[syzbot] [ext4?] kernel BUG in ext4_write_inline_data (4)

[syzbot] [ext4?] kernel BUG in ext4_write_inline_data (4)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    162b42445b58 Merge tag 'iommu-fixes-v6.19-rc7' of git://gi..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12c48402580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=fea461e951c03b1b
dashboard link: https://syzkaller.appspot.com/bug?extid=7de5fe447862fc37576f
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11ec7bfa580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98939f243052/disk-162b4244.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2ce9a7b8e049/vmlinux-162b4244.xz
kernel image: https://storage.googleapis.com/syzbot-assets/99eb2d7c3e94/bzImage-162b4244.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/82c4262402e2/mount_0.gz
  fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=1196145a580000)

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7de5fe447862fc37576f@syzkaller.appspotmail.com

------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:240!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 6836 Comm: syz.5.137 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
RIP: 0010:ext4_write_inline_data+0x40b/0x4f0 fs/ext4/inline.c:240
Code: fe e8 e9 70 3f ff 42 8d 44 23 c4 bb 3c 00 00 00 89 44 24 08 44 29 e3 e9 aa fe ff ff e8 ce 70 3f ff 90 0f 0b e8 c6 70 3f ff 90 <0f> 0b e8 be 70 3f ff 48 8d 3d b7 58 f6 0d 48 c7 c2 60 5b ac 8b 4c
RSP: 0018:ffffc9000b0b74e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000001000 RCX: ffffffff82c7675b
RDX: ffff88802c845b80 RSI: ffffffff82c7697a RDI: ffff88802c845b80
RBP: ffff888075742918 R08: 0000000000000006 R09: 0000000000004000
R10: 000000000000003c R11: 0000000000000000 R12: 0000000000003000
R13: 0000000000004000 R14: ffffc9000b0b7580 R15: ffff888075742e82
FS:  00007fb1c0b036c0(0000) GS:ffff8881245dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f284e6ff000 CR3: 000000005cb37000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 ext4_write_inline_data_end+0x2a8/0xdb0 fs/ext4/inline.c:817
 ext4_da_write_end+0x4f7/0xf20 fs/ext4/inode.c:3286
 generic_perform_write+0x513/0xa40 mm/filemap.c:4335
 ext4_buffered_write_iter+0x119/0x440 fs/ext4/file.c:299
 ext4_file_write_iter+0xa3d/0x1d90 fs/ext4/file.c:723
 iter_file_splice_write+0x82b/0x10a0 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x192/0x6c0 fs/splice.c:1161
 splice_direct_to_actor+0x345/0xa30 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x174/0x240 fs/splice.c:1230
 do_sendfile+0xadc/0xe20 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb1bfb9aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb1c0b03028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007fb1bfe15fa0 RCX: 00007fb1bfb9aeb9
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
RBP: 00007fb1bfc08c1f R08: 0000000000000000 R09: 0000000000000000
R10: 000000000e3aa6ea R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb1bfe16038 R14: 00007fb1bfe15fa0 R15: 00007ffc03931cf8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x40b/0x4f0 fs/ext4/inline.c:240
Code: fe e8 e9 70 3f ff 42 8d 44 23 c4 bb 3c 00 00 00 89 44 24 08 44 29 e3 e9 aa fe ff ff e8 ce 70 3f ff 90 0f 0b e8 c6 70 3f ff 90 <0f> 0b e8 be 70 3f ff 48 8d 3d b7 58 f6 0d 48 c7 c2 60 5b ac 8b 4c
RSP: 0018:ffffc9000b0b74e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000001000 RCX: ffffffff82c7675b
RDX: ffff88802c845b80 RSI: ffffffff82c7697a RDI: ffff88802c845b80
RBP: ffff888075742918 R08: 0000000000000006 R09: 0000000000004000
R10: 000000000000003c R11: 0000000000000000 R12: 0000000000003000
R13: 0000000000004000 R14: ffffc9000b0b7580 R15: ffff888075742e82
FS:  00007fb1c0b036c0(0000) GS:ffff8881246dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efdf1812000 CR3: 000000005cb37000 CR4: 0000000000350ef0


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data (4)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

