Warning: Permanently added '10.128.1.128' (ED25519) to the list of known hosts. 1970/01/01 00:00:32 parsed 1 programs syzkaller login: [ 33.732825][ T4325] cgroup: Unknown subsys name 'net' [ 34.019087][ T4325] cgroup: Unknown subsys name 'rlimit' [ 34.290967][ T4325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 41.395043][ T4362] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 41.396588][ T4362] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 41.398023][ T4362] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.399491][ T4362] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.400998][ T4362] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 41.402189][ T4362] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.531341][ T252] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.532657][ T252] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.534817][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 41.542776][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.543996][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.545513][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 42.036723][ T4398] chnl_net:caif_netlink_parms(): no params data found [ 42.054702][ T4398] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.055973][ T4398] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.058121][ T4398] device bridge_slave_0 entered promiscuous mode [ 42.060498][ T4398] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.061718][ T4398] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.063183][ T4398] device bridge_slave_1 entered promiscuous mode [ 42.070667][ T4398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.073049][ T4398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.081062][ T4398] team0: Port device team_slave_0 added [ 42.082850][ T4398] team0: Port device team_slave_1 added [ 42.089081][ T4398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.090214][ T4398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.094569][ T4398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.097404][ T4398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.098498][ T4398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.102716][ T4398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.168210][ T4398] device hsr_slave_0 entered promiscuous mode [ 42.206777][ T4398] device hsr_slave_1 entered promiscuous mode [ 42.298898][ T4398] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 42.356401][ T4398] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 42.408160][ T4398] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 42.456305][ T4398] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 42.521570][ T4398] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.522850][ T4398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.524258][ T4398] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.525371][ T4398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.537341][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.539189][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.559306][ T4398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.563013][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.565056][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.568052][ T4398] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.570366][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.571840][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.573333][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.574406][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.577286][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.578906][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.580340][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.581419][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.583758][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 42.595955][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 42.605150][ T4398] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 42.607727][ T4398] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 42.610157][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 42.612329][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.613934][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 42.616351][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.618047][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.619515][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.621453][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.623205][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.624629][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 42.625953][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 42.682881][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 42.684200][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 42.694506][ T4398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.700567][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.702217][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.708318][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.709928][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.711827][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.713256][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.715791][ T4398] device veth0_vlan entered promiscuous mode [ 42.721465][ T4398] device veth1_vlan entered promiscuous mode [ 42.729110][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 42.730842][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 42.732218][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 42.733793][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.736184][ T4398] device veth0_macvtap entered promiscuous mode [ 42.743039][ T4398] device veth1_macvtap entered promiscuous mode [ 42.749008][ T4398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.750248][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 42.751831][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 42.753234][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.754602][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.757389][ T4398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.758633][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.760130][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.762570][ T4398] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.763979][ T4398] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.765291][ T4398] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.766743][ T4398] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:43 executed programs: 0 [ 43.743211][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 43.745104][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 43.746423][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 43.749043][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 43.750300][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 43.751512][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 44.066921][ T4429] chnl_net:caif_netlink_parms(): no params data found [ 44.082507][ T4429] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.083818][ T4429] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.085380][ T4429] device bridge_slave_0 entered promiscuous mode [ 44.088225][ T4429] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.089428][ T4429] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.090846][ T4429] device bridge_slave_1 entered promiscuous mode [ 44.103849][ T4429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.106310][ T4429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.114059][ T4429] team0: Port device team_slave_0 added [ 44.115913][ T4429] team0: Port device team_slave_1 added [ 44.122728][ T4429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.123857][ T4429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.128670][ T4429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.130948][ T4429] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.131995][ T4429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.135822][ T4429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.177770][ T4429] device hsr_slave_0 entered promiscuous mode [ 44.226657][ T4429] device hsr_slave_1 entered promiscuous mode [ 44.266631][ T4429] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.267786][ T4429] Cannot create hsr debugfs directory [ 44.578249][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.766816][ T47] Bluetooth: hci0: command 0x0409 tx timeout [ 47.197719][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.846534][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 48.357972][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.478452][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.453565][ T4429] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 49.498295][ T4429] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 49.588287][ T4429] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 49.680060][ T4429] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 49.780481][ T4429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.783811][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.785405][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.789372][ T4429] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.791610][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.793237][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.794691][ T4437] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.795931][ T4437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.840775][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.843187][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.844724][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.846153][ T4437] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.847367][ T4437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.849887][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.852335][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.854924][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.857950][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.859446][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.862021][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.863617][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.866988][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.868829][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.871715][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.873392][ T4437] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.875858][ T4429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.926584][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 50.031838][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 50.033154][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 50.036866][ T4429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.042407][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 50.044076][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.049893][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.051390][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.052937][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.054368][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.056657][ T4429] device veth0_vlan entered promiscuous mode [ 50.059780][ T4429] device veth1_vlan entered promiscuous mode [ 50.068058][ T4429] device veth0_macvtap entered promiscuous mode [ 50.071820][ T9] device hsr_slave_0 left promiscuous mode [ 50.096924][ T9] device hsr_slave_1 left promiscuous mode [ 50.176650][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 50.177878][ T9] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 50.179640][ T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 50.180800][ T9] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 50.182291][ T9] device bridge_slave_1 left promiscuous mode [ 50.183683][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.247310][ T9] device bridge_slave_0 left promiscuous mode [ 50.248370][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.366971][ T9] device veth1_macvtap left promiscuous mode [ 50.368049][ T9] device veth0_macvtap left promiscuous mode [ 50.369067][ T9] device veth1_vlan left promiscuous mode [ 50.370131][ T9] device veth0_vlan left promiscuous mode [ 52.006561][ T47] Bluetooth: hci0: command 0x0419 tx timeout [ 52.307654][ T9] team0 (unregistering): Port device team_slave_1 removed [ 52.478373][ T9] team0 (unregistering): Port device team_slave_0 removed [ 52.656909][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 52.866978][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 55.437392][ T9] bond0 (unregistering): Released all slaves [ 55.650166][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 55.651842][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 55.653293][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 55.654749][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.656792][ T4429] device veth1_macvtap entered promiscuous mode [ 55.664736][ T4429] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.667919][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 55.669331][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.670826][ T252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.673680][ T4429] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.676378][ T4429] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.678068][ T4429] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.679353][ T4429] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.680699][ T4429] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.682734][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.684351][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 55.708414][ T4496] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.709676][ T4496] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.711430][ T4496] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 55.720007][ T4496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.721237][ T4496] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.722966][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 55.796753][ T4498] loop0: detected capacity change from 0 to 512 [ 55.810362][ T4498] [ 55.810814][ T4498] ====================================================== [ 55.811931][ T4498] WARNING: possible circular locking dependency detected [ 55.812973][ T4498] syzkaller #0 Not tainted [ 55.813621][ T4498] ------------------------------------------------------ [ 55.814589][ T4498] syz.0.17/4498 is trying to acquire lock: [ 55.815557][ T4498] ffff0000df1fab98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 55.817144][ T4498] [ 55.817144][ T4498] but task is already holding lock: [ 55.818211][ T4498] ffff0000ea06d108 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 