Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. executing program [ 40.889337][ T3500] [ 40.891669][ T3500] ====================================================== [ 40.898663][ T3500] WARNING: possible circular locking dependency detected [ 40.905655][ T3500] 5.15.117-syzkaller #0 Not tainted [ 40.910834][ T3500] ------------------------------------------------------ [ 40.917820][ T3500] syz-executor287/3500 is trying to acquire lock: [ 40.924208][ T3500] ffff8881408983f0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: ext4_bmap+0x4b/0x410 [ 40.933762][ T3500] [ 40.933762][ T3500] but task is already holding lock: [ 40.941119][ T3500] ffff8880247923f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x31c/0xc90 [ 40.951713][ T3500] [ 40.951713][ T3500] which lock already depends on the new lock. [ 40.951713][ T3500] [ 40.962110][ T3500] [ 40.962110][ T3500] the existing dependency chain (in reverse order) is: [ 40.971132][ T3500] [ 40.971132][ T3500] -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 40.979975][ T3500] lock_acquire+0x1db/0x4f0 [ 40.984989][ T3500] __mutex_lock_common+0x1da/0x25a0 [ 40.990690][ T3500] mutex_lock_io_nested+0x45/0x60 [ 40.996229][ T3500] jbd2_journal_flush+0x290/0xc90 [ 41.001780][ T3500] ext4_ioctl+0x322b/0x5b60 [ 41.006802][ T3500] __se_sys_ioctl+0xf1/0x160 [ 41.011902][ T3500] do_syscall_64+0x3d/0xb0 [ 41.016830][ T3500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.023267][ T3500] [ 41.023267][ T3500] -> #2 (&journal->j_barrier){+.+.}-{3:3}: [ 41.031241][ T3500] lock_acquire+0x1db/0x4f0 [ 41.036273][ T3500] __mutex_lock_common+0x1da/0x25a0 [ 41.041968][ T3500] mutex_lock_nested+0x17/0x20 [ 41.047572][ T3500] jbd2_journal_lock_updates+0x4a9/0x580 [ 41.053710][ T3500] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 41.060460][ T3500] ext4_fileattr_set+0xdf4/0x1750 [ 41.066213][ T3500] vfs_fileattr_set+0x8f3/0xd30 [ 41.071586][ T3500] do_vfs_ioctl+0x1d85/0x2b70 [ 41.076923][ T3500] __se_sys_ioctl+0x81/0x160 [ 41.082027][ T3500] do_syscall_64+0x3d/0xb0 [ 41.086952][ T3500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.093344][ T3500] [ 41.093344][ T3500] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 41.101745][ T3500] lock_acquire+0x1db/0x4f0 [ 41.106750][ T3500] percpu_down_write+0x52/0x2d0 [ 41.112096][ T3500] ext4_ind_migrate+0x254/0x760 [ 41.117443][ T3500] ext4_fileattr_set+0xe8b/0x1750 [ 41.122968][ T3500] vfs_fileattr_set+0x8f3/0xd30 [ 41.128308][ T3500] do_vfs_ioctl+0x1d85/0x2b70 [ 41.133476][ T3500] __se_sys_ioctl+0x81/0x160 [ 41.138561][ T3500] do_syscall_64+0x3d/0xb0 [ 41.143475][ T3500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.149859][ T3500] [ 41.149859][ T3500] -> #0 (&sb->s_type->i_mutex_key#9){++++}-{3:3}: [ 41.158435][ T3500] validate_chain+0x1646/0x58b0 [ 41.163790][ T3500] __lock_acquire+0x1295/0x1ff0 [ 41.169631][ T3500] lock_acquire+0x1db/0x4f0 [ 41.175005][ T3500] down_read+0x45/0x2e0 [ 41.179676][ T3500] ext4_bmap+0x4b/0x410 [ 41.184492][ T3500] bmap+0xa1/0xd0 [ 41.188634][ T3500] jbd2_journal_flush+0x7a2/0xc90 [ 41.194153][ T3500] ext4_ioctl+0x322b/0x5b60 [ 41.199276][ T3500] __se_sys_ioctl+0xf1/0x160 [ 41.204368][ T3500] do_syscall_64+0x3d/0xb0 [ 41.209291][ T3500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.215680][ T3500] [ 41.215680][ T3500] other info that might help us debug this: [ 41.215680][ T3500] [ 41.225884][ T3500] Chain exists of: [ 41.225884][ T3500] &sb->s_type->i_mutex_key#9 --> &journal->j_barrier --> &journal->j_checkpoint_mutex [ 41.225884][ T3500] [ 41.241499][ T3500] Possible unsafe locking scenario: [ 41.241499][ T3500] [ 41.248923][ T3500] CPU0 CPU1 [ 41.254271][ T3500] ---- ---- [ 41.259608][ T3500] lock(&journal->j_checkpoint_mutex); [ 41.265126][ T3500] lock(&journal->j_barrier); [ 41.272528][ T3500] lock(&journal->j_checkpoint_mutex); [ 41.280563][ T3500] lock(&sb->s_type->i_mutex_key#9); [ 41.285910][ T3500] [ 41.285910][ T3500] *** DEADLOCK *** [ 41.285910][ T3500] [ 