7.803022][ T5881] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.810281][ T5881] bridge_slave_0: entered allmulticast mode
[  117.819858][ T5881] bridge_slave_0: entered promiscuous mode
[  117.831267][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.838798][ T5881] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.846248][ T5881] bridge_slave_1: entered allmulticast mode
[  117.855838][ T5881] bridge_slave_1: entered promiscuous mode
[  117.964803][ T5881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  117.987234][ T5881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.040452][ T5881] team0: Port device team_slave_0 added
[  118.049944][ T5881] team0: Port device team_slave_1 added
[  118.080161][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_0
[  118.087318][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  118.113896][ T5881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  118.127434][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_1
[  118.134435][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  118.161467][ T5881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  118.211366][ T5881] hsr_slave_0: entered promiscuous mode
[  118.218209][ T5881] hsr_slave_1: entered promiscuous mode
[  118.391881][ T5881] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  118.406093][ T5881] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  118.416923][ T5881] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  118.430035][ T5881] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  118.468949][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.476261][ T5881] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.484301][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.491418][ T5881] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.556461][ T5881] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.575455][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.584555][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.604576][ T5881] 8021q: adding VLAN 0 to HW filter on device team0
[  118.618950][ T5905] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.626262][ T5905] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.641589][ T2132] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.648732][ T2132] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.895513][ T5881] 8021q: adding VLAN 0 to HW filter on device batadv0
[  119.170167][ T5881] veth0_vlan: entered promiscuous mode
[  119.183445][ T5881] veth1_vlan: entered promiscuous mode
[  119.217895][ T5881] veth0_macvtap: entered promiscuous mode
[  119.230062][ T5881] veth1_macvtap: entered promiscuous mode
[  119.249484][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_0
[  119.265203][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_1
[  119.281302][ T5905] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  119.290696][ T5905] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  119.300369][ T5905] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  119.313654][ T5905] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/02/03 06:39:51 executed programs: 0
[  119.488752][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.497059][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.508423][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.519074][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.528291][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.738092][ T5936] chnl_net:caif_netlink_parms(): no params data found
[  119.833656][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.840781][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.848988][ T5936] bridge_slave_0: entered allmulticast mode
[  119.857076][ T5936] bridge_slave_0: entered promiscuous mode
[  119.869222][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.876576][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.883996][ T5936] bridge_slave_1: entered allmulticast mode
[  119.891511][ T5936] bridge_slave_1: entered promiscuous mode
[  119.931741][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.946072][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.983868][ T5936] team0: Port device team_slave_0 added
[  119.992048][ T5936] team0: Port device team_slave_1 added
[  120.022350][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.029883][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  120.055907][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.068732][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.076584][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  120.103079][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.160728][ T5936] hsr_slave_0: entered promiscuous mode
[  120.167486][ T5936] hsr_slave_1: entered promiscuous mode
[  120.173976][ T5936] debugfs: 'hsr0' already exists in 'hsr'
[  120.179816][ T5936] Cannot create hsr debugfs directory
[  120.371660][ T5936] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  120.383411][ T5936] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  120.395486][ T5936] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  120.407081][ T5936] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  120.444116][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.451327][ T5936] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.458951][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.466187][ T5936] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.532648][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.551871][ T5905] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.560861][ T5905] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.578330][ T5936] 8021q: adding VLAN 0 to HW filter on device team0
[  120.596322][ T5905] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.603482][ T5905] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.620189][ T5905] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.627367][ T5905] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.876511][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.941415][ T5936] veth0_vlan: entered promiscuous mode
[  120.955295][ T5936] veth1_vlan: entered promiscuous mode
[  120.996769][ T5936] veth0_macvtap: entered promiscuous mode
[  121.030937][ T5936] veth1_macvtap: entered promiscuous mode
[  121.060700][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.083217][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.100665][   T34] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.114592][   T34] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.129374][   T34] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.139911][   T34] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.259772][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.276099][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.334029][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.348481][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.624061][ T5846] Bluetooth: hci0: command tx timeout
[  122.480058][ T2132] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.614940][ T2132] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.677461][ T2132] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.765200][ T2132] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.892181][ T2132] bridge_slave_1: left allmulticast mode
[  122.899779][ T2132] bridge_slave_1: left promiscuous mode
[  122.912634][ T2132] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.925287][ T2132] bridge_slave_0: left allmulticast mode
[  122.930925][ T2132] bridge_slave_0: left promiscuous mode
[  122.937341][ T2132] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.241250][ T2132] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  123.252798][ T2132] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  123.265182][ T2132] bond0 (unregistering): Released all slaves
[  123.401903][ T2132] hsr_slave_0: left promiscuous mode
[  123.421750][ T2132] hsr_slave_1: left promiscuous mode
[  123.432923][ T2132] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.440515][ T2132] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.452803][ T2132] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.460196][ T2132] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.484568][ T2132] veth1_macvtap: left promiscuous mode
[  123.490264][ T2132] veth0_macvtap: left promiscuous mode
[  123.503364][ T2132] veth1_vlan: left promiscuous mode
[  123.508800][ T2132] veth0_vlan: left promiscuous mode
[  124.033040][ T2132] team0 (unregistering): Port device team_slave_1 removed
[  124.061067][ T2132] team0 (unregistering): Port device team_slave_0 removed
[  124.698727][ T2132] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.899694][ T2132] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.003107][ T2132] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.085927][ T2132] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.224675][ T2132] bridge_slave_1: left allmulticast mode
[  125.230380][ T2132] bridge_slave_1: left promiscuous mode
[  125.241960][ T2132] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.253765][ T2132] bridge_slave_0: left allmulticast mode
[  125.259444][ T2132] bridge_slave_0: left promiscuous mode
[  125.266172][ T2132] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.549618][ T2132] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.562289][ T2132] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.572575][ T2132] bond0 (unregistering): Released all slaves
[  125.917232][ T2132] hsr_slave_0: left promiscuous mode
[  125.924888][ T2132] hsr_slave_1: left promiscuous mode
[  125.931026][ T2132] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.938692][ T2132] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.963619][ T2132] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.973608][ T2132] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.998685][ T2132] veth1_macvtap: left promiscuous mode
[  126.008645][ T2132] veth0_macvtap: left promiscuous mode
[  126.014461][ T2132] veth1_vlan: left promiscuous mode
[  126.019806][ T2132] veth0_vlan: left promiscuous mode
[  126.383253][ T2132] team0 (unregistering): Port device team_slave_1 removed
[  126.416986][ T2132] team0 (unregistering): Port device team_slave_0 removed


