Warning: Permanently added '10.128.1.82' (ED25519) to the list of known hosts. 1970/01/01 00:00:32 parsed 1 programs [ 33.127928][ T4325] cgroup: Unknown subsys name 'net' [ 33.359642][ T4325] cgroup: Unknown subsys name 'rlimit' [ 33.630778][ T4325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 38.774622][ T4349] chnl_net:caif_netlink_parms(): no params data found [ 38.792216][ T4349] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.793467][ T4349] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.795024][ T4349] device bridge_slave_0 entered promiscuous mode [ 38.797394][ T4349] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.798585][ T4349] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.800023][ T4349] device bridge_slave_1 entered promiscuous mode [ 38.806953][ T4349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.811592][ T4349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.818738][ T4349] team0: Port device team_slave_0 added [ 38.820404][ T4349] team0: Port device team_slave_1 added [ 38.826585][ T4349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.827831][ T4349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.831773][ T4349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.834377][ T4349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.835488][ T4349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.839258][ T4349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.898110][ T4349] device hsr_slave_0 entered promiscuous mode [ 38.967271][ T4349] device hsr_slave_1 entered promiscuous mode [ 39.041836][ T4349] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 39.090611][ T4349] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 39.139486][ T4349] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 39.198188][ T4349] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.246437][ T4349] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.247669][ T4349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.248988][ T4349] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.250072][ T4349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.266858][ T4349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.270826][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.273422][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.275479][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.277851][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 39.281901][ T4349] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.285068][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.286571][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.287758][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.292307][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.293851][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.295033][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.305420][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.307853][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.309450][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.310901][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.312544][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.314602][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.412957][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.414424][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.418931][ T4349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.424817][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.441386][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.443070][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.444471][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.447883][ T4349] device veth0_vlan entered promiscuous mode [ 39.451084][ T4349] device veth1_vlan entered promiscuous mode [ 39.459000][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 39.460558][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 39.462298][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.464557][ T4349] device veth0_macvtap entered promiscuous mode [ 39.466857][ T4349] device veth1_macvtap entered promiscuous mode [ 39.472623][ T4349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.473954][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.475880][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 39.479844][ T4349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.481274][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.483855][ T4349] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.485241][ T4349] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.486659][ T4349] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.488658][ T4349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.244559][ T4408] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.246196][ T4408] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.248478][ T4410] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.250141][ T4410] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.251658][ T4410] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 40.252978][ T4410] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 40.410668][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.412110][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.414035][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 40.423893][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.425257][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.427177][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 40.770627][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:40 executed programs: 0 [ 40.904767][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.906238][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.908553][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.910295][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.911747][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 40.913003][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 40.960385][ T4422] chnl_net:caif_netlink_parms(): no params data found [ 40.976303][ T4422] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.977567][ T4422] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.979209][ T4422] device bridge_slave_0 entered promiscuous mode [ 40.981142][ T4422] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.982218][ T4422] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.983608][ T4422] device bridge_slave_1 entered promiscuous mode [ 40.991619][ T4422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.994038][ T4422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.001674][ T4422] team0: Port device team_slave_0 added [ 41.003426][ T4422] team0: Port device team_slave_1 added [ 41.010389][ T4422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.011484][ T4422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.015873][ T4422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.018516][ T4422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.019588][ T4422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.023382][ T4422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.077999][ T4422] device hsr_slave_0 entered promiscuous mode [ 41.127270][ T4422] device hsr_slave_1 entered promiscuous mode [ 41.177158][ T4422] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 41.178505][ T4422] Cannot create hsr debugfs directory [ 42.967599][ T4410] Bluetooth: hci0: command 0x0409 tx timeout [ 43.258300][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.047236][ T4408] Bluetooth: hci0: command 0x041b tx timeout [ 45.068892][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.159065][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.190186][ T4422] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.248226][ T4422] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.419053][ T4422] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.458525][ T4422] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.577133][ T4422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.581783][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.583282][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.585759][ T4422] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.588466][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.589980][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.591533][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.592713][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.594586][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.597016][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.599465][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.600854][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.601978][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.646657][ T4422] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 46.648611][ T4422] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.650914][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.652609][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.654157][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.655777][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.657438][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.659221][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.660656][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.662193][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.663753][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.665283][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.666744][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.669258][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.763102][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.764520][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.767897][ T4422] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.773827][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.775478][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.810962][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.812509][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.814076][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.815364][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.818103][ T4422] device veth0_vlan entered promiscuous mode [ 46.821264][ T4422] device veth1_vlan entered promiscuous mode [ 46.828574][ T1587] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.830201][ T1587] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.831512][ T1587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.833024][ T1587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.835177][ T4422] device veth0_macvtap entered promiscuous mode [ 46.837853][ T4422] device veth1_macvtap entered promiscuous mode [ 46.841944][ T4422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.843627][ T4422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.845719][ T4422] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.846926][ T1587] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 46.849043][ T1587] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.850326][ T1587] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.851788][ T1587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.880018][ T4422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.881849][ T4422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.883975][ T4422] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.885277][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.886828][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.890009][ T4422] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.891413][ T4422] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.892908][ T4422] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.894413][ T4422] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.912780][ T1587] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.916921][ T1587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.920112][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 46.922931][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.924274][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.925894][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 46.968706][ T4491] loop0: detected capacity change from 0 to 512 [ 46.982451][ T4491] [ 46.982894][ T4491] ====================================================== [ 46.983985][ T4491] WARNING: possible circular locking dependency detected [ 46.985110][ T4491] syzkaller #0 Not tainted [ 46.985823][ T4491] ------------------------------------------------------ [ 46.987004][ T4491] syz.0.17/4491 is trying to acquire lock: [ 46.987969][ T4491] ffff0000d3538b98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 46.989634][ T4491] [ 46.989634][ T4491] but task is already holding lock: [ 46.991031][ T4491] ffff0000e9dadb10 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 46.992721][ T4491] [ 46.992721][ T4491] which lock already depends on the new lock. [ 46.992721][ T4491] [ 46.994413][ T4491] [ 46.994413][ T4491] the existing dependency chain (in reverse order) is: [ 46.995805][ T4491] [ 46.995805][ T4491] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 46.997072][ T4491] down_read+0x64/0x304 [ 46.997871][ T4491] ext4_setattr+0x7c4/0x150c [ 46.998795][ T4491] notify_change+0xb0c/0xdcc [ 46.999624][ T4491] chown_common+0x414/0x574 [ 47.000451][ T4491] do_fchownat+0x158/0x268 [ 47.001240][ T4491] __arm64_sys_fchownat+0xb8/0xd4 [ 47.002171][ T4491] invoke_syscall+0x98/0x2bc [ 47.003045][ T4491] el0_svc_common+0x138/0x258 [ 47.003954][ T4491] do_el0_svc+0x58/0x13c [ 47.004722][ T4491] el0_svc+0x58/0x138 [ 47.005471][ T4491] el0t_64_sync_handler+0x84/0xf0 [ 47.006410][ T4491] el0t_64_sync+0x18c/0x190 [ 47.007307][ T4491] [ 47.007307][ T4491] -> #1 (jbd2_handle){++++}-{0:0}: [ 47.008549][ T4491] start_this_handle+0xfe0/0x122c [ 47.009526][ T4491] jbd2__journal_start+0x288/0x51c [ 47.010499][ T4491] __ext4_journal_start_sb+0x2fc/0x674 [ 47.011479][ T4491] ext4_writepages+0xa28/0x284c [ 47.012422][ T4491] do_writepages+0x2c0/0x4fc [ 47.013338][ T4491] __writeback_single_inode+0x164/0x157c [ 47.014376][ T4491] writeback_sb_inodes+0x824/0x1404 [ 47.015347][ T4491] __writeback_inodes_wb+0x110/0x394 [ 47.016334][ T4491] wb_writeback+0x414/0xfb0 [ 47.017163][ T4491] wb_workfn+0xac0/0xd98 [ 47.018036][ T4491] process_one_work+0x7f4/0x13a8 [ 47.018935][ T4491] worker_thread+0x8c8/0xfbc [ 47.019792][ T4491] kthread+0x250/0x2d8 [ 47.020572][ T4491] ret_from_fork+0x10/0x20 [ 47.021355][ T4491] [ 47.021355][ T4491] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 47.022671][ T4491] __lock_acquire+0x293c/0x6544 [ 47.023583][ T4491] lock_acquire+0x20c/0x644 [ 47.024405][ T4491] percpu_down_read+0x70/0x2a8 [ 47.025305][ T4491] ext4_writepages+0x188/0x284c [ 47.026208][ T4491] do_writepages+0x2c0/0x4fc [ 47.027073][ T4491] __writeback_single_inode+0x164/0x157c [ 47.028126][ T4491] writeback_single_inode+0x1c0/0x720 [ 47.029109][ T4491] write_inode_now+0x144/0x1b0 [ 47.030038][ T4491] iput+0x5cc/0x7f4 [ 47.030771][ T4491] ext4_xattr_block_set+0x17a4/0x2810 [ 47.031711][ T4491] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 47.032780][ T4491] __ext4_expand_extra_isize+0x298/0x358 [ 47.033820][ T4491] __ext4_mark_inode_dirty+0x3e4/0x790 [ 47.034754][ T4491] ext4_evict_inode+0xb58/0x1270 [ 47.035649][ T4491] evict+0x3c8/0x810 [ 47.036371][ T4491] iput+0x764/0x7f4 [ 47.037080][ T4491] ext4_process_orphan+0x240/0x2b4 [ 47.037934][ T4491] ext4_orphan_cleanup+0x908/0x104c [ 47.038861][ T4491] ext4_fill_super+0x6920/0x6e34 [ 47.039774][ T4491] get_tree_bdev+0x358/0x544 [ 47.040665][ T4491] ext4_get_tree+0x28/0x38 [ 47.041526][ T4491] vfs_get_tree+0x90/0x274 [ 47.042336][ T4491] do_new_mount+0x228/0x810 [ 47.043215][ T4491] path_mount+0x5b4/0xe78 [ 47.044002][ T4491] __arm64_sys_mount+0x49c/0x584 [ 47.044920][ T4491] invoke_syscall+0x98/0x2bc [ 47.045784][ T4491] el0_svc_common+0x138/0x258 [ 47.046613][ T4491] do_el0_svc+0x58/0x13c [ 47.047438][ T4491] el0_svc+0x58/0x138 [ 47.048189][ T4491] el0t_64_sync_handler+0x84/0xf0 [ 47.049068][ T4491] el0t_64_sync+0x18c/0x190 [ 47.049910][ T4491] [ 47.049910][ T4491] other info that might help us debug this: [ 47.049910][ T4491] [ 47.051457][ T4491] Chain exists of: [ 47.051457][ T4491] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 47.051457][ T4491] [ 47.053592][ T4491] Possible unsafe locking scenario: [ 47.053592][ T4491] [ 47.054780][ T4491] CPU0 CPU1 [ 47.055642][ T4491] ---- ---- [ 47.056525][ T4491] lock(&ei->xattr_sem); [ 47.057284][ T4491] lock(jbd2_handle); [ 47.058459][ T4491] lock(&ei->xattr_sem); [ 47.059650][ T4491] lock(&sbi->s_writepages_rwsem); [ 47.060604][ T4491] [ 47.060604][ T4491] *** DEADLOCK *** [ 47.060604][ T4491] [ 47.061925][ T4491] 3 locks held by syz.0.17/4491: [ 47.062719][ T4491] #0: ffff0000d353a0e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 47.064444][ T4491] #1: ffff0000d353a650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 47.066000][ T4491] #2: ffff0000e9dadb10 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 47.067687][ T4491] [ 47.067687][ T4491] stack backtrace: [ 47.068655][ T4491] CPU: 1 PID: 4491 Comm: syz.0.17 Not tainted syzkaller #0 [ 47.069914][ T4491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 47.071515][ T4491] Call trace: [ 47.072022][ T4491] dump_backtrace+0x1c8/0x1f4 [ 47.072747][ T4491] show_stack+0x2c/0x3c [ 47.073548][ T4491] __dump_stack+0x30/0x40 [ 47.074328][ T4491] dump_stack_lvl+0xf8/0x160 [ 47.075158][ T4491] dump_stack+0x1c/0x5c [ 47.075871][ T4491] print_circular_bug+0x148/0x1b0 [ 47.076766][ T4491] check_noncircular+0x240/0x2d4 [ 47.077652][ T4491] __lock_acquire+0x293c/0x6544 [ 47.078446][ T4491] lock_acquire+0x20c/0x644 [ 47.079250][ T4491] percpu_down_read+0x70/0x2a8 [ 47.080045][ T4491] ext4_writepages+0x188/0x284c [ 47.080881][ T4491] do_writepages+0x2c0/0x4fc [ 47.081688][ T4491] __writeback_single_inode+0x164/0x157c [ 47.082652][ T4491] writeback_single_inode+0x1c0/0x720 [ 47.083504][ T4491] write_inode_now+0x144/0x1b0 [ 47.084300][ T4491] iput+0x5cc/0x7f4 [ 47.084894][ T4491] ext4_xattr_block_set+0x17a4/0x2810 [ 47.085698][ T4491] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 47.086525][ T4491] __ext4_expand_extra_isize+0x298/0x358 [ 47.087419][ T4491] __ext4_mark_inode_dirty+0x3e4/0x790 [ 47.088343][ T4491] ext4_evict_inode+0xb58/0x1270 [ 47.089129][ T4491] evict+0x3c8/0x810 [ 47.089782][ T4491] iput+0x764/0x7f4 [ 47.090397][ T4491] ext4_process_orphan+0x240/0x2b4 [ 47.091196][ T4491] ext4_orphan_cleanup+0x908/0x104c [ 47.092083][ T4491] ext4_fill_super+0x6920/0x6e34 [ 47.092904][ T4491] get_tree_bdev+0x358/0x544 [ 47.093669][ T4491] ext4_get_tree+0x28/0x38 [ 47.094428][ T4491] vfs_get_tree+0x90/0x274 [ 47.095137][ T4491] do_new_mount+0x228/0x810 [ 47.095796][ T4491] path_mount+0x5b4/0xe78 [ 47.096458][ T4491] __arm64_sys_mount+0x49c/0x584 [ 47.097264][ T4491] invoke_syscall+0x98/0x2bc [ 47.098014][ T4491] el0_svc_common+0x138/0x258 [ 47.098740][ T4491] do_el0_svc+0x58/0x13c [ 47.099370][ T4491] el0_svc+0x58/0x138 [ 47.099988][ T4491] el0t_64_sync_handler+0x84/0xf0 [ 47.100802][ T4491] el0t_64_sync+0x18c/0x190 [ 47.107452][ T4491] ------------[ cut here ]------------ [ 47.108361][ T4491] EA inode 11 i_nlink=2 [ 47.108429][ T4491] WARNING: CPU: 0 PID: 4491 at fs/ext4/xattr.c:1021 ext4_xattr_inode_update_ref+0x468/0x4ac [ 47.110743][ T4491] Modules linked in: [ 47.111307][ T4491] CPU: 0 PID: 4491 Comm: syz.0.17 Not tainted syzkaller #0 [ 47.112437][ T4491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 47.113969][ T4491] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 47.115087][ T4491] pc : ext4_xattr_inode_update_ref+0x468/0x4ac [ 47.115945][ T4491] lr : ext4_xattr_inode_update_ref+0x464/0x4ac [ 47.116907][ T4491] sp : ffff800021556e80 [ 47.117114][ T4408] Bluetooth: hci0: command 0x040f tx timeout [ 47.117526][ T4491] x29: ffff800021556f00 x28: 0000000000000000 x27: dfff800000000000 [ 47.119641][ T4491] x26: 1fffe0001d3a9e60 x25: ffff7000042aadd0 x24: 0000000000000000 [ 47.120920][ T4491] x23: ffff800017a8b000 x22: ffff800021556e80 x21: 0000000000000002 [ 47.122237][ T4491] x20: 0000000000000001 x19: ffff0000e9d4f108 x18: ffff800011abbcc0 [ 47.123492][ T4491] x17: 0000000000000000 x16: ffff800008042c8c x15: 0000000000000000 [ 47.124702][ T4491] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 47.125927][ T4491] x11: ff00800008191ca8 x10: 0000000000000000 x9 : 33938078b585b800 [ 47.127147][ T4491] x8 : 33938078b585b800 x7 : 0000000000000001 x6 : 0000000000000001 [ 47.128290][ T4491] x5 : ffff800021556918 x4 : ffff8000151a4820 x3 : ffff80000852e404 [ 47.129767][ T4491] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 47.131207][ T4491] Call trace: [ 47.131711][ T4491] ext4_xattr_inode_update_ref+0x468/0x4ac [ 47.132716][ T4491] ext4_xattr_set_entry+0x918/0x15ac [ 47.133581][ T4491] ext4_xattr_ibody_set+0x204/0x600 [ 47.134427][ T4491] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 47.135335][ T4491] __ext4_expand_extra_isize+0x298/0x358 [ 47.136226][ T4491] __ext4_mark_inode_dirty+0x3e4/0x790 [ 47.137132][ T4491] ext4_evict_inode+0xb58/0x1270 [ 47.137976][ T4491] evict+0x3c8/0x810 [ 47.138631][ T4491] iput+0x764/0x7f4 [ 47.139219][ T4491] ext4_process_orphan+0x240/0x2b4 [ 47.139973][ T4491] ext4_orphan_cleanup+0x908/0x104c [ 47.140758][ T4491] ext4_fill_super+0x6920/0x6e34 [ 47.141504][ T4491] get_tree_bdev+0x358/0x544 [ 47.142198][ T4491] ext4_get_tree+0x28/0x38 [ 47.142911][ T4491] vfs_get_tree+0x90/0x274 [ 47.143580][ T4491] do_new_mount+0x228/0x810 [ 47.144277][ T4491] path_mount+0x5b4/0xe78 [ 47.144951][ T4491] __arm64_sys_mount+0x49c/0x584 [ 47.145742][ T4491] invoke_syscall+0x98/0x2bc [ 47.146439][ T4491] el0_svc_common+0x138/0x258 [ 47.147174][ T4491] do_el0_svc+0x58/0x13c [ 47.147754][ T4491] el0_svc+0x58/0x138 [ 47.148411][ T4491] el0t_64_sync_handler+0x84/0xf0 [ 47.149161][ T4491] el0t_64_sync+0x18c/0x190 [ 47.149856][ T4491] irq event stamp: 5499 [ 47.150501][ T4491] hardirqs last enabled at (5499): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 47.152128][ T4491] hardirqs last disabled at (5498): [] _raw_spin_lock_irqsave+0xa4/0xb4 [ 47.153705][ T4491] softirqs last enabled at (4232): [] local_bh_enable+0x10/0x34 [ 47.155267][ T4491] softirqs last disabled at (4230): [] local_bh_disable+0x10/0x34 [ 47.156853][ T4491] ---[ end trace 0000000000000000 ]--- [ 47.159536][ T4491] EXT4-fs (loop0): 1 orphan inode deleted [ 47.160505][ T4491] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 47.169740][ T4422] EXT4-fs (loop0): unmounting filesystem.