DUID 00:04:19:c0:d1:0e:d7:c0:27:6c:e7:df:2b:fb:70:54:6d:6b forked to background, child pid 3214 [ 27.886311][ T3215] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.897145][ T3215] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.296760][ T3539] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 52.331636][ T3539] [ 52.343243][ T3539] ====================================================== [ 52.350238][ T3539] WARNING: possible circular locking dependency detected [ 52.357230][ T3539] 6.1.38-syzkaller #0 Not tainted [ 52.362245][ T3539] ------------------------------------------------------ [ 52.369252][ T3539] syz-executor174/3539 is trying to acquire lock: [ 52.375658][ T3539] ffff88814b6f0170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x2a8/0x370 [ 52.386189][ T3539] [ 52.386189][ T3539] but task is already holding lock: [ 52.393628][ T3539] ffff88814b6e6b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 52.405017][ T3539] [ 52.405017][ T3539] which lock already depends on the new lock. [ 52.405017][ T3539] [ 52.415422][ T3539] [ 52.415422][ T3539] the existing dependency chain (in reverse order) is: [ 52.424411][ T3539] [ 52.424411][ T3539] -> #4 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 52.432814][ T3539] lock_acquire+0x1f8/0x5a0 [ 52.437907][ T3539] percpu_down_write+0x50/0x2e0 [ 52.443271][ T3539] ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 52.449872][ T3539] ext4_fileattr_set+0xe04/0x1770 [ 52.455398][ T3539] vfs_fileattr_set+0x8f3/0xd30 [ 52.460754][ T3539] do_vfs_ioctl+0x1cd1/0x2a90 [ 52.465940][ T3539] __se_sys_ioctl+0x81/0x160 [ 52.471119][ T3539] do_syscall_64+0x3d/0xb0 [ 52.476038][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.482523][ T3539] [ 52.482523][ T3539] -> #3 (mapping.invalidate_lock){++++}-{3:3}: [ 52.490832][ T3539] lock_acquire+0x1f8/0x5a0 [ 52.495831][ T3539] down_write+0x36/0x60 [ 52.500489][ T3539] ext4_setattr+0xec7/0x1a00 [ 52.505580][ T3539] notify_change+0xdcd/0x1080 [ 52.510774][ T3539] do_truncate+0x21c/0x300 [ 52.515693][ T3539] do_sys_ftruncate+0x2e2/0x380 [ 52.521043][ T3539] do_syscall_64+0x3d/0xb0 [ 52.526131][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.532540][ T3539] [ 52.532540][ T3539] -> #2 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 52.541286][ T3539] lock_acquire+0x1f8/0x5a0 [ 52.546287][ T3539] down_read+0x43/0x2e0 [ 52.550946][ T3539] ext4_bmap+0x4b/0x410 [ 52.555597][ T3539] bmap+0xa1/0xd0 [ 52.559732][ T3539] jbd2_journal_flush+0x5b5/0xc40 [ 52.565264][ T3539] ext4_ioctl+0x39e0/0x5f70 [ 52.570263][ T3539] __se_sys_ioctl+0xf1/0x160 [ 52.575351][ T3539] do_syscall_64+0x3d/0xb0 [ 52.580268][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.586663][ T3539] [ 52.586663][ T3539] -> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 52.595409][ T3539] lock_acquire+0x1f8/0x5a0 [ 52.600429][ T3539] __mutex_lock_common+0x1d4/0x2520 [ 52.606148][ T3539] mutex_lock_io_nested+0x43/0x60 [ 52.611681][ T3539] jbd2_journal_flush+0x29b/0xc40 [ 52.617212][ T3539] ext4_ioctl+0x39e0/0x5f70 [ 52.622233][ T3539] __se_sys_ioctl+0xf1/0x160 [ 52.627338][ T3539] do_syscall_64+0x3d/0xb0 [ 52.632268][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.638686][ T3539] [ 52.638686][ T3539] -> #0 (&journal->j_barrier){+.