Warning: Permanently added '10.128.1.10' (ED25519) to the list of known hosts. 1970/01/01 00:00:31 parsed 1 programs syzkaller login: [ 33.015524][ T4325] cgroup: Unknown subsys name 'net' [ 33.283864][ T4325] cgroup: Unknown subsys name 'rlimit' [ 33.545707][ T4325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 37.544713][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.546009][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.548674][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.557402][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.558767][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.560434][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 38.236777][ T4380] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 38.238481][ T4380] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 38.239723][ T4380] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 38.242738][ T4380] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 38.244080][ T4380] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 38.245265][ T4380] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 38.615836][ T4415] chnl_net:caif_netlink_parms(): no params data found [ 38.633226][ T4415] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.634616][ T4415] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.636098][ T4415] device bridge_slave_0 entered promiscuous mode [ 38.638778][ T4415] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.639957][ T4415] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.641590][ T4415] device bridge_slave_1 entered promiscuous mode [ 38.649513][ T4415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.651931][ T4415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.659679][ T4415] team0: Port device team_slave_0 added [ 38.661564][ T4415] team0: Port device team_slave_1 added [ 38.667230][ T4415] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.668363][ T4415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.672453][ T4415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.675043][ T4415] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.676098][ T4415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.679876][ T4415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.712819][ T4415] device hsr_slave_0 entered promiscuous mode [ 38.751836][ T4415] device hsr_slave_1 entered promiscuous mode [ 38.825592][ T4415] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.864375][ T4415] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.912293][ T4415] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.952464][ T4415] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.012337][ T4415] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.013465][ T4415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.014762][ T4415] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.016033][ T4415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.034238][ T4415] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.038294][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.040637][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.042688][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.047390][ T4415] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.053070][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.055822][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.057012][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.073921][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.075755][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.076769][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.083362][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.084986][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.088111][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.090860][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.095780][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.098019][ T4415] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.153629][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.155035][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.158998][ T4415] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.174098][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.179999][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.182050][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.183464][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.185895][ T4415] device veth0_vlan entered promiscuous mode [ 39.189102][ T4415] device veth1_vlan entered promiscuous mode [ 39.196701][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 39.198174][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 