Warning: Permanently added '10.128.0.218' (ED25519) to the list of known hosts. [ 36.926145][ T6489] chnl_net:caif_netlink_parms(): no params data found [ 36.967508][ T6489] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.967651][ T6489] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.967800][ T6489] bridge_slave_0: entered allmulticast mode [ 36.968958][ T6489] bridge_slave_0: entered promiscuous mode [ 36.970754][ T6489] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.970803][ T6489] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.970920][ T6489] bridge_slave_1: entered allmulticast mode [ 36.971750][ T6489] bridge_slave_1: entered promiscuous mode [ 36.988416][ T6489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.990570][ T6489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.004084][ T6489] team0: Port device team_slave_0 added [ 37.005724][ T6489] team0: Port device team_slave_1 added [ 37.018815][ T6489] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.018870][ T6489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.018902][ T6489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.020231][ T6489] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.020257][ T6489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.020286][ T6489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.053695][ T6489] hsr_slave_0: entered promiscuous mode [ 37.054276][ T6489] hsr_slave_1: entered promiscuous mode [ 37.135755][ T6489] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.140269][ T6489] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.144469][ T6489] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.148446][ T6489] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.165930][ T6489] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.166029][ T6489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.166312][ T6489] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.166371][ T6489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.190367][ T6489] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.195821][ T207] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.198340][ T207] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.205613][ T6489] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.213079][ T207] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.213167][ T207] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.219819][ T207] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.219891][ T207] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.237711][ T6489] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.250726][ T6489] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.272931][ T6489] veth0_vlan: entered promiscuous mode [ 37.275941][ T6489] veth1_vlan: entered promiscuous mode [ 37.291498][ T6489] veth0_macvtap: entered promiscuous mode [ 37.295711][ T6489] veth1_macvtap: entered promiscuous mode [ 37.304978][ T6489] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.311243][ T6489] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.314364][ T6489] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.314644][ T6489] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.314678][ T6489] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.314719][ T6489] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 37.482480][ T6489] loop0: detected capacity change from 0 to 32768 [ 37.489510][ T6489] (syz-executor323,6489,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 37.490715][ T6489] (syz-executor323,6489,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 37.502521][ T6489] JBD2: Ignoring recovery information on journal [ 37.518012][ T6489] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 