Warning: Permanently added '10.128.1.165' (ED25519) to the list of known hosts. 1970/01/01 00:00:26 parsed 1 programs [ 28.042245][ T4324] cgroup: Unknown subsys name 'net' [ 28.290205][ T4324] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 28.581158][ T4324] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 31.271448][ T4350] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 31.273064][ T4352] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 31.274371][ T4352] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 31.275819][ T4352] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 31.277162][ T4352] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 31.278991][ T4352] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 31.429499][ T4357] chnl_net:caif_netlink_parms(): no params data found [ 31.447886][ T4357] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.449761][ T4357] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.451435][ T4357] device bridge_slave_0 entered promiscuous mode [ 31.455273][ T4357] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.456473][ T4357] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.458215][ T4357] device bridge_slave_1 entered promiscuous mode [ 31.465870][ T4357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.468769][ T4357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.476441][ T4357] team0: Port device team_slave_0 added [ 31.478477][ T4357] team0: Port device team_slave_1 added [ 31.484222][ T4357] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.485260][ T4357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.489228][ T4357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.491814][ T4357] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.492917][ T4357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.496804][ T4357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.538817][ T4357] device hsr_slave_0 entered promiscuous mode [ 31.587970][ T4357] device hsr_slave_1 entered promiscuous mode [ 31.652137][ T4357] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 31.670398][ T4357] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 31.698772][ T4357] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 31.750380][ T4357] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 31.827711][ T4357] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.828902][ T4357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.830208][ T4357] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.831299][ T4357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.848791][ T4357] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.852765][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.855362][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.857017][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.858878][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 31.863285][ T4357] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.867208][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.869503][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.870600][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.902119][ T1660] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.903648][ T1660] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.904770][ T1660] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.915411][ T1660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.917158][ T1660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.919106][ T1660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 31.921695][ T1660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.924771][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.927221][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 31.980702][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 31.981913][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 31.985438][ T4357] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.991691][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.997531][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.999588][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.001088][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.003501][ T4357] device veth0_vlan entered promiscuous mode [ 32.006487][ T4357] device veth1_vlan entered promiscuous mode [ 32.015458][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 32.016958][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 32.018699][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.021642][ T4357] device veth0_macvtap entered promiscuous mode [ 32.023903][ T4357] device veth1_macvtap entered promiscuous mode [ 32.031514][ T4357] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.032684][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.034738][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 32.039084][ T4357] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.041743][ T4357] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.043016][ T4357] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.044303][ T4357] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.045633][ T4357] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.048084][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.136875][ T1660] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.139221][ T1660] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.141295][ T1660] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 32.149042][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.150349][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.152215][ T1660] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:00:33 executed programs: 0 [ 33.161962][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 33.163661][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 33.165157][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 33.166918][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 33.169113][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 33.170234][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 33.431633][ T1603] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.473705][ T4424] chnl_net:caif_netlink_parms(): no params data found [ 33.488512][ T4424] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.489809][ T4424] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.491254][ T4424] device bridge_slave_0 entered promiscuous mode [ 33.493163][ T4424] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.494314][ T4424] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.495801][ T4424] device bridge_slave_1 entered promiscuous mode [ 33.503735][ T4424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.506059][ T4424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.513209][ T4424] team0: Port device team_slave_0 added [ 33.515894][ T4424] team0: Port device team_slave_1 added [ 33.523153][ T4424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.524327][ T4424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.528329][ T4424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.530453][ T4424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.531506][ T4424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.535313][ T4424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.588746][ T4424] device hsr_slave_0 entered promiscuous mode [ 33.637937][ T4424] device hsr_slave_1 entered promiscuous mode [ 33.677747][ T4424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 33.678976][ T4424] Cannot create hsr debugfs directory [ 35.198007][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 35.889464][ T1603] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.277704][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 37.958764][ T1603] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.080010][ T1603] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.090002][ T4424] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 39.209322][ T4424] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 39.248742][ T4424] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 39.309945][ T4424] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.358830][ T4352] Bluetooth: hci0: command 0x040f tx timeout [ 39.399477][ T4424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.402794][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.404261][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.406694][ T4424] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.409388][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.411142][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.412732][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.413786][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.416922][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.471219][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.472903][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.474406][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.475513][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.478542][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 