[ 9.186335][ T3991] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK [ 9.230590][ T11] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 9.235600][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.192' (ED25519) to the list of known hosts. 1970/01/01 00:00:25 parsed 1 programs syzkaller login: [ 26.485894][ T4326] cgroup: Unknown subsys name 'net' [ 26.707822][ T4326] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 26.969008][ T4326] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 30.084097][ T4340] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 30.087095][ T4340] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 30.088380][ T4340] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 30.089749][ T4340] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 30.091027][ T4340] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 30.092258][ T4340] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 30.764542][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.766245][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.768575][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 30.774677][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 30.776070][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 30.777606][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 30.904936][ T4380] chnl_net:caif_netlink_parms(): no params data found [ 30.921932][ T4380] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.923116][ T4380] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.924650][ T4380] device bridge_slave_0 entered promiscuous mode [ 30.927322][ T4380] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.928402][ T4380] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.929862][ T4380] device bridge_slave_1 entered promiscuous mode [ 30.936866][ T4380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.939530][ T4380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.946610][ T4380] team0: Port device team_slave_0 added [ 30.948200][ T4380] team0: Port device team_slave_1 added [ 30.953642][ T4380] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.954762][ T4380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.959027][ T4380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.961521][ T4380] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.962640][ T4380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.967072][ T4380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.056403][ T4380] device hsr_slave_0 entered promiscuous mode [ 31.095592][ T4380] device hsr_slave_1 entered promiscuous mode [ 31.178351][ T4380] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 31.206441][ T4380] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 31.256377][ T4380] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 31.307668][ T4380] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 31.363862][ T4380] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.364979][ T4380] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.366304][ T4380] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.367393][ T4380] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.383270][ T4380] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.387555][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.389614][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.391154][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.394994][ T4380] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.399187][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.400551][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.401719][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.404181][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.406370][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.407483][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.424420][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.427482][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 31.433096][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.434721][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.437000][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.439354][ T4380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 31.492425][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 31.493709][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 31.498970][ T4380] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.511466][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.517303][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.518874][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.520212][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.522297][ T4380] device veth0_vlan entered promiscuous mode [ 31.525099][ T4380] device veth1_vlan entered promiscuous mode [ 31.531778][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 31.533279][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 31.535015][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.538240][ T4380] device veth0_macvtap entered promiscuous mode [ 31.540377][ T4380] device veth1_macvtap entered promiscuous mode [ 31.546689][ T4380] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.547891][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.549809][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 31.552987][ T4380] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.554166][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.570539][ T4380] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.571937][ T4380] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.573337][ T4380] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.574620][ T4380] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:32 executed programs: 0 [ 32.676011][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 32.677950][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 32.679226][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 32.680734][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 32.682043][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 32.683279][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 33.129554][ T4434] chnl_net:caif_netlink_parms(): no params data found [ 33.145473][ T4434] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.146700][ T4434] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.148802][ T4434] device bridge_slave_0 entered promiscuous mode [ 33.150760][ T4434] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.151884][ T4434] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.153245][ T4434] device bridge_slave_1 entered promiscuous mode [ 33.161059][ T4434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.163490][ T4434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.175084][ T4434] team0: Port device team_slave_0 added [ 33.177335][ T4434] team0: Port device team_slave_1 added [ 33.183577][ T4434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.184666][ T4434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.189040][ T4434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.191345][ T4434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.192423][ T4434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.196995][ T4434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.226899][ T4434] device hsr_slave_0 entered promiscuous mode [ 33.255575][ T4434] device hsr_slave_1 entered promiscuous mode [ 33.295713][ T4434] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 33.297028][ T4434] Cannot create hsr debugfs directory [ 33.656511][ T4434] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.715632][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 36.795923][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 37.466271][ T4434] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.586951][ T4434] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.687357][ T4434] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.877093][ T4434] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.977503][ T4434] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.026406][ T4434] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.107225][ T4434] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.225750][ T4434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.229618][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.231104][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.233279][ T4434] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.267226][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.268867][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.270308][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.271420][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.272884][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.275794][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.277322][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.278755][ T272] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.279909][ T272] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.281928][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 38.284374][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 38.287542][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 38.289095][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.290465][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 38.292854][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 38.294381][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.298529][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.300055][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.302568][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.303980][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.309621][ T9] device hsr_slave_0 left promiscuous mode [ 38.345715][ T9] device hsr_slave_1 left promiscuous mode [ 38.455469][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 38.456717][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 38.458334][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 38.459386][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 38.460740][ T9] device bridge_slave_1 left promiscuous mode [ 38.462056][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.515989][ T9] device bridge_slave_0 left promiscuous mode [ 38.517085][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.645652][ T9] device veth1_macvtap left promiscuous mode [ 38.646647][ T9] device veth0_macvtap left promiscuous mode [ 38.647604][ T9] device veth1_vlan left promiscuous mode [ 38.648585][ T9] device veth0_vlan left promiscuous mode [ 38.875437][ T4340] Bluetooth: hci0: command 0x040f tx timeout [ 40.456485][ T9] team0 (unregistering): Port device team_slave_1 removed [ 40.676189][ T9] team0 (unregistering): Port device team_slave_0 removed [ 40.886058][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 40.955389][ T4340] Bluetooth: hci0: