Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. executing program [ 67.481225][ T3632] [ 67.483609][ T3632] ====================================================== [ 67.490655][ T3632] WARNING: possible circular locking dependency detected [ 67.497689][ T3632] 6.1.18-syzkaller #0 Not tainted [ 67.502710][ T3632] ------------------------------------------------------ [ 67.509730][ T3632] syz-executor252/3632 is trying to acquire lock: [ 67.516139][ T3632] ffff88814b400400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_bmap+0x4b/0x410 [ 67.525763][ T3632] [ 67.525763][ T3632] but task is already holding lock: [ 67.533128][ T3632] ffff88807e8a63f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x323/0xc40 [ 67.543840][ T3632] [ 67.543840][ T3632] which lock already depends on the new lock. [ 67.543840][ T3632] [ 67.554235][ T3632] [ 67.554235][ T3632] the existing dependency chain (in reverse order) is: [ 67.563625][ T3632] [ 67.563625][ T3632] -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 67.572596][ T3632] lock_acquire+0x23a/0x630 [ 67.577639][ T3632] __mutex_lock_common+0x1d4/0x2520 [ 67.583464][ T3632] mutex_lock_io_nested+0x43/0x60 [ 67.589011][ T3632] jbd2_journal_flush+0x29b/0xc40 [ 67.594665][ T3632] ext4_ioctl+0x3a9f/0x6220 [ 67.599700][ T3632] __se_sys_ioctl+0xf1/0x160 [ 67.604821][ T3632] do_syscall_64+0x3d/0xb0 [ 67.609759][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.616194][ T3632] [ 67.616194][ T3632] -> #2 (&journal->j_barrier){+.+.}-{3:3}: [ 67.624409][ T3632] lock_acquire+0x23a/0x630 [ 67.629466][ T3632] __mutex_lock_common+0x1d4/0x2520 [ 67.635212][ T3632] mutex_lock_nested+0x17/0x20 [ 67.640539][ T3632] jbd2_journal_lock_updates+0x2a8/0x370 [ 67.646712][ T3632] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 67.653311][ T3632] ext4_fileattr_set+0xe04/0x1770 [ 67.658865][ T3632] vfs_fileattr_set+0x8f3/0xd30 [ 67.664254][ T3632] do_vfs_ioctl+0x1cd1/0x2a90 [ 67.669475][ T3632] __se_sys_ioctl+0x81/0x160 [ 67.675198][ T3632] do_syscall_64+0x3d/0xb0 [ 67.680143][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.686569][ T3632] [ 67.686569][ T3632] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 67.695007][ T3632] lock_acquire+0x23a/0x630 [ 67.700047][ T3632] percpu_down_write+0x50/0x2e0 [ 67.705514][ T3632] ext4_ind_migrate+0x254/0x760 [ 67.710888][ T3632] ext4_fileattr_set+0xe9b/0x1770 [ 67.716443][ T3632] vfs_fileattr_set+0x8f3/0xd30 [ 67.721828][ T3632] do_vfs_ioctl+0x1cd1/0x2a90 [ 67.727036][ T3632] __se_sys_ioctl+0x81/0x160 [ 67.732160][ T3632] do_syscall_64+0x3d/0xb0 [ 67.737098][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.743526][ T3632] [ 67.743526][ T3632] -> #0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 67.752137][ T3632] validate_chain+0x1667/0x58e0 [ 67.757536][ T3632] __lock_acquire+0x125b/0x1f80 [ 67.762950][ T3632] lock_acquire+0x23a/0x630 [ 67.768009][ T3632] down_read+0x39/0x50 [ 67.772626][ T3632] ext4_bmap+0x4b/0x410 [ 67.777330][ T3632] bmap+0xa1/0xd0 [ 67.781498][ T3632] jbd2_journal_flush+0x5b5/0xc40 [ 67.787055][ T3632] ext4_ioctl+0x3a9f/0x6220 [ 67.792090][ T3632] __se_sys_ioctl+0xf1/0x160 [ 67.797226][ T3632] do_syscall_64+0x3d/0xb0 [ 67.802183][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.808611][ T3632] [ 67.808611][ T3632] other info that might help us debug this: [ 67.808611][ T3632] [ 67.818834][ T3632] Chain exists of: [ 67.818834][ T3632] &sb->s_type->i_mutex_key#8 --> &journal->j_barrier --> &journal->j_checkpoint_mutex [ 67.818834][ T3632] [ 67.834330][ T3632] Possible unsafe locking scenario: [ 67.834330][ T3632] [ 67.841780][ T3632] CPU0 CPU1 [ 67.847145][ T3632] ---- ---- [ 67.852616][ T3632] lock(&journal->j_checkpoint_mutex); [ 67.858180][ T3632] lock(&journal->j_barrier); [ 67.865465][ T3632] lock(&journal->j_checkpoint_mutex); [ 67.873535][ T3632] lock(&sb->s_type->i_mutex_key#8); [ 67.878931][ T3632] [ 67.878931][ T3632] *** DEADLOCK *** [ 67.878931][ T3632] [ 67.887198][ T3632] 2 locks held by syz-executor252/3632: [ 67.892837][ T3632] #0: ffff88807e8a6170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x2a8/0x370 [ 67.903736][ T3632] #1: ffff88807e8a63f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x323/0xc40 [ 67.914792][ T3632] [ 67.914792][ T3632] stack backtrace: [ 67.920676][ T3632] CPU: 1 PID: 3632 Comm: syz-executor252 Not tainted 6.1.18-syzkaller #0 [ 67.929095][ T3632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 67.939176][ T3632] Call Trace: [ 67.942464][ T3632] [ 67.945399][ T3632] dump_stack_lvl+0x1e3/0x2cb [ 67.950090][ T3632] ? nf_tcp_handle_invalid+0x642/0x642 [ 67.955560][ T3632] ? print_circular_bug+0x12b/0x1a0 [ 67.960851][ T3632] check_noncircular+0x2fa/0x3b0 [ 67.965798][ T3632] ? add_chain_block+0x850/0x850 [ 67.970737][ T3632] ? lockdep_lock+0x11f/0x2a0 [ 67.975425][ T3632] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 67.981419][ T3632] ? print_irqtrace_events+0x210/0x210 [ 67.986888][ T3632] ? _find_first_zero_bit+0xd0/0x100 [ 67.992186][ T3632] validate_chain+0x1667/0x58e0 [ 67.997051][ T3632] ? __schedule+0x1399/0x4390 [ 68.001765][ T3632] ? reacquire_held_locks+0x660/0x660 [ 68.007213][ T3632] ? reacquire_held_locks+0x660/0x660 [ 68.012632][ T3632] ? mark_lock+0x9a/0x340 [ 68.016984][ T3632] ? __sched_text_start+0x8/0x8 [ 68.021839][ T3632] ? do_raw_spin_unlock+0x137/0x8a0 [ 68.027164][ T3632] ? mark_lock+0x9a/0x340 [ 68.031533][ T3632] __lock_acquire+0x125b/0x1f80 [ 68.036432][ T3632] lock_acquire+0x23a/0x630 [ 68.040994][ T3632] ? ext4_bmap+0x4b/0x410 [ 68.045436][ T3632] ? read_lock_is_recursive+0x10/0x10 [ 68.050847][ T3632] ? __might_sleep+0xb0/0xb0 [ 68.055483][ T3632] ? jbd2_journal_flush+0x374/0xc40 [ 68.060992][ T3632] ? __lock_acquire+0x1f80/0x1f80 [ 68.066048][ T3632] ? jbd2_cleanup_journal_tail+0x1a7/0x2c0 [ 68.072065][ T3632] ? ext4_journalled_write_end+0xf90/0xf90 [ 68.077930][ T3632] down_read+0x39/0x50 [ 68.082128][ T3632] ? ext4_bmap+0x4b/0x410 [ 68.086506][ T3632] ext4_bmap+0x4b/0x410 [ 68.090703][ T3632] ? ext4_journalled_write_end+0xf90/0xf90 [ 68.097236][ T3632] bmap+0xa1/0xd0 [ 68.101031][ T3632] jbd2_journal_flush+0x5b5/0xc40 [ 68.106105][ T3632] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 68.111943][ T3632] ? __bpf_trace_jbd2_shrink_checkpoint_list+0x50/0x50 [ 68.118832][ T3632] ? bpf_lsm_capable+0x5/0x10 [ 68.123544][ T3632] ? security_capable+0x86/0xb0 [ 68.128443][ T3632] ext4_ioctl+0x3a9f/0x6220 [ 68.132964][ T3632] ? kasan_set_track+0x4b/0x70 [ 68.137740][ T3632] ? security_file_ioctl+0x6d/0xa0 [ 68.142949][ T3632] ? __se_sys_ioctl+0x47/0x160 [ 68.147737][ T3632] ? do_syscall_64+0x3d/0xb0 [ 68.152371][ T3632] ? ext4_fileattr_set+0x1770/0x1770 [ 68.157672][ T3632] ? rcu_lock_release+0x5/0x20 [ 68.162444][ T3632] ? rcu_read_lock_sched_held+0x89/0x130 [ 68.168096][ T3632] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 68.174095][ T3632] ? do_vfs_ioctl+0x1ab2/0x2a90 [ 68.178976][ T3632] ? __x64_compat_sys_ioctl+0x80/0x80 [ 68.184363][ T3632] ? __lock_acquire+0x1f80/0x1f80 [ 68.189754][ T3632] ? lockdep_hardirqs_on+0x94/0x130 [ 68.195007][ T3632] ? __kmem_cache_free+0x25c/0x3c0 [ 68.200164][ T3632] ? tomoyo_path_number_perm+0x5f4/0x7b0 [ 68.205908][ T3632] ? tomoyo_path_number_perm+0x657/0x7b0 [ 68.211618][ T3632] ? print_irqtrace_events+0x210/0x210 [ 68.217112][ T3632] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 68.222590][ T3632] ? lockdep_hardirqs_on+0x94/0x130 [ 68.227808][ T3632] ? kmem_cache_free+0x2b6/0x580 [ 68.232762][ T3632] ? do_sys_openat2+0x42b/0x500 [ 68.237632][ T3632] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 68.243653][ T3632] ? print_irqtrace_events+0x210/0x210 [ 68.249129][ T3632] ? print_irqtrace_events+0x210/0x210 [ 68.254679][ T3632] ? bpf_lsm_file_ioctl+0x5/0x10 [ 68.259683][ T3632] ? security_file_ioctl+0x7d/0xa0 [ 68.264841][ T3632] ? ext4_fileattr_set+0x1770/0x1770 [ 68.270209][ T3632] __se_sys_ioctl+0xf1/0x160 [ 68.274853][ T3632] do_syscall_64+0x3d/0xb0 [ 68.279337][ T3632] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.285353][ T3632] RIP: 0033:0x7f94048f9059 [ 68.289875][ T3632] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 68.309706][ T3632] RSP: 002b:00007ffdbae51418 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.318160][ T3632] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f94048f9059 [ 68.326332][ T3632] RDX: 0000000020000700 RSI: 000000004004662b RDI: 0000000000000004 [ 68.33