39.481540][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 39.484127][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 39.485804][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.487383][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.490183][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 39.492312][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.494806][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.496207][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.503939][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.505419][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.507970][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.608457][ T198] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.609664][ T198] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.612839][ T4424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.650742][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.652337][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.657997][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.659491][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.661289][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.662598][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.664706][ T4424] device veth0_vlan entered promiscuous mode [ 39.669026][ T4424] device veth1_vlan entered promiscuous mode [ 39.675165][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 39.676543][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 39.678442][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.679986][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.683027][ T4424] device veth0_macvtap entered promiscuous mode [ 39.685256][ T4424] device veth1_macvtap entered promiscuous mode [ 39.690206][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 39.691821][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.693724][ T4424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.694819][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 39.696270][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 39.698157][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.699681][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.702162][ T4424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 39.703827][ T4424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 39.706355][ T4424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.707564][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.710176][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.750192][ T4424] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.751542][ T4424] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.752919][ T4424] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.754256][ T4424] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.776294][ T198] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.777507][ T198] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.785366][ T198] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 39.788542][ T1660] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.789750][ T1660] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.791539][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 39.819420][ T4501] loop0: detected capacity change from 0 to 512 [ 39.842156][ T4501] [ 39.842605][ T4501] ====================================================== [ 39.843686][ T4501] WARNING: possible circular locking dependency detected [ 39.844699][ T4501] syzkaller #0 Not tainted [ 39.845376][ T4501] ------------------------------------------------------ [ 39.846380][ T4501] syz.0.17/4501 is trying to acquire lock: [ 39.847218][ T4501] ffff0000d1c5cb98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 39.848931][ T4501] [ 39.848931][ T4501] but task is already holding lock: [ 39.850027][ T4501] ffff0000e2796f20 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 39.851532][ T4501] [ 39.851532][ T4501] which lock already depends on the new lock. [ 39.851532][ T4501] [ 39.853038][ T4501] [ 39.853038][ T4501] the existing dependency chain (in reverse order) is: [ 39.854377][ T4501] [ 39.854377][ T4501] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 39.855514][ T4501] down_read+0x64/0x304 [ 39.856213][ T4501] ext4_setattr+0x7c4/0x150c [ 39.857001][ T4501] notify_change+0xb0c/0xdcc [ 39.857773][ T4501] chown_common+0x414/0x574 [ 39.858525][ T4501] do_fchownat+0x158/0x268 [ 39.859251][ T4501] __arm64_sys_fchownat+0xb8/0xd4 [ 39.860145][ T4501] invoke_syscall+0x98/0x2bc [ 39.860972][ T4501] el0_svc_common+0x138/0x258 [ 39.861737][ T4501] do_el0_svc+0x58/0x13c [ 39.862441][ T4501] el0_svc+0x58/0x138 [ 39.863116][ T4501] el0t_64_sync_handler+0x84/0xf0 [ 39.863957][ T4501] el0t_64_sync+0x18c/0x190 [ 39.864726][ T4501] [ 39.864726][ T4501] -> #1 (jbd2_handle){.