./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1312241791 <...> no interfaces have a carrier forked to background, child pid 3186 [ 26.823881][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.836007][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts. execve("./syz-executor1312241791", ["./syz-executor1312241791"], 0x7fffdec25fd0 /* 10 vars */) = 0 brk(NULL) = 0x5555561eb000 brk(0x5555561ebc40) = 0x5555561ebc40 arch_prctl(ARCH_SET_FS, 0x5555561eb300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1312241791", 4096) = 28 brk(0x55555620cc40) = 0x55555620cc40 brk(0x55555620d000) = 0x55555620d000 mprotect(0x7fa35f276000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "blkio.bfq.io_merged", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_APPEND|FASYNC|0x20, 000) = 3 ioctl(3, FS_IOC_SETFLAGS, [FS_SECRM_FL|FS_UNRM_FL|FS_SYNC_FL|FS_APPEND_FL|FS_NOATIME_FL|FS_DIRTY_FL|FS_ENCRYPT_FL|FS_JOURNAL_DATA_FL|FS_NOTAIL_FL]) = 0 openat(AT_FDCWD, "memory.events", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_APPEND|FASYNC|0x20, 000) = 4 openat(AT_FDCWD, "memory.events", O_RDWR|__O_SYNC) = 5 syzkaller login: [ 49.291319][ T3614] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 49.301989][ T3614] [ 49.313776][ T3614] ====================================================== [ 49.320775][ T3614] WARNING: possible circular locking dependency detected [ 49.327774][ T3614] 5.19.0-syzkaller-13946-g0947ae112108 #0 Not tainted [ 49.334513][ T3614] ------------------------------------------------------ [ 49.341518][ T3614] syz-executor131/3614 is trying to acquire lock: [ 49.347916][ T3614] ffff88801e0b8400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_bmap+0x4e/0x460 [ 49.357478][ T3614] [ 49.357478][ T3614] but task is already holding lock: [ 49.364824][ T3614] ffff88814a9ac3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x487/0xc00 [ 49.375421][ T3614] [ 49.375421][ T3614] which lock already depends on the new lock. [ 49.375421][ T3614] [ 49.385808][ T3614] [ 49.385808][ T3614] the existing dependency chain (in reverse order) is: [ 49.394801][ T3614] [ 49.394801][ T3614] -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 49.403580][ T3614] mutex_lock_io_nested+0x13f/0x1190 [ 49.409386][ T3614] jbd2_journal_flush+0x19a/0xc00 [ 49.414919][ T3614] __ext4_ioctl+0x28fd/0x4ab0 [ 49.420103][ T3614] __x64_sys_ioctl+0x193/0x200 [ 49.425371][ T3614] do_syscall_64+0x35/0xb0 [ 49.430294][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.436697][ T3614] [ 49.436697][ T3614] -> #2 (&journal->j_barrier){+.+.}-{3:3}: [ 49.444672][ T3614] __mutex_lock+0x12f/0x1350 [ 49.449772][ T3614] jbd2_journal_lock_updates+0x15e/0x310 [ 49.455917][ T3614] ext4_change_inode_journal_flag+0x180/0x530 [ 49.462928][ T3614] ext4_fileattr_set+0xddf/0x1930 [ 49.468457][ T3614] vfs_fileattr_set+0x7f5/0xbe0 [ 49.473826][ T3614] do_vfs_ioctl+0xe62/0x15c0 [ 49.478935][ T3614] __x64_sys_ioctl+0x108/0x200 [ 49.484210][ T3614] do_syscall_64+0x35/0xb0 [ 49.489150][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.495564][ T3614] [ 49.495564][ T3614] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 49.503982][ T3614] percpu_down_write+0x4d/0x440 [ 49.509352][ T3614] ext4_ind_migrate+0x237/0x840 [ 49.514713][ T3614] ext4_fileattr_set+0x14b8/0x1930 [ 49.520331][ T3614] vfs_fileattr_set+0x7f5/0xbe0 [ 49.525686][ T3614] do_vfs_ioctl+0xe62/0x15c0 [ 49.530790][ T3614] __x64_sys_ioctl+0x108/0x200 [ 49.536057][ T3614] do_syscall_64+0x35/0xb0 [ 49.541082][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.547496][ T3614] [ 49.547496][ T3614] -> #0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 49.556084][ T3614] __lock_acquire+0x2a43/0x56d0 [ 49.561484][ T3614] lock_acquire+0x1ab/0x570 [ 49.566501][ T3614] down_read+0x98/0x450 [ 49.571177][ T3614] ext4_bmap+0x4e/0x460 [ 49.575851][ T3614] bmap+0xaa/0x120 [ 49.580080][ T3614] jbd2_journal_bmap+0xa8/0x180 [ 49.585439][ T3614] jbd2_journal_flush+0x84f/0xc00 [ 49.590969][ T3614] __ext4_ioctl+0x28fd/0x4ab0 [ 49.596165][ T3614] __x64_sys_ioctl+0x193/0x200 [ 49.601449][ T3614] do_syscall_64+0x35/0xb0 [ 49.606552][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.612956][ T3614] [ 49.612956][ T3614] other info that might help us debug this: [ 49.612956][ T3614] [ 49.623165][ T3614] Chain exists of: [ 49.623165][ T3614] &sb->s_type->i_mutex_key#8 --> &journal->j_barrier --> &journal->j_checkpoint_mutex [ 49.623165][ T3614] [ 49.638610][ T3614] Possible unsafe locking scenario: [ 49.638610][ T3614] [ 49.646140][ T3614] CPU0 CPU1 [ 49.651489][ T3614] ---- ---- [ 49.656845][ T3614] lock(&journal->j_checkpoint_mutex); [ 49.662373][ T3614] lock(&journal->j_barrier); [ 49.669637][ T3614] lock(&journal->j_checkpoint_mutex); [ 49.677679][ T3614] lock(&sb->s_type->i_mutex_key#8); [ 49.683035][ T3614] [ 49.683035][ T3614] *** DEADLOCK *** [ 49.683035][ T3614] [ 49.691159][ T3614] 2 locks held by syz-executor131/3614: [ 49.696681][ T3614] #0: ffff88814a9ac170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x15e/0x310 [ 49.707542][ T3614] #1: ffff88814a9ac3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x487/0xc00 [ 49.718581][ T3614] [ 49.718581][ T3614] stack backtrace: [ 49.724458][ T3614] CPU: 1 PID: 3614 Comm: syz-executor131 Not tainted 5.19.0-syzkaller-13946-g0947ae112108 #0 [ 49.734866][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 49.744919][ T3614] Call Trace: [ 49.748189][ T3614] [ 49.751127][ T3614] dump_stack_lvl+0xcd/0x134 [ 49.755735][ T3614] check_noncircular+0x25f/0x2e0 [ 49.760666][ T3614] ? print_circular_bug+0x1e0/0x1e0 [ 49.765938][ T3614] ? lock_downgrade+0x6e0/0x6e0 [ 49.770788][ T3614] ? mark_held_locks+0x9f/0xe0 [ 49.775544][ T3614] ? finish_task_switch.isra.0+0x2b5/0xc70 [ 49.781348][ T3614] ? finish_task_switch.isra.0+0x2b5/0xc70 [ 49.787150][ T3614] __lock_acquire+0x2a43/0x56d0 [ 49.791990][ T3614] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 49.798043][ T3614] ? find_held_lock+0x2d/0x110 [ 49.802793][ T3614] lock_acquire+0x1ab/0x570 [ 49.807293][ T3614] ? ext4_bmap+0x4e/0x460 [ 49.811610][ T3614] ? lock_release+0x780/0x780 [ 49.816274][ T3614] down_read+0x98/0x450 [ 49.820416][ T3614] ? ext4_bmap+0x4e/0x460 [ 49.824728][ T3614] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 49.830459][ T3614] ? find_held_lock+0x2d/0x110 [ 49.835209][ T3614] ext4_bmap+0x4e/0x460 [ 49.839348][ T3614] ? ext4_readahead+0x140/0x140 [ 49.844183][ T3614] bmap+0xaa/0x120 [ 49.847921][ T3614] ? do_raw_read_unlock+0x70/0x70 [ 49.852947][ T3614] jbd2_journal_bmap+0xa8/0x180 [ 49.857796][ T3614] ? jbd2_log_start_commit+0x40/0x40 [ 49.863076][ T3614] ? _raw_write_unlock+0x24/0x40 [ 49.868009][ T3614] ? jbd2_mark_journal_empty+0x307/0x3f0 [ 49.873632][ T3614] jbd2_journal_flush+0x84f/0xc00 [ 49.878646][ T3614] ? jbd2_fc_get_buf+0x310/0x310 [ 49.883566][ T3614] ? lockdep_hardirqs_on+0x79/0x100 [ 49.888750][ T3614] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 49.894541][ T3614] ? ___ratelimit+0x222/0x4b0 [ 49.899200][ T3614] ? __ext4_ioctl.cold+0x5/0x7e [ 49.904039][ T3614] __ext4_ioctl+0x28fd/0x4ab0 [ 49.908712][ T3614] ? tomoyo_path_number_perm+0x24e/0x590 [ 49.914335][ T3614] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 49.920141][ T3614] ? ext4_reset_inode_seed+0x440/0x440 [ 49.925586][ T3614] ? __sanitizer_cov_trace_switch+0x50/0x90 [ 49.931468][ T3614] ? do_vfs_ioctl+0x132/0x15c0 [ 49.936216][ T3614] ? vfs_fileattr_set+0xbe0/0xbe0 [ 49.941225][ T3614] ? find_held_lock+0x2d/0x110 [ 49.945971][ T3614] ? calibrate_delay+0xe72/0x1120 [ 49.950982][ T3614] ? lock_downgrade+0x6e0/0x6e0 [ 49.955821][ T3614] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.961008][ T3614] ? bpf_lsm_file_ioctl+0x5/0x10 [ 49.965928][ T3614] ? ext4_fileattr_set+0x1930/0x1930 [ 49.971198][ T3614] __x64_sys_ioctl+0x193/0x200 [ 49.975944][ T3614] do_syscall_64+0x35/0xb0 [ 49.980344][ T3614] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.986224][ T3614] RIP: 0033:0x7fa35f209bc9 [ 49.990621][ T3614] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.010213][ T3614] RSP: 002b:00007ffc0dd580f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 50.018620][ T3614] RAX: ffffffffffffffda RBX: 652e79726f6d656d RCX: 00007fa35f209bc9 [ 50.026574][ T3614] RDX: 00000000200005c0 RSI: 000000004004662b RDI: 0000000000000005 [ 50.034539][ T3614] RBP: 00007fa35f1cdd70 R08: 0000000000000000 R09: 0000000000000000 [ 50.042494][ T3614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa35f1cde00 ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x2b, 0x4), 0x200005c0) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 50.050447][ T3614] R13: 0000000000000000 R14: 00000