Warning: Permanently added '10.128.0.97' (ED25519) to the list of known hosts. 2025/12/25 08:35:17 parsed 1 programs syzkaller login: [ 91.221068][ T4271] cgroup: Unknown subsys name 'net' [ 91.362122][ T4271] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.260189][ T26] cfg80211: failed to load regulatory.db [ 93.514428][ T4271] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 95.925410][ T4297] chnl_net:caif_netlink_parms(): no params data found [ 95.999024][ T4297] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.010723][ T4297] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.021287][ T4297] device bridge_slave_0 entered promiscuous mode [ 96.032012][ T4297] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.040951][ T4297] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.052389][ T4297] device bridge_slave_1 entered promiscuous mode [ 96.090983][ T4297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.106650][ T4297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.150232][ T4297] team0: Port device team_slave_0 added [ 96.160597][ T4297] team0: Port device team_slave_1 added [ 96.192187][ T4297] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.204025][ T4297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.239122][ T4297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.255314][ T4297] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.262713][ T4297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.294865][ T4297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.335943][ T4297] device hsr_slave_0 entered promiscuous mode [ 96.342894][ T4297] device hsr_slave_1 entered promiscuous mode [ 96.500880][ T4297] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.515625][ T4297] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.535917][ T4297] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.547114][ T4297] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.655560][ T4297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.678751][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.689700][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.703639][ T4297] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.721634][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.732625][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.746529][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.756834][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.773931][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 96.785538][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 96.798504][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 96.810217][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.818735][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.842154][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.858511][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 96.875423][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.888977][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.909935][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 96.923482][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.936853][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.958533][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 96.971678][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 96.993261][ T4297] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.012208][ T4297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 97.026240][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 97.038907][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.329189][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 97.339009][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 97.358990][ T4297] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.387825][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 97.398927][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 97.427690][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 97.439342][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 97.451298][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 97.462198][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 97.474254][ T4297] device veth0_vlan entered promiscuous mode [ 97.490806][ T4297] device veth1_vlan entered promiscuous mode [ 97.519963][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 97.533256][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 97.549299][ T4297] device veth0_macvtap entered promiscuous mode [ 97.560198][ T4297] device veth1_macvtap entered promiscuous mode [ 97.585228][ T4297] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.595589][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 97.607842][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 97.618728][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 97.633380][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 97.650219][ T4297] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.663435][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 