command 0x0419 tx timeout [ 41.116952][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 43.637490][ T9] bond0 (unregistering): Released all slaves [ 43.887680][ T4434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.935953][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.937184][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.939983][ T4434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.945698][ T4427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 43.947230][ T4427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.952179][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 43.953611][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.955049][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.957133][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.961140][ T4434] device veth0_vlan entered promiscuous mode [ 43.963990][ T4434] device veth1_vlan entered promiscuous mode [ 43.970097][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 43.971456][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 43.972814][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.974314][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.977894][ T4434] device veth0_macvtap entered promiscuous mode [ 43.979970][ T4434] device veth1_macvtap entered promiscuous mode [ 43.984464][ T4434] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 43.986615][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 43.988097][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.989479][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.990991][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.993500][ T4434] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.994703][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.996675][ T272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.998869][ T4434] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.000135][ T4434] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.001433][ T4434] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.002773][ T4434] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.023470][ T4427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.024776][ T4427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.029456][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.032631][ T272] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.033866][ T272] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.037143][ T4427] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 44.076460][ T4465] loop0: detected capacity change from 0 to 512 [ 44.087506][ T4465] [ 44.087897][ T4465] ====================================================== [ 44.088963][ T4465] WARNING: possible circular locking dependency detected [ 44.090014][ T4465] syzkaller #0 Not tainted [ 44.090680][ T4465] ------------------------------------------------------ [ 44.091732][ T4465] syz.0.17/4465 is trying to acquire lock: [ 44.092601][ T4465] ffff0000d322cb98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 44.094138][ T4465] [ 44.094138][ T4465] but task is already holding lock: [ 44.095245][ T4465] ffff0000e522a8e8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 44.096651][ T4465] [ 44.096651][ T4465] which lock already depends on the new lock. [ 44.096651][ T4465] [ 44.098207][ T4465] [ 44.098207][ T4465] the existing dependency chain (in reverse order) is: [ 44.099482][ T4465] [ 44.099482][ T4465] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 44.100551][ T4465] down_read+0x64/0x304 [ 44.101227][ T4465] ext4_setattr+0x7c4/0x150c [ 44.101975][ T4465] notify_change+0xb0c/0xdcc [ 44.102698][ T4465] chown_common+0x414/0x574 [ 44.103449][ T4465] do_fchownat+0x158/0x268 [ 44.104154][ T4465] __arm64_sys_fchownat+0xb8/0xd4 [ 44.104998][ T4465] invoke_syscall+0x98/0x2bc [ 44.105735][ T4465] el0_svc_common+0x138/0x258 [ 44.106504][ T4465] do_el0_svc+0x58/0x13c [ 44.107166][ T4465] el0_svc+0x58/0x138 [ 44.107841][ T4465] el0t_64_sync_handler+0x84/0xf0 [ 44.108633][ T4465] el0t_64_sync+0x18c/0x190 [ 44.109381][ T4465] [ 44.109381][ T4465] -> #1 (jbd2_handle){++++}-{0:0}: [ 44.110517][ T4465] start_this_handle+0xfe0/0x122c [ 44.111361][ T4465] jbd2__journal_start+0x288/0x51c [ 44.112206][ T4465] __ext4_journal_start_sb+0x2fc/0x674 [ 44.113115][ T4465] ext4_writepages+0xa28/0x284c [ 44.113962][ T4465] do_writepages+0x2c0/0x4fc [ 44.114689][ T4465] __writeback_single_inode+0x164/0x157c [ 44.115619][ T4465] writeback_sb_inodes+0x824/0x1404 [ 44.116492][ T4465] __writeback_inodes_wb+0x110/0x394 [ 44.117382][ T4465] wb_writeback+0x414/0xfb0 [ 44.118115][ T4465] wb_workfn+0xac0/0xd98 [ 44.118926][ T4465] process_one_work+0x7f4/0x13a8 [ 44.119815][ T4465] worker_thread+0x8c8/0xfbc [ 44.120628][ T4465] kthread+0x250/0x2d8 [ 44.121398][ T4465] ret_from_fork+0x10/0x20 [ 44.122171][ T4465] [ 44.122171][ T4465] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 44.123430][ T4465] __lock_acquire+0x293c/0x6544 [ 44.124298][ T4465] lock_acquire+0x20c/0x644 [ 44.125056][ T4465] percpu_down_read+0x70/0x2a8 [ 44.125817][ T4465] ext4_writepages+0x188/0x284c [ 44.126603][ T4465] do_writepages+0x2c0/0x4fc [ 44.127325][ T4465] __writeback_single_inode+0x164/0x157c [ 44.128214][ T4465] writeback_single_inode+0x1c0/0x720 [ 44.129044][ T4465] write_inode_now+0x144/0x1b0 [ 44.129840][ T4465] iput+0x5cc/0x7f4 [ 44.130477][ T4465] ext4_xattr_block_set+0x17a4/0x2810 [ 44.131383][ T4465] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 