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3992306483=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at 6b8752f20c
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6b8752f20c06eee857545047ab920e63322bf4c8 -X github.com/google/syzkaller/prog.gitRevisionDate=20260131-204520"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6b8752f20c06eee857545047ab920e63322bf4c8 -X github.com/google/syzkaller/prog.gitRevisionDate=20260131-204520"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6b8752f20c06eee857545047ab920e63322bf4c8 -X github.com/google/syzkaller/prog.gitRevisionDate=20260131-204520"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"6b8752f20c06eee857545047ab920e63322bf4c8\"
/usr/bin/ld: /tmp/ccfZbAsR.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=12934402580000


Tested on:

commit:         6bd9ed02 Merge tag 'cgroup-for-6.19-rc8-fixes' of git:..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=fea461e951c03b1b
dashboard link: https://syzkaller.appspot.com/bug?extid=7de5fe447862fc37576f
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=15347322580000

Re: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data (4)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

ecase to linux-mm@kvack.org if you depend on this functionality.
[  114.073401][ T4254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.085556][ T4254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.455712][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.459277][ T5846] chnl_net:caif_netlink_parms(): no params data found
[  114.466207][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.053719][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.061847][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  115.071240][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.078730][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  115.088375][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  115.097293][ T5846] bridge_slave_0: entered allmulticast mode
[  115.103662][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  115.111761][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  115.122627][ T5846] bridge_slave_0: entered promiscuous mode
[  115.193824][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.221916][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.238429][ T5846] bridge_slave_1: entered allmulticast mode
[  115.256077][ T5846] bridge_slave_1: entered promiscuous mode
[  115.418143][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.539292][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.921187][ T5846] team0: Port device team_slave_0 added
[  115.990599][ T5846] team0: Port device team_slave_1 added
[  116.082646][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.089665][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  116.115753][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.182624][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.190052][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  116.216125][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.716438][ T5846] hsr_slave_0: entered promiscuous mode
[  116.723317][ T5846] hsr_slave_1: entered promiscuous mode
[  117.794383][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  117.826987][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  117.850245][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  117.871711][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  118.071567][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.108915][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[  118.124345][   T71] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.131771][   T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.151778][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.158912][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.473114][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  118.523374][ T5846] veth0_vlan: entered promiscuous mode
[  118.537313][ T5846] veth1_vlan: entered promiscuous mode
[  118.570513][ T5846] veth0_macvtap: entered promiscuous mode
[  118.582126][ T5846] veth1_macvtap: entered promiscuous mode
[  118.604595][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.620480][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.637368][   T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.646465][   T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.655243][   T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.668163][   T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/02/03 07:41:24 executed programs: 0
[  118.879052][ T5140] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  118.888068][ T5140] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  118.895798][ T5140] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  118.905059][ T5140] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  118.915748][ T5140] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.211615][ T5934] chnl_net:caif_netlink_parms(): no params data found
[  119.307633][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.314846][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.322307][ T5934] bridge_slave_0: entered allmulticast mode
[  119.329835][ T5934] bridge_slave_0: entered promiscuous mode
[  119.339059][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.348163][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.355500][ T5934] bridge_slave_1: entered allmulticast mode
[  119.363298][ T5934] bridge_slave_1: entered promiscuous mode
[  119.400333][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.413209][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.453708][ T5934] team0: Port device team_slave_0 added
[  119.463066][ T5934] team0: Port device team_slave_1 added
[  119.497209][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0
[  119.504175][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  119.532328][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  119.546512][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1
[  119.553557][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  119.580269][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.639230][ T5934] hsr_slave_0: entered promiscuous mode
[  119.645757][ T5934] hsr_slave_1: entered promiscuous mode
