Warning: Permanently added '10.128.0.218' (ED25519) to the list of known hosts. 2025/12/29 15:56:14 parsed 1 programs syzkaller login: [ 72.183235][ T4188] cgroup: Unknown subsys name 'net' [ 72.290664][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.764428][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 77.185157][ T4243] chnl_net:caif_netlink_parms(): no params data found [ 77.249335][ T4243] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.257315][ T4243] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.265877][ T4243] device bridge_slave_0 entered promiscuous mode [ 77.276450][ T4243] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.283595][ T4243] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.292039][ T4243] device bridge_slave_1 entered promiscuous mode [ 77.315846][ T4243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.327192][ T4243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.360461][ T4243] team0: Port device team_slave_0 added [ 77.368788][ T4243] team0: Port device team_slave_1 added [ 77.482678][ T4243] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.490801][ T4243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.516878][ T4243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.535124][ T4243] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.542149][ T4243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.568864][ T4243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.627748][ T4243] device hsr_slave_0 entered promiscuous mode [ 77.635912][ T4243] device hsr_slave_1 entered promiscuous mode [ 77.731454][ T4243] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.743718][ T4243] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.758663][ T4243] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.769585][ T4243] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.841521][ T4243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.856069][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.866393][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.878433][ T4243] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.889013][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.898715][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.909606][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.916974][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.927853][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.939786][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.948807][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.957817][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.964967][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.979866][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.989064][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.001820][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.012206][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.046356][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.057998][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.067064][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.079019][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.088388][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.101052][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.110191][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.123390][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.278370][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.286422][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.318840][ T4243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.337602][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.346559][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.367542][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.376916][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.387049][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.395853][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.404539][ T4243] device veth0_vlan entered promiscuous mode [ 78.435251][ T4243] device veth1_vlan entered promiscuous mode [ 78.457763][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 78.467159][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.477353][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 78.486746][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.497650][ T4243] device veth0_macvtap entered promiscuous mode [ 78.508436][ T4243] device veth1_macvtap entered promiscuous mode [ 78.545136][ T4243] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.552746][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.561185][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 78.569808][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.579729][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.591763][ T4243] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.607005][ T4243] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.616896][ T4243] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.626232][ T4243] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.635600][ T4243] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.646576][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.655514][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.776478][ T4243] syz-executor (4243) used greatest stack depth: 21088 bytes left [ 78.882717][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.898024][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.919646][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 78.936833][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.946045][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.958739][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2025/12/29 15:56:24 executed programs: 0 [ 80.237379][ T4293] chnl_net:caif_netlink_parms(): no params data found [ 80.306377][ T4293] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.313560][ T4293] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.321709][ T4293] device bridge_slave_0 entered promiscuous mode [ 80.331474][ T4293] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.338751][ T4293] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.347373][ T4293] device bridge_slave_1 entered promiscuous mode [ 80.380897][ T4293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.393110][ T4293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.421070][ T4293] team0: Port device team_slave_0 added [ 80.429382][ T4293] team0: Port device team_slave_1 added [ 80.456976][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.463962][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.490722][ T4293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.503145][ T4293] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.510286][ T4293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.536822][ T4293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.587283][ T4293] device hsr_slave_0 entered promiscuous mode [ 80.595397][ T4293] device hsr_slave_1 entered promiscuous mode [ 80.603540][ T4293] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.612456][ T4293] Cannot create hsr debugfs directory [ 80.719560][ T4293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.114750][ T4250] Bluetooth: hci0: command 0x0409 tx timeout [ 83.491584][ T4293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.539881][ T4293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.616279][ T4293] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.737392][ T4293] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.749499][ T4293] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.759563][ T4293] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.782021][ T4293] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.859647][ T4293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.890762][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 83.899226][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.910847][ T4293] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.933822][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.943619][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.952820][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.959991][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.968140][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 83.980587][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.990216][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.999521][ T1359] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.006656][ T1359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.017665][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.043619][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.059071][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.068151][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.077713][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.089169][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.098372][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.131879][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.140916][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.153458][ T4293] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.167302][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.181288][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.190466][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.195630][ T4300] Bluetooth: hci0: command 0x041b tx timeout [ 84.295951][ T3085] device hsr_slave_0 left promiscuous mode [ 84.302809][ T3085] device hsr_slave_1 left promiscuous mode [ 84.312700][ T3085] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.321767][ T3085] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.333110][ T3085] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.341102][ T3085] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.349844][ T3085] device bridge_slave_1 left promiscuous mode [ 84.357594][ T3085] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.371581][ T3085] device bridge_slave_0 left promiscuous mode [ 84.378472][ T3085] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.398275][ T3085] device veth1_macvtap left promiscuous mode [ 84.406562][ T3085] device veth0_macvtap left promiscuous mode [ 84.412678][ T3085] device veth1_vlan left promiscuous mode [ 84.419575][ T3085] device veth0_vlan left promiscuous mode [ 84.598848][ T3085] team0 (unregistering): Port device team_slave_1 removed [ 84.614870][ T3085] team0 (unregistering): Port device team_slave_0 removed [ 84.628989][ T3085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.644735][ T3085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.704390][ T3085] bond0 (unregistering): Released all slaves [ 84.758401][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.766594][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.779398][ T4293] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.803429][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 84.815072][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.841585][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 84.850799][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.861518][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.870428][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.881287][ T4293] device veth0_vlan entered promiscuous mode [ 84.895584][ T4293] device veth1_vlan entered promiscuous mode [ 84.912233][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 84.937002][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 84.945826][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.958522][ T4293] device veth0_macvtap entered promiscuous mode [ 84.970264][ T4293] device veth1_macvtap entered promiscuous mode [ 84.989796][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.000311][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.010609][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.022400][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.031777][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.045171][ T4293] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.052928][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.063625][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.076867][ T4293] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.086703][ T4293] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.095590][ T4293] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.105374][ T4293] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.179899][ T1359] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.196200][ T1359] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.213365][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.230678][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.239617][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.250838][ T1359] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 85.307380][ T4314] loop0: detected capacity change from 0 to 512 [ 85.352302][ T4314] [ 85.354927][ T4314] ====================================================== [ 85.362373][ T4314] WARNING: possible circular locking dependency detected [ 85.369453][ T4314] syzkaller #0 Not tainted [ 85.373905][ T4314] ------------------------------------------------------ [ 85.381039][ T4314] syz.0.17/4314 is trying to acquire lock: [ 85.386875][ T4314] ffff88807e770bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 85.397040][ T4314] [ 85.397040][ T4314] but task is already holding lock: [ 85.404432][ T4314] ffff88805d4fe478 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 85.414315][ T4314] [ 85.414315][ T4314] which lock already depends on the new lock. [ 85.414315][ T4314] [ 85.424758][ T4314] [ 85.424758][ T4314] the existing dependency chain (in reverse order) is: [ 85.433821][ T4314] [ 85.433821][ T4314] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 85.441437][ T4314] down_read+0x44/0x2e0 [ 85.446165][ T4314] ext4_setattr+0x71d/0x19e0 [ 85.451545][ T4314] notify_change+0xbcd/0xee0 [ 85.456717][ T4314] chown_common+0x483/0x610 [ 85.461809][ T4314] do_fchownat+0x164/0x270 [ 85.466793][ T4314] __x64_sys_chown+0x7e/0x90 [ 85.472053][ T4314] do_syscall_64+0x4c/0xa0 [ 85.477085][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.483765][ T4314] [ 85.483765][ T4314] -> #1 (jbd2_handle){++++}-{0:0}: [ 85.491107][ T4314] start_this_handle+0x1338/0x15a0 [ 85.497217][ T4314] jbd2__journal_start+0x2b7/0x5a0 [ 85.502894][ T4314] __ext4_journal_start_sb+0x167/0x360 [ 85.509165][ T4314] ext4_writepages+0xdc2/0x2d20 [ 85.515037][ T4314] do_writepages+0x48d/0x6d0 [ 85.520189][ T4314] filemap_fdatawrite_wbc+0x1eb/0x240 [ 85.526305][ T4314] file_write_and_wait_range+0x129/0x1e0 [ 85.532497][ T4314] ext4_sync_file+0x1ff/0xae0 [ 85.537730][ T4314] __x64_sys_fsync+0x1a5/0x1e0 [ 85.543052][ T4314] do_syscall_64+0x4c/0xa0 [ 85.548020][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.554597][ T4314] [ 85.554597][ T4314] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 85.563069][ T4314] __lock_acquire+0x2c33/0x7c60 [ 85.568483][ T4314] lock_acquire+0x197/0x3f0 [ 85.573551][ T4314] percpu_down_read+0x46/0x1b0 [ 85.578871][ T4314] ext4_writepages+0x1c0/0x2d20 [ 85.584400][ T4314] do_writepages+0x48d/0x6d0 [ 85.589623][ T4314] __writeback_single_inode+0x153/0xda0 [ 85.595744][ T4314] writeback_single_inode+0x221/0x8b0 [ 85.601698][ T4314] write_inode_now+0x217/0x280 [ 85.607011][ T4314] iput+0x5ab/0x8a0 [ 85.611484][ T4314] ext4_xattr_set_entry+0x10ff/0x3d30 [ 85.617684][ T4314] ext4_xattr_block_set+0x4f7/0x2d30 [ 85.623536][ T4314] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 85.629896][ T4314] __ext4_expand_extra_isize+0x301/0x3e0 [ 85.636083][ T4314] __ext4_mark_inode_dirty+0x469/0x700 [ 85.642172][ T4314] ext4_evict_inode+0xa81/0x1080 [ 85.647652][ T4314] evict+0x485/0x870 [ 85.652093][ T4314] ext4_orphan_cleanup+0xaa9/0x12e0 [ 85.657953][ T4314] ext4_fill_super+0x92f0/0x9a60 [ 85.663442][ T4314] mount_bdev+0x287/0x3c0 [ 85.668316][ T4314] legacy_get_tree+0xe6/0x180 [ 85.673546][ T4314] vfs_get_tree+0x88/0x270 [ 85.678510][ T4314] do_new_mount+0x24a/0xa40 [ 85.683570][ T4314] __se_sys_mount+0x2d6/0x3c0 [ 85.688793][ T4314] do_syscall_64+0x4c/0xa0 [ 85.693801][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 85.700248][ T4314] [ 85.700248][ T4314] other info that might help us debug this: [ 85.700248][ T4314] [ 85.710499][ T4314] Chain exists of: [ 85.710499][ T4314] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 85.710499][ T4314] [ 85.723932][ T4314] Possible unsafe locking scenario: [ 85.723932][ T4314] [ 85.731402][ T4314] CPU0 CPU1 [ 85.736784][ T4314] ---- ---- [ 85.742255][ T4314] lock(&ei->xattr_sem); [ 85.746772][ T4314] lock(jbd2_handle); [ 85.753389][ T4314] lock(&ei->xattr_sem); [ 85.760357][ T4314] lock(&sbi->s_writepages_rwsem); [ 85.765589][ T4314] [ 85.765589][ T4314] *** DEADLOCK *** [ 85.765589][ T4314] [ 85.773759][ T4314] 3 locks held by syz.0.17/4314: [ 85.778717][ T4314] #0: ffff88807e7720e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 85.788897][ T4314] #1: ffff88807e772650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 85.798456][ T4314] #2: ffff88805d4fe478 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 85.808788][ T4314] [ 85.808788][ T4314] stack backtrace: [ 85.814717][ T4314] CPU: 0 PID: 4314 Comm: syz.0.17 Not tainted syzkaller #0 [ 85.822036][ T4314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 85.832363][ T4314] Call Trace: [ 85.835696][ T4314] [ 85.838660][ T4314] dump_stack_lvl+0x168/0x230 [ 85.843370][ T4314] ? load_image+0x3b0/0x3b0 [ 85.848163][ T4314] ? show_regs_print_info+0x20/0x20 [ 85.853400][ T4314] ? print_circular_bug+0x12b/0x1a0 [ 85.858628][ T4314] check_noncircular+0x274/0x310 [ 85.863688][ T4314] ? add_chain_block+0x940/0x940 [ 85.868643][ T4314] ? lockdep_lock+0xdc/0x1e0 [ 85.873268][ T4314] ? lockdep_unlock+0x134/0x2d0 [ 85.878144][ T4314] ? mark_lock+0x94/0x320 [ 85.882603][ T4314] __lock_acquire+0x2c33/0x7c60 [ 85.887493][ T4314] ? verify_lock_unused+0x140/0x140 [ 85.892726][ T4314] ? verify_lock_unused+0x140/0x140 [ 85.897962][ T4314] lock_acquire+0x197/0x3f0 [ 85.902510][ T4314] ? ext4_writepages+0x1c0/0x2d20 [ 85.907564][ T4314] ? check_path+0x40/0x40 [ 85.912058][ T4314] ? __might_sleep+0xf0/0xf0 [ 85.917322][ T4314] ? read_lock_is_recursive+0x10/0x10 [ 85.922727][ T4314] ? mark_lock+0x94/0x320 [ 85.927091][ T4314] ? __lock_acquire+0x13ad/0x7c60 [ 85.932146][ T4314] percpu_down_read+0x46/0x1b0 [ 85.937024][ T4314] ? ext4_writepages+0x1c0/0x2d20 [ 85.942076][ T4314] ext4_writepages+0x1c0/0x2d20 [ 85.946975][ T4314] ? rcu_is_watching+0x11/0xa0 [ 85.951768][ T4314] ? lock_release+0xba/0x870 [ 85.956400][ T4314] ? rcu_lock_release+0x5/0x20 [ 85.961197][ T4314] ? mark_lock+0x94/0x320 [ 85.965693][ T4314] ? verify_lock_unused+0x140/0x140 [ 85.970927][ T4314] ? mark_lock+0x94/0x320 [ 85.975291][ T4314] ? ext4_readpage+0x2e0/0x2e0 [ 85.980081][ T4314] ? __lock_acquire+0x13ad/0x7c60 [ 85.985141][ T4314] ? rcu_lock_release+0x5/0x20 [ 85.989945][ T4314] ? __lock_acquire+0x7c60/0x7c60 [ 85.995003][ T4314] ? do_raw_spin_lock+0x11d/0x280 [ 86.000065][ T4314] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 86.005585][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 86.010823][ T4314] ? ext4_readpage+0x2e0/0x2e0 [ 86.015727][ T4314] do_writepages+0x48d/0x6d0 [ 86.020704][ T4314] ? __writepage+0x130/0x130 [ 86.025330][ T4314] ? writeback_single_inode+0x216/0x8b0 [ 86.030912][ T4314] ? __lock_acquire+0x7c60/0x7c60 [ 86.035965][ T4314] ? do_raw_spin_lock+0x11d/0x280 [ 86.041023][ T4314] __writeback_single_inode+0x153/0xda0 [ 86.046688][ T4314] writeback_single_inode+0x221/0x8b0 [ 86.052110][ T4314] ? write_inode_now+0x280/0x280 [ 86.057089][ T4314] write_inode_now+0x217/0x280 [ 86.061899][ T4314] ? bdi_split_work_to_wbs+0x820/0x820 [ 86.067405][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 86.072642][ T4314] iput+0x5ab/0x8a0 [ 86.076478][ T4314] ext4_xattr_set_entry+0x10ff/0x3d30 [ 86.081896][ T4314] ? ext4_xattr_ibody_set+0x330/0x330 [ 86.087306][ T4314] ? rcu_is_watching+0x11/0xa0 [ 86.092093][ T4314] ? kmem_cache_free+0x14c/0x210 [ 86.097082][ T4314] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 86.103187][ T4314] ext4_xattr_block_set+0x4f7/0x2d30 [ 86.108513][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 86.113753][ T4314] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 86.119536][ T4314] ? ext4_xattr_block_find+0x500/0x500 [ 86.125129][ T4314] ? ext4_xattr_block_find+0x433/0x500 [ 86.130713][ T4314] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 86.136569][ T4314] __ext4_expand_extra_isize+0x301/0x3e0 [ 86.142238][ T4314] __ext4_mark_inode_dirty+0x469/0x700 [ 86.147736][ T4314] ext4_evict_inode+0xa81/0x1080 [ 86.152703][ T4314] ? _raw_spin_unlock+0x24/0x40 [ 86.157702][ T4314] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 86.163723][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 86.168952][ T4314] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 86.174961][ T4314] evict+0x485/0x870 [ 86.178892][ T4314] ? __lock_acquire+0x7c60/0x7c60 [ 86.183952][ T4314] ? proc_nr_inodes+0x320/0x320 [ 86.188831][ T4314] ? do_raw_spin_unlock+0x11d/0x230 [ 86.194068][ T4314] ? _raw_spin_unlock+0x24/0x40 [ 86.198954][ T4314] ? iput+0x706/0x8a0 [ 86.202973][ T4314] ext4_orphan_cleanup+0xaa9/0x12e0 [ 86.208217][ T4314] ? ext4_orphan_del+0xb90/0xb90 [ 86.213196][ T4314] ? errseq_check_and_advance+0x62/0x120 [ 86.218970][ T4314] ext4_fill_super+0x92f0/0x9a60 [ 86.223961][ T4314] ? ext4_mount+0x40/0x40 [ 86.228407][ T4314] ? set_blocksize+0x1f1/0x370 [ 86.233208][ T4314] ? sb_set_blocksize+0xa5/0xe0 [ 86.238112][ T4314] mount_bdev+0x287/0x3c0 [ 86.242481][ T4314] ? ext4_mount+0x40/0x40 [ 86.246933][ T4314] legacy_get_tree+0xe6/0x180 [ 86.251729][ T4314] ? ext4_errno_to_code+0x160/0x160 [ 86.256965][ T4314] vfs_get_tree+0x88/0x270 [ 86.261444][ T4314] do_new_mount+0x24a/0xa40 [ 86.266246][ T4314] __se_sys_mount+0x2d6/0x3c0 [ 86.270952][ T4314] ? __x64_sys_mount+0xc0/0xc0 [ 86.275868][ T4314] ? lockdep_hardirqs_on+0x94/0x140 [ 86.281095][ T4314] ? __x64_sys_mount+0x1c/0xc0 [ 86.285885][ T4314] do_syscall_64+0x4c/0xa0 [ 86.290328][ T4314] ? clear_bhb_loop+0x30/0x80 [ 86.295046][ T4314] ? clear_bhb_loop+0x30/0x80 [ 86.299750][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.305678][ T4314] RIP: 0033:0x7fbd33628eea [ 86.310220][ T4314] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.329849][ T4314] RSP: 002b:00007ffe99a27808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.338288][ T4314] RAX: ffffffffffffffda RBX: 00007ffe99a27890 RCX: 00007fbd33628eea [ 86.346379][ T4314] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007ffe99a27850 [ 86.354390][ T4314] RBP: 0000200000000180 R08: 00007ffe99a27890 R09: 0000000000800700 [ 86.362384][ T4314] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 86.370386][ T4314] R13: 00007ffe99a27850 R14: 000000000000046f R15: 000000000000002c [ 86.378559][ T4314] [ 86.384735][ T7] Bluetooth: hci0: command 0x040f tx timeout [ 86.405806][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.424835][ T4314] EXT4-fs (loop0): Remounting filesystem read-only [ 86.431645][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 86.445106][ T4314] EXT4-fs (loop0): Remounting filesystem read-only [ 86.451700][ T4314] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 86.465706][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.479957][ T4314] EXT4-fs (loop0): Remounting filesystem read-only [ 86.487259][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 86.499924][ T4314] EXT4-fs (loop0): Remounting filesystem read-only [ 86.508777][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.522628][ T4314] EXT4-fs (loop0): Remounting filesystem read-only [ 86.530078][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 86.542890][ T4314] EXT4-fs (loop0): Remounting filesystem read-only [ 86.550526][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 86.564747][ T4314] EXT4-fs (loop0): Remounting filesystem read-only [ 86.571359][ T4314] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 86.584802][ T4314] EXT4-fs (loop0): Remounting filesystem read-only [ 86.591509][ T4314] EXT4-fs (loop0): 1 orphan inode deleted [ 86.597444][ T4314] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none.