Warning: Permanently added '10.128.0.39' (ED25519) to the list of known hosts. 2026/03/04 04:50:05 parsed 1 programs syzkaller login: [ 72.099266][ T4274] cgroup: Unknown subsys name 'net' [ 72.210348][ T4274] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.718467][ T4274] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 76.092053][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.103344][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.122450][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.133027][ T1297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.142178][ T1297] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.152156][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.808387][ T4318] chnl_net:caif_netlink_parms(): no params data found [ 76.856272][ T4318] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.863830][ T4318] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.871904][ T4318] device bridge_slave_0 entered promiscuous mode [ 76.888515][ T4318] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.895822][ T4318] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.903488][ T4318] device bridge_slave_1 entered promiscuous mode [ 76.924023][ T4318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.934889][ T4318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.964834][ T4318] team0: Port device team_slave_0 added [ 76.972251][ T4318] team0: Port device team_slave_1 added [ 76.998592][ T4318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.005694][ T4318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.031997][ T4318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.045449][ T4318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.052520][ T4318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.078725][ T4318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.118509][ T4318] device hsr_slave_0 entered promiscuous mode [ 77.125427][ T4318] device hsr_slave_1 entered promiscuous mode [ 77.236040][ T4318] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.256734][ T4318] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.265521][ T4318] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.273986][ T4318] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.339307][ T4318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.352729][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.361099][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.377742][ T4318] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.387427][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.396465][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.406124][ T1297] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.413311][ T1297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.421999][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.465860][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.475206][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.483655][ T1297] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.490815][ T1297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.515778][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.526863][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.538609][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.547412][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.577066][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.587234][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.595779][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.608486][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.621027][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.633452][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.848996][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.856488][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.872957][ T4318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.902225][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.923135][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.932583][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.940635][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.950610][ T4318] device veth0_vlan entered promiscuous mode [ 77.964239][ T4318] device veth1_vlan entered promiscuous mode [ 77.983293][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.991793][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 78.000291][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 78.013013][ T4318] device veth0_macvtap entered promiscuous mode [ 78.022742][ T4318] device veth1_macvtap entered promiscuous mode [ 78.038972][ T4318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.050020][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 78.061538][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 78.070105][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 78.081471][ T4318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.088893][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 78.098128][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 78.115507][ T4318] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.124307][ T4318] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.133390][ T4318] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.142171][ T4318] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.577560][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.094168][ T4359] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.101898][ T4359] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.109848][ T4359] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.119925][ T4359] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.128660][ T4359] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.136462][ T4359] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 2026/03/04 04:50:15 executed programs: 0 [ 79.543603][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.551999][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.559599][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.567499][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.576696][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.583909][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.693864][ T4368] chnl_net:caif_netlink_parms(): no params data found [ 79.741815][ T4368] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.749133][ T4368] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.757182][ T4368] device bridge_slave_0 entered promiscuous mode [ 79.765866][ T4368] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.772993][ T4368] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.780965][ T4368] device bridge_slave_1 entered promiscuous mode [ 79.801792][ T4368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.812962][ T4368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.836061][ T4368] team0: Port device team_slave_0 added [ 79.843989][ T4368] team0: Port device team_slave_1 added [ 79.861078][ T4368] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.868151][ T4368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.894147][ T4368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.906908][ T4368] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.913876][ T4368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.939833][ T4368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.971572][ T4368] device hsr_slave_0 entered promiscuous mode [ 79.978404][ T4368] device hsr_slave_1 entered promiscuous mode [ 79.985645][ T4368] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.993424][ T4368] Cannot create hsr debugfs directory [ 80.905943][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.625542][ T48] Bluetooth: hci0: command 0x0409 tx timeout [ 83.233999][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.305329][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.705262][ T48] Bluetooth: hci0: command 0x041b tx timeout [ 84.098653][ T4368] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.109792][ T4368] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.123052][ T4368] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.150223][ T4368] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.227512][ T4368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.241869][ T9] device hsr_slave_0 left promiscuous mode [ 84.249729][ T9] device hsr_slave_1 left promiscuous mode [ 84.257535][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.265609][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.273776][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.281495][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.289344][ T9] device bridge_slave_1 left promiscuous mode [ 84.296408][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.308229][ T9] device bridge_slave_0 left promiscuous mode [ 84.314470][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.342333][ T9] device veth1_macvtap left promiscuous mode [ 84.350504][ T9] device veth0_macvtap left promiscuous mode [ 84.356918][ T9] device veth1_vlan left promiscuous mode [ 84.362812][ T9] device veth0_vlan left promiscuous mode [ 84.699436][ T9] team0 (unregistering): Port device team_slave_1 removed [ 84.725990][ T9] team0 (unregistering): Port device team_slave_0 removed [ 84.749321][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.777063][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.927135][ T9] bond0 (unregistering): Released all slaves [ 85.007693][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 85.015806][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.026747][ T4368] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.035850][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 85.044458][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.061089][ T1297] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.068234][ T1297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.077126][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.096736][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 85.105715][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.114197][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.121428][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.130201][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.161088][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.169728][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 