DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2 forked to background, child pid 3169 [ 24.320476][ T3170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.330579][ T3170] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.312740][ T3584] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 47.359770][ T3584] [ 47.371347][ T3584] ====================================================== [ 47.378340][ T3584] WARNING: possible circular locking dependency detected [ 47.385330][ T3584] 5.15.102-syzkaller #0 Not tainted [ 47.390499][ T3584] ------------------------------------------------------ [ 47.397533][ T3584] syz-executor420/3584 is trying to acquire lock: [ 47.403915][ T3584] ffff888024efe170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x4a9/0x580 [ 47.414344][ T3584] [ 47.414344][ T3584] but task is already holding lock: [ 47.421680][ T3584] ffff888024efcbd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 47.432953][ T3584] [ 47.432953][ T3584] which lock already depends on the new lock. [ 47.432953][ T3584] [ 47.443330][ T3584] [ 47.443330][ T3584] the existing dependency chain (in reverse order) is: [ 47.452333][ T3584] [ 47.452333][ T3584] -> #4 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 47.460760][ T3584] lock_acquire+0x1ff/0x570 [ 47.465776][ T3584] percpu_down_write+0x52/0x2d0 [ 47.471145][ T3584] ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 47.477712][ T3584] ext4_fileattr_set+0xe6e/0x17d0 [ 47.483378][ T3584] vfs_fileattr_set+0x8f3/0xd30 [ 47.488770][ T3584] do_vfs_ioctl+0x1d85/0x2b70 [ 47.493966][ T3584] __se_sys_ioctl+0x81/0x160 [ 47.499078][ T3584] do_syscall_64+0x3d/0xb0 [ 47.504008][ T3584] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.510406][ T3584] [ 47.510406][ T3584] -> #3 (mapping.invalidate_lock){++++}-{3:3}: [ 47.518725][ T3584] lock_acquire+0x1ff/0x570 [ 47.523735][ T3584] down_write+0x97/0x170 [ 47.528479][ T3584] ext4_setattr+0xdaa/0x1990 [ 47.533571][ T3584] notify_change+0xdad/0x1060 [ 47.538836][ T3584] do_truncate+0x217/0x300 [ 47.543753][ T3584] do_sys_ftruncate+0x2eb/0x390 [ 47.549100][ T3584] do_syscall_64+0x3d/0xb0 [ 47.554017][ T3584] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.560419][ T3584] [ 47.560419][ T3584] -> #2 (&sb->s_type->i_mutex_key#9){++++}-{3:3}: [ 47.568997][ T3584] lock_acquire+0x1ff/0x570 [ 47.574084][ T3584] down_read+0x3b/0x50 [ 47.578760][ T3584] ext4_bmap+0x4b/0x410 [ 47.583414][ T3584] bmap+0xa1/0xd0 [ 47.587633][ T3584] jbd2_journal_flush+0x7a2/0xc90 [ 47.593155][ T3584] ext4_ioctl+0x336b/0x5e10 [ 47.598152][ T3584] __se_sys_ioctl+0xf1/0x160 [ 47.603238][ T3584] do_syscall_64+0x3d/0xb0 [ 47.608150][ T3584] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.614578][ T3584] [ 47.614578][ T3584] -> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 47.623422][ T3584] lock_acquire+0x1ff/0x570 [ 47.628423][ T3584] __mutex_lock_common+0x1da/0x25a0 [ 47.634115][ T3584] mutex_lock_io_nested+0x45/0x60 [ 47.639719][ T3584] jbd2_journal_flush+0x290/0xc90 [ 47.645238][ T3584] ext4_ioctl+0x336b/0x5e10 [ 47.650239][ T3584] __se_sys_ioctl+0xf1/0x160 [ 47.655322][ T3584] do_syscall_64+0x3d/0xb0 [ 47.660235][ T3584] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.666628][ T3584] [ 47.666628][ T3584] -> #0 (&journal->j_barrier){+.