./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor114893421

<...>
[   28.991494][ T4639] dhcpcd-run-hook (4639) used greatest stack depth: 20048 bytes left
forked to background, child pid 4635
[   30.930592][ T4636] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.946239][ T4636] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts.
execve("./syz-executor114893421", ["./syz-executor114893421"], 0x7ffe14481bf0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555650c000
brk(0x55555650cc40)                     = 0x55555650cc40
arch_prctl(ARCH_SET_FS, 0x55555650c300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor114893421", 4096) = 27
brk(0x55555652dc40)                     = 0x55555652dc40
brk(0x55555652e000)                     = 0x55555652e000
mprotect(0x7fb9ffaa5000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/autofs", O_RDONLY) = 3
ioctl(3, AUTOFS_DEV_IOCTL_CLOSEMOUNT, 0x200010c0) = 0
creat("./file0", 000)                   = 3
ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0
openat(AT_FDCWD, "./file0", O_RDONLY)   = 4
syzkaller login: [   54.257515][   T27] audit: type=1804 audit(1671400368.796:2): pid=5056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor114" name="/root/file0" dev="sda1" ino=1138 res=1 errno=0
[   54.258621][ T5056] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[   54.305428][ T5056] 
[   54.317032][ T5056] ======================================================
[   54.324117][ T5056] WARNING: possible circular locking dependency detected
[   54.331119][ T5056] 6.1.0-syzkaller-13139-gf9ff5644bcc0 #0 Not tainted
[   54.337797][ T5056] ------------------------------------------------------
[   54.344802][ T5056] syz-executor114/5056 is trying to acquire lock:
[   54.351199][ T5056] ffff888140e68400 (&sb->s_type->i_mutex_key#7){++++}-{3:3}, at: ext4_bmap+0x55/0x410
[   54.360789][ T5056] 
[   54.360789][ T5056] but task is already holding lock:
[   54.368143][ T5056] ffff88802a2843f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x330/0xca0
[   54.378744][ T5056] 
[   54.378744][ T5056] which lock already depends on the new lock.
[   54.378744][ T5056] 
[   54.389132][ T5056] 
[   54.389132][ T5056] the existing dependency chain (in reverse order) is:
[   54.398130][ T5056] 
[   54.398130][ T5056] -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
[   54.407408][ T5056]        lock_acquire+0x1a7/0x400
[   54.412429][ T5056]        __mutex_lock_common+0x1de/0x26c0
[   54.418674][ T5056]        mutex_lock_io_nested+0x43/0x60
[   54.424210][ T5056]        jbd2_journal_flush+0x2a6/0xca0
[   54.429830][ T5056]        ext4_ioctl+0x3288/0x5400
[   54.434842][ T5056]        __se_sys_ioctl+0xfb/0x170
[   54.439937][ T5056]        do_syscall_64+0x2b/0x70
[   54.444861][ T5056]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.451258][ T5056] 
[   54.451258][ T5056] -> #2 (&journal->j_barrier){+.+.}-{3:3}:
[   54.459234][ T5056]        lock_acquire+0x1a7/0x400
[   54.464245][ T5056]        __mutex_lock_common+0x1de/0x26c0
[   54.469955][ T5056]        mutex_lock_nested+0x17/0x20
[   54.475234][ T5056]        jbd2_journal_lock_updates+0x2ad/0x380
[   54.481371][ T5056]        ext4_change_inode_journal_flag+0x1a2/0x6c0
[   54.487950][ T5056]        ext4_fileattr_set+0xdf6/0x1830
[   54.493484][ T5056]        vfs_fileattr_set+0x8be/0xd20
[   54.498841][ T5056]        do_vfs_ioctl+0x1d8e/0x2a60
[   54.504024][ T5056]        __se_sys_ioctl+0x83/0x170
[   54.509130][ T5056]        do_syscall_64+0x2b/0x70
