[ 9.497321][ T3991] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: [ 9.527645][ T11] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 9.532540][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.132' (ED25519) to the list of known hosts. 1970/01/01 00:00:34 parsed 1 programs syzkaller login: [ 35.418569][ T4325] cgroup: Unknown subsys name 'net' [ 35.688960][ T4325] cgroup: Unknown subsys name 'rlimit' [ 35.984893][ T4325] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 43.472377][ T4354] chnl_net:caif_netlink_parms(): no params data found [ 43.493689][ T4354] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.494965][ T4354] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.496749][ T4354] device bridge_slave_0 entered promiscuous mode [ 43.499073][ T4354] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.500248][ T4354] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.501606][ T4354] device bridge_slave_1 entered promiscuous mode [ 43.510141][ T4354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.512730][ T4354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.520101][ T4354] team0: Port device team_slave_0 added [ 43.521916][ T4354] team0: Port device team_slave_1 added [ 43.527775][ T4354] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.528955][ T4354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.533122][ T4354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.535855][ T4354] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.537059][ T4354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.540906][ T4354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.597295][ T4354] device hsr_slave_0 entered promiscuous mode [ 43.636251][ T4354] device hsr_slave_1 entered promiscuous mode [ 43.731089][ T4354] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.767153][ T4354] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.798798][ T4354] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 43.848684][ T4354] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 43.885643][ T4354] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.887022][ T4354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.888417][ T4354] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.889571][ T4354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.909512][ T4354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.913426][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.916217][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.918914][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.920729][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 43.925987][ T4354] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.931883][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.933290][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.934294][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.937916][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.939365][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.940581][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.948137][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.949751][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.952789][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.955607][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.959317][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.961807][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.020509][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.021873][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.025545][ T4354] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.032450][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.039188][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.040942][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.042431][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.044734][ T4354] device veth0_vlan entered promiscuous mode [ 44.048356][ T4354] device veth1_vlan entered promiscuous mode [ 44.054682][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 44.057132][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 44.059031][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.061781][ T4354] device veth0_macvtap entered promiscuous mode [ 44.064220][ T4354] device veth1_macvtap entered promiscuous mode [ 44.111057][ T4354] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.112681][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.114627][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 44.117967][ T4354] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.119388][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.122262][ T4354] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.123630][ T4354] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.124876][ T4354] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.126339][ T4354] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.261354][ T4372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.262756][ T4372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.264858][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 44.272514][ T4372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 44.273831][ T4372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.275561][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 44.628514][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.694939][ T4386] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 44.696606][ T4386] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 44.697944][ T4386] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 44.699446][ T4386] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 44.700745][ T4386] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 44.701936][ T4386] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:00:45 executed programs: 0 [ 45.552449][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.554082][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.555505][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.557457][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.558828][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.560115][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.603991][ T4423] chnl_net:caif_netlink_parms(): no params data found [ 45.625961][ T4423] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.627542][ T4423] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.628999][ T4423] device bridge_slave_0 entered promiscuous mode [ 45.630967][ T4423] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.632107][ T4423] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.633531][ T4423] device bridge_slave_1 entered promiscuous mode [ 45.641251][ T4423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.643727][ T4423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.651830][ T4423] team0: Port device team_slave_0 added [ 45.653778][ T4423] team0: Port device team_slave_1 added [ 45.660270][ T4423] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.661391][ T4423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.665196][ T4423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.667737][ T4423] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.668910][ T4423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.672820][ T4423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.727172][ T4423] device hsr_slave_0 entered promiscuous mode [ 45.776204][ T4423] device hsr_slave_1 entered promiscuous mode [ 45.836135][ T4423] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.837459][ T4423] Cannot create hsr debugfs directory [ 47.367895][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.626307][ T4386] Bluetooth: hci0: command 0x0409 tx timeout [ 49.696518][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 50.047345][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.158058][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.073804][ T4423] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 51.130835][ T4423] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 51.221016][ T4423] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 51.257206][ T4423] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 51.341719][ T4423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.345917][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.348690][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.351821][ T4423] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.354135][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.355705][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.358077][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.359226][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.360942][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.391144][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.392762][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.394231][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.395411][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.404790][ T4423] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 51.406671][ T4423] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 51.409096][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.410856][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.412804][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.414616][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.416483][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.418151][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.419792][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.421454][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.423052][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.425402][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.427366][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.428911][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.515219][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.516605][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.520066][ T4423] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.525555][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 51.528047][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.532770][ T11] device hsr_slave_0 left promiscuous mode [ 51.586339][ T11] device hsr_slave_1 left promiscuous mode [ 51.666195][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 51.667440][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 51.669212][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 51.670426][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 51.671986][ T11] device bridge_slave_1 left promiscuous mode [ 51.673438][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.706751][ T11] device bridge_slave_0 left promiscuous mode [ 51.707852][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.776077][ T4386] Bluetooth: hci0: command 0x040f tx timeout [ 51.826281][ T11] device veth1_macvtap left promiscuous mode [ 51.827317][ T11] device veth0_macvtap left promiscuous mode [ 51.828314][ T11] device veth1_vlan left promiscuous mode [ 51.829220][ T11] device veth0_vlan left promiscuous mode [ 53.587468][ T11] team0 (unregistering): Port device team_slave_1 removed [ 53.756982][ T11] team0 (unregistering): Port device team_slave_0 removed [ 53.866439][ T47] Bluetooth: hci0: command 0x0419 tx timeout [ 53.926580][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 54.186801][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 56.608143][ T11] bond0 (unregistering): Released all slaves [ 56.826374][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 56.827980][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.829822][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.832041][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.835322][ T4423] device veth0_vlan entered promiscuous mode [ 56.838989][ T4423] device veth1_vlan entered promiscuous mode [ 56.845668][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.848852][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.851720][ T4423] device veth0_macvtap entered promiscuous mode [ 56.854139][ T4423] device veth1_macvtap entered promiscuous mode [ 56.862829][ T4423] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.864067][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.865662][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.868801][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.870303][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.873479][ T4423] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.874767][ T4527] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.877335][ T4527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.881011][ T4423] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.882428][ T4423] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.883955][ T4423] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.885448][ T4423] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.906015][ T4527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.907811][ T4527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.913915][ T1662] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.917167][ T4372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.918487][ T4372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.920374][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 56.968922][ T4529] loop0: detected capacity change from 0 to 512 [ 56.983069][ T4529] [ 56.983578][ T4529] ====================================================== [ 56.984728][ T4529] WARNING: possible circular locking dependency detected [ 56.985939][ T4529] syzkaller #0 Not tainted [ 56.986655][ T4529] ------------------------------------------------------ [ 56.987791][ T4529] syz.0.17/4529 is trying to acquire lock: [ 56.988710][ T4529] ffff0000d5b7cb98 (&sbi->s_writepages_rwsem){.+.+}-{0:0}, at: ext4_writepages+0x188/0x284c [ 56.990477][ T4529] [ 56.990477][ T4529] but task is already holding lock: [ 56.991734][ T4529] ffff0000ea14ef20 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 56.993255][ T4529] [ 56.993255][ T4529] which lock already depends on the new lock. [ 56.993255][ T4529] [ 56.994752][ T4529] [ 56.994752][ T4529] the existing dependency chain (in reverse order) is: [ 56.996071][ T4529] [ 56.996071][ T4529] -> #2 (&ei->xattr_sem){++++}-{3:3}: [ 56.997086][ T4529] down_read+0x64/0x304 [ 56.997803][ T4529] ext4_setattr+0x7c4/0x150c [ 56.998584][ T4529] notify_change+0xb0c/0xdcc [ 56.999455][ T4529] chown_common+0x414/0x574 [ 57.000245][ T4529] do_fchownat+0x158/0x268 [ 57.000988][ T4529] __arm64_sys_fchownat+0xb8/0xd4 [ 57.001922][ T4529] invoke_syscall+0x98/0x2bc [ 57.002836][ T4529] el0_svc_common+0x138/0x258 [ 57.003608][ T4529] do_el0_svc+0x58/0x13c [ 57.004341][ T4529] el0_svc+0x58/0x138 [ 57.005070][ T4529] el0t_64_sync_handler+0x84/0xf0 [ 57.005974][ T4529] el0t_64_sync+0x18c/0x190 [ 57.006739][ T4529] [ 57.006739][ T4529] -> #1 (jbd2_handle){++++}-{0:0}: [ 57.007904][ T4529] start_this_handle+0xfe0/0x122c [ 57.010123][ T4529] jbd2__journal_start+0x288/0x51c [ 57.010976][ T4529] __ext4_journal_start_sb+0x2fc/0x674 [ 57.011867][ T4529] ext4_writepages+0xa28/0x284c [ 57.012702][ T4529] do_writepages+0x2c0/0x4fc [ 57.013564][ T4529] __writeback_single_inode+0x164/0x157c [ 57.014553][ T4529] writeback_sb_inodes+0x824/0x1404 [ 57.015565][ T4529] __writeback_inodes_wb+0x110/0x394 [ 57.016445][ T4529] wb_writeback+0x414/0xfb0 [ 57.017191][ T4529] wb_workfn+0xac0/0xd98 [ 57.017931][ T4529] process_one_work+0x7f4/0x13a8 [ 57.018867][ T4529] worker_thread+0x8c8/0xfbc [ 57.019637][ T4529] kthread+0x250/0x2d8 [ 57.020301][ T4529] ret_from_fork+0x10/0x20 [ 57.021023][ T4529] [ 57.021023][ T4529] -> #0 (&sbi->s_writepages_rwsem){.+.+}-{0:0}: [ 57.022293][ T4529] __lock_acquire+0x293c/0x6544 [ 57.023041][ T4529] lock_acquire+0x20c/0x644 [ 57.023783][ T4529] percpu_down_read+0x70/0x2a8 [ 57.024635][ T4529] ext4_writepages+0x188/0x284c [ 57.025463][ T4529] do_writepages+0x2c0/0x4fc [ 57.026259][ T4529] __writeback_single_inode+0x164/0x157c [ 57.027142][ T4529] writeback_single_inode+0x1c0/0x720 [ 57.028049][ T4529] write_inode_now+0x144/0x1b0 [ 57.028893][ T4529] iput+0x5cc/0x7f4 [ 57.029551][ T4529] ext4_xattr_block_set+0x17a4/0x2810 [ 57.030585][ T4529] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 57.031664][ T4529] __ext4_expand_extra_isize+0x298/0x358 [ 57.032719][ T4529] __ext4_mark_inode_dirty+0x3e4/0x790 [ 57.033629][ T4529] ext4_evict_inode+0xb58/0x1270 [ 57.034475][ T4529] evict+0x3c8/0x810 [ 57.035219][ T4529] iput+0x764/0x7f4 [ 57.035935][ T4529] ext4_process_orphan+0x240/0x2b4 [ 57.036890][ T4529] ext4_orphan_cleanup+0x908/0x104c [ 57.037827][ T4529] ext4_fill_super+0x6920/0x6e34 [ 57.038715][ T4529] get_tree_bdev+0x358/0x544 [ 57.039498][ T4529] ext4_get_tree+0x28/0x38 [ 57.040248][ T4529] vfs_get_tree+0x90/0x274 [ 57.040984][ T4529] do_new_mount+0x228/0x810 [ 57.041796][ T4529] path_mount+0x5b4/0xe78 [ 57.042551][ T4529] __arm64_sys_mount+0x49c/0x584 [ 57.043496][ T4529] invoke_syscall+0x98/0x2bc [ 57.044357][ T4529] el0_svc_common+0x138/0x258 [ 57.045211][ T4529] do_el0_svc+0x58/0x13c [ 57.045948][ T4529] el0_svc+0x58/0x138 [ 57.046682][ T4529] el0t_64_sync_handler+0x84/0xf0 [ 57.047661][ T4529] el0t_64_sync+0x18c/0x190 [ 57.048508][ T4529] [ 57.048508][ T4529] other info that might help us debug this: [ 57.048508][ T4529] [ 57.050051][ T4529] Chain exists of: [ 57.050051][ T4529] &sbi->s_writepages_rwsem --> jbd2_handle --> &ei->xattr_sem [ 57.050051][ T4529] [ 57.052995][ T4529] Possible unsafe locking scenario: [ 57.052995][ T4529] [ 57.054176][ T4529] CPU0 CPU1 [ 57.055028][ T4529] ---- ---- [ 57.055853][ T4529] lock(&ei->xattr_sem); [ 57.056563][ T4529] lock(jbd2_handle); [ 57.057585][ T4529] lock(&ei->xattr_sem); [ 57.058752][ T4529] lock(&sbi->s_writepages_rwsem); [ 57.059620][ T4529] [ 57.059620][ T4529] *** DEADLOCK *** [ 57.059620][ T4529] [ 57.060933][ T4529] 3 locks held by syz.0.17/4529: [ 57.061717][ T4529] #0: ffff0000d5b7a0e0 (&type->s_umount_key#26/1){+.+.}-{3:3}, at: alloc_super+0x1a4/0x804 [ 57.063558][ T4529] #1: ffff0000d5b7a650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x3dc/0x1270 [ 57.065471][ T4529] #2: ffff0000ea14ef20 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x37c/0x790 [ 57.067114][ T4529] [ 57.067114][ T4529] stack backtrace: [ 57.068043][ T4529] CPU: 1 PID: 4529 Comm: syz.0.17 Not tainted syzkaller #0 [ 57.069284][ T4529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 57.070838][ T4529] Call trace: [ 57.071392][ T4529] dump_backtrace+0x1c8/0x1f4 [ 57.072287][ T4529] show_stack+0x2c/0x3c [ 57.072980][ T4529] __dump_stack+0x30/0x40 [ 57.073643][ T4529] dump_stack_lvl+0xf8/0x160 [ 57.074365][ T4529] dump_stack+0x1c/0x5c [ 57.074999][ T4529] print_circular_bug+0x148/0x1b0 [ 57.077473][ T4529] check_noncircular+0x240/0x2d4 [ 57.078330][ T4529] __lock_acquire+0x293c/0x6544 [ 57.079079][ T4529] lock_acquire+0x20c/0x644 [ 57.079780][ T4529] percpu_down_read+0x70/0x2a8 [ 57.080507][ T4529] ext4_writepages+0x188/0x284c [ 57.081308][ T4529] do_writepages+0x2c0/0x4fc [ 57.082009][ T4529] __writeback_single_inode+0x164/0x157c [ 57.082975][ T4529] writeback_single_inode+0x1c0/0x720 [ 57.083899][ T4529] write_inode_now+0x144/0x1b0 [ 57.084756][ T4529] iput+0x5cc/0x7f4 [ 57.085363][ T4529] ext4_xattr_block_set+0x17a4/0x2810 [ 57.086824][ T4529] ext4_expand_extra_isize_ea+0xcb8/0x15cc [ 57.087757][ T4529] __ext4_expand_extra_isize+0x298/0x358 [ 57.088725][ T4529] __ext4_mark_inode_dirty+0x3e4/0x790 [ 57.089469][ T4529] ext4_evict_inode+0xb58/0x1270 [ 57.090285][ T4529] evict+0x3c8/0x810 [ 57.090929][ T4529] iput+0x764/0x7f4 [ 57.091563][ T4529] ext4_process_orphan+0x240/0x2b4 [ 57.092343][ T4529] ext4_orphan_cleanup+0x908/0x104c [ 57.093130][ T4529] ext4_fill_super+0x6920/0x6e34 [ 57.094011][ T4529] get_tree_bdev+0x358/0x544 [ 57.094803][ T4529] ext4_get_tree+0x28/0x38 [ 57.095565][ T4529] vfs_get_tree+0x90/0x274 [ 57.096282][ T4529] do_new_mount+0x228/0x810 [ 57.096979][ T4529] path_mount+0x5b4/0xe78 [ 57.097705][ T4529] __arm64_sys_mount+0x49c/0x584 [ 57.098496][ T4529] invoke_syscall+0x98/0x2bc [ 57.099271][ T4529] el0_svc_common+0x138/0x258 [ 57.099961][ T4529] do_el0_svc+0x58/0x13c [ 57.100654][ T4529] el0_svc+0x58/0x138 [ 57.101410][ T4529] el0t_64_sync_handler+0x84/0xf0 [ 57.103245][ T4529] el0t_64_sync+0x18c/0x190 [ 57.107232][ T4529] ------------[ cut here ]------------ [ 57.108109][ T4529] EA inode 11 i_nlink=2 [ 57.108187][ T4529] WARNING: CPU: 0 PID: 4529 at fs/ext4/xattr.c:1022 ext4_xattr_inode_update_ref+0x42c/0x470 [ 57.110502][ T4529] Modules linked in: [ 57.111102][ T4529] CPU: 0 PID: 4529 Comm: syz.0.17 Not tainted syzkaller #0 [ 57.112312][ T4529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 57.114012][ T4529] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 57.115394][ T4529] pc : ext4_xattr_inode_update_ref+0x42c/0x470 [ 57.116459][ T4529] lr : ext4_xattr_inode_update_ref+0x42c/0x470 [ 57.117553][ T4529] sp : ffff8000208e6e60 [ 57.118205][ T4529] x29: ffff8000208e6f00 x28: 0000000000000000 x27: dfff800000000000 [ 57.119554][ T4529] x26: 1fffe0001d430d1f x25: ffff70000411cdd0 x24: 0000000000000000 [ 57.120971][ T4529] x23: ffff800017a8a000 x22: ffff0000ea186740 x21: 0000000000000002 [ 57.122392][ T4529] x20: 0000000000000001 x19: ffff0000ea186700 x18: ffff800011abbcc0 [ 57.123809][ T4529] x17: 0000000000000000 x16: ffff800008042d90 x15: 0000000000000000 [ 57.125081][ T4529] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100 [ 57.126376][ T4529] x11: ff00800008191ca8 x10: 0000000000000000 x9 : 61323a2f16f41a00 [ 57.127727][ T4529] x8 : 61323a2f16f41a00 x7 : 0000000000000001 x6 : 0000000000000001 [ 57.128952][ T4529] x5 : ffff8000208e68f8 x4 : ffff8000151a4920 x3 : ffff800008311fd8 [ 57.130303][ T4529] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 57.131652][ T4529] Call trace: [ 57.132203][ T4529] ext4_xattr_inode_update_ref+0x42c/0x470 [ 57.133130][ T4529] ext4_xattr_set_entry+0x918/0x15ac [ 57.133948][ T4529] ext4_xattr_ibody_set+0x204/0x600 [ 57.134832][ T4529] ext4_expand_extra_isize_ea+0xd00/0x15cc [ 57.135802][ T4529] __ext4_expand_extra_isize+0x298/0x358 [ 57.136730][ T4529] __ext4_mark_inode_dirty+0x3e4/0x790 [ 57.137629][ T4529] ext4_evict_inode+0xb58/0x1270 [ 57.138486][ T4529] evict+0x3c8/0x810 [ 57.139159][ T4529] iput+0x764/0x7f4 [ 57.139783][ T4529] ext4_process_orphan+0x240/0x2b4 [ 57.140674][ T4529] ext4_orphan_cleanup+0x908/0x104c [ 57.141498][ T4529] ext4_fill_super+0x6920/0x6e34 [ 57.142296][ T4529] get_tree_bdev+0x358/0x544 [ 57.143029][ T4529] ext4_get_tree+0x28/0x38 [ 57.143702][ T4529] vfs_get_tree+0x90/0x274 [ 57.144404][ T4529] do_new_mount+0x228/0x810 [ 57.145127][ T4529] path_mount+0x5b4/0xe78 [ 57.145871][ T4529] __arm64_sys_mount+0x49c/0x584 [ 57.146683][ T4529] invoke_syscall+0x98/0x2bc [ 57.147448][ T4529] el0_svc_common+0x138/0x258 [ 57.148177][ T4529] do_el0_svc+0x58/0x13c [ 57.148879][ T4529] el0_svc+0x58/0x138 [ 57.149533][ T4529] el0t_64_sync_handler+0x84/0xf0 [ 57.150361][ T4529] el0t_64_sync+0x18c/0x190 [ 57.151099][ T4529] irq event stamp: 5459 [ 57.151795][ T4529] hardirqs last enabled at (5459): [] _raw_spin_unlock_irqrestore+0x48/0xac [ 57.153496][ T4529] hardirqs last disabled at (5458): [] _raw_spin_lock_irqsave+0xa4/0xb4 [ 57.155045][ T4529] softirqs last enabled at (4836): [] handle_softirqs+0xaf8/0xc6c [ 57.156517][ T4529] softirqs last disabled at (4827): [] __do_softirq+0x14/0x20 [ 57.157823][ T4529] ---[ end trace 0000000000000000 ]--- [ 57.159105][ T4529] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 57.161384][ T4529] EXT4-fs (loop0): Remounting filesystem read-only [ 57.162318][ T4529] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 57.164238][ T4529] EXT4-fs (loop0): Remounting filesystem read-only [ 57.165247][ T4529] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #18: comm syz.0.17: iget: bad extra_isize 90 (inode size 256) [ 57.167284][ T4529] EXT4-fs (loop0): Remounting filesystem read-only [ 57.168200][ T4529] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.17: error while reading EA inode 18 err=-117 [ 57.170049][ T4529] EXT4-fs (loop0): Remounting filesystem read-only [ 57.171058][ T4529] EXT4-fs (loop0): 1 orphan inode deleted [ 57.172060][ T4529] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 57.185123][ T4423] EXT4-fs (loop0): unmounting filesystem.