[  119.652723][ T5934] debugfs: 'hsr0' already exists in 'hsr'
[  119.658702][ T5934] Cannot create hsr debugfs directory
[  119.855037][ T5934] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  119.867221][ T5934] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  119.878248][ T5934] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  119.890501][ T5934] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  119.986092][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.015814][ T5934] 8021q: adding VLAN 0 to HW filter on device team0
[  120.030411][   T71] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.037743][   T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.053693][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.060840][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.302006][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.354661][ T5934] veth0_vlan: entered promiscuous mode
[  120.369651][ T5934] veth1_vlan: entered promiscuous mode
[  120.402540][ T5934] veth0_macvtap: entered promiscuous mode
[  120.413314][ T5934] veth1_macvtap: entered promiscuous mode
[  120.435142][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.450894][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.465800][   T71] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.478819][   T71] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.494866][   T71] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  120.504263][   T71] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  120.573104][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.581269][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.620694][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.630246][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.947134][ T5140] Bluetooth: hci0: command tx timeout
[  121.443871][   T50] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.038891][   T50] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.111026][   T50] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.152364][   T50] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.287821][   T50] bridge_slave_1: left allmulticast mode
[  122.294531][   T50] bridge_slave_1: left promiscuous mode
[  122.301089][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.313574][   T50] bridge_slave_0: left allmulticast mode
[  122.323553][   T50] bridge_slave_0: left promiscuous mode
[  122.329648][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.657213][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  122.668427][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  122.685192][   T50] bond0 (unregistering): Released all slaves
[  122.813567][   T50] hsr_slave_0: left promiscuous mode
[  122.824368][   T50] hsr_slave_1: left promiscuous mode
[  122.834742][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  122.842240][   T50] batman_adv: batadv0: Removing interface: batadv_slave_0
[  122.851144][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  122.859179][   T50] batman_adv: batadv0: Removing interface: batadv_slave_1
[  122.884287][   T50] veth1_macvtap: left promiscuous mode
[  122.890143][   T50] veth0_macvtap: left promiscuous mode
[  122.895990][   T50] veth1_vlan: left promiscuous mode
[  122.901750][   T50] veth0_vlan: left promiscuous mode
[  123.414964][   T50] team0 (unregistering): Port device team_slave_1 removed
[  123.453945][   T50] team0 (unregistering): Port device team_slave_0 removed
[  124.139994][   T50] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.221715][   T50] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.292342][   T50] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.386012][   T50] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.525472][   T50] bridge_slave_1: left allmulticast mode
[  124.531603][   T50] bridge_slave_1: left promiscuous mode
[  124.538156][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.550777][   T50] bridge_slave_0: left allmulticast mode
[  124.557808][   T50] bridge_slave_0: left promiscuous mode
[  124.563691][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.845360][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  124.859520][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  124.872053][   T50] bond0 (unregistering): Released all slaves
[  125.146756][   T50] hsr_slave_0: left promiscuous mode
[  125.152946][   T50] hsr_slave_1: left promiscuous mode
[  125.163809][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.172813][   T50] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.190084][   T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.197620][   T50] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.221387][   T50] veth1_macvtap: left promiscuous mode
[  125.227178][   T50] veth0_macvtap: left promiscuous mode
[  125.232863][   T50] veth1_vlan: left promiscuous mode
[  125.239905][   T50] veth0_vlan: left promiscuous mode
[  125.713684][   T50] team0 (unregistering): Port device team_slave_1 removed
[  125.742133][   T50] team0 (unregistering): Port device team_slave_0 removed


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1470544453=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at 6b8752f20c
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6b8752f20c06eee857545047ab920e63322bf4c8 -X github.com/google/syzkaller/prog.gitRevisionDate=20260131-204520"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6b8752f20c06eee857545047ab920e63322bf4c8 -X github.com/google/syzkaller/prog.gitRevisionDate=20260131-204520"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6b8752f20c06eee857545047ab920e63322bf4c8 -X github.com/google/syzkaller/prog.gitRevisionDate=20260131-204520"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"6b8752f20c06eee857545047ab920e63322bf4c8\"
/usr/bin/ld: /tmp/ccJTB0zs.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=116ffc5a580000


Tested on:

commit:         6bd9ed02 Merge tag 'cgroup-for-6.19-rc8-fixes' of git:..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=fea461e951c03b1b
dashboard link: https://syzkaller.appspot.com/bug?extid=7de5fe447862fc37576f
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=16934402580000

Re: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data (4)

