Warning: Permanently added '10.128.0.148' (ED25519) to the list of known hosts. 2026/01/11 17:26:26 parsed 1 programs [ 52.926571][ T4188] cgroup: Unknown subsys name 'net' [ 53.029849][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 54.247017][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 56.501996][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.510179][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.527407][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.536903][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.546656][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.558390][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 56.825424][ T4238] chnl_net:caif_netlink_parms(): no params data found [ 56.890661][ T4238] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.898487][ T4238] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.906680][ T4238] device bridge_slave_0 entered promiscuous mode [ 56.916205][ T4238] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.923377][ T4238] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.931343][ T4238] device bridge_slave_1 entered promiscuous mode [ 56.957374][ T4238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.968636][ T4238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.996117][ T4238] team0: Port device team_slave_0 added [ 57.003807][ T4238] team0: Port device team_slave_1 added [ 57.026272][ T4238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.033766][ T4238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.059832][ T4238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.072781][ T4238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.079747][ T4238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.106141][ T4238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.143642][ T4238] device hsr_slave_0 entered promiscuous mode [ 57.150528][ T4238] device hsr_slave_1 entered promiscuous mode [ 57.270365][ T4238] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.281805][ T4238] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.292577][ T4238] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.302699][ T4238] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.332993][ T4238] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.340202][ T4238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.348292][ T4238] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.355431][ T4238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.419686][ T4238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.431037][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.440451][ T1220] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.449442][ T1220] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.457754][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 57.469651][ T4238] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.481307][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.490821][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.497943][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.515797][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.529083][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.536227][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.559947][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.573065][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.587563][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.605100][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.620336][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.635251][ T4238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.759357][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.767739][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.779032][ T4238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.797151][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.812914][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 57.821394][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.830741][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.838984][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.848458][ T4238] device veth0_vlan entered promiscuous mode [ 57.859529][ T4238] device veth1_vlan entered promiscuous mode [ 57.878398][ T4238] device veth0_macvtap entered promiscuous mode [ 57.886505][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.894589][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 57.903031][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.911355][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.919869][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.930265][ T4238] device veth1_macvtap entered promiscuous mode [ 57.945375][ T4238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.953264][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.961308][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.970123][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.980934][ T4238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.989199][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.998629][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.009815][ T4238] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.018677][ T4238] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.027489][ T4238] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.036411][ T4238] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2026/01/11 17:26:34 executed programs: 0 [ 59.445183][ T4300] chnl_net:caif_netlink_parms(): no params data found [ 59.509023][ T4300] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.518364][ T4300] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.526551][ T4300] device bridge_slave_0 entered promiscuous mode [ 59.537175][ T4300] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.544661][ T4300] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.555603][ T4300] device bridge_slave_1 entered promiscuous mode [ 59.588247][ T4300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.601756][ T4300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.631908][ T4300] team0: Port device team_slave_0 added [ 59.641901][ T4300] team0: Port device team_slave_1 added [ 59.667050][ T4300] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.677027][ T4300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.705367][ T4300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.718984][ T4300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.728159][ T4300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.756553][ T4300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.799917][ T4300] device hsr_slave_0 entered promiscuous mode [ 59.806721][ T4300] device hsr_slave_1 entered promiscuous mode [ 59.815773][ T4300] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.823674][ T4300] Cannot create hsr debugfs directory [ 59.919182][ T4300] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.392787][ T4314] Bluetooth: hci0: command 0x0409 tx timeout [ 62.748020][ T4300] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.787381][ T4300] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.848266][ T4300] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.963941][ T4300] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.972631][ T4300] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.982894][ T4300] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.991271][ T4300] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.044445][ T4300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.056683][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.064977][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.080255][ T4300] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.093952][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.103223][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.111508][ T1220] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.118610][ T1220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.126627][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.144749][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.153447][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.161735][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.168808][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.179697][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.191190][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.201684][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.211006][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.220904][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.241964][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.250607][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.261837][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.270412][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.292910][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.301170][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.311491][ T4300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.400696][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.408334][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.419275][ T4300] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.437473][ T890] device hsr_slave_0 left promiscuous mode [ 63.444051][ T890] device hsr_slave_1 left promiscuous mode [ 63.450374][ T890] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.458608][ T890] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 63.467068][ T890] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 63.475558][ T4216] Bluetooth: hci0: command 0x041b tx timeout [ 