55.819675][ T4498] [ 55.819675][ T4498] which lock already depends on the new lock. [ 55.819675][ T4498] [ 55.821374][ T4498] [ 55.821374][ T4498] the existing dependency chain (in reverse order) is: [ 55.822858][ T4498] [ 55.822858][ T4498] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 55.824090][ T4498] down_read+0x64/0x304 [ 55.824843][ T4498] ext4_setattr+0x7c4/0x150c [ 55.825663][ T4498] notify_change+0xb0c/0xdcc [ 55.826494][ T4498] chown_common+0x414/0x574 [ 55.827249][ T4498] do_fchownat+0x158/0x268 [ 55.827984][ T4498] __arm64_sys_fchownat+0xb8/0xd4 [ 55.828861][ T4498] invoke_syscall+0x98/0x2bc [ 55.829626][ T4498] el0_svc_common+0x138/0x258 [ 55.830358][ T4498] do_el0_svc+0x58/0x13c [ 55.831064][ T4498] el0_svc+0x58/0x138 [ 55.831738][ T4498] el0t_64_sync_handler+0x84/0xf0 [ 55.832662][ T4498] el0t_64_sync+0x18c/0x190 [ 55.833563][ T4498] [ 55.833563][ T4498] -> #1 (jbd2_handle){++++}-{0:0}: [ 55.834832][ T4498] start_this_handle+0xfe0/0x122c [ 55.835673][ T4498] jbd2__journal_start+0x288/0x51c [ 55.836554][ T4498] __ext4_journal_start_sb+0x2fc/0x674 [ 55.837513][ T4498] ext4_writepages+0xa28/0x284c [ 55.838428][ T4498] do_writepages+0x2c0/0x4fc [ 55.839266][ T4498] __writeback_single_inode+0x164/0x157c [ 55.840300][ T4498] writeback_sb_inodes+0x824/0x1404 [ 55.841246][ T4498] __writeback_inodes_wb+0x110/0x394 [ 55.842153][ T4498] wb_writeback+0x414/0xfb0 [ 55.842918][ T4498] wb_workfn+0xac0/0xd98 [ 55.843662][ T4498] process_one_work+0x7f4/0x13a8 [ 55.844641][ T4498] worker_thread+0x8c8/0xfbc [ 55.845418][ T4498] kthread+0x250/0x2d8 [ 55.846156][ T4498] ret_from_fork+0x10/0x20 [ 55.846988][ T4498] [ 55.846988][ T4498] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 55.848293][ T4498] __lock_acquire+0x293c/0x6544 [ 55.849082][ T4498] lock_acquire+0x20c/0x644 [ 55.849906][ T4498] percpu_down_read+0x70/0x2a8 [ 55.850729][ T4498] ext4_writepages+0x188/0x284c [ 55.851537][ T4498] do_writepages+0x2c0/0x4fc [ 55.852394][ T4498] __writeback_single_inode+0x164/0x157c [ 55.853487][ T4498] writeback_single_inode+0x1c0/0x720 [ 55.854486][ T4498] write_inode_now+0x144/0x1b0 [ 55.855389][ T4498] iput+0x5cc/0x7f4 [ 55.856179][ T4498] ext4_xattr_block_set+0x17a4/0x2810 [ 55.857169][ T4498] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 55.858187][ T4498] __ext4_expand_extra_isize+0x298/0x358 [ 55.859244][ T4498] __ext4_mark_inode_dirty+0x3e4/0x790 [ 55.860305][ T4498] ext4_evict_inode+0xb58/0x1270 [ 55.861207][ T4498] evict+0x3c8/0x810 [ 55.861975][ T4498] iput+0x764/0x7f4 [ 55.862645][ T4498] ext4_process_orphan+0x240/0x2b4 [ 55.863533][ T4498] ext4_orphan_cleanup+0x908/0x104c [ 55.864442][ T4498] ext4_fill_super+0x6920/0x6e34 [ 55.865442][ T4498] get_tree_bdev+0x358/0x544 [ 55.866335][ T4498] ext4_get_tree+0x28/0x38 [ 55.867152][ T4498] vfs_get_tree+0x90/0x274 [ 55.867976][ T4498] do_new_mount+0x228/0x810 [ 55.868780][ T4498] path_mount+0x5b4/0xe78 [ 55.869535][ T4498] __arm64_sys_mount+0x49c/0x584 [ 55.870409][ T4498] invoke_syscall+0x98/0x2bc [ 55.871276][ T4498] el0_svc_common+0x138/0x258 [ 55.872194][ T4498] do_el0_svc+0x58/0x13c [ 55.873003][ T4498] el0_svc+0x58/0x138 [ 55.873756][ T4498] el0t_64_sync_handler+0x84/0xf0 [ 55.874661][ T4498] el0t_64_sync+0x18c/0x190 [ 55.875490][ T4498] [ 55.875490][ T4498] other info that might help us debug this: [ 55.875490][ T4498] [ 55.877103][ T4498] Chain exists of: [ 55.877103][ T4498] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 55.877103][ T4498] [ 55.879373][ T4498] Possible unsafe locking scenario: [ 55.879373][ T4498] [ 55.880568][ T4498] CPU0 CPU1 [ 55.881428][ T4498] ---- ---- [ 55.882349][ T4498] lock(&ei->xattr_sem); [ 55.883044][ T4498] lock(jbd2_handle); [ 55.884077][ T4498] lock(&ei->xattr_sem); [ 55.885083][ T4498] lock(&sbi->s_writepages_rwsem); [ 55.885901][ T4498] [ 55.885901][ T4498] *** DEADLOCK *** [ 55.885901][ T4498] [ 55.887092][ T4498] 3 locks held by syz.0.17/4498: [ 55.887858][ T4498] #0: ffff0000df1f80e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 55.889567][ T4498] #1: ffff0000df1f8650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 55.891087][ T4498] #2: ffff0000ea06d108 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 55.892782][ T4498] [ 55.892782][ T4498] stack backtrace: [ 55.893782][ T4498] CPU: 0 PID: 4498 Comm: syz.0.17 Not tainted syzkaller #0 [ 55.895017][ T4498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 55.896718][ T4498] Call trace: [ 55.897269][ T4498] dump_backtrace+0x1c8/0x1f4 [ 55.898046][ T4498] show_stack+0x2c/0x3c [ 55.898821][ T4498] __dump_stack+0x30/0x40 [ 55.899545][ T4498] dump_stack_lvl+0xf8/0x160 [ 55.900270][ T4498] dump_stack+0x1c/0x5c [ 55.900936][ T4498] print_circular_bug+0x148/0x1b0 [ 55.901748][ T4498] check_noncircular+0x240/0x2d4 [ 55.902549][ T4498] __lock_acquire+0x293c/0x6544 [ 55.903346][ T4498] lock_acquire+0x20c/0x644 [ 55.904051][ T4498] percpu_down_read+0x70/0x2a8 [ 55.904793][ T4498] ext4_writepages+0x188/0x284c [ 