85.179141][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.188326][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 85.197416][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 85.206450][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 85.215966][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.224156][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 85.239146][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 85.248086][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.258708][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 85.442035][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 85.452606][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 85.467645][ T4368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.487864][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 85.496475][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.514115][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.522635][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.532171][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 85.540339][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 85.561143][ T4368] device veth0_vlan entered promiscuous mode [ 85.575007][ T4368] device veth1_vlan entered promiscuous mode [ 85.614058][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 85.622749][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 85.632857][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.642747][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.659543][ T4368] device veth0_macvtap entered promiscuous mode [ 85.675057][ T4368] device veth1_macvtap entered promiscuous mode [ 85.699814][ T4368] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.709483][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 85.718508][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 85.728503][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.737325][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.749979][ T4368] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.762624][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.773057][ T1297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 85.784554][ T4368] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.794999][ T48] Bluetooth: hci0: command 0x040f tx timeout [ 85.814778][ T4368] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.823522][ T4368] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.832286][ T4368] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.890364][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.903287][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.939622][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 85.987578][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.996918][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.004527][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 86.111278][ T4417] loop0: detected capacity change from 0 to 2048 [ 86.129690][ T4417] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=2362, location=2362 [ 86.147757][ T4417] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 86.162368][ T4417] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 86.177397][ T4417] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 86.193082][ T27] audit: type=1800 audit(1772599821.738:2): pid=4417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=1346 res=0 errno=0 [ 86.404054][ T4417] [ 86.406412][ T4417] ============================================ [ 86.412575][ T4417] WARNING: possible recursive locking detected [ 86.418726][ T4417] syzkaller #0 Not tainted [ 86.423144][ T4417] -------------------------------------------- [ 86.429285][ T4417] syz.0.17/4417 is trying to acquire lock: [ 86.435078][ T4417] ffff888018ad3928 (&sbi->s_alloc_mutex){+.+.}-{3:3}, at: udf_free_blocks+0x995/0x17d0 [ 86.444776][ T4417] [ 86.444776][ T4417] but task is already holding lock: [ 86.452172][ T4417] ffff888018ad3928 (&sbi->s_alloc_mutex){+.+.}-{3:3}, at: udf_new_block+0xe8b/0x1a80 [ 86.461665][ T4417] [ 86.461665][ T4417] other info that might help us debug this: [ 86.469715][ T4417] Possible unsafe locking scenario: [ 86.469715][ T4417] [ 86.477162][ T4417] CPU0 [ 86.480433][ T4417] ---- [ 86.483731][ T4417] lock(&sbi->s_alloc_mutex); [ 86.488515][ T4417] lock(&sbi->s_alloc_mutex); [ 86.493276][ T4417] [ 86.493276][ T4417] *** DEADLOCK *** [ 86.493276][ T4417] [ 86.501432][ T4417] May be due to missing lock nesting notation [ 86.501432][ T4417] [ 86.509761][ T4417] 4 locks held by syz.0.17/4417: [ 86.514717][ T4417] #0: ffff888079e8e460 (sb_writers#13){.+.+}-{0:0}, at: do_sendfile+0x5d0/0xea0 [ 86.523859][ T4417] #1: ffff888069b70f78 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: udf_file_write_iter+0x6f/0x620 [ 86.534841][ T4417] #2: ffff888069b70da0 (&ei->i_data_sem#2){++++}-{3:3}, at: udf_get_block+0x104/0x4130 [ 86.544583][ T4417] #3: ffff888018ad3928 (&sbi->s_alloc_mutex){+.