+.+}-{0:0}: [ 39.865873][ T4501] start_this_handle+0xfe0/0x122c [ 39.866710][ T4501] jbd2__journal_start+0x288/0x51c [ 39.867738][ T4501] __ext4_journal_start_sb+0x2fc/0x674 [ 39.868669][ T4501] ext4_writepages+0xa28/0x284c [ 39.869519][ T4501] do_writepages+0x2c0/0x4fc [ 39.870290][ T4501] __writeback_single_inode+0x164/0x157c [ 39.871213][ T4501] writeback_sb_inodes+0x824/0x1404 [ 39.872113][ T4501] __writeback_inodes_wb+0x110/0x394 [ 39.873025][ T4501] wb_writeback+0x414/0xfb0 [ 39.873865][ T4501] wb_workfn+0xac0/0xd98 [ 39.874627][ T4501] process_one_work+0x7f4/0x13a8 [ 39.875439][ T4501] worker_thread+0x8c8/0xfbc [ 39.876232][ T4501] kthread+0x250/0x2d8 [ 39.876919][ T4501] ret_from_fork+0x10/0x20 [ 39.877708][ T4501] [ 39.877708][ T4501] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 39.878979][ T4501] __lock_acquire+0x293c/0x6544 [ 39.879866][ T4501] lock_acquire+0x20c/0x644 [ 39.880671][ T4501] percpu_down_read+0x70/0x2a8 [ 39.881505][ T4501] ext4_writepages+0x188/0x284c [ 39.882345][ T4501] do_writepages+0x2c0/0x4fc [ 39.883091][ T4501] __writeback_single_inode+0x164/0x157c [ 39.883951][ T4501] writeback_single_inode+0x1c0/0x720 [ 39.884822][ T4501] write_inode_now+0x144/0x1b0 [ 39.885541][ T4501] iput+0x5cc/0x7f4 [ 39.886213][ T4501] ext4_xattr_block_set+0x17a4/0x2810 [ 39.887060][ T4501] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 39.887976][ T4501] __ext4_expand_extra_isize+0x298/0x358 [ 39.888838][ T4501] __ext4_mark_inode_dirty+0x3e4/0x790 [ 39.889671][ T4501] ext4_evict_inode+0xb58/0x1270 [ 39.890450][ T4501] evict+0x3c8/0x810 [ 39.891095][ T4501] iput+0x764/0x7f4 [ 39.891808][ T4501] ext4_process_orphan+0x240/0x2b4 [ 39.892678][ T4501] ext4_orphan_cleanup+0x908/0x104c [ 39.893657][ T4501] ext4_fill_super+0x6440/0x68a8 [ 39.894586][ T4501] get_tree_bdev+0x358/0x544 [ 39.895368][ T4501] ext4_get_tree+0x28/0x38 [ 39.896191][ T4501] vfs_get_tree+0x90/0x274 [ 39.896947][ T4501] do_new_mount+0x228/0x810 [ 39.897725][ T4501] path_mount+0x5b4/0xe78 [ 39.898441][ T4501] __arm64_sys_mount+0x49c/0x584 [ 39.899296][ T4501] invoke_syscall+0x98/0x2bc [ 39.900065][ T4501] el0_svc_common+0x138/0x258 [ 39.900821][ T4501] do_el0_svc+0x58/0x13c [ 39.901466][ T4501] el0_svc+0x58/0x138 [ 39.902137][ T4501] el0t_64_sync_handler+0x84/0xf0 [ 39.902976][ T4501] el0t_64_sync+0x18c/0x190 [ 39.903714][ T4501] [ 39.903714][ T4501] other info that might help us debug this: [ 39.903714][ T4501] [ 39.905102][ T4501] Chain exists of: [ 39.905102][ T4501] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 39.905102][ T4501] [ 39.907072][ T4501] Possible unsafe locking scenario: [ 39.907072][ T4501] [ 39.908222][ T4501] CPU0 CPU1 [ 39.909023][ T4501] ---- ---- [ 39.909831][ T4501] lock(&ei->xattr_sem); [ 39.910492][ T4501] lock(jbd2_handle); [ 39.911432][ T4501] lock(&ei->xattr_sem); [ 39.912425][ T4501] lock(&sbi->s_writepages_rwsem); [ 39.913184][ T4501] [ 39.913184][ T4501] *** DEADLOCK *** [ 39.913184][ T4501] [ 39.914354][ T4501] 3 locks held by syz.0.17/4501: [ 39.915131][ T4501] #0: ffff0000d1c5a0e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 39.916685][ T4501] #1: ffff0000d1c5a650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 39.918187][ T4501] #2: ffff0000e2796f20 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 39.919773][ T4501] [ 39.919773][ T4501] stack backtrace: [ 39.920662][ T4501] CPU: 1 PID: 4501 Comm: syz.0.17 Not tainted syzkaller #0 [ 39.921710][ T4501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 39.923272][ T4501] Call trace: [ 39.923813][ T4501] dump_backtrace+0x1c8/0x1f4 [ 39.924501][ T4501] show_stack+0x2c/0x3c [ 39.925105][ T4501] __dump_stack+0x30/0x40 [ 39.925784][ T4501] dump_stack_lvl+0xf8/0x160 [ 39.926556][ T4501] dump_stack+0x1c/0x5c [ 39.927150][ T4501] print_circular_bug+0x148/0x1b0 [ 39.927861][ T4501] check_noncircular+0x240/0x2d4 [ 39.928607][ T4501] __lock_acquire+0x293c/0x6544 [ 39.929266][ T4501] lock_acquire+0x20c/0x644 [ 39.929976][ T4501] percpu_down_read+0x70/0x2a8 [ 39.930642][ T4501] ext4_writepages+0x188/0x284c [ 39.931406][ T4501] do_writepages+0x2c0/0x4fc [ 39.932153][ T4501] __writeback_single_inode+0x164/0x157c [ 39.932990][ T4501] writeback_single_inode+0x1c0/0x720 [ 39.933812][ T4501] write_inode_now+0x144/0x1b0 [ 39.934543][ T4501] iput+0x5cc/0x7f4 [ 39.935249][ T4501] ext4_xattr_block_set+0x17a4/0x2810 [ 39.936160][ T4501] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 39.937099][ T4501] __ext4_expand_extra_isize+0x298/0x358 [ 39.937951][ T4501] __ext4_mark_inode_dirty+0x3e4/0x790 [ 39.938811][ T4501] ext4_evict_inode+0xb58/0x1270 [ 39.939553][ T4501] evict+0x3c8/0x810 [ 39.940113][ T4501] iput+0x764/0x7f4 [ 39.940686][ T4501] ext4_process_orphan+0x240/0x2b4 [ 39.941460][ T4501] ext4_orphan_cleanup+0x908/0x104c [ 39.942250][ T4501] ext4_fill_super+0x6440/0x68a8 [ 39.943058][ T4501] get_tree_bdev+0x358/0x544 [ 39.943707][ T4501] ext4_get_tree+0x28/0x38 [ 39.944380][ T4501] vfs_get_tree+0x90/0x274 [ 39.945005][ T4501] do_new_mount+0x228/0x810 [ 39.945679][ T4501] path_mount+0x5b4/0xe78 [ 39.946322][ T4501] __arm64_sys_mount+0x49c/0x584 [ 39.947112][ T4501] invoke_syscall+0x98/0x2bc [ 39.947775][ T4501] el0_svc_common+0x138/0x258 [ 39.948436][ T4501] do_el0_svc+0x58/0x13c [ 39.949166][ T4501] el0_svc+0x58/0x138 [ 39.949828][ T4501] el0t_64_sync_handler+0x84/0xf0 [ 39.950664][ T4501] el0t_64_sync+0x18c/0x190 [ 39.953062][ T4501] ------------[ cut here ]------------ [ 39.953987][ T4501] EA inode 11 i_nlink=2 [ 39.954057][ T4501] WARNING: CPU: 0 PID: 4501 at fs/ext4/xattr.c:1022 ext4_xattr_inode_update_ref+0x42c/0x470 [ 39.956241][ T4501] Modules linked in: [ 39.956829][ T4501] CPU: 0 PID: 4501 Comm: syz.0.17 Not tainted syzkaller #0 [ 39.957893][ T4501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 39.959347][ T4501] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 39.960492][ T4501] pc : ext4_xattr_inode_update_ref+0x42c/0x470 [ 39.961425][ T4501] lr : ext4_xattr_inode_update_ref+0x42c/0x470 [ 39.962359][ T4501] sp : ffff800020d66e00 [ 39.963002][ T4501] x29: ffff800020d66ea0 x28: 0000000000000000 x27: dfff800000000000 [ 39.964170][ T4501] x26: 1fffe0001d33ed1f x25: ffff7000041acdc4 x24: 0000000000000000 [ 39.965345][ T4501] x23: ffff800017a15000 x22: ffff0000e99f6740 x21: 0000000000000002 [ 39.966577][ T4501] x20: 0000000000000001 x19: ffff0000e99f6700 x18: ffff800011a5bd40 [ 39.967746][ T4501] x17: 0000000000000000 x16: ffff800008042d90 x15: 0000000000000000 [ 39.968998][ T4501] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 39.970338][ T4501] x11: ff008000081924a8 x10: 0000000000000000 x9 : 5d6c8b1dc3c48200 [ 39.971559][ T4501] x8 : 5d6c8b1dc3c48200 x7 : 0000000000000001 x6 : 0000000000000001 [ 39.972633][ T4501] x5 : ffff800020d66898 x4 : ffff800015134e00 x3 : ffff800008313428 [ 39.973778][ T4501] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 39.974957][ T4501] Call trace: [ 39.975477][ T4501] ext4_xattr_inode_update_ref+0x42c/0x470 [ 39.976281][ T4501] ext4_xattr_set_entry+0x918/0x15ac [ 39.976997][ T4501] ext4_xattr_ibody_set+0x204/0x600 [ 39.977679][ T4501] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 39.978460][ T4501] __ext4_expand_extra_isize+0x298/0x358 [ 39.979374][ T4501] __ext4_mark_inode_dirty+0x3e4/0x790 [ 39.980159][ T4501] ext4_evict_inode+0xb58/0x1270 [ 39.980826][ T4501] evict+0x3c8/0x810 [ 39.981445][ T4501] iput+0x764/0x7f4 [ 39.981985][ T4501] ext4_process_orphan+0x240/0x2b4 [ 39.982729][ T4501] ext4_orphan_cleanup+0x908/0x104c [ 39.983478][ T4501] ext4_fill_super+0x6440/0x68a8 [ 39.984335][ T4501] get_tree_bdev+0x358/0x544 [ 39.985084][ T4501] ext4_get_tree+0x28/0x38 [ 39.985732][ T4501] vfs_get_tree+0x90/0x274 [ 39.986322][ T4501] do_new_mount+0x228/0x810 [ 39.986960][ T4501] path_mount+0x5b4/0xe78 [ 39.987580][ T4501] __arm64_sys_mount+0x49c/0x584 [ 39.988369][ T4501] invoke_syscall+0x98/0x2bc [ 39.988987][ T4501] el0_svc_common+0x138/0x258 [ 39.989628][ T4501] do_el0_svc+0x58/0x13c [ 39.990238][ T4501] el0_svc+0x58/0x138 [ 39.990869][ T4501] el0t_64_sync_handler+0x84/0xf0 [ 39.991578][ T4501] el0t_64_sync+0x18c/0x190 [ 39.992170][ T4501] irq event stamp: 4295 [ 39.992762][ T4501] hardirqs last enabled at (4295): [] __find_get_block+0x1c8/0xdfc [ 39.994148][ T4501] hardirqs last disabled at (4294): [] __find_get_block+0xa0/0xdfc [ 39.995436][ T4501] softirqs last enabled at (3132): [] local_bh_enable+0x10/0x34 [ 39.996824][ T4501] softirqs last disabled at (3130): [] local_bh_disable+0x10/0x34 [ 39.998075][ T4501] ---[ end trace 0000000000000000 ]--- [ 39.999895][ T4501] EXT4-fs (loop0): 1 orphan inode deleted [ 40.000752][ T4501] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 40.005038][ T4424] EXT4-fs (loop0): unmounting filesystem.