Warning: Permanently added '10.128.1.181' (ED25519) to the list of known hosts. 1970/01/01 00:00:26 parsed 1 programs [ 27.480946][ T4325] cgroup: Unknown subsys name 'net' [ 27.794188][ T4325] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.078164][ T4325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 33.382050][ T4346] chnl_net:caif_netlink_parms(): no params data found [ 33.400900][ T4346] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.402273][ T4346] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.403730][ T4346] device bridge_slave_0 entered promiscuous mode [ 33.406162][ T4346] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.407352][ T4346] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.408785][ T4346] device bridge_slave_1 entered promiscuous mode [ 33.416682][ T4346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.419071][ T4346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.427579][ T4346] team0: Port device team_slave_0 added [ 33.429798][ T4346] team0: Port device team_slave_1 added [ 33.435647][ T4346] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.436674][ T4346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.440420][ T4346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.443099][ T4346] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.444198][ T4346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.448127][ T4346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.493049][ T4346] device hsr_slave_0 entered promiscuous mode [ 33.551935][ T4346] device hsr_slave_1 entered promiscuous mode [ 33.625472][ T4346] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 33.644914][ T4346] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 33.694486][ T4346] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 33.744393][ T4346] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 33.800791][ T4346] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.802107][ T4346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.803595][ T4346] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.804763][ T4346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.820751][ T4346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.825144][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.827651][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.829550][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.831269][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 33.836388][ T4346] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.839465][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.841075][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.842184][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.846526][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.848015][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.849083][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.856511][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.858132][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 33.860960][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.864703][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.867541][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.869913][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 33.920565][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.921916][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.925109][ T4346] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.930679][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.939156][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.940964][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.942598][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.995831][ T4346] device veth0_vlan entered promiscuous mode [ 33.999219][ T4346] device veth1_vlan entered promiscuous mode [ 34.006154][ T4346] device veth0_macvtap entered promiscuous mode [ 34.008265][ T4346] device veth1_macvtap entered promiscuous mode [ 34.012853][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 34.014371][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 34.016045][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.017534][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 34.020718][ T4346] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.023850][ T4346] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.025344][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.027040][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.029575][ T4346] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.031005][ T4346] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.033559][ T4346] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.034999][ T4346] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.651034][ T4396] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 34.653635][ T4396] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 34.654955][ T4396] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 34.656593][ T4396] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 34.657925][ T4396] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 34.659137][ T4396] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 34.914980][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.916292][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.918048][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 34.925793][ T248] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.927074][ T248] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.928894][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.285903][ T1875] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:35 executed programs: 0 [ 35.416165][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 35.417608][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 35.418886][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 35.420442][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 35.422800][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 35.424009][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 35.470408][ T4416] chnl_net:caif_netlink_parms(): no params data found [ 35.485182][ T4416] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.486322][ T4416] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.487812][ T4416] device bridge_slave_0 entered promiscuous mode [ 35.489779][ T4416] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.490827][ T4416] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.492443][ T4416] device bridge_slave_1 entered promiscuous mode [ 35.499575][ T4416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.501993][ T4416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.508540][ T4416] team0: Port device team_slave_0 added [ 35.511061][ T4416] team0: Port device team_slave_1 added [ 35.517357][ T4416] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.518521][ T4416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.522489][ T4416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.524947][ T4416] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.526054][ T4416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.529914][ T4416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.572973][ T4416] device hsr_slave_0 entered promiscuous mode [ 35.611868][ T4416] device hsr_slave_1 entered promiscuous mode [ 35.661871][ T4416] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 35.663105][ T4416] Cannot create hsr debugfs directory [ 37.242949][ T1875] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.451973][ T4396] Bluetooth: hci0: command 0x0409 tx timeout [ 39.532282][ T4396] Bluetooth: hci0: command 0x041b tx timeout [ 39.572890][ T1875] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.653815][ T1875] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.597165][ T4416] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 40.634054][ T4416] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 40.684442][ T4416] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 40.723782][ T4416] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 40.903329][ T4416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.906589][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.908173][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.911045][ T4416] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.913730][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.915331][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.916712][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.917898][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.919707][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.984021][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.985586][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.987011][ T248] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.988132][ T248] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.990494][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 40.993436][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 40.996019][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 40.997827][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.999332][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 