39.199790][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.203480][ T4415] device veth0_macvtap entered promiscuous mode [ 39.205871][ T4415] device veth1_macvtap entered promiscuous mode [ 39.210774][ T4415] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.213689][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.215796][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 39.229799][ T4415] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.231101][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.234388][ T4415] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.235843][ T4415] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.237291][ T4415] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.238536][ T4415] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:39 executed programs: 0 [ 39.472225][ T4380] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 39.474029][ T4380] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 39.475339][ T4380] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 39.476884][ T4380] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 39.478182][ T4380] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 39.479416][ T4380] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 39.836696][ T4442] chnl_net:caif_netlink_parms(): no params data found [ 40.183160][ T4442] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.184336][ T4442] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.185823][ T4442] device bridge_slave_0 entered promiscuous mode [ 40.191119][ T4442] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.192466][ T4442] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.194093][ T4442] device bridge_slave_1 entered promiscuous mode [ 40.202317][ T4442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.204821][ T4442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.212053][ T4442] team0: Port device team_slave_0 added [ 40.214106][ T4442] team0: Port device team_slave_1 added [ 40.220745][ T4442] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.221973][ T4442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.226210][ T4442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.228722][ T4442] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.229827][ T4442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.234488][ T4442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.272075][ T4442] device hsr_slave_0 entered promiscuous mode [ 40.311530][ T4442] device hsr_slave_1 entered promiscuous mode [ 40.351083][ T4442] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.352297][ T4442] Cannot create hsr debugfs directory [ 40.602339][ T4442] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.521487][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 43.272297][ T4442] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.601241][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 45.071778][ T4442] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.173052][ T4442] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.445076][ T4442] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 45.525623][ T4442] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 45.604827][ T4442] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 45.642136][ T4442] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 45.681048][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 45.744892][ T4442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.748256][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.749808][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.785084][ T4442] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.787543][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.789112][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.790699][ T1572] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.791941][ T1572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.793567][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.796085][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.797696][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.799277][ T1572] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.800320][ T1572] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.803008][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.805757][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.808359][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.810022][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.811702][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.814105][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.815786][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.818441][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.820019][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.823464][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.825012][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.827600][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.833867][ T39] device hsr_slave_0 left promiscuous mode [ 45.861445][ T39] device hsr_slave_1 left promiscuous mode [ 45.961060][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 45.962289][ T39] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 45.964734][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.965941][ T39] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 45.967263][ T39] device bridge_slave_1 left promiscuous mode [ 45.968495][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.002005][ T39] device bridge_slave_0 left promiscuous mode [ 46.003072][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.131187][ T39] device veth1_macvtap left promiscuous mode [ 46.132265][ T39] device veth0_macvtap left promiscuous mode [ 46.133266][ T39] device veth1_vlan left promiscuous mode [ 46.134269][ T39] device veth0_vlan left promiscuous mode [ 47.771030][ T4380] Bluetooth: hci0: command 0x0419 tx timeout [ 47.962256][ T39] team0 (unregistering): Port device team_slave_1 removed [ 48.141955][ T39] team0 (unregistering): Port device team_slave_0 removed [ 48.311441][ T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 48.531958][ T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 51.182641][ T39] bond0 (unregistering): Released all slaves [ 51.433081][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.434421][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.437665][ T4442] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.445429][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 51.447160][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.453102][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 51.454678][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.456108][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.457567][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.459608][ T4442] device veth0_vlan entered promiscuous mode [ 51.463165][ T4442] device veth1_vlan entered promiscuous mode [ 51.469170][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 51.470763][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 51.472536][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 51.474171][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.476595][ T4442] device veth0_macvtap entered promiscuous mode [ 51.478786][ T4442] device veth1_macvtap entered promiscuous mode [ 51.483743][ T4442] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 51.485006][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 51.486529][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 51.487963][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.489411][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.492696][ T4442] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 51.493974][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.495650][ T1572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.498115][ T4442] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.499576][ T4442] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.501878][ T4442] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.503572][ T4442] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.523330][ T1578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.524744][ T1578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.527904][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 51.533244][ T1578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.534544][ T1578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.536411][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 51.574662][ T4464] loop0: detected capacity change from 0 to 512 [ 51.585590][ T4464] [ 51.586000][ T4464] ====================================================== [ 51.587161][ T4464] WARNING: possible circular locking dependency detected [ 51.588277][ T4464] syzkaller #0 Not tainted [ 51.588958][ T4464] ------------------------------------------------------ [ 51.590166][ T4464] syz.0.17/4464 is trying to acquire lock: [ 51.591157][ T4464] ffff0000de6c6b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 51.592830][ T4464] [ 51.592830][ T4464] but task is already holding lock: [ 51.594043][ T4464] ffff0000e231e518 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 51.595725][ T4464] [ 51.595725][ T4464] which lock already depends on the new lock. [ 51.595725][ T4464] [ 51.597480][ T4464] [ 51.597480][ T4464] the existing dependency chain (in reverse order) is: [ 