37.542237][ T6506] [ 37.542879][ T6506] ====================================================== [ 37.544754][ T6506] WARNING: possible circular locking dependency detected [ 37.546535][ T6506] 6.16.0-rc1-syzkaller-g19272b37aa4f #0 Not tainted [ 37.548296][ T6506] ------------------------------------------------------ [ 37.550190][ T6506] syz-executor323/6506 is trying to acquire lock: [ 37.551929][ T6506] ffff0000de3b8660 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb4/0x2d8 [ 37.554815][ T6506] [ 37.554815][ T6506] but task is already holding lock: [ 37.556796][ T6506] ffff0000de3b86f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa8/0x2d8 [ 37.559584][ T6506] [ 37.559584][ T6506] which lock already depends on the new lock. [ 37.559584][ T6506] [ 37.562417][ T6506] [ 37.562417][ T6506] the existing dependency chain (in reverse order) is: [ 37.564842][ T6506] [ 37.564842][ T6506] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}: [ 37.566967][ T6506] down_read+0x58/0x2f8 [ 37.568228][ T6506] ocfs2_init_acl+0x258/0x5f0 [ 37.569597][ T6506] ocfs2_mknod+0x1028/0x1cf0 [ 37.570930][ T6506] ocfs2_create+0x190/0x474 [ 37.572290][ T6506] path_openat+0x12d8/0x2c40 [ 37.573639][ T6506] do_filp_open+0x18c/0x36c [ 37.574963][ T6506] filp_open+0x15c/0x1b8 [ 37.576263][ T6506] do_coredump+0x1730/0x2b54 [ 37.577608][ T6506] get_signal+0xe38/0x12f8 [ 37.578948][ T6506] do_signal+0x274/0x4438 [ 37.580253][ T6506] do_notify_resume+0xac/0x1ec [ 37.581616][ T6506] asm_exit_to_user_mode+0x80/0x94 [ 37.583123][ T6506] ret_from_fork+0x1c/0x20 [ 37.584411][ T6506] [ 37.584411][ T6506] -> #3 (jbd2_handle){++++}-{0:0}: [ 37.586451][ T6506] start_this_handle+0xe74/0x10dc [ 37.587921][ T6506] jbd2__journal_start+0x288/0x51c [ 37.589378][ T6506] jbd2_journal_start+0x3c/0x4c [ 37.590805][ T6506] ocfs2_start_trans+0x368/0x6b0 [ 37.592246][ T6506] ocfs2_modify_bh+0xe4/0x43c [ 37.593614][ T6506] ocfs2_local_read_info+0x104c/0x1364 [ 37.595194][ T6506] dquot_load_quota_sb+0x6bc/0xa90 [ 37.596676][ T6506] dquot_load_quota_inode+0x274/0x4e4 [ 37.598234][ T6506] ocfs2_enable_quotas+0x17c/0x3b4 [ 37.599750][ T6506] ocfs2_fill_super+0x4018/0x5340 [ 37.601247][ T6506] get_tree_bdev_flags+0x360/0x414 [ 37.602766][ T6506] get_tree_bdev+0x2c/0x3c [ 37.604054][ T6506] ocfs2_get_tree+0x28/0x38 [ 37.605384][ T6506] vfs_get_tree+0x90/0x28c [ 37.606736][ T6506] do_new_mount+0x228/0x814 [ 37.608032][ T6506] path_mount+0x5b4/0xde0 [ 37.609361][ T6506] __arm64_sys_mount+0x3e8/0x468 [ 37.610816][ T6506] invoke_syscall+0x98/0x2b8 [ 37.612162][ T6506] el0_svc_common+0x130/0x23c [ 37.613634][ T6506] do_el0_svc+0x48/0x58 [ 37.614932][ T6506] el0_svc+0x58/0x17c [ 37.616107][ T6506] el0t_64_sync_handler+0x78/0x108 [ 37.617593][ T6506] el0t_64_sync+0x198/0x19c [ 37.618947][ T6506] [ 37.618947][ T6506] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}: [ 37.621151][ T6506] down_read+0x58/0x2f8 [ 37.622378][ T6506] ocfs2_start_trans+0x35c/0x6b0 [ 37.623864][ T6506] ocfs2_modify_bh+0xe4/0x43c [ 37.625262][ T6506] ocfs2_local_read_info+0x104c/0x1364 [ 37.626844][ T6506] dquot_load_quota_sb+0x6bc/0xa90 [ 37.628313][ T6506] dquot_load_quota_inode+0x274/0x4e4 [ 37.629829][ T6506] ocfs2_enable_quotas+0x17c/0x3b4 [ 37.631306][ T6506] ocfs2_fill_super+0x4018/0x5340 [ 37.632751][ T6506] get_tree_bdev_flags+0x360/0x414 [ 37.634279][ T6506] get_tree_bdev+0x2c/0x3c [ 37.635572][ T6506] ocfs2_get_tree+0x28/0x38 [ 37.636900][ T6506] vfs_get_tree+0x90/0x28c [ 37.638201][ T6506] do_new_mount+0x228/0x814 [ 37.639546][ T6506] path_mount+0x5b4/0xde0 [ 37.640883][ T6506] __arm64_sys_mount+0x3e8/0x468 [ 37.642296][ T6506] invoke_syscall+0x98/0x2b8 [ 37.643665][ T6506] el0_svc_common+0x130/0x23c [ 37.645045][ T6506] do_el0_svc+0x48/0x58 [ 37.646296][ T6506] el0_svc+0x58/0x17c [ 37.647491][ T6506] el0t_64_sync_handler+0x78/0x108 [ 37.649008][ T6506] el0t_64_sync+0x198/0x19c [ 37.650358][ T6506] [ 37.650358][ T6506] -> #1 (sb_internal#2){.