DUID 00:04:d5:34:fd:2d:90:3b:7d:1f:5f:ef:10:3f:c1:8d:8b:e5 forked to background, child pid 3209 [ 38.170370][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.194697][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.139' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 60.150086][ T3628] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 60.211768][ T3628] [ 60.223392][ T3628] ====================================================== [ 60.230397][ T3628] WARNING: possible circular locking dependency detected [ 60.237401][ T3628] 6.1.15-syzkaller #0 Not tainted [ 60.242408][ T3628] ------------------------------------------------------ [ 60.249410][ T3628] syz-executor134/3628 is trying to acquire lock: [ 60.255811][ T3628] ffff88807edb6170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x2a8/0x370 [ 60.266266][ T3628] [ 60.266266][ T3628] but task is already holding lock: [ 60.273625][ T3628] ffff88807edb4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 60.284929][ T3628] [ 60.284929][ T3628] which lock already depends on the new lock. [ 60.284929][ T3628] [ 60.295328][ T3628] [ 60.295328][ T3628] the existing dependency chain (in reverse order) is: [ 60.304335][ T3628] [ 60.304335][ T3628] -> #4 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 60.312772][ T3628] lock_acquire+0x231/0x620 [ 60.317808][ T3628] percpu_down_write+0x50/0x2e0 [ 60.323206][ T3628] ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 60.329799][ T3628] ext4_fileattr_set+0xe04/0x1770 [ 60.335363][ T3628] vfs_fileattr_set+0x8ee/0xd30 [ 60.340739][ T3628] do_vfs_ioctl+0x1cd1/0x2a90 [ 60.345937][ T3628] __se_sys_ioctl+0x81/0x160 [ 60.351046][ T3628] do_syscall_64+0x3d/0xb0 [ 60.355982][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.362404][ T3628] [ 60.362404][ T3628] -> #3 (mapping.invalidate_lock){++++}-{3:3}: [ 60.370740][ T3628] lock_acquire+0x231/0x620 [ 60.375769][ T3628] down_write+0x36/0x60 [ 60.380452][ T3628] ext4_setattr+0xec7/0x1a00 [ 60.385582][ T3628] notify_change+0xdcd/0x1080 [ 60.390780][ T3628] do_truncate+0x21c/0x300 [ 60.395717][ T3628] do_sys_ftruncate+0x2e2/0x380 [ 60.401105][ T3628] do_syscall_64+0x3d/0xb0 [ 60.406034][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.412448][ T3628] [ 60.412448][ T3628] -> #2 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 60.421065][ T3628] lock_acquire+0x231/0x620 [ 60.426086][ T3628] down_read+0x39/0x50 [ 60.430673][ T3628] ext4_bmap+0x4b/0x410 [ 60.435348][ T3628] bmap+0xa1/0xd0 [ 60.439501][ T3628] jbd2_journal_flush+0x5b5/0xc40 [ 60.445035][ T3628] ext4_ioctl+0x3a7d/0x61c0 [ 60.450068][ T3628] __se_sys_ioctl+0xf1/0x160 [ 60.455196][ T3628] do_syscall_64+0x3d/0xb0 [ 60.460124][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.466534][ T3628] [ 60.466534][ T3628] -> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 60.475299][ T3628] lock_acquire+0x231/0x620 [ 60.480324][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 60.486208][ T3628] mutex_lock_io_nested+0x43/0x60 [ 60.491750][ T3628] jbd2_journal_flush+0x29b/0xc40 [ 60.497288][ T3628] ext4_ioctl+0x3a7d/0x61c0 [ 60.502305][ T3628] __se_sys_ioctl+0xf1/0x160 [ 60.507419][ T3628] do_syscall_64+0x3d/0xb0 [ 60.512342][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.518761][ T3628] [ 60.518761][ T3628] -> #0 (&journal->j_barrier){+.+.}-{3:3}: [ 60.526743][ T3628] validate_chain+0x1667/0x58e0 [ 60.532105][ T3628] __lock_acquire+0x125b/0x1f80 [ 60.537489][ T3628] lock_acquire+0x231/0x620 [ 60.542518][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 60.548226][ T3628] mutex_lock_nested+0x17/0x20 [ 60.553499][ T3628] jbd2_journal_lock_updates+0x2a8/0x370 [ 60.559645][ T3628] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 60.566403][ T3628] ext4_fileattr_set+0xe04/0x1770 [ 60.571946][ T3628] vfs_fileattr_set+0x8ee/0xd30 [ 60.577316][ T3628] do_vfs_ioctl+0x1cd1/0x2a90 [ 60.582519][ T3628] __se_sys_ioctl+0x81/0x160 [ 60.587626][ T3628] do_syscall_64+0x3d/0xb0 [ 60.592560][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.598978][ T3628] [ 60.598978][ T3628] other info that might help us debug this: [ 60.598978][ T3628] [ 60.609192][ T3628] Chain exists of: [ 60.609192][ T3628] &journal->j_barrier --> mapping.invalidate_lock --> &sbi->s_writepages_rwsem [ 60.609192][ T3628] [ 60.624045][ T3628] Possible unsafe locking scenario: [ 60.624045][ T3628] [ 60.631481][ T3628] CPU0 CPU1 [ 60.636831][ T3628] ---- ---- [ 60.642187][ T3628] lock(&sbi->s_writepages_rwsem); [ 60.647373][ T3628] lock(mapping.invalidate_lock); [ 60.654997][ T3628] lock(&sbi->s_writepages_rwsem); [ 