[ 9.184028][ T3991] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: [ 9.221295][ T1726] gvnic 0000:00:00.0 enp0s0: Device link is up. OK [ 9.230706][ T433] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.114' (ED25519) to the list of known hosts. 1970/01/01 00:00:32 parsed 1 programs syzkaller login: [ 33.897254][ T4326] cgroup: Unknown subsys name 'net' [ 34.198846][ T4326] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 34.459528][ T4326] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 39.329604][ T4352] chnl_net:caif_netlink_parms(): no params data found [ 39.347483][ T4352] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.348601][ T4352] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.350146][ T4352] device bridge_slave_0 entered promiscuous mode [ 39.352496][ T4352] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.353636][ T4352] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.355122][ T4352] device bridge_slave_1 entered promiscuous mode [ 39.362478][ T4352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.364658][ T4352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.372838][ T4352] team0: Port device team_slave_0 added [ 39.374595][ T4352] team0: Port device team_slave_1 added [ 39.382063][ T4352] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.383227][ T4352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.387235][ T4352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.389712][ T4352] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.390643][ T4352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.394256][ T4352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.456906][ T4352] device hsr_slave_0 entered promiscuous mode [ 39.506097][ T4352] device hsr_slave_1 entered promiscuous mode [ 39.580552][ T4352] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 39.607109][ T4352] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 39.657024][ T4352] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 39.718076][ T4352] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.766070][ T4352] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.767161][ T4352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.768405][ T4352] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.769449][ T4352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.786883][ T4352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.790729][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.793119][ T202] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.794731][ T202] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.797464][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 39.802575][ T4352] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.805723][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.807331][ T202] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.808333][ T202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.812487][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.813947][ T202] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.814926][ T202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.821099][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.822682][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.825437][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.828793][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.831822][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.834244][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.886941][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.888166][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.891513][ T4352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.899368][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.905351][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.908053][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.909535][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.911730][ T4352] device veth0_vlan entered promiscuous mode [ 39.914774][ T4352] device veth1_vlan entered promiscuous mode [ 39.923113][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 39.924525][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 39.926448][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.928903][ T4352] device veth0_macvtap entered promiscuous mode [ 39.931175][ T4352] device veth1_macvtap entered promiscuous mode [ 39.938120][ T4352] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.939361][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.941144][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 39.945947][ T4352] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.948455][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.950186][ T4352] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.951631][ T4352] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.952939][ T4352] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.954237][ T4352] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.057064][ T202] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.058355][ T202] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.058751][ T1726] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.060042][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 40.060516][ T1726] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.065336][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 40.447919][ T433] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.722350][ T4394] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.723794][ T4394] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.725150][ T4394] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.729224][ T4396] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.730522][ T4396] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 40.731731][ T4396] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:00:41 executed programs: 0 [ 41.238953][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 41.240558][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 41.241779][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.243365][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.244884][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 41.246249][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.293060][ T4420] chnl_net:caif_netlink_parms(): no params data found [ 41.309265][ T4420] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.310361][ T4420] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.311892][ T4420] device bridge_slave_0 entered promiscuous mode [ 41.314304][ T4420] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.315366][ T4420] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.317360][ T4420] device bridge_slave_1 entered promiscuous mode [ 41.324834][ T4420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.327874][ T4420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.334830][ T4420] team0: Port device team_slave_0 added [ 41.337023][ T4420] team0: Port device team_slave_1 added [ 41.343056][ T4420] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.344077][ T4420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.347904][ T4420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.350004][ T4420] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.351005][ T4420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.354579][ T4420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.396920][ T4420] device hsr_slave_0 entered promiscuous mode [ 41.436450][ T4420] device hsr_slave_1 entered promiscuous mode [ 41.475998][ T4420] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 41.477241][ T4420] Cannot create hsr debugfs directory [ 43.137286][ T433] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.286346][ T4396] Bluetooth: hci0: command 0x0409 tx timeout [ 45.375867][ T4396] Bluetooth: hci0: command 0x041b tx timeout [ 45.517088][ T433] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.597957][ T433] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.472212][ T4420] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.497878][ T4420] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.587594][ T4420] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.669409][ T4420] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.780590][ T4420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.784926][ T4420] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.786827][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.788223][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.830475][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.831960][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.833388][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.834473][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.835975][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.838596][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.840215][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.841548][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.842609][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.845417][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.848544][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.851139][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.852809][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.854354][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.856756][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.858239][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.860928][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.862537][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.864963][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.867477][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.869789][ T4420] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.943425][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.944726][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.948581][ T4420] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.954581][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.956874][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.962938][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.964383][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.966250][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.967629][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.970042][ T4420] device veth0_vlan entered promiscuous mode [ 46.973082][ T4420] device veth1_vlan entered promiscuous mode [ 47.033216][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 47.034814][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 47.036641][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 47.038522][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.040906][ T4420] device veth0_macvtap entered promiscuous mode [ 47.043144][ T4420] device veth1_macvtap entered promiscuous mode [ 47.047956][ T4420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.049693][ T4420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.051650][ T4420] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.052854][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 47.054311][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 47.055480][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.057165][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.059410][ T4420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.061056][ T4420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.063020][ T4420] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.064197][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.065541][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.068926][ T4420] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.070363][ T4420] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.071694][ T4420] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.072944][ T4420] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.079697][ T433] device hsr_slave_0 left promiscuous mode [ 47.126031][ T433] device hsr_slave_1 left promiscuous mode [ 47.215949][ T433] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.217161][ T433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 47.219436][ T433] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.220498][ T433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 47.221845][ T433] device bridge_slave_1 left promiscuous mode [ 47.223284][ T433] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.256826][ T433] device bridge_slave_0 left promiscuous mode [ 47.257777][ T433] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.406094][ T433] device veth1_macvtap left promiscuous mode [ 47.407137][ T433] device veth0_macvtap left promiscuous mode [ 47.408118][ T433] device veth1_vlan left promiscuous mode [ 47.409094][ T433] device veth0_vlan left promiscuous mode [ 47.445919][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 49.257557][ T433] team0 (unregistering): Port device team_slave_1 removed [ 49.437217][ T433] team0 (unregistering): Port device team_slave_0 removed [ 49.526162][ T4396] Bluetooth: hci0: command 0x0419 tx timeout [ 49.606396][ T433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 49.807173][ T433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 52.407387][ T433] bond0 (unregistering): Released all slaves [ 52.682236][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.683961][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.687454][ T202] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 52.693965][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.695189][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.699704][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 52.750615][ T4514] loop0: detected capacity change from 0 to 512 [ 52.768225][ T4514] [ 52.768632][ T4514] ====================================================== [ 52.769665][ T4514] WARNING: possible circular locking dependency detected [ 52.770646][ T4514] syzkaller #0 Not tainted [ 52.771294][ T4514] ------------------------------------------------------ [ 52.772338][ T4514] syz.0.17/4514 is trying to acquire lock: [ 52.773166][ T4514] ffff0000dd69eb98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 52.774613][ T4514] [ 52.774613][ T4514] but task is already holding lock: [ 52.775656][ T4514] ffff0000eedddb10 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 