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

[  115.737028][ T5139] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  115.745623][ T5139] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  115.753680][ T5139] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  115.762195][ T5139] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  115.770008][ T5139] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  117.565426][ T5866] chnl_net:caif_netlink_parms(): no params data found
[  118.101590][ T5866] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.109810][ T5866] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.117325][ T5866] bridge_slave_0: entered allmulticast mode
[  118.147613][ T5866] bridge_slave_0: entered promiscuous mode
[  118.398433][ T5866] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.405848][ T5866] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.413476][ T5866] bridge_slave_1: entered allmulticast mode
[  118.421980][ T5866] bridge_slave_1: entered promiscuous mode
[  118.477269][ T5866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.501071][ T5866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.669335][ T5866] team0: Port device team_slave_0 added
[  118.682494][ T5866] team0: Port device team_slave_1 added
[  118.748530][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.776393][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.826104][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_0
[  118.833113][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  118.859988][ T5866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  118.915653][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_1
[  118.922656][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  118.974696][ T5866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  119.007284][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.026222][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.114830][ T5866] hsr_slave_0: entered promiscuous mode
[  119.136943][ T5866] hsr_slave_1: entered promiscuous mode
[  119.432503][ T5866] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  119.447497][ T5866] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  119.458834][ T5866] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  119.469701][ T5866] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  119.563018][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0
[  119.586277][ T5866] 8021q: adding VLAN 0 to HW filter on device team0
[  119.601598][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.608955][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  119.627386][ T2898] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.634550][ T2898] bridge0: port 2(bridge_slave_1) entered forwarding state
[  119.882615][ T5866] 8021q: adding VLAN 0 to HW filter on device batadv0
[  119.931648][ T5866] veth0_vlan: entered promiscuous mode
[  119.947109][ T5866] veth1_vlan: entered promiscuous mode
[  119.979256][ T5866] veth0_macvtap: entered promiscuous mode
[  119.990698][ T5866] veth1_macvtap: entered promiscuous mode
[  120.012667][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.030121][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.047991][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.062365][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.078098][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  120.087483][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/02/03 08:21:00 executed programs: 0
[  120.268277][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  120.280246][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  120.282551][   T38] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.288610][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  120.308676][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  120.319659][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  120.397996][   T38] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.461411][   T38] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.566850][   T38] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.595322][ T5934] chnl_net:caif_netlink_parms(): no params data found
[  120.692126][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.700477][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.707832][ T5934] bridge_slave_0: entered allmulticast mode
[  120.715437][ T5934] bridge_slave_0: entered promiscuous mode
[  120.727578][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.734814][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.742283][ T5934] bridge_slave_1: entered allmulticast mode
[  120.750265][ T5934] bridge_slave_1: entered promiscuous mode
[  120.794480][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.807902][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.849234][ T5934] team0: Port device team_slave_0 added
[  120.860920][ T5934] team0: Port device team_slave_1 added
[  120.895391][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.903012][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  120.930037][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.944593][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.951991][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  120.978209][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.040031][ T5934] hsr_slave_0: entered promiscuous mode
[  121.047352][ T5934] hsr_slave_1: entered promiscuous mode
[  121.053630][ T5934] debugfs: 'hsr0' already exists in 'hsr'
[  121.059660][ T5934] Cannot create hsr debugfs directory
[  122.376418][ T5139] Bluetooth: hci0: command tx timeout
[  122.795041][   T38] bridge_slave_1: left allmulticast mode
[  122.801314][   T38] bridge_slave_1: left promiscuous mode
[  122.809322][   T38] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.822491][   T38] bridge_slave_0: left allmulticast mode
[  122.829206][   T38] bridge_slave_0: left promiscuous mode
[  122.834952][   T38] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.048250][   T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  123.060120][   T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  123.078027][   T38] bond0 (unregistering): Released all slaves
[  123.183531][   T38] hsr_slave_0: left promiscuous mode
[  123.193152][   T38] hsr_slave_1: left promiscuous mode
[  123.199945][   T38] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.209756][   T38] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.223968][   T38] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.231842][   T38] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.255322][   T38] veth1_macvtap: left promiscuous mode
[  123.261256][   T38] veth0_macvtap: left promiscuous mode
[  123.269082][   T38] veth1_vlan: left promiscuous mode
[  123.274496][   T38] veth0_vlan: left promiscuous mode
[  123.779508][   T38] team0 (unregistering): Port device team_slave_1 removed
[  123.809216][   T38] team0 (unregistering): Port device team_slave_0 removed
[  124.223362][ T5934] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  124.251383][ T5934] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  124.264544][ T5934] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  124.277620][ T5934] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  124.421915][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.447497][ T5934] 8021q: adding VLAN 0 to HW filter on device team0
[  124.456324][ T5139] Bluetooth: hci0: command tx timeout
[  124.471199][   T72] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.478408][   T72] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.498560][   T38] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.505754][   T38] bridge0: port 2(bridge_slave_1) entered forwarding state
[  124.853982][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.921020][ T5934] veth0_vlan: entered promiscuous mode
[  124.932906][ T5934] veth1_vlan: entered promiscuous mode
[  124.965922][ T5934] veth0_macvtap: entered promiscuous mode
[  124.979333][ T5934] veth1_macvtap: entered promiscuous mode
[  124.999208][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.015270][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.032513][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.042018][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.057876][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.067233][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.137953][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.153560][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.188192][   T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.196770][   T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.761790][ T2898] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.218574][ T2898] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.308291][ T2898] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.398270][ T2898] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.550848][ T2898] bridge_slave_1: left allmulticast mode
[  128.562154][ T2898] bridge_slave_1: left promiscuous mode
[  128.568697][ T2898] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.578506][ T2898] bridge_slave_0: left allmulticast mode
[  128.584282][ T2898] bridge_slave_0: left promiscuous mode
[  128.591339][ T2898] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.826554][ T2898] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  128.838167][ T2898] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  128.848407][ T2898] bond0 (unregistering): Released all slaves
[  129.180084][ T2898] hsr_slave_0: left promiscuous mode
[  129.190184][ T2898] hsr_slave_1: left promiscuous mode
[  129.197878][ T2898] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.205281][ T2898] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.213895][ T2898] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.221811][ T2898] batman_adv: batadv0: Removing interface: batadv_slave_1
[  129.246390][ T2898] veth1_macvtap: left promiscuous mode
[  129.255979][ T2898] veth0_macvtap: left promiscuous mode
[  129.261712][ T2898] veth1_vlan: left promiscuous mode
[  129.267406][ T2898] veth0_vlan: left promiscuous mode
[  129.689185][ T2898] team0 (unregistering): Port device team_slave_1 removed
[  129.721369][ T2898] team0 (unregistering): Port device team_slave_0 removed


