Warning: Permanently added '10.128.1.124' (ED25519) to the list of known hosts. 1970/01/01 00:00:25 parsed 1 programs [ 26.463724][ T4325] cgroup: Unknown subsys name 'net' [ 26.746337][ T4325] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 27.017368][ T4325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 30.701672][ T264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.702954][ T264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.705415][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 30.712385][ T251] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.713572][ T251] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.715212][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 31.361110][ T4370] chnl_net:caif_netlink_parms(): no params data found [ 31.379057][ T4370] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.380279][ T4370] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.381823][ T4370] device bridge_slave_0 entered promiscuous mode [ 31.384906][ T4370] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.386013][ T4370] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.387407][ T4370] device bridge_slave_1 entered promiscuous mode [ 31.394443][ T4370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.396577][ T4370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.403658][ T4370] team0: Port device team_slave_0 added [ 31.405413][ T4370] team0: Port device team_slave_1 added [ 31.411036][ T4370] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.412207][ T4370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.416048][ T4370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.418554][ T4370] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.419636][ T4370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.423563][ T4370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.445193][ T4370] device hsr_slave_0 entered promiscuous mode [ 31.494036][ T4370] device hsr_slave_1 entered promiscuous mode [ 31.566638][ T4370] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 31.585067][ T4370] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 31.625590][ T4370] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 31.666212][ T4370] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 31.730920][ T4370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.734820][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 31.736424][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.739235][ T4370] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.741524][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.743128][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.745626][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.746846][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.748722][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 31.751267][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.752865][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.754925][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.756057][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.759177][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 31.761764][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 31.765181][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 31.766859][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.768625][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 31.770685][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 31.772723][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.777387][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 31.779057][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.781555][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 31.783099][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.786931][ T4370] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 31.837267][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 31.838616][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 31.842269][ T4370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.849492][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 31.851218][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.865623][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 31.867171][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.869528][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.870923][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.872624][ T4370] device veth0_vlan entered promiscuous mode [ 31.876579][ T4370] device veth1_vlan entered promiscuous mode [ 31.882360][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 31.885164][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 31.886651][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 31.888078][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.899838][ T4370] device veth0_macvtap entered promiscuous mode [ 31.902291][ T4370] device veth1_macvtap entered promiscuous mode [ 31.907450][ T4370] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.908779][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 31.910266][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 31.911589][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.913019][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.916410][ T4370] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.917500][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.919352][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.921841][ T4370] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.923240][ T4370] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.924913][ T4370] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.926227][ T4370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.208120][ T4424] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 32.209753][ T4424] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 32.211056][ T4424] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 32.212529][ T4424] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 32.214586][ T4424] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 32.215761][ T4424] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:00:32 executed programs: 0 [ 32.443225][ T47] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 32.445370][ T47] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 32.446770][ T47] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 32.449779][ T47] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 32.451149][ T47] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 32.452301][ T47] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 32.757071][ T4433] chnl_net:caif_netlink_parms(): no params data found [ 32.814784][ T4433] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.816002][ T4433] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.817516][ T4433] device bridge_slave_0 entered promiscuous mode [ 32.819175][ T4433] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.820201][ T4433] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.821533][ T4433] device bridge_slave_1 entered promiscuous mode [ 32.828829][ T4433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.831118][ T4433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 32.838039][ T4433] team0: Port device team_slave_0 added [ 32.839696][ T4433] team0: Port device team_slave_1 added [ 33.166366][ T4433] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.167465][ T4433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.171343][ T4433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.178791][ T4433] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.179906][ T4433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.183508][ T4433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.225749][ T4433] device hsr_slave_0 entered promiscuous mode [ 33.265027][ T4433] device hsr_slave_1 entered promiscuous mode [ 33.313926][ T4433] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 33.315201][ T4433] Cannot create hsr debugfs directory [ 33.545093][ T4433] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.474063][ T47] Bluetooth: hci1: command 0x0409 tx timeout [ 36.553827][ T4424] Bluetooth: hci1: command 0x041b tx timeout [ 36.944942][ T4433] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.636442][ T4433] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.745757][ T4433] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.925801][ T4433] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.055782][ T4433] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.095015][ T4433] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.195510][ T4433] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.316904][ T4433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.320458][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.321956][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.325294][ T4433] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.327672][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.329227][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.330621][ T264] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.331745][ T264] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.333531][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.376615][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.378149][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.379580][ T251] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.380924][ T251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.383444][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 38.386234][ T251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 38.389179][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 38.391223][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.392769][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 38.395598][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 