52.777093][ T4514] [ 52.777093][ T4514] which lock already depends on the new lock. [ 52.777093][ T4514] [ 52.778607][ T4514] [ 52.778607][ T4514] the existing dependency chain (in reverse order) is: [ 52.779915][ T4514] [ 52.779915][ T4514] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 52.781170][ T4514] down_read+0x64/0x304 [ 52.781931][ T4514] ext4_setattr+0x7c4/0x150c [ 52.782741][ T4514] notify_change+0xb0c/0xdcc [ 52.783524][ T4514] chown_common+0x414/0x574 [ 52.784229][ T4514] do_fchownat+0x158/0x268 [ 52.784949][ T4514] __arm64_sys_fchownat+0xb8/0xd4 [ 52.785800][ T4514] invoke_syscall+0x98/0x2bc [ 52.786567][ T4514] el0_svc_common+0x138/0x258 [ 52.787239][ T4514] do_el0_svc+0x58/0x13c [ 52.787894][ T4514] el0_svc+0x58/0x138 [ 52.788513][ T4514] el0t_64_sync_handler+0x84/0xf0 [ 52.789345][ T4514] el0t_64_sync+0x18c/0x190 [ 52.790093][ T4514] [ 52.790093][ T4514] -> #1 (jbd2_handle){++++}-{0:0}: [ 52.791191][ T4514] start_this_handle+0xfe0/0x122c [ 52.792014][ T4514] jbd2__journal_start+0x288/0x51c [ 52.792817][ T4514] __ext4_journal_start_sb+0x2fc/0x674 [ 52.793677][ T4514] ext4_writepages+0xa28/0x284c [ 52.794472][ T4514] do_writepages+0x2c0/0x4fc [ 52.795192][ T4514] __writeback_single_inode+0x164/0x157c [ 52.796186][ T4514] writeback_sb_inodes+0x824/0x1404 [ 52.797000][ T4514] __writeback_inodes_wb+0x110/0x394 [ 52.797830][ T4514] wb_writeback+0x414/0xfb0 [ 52.798582][ T4514] wb_workfn+0xac0/0xd98 [ 52.799355][ T4514] process_one_work+0x7f4/0x13a8 [ 52.800127][ T4514] worker_thread+0x8c8/0xfbc [ 52.800924][ T4514] kthread+0x250/0x2d8 [ 52.801581][ T4514] ret_from_fork+0x10/0x20 [ 52.802278][ T4514] [ 52.802278][ T4514] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 52.803540][ T4514] __lock_acquire+0x293c/0x6544 [ 52.804377][ T4514] lock_acquire+0x20c/0x644 [ 52.805099][ T4514] percpu_down_read+0x70/0x2a8 [ 52.805867][ T4514] ext4_writepages+0x188/0x284c [ 52.806641][ T4514] do_writepages+0x2c0/0x4fc [ 52.807370][ T4514] __writeback_single_inode+0x164/0x157c [ 52.808252][ T4514] writeback_single_inode+0x1c0/0x720 [ 52.809059][ T4514] write_inode_now+0x144/0x1b0 [ 52.809807][ T4514] iput+0x5cc/0x7f4 [ 52.810376][ T4514] ext4_xattr_block_set+0x17a4/0x2810 [ 52.811170][ T4514] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 52.812028][ T4514] __ext4_expand_extra_isize+0x298/0x358 [ 52.812865][ T4514] __ext4_mark_inode_dirty+0x3e4/0x790 [ 52.813698][ T4514] ext4_evict_inode+0xb58/0x1270 [ 52.814524][ T4514] evict+0x3c8/0x810 [ 52.815169][ T4514] iput+0x764/0x7f4 [ 52.815762][ T4514] ext4_process_orphan+0x240/0x2b4 [ 52.816798][ T4514] ext4_orphan_cleanup+0x908/0x104c [ 52.817705][ T4514] ext4_fill_super+0x6440/0x68a8 [ 52.818502][ T4514] get_tree_bdev+0x358/0x544 [ 52.819264][ T4514] ext4_get_tree+0x28/0x38 [ 52.819965][ T4514] vfs_get_tree+0x90/0x274 [ 52.820664][ T4514] do_new_mount+0x228/0x810 [ 52.821358][ T4514] path_mount+0x5b4/0xe78 [ 52.822048][ T4514] __arm64_sys_mount+0x49c/0x584 [ 52.822830][ T4514] invoke_syscall+0x98/0x2bc [ 52.823575][ T4514] el0_svc_common+0x138/0x258 [ 52.824344][ T4514] do_el0_svc+0x58/0x13c [ 52.824965][ T4514] el0_svc+0x58/0x138 [ 52.825608][ T4514] el0t_64_sync_handler+0x84/0xf0 [ 52.826394][ T4514] el0t_64_sync+0x18c/0x190 [ 52.827150][ T4514] [ 52.827150][ T4514] other info that might help us debug this: [ 52.827150][ T4514] [ 52.828541][ T4514] Chain exists of: [ 52.828541][ T4514] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 52.828541][ T4514] [ 52.830421][ T4514] Possible unsafe locking scenario: [ 52.830421][ T4514] [ 52.831496][ T4514] CPU0 CPU1 [ 52.832319][ T4514] ---- ---- [ 52.833091][ T4514] lock(&ei->xattr_sem); [ 52.833777][ T4514] lock(jbd2_handle); [ 52.834703][ T4514] lock(&ei->xattr_sem); [ 52.835650][ T4514] lock(&sbi->s_writepages_rwsem); [ 52.836385][ T4514] [ 52.836385][ T4514] *** DEADLOCK *** [ 52.836385][ T4514] [ 52.837519][ T4514] 3 locks held by syz.0.17/4514: [ 52.838359][ T4514] #0: ffff0000dd69c0e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 52.839821][ T4514] #1: ffff0000dd69c650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 52.841305][ T4514] #2: ffff0000eedddb10 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 52.842864][ T4514] [ 52.842864][ T4514] stack backtrace: [ 52.843746][ T4514] CPU: 1 PID: 4514 Comm: syz.0.17 Not tainted syzkaller #0 [ 52.844810][ T4514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 52.846242][ T4514] Call trace: [ 52.846688][ T4514] dump_backtrace+0x1c8/0x1f4 [ 52.847413][ T4514] show_stack+0x2c/0x3c [ 52.848012][ T4514] __dump_stack+0x30/0x40 [ 52.848657][ T4514] dump_stack_lvl+0xf8/0x160 [ 52.849313][ T4514] dump_stack+0x1c/0x5c [ 52.849882][ T4514] print_circular_bug+0x148/0x1b0 [ 52.850598][ T4514] check_noncircular+0x240/0x2d4 [ 52.851259][ T4514] __lock_acquire+0x293c/0x6544 [ 52.852012][ T4514] lock_acquire+0x20c/0x644 [ 52.852739][ T4514] percpu_down_read+0x70/0x2a8 [ 52.853508][ T4514] ext4_writepages+0x188/0x284c [ 52.854258][ T4514] do_writepages+0x2c0/0x4fc [ 52.854919][ T4514] __writeback_single_inode+0x164/0x157c [ 52.855762][ T4514] writeback_single_inode+0x1c0/0x720 [ 52.856601][ T4514] write_inode_now+0x144/0x1b0 [ 52.857325][ T4514] iput+0x5cc/0x7f4 [ 52.857918][ T4514] ext4_xattr_block_set+0x17a4/0x2810 [ 52.858709][ T4514] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 52.859592][ T4514] __ext4_expand_extra_isize+0x298/0x358 [ 52.860420][ T4514] __ext4_mark_inode_dirty+0x3e4/0x790 [ 52.861160][ T4514] ext4_evict_inode+0xb58/0x1270 [ 52.861918][ T4514] evict+0x3c8/0x810 [ 52.862504][ T4514] iput+0x764/0x7f4 [ 52.863078][ T4514] ext4_process_orphan+0x240/0x2b4 [ 52.863803][ T4514] ext4_orphan_cleanup+0x908/0x104c [ 52.864541][ T4514] ext4_fill_super+0x6440/0x68a8 [ 52.865329][ T4514] get_tree_bdev+0x358/0x544 [ 52.866042][ T4514] ext4_get_tree+0x28/0x38 [ 52.866707][ T4514] vfs_get_tree+0x90/0x274 [ 52.867447][ T4514] do_new_mount+0x228/0x810 [ 52.868153][ T4514] path_mount+0x5b4/0xe78 [ 52.868748][ T4514] __arm64_sys_mount+0x49c/0x584 [ 52.869471][ T4514] invoke_syscall+0x98/0x2bc [ 52.870149][ T4514] el0_svc_common+0x138/0x258 [ 52.870849][ T4514] do_el0_svc+0x58/0x13c [ 52.871493][ T4514] el0_svc+0x58/0x138 [ 52.872083][ T4514] el0t_64_sync_handler+0x84/0xf0 [ 52.872773][ T4514] el0t_64_sync+0x18c/0x190 [ 52.874683][ T4514] ------------[ cut here ]------------ [ 52.875487][ T4514] EA inode 11 i_nlink=2 [ 52.875552][ T4514] WARNING: CPU: 1 PID: 4514 at fs/ext4/xattr.c:1022 ext4_xattr_inode_update_ref+0x42c/0x470 [ 52.877706][ T4514] Modules linked in: [ 52.878330][ T4514] CPU: 1 PID: 4514 Comm: syz.0.17 Not tainted syzkaller #0 [ 52.879370][ T4514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 52.880806][ T4514] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 52.881876][ T4514] pc : ext4_xattr_inode_update_ref+0x42c/0x470 [ 52.882767][ T4514] lr : ext4_xattr_inode_update_ref+0x42c/0x470 [ 52.883718][ T4514] sp : ffff800021356e00 [ 52.884306][ T4514] x29: ffff800021356ea0 x28: 0000000000000000 x27: dfff800000000000 [ 52.885471][ T4514] x26: 1fffe0001bf76095 x25: ffff70000426adc4 x24: 0000000000000000 [ 52.886592][ T4514] x23: ffff800017a15000 x22: ffff0000dfbb02f0 x21: 0000000000000002 [ 52.887872][ T4514] x20: 0000000000000001 x19: ffff0000dfbb02b0 x18: ffff800011a5bd40 [ 52.889170][ T4514] x17: 0000000000000000 x16: ffff800008042d90 x15: 0000000000000000 [ 52.890393][ T4514] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 52.891542][ T4514] x11: ff008000081924a8 x10: 0000000000000000 x9 : f2386ca8dd0eae00 [ 52.892747][ T4514] x8 : f2386ca8dd0eae00 x7 : 0000000000000001 x6 : 0000000000000001 [ 52.893857][ T4514] x5 : ffff800021356898 x4 : ffff800015134e00 x3 : ffff800008313428 [ 52.894967][ T4514] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 52.896306][ T4514] Call trace: [ 52.896835][ T4514] ext4_xattr_inode_update_ref+0x42c/0x470 [ 52.897701][ T4514] ext4_xattr_set_entry+0x918/0x15ac [ 52.898488][ T4514] ext4_xattr_ibody_set+0x204/0x600 [ 52.899231][ T4514] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 52.900008][ T4514] __ext4_expand_extra_isize+0x298/0x358 [ 52.900880][ T4514] __ext4_mark_inode_dirty+0x3e4/0x790 [ 52.901751][ T4514] ext4_evict_inode+0xb58/0x1270 [ 52.902500][ T4514] evict+0x3c8/0x810 [ 52.903137][ T4514] iput+0x764/0x7f4 [ 52.903730][ T4514] ext4_process_orphan+0x240/0x2b4 [ 52.904502][ T4514] ext4_orphan_cleanup+0x908/0x104c [ 52.905252][ T4514] ext4_fill_super+0x6440/0x68a8 [ 52.906054][ T4514] get_tree_bdev+0x358/0x544 [ 52.906738][ T4514] ext4_get_tree+0x28/0x38 [ 52.907427][ T4514] vfs_get_tree+0x90/0x274 [ 52.908226][ T4514] do_new_mount+0x228/0x810 [ 52.908888][ T4514] path_mount+0x5b4/0xe78 [ 52.909480][ T4514] __arm64_sys_mount+0x49c/0x584 [ 52.910228][ T4514] invoke_syscall+0x98/0x2bc [ 52.910901][ T4514] el0_svc_common+0x138/0x258 [ 52.911553][ T4514] do_el0_svc+0x58/0x13c [ 52.912194][ T4514] el0_svc+0x58/0x138 [ 52.912809][ T4514] el0t_64_sync_handler+0x84/0xf0 [ 52.913651][ T4514] el0t_64_sync+0x18c/0x190 [ 52.914330][ T4514] irq event stamp: 4865 [ 52.914903][ T4514] hardirqs last enabled at (4865): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 52.916412][ T4514] hardirqs last disabled at (4864): [] _raw_spin_lock_irqsave+0xa4/0xb4 [ 52.917910][ T4514] softirqs last enabled at (3578): [] local_bh_enable+0x10/0x34 [ 52.919271][ T4514] softirqs last disabled at (3576): [] local_bh_disable+0x10/0x34 [ 52.920586][ T4514] ---[ end trace 0000000000000000 ]--- [ 52.922052][ T4514] EXT4-fs (loop0): 1 orphan inode deleted [ 52.922932][ T4514] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 52.931203][ T4420] EXT4-fs (loop0): unmounting filesystem.