Warning: Permanently added '10.128.0.86' (ED25519) to the list of known hosts. 2026/01/08 22:31:04 parsed 1 programs [ 69.570408][ T4188] cgroup: Unknown subsys name 'net' [ 69.703953][ T4188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.250808][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 71.340499][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.347088][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.666356][ T4201] chnl_net:caif_netlink_parms(): no params data found [ 72.716689][ T4201] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.724389][ T4201] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.732718][ T4201] device bridge_slave_0 entered promiscuous mode [ 72.742347][ T4201] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.749791][ T4201] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.758032][ T4201] device bridge_slave_1 entered promiscuous mode [ 72.782599][ T4201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.794110][ T4201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.818840][ T4201] team0: Port device team_slave_0 added [ 72.827271][ T4201] team0: Port device team_slave_1 added [ 72.846772][ T4201] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.853737][ T4201] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.879895][ T4201] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.892608][ T4201] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.899906][ T4201] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.926745][ T4201] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.963208][ T4201] device hsr_slave_0 entered promiscuous mode [ 72.970472][ T4201] device hsr_slave_1 entered promiscuous mode [ 73.071008][ T4201] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.082177][ T4201] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.091918][ T4201] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.101788][ T4201] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.129216][ T4201] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.136468][ T4201] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.144348][ T4201] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.151680][ T4201] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.198287][ T4201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.211502][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.222224][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.231182][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.239274][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 73.253651][ T4201] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.264894][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.274741][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.281939][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.294114][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.302963][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.310084][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.330321][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.339046][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.351673][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.364766][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.376672][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.388510][ T4201] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.478340][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.485856][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.501299][ T4201] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.521831][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.542172][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.551074][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 73.559950][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 73.570632][ T4201] device veth0_vlan entered promiscuous mode [ 73.582694][ T4201] device veth1_vlan entered promiscuous mode [ 73.602774][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 73.611997][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 73.620954][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.632583][ T4201] device veth0_macvtap entered promiscuous mode [ 73.642804][ T4201] device veth1_macvtap entered promiscuous mode [ 73.661317][ T4201] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.669223][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.679109][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.691125][ T4201] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.700007][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.709031][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.720396][ T4201] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.729484][ T4201] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.740517][ T4201] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.749854][ T4201] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.903480][ T1270] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.323326][ T1270] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.892219][ T1270] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.934025][ T1270] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.523871][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.544661][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.573696][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.595856][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.605662][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.615791][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 79.631933][ T1270] device hsr_slave_0 left promiscuous mode [ 79.639276][ T1270] device hsr_slave_1 left promiscuous mode [ 79.646021][ T1270] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 79.654171][ T1270] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 79.665627][ T1270] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 79.673596][ T1270] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 79.681764][ T1270] device bridge_slave_1 left promiscuous mode [ 79.689574][ T1270] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.709827][ T1270] device bridge_slave_0 left promiscuous mode [ 79.716125][ T1270] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.741265][ T1270] device veth1_macvtap left promiscuous mode [ 79.749986][ T1270] device veth0_macvtap left promiscuous mode [ 79.756222][ T1270] device veth1_vlan left promiscuous mode [ 79.762873][ T1270] device veth0_vlan left promiscuous mode [ 79.993665][ T1270] team0 (unregistering): Port device team_slave_1 removed [ 80.006118][ T1270] team0 (unregistering): Port device team_slave_0 removed [ 80.021209][ T1270] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 80.039029][ T1270] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 80.096678][ T1270] bond0 (unregistering): Released all slaves 2026/01/08 22:31:20 executed programs: 0 [ 83.158499][ T4373] chnl_net:caif_netlink_parms(): no params data found [ 83.269048][ T4373] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.276162][ T4373] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.308424][ T4373] device bridge_slave_0 entered promiscuous mode [ 83.317696][ T4373] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.324975][ T4373] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.334940][ T4373] device bridge_slave_1 entered promiscuous mode [ 83.361862][ T4373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.373556][ T4373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.404633][ T4373] team0: Port device team_slave_0 added [ 83.412874][ T4373] team0: Port device team_slave_1 added [ 83.436783][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.443781][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.470378][ T4373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.483641][ T4373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.490862][ T4373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.517283][ T4373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.556973][ T4373] device hsr_slave_0 entered promiscuous mode [ 83.563886][ T4373] device hsr_slave_1 entered promiscuous mode [ 84.166118][ T4373] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.176115][ T4373] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.189489][ T4373] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.249305][ T4373] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.354456][ T4373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.369626][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 84.378470][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.391734][ T4373] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.457570][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 84.472261][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.481994][ T155] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.489147][ T155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.499570][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 84.508658][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.521345][ T155] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.529099][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.537298][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 84.549798][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 84.565755][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 84.574023][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 84.585612][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 84.594632][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 84.605461][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 