+.}-{3:3}: [ 47.674594][ T3584] validate_chain+0x1646/0x58b0 [ 47.679939][ T3584] __lock_acquire+0x1295/0x1ff0 [ 47.685282][ T3584] lock_acquire+0x1ff/0x570 [ 47.690412][ T3584] __mutex_lock_common+0x1da/0x25a0 [ 47.696115][ T3584] mutex_lock_nested+0x17/0x20 [ 47.701396][ T3584] jbd2_journal_lock_updates+0x4a9/0x580 [ 47.707537][ T3584] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 47.714135][ T3584] ext4_fileattr_set+0xe6e/0x17d0 [ 47.719706][ T3584] vfs_fileattr_set+0x8f3/0xd30 [ 47.725129][ T3584] do_vfs_ioctl+0x1d85/0x2b70 [ 47.730306][ T3584] __se_sys_ioctl+0x81/0x160 [ 47.735409][ T3584] do_syscall_64+0x3d/0xb0 [ 47.740321][ T3584] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.746706][ T3584] [ 47.746706][ T3584] other info that might help us debug this: [ 47.746706][ T3584] [ 47.756917][ T3584] Chain exists of: [ 47.756917][ T3584] &journal->j_barrier --> mapping.invalidate_lock --> &sbi->s_writepages_rwsem [ 47.756917][ T3584] [ 47.771737][ T3584] Possible unsafe locking scenario: [ 47.771737][ T3584] [ 47.779167][ T3584] CPU0 CPU1 [ 47.784509][ T3584] ---- ---- [ 47.789845][ T3584] lock(&sbi->s_writepages_rwsem); [ 47.795019][ T3584] lock(mapping.invalidate_lock); [ 47.802622][ T3584] lock(&sbi->s_writepages_rwsem); [ 47.810309][ T3584] lock(&journal->j_barrier); [ 47.815046][ T3584] [ 47.815046][ T3584] *** DEADLOCK *** [ 47.815046][ T3584] [ 47.823159][ T3584] 4 locks held by syz-executor420/3584: [ 47.828673][ T3584] #0: ffff888024efa460 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0 [ 47.838306][ T3584] #1: ffff8880759fdda8 (&sb->s_type->i_mutex_key#9){++++}-{3:3}, at: vfs_fileattr_set+0x135/0xd30 [ 47.849002][ T3584] #2: ffff8880759fdf48 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x115/0x6e0 [ 47.860637][ T3584] #3: ffff888024efcbd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 47.872356][ T3584] [ 47.872356][ T3584] stack backtrace: [ 47.878217][ T3584] CPU: 1 PID: 3584 Comm: syz-executor420 Not tainted 5.15.102-syzkaller #0 [ 47.886790][ T3584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 47.896816][ T3584] Call Trace: [ 47.900074][ T3584] [ 47.902982][ T3584] dump_stack_lvl+0x1e3/0x2cb [ 47.907651][ T3584] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 47.913273][ T3584] ? print_circular_bug+0x12b/0x1a0 [ 47.918474][ T3584] check_noncircular+0x2f8/0x3b0 [ 47.923407][ T3584] ? add_chain_block+0x850/0x850 [ 47.928326][ T3584] ? lockdep_lock+0x11f/0x2a0 [ 47.932988][ T3584] ? add_chain_block+0x850/0x850 [ 47.937913][ T3584] validate_chain+0x1646/0x58b0 [ 47.942750][ T3584] ? reacquire_held_locks+0x660/0x660 [ 47.948094][ T3584] ? reacquire_held_locks+0x660/0x660 [ 47.953448][ T3584] ? mark_lock+0x98/0x340 [ 47.957752][ T3584] __lock_acquire+0x1295/0x1ff0 [ 47.962591][ T3584] lock_acquire+0x1ff/0x570 [ 47.967070][ T3584] ? jbd2_journal_lock_updates+0x4a9/0x580 [ 47.972877][ T3584] ? read_lock_is_recursive+0x10/0x10 [ 47.978240][ T3584] ? __might_sleep+0xc0/0xc0 [ 47.982919][ T3584] ? rcu_read_lock_sched_held+0x89/0x130 [ 47.988538][ T3584] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 47.994518][ T3584] __mutex_lock_common+0x1da/0x25a0 [ 47.999704][ T3584] ? jbd2_journal_lock_updates+0x4a9/0x580 [ 48.005501][ T3584] ? jbd2_journal_lock_updates+0x496/0x580 [ 48.011283][ T3584] ? jbd2_journal_lock_updates+0x4a9/0x580 [ 48.017152][ T3584] ? mutex_lock_io_nested+0x60/0x60 [ 48.022358][ T3584] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 48.028223][ T3584] ? _raw_spin_unlock+0x40/0x40 [ 48.033046][ T3584] ? finish_wait+0xc5/0x1d0 [ 48.037539][ T3584] mutex_lock_nested+0x17/0x20 [ 48.042277][ T3584] jbd2_journal_lock_updates+0x4a9/0x580 [ 48.047887][ T3584] ? jbd2_journal_restart+0x20/0x20 [ 48.053073][ T3584] ? init_wait_entry+0xd0/0xd0 [ 48.057812][ T3584] ? down_write+0x10e/0x170 [ 48.062290][ T3584] ? cpumask_next+0xc3/0xf0 [ 48.066858][ T3584] ? percpu_down_write+0x1ea/0x2d0 [ 48.071947][ T3584] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 48.077990][ T3584] ext4_fileattr_set+0xe6e/0x17d0 [ 48.083007][ T3584] ? ext4_fileattr_get+0x200/0x200 [ 48.088093][ T3584] ? memset+0x1f/0x40 [ 48.092068][ T3584] ? fileattr_fill_flags+0x1d0/0x300 [ 48.097346][ T3584] ? fscrypt_prepare_setflags+0x5d/0x220 [ 48.102963][ T3584] vfs_fileattr_set+0x8f3/0xd30 [ 48.107795][ T3584] ? copy_fsxattr_to_user+0x3a0/0x3a0 [ 48.113143][ T3584] ? rcu_read_lock_sched_held+0x89/0x130 [ 48.118763][ T3584] do_vfs_ioctl+0x1d85/0x2b70 [ 48.123419][ T3584] ? lockdep_hardirqs_on+0x94/0x130 [ 48.128595][ T3584] ? rcu_lock_release+0x5/0x20 [ 48.133359][ T3584] ? __x64_compat_sys_ioctl+0x80/0x80 [ 48.138723][ T3584] ? __lock_acquire+0x1ff0/0x1ff0 [ 48.143741][ T3584] ? slab_free_freelist_hook+0xdd/0x160 [ 48.149270][ T3584] ? tomoyo_path_number_perm+0x648/0x810 [ 48.154990][ T3584] ? kfree+0x115/0x2e0 [ 48.159039][ T3584] ? tomoyo_path_number_perm+0x6ab/0x810 [ 48.164653][ T3584] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 48.170097][ T3584] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 48.176057][ T3584] ? print_irqtrace_events+0x210/0x210 [ 48.181490][ T3584] ? vtime_user_exit+0x2d1/0x400 [ 48.186419][ T3584] ? bpf_lsm_file_ioctl+0x5/0x10 [ 48.191520][ T3584] ? security_file_ioctl+0x7d/0xa0 [ 48.196712][ T3584] __se_sys_ioctl+0x81/0x160 [ 48.201285][ T3584] do_syscall_64+0x3d/0xb0 [ 48.205686][ T3584] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.211559][ T3584] RIP: 0033:0x7fc9971e9049 [ 48.216055][ T3584] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 48.235639][ T3584] RSP: 002b:00007ffeb9a06d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.244035][ T3584] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc9971e9049 [ 48.251996][ T3584] RDX: 00000000200001c0 RSI: 0000000040086602 RDI: 0000000000000004 [ 48.259942][ T3584] RBP: 00007fc9971ad030