0x230 [ 71.330563][ T4318] iput+0x5ab/0x8a0 [ 71.334631][ T4318] ext4_xattr_set_entry+0x10ff/0x3d30 [ 71.340063][ T4318] ? ext4_xattr_ibody_set+0x330/0x330 [ 71.345440][ T4318] ? rcu_is_watching+0x11/0xa0 [ 71.350204][ T4318] ? kmem_cache_free+0x14c/0x210 [ 71.355575][ T4318] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 71.361643][ T4318] ext4_xattr_block_set+0x4f7/0x2d30 [ 71.366926][ T4318] ? do_raw_spin_unlock+0x11d/0x230 [ 71.372129][ T4318] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 71.377849][ T4318] ? ext4_xattr_block_find+0x500/0x500 [ 71.383306][ T4318] ? ext4_xattr_block_find+0x433/0x500 [ 71.388768][ T4318] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 71.394586][ T4318] __ext4_expand_extra_isize+0x301/0x3e0 [ 71.400219][ T4318] __ext4_mark_inode_dirty+0x469/0x700 [ 71.405678][ T4318] ext4_evict_inode+0xa81/0x1080 [ 71.410614][ T4318] ? _raw_spin_unlock+0x24/0x40 [ 71.415464][ T4318] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 71.421355][ T4318] ? do_raw_spin_unlock+0x11d/0x230 [ 71.426556][ T4318] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 71.432443][ T4318] evict+0x485/0x870 [ 71.436444][ T4318] ? __lock_acquire+0x7c60/0x7c60 [ 71.441472][ T4318] ? proc_nr_inodes+0x320/0x320 [ 71.446325][ T4318] ? do_raw_spin_unlock+0x11d/0x230 [ 71.451526][ T4318] ? _raw_spin_unlock+0x24/0x40 [ 71.456379][ T4318] ? iput+0x706/0x8a0 [ 71.460364][ T4318] ext4_orphan_cleanup+0xaa9/0x12e0 [ 71.465574][ T4318] ? ext4_orphan_del+0xb90/0xb90 [ 71.470511][ T4318] ? errseq_check_and_advance+0x62/0x120 [ 71.476242][ T4318] ext4_fill_super+0x92f0/0x9a60 [ 71.481283][ T4318] ? ext4_mount+0x40/0x40 [ 71.485700][ T4318] ? set_blocksize+0x1f1/0x370 [ 71.490552][ T4318] ? sb_set_blocksize+0xa5/0xe0 [ 71.495402][ T4318] mount_bdev+0x287/0x3c0 [ 71.499730][ T4318] ? ext4_mount+0x40/0x40 [ 71.504167][ T4318] legacy_get_tree+0xe6/0x180 [ 71.508844][ T4318] ? ext4_errno_to_code+0x160/0x160 [ 71.514113][ T4318] vfs_get_tree+0x88/0x270 [ 71.518538][ T4318] do_new_mount+0x24a/0xa40 [ 71.523054][ T4318] __se_sys_mount+0x2d6/0x3c0 [ 71.527762][ T4318] ? __x64_sys_mount+0xc0/0xc0 [ 71.532541][ T4318] ? lockdep_hardirqs_on+0x94/0x140 [ 71.537742][ T4318] ? __x64_sys_mount+0x1c/0xc0 [ 71.542507][ T4318] do_syscall_64+0x4c/0xa0 [ 71.547009][ T4318] ? clear_bhb_loop+0x30/0x80 [ 71.551685][ T4318] ? clear_bhb_loop+0x30/0x80 [ 71.556459][ T4318] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 71.562351][ T4318] RIP: 0033:0x7f8f0d615eea [ 71.566765][ T4318] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.586366][ T4318] RSP: 002b:00007ffe14e237e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 71.594782][ T4318] RAX: ffffffffffffffda RBX: 00007ffe14e23870 RCX: 00007f8f0d615eea [ 71.602749][ T4318] RDX: 0000200000000180 RSI: 0000200000000080 RDI: 00007ffe14e23830 [ 71.610722][ T4318] RBP: 0000200000000180 R08: 00007ffe14e23870 R09: 0000000002808340 [ 71.618695][ T4318] R10: 0000000002808340 R11: 0000000000000246 R12: 0000200000000080 [ 71.626667][ T4318] R13: 00007ffe14e23830 R14: 000000000000048c R15: 00002000000001c0 [ 71.634641][ T4318] [ 71.639797][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.641447][ T23] Bluetooth: hci0: command 0x040f tx timeout [ 71.646108][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.673846][ T4318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 94 (inode size 256) [ 71.689227][ T4318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 71.702577][ T4318] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 71.716725][ T4318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 94 (inode size 256) [ 71.731618][ T4318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 71.744384][ T4318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 94 (inode size 256) [ 71.757875][ T4318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 71.771918][ T4318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 94 (inode size 256) [ 71.786307][ T4318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 71.799331][ T4318] EXT4-fs (loop0): 1 orphan inode deleted [ 71.805159][ T4318] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nobarrier,debug_want_extra_isize=0x000000000000005e,sysvgroups,inode_readahead_blks=0x0000000000000400,acl,nodioread_nolock,data_err=abort,data_err=ignore,,errors=continue. Quota mode: none.