Warning: Permanently added '10.128.1.150' (ED25519) to the list of known hosts. 2026/01/05 10:51:57 parsed 1 programs [ 56.402157][ T4190] cgroup: Unknown subsys name 'net' [ 56.568489][ T4190] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.084380][ T4190] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 59.850805][ T4209] chnl_net:caif_netlink_parms(): no params data found [ 59.894958][ T4209] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.902360][ T4209] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.910399][ T4209] device bridge_slave_0 entered promiscuous mode [ 59.919424][ T4209] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.926894][ T4209] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.934727][ T4209] device bridge_slave_1 entered promiscuous mode [ 59.956893][ T4209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.968026][ T4209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.992495][ T4209] team0: Port device team_slave_0 added [ 59.999634][ T4209] team0: Port device team_slave_1 added [ 60.016852][ T4209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.023850][ T4209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.049815][ T4209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.062520][ T4209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.069612][ T4209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.095642][ T4209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.126308][ T4209] device hsr_slave_0 entered promiscuous mode [ 60.133396][ T4209] device hsr_slave_1 entered promiscuous mode [ 60.267793][ T4209] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.281038][ T4209] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.291343][ T4209] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.303302][ T4209] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.338244][ T4209] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.345584][ T4209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.353433][ T4209] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.360545][ T4209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.427322][ T4209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.441746][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.457229][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.468347][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.476658][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 60.494476][ T4209] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.508196][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.517901][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.525017][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.543142][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.551955][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.559061][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.580614][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.590827][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.610540][ T4209] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.622649][ T4209] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.635516][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.645925][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.655227][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.664932][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.802458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.812104][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.827896][ T4209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.851014][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 60.861674][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.886752][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 60.896661][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.918519][ T4209] device veth0_vlan entered promiscuous mode [ 60.926903][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.935458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.948738][ T4209] device veth1_vlan entered promiscuous mode [ 60.974439][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 60.983569][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 60.992079][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.001832][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.015066][ T4209] device veth0_macvtap entered promiscuous mode [ 61.026590][ T4209] device veth1_macvtap entered promiscuous mode [ 61.047188][ T4209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.056884][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 61.066022][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.075954][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.085083][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.099333][ T4209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.107431][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 61.118071][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.130390][ T4209] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.140023][ T4209] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.149185][ T4209] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.159556][ T4209] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.296199][ T4209] syz-executor (4209) used greatest stack depth: 21152 bytes left [ 61.535718][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.596057][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.607673][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.621055][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 61.633230][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.641269][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.650542][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.938933][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.328732][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.369816][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.861605][ T144] device hsr_slave_0 left promiscuous mode [ 67.868572][ T144] device hsr_slave_1 left promiscuous mode [ 67.876882][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.884632][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.894928][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.902350][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.911860][ T144] device bridge_slave_1 left promiscuous mode [ 67.919545][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.938444][ T144] device bridge_slave_0 left promiscuous mode [ 67.946005][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.969422][ T144] device veth1_macvtap left promiscuous mode [ 67.975886][ T144] device veth0_macvtap left promiscuous mode [ 67.982072][ T144] device veth1_vlan left promiscuous mode [ 67.990528][ T144] device veth0_vlan left promiscuous mode [ 68.164898][ T144] team0 (unregistering): Port device team_slave_1 removed [ 68.177637][ T144] team0 (unregistering): Port device team_slave_0 removed [ 68.195196][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 68.208049][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 68.257684][ T144] bond0 (unregistering): Released all slaves 2026/01/05 10:52:12 executed programs: 0 [ 70.081502][ T4372] chnl_net:caif_netlink_parms(): no params data found [ 70.200349][ T4372] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.221150][ T4372] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.244110][ T4372] device bridge_slave_0 entered promiscuous mode [ 70.253317][ T4372] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.272476][ T4372] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.281198][ T4372] device bridge_slave_1 entered promiscuous mode [ 70.337524][ T4372] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.365378][ T4372] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.427542][ T4372] team0: Port device team_slave_0 added [ 70.439904][ T4372] team0: Port device team_slave_1 added [ 70.468502][ T4372] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.475792][ T4372] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.502108][ T4372] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.516217][ T4372] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.523357][ T4372] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.549450][ T4372] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.586396][ T4372] device hsr_slave_0 entered promiscuous mode [ 70.594090][ T4372] device hsr_slave_1 entered promiscuous mode [ 71.316481][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.323074][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.360869][ T4372] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.372120][ T4372] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.382456][ T4372] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.392358][ T4372] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.465717][ T4372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.485169][ T4372] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.492823][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.501302][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.517964][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.530560][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.540111][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.547253][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.556798][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.566140][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.575058][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.582153][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.590963][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.616235][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 