./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1362195953 <...> Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts. execve("./syz-executor1362195953", ["./syz-executor1362195953"], 0x7ffdcbe95f70 /* 10 vars */) = 0 brk(NULL) = 0x555555767000 brk(0x555555767c40) = 0x555555767c40 arch_prctl(ARCH_SET_FS, 0x555555767300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1362195953", 4096) = 28 brk(0x555555788c40) = 0x555555788c40 brk(0x555555789000) = 0x555555789000 mprotect(0x7f1444830000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "blkio.bfq.io_merged", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_APPEND|FASYNC|0x20, 000) = 3 ioctl(3, FS_IOC_SETFLAGS, [FS_UNRM_FL|FS_COMPR_FL|FS_SYNC_FL|FS_APPEND_FL|FS_NOATIME_FL|FS_DIRTY_FL|FS_ENCRYPT_FL|FS_JOURNAL_DATA_FL|FS_NOTAIL_FL]) = 0 openat(AT_FDCWD, "memory.events", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_APPEND|FASYNC|0x20, 000) = 4 syzkaller login: [ 54.588945][ T3639] [ 54.591296][ T3639] ====================================================== [ 54.598301][ T3639] WARNING: possible circular locking dependency detected [ 54.605311][ T3639] 6.1.0-rc7-syzkaller-00101-g01f856ae6d0c #0 Not tainted [ 54.612325][ T3639] ------------------------------------------------------ [ 54.619326][ T3639] syz-executor136/3639 is trying to acquire lock: [ 54.625724][ T3639] ffff888012428400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_bmap+0x52/0x470 [ 54.635328][ T3639] [ 54.635328][ T3639] but task is already holding lock: [ 54.642688][ T3639] ffff88814b3583f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48b/0xc00 [ 54.653288][ T3639] [ 54.653288][ T3639] which lock already depends on the new lock. [ 54.653288][ T3639] [ 54.663671][ T3639] [ 54.663671][ T3639] the existing dependency chain (in reverse order) is: [ 54.672673][ T3639] [ 54.672673][ T3639] -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 54.681454][ T3639] mutex_lock_io_nested+0x143/0x11a0 [ 54.687282][ T3639] jbd2_journal_flush+0x19e/0xc00 [ 54.692832][ T3639] __ext4_ioctl+0xb09/0x4a30 [ 54.697960][ T3639] __x64_sys_ioctl+0x197/0x210 [ 54.703254][ T3639] do_syscall_64+0x39/0xb0 [ 54.708201][ T3639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.714626][ T3639] [ 54.714626][ T3639] -> #2 (&journal->j_barrier){+.+.}-{3:3}: [ 54.722623][ T3639] __mutex_lock+0x12f/0x1360 [ 54.727756][ T3639] jbd2_journal_lock_updates+0x162/0x310 [ 54.733923][ T3639] ext4_change_inode_journal_flag+0x184/0x530 [ 54.740529][ T3639] ext4_fileattr_set+0xdf0/0x1950 [ 54.746089][ T3639] vfs_fileattr_set+0x7f9/0xbe0 [ 54.751466][ T3639] do_vfs_ioctl+0xfa8/0x1600 [ 54.756580][ T3639] __x64_sys_ioctl+0x10c/0x210 [ 54.761870][ T3639] do_syscall_64+0x39/0xb0 [ 54.766817][ T3639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.773240][ T3639] [ 54.773240][ T3639] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 54.781687][ T3639] percpu_down_write+0x53/0x390 [ 54.787077][ T3639] ext4_ind_migrate+0x23b/0x850 [ 54.792458][ T3639] ext4_fileattr_set+0x14d6/0x1950 [ 54.798105][ T3639] vfs_fileattr_set+0x7f9/0xbe0 [ 54.803916][ T3639] do_vfs_ioctl+0xfa8/0x1600 [ 54.809032][ T3639] __x64_sys_ioctl+0x10c/0x210 [ 54.814322][ T3639] do_syscall_64+0x39/0xb0 [ 54.819268][ T3639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.825690][ T3639] [ 54.825690][ T3639] -> #0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 54.834308][ T3639] __lock_acquire+0x2a43/0x56d0 [ 54.839696][ T3639] lock_acquire+0x1e3/0x630 [ 54.844748][ T3639] down_read+0x9c/0x450 [ 54.849441][ T3639] ext4_bmap+0x52/0x470 [ 54.854129][ T3639] bmap+0xae/0x120 [ 54.858385][ T3639] jbd2_journal_bmap+0xac/0x180 [ 54.863761][ T3639] jbd2_journal_flush+0x853/0xc00 [ 54.869309][ T3639] __ext4_ioctl+0xb09/0x4a30 [ 54.874436][ T3639] __x64_sys_ioctl+0x197/0x210 [ 54.879732][ T3639] do_syscall_64+0x39/0xb0 [ 54.884687][ T3639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.891111][ T3639] [ 54.891111][ T3639] other info