51.599042][ T4464] [ 51.599042][ T4464] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 51.600235][ T4464] down_read+0x64/0x304 [ 51.601064][ T4464] ext4_setattr+0x7c4/0x150c [ 51.601865][ T4464] notify_change+0xb0c/0xdcc [ 51.602597][ T4464] chown_common+0x414/0x574 [ 51.603361][ T4464] do_fchownat+0x158/0x268 [ 51.604083][ T4464] __arm64_sys_fchownat+0xb8/0xd4 [ 51.604985][ T4464] invoke_syscall+0x98/0x2bc [ 51.605881][ T4464] el0_svc_common+0x138/0x258 [ 51.606762][ T4464] do_el0_svc+0x58/0x13c [ 51.607563][ T4464] el0_svc+0x58/0x138 [ 51.608287][ T4464] el0t_64_sync_handler+0x84/0xf0 [ 51.609142][ T4464] el0t_64_sync+0x18c/0x190 [ 51.609925][ T4464] [ 51.609925][ T4464] -> #1 (jbd2_handle){++++}-{0:0}: [ 51.611154][ T4464] start_this_handle+0xfe0/0x122c [ 51.612084][ T4464] jbd2__journal_start+0x288/0x51c [ 51.612966][ T4464] __ext4_journal_start_sb+0x2fc/0x674 [ 51.613951][ T4464] ext4_writepages+0xa28/0x284c [ 51.614915][ T4464] do_writepages+0x2c0/0x4fc [ 51.615679][ T4464] __writeback_single_inode+0x164/0x157c [ 51.616637][ T4464] writeback_sb_inodes+0x824/0x1404 [ 51.617595][ T4464] __writeback_inodes_wb+0x110/0x394 [ 51.618581][ T4464] wb_writeback+0x414/0xfb0 [ 51.619411][ T4464] wb_workfn+0xac0/0xd98 [ 51.620130][ T4464] process_one_work+0x7f4/0x13a8 [ 51.621008][ T4464] worker_thread+0x8c8/0xfbc [ 51.621868][ T4464] kthread+0x250/0x2d8 [ 51.622562][ T4464] ret_from_fork+0x10/0x20 [ 51.623389][ T4464] [ 51.623389][ T4464] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 51.624757][ T4464] __lock_acquire+0x293c/0x6544 [ 51.625625][ T4464] lock_acquire+0x20c/0x644 [ 51.626472][ T4464] percpu_down_read+0x70/0x2a8 [ 51.627397][ T4464] ext4_writepages+0x188/0x284c [ 51.628188][ T4464] do_writepages+0x2c0/0x4fc [ 51.628964][ T4464] __writeback_single_inode+0x164/0x157c [ 51.629925][ T4464] writeback_single_inode+0x1c0/0x720 [ 51.630826][ T4464] write_inode_now+0x144/0x1b0 [ 51.631682][ T4464] iput+0x5cc/0x7f4 [ 51.632328][ T4464] ext4_xattr_block_set+0x17a4/0x2810 [ 51.633280][ T4464] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 51.634224][ T4464] __ext4_expand_extra_isize+0x298/0x358 [ 51.635182][ T4464] __ext4_mark_inode_dirty+0x3e4/0x790 [ 51.636102][ T4464] ext4_evict_inode+0xb58/0x1270 [ 51.637010][ T4464] evict+0x3c8/0x810 [ 51.637696][ T4464] iput+0x764/0x7f4 [ 51.638425][ T4464] ext4_process_orphan+0x240/0x2b4 [ 51.639320][ T4464] ext4_orphan_cleanup+0x908/0x104c [ 51.640226][ T4464] ext4_fill_super+0x6920/0x6e34 [ 51.641174][ T4464] get_tree_bdev+0x358/0x544 [ 51.641980][ T4464] ext4_get_tree+0x28/0x38 [ 51.642789][ T4464] vfs_get_tree+0x90/0x274 [ 51.643587][ T4464] do_new_mount+0x228/0x810 [ 51.644323][ T4464] path_mount+0x5b4/0xe78 [ 51.645081][ T4464] __arm64_sys_mount+0x49c/0x584 [ 51.645893][ T4464] invoke_syscall+0x98/0x2bc [ 51.646744][ T4464] el0_svc_common+0x138/0x258 [ 51.647630][ T4464] do_el0_svc+0x58/0x13c [ 51.648372][ T4464] el0_svc+0x58/0x138 [ 51.649055][ T4464] el0t_64_sync_handler+0x84/0xf0 [ 51.649867][ T4464] el0t_64_sync+0x18c/0x190 [ 51.650592][ T4464] [ 51.650592][ T4464] other info that might help us debug this: [ 51.650592][ T4464] [ 51.652360][ T4464] Chain exists of: [ 51.652360][ T4464] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 51.652360][ T4464] [ 51.654456][ T4464] Possible unsafe locking scenario: [ 51.654456][ T4464] [ 51.655619][ T4464] CPU0 CPU1 [ 51.656361][ T4464] ---- ---- [ 51.657097][ T4464] lock(&ei->xattr_sem); [ 51.657731][ T4464] lock(jbd2_handle); [ 51.658852][ T4464] lock(&ei->xattr_sem); [ 51.659939][ T4464] lock(&sbi->s_writepages_rwsem); [ 51.660732][ T4464] [ 51.660732][ T4464] *** DEADLOCK *** [ 51.660732][ T4464] [ 51.661976][ T4464] 3 locks held by syz.0.17/4464: [ 51.662789][ T4464] #0: ffff0000de6c40e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 51.664574][ T4464] #1: ffff0000de6c4650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 51.666229][ T4464] #2: ffff0000e231e518 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 51.667889][ T4464] [ 51.667889][ T4464] stack backtrace: [ 51.668723][ T4464] CPU: 1 PID: 4464 Comm: syz.0.17 Not tainted syzkaller #0 [ 51.669807][ T4464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 51.671473][ T4464] Call trace: [ 51.672000][ T4464] dump_backtrace+0x1c8/0x1f4 [ 51.672775][ T4464] show_stack+0x2c/0x3c [ 51.673404][ T4464] __dump_stack+0x30/0x40 [ 51.674032][ T4464] dump_stack_lvl+0xf8/0x160 [ 51.674722][ T4464] dump_stack+0x1c/0x5c [ 51.675403][ T4464] print_circular_bug+0x148/0x1b0 [ 51.676280][ T4464] check_noncircular+0x240/0x2d4 [ 51.677114][ T4464] __lock_acquire+0x293c/0x6544 [ 51.677916][ T4464] lock_acquire+0x20c/0x644 [ 51.678636][ T4464] percpu_down_read+0x70/0x2a8 [ 51.679396][ T4464] ext4_writepages+0x188/0x284c [ 51.680189][ T4464] do_writepages+0x2c0/0x4fc [ 51.680862][ T4464] __writeback_single_inode+0x164/0x157c [ 51.681785][ T4464] writeback_single_inode+0x1c0/0x720 [ 51.682643][ T4464] write_inode_now+0x144/0x1b0 [ 51.683405][ T4464] iput+0x5cc/0x7f4 [ 51.683988][ T4464] ext4_xattr_block_set+0x17a4/0x2810 [ 51.684886][ T4464] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 51.685890][ T4464] __ext4_expand_extra_isize+0x298/0x358 [ 51.686771][ T4464] __ext4_mark_inode_dirty+0x3e4/0x790 [ 51.687610][ T4464] ext4_evict_inode+0xb58/0x1270 [ 51.688326][ T4464] evict+0x3c8/0x810 [ 51.688914][ T4464] iput+0x764/0x7f4 [ 51.689492][ T4464] ext4_process_orphan+0x240/0x2b4 [ 51.690226][ T4464] ext4_orphan_cleanup+0x908/0x104c [ 51.691074][ T4464] ext4_fill_super+0x6920/0x6e34 [ 51.691884][ T4464] get_tree_bdev+0x358/0x544 [ 51.692622][ T4464] ext4_get_tree+0x28/0x38 [ 51.693428][ T4464] vfs_get_tree+0x90/0x274 [ 51.694151][ T4464] do_new_mount+0x228/0x810 [ 51.694904][ T4464] path_mount+0x5b4/0xe78 [ 51.695639][ T4464] __arm64_sys_mount+0x49c/0x584 [ 51.696406][ T4464] invoke_syscall+0x98/0x2bc [ 51.697138][ T4464] el0_svc_common+0x138/0x258 [ 51.697912][ T4464] do_el0_svc+0x58/0x13c [ 51.698574][ T4464] el0_svc+0x58/0x138 [ 51.699270][ T4464] el0t_64_sync_handler+0x84/0xf0 [ 51.700035][ T4464] el0t_64_sync+0x18c/0x190 [ 51.701920][ T4464] ------------[ cut here ]------------ [ 51.702787][ T4464] EA inode 11 i_nlink=2 [ 51.702855][ T4464] WARNING: CPU: 1 PID: 4464 at fs/ext4/xattr.c:1021 ext4_xattr_inode_update_ref+0x468/0x4ac [ 51.705123][ T4464] Modules linked in: [ 51.705747][ T4464] CPU: 1 PID: 4464 Comm: syz.0.17 Not tainted syzkaller #0 [ 51.706961][ T4464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 51.708598][ T4464] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 51.709895][ T4464] pc : ext4_xattr_inode_update_ref+0x468/0x4ac [ 51.710930][ T4464] lr : ext4_xattr_inode_update_ref+0x464/0x4ac [ 51.711953][ T4464] sp : ffff8000212b6e80 [ 51.712651][ T4464] x29: ffff8000212b6f00 x28: 0000000000000000 x27: dfff800000000000 [ 51.713984][ T4464] x26: 1fffe0001d3d81d6 x25: ffff700004256dd0 x24: 0000000000000000 [ 51.715363][ T4464] x23: ffff800017a8b000 x22: ffff8000212b6e80 x21: 0000000000000002 [ 51.716765][ T4464] x20: 0000000000000001 x19: ffff0000e9ec0cb8 x18: ffff800011abbcc0 [ 51.718177][ T4464] x17: 0000000000000000 x16: ffff800008042c8c x15: 0000000000000000 [ 51.719428][ T4464] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 51.720703][ T4464] x11: ff00800008191ca8 x10: 0000000000000000 x9 : 03c195d7bfd7d200 [ 51.721963][ T4464] x8 : 03c195d7bfd7d200 x7 : 0000000000000001 x6 : 0000000000000001 [ 51.723267][ T4464] x5 : ffff8000212b6918 x4 : ffff8000151a4820 x3 : ffff800008311d00 [ 51.724537][ T4464] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 51.725796][ T4464] Call trace: [ 51.726337][ T4464] ext4_xattr_inode_update_ref+0x468/0x4ac [ 51.727230][ T4464] ext4_xattr_set_entry+0x918/0x15ac [ 51.728036][ T4464] ext4_xattr_ibody_set+0x204/0x600 [ 51.728819][ T4464] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 51.729688][ T4464] __ext4_expand_extra_isize+0x298/0x358 [ 51.730528][ T4464] __ext4_mark_inode_dirty+0x3e4/0x790 [ 51.731320][ T4464] ext4_evict_inode+0xb58/0x1270 [ 51.732011][ T4464] evict+0x3c8/0x810 [ 51.732568][ T4464] iput+0x764/0x7f4 [ 51.733143][ T4464] ext4_process_orphan+0x240/0x2b4 [ 51.733900][ T4464] ext4_orphan_cleanup+0x908/0x104c [ 51.734726][ T4464] ext4_fill_super+0x6920/0x6e34 [ 51.735496][ T4464] get_tree_bdev+0x358/0x544 [ 51.736151][ T4464] ext4_get_tree+0x28/0x38 [ 51.736850][ T4464] vfs_get_tree+0x90/0x274 [ 51.737655][ T4464] do_new_mount+0x228/0x810 [ 51.738412][ T4464] path_mount+0x5b4/0xe78 [ 51.739179][ T4464] __arm64_sys_mount+0x49c/0x584 [ 51.739965][ T4464] invoke_syscall+0x98/0x2bc [ 51.740767][ T4464] el0_svc_common+0x138/0x258 [ 51.741520][ T4464] do_el0_svc+0x58/0x13c [ 51.742183][ T4464] el0_svc+0x58/0x138 [ 51.742845][ T4464] el0t_64_sync_handler+0x84/0xf0 [ 51.743614][ T4464] el0t_64_sync+0x18c/0x190 [ 51.744416][ T4464] irq event stamp: 5295 [ 51.745164][ T4464] hardirqs last enabled at (5295): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 51.746970][ T4464] hardirqs last disabled at (5294): [] _raw_spin_lock_irqsave+0xa4/0xb4 [ 51.748541][ T4464] softirqs last enabled at (5024): [] handle_softirqs+0xaf8/0xc6c [ 51.750028][ T4464] softirqs last disabled at (4973): [] __do_softirq+0x14/0x20 [ 51.751357][ T4464] ---[ end trace 0000000000000000 ]--- [ 51.752838][ T4464] EXT4-fs (loop0): 1 orphan inode deleted [ 51.753769][ T4464] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 51.757268][ T4442] EXT4-fs (loop0): unmounting filesystem.