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build4132501190=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at 6b8752f20c
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6b8752f20c06eee857545047ab920e63322bf4c8 -X github.com/google/syzkaller/prog.gitRevisionDate=20260131-204520"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6b8752f20c06eee857545047ab920e63322bf4c8 -X github.com/google/syzkaller/prog.gitRevisionDate=20260131-204520"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6b8752f20c06eee857545047ab920e63322bf4c8 -X github.com/google/syzkaller/prog.gitRevisionDate=20260131-204520"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"6b8752f20c06eee857545047ab920e63322bf4c8\"
/usr/bin/ld: /tmp/cc6AYh6x.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1298c25a580000


Tested on:

commit:         6bd9ed02 Merge tag 'cgroup-for-6.19-rc8-fixes' of git:..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=fea461e951c03b1b
dashboard link: https://syzkaller.appspot.com/bug?extid=7de5fe447862fc37576f
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1277fbfa580000

Re: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data (4)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data

------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:240!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 1 UID: 0 PID: 7754 Comm: syz.0.172 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
RIP: 0010:ext4_write_inline_data+0x40b/0x4f0 fs/ext4/inline.c:240
Code: fe e8 69 6f 3f ff 42 8d 44 23 c4 bb 3c 00 00 00 89 44 24 08 44 29 e3 e9 aa fe ff ff e8 4e 6f 3f ff 90 0f 0b e8 46 6f 3f ff 90 <0f> 0b e8 3e 6f 3f ff 48 8d 3d f7 56 f6 0d 48 c7 c2 60 5b ac 8b 4c
RSP: 0018:ffffc9000c0574e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000001000 RCX: ffffffff82c7691b
RDX: ffff888026555b80 RSI: ffffffff82c76b3a RDI: ffff888026555b80
RBP: ffff888077368298 R08: 0000000000000006 R09: 0000000000002000
R10: 000000000000003c R11: 0000000000000000 R12: 0000000000001000
R13: 0000000000002000 R14: ffffc9000c057580 R15: ffff888077368802
FS:  00007f86e72546c0(0000) GS:ffff8881246dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f86e7211ff8 CR3: 000000007e6cf000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 ext4_write_inline_data_end+0x2a8/0xdb0 fs/ext4/inline.c:817
 ext4_da_write_end+0x4f7/0xf20 fs/ext4/inode.c:3286
 generic_perform_write+0x513/0xa40 mm/filemap.c:4335
 ext4_buffered_write_iter+0x119/0x440 fs/ext4/file.c:299
 ext4_file_write_iter+0xa3d/0x1d90 fs/ext4/file.c:723
 iter_file_splice_write+0x82b/0x10a0 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x192/0x6c0 fs/splice.c:1161
 splice_direct_to_actor+0x345/0xa30 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x174/0x240 fs/splice.c:1230
 do_sendfile+0xadc/0xe20 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f86e639aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f86e7254028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f86e6615fa0 RCX: 00007f86e639aeb9
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
RBP: 00007f86e6408c1f R08: 0000000000000000 R09: 0000000000000000
R10: 000000000e3aa6ea R11: 0000000000000246 R12: 0000000000000000
R13: 00007f86e6616038 R14: 00007f86e6615fa0 R15: 00007ffcedbd78f8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x40b/0x4f0 fs/ext4/inline.c:240
Code: fe e8 69 6f 3f ff 42 8d 44 23 c4 bb 3c 00 00 00 89 44 24 08 44 29 e3 e9 aa fe ff ff e8 4e 6f 3f ff 90 0f 0b e8 46 6f 3f ff 90 <0f> 0b e8 3e 6f 3f ff 48 8d 3d f7 56 f6 0d 48 c7 c2 60 5b ac 8b 4c
RSP: 0018:ffffc9000c0574e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000001000 RCX: ffffffff82c7691b
RDX: ffff888026555b80 RSI: ffffffff82c76b3a RDI: ffff888026555b80
RBP: ffff888077368298 R08: 0000000000000006 R09: 0000000000002000
R10: 000000000000003c R11: 0000000000000000 R12: 0000000000001000
R13: 0000000000002000 R14: ffffc9000c057580 R15: ffff888077368802
FS:  00007f86e72546c0(0000) GS:ffff8881246dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffeb1036e30 CR3: 000000007e6cf000 CR4: 0000000000350ef0