[   54.514060][ T5056]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.520461][ T5056] 
[   54.520461][ T5056] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}:
[   54.528878][ T5056]        lock_acquire+0x1a7/0x400
[   54.533980][ T5056]        percpu_down_write+0x50/0x300
[   54.539338][ T5056]        ext4_ind_migrate+0x262/0x730
[   54.544724][ T5056]        ext4_fileattr_set+0xe87/0x1830
[   54.550257][ T5056]        vfs_fileattr_set+0x8be/0xd20
[   54.555625][ T5056]        do_vfs_ioctl+0x1d8e/0x2a60
[   54.560809][ T5056]        __se_sys_ioctl+0x83/0x170
[   54.565906][ T5056]        do_syscall_64+0x2b/0x70
[   54.570862][ T5056]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.577268][ T5056] 
[   54.577268][ T5056] -> #0 (&sb->s_type->i_mutex_key#7){++++}-{3:3}:
[   54.585857][ T5056]        validate_chain+0x184a/0x6470
[   54.591221][ T5056]        __lock_acquire+0x1292/0x1f60
[   54.596578][ T5056]        lock_acquire+0x1a7/0x400
[   54.601587][ T5056]        down_read+0x39/0x50
[   54.606160][ T5056]        ext4_bmap+0x55/0x410
[   54.610908][ T5056]        bmap+0xa1/0xd0
[   54.615049][ T5056]        jbd2_journal_flush+0x5d0/0xca0
[   54.620582][ T5056]        ext4_ioctl+0x3288/0x5400
[   54.625594][ T5056]        __se_sys_ioctl+0xfb/0x170
[   54.630693][ T5056]        do_syscall_64+0x2b/0x70
[   54.635620][ T5056]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.642110][ T5056] 
[   54.642110][ T5056] other info that might help us debug this:
[   54.642110][ T5056] 
[   54.652319][ T5056] Chain exists of:
[   54.652319][ T5056]   &sb->s_type->i_mutex_key#7 --> &journal->j_barrier --> &journal->j_checkpoint_mutex
[   54.652319][ T5056] 
[   54.667787][ T5056]  Possible unsafe locking scenario:
[   54.667787][ T5056] 
[   54.675218][ T5056]        CPU0                    CPU1
[   54.680566][ T5056]        ----                    ----
[   54.685913][ T5056]   lock(&journal->j_checkpoint_mutex);
[   54.691443][ T5056]                                lock(&journal->j_barrier);
[   54.698717][ T5056]                                lock(&journal->j_checkpoint_mutex);
[   54.706792][ T5056]   lock(&sb->s_type->i_mutex_key#7);
[   54.712152][ T5056] 
[   54.712152][ T5056]  *** DEADLOCK ***
[   54.712152][ T5056] 
[   54.720277][ T5056] 2 locks held by syz-executor114/5056:
[   54.725804][ T5056]  #0: ffff88802a284170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x2ad/0x380
[   54.736663][ T5056]  #1: ffff88802a2843f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x330/0xca0
[   54.747695][ T5056] 
[   54.747695][ T5056] stack backtrace:
[   54.753565][ T5056] CPU: 1 PID: 5056 Comm: syz-executor114 Not tainted 6.1.0-syzkaller-13139-gf9ff5644bcc0 #0
[   54.763610][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   54.773733][ T5056] Call Trace:
[   54.777001][ T5056]  <TASK>
[   54.779992][ T5056]  dump_stack_lvl+0x1e3/0x2d0
[   54.784665][ T5056]  ? nf_tcp_handle_invalid+0x630/0x630
[   54.790129][ T5056]  ? print_circular_bug+0x13e/0x1c0
[   54.795317][ T5056]  check_noncircular+0x2f9/0x3b0
[   54.800249][ T5056]  ? add_chain_block+0x850/0x850
[   54.805174][ T5056]  ? lockdep_lock+0x11d/0x2a0
[   54.809839][ T5056]  ? mark_lock+0x9a/0x350
[   54.814157][ T5056]  ? _find_first_zero_bit+0xe8/0x110
[   54.819433][ T5056]  validate_chain+0x184a/0x6470
[   54.824285][ T5056]  ? finish_task_switch+0x1f6/0x610
[   54.829468][ T5056]  ? reacquire_held_locks+0x680/0x680
[   54.834831][ T5056]  ? reacquire_held_locks+0x680/0x680