60.662715][ T3628] lock(&journal->j_barrier); [ 60.667469][ T3628] [ 60.667469][ T3628] *** DEADLOCK *** [ 60.667469][ T3628] [ 60.675601][ T3628] 4 locks held by syz-executor134/3628: [ 60.681143][ T3628] #0: ffff88807edb2460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0 [ 60.690805][ T3628] #1: ffff888071d3a218 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: vfs_fileattr_set+0x135/0xd30 [ 60.701507][ T3628] #2: ffff888071d3a3b8 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x115/0x6e0 [ 60.713163][ T3628] #3: ffff88807edb4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 60.724903][ T3628] [ 60.724903][ T3628] stack backtrace: [ 60.730786][ T3628] CPU: 1 PID: 3628 Comm: syz-executor134 Not tainted 6.1.15-syzkaller #0 [ 60.739186][ T3628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 60.749232][ T3628] Call Trace: [ 60.752513][ T3628] [ 60.755447][ T3628] dump_stack_lvl+0x1e3/0x2cb [ 60.760136][ T3628] ? nf_tcp_handle_invalid+0x633/0x633 [ 60.765846][ T3628] ? print_circular_bug+0x12b/0x1a0 [ 60.771035][ T3628] check_noncircular+0x2fa/0x3b0 [ 60.775981][ T3628] ? add_chain_block+0x850/0x850 [ 60.780919][ T3628] ? lockdep_lock+0x11f/0x2a0 [ 60.785596][ T3628] ? validate_chain+0x115/0x58e0 [ 60.790519][ T3628] ? _find_first_zero_bit+0xd0/0x100 [ 60.795795][ T3628] validate_chain+0x1667/0x58e0 [ 60.800655][ T3628] ? lockdep_unlock+0x165/0x300 [ 60.805503][ T3628] ? reacquire_held_locks+0x660/0x660 [ 60.810863][ T3628] ? validate_chain+0x13d1/0x58e0 [ 60.815888][ T3628] ? mark_lock+0x9a/0x340 [ 60.820213][ T3628] ? mark_lock+0x9a/0x340 [ 60.824536][ T3628] __lock_acquire+0x125b/0x1f80 [ 60.829395][ T3628] lock_acquire+0x231/0x620 [ 60.833896][ T3628] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 60.839697][ T3628] ? read_lock_is_recursive+0x10/0x10 [ 60.845069][ T3628] ? __might_sleep+0xb0/0xb0 [ 60.849660][ T3628] ? jbd2_journal_lock_updates+0x297/0x370 [ 60.855464][ T3628] ? rcu_read_lock_sched_held+0x89/0x130 [ 60.861090][ T3628] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.867061][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 60.872262][ T3628] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 60.878080][ T3628] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 60.883880][ T3628] ? jbd2_journal_lock_updates+0x297/0x370 [ 60.889697][ T3628] ? mutex_lock_io_nested+0x60/0x60 [ 60.894902][ T3628] ? do_raw_read_unlock+0x70/0x70 [ 60.899930][ T3628] ? rcu_sync_func+0xaa/0x210 [ 60.904603][ T3628] mutex_lock_nested+0x17/0x20 [ 60.909356][ T3628] jbd2_journal_lock_updates+0x2a8/0x370 [ 60.914990][ T3628] ? jbd2_journal_wait_updates+0x2d0/0x2d0 [ 60.920800][ T3628] ? rcu_read_lock_sched_held+0x89/0x130 [ 60.926420][ T3628] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 60.932389][ T3628] ? percpu_down_write+0x2aa/0x2e0 [ 60.937486][ T3628] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 60.943549][ T3628] ext4_fileattr_set+0xe04/0x1770 [ 60.948564][ T3628] ? ext4_fileattr_get+0x200/0x200 [ 60.953751][ T3628] ? rwsem_write_trylock+0x166/0x210 [ 60.959041][ T3628] ? clear_nonspinnable+0x60/0x60 [ 60.964065][ T3628] ? memset+0x1f/0x40 [ 60.968041][ T3628] ? fileattr_fill_flags+0x1d0/0x300 [ 60.973319][ T3628] ? fscrypt_prepare_setflags+0x5d/0x220 [ 60.978946][ T3628] vfs_fileattr_set+0x8ee/0xd30 [ 60.983797][ T3628] ? copy_fsxattr_to_user+0x3a0/0x3a0 [ 60.989163][ T3628] ? rcu_read_lock_sched_held+0x89/0x130 [ 60.994810][ T3628] do_vfs_ioctl+0x1cd1/0x2a90 [ 60.999490][ T3628] ? __x64_compat_sys_ioctl+0x80/0x80 [ 61.004863][ T3628] ? __lock_acquire+0x1f80/0x1f80 [ 61.009887][ T3628] ? lockdep_hardirqs_on+0x94/0x130 [ 61.015089][ T3628] ? __kmem_cache_free+0x25c/0x3c0 [ 61.020206][ T3628] ? tomoyo_path_number_perm+0x5f4/0x7b0 [ 61.025849][ T3628] ? tomoyo_path_number_perm+0x657/0x7b0 [ 61.031489][ T3628] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 61.036962][ T3628] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 61.042935][ T3628] ? print_irqtrace_events+0x210/0x210 [ 61.048390][ T3628] ? print_irqtrace_events+0x210/0x210 [ 61.053863][ T3628] ? bpf_lsm_file_ioctl+0x5/0x10 [ 61.058818][ T3628] ? security_file_ioctl+0x7d/0xa0 [ 61.063922][ T3628] __se_sys_ioctl+0x81/0x160 [ 61.068508][ T3628] do_syscall_64+0x3d/0xb0 [ 61.072911][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.078799][ T3628] RIP: 0033:0x7fd25dd72049 [ 61.083204][ T3628] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 61.102816][ T3628] RSP: 002b:00007ffe33c7a678 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.111217][ T3628] RAX: ffffffffffffffda RBX: 00000