Warning: Permanently added '10.128.0.50' (ED25519) to the list of known hosts. 2025/12/05 05:17:01 parsed 1 programs [ 62.645594][ T4271] cgroup: Unknown subsys name 'net' [ 62.778954][ T4271] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 64.065572][ T4271] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 65.637947][ T4292] chnl_net:caif_netlink_parms(): no params data found [ 65.687100][ T4292] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.695386][ T4292] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.703169][ T4292] device bridge_slave_0 entered promiscuous mode [ 65.715079][ T4292] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.722196][ T4292] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.730083][ T4292] device bridge_slave_1 entered promiscuous mode [ 65.751469][ T4292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.766343][ T4292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.787770][ T4292] team0: Port device team_slave_0 added [ 65.795188][ T4292] team0: Port device team_slave_1 added [ 65.812058][ T4292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.819151][ T4292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.845893][ T4292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.861100][ T4292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.868230][ T4292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.894363][ T4292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.924339][ T4292] device hsr_slave_0 entered promiscuous mode [ 65.931522][ T4292] device hsr_slave_1 entered promiscuous mode [ 66.014290][ T4292] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 66.024345][ T4292] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 66.034198][ T4292] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 66.043493][ T4292] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 66.069930][ T4292] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.077145][ T4292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.085075][ T4292] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.092157][ T4292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.144471][ T4292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.159558][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.171540][ T2906] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.181795][ T2906] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.190891][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 66.205421][ T4292] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.218370][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.227178][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.234399][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.245532][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.256895][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.264081][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.292035][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.301514][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.310179][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.329632][ T4292] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.342041][ T4292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.355597][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.364515][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.487443][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.495622][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.509617][ T4292] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.525508][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.543687][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.553625][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.561835][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.573559][ T4292] device veth0_vlan entered promiscuous mode [ 66.583693][ T4292] device veth1_vlan entered promiscuous mode [ 66.601558][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.609976][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.619146][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.635725][ T4292] device veth0_macvtap entered promiscuous mode [ 66.644995][ T4292] device veth1_macvtap entered promiscuous mode [ 66.661640][ T4292] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.670257][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.679409][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.696639][ T4292] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.704156][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.712861][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.727442][ T4292] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.736389][ T4292] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.745376][ T4292] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.754151][ T4292] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.861111][ T4315] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.871253][ T4317] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.879423][ T4317] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.888102][ T4317] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.896292][ T4317] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.903577][ T4317] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.054670][ T75] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.409185][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.421069][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.431675][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.446821][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.454942][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.464051][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/12/05 05:17:09 executed programs: 0 [ 69.306893][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.316297][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.324720][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.334832][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.342370][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 69.350341][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.452447][ T4367] chnl_net:caif_netlink_parms(): no params data found [ 69.495997][ T75] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.512583][ T4367] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.520488][ T4367] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.528435][ T4367] device bridge_slave_0 entered promiscuous mode [ 69.536672][ T4367] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.544029][ T4367] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.551704][ T4367] device bridge_slave_1 entered promiscuous mode [ 69.572925][ T4367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.584346][ T4367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.606521][ T4367] team0: Port device team_slave_0 added [ 69.614146][ T4367] team0: Port device team_slave_1 added [ 69.630983][ T4367] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.638239][ T4367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.664408][ T4367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.676874][ T4367] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.683965][ T4367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.710276][ T4367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.739224][ T4367] device hsr_slave_0 entered promiscuous mode [ 69.746160][ T4367] device hsr_slave_1 entered promiscuous mode [ 69.752679][ T4367] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.760601][ T4367] Cannot create hsr debugfs directory [ 71.326861][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.333331][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.404676][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 72.203855][ T75] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.275768][ T75] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.057992][ T75] device hsr_slave_0 left promiscuous mode [ 73.064765][ T75] device hsr_slave_1 left promiscuous mode [ 73.071609][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 73.080261][ T75] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 73.089019][ T75] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 73.098003][ T75] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 73.106067][ T75] device bridge_slave_1 left promiscuous mode [ 73.113118][ T75] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.126130][ T75] device bridge_slave_0 left promiscuous mode [ 73.132390][ T75] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.157887][ T75] device veth1_macvtap left promiscuous mode [ 73.164420][ T75] device veth0_macvtap left promiscuous mode [ 73.170752][ T75] device veth1_vlan left promiscuous mode [ 73.177227][ T75] device veth0_vlan left promiscuous mode [ 73.464745][ T75] team0 (unregistering): Port device team_slave_1 removed [ 73.484006][ T4317] Bluetooth: hci0: command 0x041b tx timeout [ 73.498915][ T75] team0 (unregistering): Port device team_slave_0 removed [ 73.526461][ T75] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 73.555007][ T75] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 73.800204][ T75] bond0 (unregistering): Released all slaves [ 73.885532][ T4367] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.896434][ T4367] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.907439][ T4367] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.923167][ T4367] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.978830][ T4367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.000770][ T4367] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.007976][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 74.016958][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.027054][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 74.036247][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.045343][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.052430][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.060519][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 74.076960][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.091071][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.100482][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.107654][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.120456][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.131408][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.143181][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.152101][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.162624][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.175878][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 74.185688][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.196594][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.206117][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.216954][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.225920][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.240631][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.446027][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 74.453518][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 74.474864][ T4367] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.496447][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.505576][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.523644][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 74.539206][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.551976][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.561327][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.571483][ T4367] device veth0_vlan entered promiscuous mode [ 74.585568][ T4367] device veth1_vlan entered promiscuous mode [ 74.633584][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 74.643613][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 74.652439][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.663128][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.674037][ T4367] device veth0_macvtap entered promiscuous mode [ 74.686290][ T4367] device veth1_macvtap entered promiscuous mode [ 74.709132][ T4367] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.718068][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 74.726801][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 74.735222][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.745099][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.755345][ T4367] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.766138][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.775039][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.785606][ T4367] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.794652][ T4367] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.803337][ T4367] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.812846][ T4367] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.859057][ T2906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.869000][ T2906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.881159][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 74.898161][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.906300][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.915458][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 74.959562][ T4438] loop0: detected capacity change from 0 to 512 [ 74.976740][ T4438] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 75.001244][ T4438] [ 75.003617][ T4438] ====================================================== [ 75.010639][ T4438] WARNING: possible circular locking dependency detected [ 75.017675][ T4438] syzkaller #0 Not tainted [ 75.022092][ T4438] ------------------------------------------------------ [ 75.029109][ T4438] syz.0.17/4438 is trying to acquire lock: [ 75.034951][ T4438] ffff88801ce68b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2e50 [ 75.045044][ T4438] [ 75.045044][ T4438] but task is already holding lock: [ 75.052399][ T4438] ffff8880696428e8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3fe/0x770 [ 75.062234][ T4438] [ 75.062234][ T4438] which lock already depends on the new lock. [ 75.062234][ T4438] [ 75.072633][ T4438] [ 75.072633][ T4438] the existing dependency chain (in reverse order) is: [ 75.081633][ T4438] [ 75.081633][ T4438] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 75.089179][ T4438] down_read+0x42/0x2d0 [ 75.093847][ T4438] ext4_setattr+0x92a/0x19f0 [ 75.098974][ T4438] notify_change+0xc74/0xf40 [ 75.104084][ T4438] chown_common+0x486/0x620 [ 75.109098][ T4438] do_fchownat+0x164/0x270 [ 75.114026][ T4438] __x64_sys_chown+0x7e/0x90 [ 75.119124][ T4438] do_syscall_64+0x4c/0xa0 [ 75.124058][ T4438] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 75.130458][ T4438] [ 75.130458][ T4438] -> #1 (jbd2_handle){++++}-{0:0}: [ 75.137751][ T4438] start_this_handle+0x1f49/0x2150 [ 75.143374][ T4438] jbd2__journal_start+0x2b7/0x5a0 [ 75.149005][ T4438] __ext4_journal_start_sb+0x187/0x3d0 [ 75.154974][ T4438] ext4_writepages+0xde7/0x2e50 [ 75.160331][ T4438] do_writepages+0x3b7/0x610 [ 75.165430][ T4438] filemap_fdatawrite_wbc+0x11e/0x180 [ 75.171311][ T4438] file_write_and_wait_range+0x137/0x200 [ 75.177454][ T4438] ext4_sync_file+0x23b/0xca0 [ 75.182642][ T4438] __x64_sys_fsync+0x1a5/0x1e0 [ 75.187923][ T4438] do_syscall_64+0x4c/0xa0 [ 75.192857][ T4438] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 75.199263][ T4438] [ 75.199263][ T4438] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 75.207674][ T4438] __lock_acquire+0x2cf8/0x7c50 [ 75.213037][ T4438] lock_acquire+0x1b4/0x490 [ 75.218048][ T4438] percpu_down_read+0x44/0x1a0 [ 75.223322][ T4438] ext4_writepages+0x1c0/0x2e50 [ 75.228679][ T4438] do_writepages+0x3b7/0x610 [ 75.233777][ T4438] __writeback_single_inode+0x156/0x1160 [ 75.239926][ T4438] writeback_single_inode+0x221/0x8b0 [ 75.245807][ T4438] write_inode_now+0x15d/0x1d0 [ 75.251081][ T4438] iput+0x613/0x980 [ 75.255393][ T4438] ext4_xattr_block_set+0x2736/0x32a0 [ 75.261273][ T4438] ext4_expand_extra_isize_ea+0x109b/0x19b0 [ 75.267673][ T4438] __ext4_expand_extra_isize+0x301/0x3e0 [ 75.273811][ T4438] __ext4_mark_inode_dirty+0x47f/0x770 [ 75.279782][ T4438] ext4_evict_inode+0xa73/0x1100 [ 75.285230][ T4438] evict+0x485/0x870 [ 75.289631][ T4438] ext4_orphan_cleanup+0xbd3/0x1400 [ 75.295336][ T4438] ext4_fill_super+0x7bdf/0x8150 [ 75.300783][ T4438] get_tree_bdev+0x3f1/0x610 [ 75.305882][ T4438] vfs_get_tree+0x88/0x270 [ 75.310809][ T4438] do_new_mount+0x24a/0xa40 [ 75.315820][ T4438] __se_sys_mount+0x2d6/0x3c0 [ 75.321005][ T4438] do_syscall_64+0x4c/0xa0 [ 75.325931][ T4438] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 75.332333][ T4438] [ 75.332333][ T4438] other info that might help us debug this: [ 75.332333][ T4438] [ 75.342546][ T4438] Chain exists of: [ 75.342546][ T4438] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 75.342546][ T4438] [ 75.355917][ T4438] Possible unsafe locking scenario: [ 75.355917][ T4438] [ 75.363352][ T4438] CPU0 CPU1 [ 75.368700][ T4438] ---- ---- [ 75.374051][ T4438] lock(&ei->xattr_sem); [ 75.378370][ T4438] lock(jbd2_handle); [ 75.384948][ T4438] lock(&ei->xattr_sem); [ 75.391785][ T4438] lock(&sbi->s_writepages_rwsem); [ 75.396971][ T4438] [ 75.396971][ T4438] *** DEADLOCK *** [ 75.396971][ T4438] [ 75.405097][ T4438] 3 locks held by syz.0.17/4438: [ 75.410020][ T4438] #0: ffff88807aefc0e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x1fa/0x930 [ 75.420108][ T4438] #1: ffff88807aefc650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x436/0x1100 [ 75.429587][ T4438] #2: ffff8880696428e8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3fe/0x770 [ 75.439859][ T4438] [ 75.439859][ T4438] stack backtrace: [ 75.445754][ T4438] CPU: 0 PID: 4438 Comm: syz.0.17 Not tainted syzkaller #0 [ 75.452936][ T4438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 75.462990][ T4438] Call Trace: [ 75.466261][ T4438] [ 75.469181][ T4438] dump_stack_lvl+0x168/0x22e [ 75.473853][ T4438] ? load_image+0x3b0/0x3b0 [ 75.478349][ T4438] ? show_regs_print_info+0x12/0x12 [ 75.483545][ T4438] ? print_circular_bug+0x12b/0x1a0 [ 75.488761][ T4438] check_noncircular+0x274/0x310 [ 75.493702][ T4438] ? add_chain_block+0x940/0x940 [ 75.498634][ T4438] ? lockdep_lock+0xdc/0x1e0 [ 75.503227][ T4438] ? verify_lock_unused+0x140/0x140 [ 75.508420][ T4438] ? _find_first_zero_bit+0xcf/0x100 [ 75.513698][ T4438] __lock_acquire+0x2cf8/0x7c50 [ 75.518578][ T4438] ? verify_lock_unused+0x140/0x140 [ 75.523776][ T4438] ? mark_lock+0x94/0x320 [ 75.528098][ T4438] ? __lock_acquire+0x13c0/0x7c50 [ 75.533115][ T4438] lock_acquire+0x1b4/0x490 [ 75.537624][ T4438] ? ext4_writepages+0x1c0/0x2e50 [ 75.542658][ T4438] ? __might_sleep+0xd0/0xd0 [ 75.547266][ T4438] ? read_lock_is_recursive+0x10/0x10 [ 75.552642][ T4438] ? __lock_acquire+0x12e5/0x7c50 [ 75.557662][ T4438] ? mark_lock+0x94/0x320 [ 75.562089][ T4438] percpu_down_read+0x44/0x1a0 [ 75.566851][ T4438] ? ext4_writepages+0x1c0/0x2e50 [ 75.571887][ T4438] ext4_writepages+0x1c0/0x2e50 [ 75.576744][ T4438] ? __lock_acquire+0x13c0/0x7c50 [ 75.581766][ T4438] ? verify_lock_unused+0x140/0x140 [ 75.586954][ T4438] ? mark_lock+0x94/0x320 [ 