[   54.840193][ T5056]  ? __schedule+0x9d9/0xe40
[   54.844705][ T5056]  ? release_firmware_map_entry+0x180/0x180
[   54.850588][ T5056]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   54.856556][ T5056]  ? print_irqtrace_events+0x220/0x220
[   54.862003][ T5056]  ? do_raw_spin_unlock+0x134/0x8a0
[   54.867193][ T5056]  ? _raw_spin_unlock_irqrestore+0x8b/0x130
[   54.873084][ T5056]  ? lockdep_hardirqs_on+0x95/0x140
[   54.878275][ T5056]  ? mark_lock+0x9a/0x350
[   54.882597][ T5056]  __lock_acquire+0x1292/0x1f60
[   54.887445][ T5056]  lock_acquire+0x1a7/0x400
[   54.891949][ T5056]  ? ext4_bmap+0x55/0x410
[   54.896265][ T5056]  ? read_lock_is_recursive+0x10/0x10
[   54.901626][ T5056]  ? __might_sleep+0xc0/0xc0
[   54.906212][ T5056]  ? jbd2_journal_flush+0x383/0xca0
[   54.911407][ T5056]  ? __lock_acquire+0x1f60/0x1f60
[   54.916427][ T5056]  ? jbd2_cleanup_journal_tail+0x1a6/0x2c0
[   54.922228][ T5056]  ? ext4_journalled_write_end+0xc60/0xc60
[   54.928021][ T5056]  down_read+0x39/0x50
[   54.932076][ T5056]  ? ext4_bmap+0x55/0x410
[   54.936388][ T5056]  ext4_bmap+0x55/0x410
[   54.940530][ T5056]  ? ext4_journalled_write_end+0xc60/0xc60
[   54.946320][ T5056]  bmap+0xa1/0xd0
[   54.949959][ T5056]  jbd2_journal_flush+0x5d0/0xca0
[   54.954976][ T5056]  ? mutex_lock_nested+0x17/0x20
[   54.959906][ T5056]  ? __bpf_trace_jbd2_shrink_checkpoint_list+0x50/0x50
[   54.966743][ T5056]  ? bpf_lsm_capable+0x5/0x10
[   54.971407][ T5056]  ? security_capable+0xb1/0xd0
[   54.976250][ T5056]  ext4_ioctl+0x3288/0x5400
[   54.980744][ T5056]  ? __kmem_cache_free+0x71/0x110
[   54.985761][ T5056]  ? ext4_fileattr_set+0x1830/0x1830
[   54.991033][ T5056]  ? rcu_lock_release+0x5/0x20
[   54.995785][ T5056]  ? rcu_read_lock_sched_held+0x89/0x130
[   55.001431][ T5056]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   55.007402][ T5056]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   55.013373][ T5056]  ? do_vfs_ioctl+0x1a7b/0x2a60
[   55.018217][ T5056]  ? __x64_compat_sys_ioctl+0x80/0x80
[   55.023576][ T5056]  ? rcu_lock_release+0x5/0x20
[   55.028328][ T5056]  ? __lock_acquire+0x1f60/0x1f60
[   55.033345][ T5056]  ? slab_free_freelist_hook+0x12e/0x1a0
[   55.038976][ T5056]  ? tomoyo_path_number_perm+0x5ee/0x7d0
[   55.044599][ T5056]  ? __kmem_cache_free+0x71/0x110
[   55.049611][ T5056]  ? tomoyo_path_number_perm+0x675/0x7d0
[   55.055230][ T5056]  ? __rwlock_init+0x140/0x140
[   55.059986][ T5056]  ? smack_log+0x11f/0x530
[   55.064391][ T5056]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[   55.069841][ T5056]  ? smk_access+0x490/0x490
[   55.074337][ T5056]  ? smk_tskacc+0x304/0x370
[   55.078832][ T5056]  ? smack_file_ioctl+0x298/0x3a0
[   55.083845][ T5056]  ? smack_file_alloc_security+0xd0/0xd0
[   55.089463][ T5056]  ? print_irqtrace_events+0x220/0x220
[   55.094905][ T5056]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   55.100874][ T5056]  ? bpf_lsm_file_ioctl+0x5/0x10
[   55.105801][ T5056]  ? security_file_ioctl+0x9d/0xb0
[   55.110899][ T5056]  ? ext4_fileattr_set+0x1830/0x1830
[   55.116171][ T5056]  __se_sys_ioctl+0xfb/0x170
[   55.120750][ T5056]  do_syscall_64+0x2b/0x70
[   55.125155][ T5056]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.131034][ T5056] RIP: 0033:0x7fb9ffa38c39
[   55.135436][ T5056] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x2b, 0x4), 0x20000140) = 0
exit_group(0)                           = ?
+++ exited with 0 +++
[   55.155137][ T5056] RSP: 002b:00007ffd3961ad