Tested on:

commit:         6bd9ed02 Merge tag 'cgroup-for-6.19-rc8-fixes' of git:..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=162d7322580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=fea461e951c03b1b
dashboard link: https://syzkaller.appspot.com/bug?extid=7de5fe447862fc37576f
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1528c402580000

Re: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data (4)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data

------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:240!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 7347 Comm: syz.1.123 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
RIP: 0010:ext4_write_inline_data+0x40b/0x4f0 fs/ext4/inline.c:240
Code: fe e8 49 6f 3f ff 42 8d 44 23 c4 bb 3c 00 00 00 89 44 24 08 44 29 e3 e9 aa fe ff ff e8 2e 6f 3f ff 90 0f 0b e8 26 6f 3f ff 90 <0f> 0b e8 1e 6f 3f ff 48 8d 3d f7 37 f6 0d 48 c7 c2 60 5b ac 8b 4c
RSP: 0018:ffffc9000b4cf4e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000001000 RCX: ffffffff82c7893b
RDX: ffff88801cf6bd00 RSI: ffffffff82c78b5a RDI: ffff88801cf6bd00
RBP: ffff888075dc3c58 R08: 0000000000000006 R09: 00000000000a9000
R10: 000000000000003c R11: 0000000000000000 R12: 00000000000a8000
R13: 00000000000a9000 R14: ffffc9000b4cf580 R15: ffff888075dc41c2
FS:  00007f9e9e6ff6c0(0000) GS:ffff8881245dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4f0f10c7d0 CR3: 000000005faf1000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 ext4_write_inline_data_end+0x2a8/0xdb0 fs/ext4/inline.c:817
 ext4_da_write_end+0x4f7/0xf20 fs/ext4/inode.c:3286
 generic_perform_write+0x513/0xa40 mm/filemap.c:4335
 ext4_buffered_write_iter+0x119/0x440 fs/ext4/file.c:299
 ext4_file_write_iter+0xa3d/0x1d90 fs/ext4/file.c:723
 iter_file_splice_write+0x82b/0x10a0 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x192/0x6c0 fs/splice.c:1161
 splice_direct_to_actor+0x345/0xa30 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x174/0x240 fs/splice.c:1230
 do_sendfile+0xadc/0xe20 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9e9d79aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9e9e6ff028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f9e9da15fa0 RCX: 00007f9e9d79aeb9
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
RBP: 00007f9e9d808c1f R08: 0000000000000000 R09: 0000000000000000
R10: 000000000e3aa6ea R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9e9da16038 R14: 00007f9e9da15fa0 R15: 00007ffe0e112068
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x40b/0x4f0 fs/ext4/inline.c:240
Code: fe e8 49 6f 3f ff 42 8d 44 23 c4 bb 3c 00 00 00 89 44 24 08 44 29 e3 e9 aa fe ff ff e8 2e 6f 3f ff 90 0f 0b e8 26 6f 3f ff 90 <0f> 0b e8 1e 6f 3f ff 48 8d 3d f7 37 f6 0d 48 c7 c2 60 5b ac 8b 4c
RSP: 0018:ffffc9000b4cf4e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000001000 RCX: ffffffff82c7893b
RDX: ffff88801cf6bd00 RSI: ffffffff82c78b5a RDI: ffff88801cf6bd00
RBP: ffff888075dc3c58 R08: 0000000000000006 R09: 00000000000a9000
R10: 000000000000003c R11: 0000000000000000 R12: 00000000000a8000
R13: 00000000000a9000 R14: ffffc9000b4cf580 R15: ffff888075dc41c2
FS:  00007f9e9e6ff6c0(0000) GS:ffff8881245dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c0076e7000 CR3: 000000005faf1000 CR4: 0000000000350ef0