+.}-{3:3}, at: udf_new_block+0xe8b/0x1a80 [ 86.554712][ T4417] [ 86.554712][ T4417] stack backtrace: [ 86.560630][ T4417] CPU: 0 PID: 4417 Comm: syz.0.17 Not tainted syzkaller #0 [ 86.567823][ T4417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 86.577874][ T4417] Call Trace: [ 86.581265][ T4417] [ 86.584202][ T4417] dump_stack_lvl+0x188/0x24e [ 86.588893][ T4417] ? show_regs_print_info+0x12/0x12 [ 86.594195][ T4417] ? load_image+0x400/0x400 [ 86.598719][ T4417] __lock_acquire+0x123e/0x7d10 [ 86.603596][ T4417] ? verify_lock_unused+0x140/0x140 [ 86.608820][ T4417] ? finish_task_switch+0x265/0x8f0 [ 86.614037][ T4417] ? verify_lock_unused+0x140/0x140 [ 86.619247][ T4417] ? mark_lock+0x94/0x320 [ 86.623605][ T4417] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 86.629600][ T4417] lock_acquire+0x1bb/0x4a0 [ 86.634118][ T4417] ? udf_free_blocks+0x995/0x17d0 [ 86.639161][ T4417] ? __might_sleep+0xd0/0xd0 [ 86.643773][ T4417] ? read_lock_is_recursive+0x10/0x10 [ 86.649155][ T4417] ? mark_lock+0x94/0x320 [ 86.653494][ T4417] __mutex_lock+0x12d/0xaf0 [ 86.658027][ T4417] ? udf_free_blocks+0x995/0x17d0 [ 86.663062][ T4417] ? folio_activate_fn+0x2000/0x2000 [ 86.668450][ T4417] ? udf_free_blocks+0x995/0x17d0 [ 86.673498][ T4417] ? mutex_lock_nested+0x10/0x10 [ 86.678451][ T4417] ? mark_lock+0x94/0x320 [ 86.682798][ T4417] ? write_boundary_block+0xb0/0xb0 [ 86.688036][ T4417] ? __might_sleep+0xd0/0xd0 [ 86.692631][ T4417] ? folio_mark_accessed+0x327/0x1460 [ 86.698028][ T4417] udf_free_blocks+0x995/0x17d0 [ 86.702934][ T4417] ? udf_current_aext+0x694/0xb00 [ 86.707965][ T4417] ? orangefs_cancel_op_in_progress+0x470/0x470 [ 86.714211][ T4417] ? udf_next_aext+0x38f/0x450 [ 86.718984][ T4417] udf_delete_aext+0x4cd/0xbb0 [ 86.723753][ T4417] ? udf_next_aext+0x450/0x450 [ 86.728523][ T4417] udf_new_block+0x12bc/0x1a80 [ 86.733302][ T4417] ? udf_prealloc_blocks+0xf10/0xf10 [ 86.738620][ T4417] ? udf_next_aext+0x38f/0x450 [ 86.743403][ T4417] udf_get_block+0x119c/0x4130 [ 86.748168][ T4417] ? filemap_get_folios+0x103/0x780 [ 86.753376][ T4417] ? udf_bread+0x4d0/0x4d0 [ 86.757804][ T4417] ? do_raw_spin_unlock+0x11d/0x230 [ 86.763007][ T4417] ? create_page_buffers+0x24f/0x4a0 [ 86.768316][ T4417] __block_write_begin_int+0x55d/0x1a80 [ 86.773897][ T4417] ? udf_bread+0x4d0/0x4d0 [ 86.778312][ T4417] ? page_zero_new_buffers+0x650/0x650 [ 86.783779][ T4417] ? udf_bread+0x4d0/0x4d0 [ 86.788194][ T4417] block_write_begin+0x96/0x1e0 [ 86.793135][ T4417] udf_write_begin+0x31/0x70 [ 86.797746][ T4417] generic_perform_write+0x2fa/0x5c0 [ 86.803045][ T4417] ? generic_file_direct_write+0x330/0x330 [ 86.808855][ T4417] ? generic_file_direct_write+0x2ff/0x330 [ 86.814677][ T4417] ? rwsem_write_trylock+0x135/0x1c0 [ 86.819973][ T4417] __generic_file_write_iter+0x1fb/0x2a0 [ 86.825610][ T4417] udf_file_write_iter+0x289/0x620 [ 86.830729][ T4417] do_iter_write+0x642/0xb10 [ 86.835326][ T4417] ? vfs_iter_write+0xa0/0xa0 [ 86.840005][ T4417] ? vfs_iter_write+0x67/0xa0 [ 86.844716][ T4417] iter_file_splice_write+0x699/0xcc0 [ 86.850138][ T4417] ? splice_from_pipe+0x180/0x180 [ 86.855166][ T4417] ? splice_shrink_spd+0xc0/0xc0 [ 86.860108][ T4417] ? splice_from_pipe+0x180/0x180 [ 86.865147][ T4417] direct_splice_actor+0xe1/0x130 [ 86.870191][ T4417] splice_direct_to_actor+0x48b/0xb90 [ 86.875564][ T4417] ? direct_file_splice_eof+0xa0/0xa0 [ 86.880937][ T4417] ? pipe_to_sendpage+0x320/0x320 [ 86.885967][ T4417] ? common_file_perm+0x171/0x1c0 [ 86.890995][ T4417] ? fsnotify_perm+0x5a/0x550 [ 86.895681][ T4417] ? security_file_permission+0x75/0xa0 [ 86.901228][ T4417] do_splice_direct+0x1ce/0x2f0 [ 86.906078][ T4417] ? splice_direct_to_actor+0xb90/0xb90 [ 86.911641][ T4417] ? rcu_read_lock_any_held+0xb0/0x130 [ 86.917095][ T4417] ? do_splice_direct+0x2f0/0x2f0 [ 86.922122][ T4417] ? common_file_perm+0x171/0x1c0 [ 86.927140][ T4417] do_sendfile+0x5f3/0xea0 [ 86.931548][ T4417] ? do_pwritev+0x3a0/0x3a0 [ 86.936043][ T4417] __se_sys_sendfile64+0x141/0x1a0 [ 86.941148][ T4417] ? lock_chain_count+0x20/0x20 [ 86.946024][ T4417] ? __x64_sys_sendfile64+0xa0/0xa0 [ 86.951214][ T4417] ? lockdep_hardirqs_on+0x94/0x140 [ 86.956406][ T4417] do_syscall_64+0x4c/0xa0 [ 86.960816][ T4417] ? clear_bhb_loop+0x60/0xb0 [ 86.965502][ T4417] ? clear_bhb_loop+0x60/0xb0 [ 86.970175][ T4417] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 86.976075][ T4417] RIP: 0033:0x7f71eef9c799 [ 86.980488][ T4417] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 87.000091][ T4417] RSP: 002b:00007f71efe45028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 87.008536][ T4417] RAX: ffffffffffffffda RBX: 00007f71ef215fa0 RCX: 00007f71eef9c799 [ 87.016518][ T4417] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 [ 87.024489][ T4417] RBP: 00007f71ef032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 87.032468][ T4417] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000000 [ 87.040451][ T4417] R13: 00007f71ef216038 R14: 00007f71ef215fa0 R15: 00007fffbb510628 [ 87.048448][ T4417] [ 87.054022][ T951] cfg80211: failed to load regulatory.db [ 87.864773][ T4359] Bluetooth: hci0: command 0x0419 tx timeout