[ 15.246783][ T5600] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.257576][ T5600] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.308326][ T39] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.313060][ T5510] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.240' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.905869][ T5925] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5925 'syz-executor329' [ 35.912941][ T5925] loop0: detected capacity change from 0 to 512 [ 35.916698][ T5925] EXT4-fs: Ignoring removed mblk_io_submit option [ 35.919533][ T5925] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 35.927164][ T5925] EXT4-fs error (device loop0): ext4_xattr_inode_iget:436: inode #12: comm syz-executor329: casefold flag without casefold feature [ 35.931373][ T5925] ------------[ cut here ]------------ [ 35.932531][ T5925] Looking for class "&ea_inode->i_rwsem" with key ext4_fs_type, but found a different class "&type->i_mutex_dir_key" with the same key [ 35.935429][ T5925] WARNING: CPU: 0 PID: 5925 at kernel/locking/lockdep.c:941 look_up_lock_class+0xec/0x158 [ 35.937558][ T5925] Modules linked in: [ 35.938425][ T5925] CPU: 0 PID: 5925 Comm: syz-executor329 Not tainted 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0 [ 35.940729][ T5925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 35.942894][ T5925] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 35.944648][ T5925] pc : look_up_lock_class+0xec/0x158 [ 35.945885][ T5925] lr : look_up_lock_class+0xec/0x158 [ 35.946985][ T5925] sp : ffff80001e4f6d50 [ 35.947957][ T5925] x29: ffff80001e4f6d50 x28: dfff800000000000 x27: 0000000100000000 [ 35.949654][ T5925] x26: ffff80001a0a7600 x25: ffff80001a0a7000 x24: ffff0000c41d3680 [ 35.951337][ T5925] x23: ffff800015cbeeb8 x22: 0000000000000000 x21: ffff8000160dae79 [ 35.953035][ T5925] x20: ffff0000deafca38 x19: ffff800018ce62c0 x18: 1fffe0003684a5b6 [ 35.954925][ T5925] x17: 0000000000000000 x16: ffff80001236e294 x15: 0000000000000002 [ 35.956783][ T5925] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001 [ 35.958607][ T5925] x11: 0000000000000000 x10: 0000000000000000 x9 : 66fe3f0fc92a9f00 [ 35.960444][ T5925] x8 : 66fe3f0fc92a9f00 x7 : 0000000000000001 x6 : 0000000000000001 [ 35.962160][ T5925] x5 : ffff80001e4f6638 x4 : ffff800015e4ccc0 x3 : ffff800008584230 [ 35.963889][ T5925] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 35.965905][ T5925] Call trace: [ 35.966736][ T5925] look_up_lock_class+0xec/0x158 [ 35.967843][ T5925] register_lock_class+0x8c/0x6a4 [ 35.969257][ T5925] lockdep_init_map_type+0x348/0x7b8 [ 35.970377][ T5925] ext4_xattr_inode_iget+0x278/0x4b8 [ 35.971528][ T5925] ext4_xattr_inode_get+0x12c/0x37c [ 35.972652][ T5925] ext4_expand_extra_isize_ea+0xbbc/0x16b4 [ 35.973940][ T5925] __ext4_expand_extra_isize+0x290/0x348 [ 35.975265][ T5925] __ext4_mark_inode_dirty+0x448/0x848 [ 35.976548][ T5925] ext4_evict_inode+0xb58/0x1254 [ 35.977766][ T5925] evict+0x260/0x68c [ 35.978662][ T5925] iput+0x734/0x818 [ 35.979547][ T5925] ext4_process_orphan+0x244/0x2b8 [ 35.980771][ T5925] ext4_orphan_cleanup+0x968/0x1140 [ 35.981936][ T5925] ext4_fill_super+0x644c/0x6a30 [ 35.983057][ T5925] get_tree_bdev+0x360/0x54c [ 35.984071][ T5925] ext4_get_tree+0x28/0x38 [ 35.985037][ T5925] vfs_get_tree+0x90/0x274 [ 35.985982][ T5925] do_new_mount+0x25c/0x8c8 [ 35.986946][ T5925] path_mount+0x590/0xe04 [ 35.987872][ T5925] __arm64_sys_mount+0x45c/0x594 [ 35.988957][ T5925] invoke_syscall+0x98/0x2c0 [ 35.989943][ T5925] el0_svc_common+0x138/0x258 [ 35.991040][ T5925] do_el0_svc+0x64/0x198 [ 35.991983][ T5925] el0_svc+0x4c/0x15c [ 35.992818][ T5925] el0t_64_sync_handler+0x84/0xf0 [ 35.993915][ T5925] el0t_64_sync+0x190/0x194 [ 35.994867][ T5925] irq event stamp: 16287 [ 35.995778][ T5925] hardirqs last enabled at (16287): [] finish_lock_switch+0xbc/0x1e4 [ 35.997897][ T5925] hardirqs last disabled at (16286): [] __schedule+0x298/0x1e2c [ 35.999934][ T5925] softirqs last enabled at (16254): [] __do_softirq+0xac0/0xd54 [ 36.002017][ T5925] softirqs last disabled at (16223): [] ____do_softirq+0x14/0x20 [ 36.004117][ T5925] ---[ end trace 0000000000000000 ]--- [ 36.005533][ T5925] [ 36.006076][ T5925] ====================================================== [ 36.007683][ T5925] WARNING: possible circular locking dependency detected [ 36.009254][ T5925] 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0 Tainted: G W [ 36.011046][ T5925] ------------------------------------------------------ [ 36.012666][ T5925] syz-executor329/5925 is trying to acquire lock: [ 36.014093][ T5925] ffff0000deafca38 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x3a8/0x4b8 [ 36.016456][ T5925] [ 36.016456][ T5925] but task is already holding lock: [ 36.018080][ T5925] ffff0000deafbcf8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3c8/0x848 [ 36.020252][ T5925] [ 36.020252][ T5925] which lock already depends on the new lock. [ 36.020252][ T5925] [ 36.022532][ T5925] [ 36.022532][ T5925] the existing dependency chain (in reverse order) is: [ 36.024407][ T5925] [ 36.024407][ T5925] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 36.026064][ T5925] down_read+0x50/0x6c [ 36.027141][ T5925] ext4_xattr_get+0xe0/0x6f4 [ 36.028280][ T5925] ext4_xattr_security_get+0x40/0x54 [ 36.029600][ T5925] __vfs_getxattr+0x394/0x3c0 [ 36.030762][ T5925] smk_fetch+0xc8/0x150 [ 36.031793][ T5925] smack_d_instantiate+0x5a0/0x938 [ 36.033112][ T5925] security_d_instantiate+0x98/0xf0 [ 36.034348][ T5925] d_splice_alias+0x70/0x310 [ 36.035511][ T5925] ext4_lookup+0x220/0x5f0 [ 36.036597][ T5925] __lookup_hash+0x108/0x230 [ 36.037726][ T5925] filename_create+0x22c/0x464 [ 36.038893][ T5925] do_mkdirat+0xac/0x610 [ 36.039911][ T5925] __arm64_sys_mkdirat+0x90/0xa8 [ 36.041260][ T5925] invoke_syscall+0x98/0x2c0 [ 36.042450][ T5925] el0_svc_common+0x138/0x258 [ 36.043679][ T5925] do_el0_svc+0x64/0x198 [ 36.044798][ T5925] el0_svc+0x4c/0x15c [ 36.045832][ T5925] el0t_64_sync_handler+0x84/0xf0 [ 36.047041][ T5925] el0t_64_sync+0x190/0x194 [ 36.048157][ T5925] [ 36.048157][ T5925] -> #0 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}: [ 36.050151][ T5925] __lock_acquire+0x3338/0x764c [ 36.051401][ T5925] lock_acquire+0x238/0x718 [ 36.052538][ T5925] down_write+0x50/0xc0 [ 36.053591][ T5925] ext4_xattr_inode_iget+0x3a8/0x4b8 [ 36.054904][ T5925] ext4_xattr_inode_get+0x12c/0x37c [ 36.056166][ T5925] ext4_expand_extra_isize_ea+0xbbc/0x16b4 [ 36.057665][ T5925] __ext4_expand_extra_isize+0x290/0x348 [ 36.059041][ T5925] __ext4_mark_inode_dirty+0x448/0x848 [ 36.060346][ T5925] ext4_evict_inode+0xb58/0x1254 [ 36.061540][ T5925] evict+0x260/0x68c [ 36.062573][ T5925] iput+0x734/0x818 [ 36.063531][ T5925] ext4_process_orphan+0x244/0x2b8 [ 36.064657][ T5925] ext4_orphan_cleanup+0x968/0x1140 [ 36.065925][ T5925] ext4_fill_super+0x644c/0x6a30 [ 36.067211][ T5925] get_tree_bdev+0x360/0x54c [ 36.068423][ T5925] ext4_get_tree+0x28/0x38 [ 36.069438][ T5925] vfs_get_tree+0x90/0x274 [ 36.070568][ T5925] do_new_mount+0x25c/0x8c8 [ 36.071639][ T5925] path_mount+0x590/0xe04 [ 36.072680][ T5925] __arm64_sys_mount+0x45c/0x594 [ 36.073899][ T5925] invoke_syscall+0x98/0x2c0 [ 36.075076][ T5925] el0_svc_common+0x138/0x258 [ 36.076197][ T5925] do_el0_svc+0x64/0x198 [ 36.077266][ T5925] el0_svc+0x4c/0x15c [ 36.078350][ T5925] el0t_64_sync_handler+0x84/0xf0 [ 36.079647][ T5925] el0t_64_sync+0x190/0x194 [ 36.080797][ T5925] [ 36.080797][ T5925] other info that might help us debug this: [ 36.080797][ T5925] [ 36.083105][ T5925] Possible unsafe locking scenario: [ 36.083105][ T5925] [ 36.084637][ T5925] CPU0 CPU1 [ 36.085784][ T5925] ---- ---- [ 36.087002][ T5925] lock(&ei->xattr_sem); [ 36.087970][ T5925] lock(&type->i_mutex_dir_key#3/1); [ 36.089795][ T5925] lock(&ei->xattr_sem); [ 36.091410][ T5925] lock(&type->i_mutex_dir_key#3/1); [ 36.092602][ T5925] [ 36.092602][ T5925] *** DEADLOCK *** [ 36.092602][ T5925] [ 36.094453][ T5925] 3 locks held by syz-executor329/5925: [ 36.095739][ T5925] #0: ffff0000c1f780e0 (&type->s_umount_key#25/1){+.