Tested on:

commit:         b7ff7151 Merge tag 'hwmon-for-v6.19-final' of git://gi..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13faed3a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=fea461e951c03b1b
dashboard link: https://syzkaller.appspot.com/bug?extid=7de5fe447862fc37576f
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1302ed3a580000

Re: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data (4)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+7de5fe447862fc37576f@syzkaller.appspotmail.com
Tested-by: syzbot+7de5fe447862fc37576f@syzkaller.appspotmail.com

Tested on:

commit:         2687c848 x86/vmware: Fix hypercall clobbers
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1731c65a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=fea461e951c03b1b
dashboard link: https://syzkaller.appspot.com/bug?extid=7de5fe447862fc37576f
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=10caca5a580000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data (4)

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit:    dc855b77719f Merge tag 'irq-drivers-2026-02-09' of git://g..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=179e0b3a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=c48edf5effbe2b83
dashboard link: https://syzkaller.appspot.com/bug?extid=7de5fe447862fc37576f
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=137b6ae6580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=109fb402580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d7c9816606c2/disk-dc855b77.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cb6f0c59d3d1/vmlinux-dc855b77.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7abf33193f14/bzImage-dc855b77.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/cc23e4e0f61c/mount_0.gz
  fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=11aaccaa580000)

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7de5fe447862fc37576f@syzkaller.appspotmail.com

------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:240!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 6183 Comm: syz.1.27 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
RIP: 0010:ext4_write_inline_data+0x43c/0x440 fs/ext4/inline.c:240
Code: c1 38 c1 0f 8c 19 ff ff ff 48 89 df 49 89 d7 e8 3a 5d ac ff 4c 89 fa e9 06 ff ff ff e8 7d 31 43 ff 90 0f 0b e8 75 31 43 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f
RSP: 0018:ffffc900041bf3a8 EFLAGS: 00010293
RAX: ffffffff8281434b RBX: 0000000000003000 RCX: ffff88802ab8dac0
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000003000
RBP: ffff888072ee11a2 R08: ffff88805b996387 R09: 1ffff1100b732c70
R10: dffffc0000000000 R11: ffffed100b732c71 R12: 000000000000003c
R13: ffffc900041bf460 R14: 0000000000002000 R15: ffff888072ee0c38
FS:  00007f67e2ffe6c0(0000) GS:ffff8881256ca000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555753c59e8 CR3: 0000000079001000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 ext4_write_inline_data_end+0x34d/0xad0 fs/ext4/inline.c:817
 generic_perform_write+0x620/0x8f0 mm/filemap.c:4335
 ext4_buffered_write_iter+0xce/0x3a0 fs/ext4/file.c:300
 ext4_file_write_iter+0x298/0x1c10 fs/ext4/file.c:-1
 iter_file_splice_write+0x99b/0x1100 fs/splice.c:738
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x101/0x160 fs/splice.c:1161
 splice_direct_to_actor+0x53a/0xc70 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0x195/0x290 fs/splice.c:1230
 do_sendfile+0x535/0x7d0 fs/read_write.c:1372
 __do_sys_sendfile64 fs/read_write.c:1433 [inline]
 __se_sys_sendfile64+0x144/0x1a0 fs/read_write.c:1419
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f67e399bf79
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f67e2ffe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f67e3c15fa0 RCX: 00007f67e399bf79
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
RBP: 00007f67e3a327e0 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000e3aa6ea R11: 0000000000000246 R12: 0000000000000000
R13: 00007f67e3c16038 R14: 00007f67e3c15fa0 R15: 00007fff789394f8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x43c/0x440 fs/ext4/inline.c:240
Code: c1 38 c1 0f 8c 19 ff ff ff 48 89 df 49 89 d7 e8 3a 5d ac ff 4c 89 fa e9 06 ff ff ff e8 7d 31 43 ff 90 0f 0b e8 75 31 43 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f
RSP: 0018:ffffc900041bf3a8 EFLAGS: 00010293

RAX: ffffffff8281434b RBX: 0000000000003000 RCX: ffff88802ab8dac0
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000003000
RBP: ffff888072ee11a2 R08: ffff88805b996387 R09: 1ffff1100b732c70
R10: dffffc0000000000 R11: ffffed100b732c71 R12: 000000000000003c
R13: ffffc900041bf460 R14: 0000000000002000 R15: ffff888072ee0c38
FS:  00007f67e2ffe6c0(0000) GS:ffff8881256ca000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa159255000 CR3: 0000000079001000 CR4: 0000000000350ef0


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.