75.591357][ T4438] ? ext4_read_folio+0x370/0x370 [ 75.596281][ T4438] ? __lock_acquire+0x13c0/0x7c50 [ 75.601300][ T4438] ? __lock_acquire+0x7c50/0x7c50 [ 75.606315][ T4438] ? do_raw_spin_lock+0x11d/0x280 [ 75.611329][ T4438] ? do_raw_spin_unlock+0x11d/0x230 [ 75.616520][ T4438] ? ext4_read_folio+0x370/0x370 [ 75.621615][ T4438] do_writepages+0x3b7/0x610 [ 75.626194][ T4438] ? __writepage+0x130/0x130 [ 75.630772][ T4438] ? writeback_single_inode+0x216/0x8b0 [ 75.636306][ T4438] ? __lock_acquire+0x7c50/0x7c50 [ 75.641316][ T4438] ? do_raw_spin_lock+0x11d/0x280 [ 75.646328][ T4438] ? __ext4_expand_extra_isize+0x301/0x3e0 [ 75.652130][ T4438] __writeback_single_inode+0x156/0x1160 [ 75.657763][ T4438] writeback_single_inode+0x221/0x8b0 [ 75.663126][ T4438] ? write_inode_now+0x1d0/0x1d0 [ 75.668058][ T4438] write_inode_now+0x15d/0x1d0 [ 75.672811][ T4438] ? bdi_split_work_to_wbs+0x890/0x890 [ 75.678259][ T4438] ? rcu_is_watching+0x11/0xa0 [ 75.683009][ T4438] ? do_raw_spin_unlock+0x11d/0x230 [ 75.688204][ T4438] iput+0x613/0x980 [ 75.692044][ T4438] ext4_xattr_block_set+0x2736/0x32a0 [ 75.697407][ T4438] ? __might_sleep+0xd0/0xd0 [ 75.702049][ T4438] ? xattr_find_entry+0x12b/0x2f0 [ 75.707064][ T4438] ? ext4_xattr_block_find+0x2b0/0x2b0 [ 75.712570][ T4438] ? ext4_xattr_block_find+0x241/0x2b0 [ 75.718063][ T4438] ext4_expand_extra_isize_ea+0x109b/0x19b0 [ 75.723997][ T4438] __ext4_expand_extra_isize+0x301/0x3e0 [ 75.729751][ T4438] __ext4_mark_inode_dirty+0x47f/0x770 [ 75.735656][ T4438] ext4_evict_inode+0xa73/0x1100 [ 75.740682][ T4438] ? _raw_spin_unlock+0x24/0x40 [ 75.745527][ T4438] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 75.751499][ T4438] ? do_raw_spin_unlock+0x11d/0x230 [ 75.756693][ T4438] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 75.762578][ T4438] evict+0x485/0x870 [ 75.766465][ T4438] ? __lock_acquire+0x7c50/0x7c50 [ 75.771481][ T4438] ? proc_nr_inodes+0x2f0/0x2f0 [ 75.776320][ T4438] ? do_raw_spin_unlock+0x11d/0x230 [ 75.781516][ T4438] ? _raw_spin_unlock+0x24/0x40 [ 75.786357][ T4438] ? iput+0x768/0x980 [ 75.790328][ T4438] ext4_orphan_cleanup+0xbd3/0x1400 [ 75.795524][ T4438] ? ext4_orphan_del+0xb90/0xb90 [ 75.800453][ T4438] ? errseq_check_and_advance+0x62/0x120 [ 75.806076][ T4438] ext4_fill_super+0x7bdf/0x8150 [ 75.811001][ T4438] ? bdev_name+0x2c1/0x3f0 [ 75.815419][ T4438] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 75.821652][ T4438] ? snprintf+0xd7/0x120 [ 75.825891][ T4438] ? preempt_count_add+0x8d/0x190 [ 75.830918][ T4438] ? vscnprintf+0x80/0x80 [ 75.835261][ T4438] ? set_blocksize+0x1d3/0x350 [ 75.840019][ T4438] ? sb_set_blocksize+0xa5/0xe0 [ 75.844861][ T4438] get_tree_bdev+0x3f1/0x610 [ 75.849452][ T4438] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 75.855681][ T4438] vfs_get_tree+0x88/0x270 [ 75.860088][ T4438] do_new_mount+0x24a/0xa40 [ 75.864681][ T4438] __se_sys_mount+0x2d6/0x3c0 [ 75.869347][ T4438] ? __x64_sys_mount+0xc0/0xc0 [ 75.874097][ T4438] ? lockdep_hardirqs_on+0x94/0x140 [ 75.879287][ T4438] ? __x64_sys_mount+0x1c/0xc0 [ 75.884048][ T4438] do_syscall_64+0x4c/0xa0 [ 75.888461][ T4438] ? clear_bhb_loop+0x60/0xb0 [ 75.893126][ T4438] ? clear_bhb_loop+0x60/0xb0 [ 75.897797][ T4438] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 75.903682][ T4438] RIP: 0033:0x7f3878790eea [ 75.908109][ T4438] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.927713][ T4438] RSP: 002b:00007ffd03af68a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 75.936118][ T4438] RAX: ffffffffffffffda RBX: 00007ffd03af6930 RCX: 00007f3878790eea [ 75.944084][ T4438] RDX: 0000200000000180 RSI: 0000200000000080 RDI: 00007ffd03af68f0 [ 75.952077][ T4438] RBP: 0000200000000180 R08: 00007ffd03af6930 R09: 0000000000800700 [ 75.960041][ T4438] R10: 0000000000800700 R11: 0000000000000246 R12: 0000200000000080 [ 75.968013][ T4438] R13: 00007ffd03af68f0 R14: 000000000000046f R15: 00002000000007c0 [ 75.975979][ T4438] [ 75.979878][ T4317] Bluetooth: hci0: command 0x040f tx timeout [ 75.996474][ T4438] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 76.010244][ T4438] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 76.022677][ T4438] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 76.036385][ T4438] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 76.052002][ T4438] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 76.064840][ T4438] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 76.078490][ T4438] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 76.091204][ T4438] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 76.105315][ T4438] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 76.117798][ T4438] EXT4-fs (loop0): 1 orphan inode deleted [ 76.123527][ T4438] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 76.154552][ T4367] EXT4-fs (loop0): unmounting filesystem.