55.905568][ T4498] do_writepages+0x2c0/0x4fc [ 55.906414][ T4498] __writeback_single_inode+0x164/0x157c [ 55.907438][ T4498] writeback_single_inode+0x1c0/0x720 [ 55.908333][ T4498] write_inode_now+0x144/0x1b0 [ 55.909128][ T4498] iput+0x5cc/0x7f4 [ 55.909735][ T4498] ext4_xattr_block_set+0x17a4/0x2810 [ 55.910607][ T4498] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 55.911487][ T4498] __ext4_expand_extra_isize+0x298/0x358 [ 55.912415][ T4498] __ext4_mark_inode_dirty+0x3e4/0x790 [ 55.913323][ T4498] ext4_evict_inode+0xb58/0x1270 [ 55.914164][ T4498] evict+0x3c8/0x810 [ 55.914783][ T4498] iput+0x764/0x7f4 [ 55.915401][ T4498] ext4_process_orphan+0x240/0x2b4 [ 55.916216][ T4498] ext4_orphan_cleanup+0x908/0x104c [ 55.917089][ T4498] ext4_fill_super+0x6920/0x6e34 [ 55.917861][ T4498] get_tree_bdev+0x358/0x544 [ 55.918585][ T4498] ext4_get_tree+0x28/0x38 [ 55.919370][ T4498] vfs_get_tree+0x90/0x274 [ 55.920127][ T4498] do_new_mount+0x228/0x810 [ 55.920819][ T4498] path_mount+0x5b4/0xe78 [ 55.921502][ T4498] __arm64_sys_mount+0x49c/0x584 [ 55.922308][ T4498] invoke_syscall+0x98/0x2bc [ 55.923068][ T4498] el0_svc_common+0x138/0x258 [ 55.923840][ T4498] do_el0_svc+0x58/0x13c [ 55.924513][ T4498] el0_svc+0x58/0x138 [ 55.925143][ T4498] el0t_64_sync_handler+0x84/0xf0 [ 55.925905][ T4498] el0t_64_sync+0x18c/0x190 [ 55.928094][ T4498] ------------[ cut here ]------------ [ 55.928926][ T4498] EA inode 11 i_nlink=2 [ 55.929003][ T4498] WARNING: CPU: 0 PID: 4498 at fs/ext4/xattr.c:1022 ext4_xattr_inode_update_ref+0x42c/0x470 [ 55.931023][ T4498] Modules linked in: [ 55.931545][ T4498] CPU: 0 PID: 4498 Comm: syz.0.17 Not tainted syzkaller #0 [ 55.932581][ T4498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 55.934137][ T4498] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 55.935452][ T4498] pc : ext4_xattr_inode_update_ref+0x42c/0x470 [ 55.936482][ T4498] lr : ext4_xattr_inode_update_ref+0x42c/0x470 [ 55.937461][ T4498] sp : ffff800021416e60 [ 55.938120][ T4498] x29: ffff800021416f00 x28: 0000000000000000 x27: dfff800000000000 [ 55.939472][ T4498] x26: 1fffe0001d40de60 x25: ffff700004282dd0 x24: 0000000000000000 [ 55.940785][ T4498] x23: ffff800017a8a000 x22: ffff0000ea06f148 x21: 0000000000000002 [ 55.942148][ T4498] x20: 0000000000000001 x19: ffff0000ea06f108 x18: ffff800011abbcc0 [ 55.943456][ T4498] x17: 0000000000000000 x16: ffff800008042d90 x15: 0000000000000000 [ 55.944769][ T4498] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 55.946095][ T4498] x11: ff00800008191ca8 x10: 0000000000000000 x9 : 7720151815dd5f00 [ 55.947452][ T4498] x8 : 7720151815dd5f00 x7 : 0000000000000001 x6 : 0000000000000001 [ 55.948764][ T4498] x5 : ffff8000214168f8 x4 : ffff8000151a4920 x3 : ffff800008311fd8 [ 55.950052][ T4498] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 55.951481][ T4498] Call trace: [ 55.952033][ T4498] ext4_xattr_inode_update_ref+0x42c/0x470 [ 55.952998][ T4498] ext4_xattr_set_entry+0x918/0x15ac [ 55.953909][ T4498] ext4_xattr_ibody_set+0x204/0x600 [ 55.954759][ T4498] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 55.955739][ T4498] __ext4_expand_extra_isize+0x298/0x358 [ 55.956664][ T4498] __ext4_mark_inode_dirty+0x3e4/0x790 [ 55.957530][ T4498] ext4_evict_inode+0xb58/0x1270 [ 55.958352][ T4498] evict+0x3c8/0x810 [ 55.959004][ T4498] iput+0x764/0x7f4 [ 55.959638][ T4498] ext4_process_orphan+0x240/0x2b4 [ 55.960481][ T4498] ext4_orphan_cleanup+0x908/0x104c [ 55.961371][ T4498] ext4_fill_super+0x6920/0x6e34 [ 55.962160][ T4498] get_tree_bdev+0x358/0x544 [ 55.962912][ T4498] ext4_get_tree+0x28/0x38 [ 55.963670][ T4498] vfs_get_tree+0x90/0x274 [ 55.964430][ T4498] do_new_mount+0x228/0x810 [ 55.965203][ T4498] path_mount+0x5b4/0xe78 [ 55.965923][ T4498] __arm64_sys_mount+0x49c/0x584 [ 55.966781][ T4498] invoke_syscall+0x98/0x2bc [ 55.967488][ T4498] el0_svc_common+0x138/0x258 [ 55.968300][ T4498] do_el0_svc+0x58/0x13c [ 55.969008][ T4498] el0_svc+0x58/0x138 [ 55.969664][ T4498] el0t_64_sync_handler+0x84/0xf0 [ 55.970472][ T4498] el0t_64_sync+0x18c/0x190 [ 55.971144][ T4498] irq event stamp: 4179 [ 55.971812][ T4498] hardirqs last enabled at (4179): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 55.973437][ T4498] hardirqs last disabled at (4178): [] _raw_spin_lock_irqsave+0xa4/0xb4 [ 55.975021][ T4498] softirqs last enabled at (2870): [] handle_softirqs+0xaf8/0xc6c [ 55.976544][ T4498] softirqs last disabled at (2857): [] __do_softirq+0x14/0x20 [ 55.977943][ T4498] ---[ end trace 0000000000000000 ]--- [ 55.979597][ T4498] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 55.981860][ T4498] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 55.983977][ T4498] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 55.986213][ T4498] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 55.990212][ T4498] EXT4-fs (loop0): 1 orphan inode deleted [ 55.991040][ T4498] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 56.001280][ T4429] EXT4-fs (loop0): unmounting filesystem.