./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1050084621 <...> forked to background, child pid 3181 no interfaces have a carrier [ 22.689258][ T3182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.699809][ T3182] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.92' (ECDSA) to the list of known hosts. execve("./syz-executor1050084621", ["./syz-executor1050084621"], 0x7fff50075e60 /* 10 vars */) = 0 brk(NULL) = 0x55555645c000 brk(0x55555645cc40) = 0x55555645cc40 arch_prctl(ARCH_SET_FS, 0x55555645c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1050084621", 4096) = 28 brk(0x55555647dc40) = 0x55555647dc40 brk(0x55555647e000) = 0x55555647e000 mprotect(0x7f1112657000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 ioctl(3, _IOC(_IOC_WRITE, 0x66, 0x2b, 0x4), 0x20000000) = 0 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 syzkaller login: [ 41.474912][ T3610] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 41.529873][ T3610] [ 41.541455][ T3610] ====================================================== [ 41.548448][ T3610] WARNING: possible circular locking dependency detected [ 41.555443][ T3610] 6.0.0-rc1-syzkaller-00399-g15b3f48a4339 #0 Not tainted [ 41.562435][ T3610] ------------------------------------------------------ [ 41.569447][ T3610] syz-executor105/3610 is trying to acquire lock: [ 41.575838][ T3610] ffff88807e0e0170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x15e/0x310 [ 41.586271][ T3610] [ 41.586271][ T3610] but task is already holding lock: [ 41.593620][ T3610] ffff88807e0c6bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x178/0x530 [ 41.604931][ T3610] [ 41.604931][ T3610] which lock already depends on the new lock. [ 41.604931][ T3610] [ 41.615316][ T3610] [ 41.615316][ T3610] the existing dependency chain (in reverse order) is: [ 41.624400][ T3610] [ 41.624400][ T3610] -> #4 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 41.632815][ T3610] percpu_down_write+0x4d/0x440 [ 41.638196][ T3610] ext4_change_inode_journal_flag+0x178/0x530 [ 41.644781][ T3610] ext4_fileattr_set+0xddf/0x1930 [ 41.650405][ T3610] vfs_fileattr_set+0x7f5/0xbe0 [ 41.655766][ T3610] do_vfs_ioctl+0xe62/0x15c0 [ 41.660866][ T3610] __x64_sys_ioctl+0x108/0x200 [ 41.666142][ T3610] do_syscall_64+0x35/0xb0 [ 41.671330][ T3610] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.677733][ T3610] [ 41.677733][ T3610] -> #3 (mapping.invalidate_lock){++++}-{3:3}: [ 41.686064][ T3610] down_write+0x90/0x150 [ 41.690825][ T3610] ext4_setattr+0xd9e/0x2c50 [ 41.695936][ T3610] notify_change+0xcd0/0x1440 [ 41.701120][ T3610] do_truncate+0x13c/0x200 [ 41.706048][ T3610] do_sys_ftruncate+0x536/0x730 [ 41.711498][ T3610] do_syscall_64+0x35/0xb0 [ 41.716426][ T3610] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.722830][ T3610] [ 41.722830][ T3610] -> #2 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 41.731421][ T3610] down_read+0x98/0x450 [ 41.736087][ T3610] ext4_bmap+0x4e/0x460 [ 41.740754][ T3610] bmap+0xaa/0x120 [ 41.744986][ T3610] jbd2_journal_bmap+0xa8/0x180 [ 41.750350][ T3610] jbd2_journal_flush+0x84f/0xc00 [ 41.755882][ T3610] __ext4_ioctl+0x28fd/0x4ab0 [ 41.761068][ T3610] __x64_sys_ioctl+0x193/0x200 [ 41.766430][ T3610] do_syscall_64+0x35/0xb0 [ 41.771354][ T3610] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.777757][ T3610] [ 41.777757][ T3610] -> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 41.786691][ T3610] mutex_lock_io_nested+0x13f/0x1190 [ 41.792662][ T3610] jbd2_journal_flush+0x19a/0xc00 [ 41.798197][ T3610] __ext4_ioctl+0x28fd/0x4ab0 [ 41.803390][ T3610] __x64_sys_ioctl+0x193/0x200 [ 41.808662][ T3610] do_syscall_64+0x35/0xb0 [ 41.813674][ T3610] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.820077][ T3610] [ 41.820077][ T3610] -> #0 (&journal->j_barrier){+.+.