that might help us debug this: [ 54.891111][ T3639] [ 54.901329][ T3639] Chain exists of: [ 54.901329][ T3639] &sb->s_type->i_mutex_key#8 --> &journal->j_barrier --> &journal->j_checkpoint_mutex [ 54.901329][ T3639] [ 54.916809][ T3639] Possible unsafe locking scenario: [ 54.916809][ T3639] [ 54.924252][ T3639] CPU0 CPU1 [ 54.929609][ T3639] ---- ---- [ 54.934966][ T3639] lock(&journal->j_checkpoint_mutex); [ 54.940511][ T3639] lock(&journal->j_barrier); [ 54.947805][ T3639] lock(&journal->j_checkpoint_mutex); [ 54.955874][ T3639] lock(&sb->s_type->i_mutex_key#8); [ 54.961254][ T3639] [ 54.961254][ T3639] *** DEADLOCK *** [ 54.961254][ T3639] [ 54.969407][ T3639] 2 locks held by syz-executor136/3639: [ 54.975036][ T3639] #0: ffff88814b358170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x162/0x310 [ 54.985956][ T3639] #1: ffff88814b3583f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48b/0xc00 [ 54.997035][ T3639] [ 54.997035][ T3639] stack backtrace: [ 55.002932][ T3639] CPU: 1 PID: 3639 Comm: syz-executor136 Not tainted 6.1.0-rc7-syzkaller-00101-g01f856ae6d0c #0 [ 55.013352][ T3639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 55.023424][ T3639] Call Trace: [ 55.026711][ T3639] [ 55.029659][ T3639] dump_stack_lvl+0xd1/0x138 [ 55.034265][ T3639] check_noncircular+0x25f/0x2e0 [ 55.039313][ T3639] ? print_circular_bug+0x1e0/0x1e0 [ 55.044544][ T3639] ? lock_downgrade+0x6e0/0x6e0 [ 55.049434][ T3639] ? finish_task_switch.isra.0+0x2b5/0xc80 [ 55.055281][ T3639] __lock_acquire+0x2a43/0x56d0 [ 55.060168][ T3639] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 55.066203][ T3639] lock_acquire+0x1e3/0x630 [ 55.070737][ T3639] ? ext4_bmap+0x52/0x470 [ 55.075095][ T3639] ? lock_release+0x810/0x810 [ 55.079807][ T3639] down_read+0x9c/0x450 [ 55.083990][ T3639] ? ext4_bmap+0x52/0x470 [ 55.088341][ T3639] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 55.094089][ T3639] ? find_held_lock+0x2d/0x110 [ 55.098876][ T3639] ext4_bmap+0x52/0x470 [ 55.103053][ T3639] ? mpage_release_unused_pages+0x740/0x740 [ 55.108959][ T3639] bmap+0xae/0x120 [ 55.112700][ T3639] ? do_raw_read_unlock+0x70/0x70 [ 55.117733][ T3639] jbd2_journal_bmap+0xac/0x180 [ 55.122591][ T3639] ? jbd2_log_start_commit+0x50/0x50 [ 55.127889][ T3639] ? _raw_write_unlock+0x28/0x40 [ 55.132839][ T3639] ? jbd2_mark_journal_empty+0x307/0x3f0 [ 55.138481][ T3639] jbd2_journal_flush+0x853/0xc00 [ 55.143518][ T3639] ? apparmor_capable+0x1dc/0x460 [ 55.148560][ T3639] ? jbd2_fc_get_buf+0x310/0x310 [ 55.153503][ T3639] ? bpf_lsm_capable+0x9/0x10 [ 55.158197][ T3639] ? security_capable+0x93/0xc0 [ 55.163061][ T3639] __ext4_ioctl+0xb09/0x4a30 [ 55.167668][ T3639] ? tomoyo_path_number_perm+0x166/0x550 [ 55.173319][ T3639] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 55.179137][ T3639] ? ext4_reset_inode_seed+0x450/0x450 [ 55.184617][ T3639] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 55.190527][ T3639] ? do_vfs_ioctl+0x132/0x1600 [ 55.195301][ T3639] ? vfs_fileattr_set+0xbe0/0xbe0 [ 55.200342][ T3639] ? find_held_lock+0x2d/0x110 [ 55.205123][ T3639] ? calibrate_delay+0x202/0x1130 [ 55.210161][ T3639] ? lock_downgrade+0x6e0/0x6e0 [ 55.215035][ T3639] ? bpf_lsm_file_ioctl+0x9/0x10 [ 55.219976][ T3639] ? ext4_fileattr_set+0x1950/0x1950 [ 55.225286][ T3639] __x64_sys_ioctl+0x197/0x210 [ 55.230062][ T3639] do_syscall_64+0x39/0xb0 [ 55.234495][ T3639] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.240402][ T3639] RIP: 0033:0x7f14447c3b89 [ 55.244818][ T3639] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.264429][ T3639] RSP: 002b:00007fff07f133a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.272846][ T3639] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f14447c3b89 [ 55.280819][ T3639] RDX: 0000000020000040 RSI: 000000004004662b RDI: 0000000000000004 ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x2b, 0x4), 0x20000040) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 55.288788][ T3639] RBP: 00007f144