44.132312][ T4465] __ext4_expand_extra_isize+0x298/0x358 [ 44.133165][ T4465] __ext4_mark_inode_dirty+0x3e4/0x790 [ 44.134067][ T4465] ext4_evict_inode+0xb58/0x1270 [ 44.134903][ T4465] evict+0x3c8/0x810 [ 44.135577][ T4465] iput+0x764/0x7f4 [ 44.136208][ T4465] ext4_process_orphan+0x240/0x2b4 [ 44.137047][ T4465] ext4_orphan_cleanup+0x908/0x104c [ 44.137880][ T4465] ext4_fill_super+0x6440/0x68a8 [ 44.138766][ T4465] get_tree_bdev+0x358/0x544 [ 44.139527][ T4465] ext4_get_tree+0x28/0x38 [ 44.140297][ T4465] vfs_get_tree+0x90/0x274 [ 44.141040][ T4465] do_new_mount+0x228/0x810 [ 44.141709][ T4465] path_mount+0x5b4/0xe78 [ 44.142389][ T4465] __arm64_sys_mount+0x49c/0x584 [ 44.143158][ T4465] invoke_syscall+0x98/0x2bc [ 44.143888][ T4465] el0_svc_common+0x138/0x258 [ 44.144605][ T4465] do_el0_svc+0x58/0x13c [ 44.145290][ T4465] el0_svc+0x58/0x138 [ 44.145937][ T4465] el0t_64_sync_handler+0x84/0xf0 [ 44.146759][ T4465] el0t_64_sync+0x18c/0x190 [ 44.147454][ T4465] [ 44.147454][ T4465] other info that might help us debug this: [ 44.147454][ T4465] [ 44.148928][ T4465] Chain exists of: [ 44.148928][ T4465] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 44.148928][ T4465] [ 44.150914][ T4465] Possible unsafe locking scenario: [ 44.150914][ T4465] [ 44.151990][ T4465] CPU0 CPU1 [ 44.152702][ T4465] ---- ---- [ 44.153454][ T4465] lock(&ei->xattr_sem); [ 44.154115][ T4465] lock(jbd2_handle); [ 44.155062][ T4465] lock(&ei->xattr_sem); [ 44.156059][ T4465] lock(&sbi->s_writepages_rwsem); [ 44.156851][ T4465] [ 44.156851][ T4465] *** DEADLOCK *** [ 44.156851][ T4465] [ 44.158002][ T4465] 3 locks held by syz.0.17/4465: [ 44.158663][ T4465] #0: ffff0000d322a0e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 44.160147][ T4465] #1: ffff0000d322a650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 44.161498][ T4465] #2: ffff0000e522a8e8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 44.162915][ T4465] [ 44.162915][ T4465] stack backtrace: [ 44.163899][ T4465] CPU: 0 PID: 4465 Comm: syz.0.17 Not tainted syzkaller #0 [ 44.165090][ T4465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 44.166695][ T4465] Call trace: [ 44.167189][ T4465] dump_backtrace+0x1c8/0x1f4 [ 44.167921][ T4465] show_stack+0x2c/0x3c [ 44.168593][ T4465] __dump_stack+0x30/0x40 [ 44.169253][ T4465] dump_stack_lvl+0xf8/0x160 [ 44.169968][ T4465] dump_stack+0x1c/0x5c [ 44.170618][ T4465] print_circular_bug+0x148/0x1b0 [ 44.171388][ T4465] check_noncircular+0x240/0x2d4 [ 44.172129][ T4465] __lock_acquire+0x293c/0x6544 [ 44.172873][ T4465] lock_acquire+0x20c/0x644 [ 44.173539][ T4465] percpu_down_read+0x70/0x2a8 [ 44.174213][ T4465] ext4_writepages+0x188/0x284c [ 44.174915][ T4465] do_writepages+0x2c0/0x4fc [ 44.175626][ T4465] __writeback_single_inode+0x164/0x157c [ 44.176433][ T4465] writeback_single_inode+0x1c0/0x720 [ 44.177285][ T4465] write_inode_now+0x144/0x1b0 [ 44.178014][ T4465] iput+0x5cc/0x7f4 [ 44.178559][ T4465] ext4_xattr_block_set+0x17a4/0x2810 [ 44.179334][ T4465] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 44.180204][ T4465] __ext4_expand_extra_isize+0x298/0x358 [ 44.181078][ T4465] __ext4_mark_inode_dirty+0x3e4/0x790 [ 44.181868][ T4465] ext4_evict_inode+0xb58/0x1270 [ 44.182576][ T4465] evict+0x3c8/0x810 [ 44.183147][ T4465] iput+0x764/0x7f4 [ 44.183728][ T4465] ext4_process_orphan+0x240/0x2b4 [ 44.184500][ T4465] ext4_orphan_cleanup+0x908/0x104c [ 44.185287][ T4465] ext4_fill_super+0x6440/0x68a8 [ 44.186029][ T4465] get_tree_bdev+0x358/0x544 [ 44.186696][ T4465] ext4_get_tree+0x28/0x38 [ 44.187320][ T4465] vfs_get_tree+0x90/0x274 [ 44.187980][ T4465] do_new_mount+0x228/0x810 [ 44.188668][ T4465] path_mount+0x5b4/0xe78 [ 44.189295][ T4465] __arm64_sys_mount+0x49c/0x584 [ 44.190015][ T4465] invoke_syscall+0x98/0x2bc [ 44.190647][ T4465] el0_svc_common+0x138/0x258 [ 44.191341][ T4465] do_el0_svc+0x58/0x13c [ 44.191932][ T4465] el0_svc+0x58/0x138 [ 44.192608][ T4465] el0t_64_sync_handler+0x84/0xf0 [ 44.193484][ T4465] el0t_64_sync+0x18c/0x190 [ 44.195440][ T4465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 44.197924][ T4465] EXT4-fs (loop0): Remounting filesystem read-only [ 44.198969][ T4465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 44.200925][ T4465] EXT4-fs (loop0): Remounting filesystem read-only [ 44.201892][ T4465] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 44.203881][ T4465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #11: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 44.206668][ T4465] EXT4-fs (loop0): Remounting filesystem read-only [ 44.207605][ T4465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 11 err=-117 [ 44.209582][ T4465] EXT4-fs (loop0): Remounting filesystem read-only [ 44.210653][ T4465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 44.212761][ T4465] EXT4-fs (loop0): Remounting filesystem read-only [ 44.213744][ T4465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 44.216350][ T4465] EXT4-fs (loop0): Remounting filesystem read-only [ 44.217288][ T4465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 44.219203][ T4465] EXT4-fs (loop0): Remounting filesystem read-only [ 44.220151][ T4465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 44.221939][ T4465] EXT4-fs (loop0): Remounting filesystem read-only [ 44.222897][ T4465] EXT4-fs (loop0): 1 orphan inode deleted [ 44.223779][ T4465] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 44.234410][ T4434] EXT4-fs (loop0): unmounting filesystem.