97.676480][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 97.691021][ T4297] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.707364][ T4297] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.718042][ T4297] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.729755][ T4297] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.932646][ T41] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.913996][ T4348] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.926686][ T4348] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.937395][ T4348] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.947882][ T4348] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.958569][ T4348] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 99.966955][ T4348] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.081948][ T41] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.347951][ T4311] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.357393][ T4311] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.378392][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 100.412261][ T4311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.426967][ T4311] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.441380][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/12/25 08:35:30 executed programs: 0 [ 101.780935][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.791799][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.807895][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.818722][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.834969][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 101.844931][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.005746][ T4367] chnl_net:caif_netlink_parms(): no params data found [ 102.077259][ T4367] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.086084][ T4367] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.099520][ T4367] device bridge_slave_0 entered promiscuous mode [ 102.110275][ T4367] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.118173][ T4367] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.127182][ T4367] device bridge_slave_1 entered promiscuous mode [ 102.152384][ T4367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.165497][ T4367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.211170][ T4367] team0: Port device team_slave_0 added [ 102.238015][ T41] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.257228][ T4367] team0: Port device team_slave_1 added [ 102.283092][ T4367] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.291601][ T4367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.328655][ T4367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.365063][ T41] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.382566][ T4367] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.392829][ T4367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.430418][ T4367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.550299][ T4367] device hsr_slave_0 entered promiscuous mode [ 102.562241][ T4367] device hsr_slave_1 entered promiscuous mode [ 102.570768][ T4367] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 102.588225][ T4367] Cannot create hsr debugfs directory [ 103.501717][ T4367] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.518540][ T4367] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.558118][ T4367] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.573328][ T4367] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.603872][ T41] device hsr_slave_0 left promiscuous mode [ 103.612561][ T41] device hsr_slave_1 left promiscuous mode [ 103.621994][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.637998][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.658110][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.670247][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.683622][ T41] device bridge_slave_1 left promiscuous mode [ 103.694288][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.720678][ T41] device bridge_slave_0 left promiscuous mode [ 103.732861][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.789363][ T41] device veth1_macvtap left promiscuous mode [ 103.796812][ T41] device veth0_macvtap left promiscuous mode [ 103.806663][ T41] device veth1_vlan left promiscuous mode [ 103.813726][ T41] device veth0_vlan left promiscuous mode [ 103.935575][ T48] Bluetooth: hci0: command 0x0409 tx timeout [ 104.479896][ T41] team0 (unregistering): Port device team_slave_1 removed [ 104.515477][ T41] team0 (unregistering): Port device team_slave_0 removed [ 104.550831][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.589717][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.982570][ T41] bond0 (unregistering): Released all slaves [ 105.156324][ T4367] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.178089][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 105.187270][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 105.209171][ T4367] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.222399][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 105.232940][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 105.244485][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.254224][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.267431][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 105.279519][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 105.290409][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 105.308201][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.316481][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.331712][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 105.351272][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 105.378243][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 105.390066][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 105.405015][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 105.421779][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 105.437735][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 105.457451][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 105.470514][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 105.484901][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 105.493700][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 105.509271][ T4367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 105.837539][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 105.847339][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 105.866364][ T4367] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.907350][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 105.918232][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 105.956910][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 105.972919][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 105.988459][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 106.000975][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 106.018004][ T4348] Bluetooth: hci0: command 0x041b tx timeout [ 106.028320][ T4367] device veth0_vlan entered promiscuous mode [ 106.046314][ T4367] device veth1_vlan entered promiscuous mode [ 106.089504][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 106.100457][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 106.118089][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 106.130325][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 106.146945][ T4367] device veth0_macvtap entered promiscuous mode [ 106.158893][ T4367] device veth1_macvtap entered promiscuous mode [ 106.192243][ T4367] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.201538][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 106.213623][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 106.225690][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 106.238417][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 106.255281][ T4367] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.267082][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 106.278300][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 106.293547][ T4367] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.305500][ T4367] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.316582][ T4367] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.328214][ T4367] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.402982][ T4311] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.417091][ T4311] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.437374][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 106.461938][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.471909][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.481790][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 106.537116][ T4436] loop0: detected capacity change from 0 to 512 [ 106.577756][ T4436] [ 106.581068][ T4436] ====================================================== [ 106.589986][ T4436] WARNING: possible circular locking dependency detected [ 106.599409][ T4436] syzkaller #0 Not tainted [ 106.604852][ T4436] ------------------------------------------------------ [ 106.615157][ T4436] syz.0.17/4436 is trying to acquire lock: [ 106.623391][ T4436] ffff88801b3c0b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2e50 [ 106.637448][ T4436] [ 106.637448][ T4436] but task is already holding lock: [ 106.647183][ T4436] ffff888068eba8e8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3fe/0x770 [ 106.659183][ T4436] [ 106.659183][ T4436] which lock already depends on the new lock. [ 106.659183][ T4436] [ 106.671610][ T4436] [ 106.671610][ T4436] the existing dependency chain (in reverse order) is: [ 106.682246][ T4436] [ 106.682246][ T4436] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 106.691680][ T4436] down_read+0x42/0x2d0 [ 106.696885][ T4436] ext4_setattr+0x92a/0x19f0 [ 106.703740][ T4436] notify_change+0xc74/0xf40 [ 106.709888][ T4436] chown_common+0x486/0x620 [ 106.717830][ T4436] do_fchownat+0x164/0x270 [ 106.724986][ T4436] __x64_sys_chown+0x7e/0x90 [ 