63.475599][ T890] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 63.490007][ T890] device bridge_slave_1 left promiscuous mode [ 63.497322][ T890] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.509578][ T890] device bridge_slave_0 left promiscuous mode [ 63.516830][ T890] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.531663][ T890] device veth1_macvtap left promiscuous mode [ 63.538181][ T890] device veth0_macvtap left promiscuous mode [ 63.544417][ T890] device veth1_vlan left promiscuous mode [ 63.550279][ T890] device veth0_vlan left promiscuous mode [ 63.673471][ T890] team0 (unregistering): Port device team_slave_1 removed [ 63.686152][ T890] team0 (unregistering): Port device team_slave_0 removed [ 63.697968][ T890] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 63.711486][ T890] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 63.758081][ T890] bond0 (unregistering): Released all slaves [ 63.816058][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.824932][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.836235][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 63.844614][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.853836][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.861534][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.871618][ T4300] device veth0_vlan entered promiscuous mode [ 63.885079][ T4300] device veth1_vlan entered promiscuous mode [ 63.915124][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.923619][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.931510][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.940998][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.951450][ T4300] device veth0_macvtap entered promiscuous mode [ 63.961939][ T4300] device veth1_macvtap entered promiscuous mode [ 63.978575][ T4300] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.987022][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.995546][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 64.003639][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 64.012238][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.023407][ T4300] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.030719][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 64.039790][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.051728][ T4300] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.060737][ T4300] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.069505][ T4300] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.078327][ T4300] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.132726][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.140788][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.157769][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 64.171058][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.179364][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.188217][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.246084][ T4327] loop0: detected capacity change from 0 to 512 [ 64.293564][ T4327] [ 64.295916][ T4327] ====================================================== [ 64.302925][ T4327] WARNING: possible circular locking dependency detected [ 64.309943][ T4327] syzkaller #0 Not tainted [ 64.314391][ T4327] ------------------------------------------------------ [ 64.321395][ T4327] syz.0.17/4327 is trying to acquire lock: [ 64.327190][ T4327] ffff88807d68ebd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 64.337318][ T4327] [ 64.337318][ T4327] but task is already holding lock: [ 64.344682][ T4327] ffff8880697414b8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 64.354716][ T4327] [ 64.354716][ T4327] which lock already depends on the new lock. [ 64.354716][ T4327] [ 64.365115][ T4327] [ 64.365115][ T4327] the existing dependency chain (in reverse order) is: [ 64.374125][ T4327] [ 64.374125][ T4327] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 64.381770][ T4327] down_read+0x44/0x2e0 [ 64.386461][ T4327] ext4_setattr+0x71d/0x19e0 [ 64.391564][ T4327] notify_change+0xbcd/0xee0 [ 64.396674][ T4327] chown_common+0x483/0x610 [ 64.401700][ T4327] do_fchownat+0x164/0x270 [ 64.406631][ T4327] __x64_sys_chown+0x7e/0x90 [ 64.411737][ T4327] do_syscall_64+0x4c/0xa0 [ 64.416672][ T4327] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.423086][ T4327] [ 64.423086][ T4327] -> #1 (jbd2_handle){++++}-{0:0}: [ 64.430377][ T4327] start_this_handle+0x1338/0x15a0 [ 64.436009][ T4327] jbd2__journal_start+0x2b7/0x5a0 [ 64.441732][ T4327] __ext4_journal_start_sb+0x167/0x360 [ 64.447703][ T4327] ext4_writepages+0xdc2/0x2d20 [ 64.453065][ T4327] do_writepages+0x48d/0x6d0 [ 64.458169][ T4327] filemap_fdatawrite_wbc+0x1eb/0x240 [ 64.464052][ T4327] file_write_and_wait_range+0x129/0x1e0 [ 64.470201][ T4327] ext4_sync_file+0x1ff/0xae0 [ 64.475390][ T4327] __x64_sys_fsync+0x1a5/0x1e0 [ 64.480679][ T4327] do_syscall_64+0x4c/0xa0 [ 64.485620][ T4327] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.492045][ T4327] [ 64.492045][ T4327] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 64.500475][ T4327] __lock_acquire+0x2c33/0x7c60 [ 64.505856][ T4327] lock_acquire+0x197/0x3f0 [ 64.510885][ T4327] percpu_down_read+0x46/0x1b0 [ 64.516179][ T4327] ext4_writepages+0x1c0/0x2d20 [ 64.521559][ T4327] do_writepages+0x48d/0x6d0 [ 64.526677][ T4327] __writeback_single_inode+0x153/0xda0 [ 64.532752][ T4327] writeback_single_inode+0x221/0x8b0 [ 64.538716][ T4327] write_inode_now+0x217/0x280 [ 64.544070][ T4327] iput+0x5ab/0x8a0 [ 64.548377][ T4327] ext4_xattr_set_entry+0x10ff/0x3d30 [ 64.554260][ T4327] ext4_xattr_block_set+0x4f7/0x2d30 [ 64.560057][ T4327] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 64.566376][ T4327] __ext4_expand_extra_isize+0x301/0x3e0 [ 64.572516][ T4327] __ext4_mark_inode_dirty+0x469/0x700 [ 64.578479][ T4327] ext4_evict_inode+0xa81/0x1080 [ 64.583912][ T4327] evict+0x485/0x870 [ 64.588306][ T4327] ext4_orphan_cleanup+0xaa9/0x12e0 [ 64.594002][ T4327] ext4_fill_super+0x92f0/0x9a60 [ 64.599443][ T4327] mount_bdev+0x287/0x3c0 [ 64.604277][ T4327] legacy_get_tree+0xe6/0x180 [ 64.609550][ T4327] vfs_get_tree+0x88/0x270 [ 64.614467][ T4327] do_new_mount+0x24a/0xa40 [ 64.619472][ T4327] __se_sys_mount+0x2d6/0x3c0 [ 64.624650][ T4327] do_syscall_64+0x4c/0xa0 [ 64.629564][ T4327] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 64.635958][ T4327] [ 64.635958][ T4327] other info that might help us debug this: [ 64.635958][ T4327] [ 64.646163][ T4327] Chain exists of: [ 64.646163][ T4327] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 64.646163][ T4327] [ 64.659599][ T4327] Possible unsafe locking scenario: [ 64.659599][ T4327] [ 64.667031][ T4327] CPU0 CPU1 [ 64.672443][ T4327] ---- ---- [ 64.677797][ T4327] lock(&ei->xattr_sem); [ 64.682126][ T4327] lock(jbd2_handle); [ 64.688804][ T4327] lock(&ei->xattr_sem); [ 64.695629][ T4327] lock(&sbi->s_writepages_rwsem); [ 64.700805][ T4327] [ 64.700805][ T4327] *** DEADLOCK *** [ 64.700805][ T4327] [ 64.708922][ T4327] 3 locks held by syz.0.17/4327: [ 64.713835][ T4327] #0: ffff88807d68c0e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 64.723907][ T4327] #1: ffff88807d68c650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 64.733366][ T4327] #2: ffff8880697414b8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 64.743600][ T4327] [ 64.743600][ T4327] stack backtrace: [ 64.749467][ T4327] CPU: 0 PID: 4327 Comm: syz.0.17 Not tainted syzkaller #0 [ 64.756638][ T4327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 64.766688][ T4327] Call Trace: [ 64.769949][ T4327] [ 64.772857][ T4327] dump_stack_lvl+0x168/0x230 [ 64.777513][ T4327] ? load_image+0x3b0/0x3b0 [ 64.781989][ T4327] ? show_regs_print_info+0x20/0x20 [ 64.787169][ T4327] ? print_circular_bug+0x12b/0x1a0 [ 64.792343][ T4327] check_noncircular+0x274/0x310 [ 64.797261][ T4327] ? add_chain_block+0x940/0x940 [ 64.802174][ T4327] ? lockdep_lock+0xdc/0x1e0 [ 64.806738][ T4327] ? __lock_acquire+0x7c60/0x7c60 [ 64.811737][ T4327] ? mark_lock+0x94/0x320 [ 64.816048][ T4327] __lock_acquire+0x2c33/0x7c60 [ 64.820885][ T4327] ? unwind_get_return_address+0x49/0x80 [ 64.826497][ T4327] ? verify_lock_unused+0x140/0x140 [ 64.831675][ T4327] ? stack_trace_save+0x98/0xe0 [ 64.836509][ T4327] ? stack_trace_snprint+0xf0/0xf0 [ 64.841603][ T4327] ? check_noncircular+0x16f/0x310 [ 64.846688][ T4327] ? add_chain_block+0x940/0x940 [ 64.851602][ T4327] lock_acquire+0x197/0x3f0 [ 64.856178][ T4327] ? ext4_writepages+0x1c0/0x2d20 [ 64.861184][ T4327] ? __lock_acquire+0x13ad/0x7c60 [ 64.866190][ T4327] ? __might_sleep+0xf0/0xf0 [ 64.870759][ T4327] ? read_lock_is_recursive+0x10/0x10 [ 64.876109][ T4327] ? mark_lock+0x94/0x320 [ 64.880420][ T4327] ? __lock_acquire+0x13ad/0x7c60 [ 64.885419][ T4327] percpu_down_read+0x46/0x1b0 [ 64.890157][ T4327] ? ext4_writepages+0x1c0/0x2d20 [ 64.895158][ T4327] ext4_writepages+0x1c0/0x2d20 [ 64.899991][ T4327] ? verify_lock_unused+0x140/0x140 [ 64.905168][ T4327] ? mark_lock+0x94/0x320 [ 64.909476][ T4327] ? ext4_readpage+0x2e0/0x2e0 [ 64.914217][ T4327] ? __lock_acquire+0x13ad/0x7c60 [ 64.919232][ T4327] ? rcu_lock_release+0x5/0x20 [ 64.924012][ T4327] ? __lock_acquire+0x7c60/0x7c60 [ 64.929017][ T4327] ? do_raw_spin_lock+0x11d/0x280 [ 64.934020][ T4327] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 64.939385][ T4327] ? do_raw_spin_unlock+0x11d/0x230 [ 64.944558][ T4327] ? ext4_readpage+0x2e0/0x2e0 [ 64.949300][ T4327] do_writepages+0x48d/0x6d0 [ 64.953870][ T4327] ? __writepage+0x130/0x130 [ 64.958437][ T4327] ? writeback_single_inode+0x216/0x8b0 [ 64.963960][ T4327] ? __lock_acquire+0x7c60/0x7c60 [ 64.968961][ T4327] ? do_raw_spin_lock+0x11d/0x280 [ 64.973964][ T4327] __writeback_single_inode+0x153/0xda0 [ 64.979487][ T4327] writeback_single_inode+0x221/0x8b0 [ 64.984839][ T4327] ? write_inode_now+0x280/0x280 [ 64.989760][ T4327] write_inode_now+0x217/0x280 [ 64.994504][ T4327] ? bdi_split_work_to_wbs+0x820/0x820 [ 64.999947][ T4327] ? do_raw_spin_unlock+0x11d/0x230 [ 65.005121][ T4327] iput+0x5ab/0x8a0 [ 65.008908][ T4327] ext4_xattr_set_entry+0x10ff/0x3d30 [ 65.014266][ T4327] ? ext4_xattr_ibody_set+0x330/0x330 [ 65.019622][ T4327] ? rcu_is_watching+0x11/0xa0 [ 65.024370][ T4327] ? kmem_cache_free+0x14c/0x210 [ 65.029288][ T4327] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 65.035341][ T4327] ext4_xattr_block_set+0x4f7/0x2d30 [ 65.040611][ T4327] ? do_raw_spin_unlock+0x11d/0x230 [ 65.045786][ T4327] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 65.051484][ T4327] ? ext4_xattr_block_find+0x500/0x500 [ 65.056920][ T4327] ? ext4_xattr_block_find+0x433/0x500 [ 65.062362][ T4327] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 65.068154][ T4327] __ext4_expand_extra_isize+0x301/0x3e0 [ 65.073768][ T4327] __ext4_mark_inode_dirty+0x469/0x700 [ 65.079241][ T4327] ext4_evict_inode+0xa81/0x1080 [ 65.084506][ T4327] ? _raw_spin_unlock+0x24/0x40 [ 65.089337][ T4327] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 65.095329][ T4327] ? do_raw_spin_unlock+0x11d/0x230 [ 65.100506][ T4327] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 65.106395][ T4327] evict+0x485/0x870 [ 65.110267][ T4327] ? __lock_acquire+0x7c60/0x7c60 [ 65.115308][ T4327] ? proc_nr_inodes+0x320/0x320 [ 65.120141][ T4327] ? do_raw_spin_unlock+0x11d/0x230 [ 65.125319][ T4327] ? _raw_spin_unlock+0x24/0x40 [ 65.130238][ T4327] ? iput+0x706/0x8a0 [ 65.134197][ T4327] ext4_orphan_cleanup+0xaa9/0x12e0 [ 65.139383][ T4327] ? ext4_orphan_del+0xb90/0xb90 [ 65.144303][ T4327] ? errseq_check_and_advance+0x62/0x120 [ 65.150002][ T4327] ext4_fill_super+0x92f0/0x9a60 [ 65.154935][ T4327] ? ext4_mount+0x40/0x40 [ 65.159271][ T4327] ? set_blocksize+0x1f1/0x370 [ 65.164022][ T4327] ? sb_set_blocksize+0xa5/0xe0 [ 65.168851][ T4327] mount_bdev+0x287/0x3c0 [ 65.173157][ T4327] ? ext4_mount+0x40/0x40 [ 65.177468][ T4327] legacy_get_tree+0xe6/0x180 [ 65.182123][ T4327] ? ext4_errno_to_code+0x160/0x160 [ 65.187303][ T4327] vfs_get_tree+0x88/0x270 [ 65.191699][ T4327] do_new_mount+0x24a/0xa40 [ 65.196179][ T4327] __se_sys_mount+0x2d6/0x3c0 [ 65.200859][ T4327] ? __x64_sys_mount+0xc0/0xc0 [ 65.205600][ T4327] ? lockdep_hardirqs_on+0x94/0x140 [ 65.210777][ T4327] ? __x64_sys_mount+0x1c/0xc0 [ 65.215518][ T4327] do_syscall_64+0x4c/0xa0 [ 65.219914][ T4327] ? clear_bhb_loop+0x30/0x80 [ 65.224570][ T4327] ? clear_bhb_loop+0x30/0x80 [ 65.229233][ T4327] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 65.235114][ T4327] RIP: 0033:0x7fa8aec4aeea [ 65.239513][ T4327] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.259101][ T4327] RSP: 002b:00007ffd52dc6338 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 65.267498][ T4327] RAX: ffffffffffffffda RBX: 00007ffd52dc63c0 RCX: 00007fa8aec4aeea [ 65.275452][ T4327] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffd52dc6380 [ 65.283427][ T4327] RBP: 0000200000000180 R08: 00007ffd52dc63c0 R09: 0000000000800700 [ 65.291376][ T4327] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 65.299342][ T4327] R13: 00007ffd52dc6380 R14: 000000000000046f R15: 000000000000002c [ 65.307295][ T4327] [ 65.326793][ T4327] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 65.343060][ T4327] EXT4-fs (loop0): Remounting filesystem read-only [ 65.349656][ T4327] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 65.362869][ T4327] EXT4-fs (loop0): Remounting filesystem read-only [ 65.369424][ T4327] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 65.382825][ T4327] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 65.396298][ T4327] EXT4-fs (loop0): Remounting filesystem read-only [ 65.402893][ T4327] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 65.415277][ T4327] EXT4-fs (loop0): Remounting filesystem read-only [ 65.421818][ T4327] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 65.435791][ T4327] EXT4-fs (loop0): Remounting filesystem read-only [ 65.442550][ T4327] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 65.455101][ T4327] EXT4-fs (loop0): Remounting filesystem read-only [ 65.461650][ T4327] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 65.475253][ T4327] EXT4-fs (loop0): Remounting filesystem read-only [ 65.481778][ T4327] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 65.494318][ T4327] EXT4-fs (loop0): Remounting filesystem read-only [ 65.500880][ T4327] EXT4-fs (loop0): 1 orphan inode deleted [ 65.506617][ T4327] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none. [ 65.552279][ T4313] Bluetooth: hci0: command 0x040f tx timeout