Warning: Permanently added '10.128.0.193' (ECDSA) to the list of known hosts. executing program [ 40.343581][ T5944] [ 40.344347][ T5944] ====================================================== [ 40.346208][ T5944] WARNING: possible circular locking dependency detected [ 40.348084][ T5944] 6.3.0-rc1-syzkaller-gfe15c26ee26e #0 Not tainted [ 40.349842][ T5944] ------------------------------------------------------ [ 40.351760][ T5944] syz-executor423/5944 is trying to acquire lock: [ 40.353520][ T5944] ffff0000c0550400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_bmap+0x58/0x35c [ 40.356219][ T5944] [ 40.356219][ T5944] but task is already holding lock: [ 40.358294][ T5944] ffff0000d879c3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x28c/0xa60 [ 40.361190][ T5944] [ 40.361190][ T5944] which lock already depends on the new lock. [ 40.361190][ T5944] [ 40.363957][ T5944] [ 40.363957][ T5944] the existing dependency chain (in reverse order) is: [ 40.366404][ T5944] [ 40.366404][ T5944] -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 40.368800][ T5944] __mutex_lock_common+0x190/0x21a0 [ 40.370367][ T5944] mutex_lock_io_nested+0x6c/0x88 [ 40.371891][ T5944] jbd2_journal_flush+0x210/0xa60 [ 40.373428][ T5944] ext4_ioctl+0x3860/0x6f58 [ 40.374801][ T5944] __arm64_sys_ioctl+0x14c/0x1c8 [ 40.376295][ T5944] invoke_syscall+0x98/0x2c0 [ 40.377660][ T5944] el0_svc_common+0x138/0x258 [ 40.379066][ T5944] do_el0_svc+0x64/0x198 [ 40.380350][ T5944] el0_svc+0x58/0x168 [ 40.381539][ T5944] el0t_64_sync_handler+0x84/0xf0 [ 40.383040][ T5944] el0t_64_sync+0x190/0x194 [ 40.384380][ T5944] [ 40.384380][ T5944] -> #2 (&journal->j_barrier){+.+.}-{3:3}: [ 40.386524][ T5944] __mutex_lock_common+0x190/0x21a0 [ 40.388106][ T5944] mutex_lock_nested+0x38/0x44 [ 40.389557][ T5944] jbd2_journal_lock_updates+0x260/0x324 [ 40.391207][ T5944] ext4_change_inode_journal_flag+0x15c/0x618 [ 40.393005][ T5944] ext4_fileattr_set+0xb5c/0x12d0 [ 40.394512][ T5944] vfs_fileattr_set+0x70c/0xad4 [ 40.396002][ T5944] do_vfs_ioctl+0x14cc/0x26f8 [ 40.397423][ T5944] __arm64_sys_ioctl+0xe4/0x1c8 [ 40.398875][ T5944] invoke_syscall+0x98/0x2c0 [ 40.400253][ T5944] el0_svc_common+0x138/0x258 [ 40.401699][ T5944] do_el0_svc+0x64/0x198 [ 40.403008][ T5944] el0_svc+0x58/0x168 [ 40.404241][ T5944] el0t_64_sync_handler+0x84/0xf0 [ 40.405706][ T5944] el0t_64_sync+0x190/0x194 [ 40.407071][ T5944] [ 40.407071][ T5944] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 40.409366][ T5944] percpu_down_write+0x78/0x2e0 [ 40.410805][ T5944] ext4_ind_migrate+0x174/0x6e4 [ 40.412270][ T5944] ext4_fileattr_set+0xbd0/0x12d0 [ 40.413763][ T5944] vfs_fileattr_set+0x70c/0xad4 [ 40.415225][ T5944] do_vfs_ioctl+0x14cc/0x26f8 [ 40.416642][ T5944] __arm64_sys_ioctl+0xe4/0x1c8 [ 40.418060][ T5944] invoke_syscall+0x98/0x2c0 [ 40.419520][ T5944] el0_svc_common+0x138/0x258 [ 40.420935][ T5944] do_el0_svc+0x64/0x198 [ 40.422226][ T5944] el0_svc+0x58/0x168 [ 40.423411][ T5944] el0t_64_sync_handler+0x84/0xf0 [ 40.424913][ T5944] el0t_64_sync+0x190/0x194 [ 40.426282][ T5944] [ 40.426282][ T5944] -> #0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 40.428612][ T5944] __lock_acquire+0x3338/0x764c [ 40.430050][ T5944] lock_acquire+0x2f0/0x8c8 [ 40.431424][ T5944] down_read+0x5c/0x78 [ 40.432683][ T5944] ext4_bmap+0x58/0x35c [ 40.433951][ T5944] bmap+0xa8/0xe8 [ 40.435091][ T5944] jbd2_journal_flush+0x4c0/0xa60 [ 40.436608][ T5944] ext4_ioctl+0x3860/0x6f58 [ 40.437933][ T5944] __arm64_sys_ioctl+0x14c/0x1c8 [ 40.439376][ T5944] invoke_syscall+0x98/0x2c0 [ 40.440750][ T5944] el0_svc_common+0x138/0x258 [ 40.442117][ T5944] do_el0_svc+0x64/0x198 [ 40.443397][ T5944] el0_svc+0x58/0x168 [ 40.444628][ T5944] el0t_64_sync_handler+0x84/0xf0 [ 40.446121][ T5944] el0t_64_sync+0x190/0x194 [ 40.447467][ T5944] [ 40.447467][ T5944] other info that might help us debug this: [ 40.447467][ T5944] [ 40.450268][ T5944] Chain exists of: [ 40.450268][ T5944] &sb->s_type->i_mutex_key#8 --> &journal->j_barrier --> &journal->j_checkpoint_mutex [ 40.450268][ T5944] [ 40.454435][ T5944] Possible unsafe locking scenario: [ 40.454435][ T5944] [ 40.456466][ T5944] CPU0 CPU1 [ 40.457920][ T5944] ---- ---- [ 40.459351][ T5944] lock(&journal->j_checkpoint_mutex); [ 40.460821][ T5944] lock(&journal->j_barrier); [ 40.462762][ T5944] lock(&journal->j_checkpoint_mutex); [ 40.464930][ T5944] lock(&sb->s_type->i_mutex_key#8); [ 40.466415][ T5944] [ 40.466415][ T5944] *** DEADLOCK *** [ 40.466415][ T5944] [ 40.468652][ T5944] 2 locks held by syz-executor423/5944: [ 40.470190][ T5944] #0: ffff0000d879c170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x260/0x324 [ 40.473144][ T5944] #1: ffff0000d879c3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x28c/0xa60 [ 40.476187][ T5944] [ 40.476187][ T5944] stack backtrace: [ 40.477785][ T5944] CPU: 0 PID: 5944 Comm: syz-executor423 Not tainted 6.3.0-rc1-syzkaller-gfe15c26ee26e #0 [ 40.480434][ T5944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 40.483121][ T5944] Call trace: [ 40.483983][ T5944] dump_backtrace+0x1c8/0x1f4 [ 40.485267][ T5944] show_stack+0x2c/0x3c [ 40.486384][ T5944] dump_stack_lvl+0xd0/0x124 [ 40.487645][ T5944] dump_stack+0x1c/0x28 [ 40.488770][ T5944] print_circular_bug+0x150/0x1b8 [ 40.490105][ T5944] check_noncircular+0x2cc/0x378 [ 40.491439][ T5944] __lock_acquire+0x3338/0x764c [ 40.492761][ T5944] lock_acquire+0x2f0/0x8c8 [ 40.493955][ T5944] down_read+0x5c/0x78 [ 40.495065][ T5944] ext4_bmap+0x58/0x35c [ 40.496206][ T5944] bmap+0xa8/0xe8 [ 40.497182][ T5944] jbd2_journal_flush+0x4c0/0xa60 [ 40.498545][ T5944] ext4_ioctl+0x3860/0x6f58 [ 40.499768][ T5944] __arm64_sys_ioctl+0x14c/0x1c8 [ 40.501073][ T5944] invoke_syscall+0x98/0x2c0 [ 40.502335][ T5944] el0_svc_common+0x138/0x258 [ 40.503564][ T5944] do_el0_svc+0x64/0x198 [ 40.504702][ T5944] el0_svc+0x58/0x168 [ 40.505753][ T5944] el0t_64_sync_handler+0x84/0xf0 [ 40.507134][ T5944] el0t_64_sync+0x190/0x194