}-{3:3}: [ 41.828065][ T3610] __lock_acquire+0x2a43/0x56d0 [ 41.833434][ T3610] lock_acquire+0x1ab/0x570 [ 41.838447][ T3610] __mutex_lock+0x12f/0x1350 [ 41.843550][ T3610] jbd2_journal_lock_updates+0x15e/0x310 [ 41.849692][ T3610] ext4_change_inode_journal_flag+0x180/0x530 [ 41.856269][ T3610] ext4_fileattr_set+0xddf/0x1930 [ 41.861806][ T3610] vfs_fileattr_set+0x7f5/0xbe0 [ 41.867167][ T3610] do_vfs_ioctl+0xe62/0x15c0 [ 41.872265][ T3610] __x64_sys_ioctl+0x108/0x200 [ 41.877541][ T3610] do_syscall_64+0x35/0xb0 [ 41.882473][ T3610] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.888879][ T3610] [ 41.888879][ T3610] other info that might help us debug this: [ 41.888879][ T3610] [ 41.899092][ T3610] Chain exists of: [ 41.899092][ T3610] &journal->j_barrier --> mapping.invalidate_lock --> &sbi->s_writepages_rwsem [ 41.899092][ T3610] [ 41.914116][ T3610] Possible unsafe locking scenario: [ 41.914116][ T3610] [ 41.921550][ T3610] CPU0 CPU1 [ 41.926901][ T3610] ---- ---- [ 41.932335][ T3610] lock(&sbi->s_writepages_rwsem); [ 41.937519][ T3610] lock(mapping.invalidate_lock); [ 41.945221][ T3610] lock(&sbi->s_writepages_rwsem); [ 41.953013][ T3610] lock(&journal->j_barrier); [ 41.957760][ T3610] [ 41.957760][ T3610] *** DEADLOCK *** [ 41.957760][ T3610] [ 41.965886][ T3610] 4 locks held by syz-executor105/3610: [ 41.971412][ T3610] #0: ffff88807e0c4460 (sb_writers#4){.+.+}-{0:0}, at: do_vfs_ioctl+0xe27/0x15c0 [ 41.980917][ T3610] #1: ffff888075129810 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: vfs_fileattr_set+0x148/0xbe0 [ 41.991614][ T3610] #2: ffff8880751299b0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x11f/0x530 [ 42.003263][ T3610] #3: ffff88807e0c6bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x178/0x530 [ 42.015000][ T3610] [ 42.015000][ T3610] stack backtrace: [ 42.020868][ T3610] CPU: 0 PID: 3610 Comm: syz-executor105 Not tainted 6.0.0-rc1-syzkaller-00399-g15b3f48a4339 #0 [ 42.031374][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 42.041444][ T3610] Call Trace: [ 42.044714][ T3610] [ 42.047639][ T3610] dump_stack_lvl+0xcd/0x134 [ 42.052227][ T3610] check_noncircular+0x25f/0x2e0 [ 42.057157][ T3610] ? print_circular_bug+0x1e0/0x1e0 [ 42.062348][ T3610] ? check_irq_usage+0x183/0xac0 [ 42.067278][ T3610] ? check_path.constprop.0+0x50/0x50 [ 42.072643][ T3610] ? print_shortest_lock_dependencies_backwards+0x80/0x80 [ 42.079746][ T3610] __lock_acquire+0x2a43/0x56d0 [ 42.084593][ T3610] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 42.090567][ T3610] lock_acquire+0x1ab/0x570 [ 42.095060][ T3610] ? jbd2_journal_lock_updates+0x15e/0x310 [ 42.100860][ T3610] ? lock_release+0x780/0x780 [ 42.105529][ T3610] ? find_held_lock+0x2d/0x110 [ 42.110291][ T3610] __mutex_lock+0x12f/0x1350 [ 42.114877][ T3610] ? jbd2_journal_lock_updates+0x15e/0x310 [ 42.120676][ T3610] ? jbd2_journal_lock_updates+0x15e/0x310 [ 42.126488][ T3610] ? mutex_lock_io_nested+0x1190/0x1190 [ 42.132029][ T3610] ? jbd2_journal_lock_updates+0x150/0x310 [ 42.137827][ T3610] ? lock_downgrade+0x6e0/0x6e0 [ 42.142670][ T3610] ? do_raw_read_unlock+0x70/0x70 [ 42.147685][ T3610] ? rcu_sync_enter+0x150/0x2e0 [ 42.152525][ T3610] jbd2_journal_lock_updates+0x15e/0x310 [ 42.158262][ T3610] ? jbd2_journal_wait_updates+0x240/0x240 [ 42.164063][ T3610] ext4_change_inode_journal_flag+0x180/0x530 [ 42.170133][ T3610] ext4_fileattr_set+0xddf/0x1930 [ 42.175165][ T3610] ? ext4_fileattr_get+0x280/0x280 [ 42.180272][ T3610] ? down_write+0xde/0x150 [ 42.184679][ T3610] ? memset+0x20/0x40 [ 42.188654][ T3610] ? fileattr_fill_flags+0x27b/0x320 [ 42.193929][ T3610] vfs_fileattr_set+0x7f5/0xbe0 [ 42.198769][ T3610] ? ioctl_file_clone+0x100/0x100 [ 42.203788][ T3610] ? memset+0x20/0x40 [ 42.207854][ T3610] do_vfs_ioctl+0xe62/0x15c0 [ 42.212438][ T3610] ? vfs_fileattr_set+0xbe0/0xbe0 [ 42.217455][ T3610] ? find_held_lock+0x2d/0x110 [ 42.222210][ T3610] ? name_to_dev_t+0x880/0x990 [ 42.226967][ T3610] ? lock_downgrade+0x6e0/0x6e0 [ 42.231807][ T3610] ? _raw_spin_unlock_irq+0x1f/0x40 [ 42.236994][ T3610] ? bpf_lsm_file_ioctl+0x5/0x10 [ 42.241924][ T3610] __x64_sys_ioctl+0x108/0x200 [ 42.246684][ T3610] do_syscall_64+0x35/0xb0 [ 42.251183][ T3610] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.257080][ T3610] RIP: 0033:0x7f11125eab89 [ 42.261490][ T3610] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.281111][ T3610] RSP: 002b:00007ffcee6aeab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 42.289532][ T3610] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f11125eab89 [ 42.297496][ T3610] RDX: 0000000020000040 RSI: 0000000040086602 RDI: 0000000000000004 [ 42.305457][ T3610] RBP: 00007f11125aed30 R08: 0000000000000000 R09: 0000000000000000 [ 42.313421][ T3610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11125aedc0 [ 42.321383][ T3610] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 42.329361][ T3610] ioctl(4, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL|FS_NOTAIL_FL]) = 0 exit_group(0) = ? +++ exited with 0 +++