+.+}-{0:0}: [ 37.652328][ T6506] ocfs2_start_trans+0x1f4/0x6b0 [ 37.653831][ T6506] ocfs2_truncate_file+0x5b0/0x12f4 [ 37.655338][ T6506] ocfs2_setattr+0x1148/0x17a0 [ 37.656765][ T6506] notify_change+0x9a4/0xc50 [ 37.658141][ T6506] do_truncate+0x198/0x210 [ 37.659512][ T6506] do_coredump+0x2260/0x2b54 [ 37.660887][ T6506] get_signal+0xe38/0x12f8 [ 37.662194][ T6506] do_signal+0x274/0x4438 [ 37.663574][ T6506] do_notify_resume+0xac/0x1ec [ 37.664989][ T6506] asm_exit_to_user_mode+0x80/0x94 [ 37.666526][ T6506] ret_from_fork+0x1c/0x20 [ 37.667858][ T6506] [ 37.667858][ T6506] -> #0 (&oi->ip_alloc_sem){+.+.}-{4:4}: [ 37.669959][ T6506] __lock_acquire+0x1774/0x30a4 [ 37.671330][ T6506] lock_acquire+0x14c/0x2e0 [ 37.672686][ T6506] down_write+0x50/0xc0 [ 37.673920][ T6506] ocfs2_try_remove_refcount_tree+0xb4/0x2d8 [ 37.675702][ T6506] ocfs2_truncate_file+0xc28/0x12f4 [ 37.677204][ T6506] ocfs2_setattr+0x1148/0x17a0 [ 37.678544][ T6506] notify_change+0x9a4/0xc50 [ 37.679894][ T6506] do_truncate+0x198/0x210 [ 37.681204][ T6506] do_coredump+0x2260/0x2b54 [ 37.682545][ T6506] get_signal+0xe38/0x12f8 [ 37.683846][ T6506] do_signal+0x274/0x4438 [ 37.685158][ T6506] do_notify_resume+0xac/0x1ec [ 37.686565][ T6506] asm_exit_to_user_mode+0x80/0x94 [ 37.688086][ T6506] ret_from_fork+0x1c/0x20 [ 37.689388][ T6506] [ 37.689388][ T6506] other info that might help us debug this: [ 37.689388][ T6506] [ 37.692008][ T6506] Chain exists of: [ 37.692008][ T6506] &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem [ 37.692008][ T6506] [ 37.695419][ T6506] Possible unsafe locking scenario: [ 37.695419][ T6506] [ 37.697406][ T6506] CPU0 CPU1 [ 37.698833][ T6506] ---- ---- [ 37.700247][ T6506] lock(&oi->ip_xattr_sem); [ 37.701491][ T6506] lock(jbd2_handle); [ 37.703284][ T6506] lock(&oi->ip_xattr_sem); [ 37.705112][ T6506] lock(&oi->ip_alloc_sem); [ 37.706405][ T6506] [ 37.706405][ T6506] *** DEADLOCK *** [ 37.706405][ T6506] [ 37.708618][ T6506] 2 locks held by syz-executor323/6506: [ 37.710113][ T6506] #0: ffff0000de3b89c0 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: do_truncate+0x164/0x210 [ 37.712910][ T6506] #1: ffff0000de3b86f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa8/0x2d8 [ 37.715879][ T6506] [ 37.715879][ T6506] stack backtrace: [ 37.717432][ T6506] CPU: 0 UID: 0 PID: 6506 Comm: syz-executor323 Not tainted 6.16.0-rc1-syzkaller-g19272b37aa4f #0 PREEMPT [ 37.720490][ T6506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.723182][ T6506] Call trace: [ 37.724067][ T6506] show_stack+0x2c/0x3c (C) [ 37.725282][ T6506] __dump_stack+0x30/0x40 [ 37.726413][ T6506] dump_stack_lvl+0xd8/0x12c [ 37.727677][ T6506] dump_stack+0x1c/0x28 [ 37.728764][ T6506] print_circular_bug+0x324/0x32c [ 37.730067][ T6506] check_noncircular+0x154/0x174 [ 37.731395][ T6506] __lock_acquire+0x1774/0x30a4 [ 37.732690][ T6506] lock_acquire+0x14c/0x2e0 [ 37.733874][ T6506] down_write+0x50/0xc0 [ 37.735000][ T6506] ocfs2_try_remove_refcount_tree+0xb4/0x2d8 [ 37.736543][ T6506] ocfs2_truncate_file+0xc28/0x12f4 [ 37.737897][ T6506] ocfs2_setattr+0x1148/0x17a0 [ 37.739125][ T6506] notify_change+0x9a4/0xc50 [ 37.740331][ T6506] do_truncate+0x198/0x210 [ 37.741508][ T6506] do_coredump+0x2260/0x2b54 [ 37.742723][ T6506] get_signal+0xe38/0x12f8 [ 37.743897][ T6506] do_signal+0x274/0x4438 [ 37.745061][ T6506] do_notify_resume+0xac/0x1ec [ 37.746279][ T6506] asm_exit_to_user_mode+0x80/0x94 [ 37.747613][ T6506] ret_from_fork+0x1c/0x20 [ 39.959927][ T6506] ocfs2: Unmounting device (7,0) on (node local)