106.731626][ T4436] do_syscall_64+0x4c/0xa0 [ 106.737298][ T4436] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 106.747608][ T4436] [ 106.747608][ T4436] -> #1 (jbd2_handle){++++}-{0:0}: [ 106.756678][ T4436] start_this_handle+0x1f49/0x2150 [ 106.765294][ T4436] jbd2__journal_start+0x2b7/0x5a0 [ 106.772641][ T4436] __ext4_journal_start_sb+0x187/0x3d0 [ 106.780963][ T4436] ext4_writepages+0xde7/0x2e50 [ 106.788149][ T4436] do_writepages+0x3b7/0x610 [ 106.794334][ T4436] filemap_fdatawrite_wbc+0x11e/0x180 [ 106.800899][ T4436] file_write_and_wait_range+0x137/0x200 [ 106.809211][ T4436] ext4_sync_file+0x23b/0xca0 [ 106.816537][ T4436] __x64_sys_fsync+0x1a5/0x1e0 [ 106.825062][ T4436] do_syscall_64+0x4c/0xa0 [ 106.830841][ T4436] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 106.838446][ T4436] [ 106.838446][ T4436] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 106.847778][ T4436] __lock_acquire+0x2cf8/0x7c50 [ 106.853391][ T4436] lock_acquire+0x1b4/0x490 [ 106.858614][ T4436] percpu_down_read+0x44/0x1a0 [ 106.865246][ T4436] ext4_writepages+0x1c0/0x2e50 [ 106.871054][ T4436] do_writepages+0x3b7/0x610 [ 106.876686][ T4436] __writeback_single_inode+0x156/0x1160 [ 106.883608][ T4436] writeback_single_inode+0x221/0x8b0 [ 106.890179][ T4436] write_inode_now+0x15d/0x1d0 [ 106.896142][ T4436] iput+0x613/0x980 [ 106.901146][ T4436] ext4_xattr_block_set+0x2736/0x32a0 [ 106.907389][ T4436] ext4_expand_extra_isize_ea+0x109b/0x19b0 [ 106.914807][ T4436] __ext4_expand_extra_isize+0x301/0x3e0 [ 106.921976][ T4436] __ext4_mark_inode_dirty+0x47f/0x770 [ 106.928739][ T4436] ext4_evict_inode+0xa73/0x1100 [ 106.934342][ T4436] evict+0x485/0x870 [ 106.938792][ T4436] ext4_orphan_cleanup+0xbd3/0x1400 [ 106.947095][ T4436] ext4_fill_super+0x7bdf/0x8150 [ 106.954701][ T4436] get_tree_bdev+0x3f1/0x610 [ 106.961285][ T4436] vfs_get_tree+0x88/0x270 [ 106.967326][ T4436] do_new_mount+0x24a/0xa40 [ 106.973033][ T4436] __se_sys_mount+0x2d6/0x3c0 [ 106.980671][ T4436] do_syscall_64+0x4c/0xa0 [ 106.986866][ T4436] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 106.995452][ T4436] [ 106.995452][ T4436] other info that might help us debug this: [ 106.995452][ T4436] [ 107.007824][ T4436] Chain exists of: [ 107.007824][ T4436] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 107.007824][ T4436] [ 107.024421][ T4436] Possible unsafe locking scenario: [ 107.024421][ T4436] [ 107.033158][ T4436] CPU0 CPU1 [ 107.041187][ T4436] ---- ---- [ 107.047697][ T4436] lock(&ei->xattr_sem); [ 107.052729][ T4436] lock(jbd2_handle); [ 107.060521][ T4436] lock(&ei->xattr_sem); [ 107.070784][ T4436] lock(&sbi->s_writepages_rwsem); [ 107.077373][ T4436] [ 107.077373][ T4436] *** DEADLOCK *** [ 107.077373][ T4436] [ 107.086823][ T4436] 3 locks held by syz.0.17/4436: [ 107.092044][ T4436] #0: ffff888075ef60e0 (&type->s_umount_key#27/1){+.+.}-{3:3}, at: alloc_super+0x1fa/0x930 [ 107.103340][ T4436] #1: ffff888075ef6650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x436/0x1100 [ 107.113892][ T4436] #2: ffff888068eba8e8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3fe/0x770 [ 107.125322][ T4436] [ 107.125322][ T4436] stack backtrace: [ 107.132802][ T4436] CPU: 1 PID: 4436 Comm: syz.0.17 Not tainted syzkaller #0 [ 107.141212][ T4436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 107.154483][ T4436] Call Trace: [ 107.158789][ T4436] [ 107.162002][ T4436] dump_stack_lvl+0x168/0x22e [ 107.167077][ T4436] ? load_image+0x3b0/0x3b0 [ 107.172439][ T4436] ? show_regs_print_info+0x12/0x12 [ 107.178062][ T4436] ? print_circular_bug+0x12b/0x1a0 [ 107.184182][ T4436] check_noncircular+0x274/0x310 [ 107.190312][ T4436] ? add_chain_block+0x940/0x940 [ 107.196101][ T4436] ? lockdep_lock+0xdc/0x1e0 [ 107.201203][ T4436] ? verify_lock_unused+0x140/0x140 [ 107.208147][ T4436] ? _find_first_zero_bit+0xcf/0x100 [ 107.214288][ T4436] __lock_acquire+0x2cf8/0x7c50 [ 107.219310][ T4436] ? verify_lock_unused+0x140/0x140 [ 107.225092][ T4436] ? mark_lock+0x94/0x320 [ 107.229712][ T4436] ? __lock_acquire+0x13c0/0x7c50 [ 107.234990][ T4436] lock_acquire+0x1b4/0x490 [ 107.239618][ T4436] ? ext4_writepages+0x1c0/0x2e50 [ 107.246957][ T4436] ? __might_sleep+0xd0/0xd0 [ 107.254823][ T4436] ? read_lock_is_recursive+0x10/0x10 [ 107.261784][ T4436] ? __lock_acquire+0x12e5/0x7c50 [ 107.268624][ T4436] ? mark_lock+0x94/0x320 [ 107.274104][ T4436] percpu_down_read+0x44/0x1a0 [ 107.282298][ T4436] ? ext4_writepages+0x1c0/0x2e50 [ 107.288671][ T4436] ext4_writepages+0x1c0/0x2e50 [ 107.294662][ T4436] ? __lock_acquire+0x13c0/0x7c50 [ 107.300908][ T4436] ? verify_lock_unused+0x140/0x140 [ 107.306563][ T4436] ? mark_lock+0x94/0x320 [ 107.311358][ T4436] ? ext4_read_folio+0x370/0x370 [ 107.317240][ T4436] ? __lock_acquire+0x13c0/0x7c50 [ 107.323418][ T4436] ? __lock_acquire+0x7c50/0x7c50 [ 107.330026][ T4436] ? do_raw_spin_lock+0x11d/0x280 [ 107.337016][ T4436] ? do_raw_spin_unlock+0x11d/0x230 [ 107.343996][ T4436] ? ext4_read_folio+0x370/0x370 [ 107.349444][ T4436] do_writepages+0x3b7/0x610 [ 107.354555][ T4436] ? __writepage+0x130/0x130 [ 107.360207][ T4436] ? writeback_single_inode+0x216/0x8b0 [ 107.365812][ T4436] ? __lock_acquire+0x7c50/0x7c50 [ 107.371297][ T4436] ? do_raw_spin_lock+0x11d/0x280 [ 107.378148][ T4436] ? __ext4_expand_extra_isize+0x301/0x3e0 [ 107.384729][ T4436] __writeback_single_inode+0x156/0x1160 [ 107.391005][ T4436] writeback_single_inode+0x221/0x8b0 [ 107.398140][ T4436] ? write_inode_now+0x1d0/0x1d0 [ 107.404282][ T4436] write_inode_now+0x15d/0x1d0 [ 107.410008][ T4436] ? bdi_split_work_to_wbs+0x890/0x890 [ 107.416235][ T4436] ? rcu_is_watching+0x11/0xa0 [ 107.421418][ T4436] ? do_raw_spin_unlock+0x11d/0x230 [ 107.430655][ T4436] iput+0x613/0x980 [ 107.436228][ T4436] ext4_xattr_block_set+0x2736/0x32a0 [ 107.442693][ T4436] ? __might_sleep+0xd0/0xd0 [ 107.448857][ T4436] ? xattr_find_entry+0x12b/0x2f0 [ 107.455513][ T4436] ? ext4_xattr_block_find+0x2b0/0x2b0 [ 107.462009][ T4436] ? ext4_xattr_block_find+0x241/0x2b0 [ 107.467972][ T4436] ext4_expand_extra_isize_ea+0x109b/0x19b0 [ 107.475222][ T4436] __ext4_expand_extra_isize+0x301/0x3e0 [ 107.482386][ T4436] __ext4_mark_inode_dirty+0x47f/0x770 [ 107.488108][ T4436] ext4_evict_inode+0xa73/0x1100 [ 107.493651][ T4436] ? _raw_spin_unlock+0x24/0x40 [ 107.499217][ T4436] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 107.505605][ T4436] ? do_raw_spin_unlock+0x11d/0x230 [ 107.511586][ T4436] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 107.517853][ T4436] evict+0x485/0x870 [ 107.521910][ T4436] ? __lock_acquire+0x7c50/0x7c50 [ 107.528025][ T4436] ? proc_nr_inodes+0x2f0/0x2f0 [ 107.533726][ T4436] ? do_raw_spin_unlock+0x11d/0x230 [ 107.539978][ T4436] ? _raw_spin_unlock+0x24/0x40 [ 107.545232][ T4436] ? iput+0x768/0x980 [ 107.551164][ T4436] ext4_orphan_cleanup+0xbd3/0x1400 [ 107.557409][ T4436] ? ext4_orphan_del+0xb90/0xb90 [ 107.564192][ T4436] ? errseq_check_and_advance+0x62/0x120 [ 107.571049][ T4436] ext4_fill_super+0x7bdf/0x8150 [ 107.578473][ T4436] ? bdev_name+0x2c1/0x3f0 [ 107.586164][ T4436] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 107.593967][ T4436] ? snprintf+0xd7/0x120 [ 107.599938][ T4436] ? preempt_count_add+0x8d/0x190 [ 107.607313][ T4436] ? vscnprintf+0x80/0x80 [ 107.611965][ T4436] ? set_blocksize+0x1d0/0x470 [ 107.618535][ T4436] ? sb_set_blocksize+0xa5/0xe0 [ 107.625473][ T4436] get_tree_bdev+0x3f1/0x610 [ 107.631640][ T4436] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 107.640035][ T4436] vfs_get_tree+0x88/0x270 [ 107.646773][ T4436] do_new_mount+0x24a/0xa40 [ 107.652739][ T4436] __se_sys_mount+0x2d6/0x3c0 [ 107.657687][ T4436] ? __x64_sys_mount+0xc0/0xc0 [ 107.662939][ T4436] ? lockdep_hardirqs_on+0x94/0x140 [ 107.669432][ T4436] ? __x64_sys_mount+0x1c/0xc0 [ 107.675065][ T4436] do_syscall_64+0x4c/0xa0 [ 107.682138][ T4436] ? clear_bhb_loop+0x60/0xb0 [ 107.689270][ T4436] ? clear_bhb_loop+0x60/0xb0 [ 107.695637][ T4436] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 107.703005][ T4436] RIP: 0033:0x7fecc9990eea [ 107.707905][ T4436] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.731809][ T4436] RSP: 002b:00007fff090c9328 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 107.743571][ T4436] RAX: ffffffffffffffda RBX: 00007fff090c93b0 RCX: 00007fecc9990eea [ 107.758981][ T4436] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fff090c9370 [ 107.768933][ T4436] RBP: 0000200000000180 R08: 00007fff090c93b0 R09: 0000000000800700 [ 107.780612][ T4436] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 107.797339][ T4436] R13: 00007fff090c9370 R14: 000000000000046f R15: 000000000000002c [ 107.811241][ T4436] [ 107.847577][ T4436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 107.878559][ T4436] EXT4-fs (loop0): Remounting filesystem read-only [ 107.887552][ T4436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 107.905199][ T4436] EXT4-fs (loop0): Remounting filesystem read-only [ 107.914645][ T4436] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 107.931879][ T4436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 107.954459][ T4436] EXT4-fs (loop0): Remounting filesystem read-only [ 107.974593][ T4436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 107.995236][ T4436] EXT4-fs (loop0): Remounting filesystem read-only [ 108.007916][ T4436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 108.028092][ T4436] EXT4-fs (loop0): Remounting filesystem read-only [ 108.042218][ T4436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 108.059692][ T4436] EXT4-fs (loop0): Remounting filesystem read-only [ 108.069050][ T4436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 108.086132][ T4436] EXT4-fs (loop0): Remounting filesystem read-only [ 108.094714][ T4348] Bluetooth: hci0: command 0x040f tx timeout [ 108.102861][ T4436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 108.117322][ T4436] EXT4-fs (loop0): Remounting filesystem read-only [ 108.124780][ T4436] EXT4-fs (loop0): 1 orphan inode deleted [ 108.132772][ T4436] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 108.152126][ T4367] EXT4-fs (loop0): unmounting filesystem.