41.294026][ T3500] 2 locks held by syz-executor287/3500: [ 41.299640][ T3500] #0: ffff888024792170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x4a9/0x580 [ 41.310494][ T3500] #1: ffff8880247923f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x31c/0xc90 [ 41.321509][ T3500] [ 41.321509][ T3500] stack backtrace: [ 41.327457][ T3500] CPU: 1 PID: 3500 Comm: syz-executor287 Not tainted 5.15.117-syzkaller #0 [ 41.336016][ T3500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 41.346054][ T3500] Call Trace: [ 41.349434][ T3500] [ 41.352340][ T3500] dump_stack_lvl+0x1e3/0x2cb [ 41.357278][ T3500] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 41.362888][ T3500] ? print_circular_bug+0x12b/0x1a0 [ 41.368062][ T3500] check_noncircular+0x2f8/0x3b0 [ 41.373235][ T3500] ? add_chain_block+0x850/0x850 [ 41.378148][ T3500] ? lockdep_lock+0x11f/0x2a0 [ 41.382801][ T3500] ? print_irqtrace_events+0x210/0x210 [ 41.388231][ T3500] ? do_raw_spin_unlock+0x137/0x8b0 [ 41.393407][ T3500] validate_chain+0x1646/0x58b0 [ 41.398257][ T3500] ? lockdep_hardirqs_on+0x94/0x130 [ 41.403440][ T3500] ? reacquire_held_locks+0x660/0x660 [ 41.408790][ T3500] ? reacquire_held_locks+0x660/0x660 [ 41.414155][ T3500] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 41.420113][ T3500] ? __sched_text_start+0x8/0x8 [ 41.424940][ T3500] ? do_raw_spin_unlock+0x137/0x8b0 [ 41.430113][ T3500] ? mark_lock+0x98/0x340 [ 41.434455][ T3500] __lock_acquire+0x1295/0x1ff0 [ 41.439291][ T3500] lock_acquire+0x1db/0x4f0 [ 41.443768][ T3500] ? ext4_bmap+0x4b/0x410 [ 41.448163][ T3500] ? read_lock_is_recursive+0x10/0x10 [ 41.453511][ T3500] ? bit_waitqueue+0x30/0x30 [ 41.458079][ T3500] ? __might_sleep+0xc0/0xc0 [ 41.462779][ T3500] ? ext4_journalled_write_end+0xee0/0xee0 [ 41.468652][ T3500] down_read+0x45/0x2e0 [ 41.472791][ T3500] ? ext4_bmap+0x4b/0x410 [ 41.477104][ T3500] ? ext4_journalled_write_end+0xee0/0xee0 [ 41.482886][ T3500] ext4_bmap+0x4b/0x410 [ 41.487026][ T3500] ? ext4_journalled_write_end+0xee0/0xee0 [ 41.492811][ T3500] bmap+0xa1/0xd0 [ 41.496422][ T3500] jbd2_journal_flush+0x7a2/0xc90 [ 41.501422][ T3500] ? mutex_lock_nested+0x17/0x20 [ 41.506369][ T3500] ? __bpf_trace_jbd2_shrink_checkpoint_list+0x50/0x50 [ 41.513625][ T3500] ? bpf_lsm_capable+0x5/0x10 [ 41.518282][ T3500] ? security_capable+0x86/0xb0 [ 41.523206][ T3500] ext4_ioctl+0x322b/0x5b60 [ 41.527689][ T3500] ? do_vfs_ioctl+0x1b66/0x2b70 [ 41.532516][ T3500] ? ext4_fileattr_set+0x1750/0x1750 [ 41.537780][ T3500] ? __x64_compat_sys_ioctl+0x80/0x80 [ 41.543137][ T3500] ? __lock_acquire+0x1ff0/0x1ff0 [ 41.548135][ T3500] ? slab_free_freelist_hook+0xdd/0x160 [ 41.553657][ T3500] ? tomoyo_path_number_perm+0x648/0x810 [ 41.559272][ T3500] ? kfree+0xf1/0x270 [ 41.563814][ T3500] ? tomoyo_path_number_perm+0x6ab/0x810 [ 41.570295][ T3500] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 41.575743][ T3500] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 41.581729][ T3500] ? print_irqtrace_events+0x210/0x210 [ 41.587395][ T3500] ? vtime_user_exit+0x2d1/0x400 [ 41.592346][ T3500] ? bpf_lsm_file_ioctl+0x5/0x10 [ 41.597275][ T3500] ? security_file_ioctl+0x7d/0xa0 [ 41.602368][ T3500] ? ext4_fileattr_set+0x1750/0x1750 [ 41.607638][ T3500] __se_sys_ioctl+0xf1/0x160 [ 41.612209][ T3500] do_syscall_64+0x3d/0xb0 [ 41.616611][ T3500] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.622484][ T3500] RIP: 0033:0x7fcc56510059 [ 41.626992][ T3500] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.646588][ T3500] RSP: 002b:00007ffdcf8acec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 41.655191][ T3500] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcc56510059 [ 41.663722][ T3500] RDX: 00000000200005c0 RSI: 000000004004662b RDI: 0000000000000004 [ 41.671690][ T3500] RBP: 00007fcc564d4040 R08: 0000000000000000 R09: 0000000000000000 [ 41.679646][ T3500] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc564d40d0 [ 41.687594][ T3500] R13: 0000000000000000 R14: 0000000