38.397250][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.399660][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.401086][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.403424][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.405682][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.467144][ T4433] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 38.547798][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 38.549007][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 38.551645][ T4433] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.557453][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.558994][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.564720][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 38.566266][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.567787][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.569149][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.571163][ T4433] device veth0_vlan entered promiscuous mode [ 38.574582][ T4433] device veth1_vlan entered promiscuous mode [ 38.580325][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 38.581716][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 38.583074][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 38.585123][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.587470][ T4433] device veth0_macvtap entered promiscuous mode [ 38.589623][ T4433] device veth1_macvtap entered promiscuous mode [ 38.643909][ T4424] Bluetooth: hci1: command 0x040f tx timeout [ 38.647993][ T4433] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.649575][ T4433] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.651481][ T4433] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.653102][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 38.654724][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 38.656208][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 38.657621][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.659742][ T4433] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.661349][ T4433] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.663287][ T4433] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.666147][ T4433] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.667572][ T4433] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.668902][ T4433] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.670270][ T4433] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.672166][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 38.673730][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.690501][ T11] device hsr_slave_0 left promiscuous mode [ 38.724265][ T11] device hsr_slave_1 left promiscuous mode [ 38.813916][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 38.815150][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 38.816836][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 38.818010][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 38.819859][ T11] device bridge_slave_1 left promiscuous mode [ 38.821041][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.854520][ T11] device bridge_slave_0 left promiscuous mode [ 38.855627][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.984413][ T11] device veth1_macvtap left promiscuous mode [ 38.985356][ T11] device veth0_macvtap left promiscuous mode [ 38.986297][ T11] device veth1_vlan left promiscuous mode [ 38.987213][ T11] device veth0_vlan left promiscuous mode [ 40.713829][ T47] Bluetooth: hci1: command 0x0419 tx timeout [ 40.805544][ T11] team0 (unregistering): Port device team_slave_1 removed [ 40.994405][ T11] team0 (unregistering): Port device team_slave_0 removed [ 41.174203][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 41.414219][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 43.864712][ T11] bond0 (unregistering): Released all slaves [ 44.120019][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.121411][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.123039][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.123501][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.125864][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.128397][ T264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 44.175363][ T4463] loop0: detected capacity change from 0 to 512 [ 44.193520][ T4463] [ 44.193940][ T4463] ====================================================== [ 44.194974][ T4463] WARNING: possible circular locking dependency detected [ 44.195954][ T4463] syzkaller #0 Not tainted [ 44.196608][ T4463] ------------------------------------------------------ [ 44.197684][ T4463] syz.0.17/4463 is trying to acquire lock: [ 44.198515][ T4463] ffff0000d3f42b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 44.200203][ T4463] [ 44.200203][ T4463] but task is already holding lock: [ 44.201288][ T4463] ffff0000e56e0ad0 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 44.202611][ T4463] [ 44.202611][ T4463] which lock already depends on the new lock. [ 44.202611][ T4463] [ 44.204171][ T4463] [ 44.204171][ T4463] the existing dependency chain (in reverse order) is: [ 44.205450][ T4463] [ 44.205450][ T4463] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 44.206616][ T4463] down_read+0x64/0x304 [ 44.207310][ T4463] ext4_setattr+0x7c4/0x150c [ 44.208070][ T4463] notify_change+0xb0c/0xdcc [ 44.208832][ T4463] chown_common+0x414/0x574 [ 44.209590][ T4463] do_fchownat+0x158/0x268 [ 44.210321][ T4463] __arm64_sys_fchownat+0xb8/0xd4 [ 44.211147][ T4463] invoke_syscall+0x98/0x2bc [ 44.211924][ T4463] el0_svc_common+0x138/0x258 [ 44.212724][ T4463] do_el0_svc+0x58/0x13c [ 44.213470][ T4463] el0_svc+0x58/0x138 [ 44.214111][ T4463] el0t_64_sync_handler+0x84/0xf0 [ 44.214881][ T4463] el0t_64_sync+0x18c/0x190 [ 44.215635][ T4463] [ 44.215635][ T4463] -> #1 (jbd2_handle){.+.+}-{0:0}: [ 44.216669][ T4463] start_this_handle+0xfe0/0x122c [ 44.217505][ T4463] jbd2__journal_start+0x288/0x51c [ 44.218361][ T4463] __ext4_journal_start_sb+0x2fc/0x674 [ 44.219213][ T4463] ext4_writepages+0xa28/0x284c [ 44.220012][ T4463] do_writepages+0x2c0/0x4fc [ 44.220748][ T4463] __writeback_single_inode+0x164/0x157c [ 44.221634][ T4463] writeback_sb_inodes+0x824/0x1404 [ 44.222452][ T4463] __writeback_inodes_wb+0x110/0x394 [ 44.223262][ T4463] wb_writeback+0x414/0xfb0 [ 44.224025][ T4463] wb_workfn+0xac0/0xd98 [ 44.224725][ T4463] process_one_work+0x7f4/0x13a8 [ 44.225499][ T4463] worker_thread+0x8c8/0xfbc [ 44.226194][ T4463] kthread+0x250/0x2d8 [ 44.226943][ T4463] ret_from_fork+0x10/0x20 [ 44.227818][ T4463] [ 44.227818][ T4463] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 44.229131][ T4463] __lock_acquire+0x293c/0x6544 [ 44.229916][ T4463] lock_acquire+0x20c/0x644 [ 44.230673][ T4463] percpu_down_read+0x70/0x2a8 [ 44.231452][ T4463] ext4_writepages+0x188/0x284c [ 44.232237][ T4463] do_writepages+0x2c0/0x4fc [ 44.233030][ T4463] __writeback_single_inode+0x164/0x157c [ 44.233913][ T4463] writeback_single_inode+0x1c0/0x720 [ 44.234782][ T4463] write_inode_now+0x144/0x1b0 [ 44.235550][ T4463] iput+0x5cc/0x7f4 [ 44.236237][ T4463] ext4_xattr_block_set+0x17a4/0x2810 [ 44.237058][ T4463] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 44.238024][ T4463] __ext4_expand_extra_isize+0x298/0x358 [ 44.238914][ T4463] __ext4_mark_inode_dirty+0x3e4/0x790 [ 44.239751][ T4463] ext4_evict_inode+0xb58/0x1270 [ 44.240630][ T4463] evict+0x3c8/0x810 [ 44.241393][ T4463] iput+0x764/0x7f4 [ 44.242035][ T4463] ext4_process_orphan+0x240/0x2b4 [ 44.243012][ T4463] ext4_orphan_cleanup+0x908/0x104c [ 44.243939][ T4463] ext4_fill_super+0x6440/0x68a8 [ 44.244794][ T4463] get_tree_bdev+0x358/0x544 [ 44.245571][ T4463] ext4_get_tree+0x28/0x38 [ 44.246295][ T4463] vfs_get_tree+0x90/0x274 [ 44.247179][ T4463] do_new_mount+0x228/0x810 [ 44.247975][ T4463] path_mount+0x5b4/0xe78 [ 44.248740][ T4463] __arm64_sys_mount+0x49c/0x584 [ 44.249510][ T4463] invoke_syscall+0x98/0x2bc [ 44.250271][ T4463] el0_svc_common+0x138/0x258 [ 44.251013][ T4463] do_el0_svc+0x58/0x13c [ 44.251739][ T4463] el0_svc+0x58/0x138 [ 44.252498][ T4463] el0t_64_sync_handler+0x84/0xf0 [ 44.253276][ T4463] el0t_64_sync+0x18c/0x190 [ 44.253977][ T4463] [ 44.253977][ T4463] other info that might help us debug this: [ 44.253977][ T4463] [ 44.255447][ T4463] Chain exists of: [ 44.255447][ T4463] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 44.255447][ T4463] [ 44.257539][ T4463] Possible unsafe locking scenario: [ 44.257539][ T4463] [ 44.258633][ T4463] CPU0 CPU1 [ 44.259441][ T4463] ---- ---- [ 44.260269][ T4463] lock(&ei->xattr_sem); [ 44.260922][ T4463] lock(jbd2_handle); [ 44.261851][ T4463] lock(&ei->xattr_sem); [ 44.262946][ T4463] lock(&sbi->s_writepages_rwsem); [ 44.263739][ T4463] [ 44.263739][ T4463] *** DEADLOCK *** [ 44.263739][ T4463] [ 44.264907][ T4463] 3 locks held by syz.0.17/4463: [ 44.265703][ T4463] #0: ffff0000d3f400e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 44.267240][ T4463] #1: ffff0000d3f40650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 44.268833][ T4463] #2: ffff0000e56e0ad0 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 44.270463][ T4463] [ 44.270463][ T4463] stack backtrace: [ 44.271305][ T4463] CPU: 1 PID: 4463 Comm: syz.0.17 Not tainted syzkaller #0 [ 44.272427][ T4463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 44.273831][ T4463] Call trace: [ 44.274310][ T4463] dump_backtrace+0x1c8/0x1f4 [ 44.275012][ T4463] show_stack+0x2c/0x3c [ 44.275586][ T4463] __dump_stack+0x30/0x40 [ 44.276210][ T4463] dump_stack_lvl+0xf8/0x160 [ 44.276899][ T4463] dump_stack+0x1c/0x5c [ 44.277547][ T4463] print_circular_bug+0x148/0x1b0 [ 44.278232][ T4463] check_noncircular+0x240/0x2d4 [ 44.278956][ T4463] __lock_acquire+0x293c/0x6544 [ 44.279661][ T4463] lock_acquire+0x20c/0x644 [ 44.280333][ T4463] percpu_down_read+0x70/0x2a8 [ 44.281153][ T4463] ext4_writepages+0x188/0x284c [ 44.281826][ T4463] do_writepages+0x2c0/0x4fc [ 44.282505][ T4463] __writeback_single_inode+0x164/0x157c [ 44.283292][ T4463] writeback_single_inode+0x1c0/0x720 [ 44.284068][ T4463] write_inode_now+0x144/0x1b0 [ 44.284747][ T4463] iput+0x5cc/0x7f4 [ 44.285267][ T4463] ext4_xattr_block_set+0x17a4/0x2810 [ 44.286032][ T4463] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 44.286873][ T4463] __ext4_expand_extra_isize+0x298/0x358 [ 44.287666][ T4463] __ext4_mark_inode_dirty+0x3e4/0x790 [ 44.288445][ T4463] ext4_evict_inode+0xb58/0x1270 [ 44.289194][ T4463] evict+0x3c8/0x810 [ 44.289788][ T4463] iput+0x764/0x7f4 [ 44.290367][ T4463] ext4_process_orphan+0x240/0x2b4 [ 44.291082][ T4463] ext4_orphan_cleanup+0x908/0x104c [ 44.291802][ T4463] ext4_fill_super+0x6440/0x68a8 [ 44.292502][ T4463] get_tree_bdev+0x358/0x544 [ 44.293132][ T4463] ext4_get_tree+0x28/0x38 [ 44.293702][ T4463] vfs_get_tree+0x90/0x274 [ 44.294354][ T4463] do_new_mount+0x228/0x810 [ 44.294996][ T4463] path_mount+0x5b4/0xe78 [ 44.295635][ T4463] __arm64_sys_mount+0x49c/0x584 [ 44.296389][ T4463] invoke_syscall+0x98/0x2bc [ 44.297058][ T4463] el0_svc_common+0x138/0x258 [ 44.297803][ T4463] do_el0_svc+0x58/0x13c [ 44.298418][ T4463] el0_svc+0x58/0x138 [ 44.298986][ T4463] el0t_64_sync_handler+0x84/0xf0 [ 44.299702][ T4463] el0t_64_sync+0x18c/0x190 [ 44.301649][ T4463] ------------[ cut here ]------------ [ 44.302544][ T4463] EA inode 11 i_nlink=2 [ 44.302617][ T4463] WARNING: CPU: 0 PID: 4463 at fs/ext4/xattr.c:1022 ext4_xattr_inode_update_ref+0x42c/0x470 [ 44.304927][ T4463] Modules linked in: [ 44.305572][ T4463] CPU: 0 PID: 4463 Comm: syz.0.17 Not tainted syzkaller #0 [ 44.306699][ T4463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 44.308167][ T4463] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 44.309373][ T4463] pc : ext4_xattr_inode_update_ref+0x42c/0x470 [ 44.310363][ T4463] lr : ext4_xattr_inode_update_ref+0x42c/0x470 [ 44.311295][ T4463] sp : ffff800020896e00 [ 44.311930][ T4463] x29: ffff800020896ea0 x28: 0000000000000000 x27: dfff800000000000 [ 44.313213][ T4463] x26: 1fffe0001cac4a9d x25: ffff700004112dc4 x24: 0000000000000000 [ 44.314419][ T4463] x23: ffff800017a15000 x22: ffff0000e5625330 x21: 0000000000000002 [ 44.315634][ T4463] x20: 0000000000000001 x19: ffff0000e56252f0 x18: ffff800011a5bd40 [ 44.316862][ T4463] x17: 0000000000000000 x16: ffff800008042d90 x15: 0000000000000000 [ 44.318085][ T4463] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 44.319300][ T4463] x11: ff008000081924a8 x10: 0000000000000000 x9 : 0eae1cd93da5aa00 [ 44.320481][ T4463] x8 : 0eae1cd93da5aa00 x7 : 0000000000000001 x6 : 0000000000000001 [ 44.321725][ T4463] x5 : ffff800020896898 x4 : ffff800015134e00 x3 : ffff800008313428 [ 44.323003][ T4463] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 44.324265][ T4463] Call trace: [ 44.324764][ T4463] ext4_xattr_inode_update_ref+0x42c/0x470 [ 44.325632][ T4463] ext4_xattr_set_entry+0x918/0x15ac [ 44.326457][ T4463] ext4_xattr_ibody_set+0x204/0x600 [ 44.327234][ T4463] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 44.328143][ T4463] __ext4_expand_extra_isize+0x298/0x358 [ 44.329004][ T4463] __ext4_mark_inode_dirty+0x3e4/0x790 [ 44.329852][ T4463] ext4_evict_inode+0xb58/0x1270 [ 44.330602][ T4463] evict+0x3c8/0x810 [ 44.331140][ T4463] iput+0x764/0x7f4 [ 44.331706][ T4463] ext4_process_orphan+0x240/0x2b4 [ 44.332488][ T4463] ext4_orphan_cleanup+0x908/0x104c [ 44.333300][ T4463] ext4_fill_super+0x6440/0x68a8 [ 44.334085][ T4463] get_tree_bdev+0x358/0x544 [ 44.334797][ T4463] ext4_get_tree+0x28/0x38 [ 44.335447][ T4463] vfs_get_tree+0x90/0x274 [ 44.336134][ T4463] do_new_mount+0x228/0x810 [ 44.336920][ T4463] path_mount+0x5b4/0xe78 [ 44.337540][ T4463] __arm64_sys_mount+0x49c/0x584 [ 44.338333][ T4463] invoke_syscall+0x98/0x2bc [ 44.339075][ T4463] el0_svc_common+0x138/0x258 [ 44.339752][ T4463] do_el0_svc+0x58/0x13c [ 44.340344][ T4463] el0_svc+0x58/0x138 [ 44.340958][ T4463] el0t_64_sync_handler+0x84/0xf0 [ 44.341710][ T4463] el0t_64_sync+0x18c/0x190 [ 44.342469][ T4463] irq event stamp: 4219 [ 44.343092][ T4463] hardirqs last enabled at (4219): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 44.344515][ T4463] hardirqs last disabled at (4218): [] _raw_spin_lock_irqsave+0xa4/0xb4 [ 44.346028][ T4463] softirqs last enabled at (1926): [] handle_softirqs+0xaf8/0xc6c [ 44.347444][ T4463] softirqs last disabled at (1909): [] __do_softirq+0x14/0x20 [ 44.348774][ T4463] ---[ end trace 0000000000000000 ]--- [ 44.350529][ T4463] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 44.352743][ T4463] EXT4-fs (loop0): Remounting filesystem read-only [ 44.353740][ T4463] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 44.355763][ T4463] EXT4-fs (loop0): Remounting filesystem read-only [ 44.356789][ T4463] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 44.358891][ T4463] EXT4-fs (loop0): Remounting filesystem read-only [ 44.359894][ T4463] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 44.361869][ T4463] EXT4-fs (loop0): Remounting filesystem read-only [ 44.362902][ T4463] EXT4-fs (loop0): 1 orphan inode deleted [ 44.363858][ T4463] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 44.376116][ T4433] EXT4-fs (loop0): unmounting filesystem.