41.002709][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 41.004404][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.007077][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.008620][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.011003][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.012976][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.015754][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.087836][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.089184][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.092391][ T4416] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.168164][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.169826][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.175316][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 41.177010][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.178436][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.179805][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.182115][ T4416] device veth0_vlan entered promiscuous mode [ 41.185566][ T4416] device veth1_vlan entered promiscuous mode [ 41.191302][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 41.193024][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 41.194523][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.195866][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.198194][ T4416] device veth0_macvtap entered promiscuous mode [ 41.200332][ T4416] device veth1_macvtap entered promiscuous mode [ 41.205068][ T4416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.206791][ T4416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.208682][ T4416] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.243351][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.244879][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.246227][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.247746][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.250428][ T4416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.252168][ T4416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.254272][ T4416] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.255510][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.257190][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.259500][ T4416] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.260913][ T4416] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.262353][ T4416] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.263666][ T4416] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.283408][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.287367][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.289632][ T248] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 41.333429][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.334969][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.336837][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 41.395061][ T4488] loop0: detected capacity change from 0 to 512 [ 41.415180][ T4488] [ 41.415626][ T4488] ====================================================== [ 41.416744][ T4488] WARNING: possible circular locking dependency detected [ 41.417893][ T4488] syzkaller #0 Not tainted [ 41.418565][ T4488] ------------------------------------------------------ [ 41.419645][ T4488] syz.0.17/4488 is trying to acquire lock: [ 41.420520][ T4488] ffff0000d16e8b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 41.422039][ T4488] [ 41.422039][ T4488] but task is already holding lock: [ 41.423214][ T4488] ffff0000e5223cf8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 41.424731][ T4488] [ 41.424731][ T4488] which lock already depends on the new lock. [ 41.424731][ T4488] [ 41.426419][ T4488] [ 41.426419][ T4488] the existing dependency chain (in reverse order) is: [ 41.427785][ T4488] [ 41.427785][ T4488] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 41.429013][ T4488] down_read+0x64/0x304 [ 41.429797][ T4488] ext4_setattr+0x7c4/0x150c [ 41.430538][ T4488] notify_change+0xb0c/0xdcc [ 41.431285][ T4488] chown_common+0x414/0x574 [ 41.432019][ T4488] do_fchownat+0x158/0x268 [ 41.432743][ T4488] __arm64_sys_fchownat+0xb8/0xd4 [ 41.433712][ T4488] invoke_syscall+0x98/0x2bc [ 41.434527][ T4488] el0_svc_common+0x138/0x258 [ 41.435455][ T4488] do_el0_svc+0x58/0x13c [ 41.436270][ T4488] el0_svc+0x58/0x138 [ 41.436997][ T4488] el0t_64_sync_handler+0x84/0xf0 [ 41.437940][ T4488] el0t_64_sync+0x18c/0x190 [ 41.438764][ T4488] [ 41.438764][ T4488] -> #1 (jbd2_handle){++++}-{0:0}: [ 41.439906][ T4488] start_this_handle+0xfe0/0x122c [ 41.440785][ T4488] jbd2__journal_start+0x288/0x51c [ 41.441631][ T4488] __ext4_journal_start_sb+0x2fc/0x674 [ 41.442619][ T4488] ext4_writepages+0xa28/0x284c [ 41.443449][ T4488] do_writepages+0x2c0/0x4fc [ 41.444225][ T4488] __writeback_single_inode+0x164/0x157c [ 41.445144][ T4488] writeback_sb_inodes+0x824/0x1404 [ 41.446010][ T4488] __writeback_inodes_wb+0x110/0x394 [ 41.446862][ T4488] wb_writeback+0x414/0xfb0 [ 41.447648][ T4488] wb_workfn+0xac0/0xd98 [ 41.448405][ T4488] process_one_work+0x7f4/0x13a8 [ 41.449240][ T4488] worker_thread+0x8c8/0xfbc [ 41.449973][ T4488] kthread+0x250/0x2d8 [ 41.450633][ T4488] ret_from_fork+0x10/0x20 [ 41.451330][ T4488] [ 41.451330][ T4488] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 41.452504][ T4488] __lock_acquire+0x293c/0x6544 [ 41.453348][ T4488] lock_acquire+0x20c/0x644 [ 41.454102][ T4488] percpu_down_read+0x70/0x2a8 [ 41.454894][ T4488] ext4_writepages+0x188/0x284c [ 41.455673][ T4488] do_writepages+0x2c0/0x4fc [ 41.456495][ T4488] __writeback_single_inode+0x164/0x157c [ 41.457481][ T4488] writeback_single_inode+0x1c0/0x720 [ 41.458376][ T4488] write_inode_now+0x144/0x1b0 [ 41.459178][ T4488] iput+0x5cc/0x7f4 [ 41.459882][ T4488] ext4_xattr_block_set+0x17a4/0x2810 [ 41.460772][ T4488] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 41.461666][ T4488] __ext4_expand_extra_isize+0x298/0x358 [ 41.462572][ T4488] __ext4_mark_inode_dirty+0x3e4/0x790 [ 41.463520][ T4488] ext4_evict_inode+0xb58/0x1270 [ 41.464379][ T4488] evict+0x3c8/0x810 [ 41.465031][ T4488] iput+0x764/0x7f4 [ 41.465644][ T4488] ext4_process_orphan+0x240/0x2b4 [ 41.466523][ T4488] ext4_orphan_cleanup+0x908/0x104c [ 41.467472][ T4488] ext4_fill_super+0x6440/0x68a8 [ 41.468284][ T4488] get_tree_bdev+0x358/0x544 [ 41.469075][ T4488] ext4_get_tree+0x28/0x38 [ 41.469778][ T4488] vfs_get_tree+0x90/0x274 [ 41.470490][ T4488] do_new_mount+0x228/0x810 [ 41.471270][ T4488] path_mount+0x5b4/0xe78 [ 41.472022][ T4488] __arm64_sys_mount+0x49c/0x584 [ 41.472895][ T4488] invoke_syscall+0x98/0x2bc [ 41.473688][ T4488] el0_svc_common+0x138/0x258 [ 41.474543][ T4488] do_el0_svc+0x58/0x13c [ 41.475285][ T4488] el0_svc+0x58/0x138 [ 41.475907][ T4488] el0t_64_sync_handler+0x84/0xf0 [ 41.476763][ T4488] el0t_64_sync+0x18c/0x190 [ 41.477459][ T4488] [ 41.477459][ T4488] other info that might help us debug this: [ 41.477459][ T4488] [ 41.478889][ T4488] Chain exists of: [ 41.478889][ T4488] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 41.478889][ T4488] [ 41.480782][ T4488] Possible unsafe locking scenario: [ 41.480782][ T4488] [ 41.481921][ T4488] CPU0 CPU1 [ 41.482729][ T4488] ---- ---- [ 41.483500][ T4488] lock(&ei->xattr_sem); [ 41.484138][ T4488] lock(jbd2_handle); [ 41.485199][ T4488] lock(&ei->xattr_sem); [ 41.486259][ T4488] lock(&sbi->s_writepages_rwsem); [ 41.487006][ T4488] [ 41.487006][ T4488] *** DEADLOCK *** [ 41.487006][ T4488] [ 41.488153][ T4488] 3 locks held by syz.0.17/4488: [ 41.488858][ T4488] #0: ffff0000eb5860e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 41.490395][ T4488] #1: ffff0000eb586650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 41.491737][ T4488] #2: ffff0000e5223cf8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 41.493302][ T4488] [ 41.493302][ T4488] stack backtrace: [ 41.494158][ T4488] CPU: 0 PID: 4488 Comm: syz.0.17 Not tainted syzkaller #0 [ 41.495262][ T4488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 41.496838][ T4488] Call trace: [ 41.497344][ T4488] dump_backtrace+0x1c8/0x1f4 [ 41.498087][ T4488] show_stack+0x2c/0x3c [ 41.498761][ T4488] __dump_stack+0x30/0x40 [ 41.499426][ T4488] dump_stack_lvl+0xf8/0x160 [ 41.500191][ T4488] dump_stack+0x1c/0x5c [ 41.500900][ T4488] print_circular_bug+0x148/0x1b0 [ 41.501706][ T4488] check_noncircular+0x240/0x2d4 [ 41.502531][ T4488] __lock_acquire+0x293c/0x6544 [ 41.503286][ T4488] lock_acquire+0x20c/0x644 [ 41.503978][ T4488] percpu_down_read+0x70/0x2a8 [ 41.504711][ T4488] ext4_writepages+0x188/0x284c [ 41.505449][ T4488] do_writepages+0x2c0/0x4fc [ 41.506190][ T4488] __writeback_single_inode+0x164/0x157c [ 41.507083][ T4488] writeback_single_inode+0x1c0/0x720 [ 41.507934][ T4488] write_inode_now+0x144/0x1b0 [ 41.508647][ T4488] iput+0x5cc/0x7f4 [ 41.509217][ T4488] ext4_xattr_block_set+0x17a4/0x2810 [ 41.509949][ T4488] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 41.510846][ T4488] __ext4_expand_extra_isize+0x298/0x358 [ 41.511696][ T4488] __ext4_mark_inode_dirty+0x3e4/0x790 [ 41.512487][ T4488] ext4_evict_inode+0xb58/0x1270 [ 41.513252][ T4488] evict+0x3c8/0x810 [ 41.513886][ T4488] iput+0x764/0x7f4 [ 41.514464][ T4488] ext4_process_orphan+0x240/0x2b4 [ 41.515240][ T4488] ext4_orphan_cleanup+0x908/0x104c [ 41.516043][ T4488] ext4_fill_super+0x6440/0x68a8 [ 41.516837][ T4488] get_tree_bdev+0x358/0x544 [ 41.517543][ T4488] ext4_get_tree+0x28/0x38 [ 41.518216][ T4488] vfs_get_tree+0x90/0x274 [ 41.518843][ T4488] do_new_mount+0x228/0x810 [ 41.519524][ T4488] path_mount+0x5b4/0xe78 [ 41.520157][ T4488] __arm64_sys_mount+0x49c/0x584 [ 41.520889][ T4488] invoke_syscall+0x98/0x2bc [ 41.521550][ T4488] el0_svc_common+0x138/0x258 [ 41.522245][ T4488] do_el0_svc+0x58/0x13c [ 41.522853][ T4488] el0_svc+0x58/0x138 [ 41.523402][ T4488] el0t_64_sync_handler+0x84/0xf0 [ 41.524125][ T4488] el0t_64_sync+0x18c/0x190 [ 41.527224][ T4488] ------------[ cut here ]------------ [ 41.528058][ T4488] EA inode 11 i_nlink=2 [ 41.528125][ T4488] WARNING: CPU: 0 PID: 4488 at fs/ext4/xattr.c:1022 ext4_xattr_inode_update_ref+0x42c/0x470 [ 41.530173][ T4488] Modules linked in: [ 41.530773][ T4488] CPU: 0 PID: 4488 Comm: syz.0.17 Not tainted syzkaller #0 [ 41.531827][ T4488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 41.533316][ T4488] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 41.534501][ T4488] pc : ext4_xattr_inode_update_ref+0x42c/0x470 [ 41.535413][ T4488] lr : ext4_xattr_inode_update_ref+0x42c/0x470 [ 41.536321][ T4488] sp : ffff8000214e6e00 [ 41.536947][ T4488] x29: ffff8000214e6ea0 x28: 0000000000000000 x27: dfff800000000000 [ 41.538053][ T4488] x26: 1fffe0001ca44bde x25: ffff70000429cdc4 x24: 0000000000000000 [ 41.539267][ T4488] x23: ffff800017a15000 x22: ffff0000e5225d38 x21: 0000000000000002 [ 41.540476][ T4488] x20: 0000000000000001 x19: ffff0000e5225cf8 x18: ffff800011a5bd40 [ 41.541641][ T4488] x17: 0000000000000000 x16: ffff800008042d90 x15: 0000000000000000 [ 41.542811][ T4488] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 41.543995][ T4488] x11: ff008000081924a8 x10: 0000000000000000 x9 : cb07ddf078311300 [ 41.545226][ T4488] x8 : cb07ddf078311300 x7 : 0000000000000001 x6 : 0000000000000001 [ 41.546474][ T4488] x5 : ffff8000214e6898 x4 : ffff800015134e00 x3 : ffff80000852f9b8 [ 41.547621][ T4488] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 41.548842][ T4488] Call trace: [ 41.549331][ T4488] ext4_xattr_inode_update_ref+0x42c/0x470 [ 41.550191][ T4488] ext4_xattr_set_entry+0x918/0x15ac [ 41.550957][ T4488] ext4_xattr_ibody_set+0x204/0x600 [ 41.551775][ T4488] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 41.552688][ T4488] __ext4_expand_extra_isize+0x298/0x358 [ 41.553582][ T4488] __ext4_mark_inode_dirty+0x3e4/0x790 [ 41.554442][ T4488] ext4_evict_inode+0xb58/0x1270 [ 41.555188][ T4488] evict+0x3c8/0x810 [ 41.555743][ T4488] iput+0x764/0x7f4 [ 41.556340][ T4488] ext4_process_orphan+0x240/0x2b4 [ 41.557132][ T4488] ext4_orphan_cleanup+0x908/0x104c [ 41.557947][ T4488] ext4_fill_super+0x6440/0x68a8 [ 41.558674][ T4488] get_tree_bdev+0x358/0x544 [ 41.559382][ T4488] ext4_get_tree+0x28/0x38 [ 41.560043][ T4488] vfs_get_tree+0x90/0x274 [ 41.560705][ T4488] do_new_mount+0x228/0x810 [ 41.561346][ T4488] path_mount+0x5b4/0xe78 [ 41.561958][ T4488] __arm64_sys_mount+0x49c/0x584 [ 41.562727][ T4488] invoke_syscall+0x98/0x2bc [ 41.563378][ T4488] el0_svc_common+0x138/0x258 [ 41.564071][ T4488] do_el0_svc+0x58/0x13c [ 41.564712][ T4488] el0_svc+0x58/0x138 [ 41.565247][ T4488] el0t_64_sync_handler+0x84/0xf0 [ 41.565954][ T4488] el0t_64_sync+0x18c/0x190 [ 41.566595][ T4488] irq event stamp: 4327 [ 41.567209][ T4488] hardirqs last enabled at (4327): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 41.568668][ T4488] hardirqs last disabled at (4326): [] _raw_spin_lock_irqsave+0xa4/0xb4 [ 41.570146][ T4488] softirqs last enabled at (1328): [] local_bh_enable+0x10/0x34 [ 41.571566][ T4488] softirqs last disabled at (1326): [] local_bh_disable+0x10/0x34 [ 41.573053][ T4488] ---[ end trace 0000000000000000 ]--- [ 41.574567][ T4488] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 41.576712][ T4488] EXT4-fs (loop0): Remounting filesystem read-only [ 41.577656][ T4488] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 41.579520][ T4488] EXT4-fs (loop0): Remounting filesystem read-only [ 41.580499][ T4488] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 41.584241][ T4488] EXT4-fs (loop0): Remounting filesystem read-only [ 41.585297][ T4488] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 41.587431][ T4488] EXT4-fs (loop0): Remounting filesystem read-only [ 41.588502][ T4488] EXT4-fs (loop0): 1 orphan inode deleted [ 41.589376][ T4488] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. SYZFAIL: failed to recv rpc [ 41.597632][ T4416] EXT4-fs (loop0): unmounting filesystem. [ 41.611894][ T47] Bluetooth: hci0: command 0x040f tx timeout