+.}-{3:3}: [ 52.646655][ T3539] validate_chain+0x1667/0x58e0 [ 52.652010][ T3539] __lock_acquire+0x125b/0x1f80 [ 52.657358][ T3539] lock_acquire+0x1f8/0x5a0 [ 52.662357][ T3539] __mutex_lock_common+0x1d4/0x2520 [ 52.668053][ T3539] mutex_lock_nested+0x17/0x20 [ 52.673318][ T3539] jbd2_journal_lock_updates+0x2a8/0x370 [ 52.679547][ T3539] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 52.686119][ T3539] ext4_fileattr_set+0xe04/0x1770 [ 52.691642][ T3539] vfs_fileattr_set+0x8f3/0xd30 [ 52.697011][ T3539] do_vfs_ioctl+0x1cd1/0x2a90 [ 52.702185][ T3539] __se_sys_ioctl+0x81/0x160 [ 52.707279][ T3539] do_syscall_64+0x3d/0xb0 [ 52.712198][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.718594][ T3539] [ 52.718594][ T3539] other info that might help us debug this: [ 52.718594][ T3539] [ 52.728799][ T3539] Chain exists of: [ 52.728799][ T3539] &journal->j_barrier --> mapping.invalidate_lock --> &sbi->s_writepages_rwsem [ 52.728799][ T3539] [ 52.743651][ T3539] Possible unsafe locking scenario: [ 52.743651][ T3539] [ 52.751100][ T3539] CPU0 CPU1 [ 52.756450][ T3539] ---- ---- [ 52.761876][ T3539] lock(&sbi->s_writepages_rwsem); [ 52.767094][ T3539] lock(mapping.invalidate_lock); [ 52.774882][ T3539] lock(&sbi->s_writepages_rwsem); [ 52.782580][ T3539] lock(&journal->j_barrier); [ 52.787335][ T3539] [ 52.787335][ T3539] *** DEADLOCK *** [ 52.787335][ T3539] [ 52.795458][ T3539] 4 locks held by syz-executor174/3539: [ 52.800979][ T3539] #0: ffff88814b6e4460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0 [ 52.810613][ T3539] #1: ffff888070018400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: vfs_fileattr_set+0x135/0xd30 [ 52.821286][ T3539] #2: ffff8880700185a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x115/0x6e0 [ 52.832918][ T3539] #3: ffff88814b6e6b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 52.844639][ T3539] [ 52.844639][ T3539] stack backtrace: [ 52.850593][ T3539] CPU: 1 PID: 3539 Comm: syz-executor174 Not tainted 6.1.38-syzkaller #0 [ 52.858987][ T3539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 52.869022][ T3539] Call Trace: [ 52.872284][ T3539] [ 52.875206][ T3539] dump_stack_lvl+0x1e3/0x2cb [ 52.879909][ T3539] ? nf_tcp_handle_invalid+0x642/0x642 [ 52.885357][ T3539] ? print_circular_bug+0x12b/0x1a0 [ 52.890537][ T3539] check_noncircular+0x2fa/0x3b0 [ 52.895456][ T3539] ? add_chain_block+0x850/0x850 [ 52.900370][ T3539] ? lockdep_lock+0x11f/0x2a0 [ 52.905028][ T3539] ? validate_chain+0x115/0x58e0 [ 52.909941][ T3539] ? noop_count+0x30/0x30 [ 52.914251][ T3539] ? _find_first_zero_bit+0xd0/0x100 [ 52.919517][ T3539] validate_chain+0x1667/0x58e0 [ 52.924529][ T3539] ? lockdep_unlock+0x165/0x300 [ 52.929362][ T3539] ? lockdep_unlock+0x165/0x300 [ 52.934195][ T3539] ? reacquire_held_locks+0x660/0x660 [ 52.939551][ T3539] ? validate_chain+0x13d1/0x58e0 [ 52.944558][ T3539] ? mark_lock+0x9a/0x340 [ 52.948873][ T3539] ? mark_lock+0x9a/0x340 [ 52.953205][ T3539] __lock_acquire+0x125b/0x1f80 [ 52.958039][ T3539] lock_acquire+0x1f8/0x5a0 [ 52.962520][ T3539] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 52.968319][ T3539] ? read_lock_is_recursive+0x10/0x10 [ 52.973670][ T3539] ? __might_sleep+0xb0/0xb0 [ 52.978240][ T3539] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 52.984207][ T3539] ? print_irqtrace_events+0x210/0x210 [ 52.989643][ T3539] ? do_raw_spin_unlock+0x137/0x8a0 [ 52.994838][ T3539] __mutex_lock_common+0x1d4/0x2520 [ 53.000014][ T3539] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 53.005808][ T3539] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 53.011598][ T3539] ? jbd2_journal_lock_updates+0x297/0x370 [ 53.017388][ T3539] ? mutex_lock_io_nested+0x60/0x60 [ 53.022598][ T3539] ? do_raw_read_unlock+0x70/0x70 [ 53.027620][ T3539] ? rcu_sync_func+0xaa/0x210 [ 53.032308][ T3539] mutex_lock_nested+0x17/0x20 [ 53.037063][ T3539] jbd2_journal_lock_updates+0x2a8/0x370 [ 53.042686][ T3539] ? jbd2_journal_wait_updates+0x2d0/0x2d0 [ 53.048478][ T3539] ? rcu_is_watching+0x11/0xb0 [ 53.053224][ T3539] ? _find_next_bit+0x11b/0x120 [ 53.058058][ T3539] ? rcu_is_watching+0x11/0xb0 [ 53.062805][ T3539] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 53.068859][ T3539] ext4_fileattr_set+0xe04/0x1770 [ 53.073871][ T3539] ? ext4_fileattr_get+0x200/0x200 [ 53.078963][ T3539] ? rwsem_write_trylock+0x166/0x210 [ 53.084233][ T3539] ? clear_nonspinnable+0x60/0x60 [ 53.089242][ T3539] ? memset+0x1f/0x40 [ 53.093229][ T3539] ? fileattr_fill_flags+0x1d0/0x300 [ 53.098581][ T3539] ? fscrypt_prepare_setflags+0x5d/0x220 [ 53.104194][ T3539] vfs_fileattr_set+0x8f3/0xd30 [ 53.109042][ T3539] ? copy_fsxattr_to_user+0x3a0/0x3a0 [ 53.114395][ T3539] do_vfs_ioctl+0x1cd1/0x2a90 [ 53.119061][ T3539] ? __x64_compat_sys_ioctl+0x80/0x80 [ 53.124412][ T3539] ? __lock_acquire+0x1f80/0x1f80 [ 53.129419][ T3539] ? lockdep_hardirqs_on+0x94/0x130 [ 53.134694][ T3539] ? __kmem_cache_free+0x25c/0x3c0 [ 53.139787][ T3539] ? tomoyo_path_number_perm+0x5f4/0x7b0 [ 53.145402][ T3539] ? tomoyo_path_number_perm+0x657/0x7b0 [ 53.151018][ T3539] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 53.156465][ T3539] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 53.162425][ T3539] ? print_irqtrace_events+0x210/0x210 [ 53.167882][ T3539] ? print_irqtrace_events+0x210/0x210 [ 53.173349][ T3539] ? bpf_lsm_file_ioctl+0x5/0x10 [ 53.178284][ T3539] ? security_file_ioctl+0x7d/0xa0 [ 53.183390][ T3539] __se_sys_ioctl+0x81/0x160 [ 53.187967][ T3539] do_syscall_64+0x3d/0xb0 [ 53.192368][ T3539] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.198246][ T3539] RIP: 0033:0x7fc1f6965049 [ 53.202661][ T3539] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.222248][ T3539] RSP: 002b:00007ffec65cfd88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.230645][ T3539] RAX: ffffffffffffffda RBX: 00000