Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. 2025/12/09 19:15:20 parsed 1 programs [ 60.788077][ T4187] cgroup: Unknown subsys name 'net' [ 60.917511][ T4187] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 62.337888][ T4187] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 64.591579][ T4229] chnl_net:caif_netlink_parms(): no params data found [ 64.654615][ T4229] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.663350][ T4229] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.671715][ T4229] device bridge_slave_0 entered promiscuous mode [ 64.681276][ T4229] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.688607][ T4229] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.696849][ T4229] device bridge_slave_1 entered promiscuous mode [ 64.723437][ T4229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.734933][ T4229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.763033][ T4229] team0: Port device team_slave_0 added [ 64.770982][ T4229] team0: Port device team_slave_1 added [ 64.793938][ T4229] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.800888][ T4229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.827039][ T4229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.840248][ T4229] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.847397][ T4229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.873676][ T4229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.916484][ T4229] device hsr_slave_0 entered promiscuous mode [ 64.929232][ T4229] device hsr_slave_1 entered promiscuous mode [ 65.061042][ T4229] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.072583][ T4229] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.082399][ T4229] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.092605][ T4229] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.123741][ T4229] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.130943][ T4229] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.138740][ T4229] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.145854][ T4229] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.198483][ T4229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.214374][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.224967][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.234677][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.248359][ T4229] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.260177][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.269059][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.276181][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.294996][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.303698][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.310760][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.326036][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.335738][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.348260][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.364254][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.373475][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.382957][ T4229] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.529129][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.536969][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.548020][ T4229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.564846][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.573515][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.589451][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.599023][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.607621][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.616242][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.626767][ T4229] device veth0_vlan entered promiscuous mode [ 65.637993][ T4229] device veth1_vlan entered promiscuous mode [ 65.655476][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.663929][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.673207][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.683293][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.695118][ T4229] device veth0_macvtap entered promiscuous mode [ 65.704217][ T4229] device veth1_macvtap entered promiscuous mode [ 65.718272][ T4229] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.726512][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.734674][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.742662][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.751069][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.763035][ T4229] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.784286][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.792812][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.803438][ T4229] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.812985][ T4229] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.822567][ T4229] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.831249][ T4229] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.642827][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.650921][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.672421][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.680343][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.689926][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.702981][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/12/09 19:15:29 executed programs: 0 [ 67.862289][ T4291] chnl_net:caif_netlink_parms(): no params data found [ 67.917869][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.925056][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.933994][ T4291] device bridge_slave_0 entered promiscuous mode [ 67.942698][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.949811][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.957596][ T4291] device bridge_slave_1 entered promiscuous mode [ 67.979825][ T4291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.990596][ T4291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.014682][ T4291] team0: Port device team_slave_0 added [ 68.022401][ T4291] team0: Port device team_slave_1 added [ 68.052580][ T1439] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.068198][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.075410][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.101903][ T4291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.114186][ T4291] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.121217][ T4291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.147980][ T4291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.177503][ T4291] device hsr_slave_0 entered promiscuous mode [ 68.184624][ T4291] device hsr_slave_1 entered promiscuous mode [ 68.191155][ T4291] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 68.199035][ T4291] Cannot create hsr debugfs directory [ 69.752140][ T1109] Bluetooth: hci0: command 0x0409 tx timeout [ 71.034376][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.040880][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.337557][ T1439] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.386532][ T1439] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.447793][ T1439] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.842371][ T4309] Bluetooth: hci0: command 0x041b tx timeout [ 72.360080][ T4291] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.369753][ T4291] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.378822][ T4291] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.387860][ T4291] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.440278][ T4291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.466422][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.474257][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.503911][ T4291] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.513270][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.522181][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.530868][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.537947][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.548793][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.561859][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.570559][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.579059][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.586112][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.619552][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.631128][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.645054][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.654515][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.681221][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.690962][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.700667][ T1168] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.711246][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.720070][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.748274][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.756892][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.767173][ T4291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.874776][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.883311][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.903606][ T4291] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.919993][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 72.929226][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.964360][ T1439] device hsr_slave_0 left promiscuous mode [ 72.970690][ T1439] device hsr_slave_1 left promiscuous mode [ 72.977192][ T1439] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 72.985355][ T1439] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 72.994576][ T1439] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 73.002053][ T1439] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 73.009645][ T1439] device bridge_slave_1 left promiscuous mode [ 73.016491][ T1439] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.028711][ T1439] device bridge_slave_0 left promiscuous mode [ 73.036099][ T1439] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.052688][ T1439] device veth1_macvtap left promiscuous mode [ 73.058994][ T1439] device veth0_macvtap left promiscuous mode [ 73.065608][ T1439] device veth1_vlan left promiscuous mode [ 73.071825][ T1439] device veth0_vlan left promiscuous mode [ 73.229296][ T1439] team0 (unregistering): Port device team_slave_1 removed [ 73.243530][ T1439] team0 (unregistering): Port device team_slave_0 removed [ 73.256002][ T1439] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 73.269666][ T1439] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 73.320405][ T1439] bond0 (unregistering): Released all slaves [ 73.397346][ T4291] device veth0_vlan entered promiscuous mode [ 73.406280][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 73.414693][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.423820][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.432685][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.443628][ T4291] device veth1_vlan entered promiscuous mode [ 73.467592][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.476315][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.485165][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.494812][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.504802][ T4291] device veth0_macvtap entered promiscuous mode [ 73.515206][ T4291] device veth1_macvtap entered promiscuous mode [ 73.529172][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.539464][ T4291] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.547456][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.556068][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.564582][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.573766][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.582818][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.594210][ T4291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.602974][ T4291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.611979][ T4291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.620671][ T4291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.677788][ T4280] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.691097][ T4280] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.716278][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.726878][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.735699][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.744441][ T4280] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.797028][ T4348] loop0: detected capacity change from 0 to 512 [ 73.887903][ T4348] [ 73.890282][ T4348] ====================================================== [ 73.897296][ T4348] WARNING: possible circular locking dependency detected [ 73.904336][ T4348] syzkaller #0 Not tainted [ 73.908764][ T4348] ------------------------------------------------------ [ 73.915773][ T4348] syz.0.17/4348 is trying to acquire lock: [ 73.921576][ T4348] ffff88807c2debd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 73.931691][ T4348] [ 73.931691][ T4348] but task is already holding lock: [ 73.939055][ T4348] ffff88805c548ac0 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 73.941876][ T4315] Bluetooth: hci0: command 0x040f tx timeout [ 73.948978][ T4348] [ 73.948978][ T4348] which lock already depends on the new lock. [ 73.948978][ T4348] [ 73.948985][ T4348] [ 73.948985][ T4348] the existing dependency chain (in reverse order) is: [ 73.974351][ T4348] [ 73.974351][ T4348] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 73.981910][ T4348] down_read+0x44/0x2e0 [ 73.986594][ T4348] ext4_setattr+0x71d/0x19e0 [ 73.991705][ T4348] notify_change+0xbcd/0xee0 [ 73.996838][ T4348] chown_common+0x483/0x610 [ 74.001867][ T4348] do_fchownat+0x164/0x270 [ 74.006806][ T4348] __x64_sys_chown+0x7e/0x90 [ 74.011917][ T4348] do_syscall_64+0x4c/0xa0 [ 74.016853][ T4348] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.023264][ T4348] [ 74.023264][ T4348] -> #1 (jbd2_handle){++++}-{0:0}: [ 74.030560][ T4348] start_this_handle+0x1338/0x15a0 [ 74.036193][ T4348] jbd2__journal_start+0x2b7/0x5a0 [ 74.041856][ T4348] __ext4_journal_start_sb+0x167/0x360 [ 74.047842][ T4348] ext4_writepages+0xdc2/0x2d20 [ 74.053218][ T4348] do_writepages+0x48d/0x6d0 [ 74.058342][ T4348] filemap_fdatawrite_wbc+0x1eb/0x240 [ 74.064244][ T4348] file_write_and_wait_range+0x129/0x1e0 [ 74.070407][ T4348] ext4_sync_file+0x1ff/0xae0 [ 74.075612][ T4348] __x64_sys_fsync+0x1a5/0x1e0 [ 74.080898][ T4348] do_syscall_64+0x4c/0xa0 [ 74.085836][ T4348] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.092258][ T4348] [ 74.092258][ T4348] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 74.100713][ T4348] __lock_acquire+0x2c33/0x7c60 [ 74.106089][ T4348] lock_acquire+0x197/0x3f0 [ 74.111121][ T4348] percpu_down_read+0x46/0x1b0 [ 74.116400][ T4348] ext4_writepages+0x1c0/0x2d20 [ 74.121769][ T4348] do_writepages+0x48d/0x6d0 [ 74.126880][ T4348] __writeback_single_inode+0x153/0xda0 [ 74.132966][ T4348] writeback_single_inode+0x221/0x8b0 [ 74.138886][ T4348] write_inode_now+0x217/0x280 [ 74.144175][ T4348] iput+0x5ab/0x8a0 [ 74.148503][ T4348] ext4_xattr_set_entry+0x10ff/0x3d30 [ 74.154399][ T4348] ext4_xattr_block_set+0x4f7/0x2d30 [ 74.160220][ T4348] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 74.166556][ T4348] __ext4_expand_extra_isize+0x301/0x3e0 [ 74.172719][ T4348] __ext4_mark_inode_dirty+0x469/0x700 [ 74.178702][ T4348] ext4_evict_inode+0xa81/0x1080 [ 74.184251][ T4348] evict+0x485/0x870 [ 74.188670][ T4348] ext4_orphan_cleanup+0xaa9/0x12e0 [ 74.194395][ T4348] ext4_fill_super+0x92f0/0x9a60 [ 74.199952][ T4348] mount_bdev+0x287/0x3c0 [ 74.204814][ T4348] legacy_get_tree+0xe6/0x180 [ 74.210017][ T4348] vfs_get_tree+0x88/0x270 [ 74.214960][ T4348] do_new_mount+0x24a/0xa40 [ 74.220025][ T4348] __se_sys_mount+0x2d6/0x3c0 [ 74.225225][ T4348] do_syscall_64+0x4c/0xa0 [ 74.230170][ T4348] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.236597][ T4348] [ 74.236597][ T4348] other info that might help us debug this: [ 74.236597][ T4348] [ 74.246820][ T4348] Chain exists of: [ 74.246820][ T4348] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 74.246820][ T4348] [ 74.260232][ T4348] Possible unsafe locking scenario: [ 74.260232][ T4348] [ 74.267681][ T4348] CPU0 CPU1 [ 74.273052][ T4348] ---- ---- [ 74.278424][ T4348] lock(&ei->xattr_sem); [ 74.282762][ T4348] lock(jbd2_handle); [ 74.289355][ T4348] lock(&ei->xattr_sem); [ 74.296201][ T4348] lock(&sbi->s_writepages_rwsem); [ 74.301385][ T4348] [ 74.301385][ T4348] *** DEADLOCK *** [ 74.301385][ T4348] [ 74.309510][ T4348] 3 locks held by syz.0.17/4348: [ 74.314427][ T4348] #0: ffff888074a180e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 74.324508][ T4348] #1: ffff888074a18650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 74.333976][ T4348] #2: ffff88805c548ac0 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 74.344227][ T4348] [ 74.344227][ T4348] stack backtrace: [ 74.350109][ T4348] CPU: 1 PID: 4348 Comm: syz.0.17 Not tainted syzkaller #0 [ 74.357290][ T4348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 74.367350][ T4348] Call Trace: [ 74.370618][ T4348] [ 74.373544][ T4348] dump_stack_lvl+0x168/0x230 [ 74.378215][ T4348] ? load_image+0x3b0/0x3b0 [ 74.382704][ T4348] ? show_regs_print_info+0x20/0x20 [ 74.387893][ T4348] ? print_circular_bug+0x12b/0x1a0 [ 74.393092][ T4348] check_noncircular+0x274/0x310 [ 74.398037][ T4348] ? add_chain_block+0x940/0x940 [ 74.402971][ T4348] ? lockdep_lock+0xdc/0x1e0 [ 74.407568][ T4348] ? lockdep_unlock+0x134/0x2d0 [ 74.412410][ T4348] ? mark_lock+0x94/0x320 [ 74.416729][ T4348] __lock_acquire+0x2c33/0x7c60 [ 74.421578][ T4348] ? verify_lock_unused+0x140/0x140 [ 74.426779][ T4348] ? verify_lock_unused+0x140/0x140 [ 74.432001][ T4348] lock_acquire+0x197/0x3f0 [ 74.436495][ T4348] ? ext4_writepages+0x1c0/0x2d20 [ 74.441508][ T4348] ? check_path+0x40/0x40 [ 74.445832][ T4348] ? __might_sleep+0xf0/0xf0 [ 74.450409][ T4348] ? read_lock_is_recursive+0x10/0x10 [ 74.455770][ T4348] ? mark_lock+0x94/0x320 [ 74.460093][ T4348] ? __lock_acquire+0x13ad/0x7c60 [ 74.465101][ T4348] percpu_down_read+0x46/0x1b0 [ 74.469850][ T4348] ? ext4_writepages+0x1c0/0x2d20 [ 74.474882][ T4348] ext4_writepages+0x1c0/0x2d20 [ 74.479728][ T4348] ? rcu_is_watching+0x11/0xa0 [ 74.484483][ T4348] ? lock_release+0xba/0x870 [ 74.489063][ T4348] ? rcu_lock_release+0x5/0x20 [ 74.493821][ T4348] ? mark_lock+0x94/0x320 [ 74.498179][ T4348] ? verify_lock_unused+0x140/0x140 [ 74.503369][ T4348] ? mark_lock+0x94/0x320 [ 74.507689][ T4348] ? ext4_readpage+0x2e0/0x2e0 [ 74.512437][ T4348] ? __lock_acquire+0x13ad/0x7c60 [ 74.517448][ T4348] ? rcu_lock_release+0x5/0x20 [ 74.522205][ T4348] ? __lock_acquire+0x7c60/0x7c60 [ 74.527216][ T4348] ? do_raw_spin_lock+0x11d/0x280 [ 74.532223][ T4348] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 74.537582][ T4348] ? do_raw_spin_unlock+0x11d/0x230 [ 74.542763][ T4348] ? ext4_readpage+0x2e0/0x2e0 [ 74.547516][ T4348] do_writepages+0x48d/0x6d0 [ 74.552109][ T4348] ? __writepage+0x130/0x130 [ 74.556683][ T4348] ? writeback_single_inode+0x216/0x8b0 [ 74.562218][ T4348] ? __lock_acquire+0x7c60/0x7c60 [ 74.567229][ T4348] ? do_raw_spin_lock+0x11d/0x280 [ 74.572255][ T4348] __writeback_single_inode+0x153/0xda0 [ 74.577790][ T4348] writeback_single_inode+0x221/0x8b0 [ 74.583155][ T4348] ? write_inode_now+0x280/0x280 [ 74.588097][ T4348] write_inode_now+0x217/0x280 [ 74.592854][ T4348] ? bdi_split_work_to_wbs+0x820/0x820 [ 74.598308][ T4348] ? do_raw_spin_unlock+0x11d/0x230 [ 74.603495][ T4348] iput+0x5ab/0x8a0 [ 74.607291][ T4348] ext4_xattr_set_entry+0x10ff/0x3d30 [ 74.612663][ T4348] ? ext4_xattr_ibody_set+0x330/0x330 [ 74.618020][ T4348] ? rcu_is_watching+0x11/0xa0 [ 74.622800][ T4348] ? kmem_cache_free+0x14c/0x210 [ 74.627723][ T4348] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 74.633779][ T4348] ext4_xattr_block_set+0x4f7/0x2d30 [ 74.639050][ T4348] ? do_raw_spin_unlock+0x11d/0x230 [ 74.644242][ T4348] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 74.649971][ T4348] ? ext4_xattr_block_find+0x500/0x500 [ 74.655434][ T4348] ? ext4_xattr_block_find+0x433/0x500 [ 74.660891][ T4348] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 74.666705][ T4348] __ext4_expand_extra_isize+0x301/0x3e0 [ 74.672327][ T4348] __ext4_mark_inode_dirty+0x469/0x700 [ 74.677770][ T4348] ext4_evict_inode+0xa81/0x1080 [ 74.682696][ T4348] ? _raw_spin_unlock+0x24/0x40 [ 74.687532][ T4348] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 74.693405][ T4348] ? do_raw_spin_unlock+0x11d/0x230 [ 74.698587][ T4348] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 74.704472][ T4348] evict+0x485/0x870 [ 74.708360][ T4348] ? __lock_acquire+0x7c60/0x7c60 [ 74.713386][ T4348] ? proc_nr_inodes+0x320/0x320 [ 74.718232][ T4348] ? do_raw_spin_unlock+0x11d/0x230 [ 74.723421][ T4348] ? _raw_spin_unlock+0x24/0x40 [ 74.728254][ T4348] ? iput+0x706/0x8a0 [ 74.732223][ T4348] ext4_orphan_cleanup+0xaa9/0x12e0 [ 74.737410][ T4348] ? ext4_orphan_del+0xb90/0xb90 [ 74.742340][ T4348] ? errseq_check_and_advance+0x62/0x120 [ 74.747978][ T4348] ext4_fill_super+0x92f0/0x9a60 [ 74.752915][ T4348] ? ext4_mount+0x40/0x40 [ 74.757237][ T4348] ? set_blocksize+0x1f1/0x370 [ 74.761992][ T4348] ? sb_set_blocksize+0xa5/0xe0 [ 74.766833][ T4348] mount_bdev+0x287/0x3c0 [ 74.771163][ T4348] ? ext4_mount+0x40/0x40 [ 74.775497][ T4348] legacy_get_tree+0xe6/0x180 [ 74.780200][ T4348] ? ext4_errno_to_code+0x160/0x160 [ 74.785418][ T4348] vfs_get_tree+0x88/0x270 [ 74.789831][ T4348] do_new_mount+0x24a/0xa40 [ 74.794333][ T4348] __se_sys_mount+0x2d6/0x3c0 [ 74.799012][ T4348] ? __x64_sys_mount+0xc0/0xc0 [ 74.803766][ T4348] ? lockdep_hardirqs_on+0x94/0x140 [ 74.808953][ T4348] ? __x64_sys_mount+0x1c/0xc0 [ 74.813719][ T4348] do_syscall_64+0x4c/0xa0 [ 74.818126][ T4348] ? clear_bhb_loop+0x30/0x80 [ 74.822790][ T4348] ? clear_bhb_loop+0x30/0x80 [ 74.827458][ T4348] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.833345][ T4348] RIP: 0033:0x7f3f51bbbeea [ 74.837763][ T4348] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.857359][ T4348] RSP: 002b:00007ffdab381d18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.865757][ T4348] RAX: ffffffffffffffda RBX: 00007ffdab381da0 RCX: 00007f3f51bbbeea [ 74.873715][ T4348] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffdab381d60 [ 74.881679][ T4348] RBP: 0000200000000180 R08: 00007ffdab381da0 R09: 0000000000800700 [ 74.889638][ T4348] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 74.897597][ T4348] R13: 00007ffdab381d60 R14: 000000000000046f R15: 000000000000002c [ 74.905561][ T4348] [ 74.922492][ T4348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 74.937854][ T4348] EXT4-fs (loop0): Remounting filesystem read-only [ 74.944856][ T4348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 74.957791][ T4348] EXT4-fs (loop0): Remounting filesystem read-only [ 74.964532][ T4348] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 74.981236][ T4348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 74.995586][ T4348] EXT4-fs (loop0): Remounting filesystem read-only [ 75.002332][ T4348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 75.015056][ T4348] EXT4-fs (loop0): Remounting filesystem read-only [ 75.021658][ T4348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 75.038266][ T4348] EXT4-fs (loop0): Remounting filesystem read-only [ 75.048859][ T4348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 75.061664][ T4348] EXT4-fs (loop0): Remounting filesystem read-only [ 75.068221][ T4348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 75.081975][ T4348] EXT4-fs (loop0): Remounting filesystem read-only [ 75.088776][ T4348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 75.101112][ T4348] EXT4-fs (loop0): Remounting filesystem read-only [ 75.107827][ T4348] EXT4-fs (loop0): 1 orphan inode deleted [ 75.114581][ T4348] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none.