84.615364][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 84.634776][ T4373] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 84.647115][ T4373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.660927][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 84.671609][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.682331][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 84.693016][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.764943][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 84.925377][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 84.933077][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 84.948340][ T4373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.970475][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 84.980894][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.017033][ T4402] Bluetooth: hci0: command 0x0409 tx timeout [ 85.036627][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.045044][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.058047][ T4373] device veth0_vlan entered promiscuous mode [ 85.067578][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.076128][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.087944][ T4373] device veth1_vlan entered promiscuous mode [ 85.157763][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.166657][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.180121][ T4373] device veth0_macvtap entered promiscuous mode [ 85.195201][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.223230][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.275742][ T4373] device veth1_macvtap entered promiscuous mode [ 85.287089][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.295915][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.314911][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.328629][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.337914][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.350743][ T4373] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.360582][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.371178][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.383622][ T4373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.393367][ T4373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.403032][ T4373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.415298][ T4373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.547062][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.555229][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.601726][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.619043][ T4465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.636641][ T4465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.645834][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 85.746457][ T4497] loop0: detected capacity change from 0 to 512 [ 85.893453][ T4497] [ 85.895969][ T4497] ====================================================== [ 85.903035][ T4497] WARNING: possible circular locking dependency detected [ 85.910213][ T4497] syzkaller #0 Not tainted [ 85.914650][ T4497] ------------------------------------------------------ [ 85.921697][ T4497] syz.0.17/4497 is trying to acquire lock: [ 85.927605][ T4497] ffff888079c08bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 85.937889][ T4497] [ 85.937889][ T4497] but task is already holding lock: [ 85.945287][ T4497] ffff88806b273c98 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 85.955166][ T4497] [ 85.955166][ T4497] which lock already depends on the new lock. [ 85.955166][ T4497] [ 85.965611][ T4497] [ 85.965611][ T4497] the existing dependency chain (in reverse order) is: [ 85.974746][ T4497] [ 85.974746][ T4497] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 85.982431][ T4497] down_read+0x44/0x2e0 [ 85.987146][ T4497] ext4_setattr+0x71d/0x19e0 [ 85.992300][ T4497] notify_change+0xbcd/0xee0 [ 85.997556][ T4497] chown_common+0x483/0x610 [ 86.002612][ T4497] do_fchownat+0x164/0x270 [ 86.007578][ T4497] __x64_sys_chown+0x7e/0x90 [ 86.012718][ T4497] do_syscall_64+0x4c/0xa0 [ 86.017687][ T4497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.024131][ T4497] [ 86.024131][ T4497] -> #1 (jbd2_handle){++++}-{0:0}: [ 86.031459][ T4497] start_this_handle+0x1338/0x15a0 [ 86.037119][ T4497] jbd2__journal_start+0x2b7/0x5a0 [ 86.042777][ T4497] __ext4_journal_start_sb+0x167/0x360 [ 86.048874][ T4497] ext4_writepages+0xdc2/0x2d20 [ 86.054277][ T4497] do_writepages+0x48d/0x6d0 [ 86.059420][ T4497] filemap_fdatawrite_wbc+0x1eb/0x240 [ 86.065355][ T4497] file_write_and_wait_range+0x129/0x1e0 [ 86.071632][ T4497] ext4_sync_file+0x1ff/0xae0 [ 86.076861][ T4497] __x64_sys_fsync+0x1a5/0x1e0 [ 86.082174][ T4497] do_syscall_64+0x4c/0xa0 [ 86.087133][ T4497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.093585][ T4497] [ 86.093585][ T4497] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 86.102062][ T4497] __lock_acquire+0x2c33/0x7c60 [ 86.107464][ T4497] lock_acquire+0x197/0x3f0 [ 86.112511][ T4497] percpu_down_read+0x46/0x1b0 [ 86.117819][ T4497] ext4_writepages+0x1c0/0x2d20 [ 86.123221][ T4497] do_writepages+0x48d/0x6d0 [ 86.128355][ T4497] __writeback_single_inode+0x153/0xda0 [ 86.134441][ T4497] writeback_single_inode+0x221/0x8b0 [ 86.140357][ T4497] write_inode_now+0x217/0x280 [ 86.145667][ T4497] iput+0x5ab/0x8a0 [ 86.150014][ T4497] ext4_xattr_set_entry+0x10ff/0x3d30 [ 86.155942][ T4497] ext4_xattr_block_set+0x4f7/0x2d30 [ 86.161803][ T4497] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 86.168244][ T4497] __ext4_expand_extra_isize+0x301/0x3e0 [ 86.174459][ T4497] __ext4_mark_inode_dirty+0x469/0x700 [ 86.180470][ T4497] ext4_evict_inode+0xa81/0x1080 [ 86.185955][ T4497] evict+0x485/0x870 [ 86.190403][ T4497] ext4_orphan_cleanup+0xaa9/0x12e0 [ 86.196148][ T4497] ext4_fill_super+0x92f0/0x9a60 [ 86.201648][ T4497] mount_bdev+0x287/0x3c0 [ 86.206527][ T4497] legacy_get_tree+0xe6/0x180 [ 86.211746][ T4497] vfs_get_tree+0x88/0x270 [ 86.216742][ T4497] do_new_mount+0x24a/0xa40 [ 86.221795][ T4497] __se_sys_mount+0x2d6/0x3c0 [ 86.227020][ T4497] do_syscall_64+0x4c/0xa0 [ 86.232023][ T4497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.238468][ T4497] [ 86.238468][ T4497] other info that might help us debug this: [ 86.238468][ T4497] [ 86.248798][ T4497] Chain exists of: [ 86.248798][ T4497] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 86.248798][ T4497] [ 86.262211][ T4497] Possible unsafe locking scenario: [ 86.262211][ T4497] [ 86.269691][ T4497] CPU0 CPU1 [ 86.275082][ T4497] ---- ---- [ 86.280473][ T4497] lock(&ei->xattr_sem); [ 86.284833][ T4497] lock(jbd2_handle); [ 86.291449][ T4497] lock(&ei->xattr_sem); [ 86.298330][ T4497] lock(&sbi->s_writepages_rwsem); [ 86.303552][ T4497] [ 86.303552][ T4497] *** DEADLOCK *** [ 86.303552][ T4497] [ 86.311713][ T4497] 3 locks held by syz.0.17/4497: [ 86.316674][ T4497] #0: ffff88801b78e0e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 86.326820][ T4497] #1: ffff88801b78e650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 86.336348][ T4497] #2: ffff88806b273c98 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 86.346659][ T4497] [ 86.346659][ T4497] stack backtrace: [ 86.352572][ T4497] CPU: 1 PID: 4497 Comm: syz.0.17 Not tainted syzkaller #0 [ 86.359786][ T4497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 86.370060][ T4497] Call Trace: [ 86.373356][ T4497] [ 86.376310][ T4497] dump_stack_lvl+0x168/0x230 [ 86.381028][ T4497] ? load_image+0x3b0/0x3b0 [ 86.385564][ T4497] ? show_regs_print_info+0x20/0x20 [ 86.390799][ T4497] ? print_circular_bug+0x12b/0x1a0 [ 86.396030][ T4497] check_noncircular+0x274/0x310 [ 86.401110][ T4497] ? add_chain_block+0x940/0x940 [ 86.406075][ T4497] ? lockdep_lock+0xdc/0x1e0 [ 86.410694][ T4497] ? lockdep_unlock+0x134/0x2d0 [ 86.415569][ T4497] ? mark_lock+0x94/0x320 [ 86.419929][ T4497] __lock_acquire+0x2c33/0x7c60 [ 86.424874][ T4497] ? verify_lock_unused+0x140/0x140 [ 86.430103][ T4497] ? verify_lock_unused+0x140/0x140 [ 86.435340][ T4497] lock_acquire+0x197/0x3f0 [ 86.439869][ T4497] ? ext4_writepages+0x1c0/0x2d20 [ 86.444924][ T4497] ? check_path+0x40/0x40 [ 86.449286][ T4497] ? __might_sleep+0xf0/0xf0 [ 86.453894][ T4497] ? read_lock_is_recursive+0x10/0x10 [ 86.459292][ T4497] ? mark_lock+0x94/0x320 [ 86.463646][ T4497] ? __lock_acquire+0x13ad/0x7c60 [ 86.468689][ T4497] percpu_down_read+0x46/0x1b0 [ 86.474076][ T4497] ? ext4_writepages+0x1c0/0x2d20 [ 86.479112][ T4497] ext4_writepages+0x1c0/0x2d20 [ 86.483983][ T4497] ? rcu_is_watching+0x11/0xa0 [ 86.488760][ T4497] ? lock_release+0xba/0x870 [ 86.493367][ T4497] ? rcu_lock_release+0x5/0x20 [ 86.498138][ T4497] ? mark_lock+0x94/0x320 [ 86.502483][ T4497] ? verify_lock_unused+0x140/0x140 [ 86.507698][ T4497] ? mark_lock+0x94/0x320 [ 86.512131][ T4497] ? ext4_readpage+0x2e0/0x2e0 [ 86.516938][ T4497] ? __lock_acquire+0x13ad/0x7c60 [ 86.522081][ T4497] ? rcu_lock_release+0x5/0x20 [ 86.526877][ T4497] ? __lock_acquire+0x7c60/0x7c60 [ 86.531915][ T4497] ? do_raw_spin_lock+0x11d/0x280 [ 86.536966][ T4497] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 86.542357][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 86.547566][ T4497] ? ext4_readpage+0x2e0/0x2e0 [ 86.552342][ T4497] do_writepages+0x48d/0x6d0 [ 86.556956][ T4497] ? __writepage+0x130/0x130 [ 86.561559][ T4497] ? writeback_single_inode+0x216/0x8b0 [ 86.567120][ T4497] ? __lock_acquire+0x7c60/0x7c60 [ 86.572169][ T4497] ? do_raw_spin_lock+0x11d/0x280 [ 86.577257][ T4497] __writeback_single_inode+0x153/0xda0 [ 86.582824][ T4497] writeback_single_inode+0x221/0x8b0 [ 86.588222][ T4497] ? write_inode_now+0x280/0x280 [ 86.593184][ T4497] write_inode_now+0x217/0x280 [ 86.597967][ T4497] ? bdi_split_work_to_wbs+0x820/0x820 [ 86.603451][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 86.608665][ T4497] iput+0x5ab/0x8a0 [ 86.612491][ T4497] ext4_xattr_set_entry+0x10ff/0x3d30 [ 86.617913][ T4497] ? ext4_xattr_ibody_set+0x330/0x330 [ 86.623402][ T4497] ? rcu_is_watching+0x11/0xa0 [ 86.628210][ T4497] ? kmem_cache_free+0x14c/0x210 [ 86.633167][ T4497] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 86.639264][ T4497] ext4_xattr_block_set+0x4f7/0x2d30 [ 86.644567][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 86.649787][ T4497] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 86.655525][ T4497] ? ext4_xattr_block_find+0x500/0x500 [ 86.661113][ T4497] ? ext4_xattr_block_find+0x433/0x500 [ 86.666629][ T4497] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 86.672467][ T4497] __ext4_expand_extra_isize+0x301/0x3e0 [ 86.678209][ T4497] __ext4_mark_inode_dirty+0x469/0x700 [ 86.683687][ T4497] ext4_evict_inode+0xa81/0x1080 [ 86.688651][ T4497] ? _raw_spin_unlock+0x24/0x40 [ 86.693736][ T4497] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 86.699650][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 86.704870][ T4497] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 86.710793][ T4497] evict+0x485/0x870 [ 86.714738][ T4497] ? __lock_acquire+0x7c60/0x7c60 [ 86.719791][ T4497] ? proc_nr_inodes+0x320/0x320 [ 86.724657][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 86.729865][ T4497] ? _raw_spin_unlock+0x24/0x40 [ 86.734833][ T4497] ? iput+0x706/0x8a0 [ 86.738827][ T4497] ext4_orphan_cleanup+0xaa9/0x12e0 [ 86.744041][ T4497] ? ext4_orphan_del+0xb90/0xb90 [ 86.748992][ T4497] ? errseq_check_and_advance+0x62/0x120 [ 86.754637][ T4497] ext4_fill_super+0x92f0/0x9a60 [ 86.759624][ T4497] ? ext4_mount+0x40/0x40 [ 86.763984][ T4497] ? set_blocksize+0x1f1/0x370 [ 86.768778][ T4497] ? sb_set_blocksize+0xa5/0xe0 [ 86.773750][ T4497] mount_bdev+0x287/0x3c0 [ 86.778100][ T4497] ? ext4_mount+0x40/0x40 [ 86.782446][ T4497] legacy_get_tree+0xe6/0x180 [ 86.787138][ T4497] ? ext4_errno_to_code+0x160/0x160 [ 86.792360][ T4497] vfs_get_tree+0x88/0x270 [ 86.796789][ T4497] do_new_mount+0x24a/0xa40 [ 86.801313][ T4497] __se_sys_mount+0x2d6/0x3c0 [ 86.806007][ T4497] ? __x64_sys_mount+0xc0/0xc0 [ 86.810786][ T4497] ? lockdep_hardirqs_on+0x94/0x140 [ 86.816001][ T4497] ? __x64_sys_mount+0x1c/0xc0 [ 86.820777][ T4497] do_syscall_64+0x4c/0xa0 [ 86.825216][ T4497] ? clear_bhb_loop+0x30/0x80 [ 86.829917][ T4497] ? clear_bhb_loop+0x30/0x80 [ 86.834611][ T4497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 86.840532][ T4497] RIP: 0033:0x7fb8ee288eea [ 86.844967][ T4497] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.864674][ T4497] RSP: 002b:00007fff59bf2d18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.873112][ T4497] RAX: ffffffffffffffda RBX: 00007fff59bf2da0 RCX: 00007fb8ee288eea [ 86.881104][ T4497] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fff59bf2d60 [ 86.889100][ T4497] RBP: 0000200000000180 R08: 00007fff59bf2da0 R09: 0000000000800700 [ 86.897189][ T4497] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 86.905277][ T4497] R13: 00007fff59bf2d60 R14: 000000000000046f R15: 000000000000002c [ 86.913294][ T4497] [ 86.926681][ T1109] cfg80211: failed to load regulatory.db [ 86.936535][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 87.096776][ T4397] Bluetooth: hci0: command 0x041b tx timeout [ 87.161204][ T4497] EXT4-fs (loop0): Remounting filesystem read-only [ 87.171486][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 87.226126][ T4497] EXT4-fs (loop0): Remounting filesystem read-only [ 87.236767][ T4497] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 87.271280][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 87.306334][ T4497] EXT4-fs (loop0): Remounting filesystem read-only [ 87.313000][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 87.336908][ T4497] EXT4-fs (loop0): Remounting filesystem read-only [ 87.343523][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 87.371278][ T4497] EXT4-fs (loop0): Remounting filesystem read-only [ 87.382137][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 87.395376][ T4497] EXT4-fs (loop0): Remounting filesystem read-only [ 87.402481][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 87.416545][ T4497] EXT4-fs (loop0): Remounting filesystem read-only [ 87.423144][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 87.436450][ T4497] EXT4-fs (loop0): Remounting filesystem read-only [ 87.443350][ T4497] EXT4-fs (loop0): 1 orphan inode deleted [ 87.449772][ T4497] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,errors=remount-ro,debug_want_extra_isize=0x000000000000005a,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,. Quota mode: none.