71.629949][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.646007][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 71.658654][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.667888][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.685122][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 71.695922][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.705110][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 71.715933][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.725451][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 71.734977][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.778217][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.874683][ T4262] Bluetooth: hci0: command 0x0409 tx timeout [ 71.960536][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.968428][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.980012][ T4372] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.025942][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 72.035878][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.083110][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 72.092624][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.102305][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.111060][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.124492][ T4372] device veth0_vlan entered promiscuous mode [ 72.162595][ T4372] device veth1_vlan entered promiscuous mode [ 72.189787][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 72.202113][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 72.210760][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 72.221616][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.233677][ T4372] device veth0_macvtap entered promiscuous mode [ 72.267957][ T4372] device veth1_macvtap entered promiscuous mode [ 72.289373][ T4372] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.297474][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 72.308611][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 72.318369][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 72.328639][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.340926][ T4372] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.352135][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 72.361938][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.376728][ T4372] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.387382][ T4372] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.397443][ T4372] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.407724][ T4372] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.534539][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.542550][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.565786][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 72.577617][ T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.602780][ T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.637748][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 72.716210][ T4497] loop0: detected capacity change from 0 to 512 [ 72.746853][ T4497] ======================================================= [ 72.746853][ T4497] WARNING: The mand mount option has been deprecated and [ 72.746853][ T4497] and is ignored by this kernel. Remove the mand [ 72.746853][ T4497] option from the mount to silence this warning. [ 72.746853][ T4497] ======================================================= [ 72.802012][ T4497] [ 72.804403][ T4497] ====================================================== [ 72.811436][ T4497] WARNING: possible circular locking dependency detected [ 72.818464][ T4497] syzkaller #0 Not tainted [ 72.822897][ T4497] ------------------------------------------------------ [ 72.829924][ T4497] syz.0.17/4497 is trying to acquire lock: [ 72.835842][ T4497] ffff888079a04bd8 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x1c0/0x2d20 [ 72.845971][ T4497] [ 72.845971][ T4497] but task is already holding lock: [ 72.853351][ T4497] ffff888062d86478 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 72.863367][ T4497] [ 72.863367][ T4497] which lock already depends on the new lock. [ 72.863367][ T4497] [ 72.873789][ T4497] [ 72.873789][ T4497] the existing dependency chain (in reverse order) is: [ 72.882829][ T4497] [ 72.882829][ T4497] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 72.890415][ T4497] down_read+0x44/0x2e0 [ 72.895120][ T4497] ext4_setattr+0x71d/0x19e0 [ 72.900262][ T4497] notify_change+0xbcd/0xee0 [ 72.905398][ T4497] chown_common+0x483/0x610 [ 72.910620][ T4497] do_fchownat+0x164/0x270 [ 72.915585][ T4497] __x64_sys_chown+0x7e/0x90 [ 72.920718][ T4497] do_syscall_64+0x4c/0xa0 [ 72.925782][ T4497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 72.932221][ T4497] [ 72.932221][ T4497] -> #1 (jbd2_handle){++++}-{0:0}: [ 72.939546][ T4497] start_this_handle+0x1338/0x15a0 [ 72.945203][ T4497] jbd2__journal_start+0x2b7/0x5a0 [ 72.950861][ T4497] __ext4_journal_start_sb+0x167/0x360 [ 72.956951][ T4497] ext4_writepages+0xdc2/0x2d20 [ 72.962342][ T4497] do_writepages+0x48d/0x6d0 [ 72.967475][ T4497] filemap_fdatawrite_wbc+0x1eb/0x240 [ 72.973388][ T4497] file_write_and_wait_range+0x129/0x1e0 [ 72.979566][ T4497] ext4_sync_file+0x1ff/0xae0 [ 72.984804][ T4497] __x64_sys_fsync+0x1a5/0x1e0 [ 72.990111][ T4497] do_syscall_64+0x4c/0xa0 [ 72.995080][ T4497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 73.001515][ T4497] [ 73.001515][ T4497] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 73.009966][ T4497] __lock_acquire+0x2c33/0x7c60 [ 73.015366][ T4497] lock_acquire+0x197/0x3f0 [ 73.020415][ T4497] percpu_down_read+0x46/0x1b0 [ 73.025728][ T4497] ext4_writepages+0x1c0/0x2d20 [ 73.031118][ T4497] do_writepages+0x48d/0x6d0 [ 73.036253][ T4497] __writeback_single_inode+0x153/0xda0 [ 73.042350][ T4497] writeback_single_inode+0x221/0x8b0 [ 73.048261][ T4497] write_inode_now+0x217/0x280 [ 73.053574][ T4497] iput+0x5ab/0x8a0 [ 73.057924][ T4497] ext4_xattr_set_entry+0x10ff/0x3d30 [ 73.063837][ T4497] ext4_xattr_block_set+0x4f7/0x2d30 [ 73.069666][ T4497] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 73.076019][ T4497] __ext4_expand_extra_isize+0x301/0x3e0 [ 73.082233][ T4497] __ext4_mark_inode_dirty+0x469/0x700 [ 73.088242][ T4497] ext4_evict_inode+0xa81/0x1080 [ 73.093719][ T4497] evict+0x485/0x870 [ 73.098180][ T4497] ext4_orphan_cleanup+0xaa9/0x12e0 [ 73.103928][ T4497] ext4_fill_super+0x92f0/0x9a60 [ 73.109426][ T4497] mount_bdev+0x287/0x3c0 [ 73.114297][ T4497] legacy_get_tree+0xe6/0x180 [ 73.119512][ T4497] vfs_get_tree+0x88/0x270 [ 73.124473][ T4497] do_new_mount+0x24a/0xa40 [ 73.129517][ T4497] __se_sys_mount+0x2d6/0x3c0 [ 73.134736][ T4497] do_syscall_64+0x4c/0xa0 [ 73.139796][ T4497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 73.146242][ T4497] [ 73.146242][ T4497] other info that might help us debug this: [ 73.146242][ T4497] [ 73.156495][ T4497] Chain exists of: [ 73.156495][ T4497] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 73.156495][ T4497] [ 73.170096][ T4497] Possible unsafe locking scenario: [ 73.170096][ T4497] [ 73.177564][ T4497] CPU0 CPU1 [ 73.182953][ T4497] ---- ---- [ 73.188348][ T4497] lock(&ei->xattr_sem); [ 73.192700][ T4497] lock(jbd2_handle); [ 73.199539][ T4497] lock(&ei->xattr_sem); [ 73.206417][ T4497] lock(&sbi->s_writepages_rwsem); [ 73.211640][ T4497] [ 73.211640][ T4497] *** DEADLOCK *** [ 73.211640][ T4497] [ 73.219797][ T4497] 3 locks held by syz.0.17/4497: [ 73.224924][ T4497] #0: ffff88807a0cc0e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 73.235068][ T4497] #1: ffff88807a0cc650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x444/0x1080 [ 73.244584][ T4497] #2: ffff888062d86478 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 73.254886][ T4497] [ 73.254886][ T4497] stack backtrace: [ 73.260785][ T4497] CPU: 0 PID: 4497 Comm: syz.0.17 Not tainted syzkaller #0 [ 73.267976][ T4497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 73.278028][ T4497] Call Trace: [ 73.281297][ T4497] [ 73.284246][ T4497] dump_stack_lvl+0x168/0x230 [ 73.289001][ T4497] ? load_image+0x3b0/0x3b0 [ 73.293491][ T4497] ? show_regs_print_info+0x20/0x20 [ 73.298775][ T4497] ? print_circular_bug+0x12b/0x1a0 [ 73.303963][ T4497] check_noncircular+0x274/0x310 [ 73.308942][ T4497] ? add_chain_block+0x940/0x940 [ 73.313871][ T4497] ? lockdep_lock+0xdc/0x1e0 [ 73.318472][ T4497] ? lockdep_unlock+0x134/0x2d0 [ 73.323327][ T4497] ? mark_lock+0x94/0x320 [ 73.327753][ T4497] __lock_acquire+0x2c33/0x7c60 [ 73.332598][ T4497] ? verify_lock_unused+0x140/0x140 [ 73.337780][ T4497] ? verify_lock_unused+0x140/0x140 [ 73.342974][ T4497] ? mark_lock+0x94/0x320 [ 73.347352][ T4497] lock_acquire+0x197/0x3f0 [ 73.352198][ T4497] ? ext4_writepages+0x1c0/0x2d20 [ 73.357216][ T4497] ? check_path+0x40/0x40 [ 73.361545][ T4497] ? __might_sleep+0xf0/0xf0 [ 73.366126][ T4497] ? read_lock_is_recursive+0x10/0x10 [ 73.371520][ T4497] ? mark_lock+0x94/0x320 [ 73.375954][ T4497] ? __lock_acquire+0x13ad/0x7c60 [ 73.380986][ T4497] percpu_down_read+0x46/0x1b0 [ 73.385798][ T4497] ? ext4_writepages+0x1c0/0x2d20 [ 73.390819][ T4497] ext4_writepages+0x1c0/0x2d20 [ 73.395662][ T4497] ? rcu_is_watching+0x11/0xa0 [ 73.400423][ T4497] ? lock_release+0xba/0x870 [ 73.405012][ T4497] ? rcu_lock_release+0x5/0x20 [ 73.409768][ T4497] ? mark_lock+0x94/0x320 [ 73.414090][ T4497] ? verify_lock_unused+0x140/0x140 [ 73.419365][ T4497] ? mark_lock+0x94/0x320 [ 73.423702][ T4497] ? ext4_readpage+0x2e0/0x2e0 [ 73.428471][ T4497] ? __lock_acquire+0x13ad/0x7c60 [ 73.433491][ T4497] ? rcu_lock_release+0x5/0x20 [ 73.438426][ T4497] ? __lock_acquire+0x7c60/0x7c60 [ 73.443546][ T4497] ? do_raw_spin_lock+0x11d/0x280 [ 73.448603][ T4497] ? _raw_spin_lock_irqsave+0x7f/0xf0 [ 73.454055][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 73.459253][ T4497] ? ext4_readpage+0x2e0/0x2e0 [ 73.464034][ T4497] do_writepages+0x48d/0x6d0 [ 73.468684][ T4497] ? __writepage+0x130/0x130 [ 73.473273][ T4497] ? writeback_single_inode+0x216/0x8b0 [ 73.478815][ T4497] ? __lock_acquire+0x7c60/0x7c60 [ 73.483834][ T4497] ? do_raw_spin_lock+0x11d/0x280 [ 73.488946][ T4497] __writeback_single_inode+0x153/0xda0 [ 73.494501][ T4497] writeback_single_inode+0x221/0x8b0 [ 73.499868][ T4497] ? write_inode_now+0x280/0x280 [ 73.504799][ T4497] write_inode_now+0x217/0x280 [ 73.509671][ T4497] ? bdi_split_work_to_wbs+0x820/0x820 [ 73.515128][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 73.520329][ T4497] iput+0x5ab/0x8a0 [ 73.524130][ T4497] ext4_xattr_set_entry+0x10ff/0x3d30 [ 73.529547][ T4497] ? ext4_xattr_ibody_set+0x330/0x330 [ 73.534924][ T4497] ? rcu_is_watching+0x11/0xa0 [ 73.539673][ T4497] ? kmem_cache_free+0x14c/0x210 [ 73.544692][ T4497] ? mb_cache_entry_delete_or_get+0x1bd/0x1e0 [ 73.550766][ T4497] ext4_xattr_block_set+0x4f7/0x2d30 [ 73.556041][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 73.561232][ T4497] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 73.566944][ T4497] ? ext4_xattr_block_find+0x500/0x500 [ 73.572475][ T4497] ? ext4_xattr_block_find+0x433/0x500 [ 73.577922][ T4497] ext4_expand_extra_isize_ea+0xf4b/0x19a0 [ 73.583724][ T4497] __ext4_expand_extra_isize+0x301/0x3e0 [ 73.589345][ T4497] __ext4_mark_inode_dirty+0x469/0x700 [ 73.594792][ T4497] ext4_evict_inode+0xa81/0x1080 [ 73.599713][ T4497] ? _raw_spin_unlock+0x24/0x40 [ 73.604813][ T4497] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 73.610694][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 73.615885][ T4497] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 73.621777][ T4497] evict+0x485/0x870 [ 73.625673][ T4497] ? __lock_acquire+0x7c60/0x7c60 [ 73.630712][ T4497] ? proc_nr_inodes+0x320/0x320 [ 73.635641][ T4497] ? do_raw_spin_unlock+0x11d/0x230 [ 73.640831][ T4497] ? _raw_spin_unlock+0x24/0x40 [ 73.645674][ T4497] ? iput+0x706/0x8a0 [ 73.649654][ T4497] ext4_orphan_cleanup+0xaa9/0x12e0 [ 73.654881][ T4497] ? ext4_orphan_del+0xb90/0xb90 [ 73.659843][ T4497] ? errseq_check_and_advance+0x62/0x120 [ 73.665471][ T4497] ext4_fill_super+0x92f0/0x9a60 [ 73.670410][ T4497] ? ext4_mount+0x40/0x40 [ 73.674731][ T4497] ? set_blocksize+0x1f1/0x370 [ 73.679490][ T4497] ? sb_set_blocksize+0xa5/0xe0 [ 73.684329][ T4497] mount_bdev+0x287/0x3c0 [ 73.688648][ T4497] ? ext4_mount+0x40/0x40 [ 73.692968][ T4497] legacy_get_tree+0xe6/0x180 [ 73.697634][ T4497] ? ext4_errno_to_code+0x160/0x160 [ 73.702820][ T4497] vfs_get_tree+0x88/0x270 [ 73.707245][ T4497] do_new_mount+0x24a/0xa40 [ 73.711744][ T4497] __se_sys_mount+0x2d6/0x3c0 [ 73.716408][ T4497] ? __x64_sys_mount+0xc0/0xc0 [ 73.721157][ T4497] ? lockdep_hardirqs_on+0x94/0x140 [ 73.726340][ T4497] ? __x64_sys_mount+0x1c/0xc0 [ 73.731091][ T4497] do_syscall_64+0x4c/0xa0 [ 73.735494][ T4497] ? clear_bhb_loop+0x30/0x80 [ 73.740153][ T4497] ? clear_bhb_loop+0x30/0x80 [ 73.744828][ T4497] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 73.751044][ T4497] RIP: 0033:0x7fd10637aeea [ 73.755473][ T4497] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.775068][ T4497] RSP: 002b:00007fffe8dbecb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 73.783480][ T4497] RAX: ffffffffffffffda RBX: 00007fffe8dbed40 RCX: 00007fd10637aeea [ 73.791458][ T4497] RDX: 0000200000000180 RSI: 0000200000000080 RDI: 00007fffe8dbed00 [ 73.799424][ T4497] RBP: 0000200000000180 R08: 00007fffe8dbed40 R09: 0000000002808340 [ 73.807394][ T4497] R10: 0000000002808340 R11: 0000000000000246 R12: 0000200000000080 [ 73.815476][ T4497] R13: 00007fffe8dbed00 R14: 000000000000047c R15: 0000200000000640 [ 73.823447][ T4497] [ 73.837480][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 73.851065][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 73.863960][ T4497] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 73.877547][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 73.891618][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 73.904407][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 73.918037][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 73.930729][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 73.945233][ T4262] Bluetooth: hci0: command 0x041b tx timeout [ 73.951527][ T4497] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 73.964319][ T4497] EXT4-fs (loop0): 1 orphan inode deleted [ 73.970055][ T4497] EXT4-fs (loop0): mounted filesystem without journal. Opts: i_version,nobarrier,debug_want_extra_isize=0x000000000000005a,sysvgroups,resgid=0x0000000000000000,acl,init_itable=0x0000000000000003,,errors=continue. Quota mode: none.