+.}-{3:3}, at: alloc_super+0x1b4/0x824 [ 36.098164][ T5925] #1: ffff0000c1f78650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3e4/0x1254 [ 36.100302][ T5925] #2: ffff0000deafbcf8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3c8/0x848 [ 36.102639][ T5925] [ 36.102639][ T5925] stack backtrace: [ 36.103910][ T5925] CPU: 0 PID: 5925 Comm: syz-executor329 Tainted: G W 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0 [ 36.106323][ T5925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 36.108591][ T5925] Call trace: [ 36.109335][ T5925] dump_backtrace+0x1b8/0x1e4 [ 36.110303][ T5925] show_stack+0x2c/0x44 [ 36.111193][ T5925] dump_stack_lvl+0xd0/0x124 [ 36.112193][ T5925] dump_stack+0x1c/0x28 [ 36.113144][ T5925] print_circular_bug+0x150/0x1b8 [ 36.114285][ T5925] check_noncircular+0x2cc/0x378 [ 36.115466][ T5925] __lock_acquire+0x3338/0x764c [ 36.116557][ T5925] lock_acquire+0x238/0x718 [ 36.117609][ T5925] down_write+0x50/0xc0 [ 36.118559][ T5925] ext4_xattr_inode_iget+0x3a8/0x4b8 [ 36.119661][ T5925] ext4_xattr_inode_get+0x12c/0x37c [ 36.120868][ T5925] ext4_expand_extra_isize_ea+0xbbc/0x16b4 [ 36.122134][ T5925] __ext4_expand_extra_isize+0x290/0x348 [ 36.123417][ T5925] __ext4_mark_inode_dirty+0x448/0x848 [ 36.124706][ T5925] ext4_evict_inode+0xb58/0x1254 [ 36.125854][ T5925] evict+0x260/0x68c [ 36.126758][ T5925] iput+0x734/0x818 [ 36.127628][ T5925] ext4_process_orphan+0x244/0x2b8 [ 36.128741][ T5925] ext4_orphan_cleanup+0x968/0x1140 [ 36.129848][ T5925] ext4_fill_super+0x644c/0x6a30 [ 36.130899][ T5925] get_tree_bdev+0x360/0x54c [ 36.131950][ T5925] ext4_get_tree+0x28/0x38 [ 36.132923][ T5925] vfs_get_tree+0x90/0x274 [ 36.133933][ T5925] do_new_mount+0x25c/0x8c8 [ 36.134931][ T5925] path_mount+0x590/0xe04 [ 36.135992][ T5925] __arm64_sys_mount+0x45c/0x594 [ 36.137118][ T5925] invoke_syscall+0x98/0x2c0 [ 36.138113][ T5925] el0_svc_common+0x138/0x258 [ 36.139182][ T5925] do_el0_svc+0x64/0x198 [ 36.140106][ T5925] el0_svc+0x4c/0x15c [ 36.141036][ T5925] el0t_64_sync_handler+0x84/0xf0 [ 36.142201][ T5925] el0t_64_sync+0x190/0x194 [ 36.143659][ T5925] EXT4-fs warning (device loop0): ext4_xattr_inode_get:561: inode #12: comm syz-executor329: ea_inode file size=60 entry size=6 [ 36.146533][ T5925] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2861: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 36.149553][ T5925] EXT4-fs error (device loop0): ext4_xattr_inode_iget:436: inode #12: comm syz-executor329: casefold flag without casefold feature [ 36.152931][ T5925] EXT4-fs error (device loop0): ext4_do_update_inode:5251: inode #15: comm syz-executor329: corrupted inode contents [ 36.155860][ T5925] EXT4-fs error (device loop0): ext4_dirty_inode:6113: inode #15: comm syz-executor329: mark_inode_dirty error [ 36.158654][ T5925] EXT4-fs error (device loop0): ext4_do_update_inode:5251: inode #15: comm syz-executor329: corrupted inode contents [ 36.161719][ T5925] EXT4-fs error (device loop0): ext4_xattr_delete_inode:3006: inode #15: comm syz-executor329: mark_inode_dirty error [ 36.164746][ T5925] EXT4-fs error (device loop0): ext4_xattr_delete_inode:3009: inode #15: comm syz-executor329: mark inode dirty (error -117) [ 36.167761][ T5925] EXT4-fs warning (device loop0): ext4_evict_inode:299: xattr delete (err -117) [ 36.169987][ T5925] EXT4-fs (loop0): 1 orphan inode deleted [ 36.171283][ T5925] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback.