Warning: Permanently added '10.128.0.24' (ED25519) to the list of known hosts. 1970/01/01 00:00:31 parsed 1 programs syzkaller login: [ 32.948739][ T4325] cgroup: Unknown subsys name 'net' [ 33.207340][ T4325] cgroup: Unknown subsys name 'rlimit' [ 33.490800][ T4325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 38.378906][ T4357] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 38.380612][ T4359] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 38.382081][ T4359] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 38.383791][ T4359] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 38.387280][ T4359] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 38.388557][ T4359] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 38.492546][ T552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.493841][ T552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.496399][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 38.503055][ T277] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.504408][ T277] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.506499][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 39.118247][ T4406] chnl_net:caif_netlink_parms(): no params data found [ 39.135339][ T4406] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.136641][ T4406] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.138212][ T4406] device bridge_slave_0 entered promiscuous mode [ 39.140469][ T4406] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.141672][ T4406] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.143120][ T4406] device bridge_slave_1 entered promiscuous mode [ 39.151120][ T4406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.153631][ T4406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.160502][ T4406] team0: Port device team_slave_0 added [ 39.162679][ T4406] team0: Port device team_slave_1 added [ 39.171377][ T4406] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.172651][ T4406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.176875][ T4406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.179641][ T4406] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.180750][ T4406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.185068][ T4406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.235931][ T4406] device hsr_slave_0 entered promiscuous mode [ 39.274988][ T4406] device hsr_slave_1 entered promiscuous mode [ 39.349529][ T4406] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 39.376339][ T4406] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 39.425883][ T4406] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 39.476655][ T4406] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.560387][ T4406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.563721][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.566173][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.569803][ T4406] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.572100][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.573789][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.576278][ T552] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.577497][ T552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.579221][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.591462][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.593148][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.595548][ T552] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.596764][ T552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.599342][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 39.601882][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 39.604469][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 39.607339][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.609172][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.612111][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 39.613806][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.628425][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.630114][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.632981][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.635518][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.638208][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.687322][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.688725][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.691837][ T4406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.698579][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.700163][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.706882][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.708330][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.709972][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.711363][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.713529][ T4406] device veth0_vlan entered promiscuous mode [ 39.727510][ T4406] device veth1_vlan entered promiscuous mode [ 39.734068][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 39.736254][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 39.737715][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.739230][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.741675][ T4406] device veth0_macvtap entered promiscuous mode [ 39.744107][ T4406] device veth1_macvtap entered promiscuous mode [ 39.752447][ T4406] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.753780][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 39.756172][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 39.757562][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.759195][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.762288][ T4406] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.763526][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.765195][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.768412][ T4406] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.769857][ T4406] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.771249][ T4406] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.772534][ T4406] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:40 executed programs: 0 [ 40.032685][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.034211][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.036074][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.037563][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.039070][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 40.040293][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 40.377280][ T4433] chnl_net:caif_netlink_parms(): no params data found [ 40.392493][ T4433] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.393758][ T4433] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.395519][ T4433] device bridge_slave_0 entered promiscuous mode [ 40.397420][ T4433] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.398624][ T4433] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.399969][ T4433] device bridge_slave_1 entered promiscuous mode [ 40.407214][ T4433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.409620][ T4433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.729495][ T4433] team0: Port device team_slave_0 added [ 40.733578][ T4433] team0: Port device team_slave_1 added [ 40.741621][ T4433] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.742812][ T4433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.747127][ T4433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.750076][ T4433] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.751209][ T4433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.755630][ T4433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.845876][ T4433] device hsr_slave_0 entered promiscuous mode [ 40.884841][ T4433] device hsr_slave_1 entered promiscuous mode [ 40.934718][ T4433] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.936099][ T4433] Cannot create hsr debugfs directory [ 41.155980][ T4433] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.095137][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 43.585914][ T4433] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.174761][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 45.315452][ T4433] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.407263][ T4433] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.672499][ T4433] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 45.758203][ T4433] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 45.848672][ T4433] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 45.885701][ T4433] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 45.974338][ T4433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.978954][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.980482][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.983024][ T4433] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.986039][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.987636][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.989136][ T552] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.990259][ T552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.991612][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.994043][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.996464][ T552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.997875][ T552] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.999166][ T552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.003020][ T11] device hsr_slave_0 left promiscuous mode [ 46.045078][ T11] device hsr_slave_1 left promiscuous mode [ 46.134730][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.135990][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 46.137704][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.138859][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 46.140283][ T11] device bridge_slave_1 left promiscuous mode [ 46.141344][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.175406][ T11] device bridge_slave_0 left promiscuous mode [ 46.176397][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.254764][ T4359] Bluetooth: hci0: command 0x040f tx timeout [ 46.304898][ T11] device veth1_macvtap left promiscuous mode [ 46.305999][ T11] device veth0_macvtap left promiscuous mode [ 46.306928][ T11] device veth1_vlan left promiscuous mode [ 46.307957][ T11] device veth0_vlan left promiscuous mode [ 48.125771][ T11] team0 (unregistering): Port device team_slave_1 removed [ 48.305843][ T11] team0 (unregistering): Port device team_slave_0 removed [ 48.334640][ T47] Bluetooth: hci0: command 0x0419 tx timeout [ 48.475099][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 48.715985][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 51.216460][ T11] bond0 (unregistering): Released all slaves [ 51.445106][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.446778][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.448393][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.450051][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.451597][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.453401][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.455665][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.459666][ T4433] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 51.461276][ T4433] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 51.463931][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.466273][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.467979][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.469522][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.471261][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.523927][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.525220][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.529118][ T4433] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.536191][ T1641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 51.537873][ T1641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.542891][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 51.544762][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.546379][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.547730][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.549915][ T4433] device veth0_vlan entered promiscuous mode [ 51.552896][ T4433] device veth1_vlan entered promiscuous mode [ 51.559903][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 51.561410][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 51.562892][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 51.564510][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.567821][ T4433] device veth0_macvtap entered promiscuous mode [ 51.570573][ T4433] device veth1_macvtap entered promiscuous mode [ 51.575674][ T4433] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 51.577362][ T1641] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 51.578871][ T1641] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 51.580311][ T1641] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.581867][ T1641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.584180][ T4433] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 51.586742][ T4433] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.588138][ T4433] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.589592][ T4433] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.591073][ T4433] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.593133][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.596529][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.619481][ T1641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.620775][ T1641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.624541][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 51.629569][ T277] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.630955][ T277] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.632710][ T277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 51.676099][ T4462] loop0: detected capacity change from 0 to 512 [ 51.689373][ T4462] [ 51.689774][ T4462] ====================================================== [ 51.691007][ T4462] WARNING: possible circular locking dependency detected [ 51.692235][ T4462] syzkaller #0 Not tainted [ 51.692907][ T4462] ------------------------------------------------------ [ 51.693946][ T4462] syz.0.17/4462 is trying to acquire lock: [ 51.694820][ T4462] ffff0000c3eaab98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 51.696430][ T4462] [ 51.696430][ T4462] but task is already holding lock: [ 51.697633][ T4462] ffff0000e92594d8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 51.699247][ T4462] [ 51.699247][ T4462] which lock already depends on the new lock. [ 51.699247][ T4462] [ 51.700922][ T4462] [ 51.700922][ T4462] the existing dependency chain (in reverse order) is: [ 51.702378][ T4462] [ 51.702378][ T4462] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 51.703677][ T4462] down_read+0x64/0x304 [ 51.704432][ T4462] ext4_setattr+0x7c4/0x150c [ 51.705228][ T4462] notify_change+0xb0c/0xdcc [ 51.706071][ T4462] chown_common+0x414/0x574 [ 51.706790][ T4462] do_fchownat+0x158/0x268 [ 51.707537][ T4462] __arm64_sys_fchownat+0xb8/0xd4 [ 51.708328][ T4462] invoke_syscall+0x98/0x2bc [ 51.709230][ T4462] el0_svc_common+0x138/0x258 [ 51.710144][ T4462] do_el0_svc+0x58/0x13c [ 51.710940][ T4462] el0_svc+0x58/0x138 [ 51.711731][ T4462] el0t_64_sync_handler+0x84/0xf0 [ 51.712631][ T4462] el0t_64_sync+0x18c/0x190 [ 51.713518][ T4462] [ 51.713518][ T4462] -> #1 (jbd2_handle){++++}-{0:0}: [ 51.714715][ T4462] start_this_handle+0xfe0/0x122c [ 51.715654][ T4462] jbd2__journal_start+0x288/0x51c [ 51.716568][ T4462] __ext4_journal_start_sb+0x2fc/0x674 [ 51.717500][ T4462] ext4_writepages+0xa28/0x284c [ 51.718466][ T4462] do_writepages+0x2c0/0x4fc [ 51.719332][ T4462] __writeback_single_inode+0x164/0x157c [ 51.720351][ T4462] writeback_sb_inodes+0x824/0x1404 [ 51.721246][ T4462] __writeback_inodes_wb+0x110/0x394 [ 51.722120][ T4462] wb_writeback+0x414/0xfb0 [ 51.722854][ T4462] wb_workfn+0xac0/0xd98 [ 51.723609][ T4462] process_one_work+0x7f4/0x13a8 [ 51.724496][ T4462] worker_thread+0x8c8/0xfbc [ 51.725360][ T4462] kthread+0x250/0x2d8 [ 51.726143][ T4462] ret_from_fork+0x10/0x20 [ 51.727003][ T4462] [ 51.727003][ T4462] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 51.728490][ T4462] __lock_acquire+0x293c/0x6544 [ 51.729435][ T4462] lock_acquire+0x20c/0x644 [ 51.730366][ T4462] percpu_down_read+0x70/0x2a8 [ 51.731272][ T4462] ext4_writepages+0x188/0x284c [ 51.732121][ T4462] do_writepages+0x2c0/0x4fc [ 51.732936][ T4462] __writeback_single_inode+0x164/0x157c [ 51.733986][ T4462] writeback_single_inode+0x1c0/0x720 [ 51.734975][ T4462] write_inode_now+0x144/0x1b0 [ 51.735871][ T4462] iput+0x5cc/0x7f4 [ 51.736649][ T4462] ext4_xattr_block_set+0x17a4/0x2810 [ 51.737608][ T4462] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 51.738585][ T4462] __ext4_expand_extra_isize+0x298/0x358 [ 51.739605][ T4462] __ext4_mark_inode_dirty+0x3e4/0x790 [ 51.740688][ T4462] ext4_evict_inode+0xb58/0x1270 [ 51.741579][ T4462] evict+0x3c8/0x810 [ 51.742304][ T4462] iput+0x764/0x7f4 [ 51.743051][ T4462] ext4_process_orphan+0x240/0x2b4 [ 51.744006][ T4462] ext4_orphan_cleanup+0x908/0x104c [ 51.744999][ T4462] ext4_fill_super+0x6920/0x6e34 [ 51.745880][ T4462] get_tree_bdev+0x358/0x544 [ 51.746600][ T4462] ext4_get_tree+0x28/0x38 [ 51.747393][ T4462] vfs_get_tree+0x90/0x274 [ 51.748119][ T4462] do_new_mount+0x228/0x810 [ 51.748935][ T4462] path_mount+0x5b4/0xe78 [ 51.749719][ T4462] __arm64_sys_mount+0x49c/0x584 [ 51.750607][ T4462] invoke_syscall+0x98/0x2bc [ 51.751490][ T4462] el0_svc_common+0x138/0x258 [ 51.752351][ T4462] do_el0_svc+0x58/0x13c [ 51.753101][ T4462] el0_svc+0x58/0x138 [ 51.753834][ T4462] el0t_64_sync_handler+0x84/0xf0 [ 51.754652][ T4462] el0t_64_sync+0x18c/0x190 [ 51.755433][ T4462] [ 51.755433][ T4462] other info that might help us debug this: [ 51.755433][ T4462] [ 51.756998][ T4462] Chain exists of: [ 51.756998][ T4462] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 51.756998][ T4462] [ 51.758985][ T4462] Possible unsafe locking scenario: [ 51.758985][ T4462] [ 51.760081][ T4462] CPU0 CPU1 [ 51.760891][ T4462] ---- ---- [ 51.761654][ T4462] lock(&ei->xattr_sem); [ 51.762306][ T4462] lock(jbd2_handle); [ 51.763311][ T4462] lock(&ei->xattr_sem); [ 51.764453][ T4462] lock(&sbi->s_writepages_rwsem); [ 51.765266][ T4462] [ 51.765266][ T4462] *** DEADLOCK *** [ 51.765266][ T4462] [ 51.766588][ T4462] 3 locks held by syz.0.17/4462: [ 51.767378][ T4462] #0: ffff0000c3ea80e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 51.769034][ T4462] #1: ffff0000c3ea8650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 51.770472][ T4462] #2: ffff0000e92594d8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 51.772092][ T4462] [ 51.772092][ T4462] stack backtrace: [ 51.773004][ T4462] CPU: 1 PID: 4462 Comm: syz.0.17 Not tainted syzkaller #0 [ 51.774168][ T4462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 51.775802][ T4462] Call trace: [ 51.776319][ T4462] dump_backtrace+0x1c8/0x1f4 [ 51.777080][ T4462] show_stack+0x2c/0x3c [ 51.777749][ T4462] __dump_stack+0x30/0x40 [ 51.778477][ T4462] dump_stack_lvl+0xf8/0x160 [ 51.779297][ T4462] dump_stack+0x1c/0x5c [ 51.780037][ T4462] print_circular_bug+0x148/0x1b0 [ 51.780798][ T4462] check_noncircular+0x240/0x2d4 [ 51.781531][ T4462] __lock_acquire+0x293c/0x6544 [ 51.782296][ T4462] lock_acquire+0x20c/0x644 [ 51.783002][ T4462] percpu_down_read+0x70/0x2a8 [ 51.783702][ T4462] ext4_writepages+0x188/0x284c [ 51.784488][ T4462] do_writepages+0x2c0/0x4fc [ 51.785162][ T4462] __writeback_single_inode+0x164/0x157c [ 51.786111][ T4462] writeback_single_inode+0x1c0/0x720 [ 51.787099][ T4462] write_inode_now+0x144/0x1b0 [ 51.787835][ T4462] iput+0x5cc/0x7f4 [ 51.788524][ T4462] ext4_xattr_block_set+0x17a4/0x2810 [ 51.789433][ T4462] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 51.790417][ T4462] __ext4_expand_extra_isize+0x298/0x358 [ 51.791333][ T4462] __ext4_mark_inode_dirty+0x3e4/0x790 [ 51.792213][ T4462] ext4_evict_inode+0xb58/0x1270 [ 51.793045][ T4462] evict+0x3c8/0x810 [ 51.793666][ T4462] iput+0x764/0x7f4 [ 51.794258][ T4462] ext4_process_orphan+0x240/0x2b4 [ 51.795095][ T4462] ext4_orphan_cleanup+0x908/0x104c [ 51.795859][ T4462] ext4_fill_super+0x6920/0x6e34 [ 51.796606][ T4462] get_tree_bdev+0x358/0x544 [ 51.797354][ T4462] ext4_get_tree+0x28/0x38 [ 51.798052][ T4462] vfs_get_tree+0x90/0x274 [ 51.798713][ T4462] do_new_mount+0x228/0x810 [ 51.799373][ T4462] path_mount+0x5b4/0xe78 [ 51.799990][ T4462] __arm64_sys_mount+0x49c/0x584 [ 51.800825][ T4462] invoke_syscall+0x98/0x2bc [ 51.801558][ T4462] el0_svc_common+0x138/0x258 [ 51.802303][ T4462] do_el0_svc+0x58/0x13c [ 51.803004][ T4462] el0_svc+0x58/0x138 [ 51.803608][ T4462] el0t_64_sync_handler+0x84/0xf0 [ 51.804328][ T4462] el0t_64_sync+0x18c/0x190 [ 51.806656][ T4462] ------------[ cut here ]------------ [ 51.807472][ T4462] EA inode 11 i_nlink=2 [ 51.807546][ T4462] WARNING: CPU: 1 PID: 4462 at fs/ext4/xattr.c:1021 ext4_xattr_inode_update_ref+0x468/0x4ac [ 51.809696][ T4462] Modules linked in: [ 51.810269][ T4462] CPU: 1 PID: 4462 Comm: syz.0.17 Not tainted syzkaller #0 [ 51.811409][ T4462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 51.812881][ T4462] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 51.813996][ T4462] pc : ext4_xattr_inode_update_ref+0x468/0x4ac [ 51.815103][ T4462] lr : ext4_xattr_inode_update_ref+0x464/0x4ac [ 51.816201][ T4462] sp : ffff8000210f6e80 [ 51.816849][ T4462] x29: ffff8000210f6f00 x28: 0000000000000000 x27: dfff800000000000 [ 51.818158][ T4462] x26: 1fffe0001d24b6da x25: ffff70000421edd0 x24: 0000000000000000 [ 51.819360][ T4462] x23: ffff800017a8b000 x22: ffff8000210f6e80 x21: 0000000000000002 [ 51.820543][ T4462] x20: 0000000000000001 x19: ffff0000e925b4d8 x18: ffff800011abbcc0 [ 51.821761][ T4462] x17: 0000000000000000 x16: ffff800008042c8c x15: 0000000000000000 [ 51.823169][ T4462] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 51.824561][ T4462] x11: ff00800008191ca8 x10: 0000000000000000 x9 : 85042377b2bcdf00 [ 51.825991][ T4462] x8 : 85042377b2bcdf00 x7 : 0000000000000001 x6 : 0000000000000001 [ 51.827295][ T4462] x5 : ffff8000210f6918 x4 : ffff8000151a4820 x3 : ffff800008311d00 [ 51.828592][ T4462] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 51.829913][ T4462] Call trace: [ 51.830507][ T4462] ext4_xattr_inode_update_ref+0x468/0x4ac [ 51.831556][ T4462] ext4_xattr_set_entry+0x918/0x15ac [ 51.832431][ T4462] ext4_xattr_ibody_set+0x204/0x600 [ 51.833301][ T4462] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 51.834243][ T4462] __ext4_expand_extra_isize+0x298/0x358 [ 51.835171][ T4462] __ext4_mark_inode_dirty+0x3e4/0x790 [ 51.836081][ T4462] ext4_evict_inode+0xb58/0x1270 [ 51.836955][ T4462] evict+0x3c8/0x810 [ 51.837601][ T4462] iput+0x764/0x7f4 [ 51.838324][ T4462] ext4_process_orphan+0x240/0x2b4 [ 51.839215][ T4462] ext4_orphan_cleanup+0x908/0x104c [ 51.840021][ T4462] ext4_fill_super+0x6920/0x6e34 [ 51.840858][ T4462] get_tree_bdev+0x358/0x544 [ 51.841591][ T4462] ext4_get_tree+0x28/0x38 [ 51.842386][ T4462] vfs_get_tree+0x90/0x274 [ 51.843125][ T4462] do_new_mount+0x228/0x810 [ 51.843825][ T4462] path_mount+0x5b4/0xe78 [ 51.844528][ T4462] __arm64_sys_mount+0x49c/0x584 [ 51.845295][ T4462] invoke_syscall+0x98/0x2bc [ 51.846083][ T4462] el0_svc_common+0x138/0x258 [ 51.846820][ T4462] do_el0_svc+0x58/0x13c [ 51.847533][ T4462] el0_svc+0x58/0x138 [ 51.848173][ T4462] el0t_64_sync_handler+0x84/0xf0 [ 51.849024][ T4462] el0t_64_sync+0x18c/0x190 [ 51.849774][ T4462] irq event stamp: 4305 [ 51.850484][ T4462] hardirqs last enabled at (4305): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 51.852347][ T4462] hardirqs last disabled at (4304): [] _raw_spin_lock_irqsave+0xa4/0xb4 [ 51.853898][ T4462] softirqs last enabled at (2344): [] handle_softirqs+0xaf8/0xc6c [ 51.855385][ T4462] softirqs last disabled at (2311): [] __do_softirq+0x14/0x20 [ 51.856938][ T4462] ---[ end trace 0000000000000000 ]--- [ 51.858556][ T4462] EXT4-fs (loop0): 1 orphan inode deleted [ 51.859450][ T4462] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 51.874210][ T4433] EXT4-fs (loop0): unmounting filesystem.