Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. executing program [ 67.666474][ T3628] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 67.718807][ T3628] [ 67.730435][ T3628] ====================================================== [ 67.737443][ T3628] WARNING: possible circular locking dependency detected [ 67.744452][ T3628] 6.1.19-syzkaller #0 Not tainted [ 67.749482][ T3628] ------------------------------------------------------ [ 67.756513][ T3628] syz-executor106/3628 is trying to acquire lock: [ 67.763017][ T3628] ffff88807ed56170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x2a8/0x370 [ 67.773480][ T3628] [ 67.773480][ T3628] but task is already holding lock: [ 67.781020][ T3628] ffff88807ed54b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 67.792347][ T3628] [ 67.792347][ T3628] which lock already depends on the new lock. [ 67.792347][ T3628] [ 67.802753][ T3628] [ 67.802753][ T3628] the existing dependency chain (in reverse order) is: [ 67.811760][ T3628] [ 67.811760][ T3628] -> #4 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 67.820187][ T3628] lock_acquire+0x23a/0x630 [ 67.825225][ T3628] percpu_down_write+0x50/0x2e0 [ 67.830605][ T3628] ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 67.837297][ T3628] ext4_fileattr_set+0xe04/0x1770 [ 67.842846][ T3628] vfs_fileattr_set+0x8f3/0xd30 [ 67.848224][ T3628] do_vfs_ioctl+0x1cd1/0x2a90 [ 67.853439][ T3628] __se_sys_ioctl+0x81/0x160 [ 67.858578][ T3628] do_syscall_64+0x3d/0xb0 [ 67.863510][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.869940][ T3628] [ 67.869940][ T3628] -> #3 (mapping.invalidate_lock){++++}-{3:3}: [ 67.878488][ T3628] lock_acquire+0x23a/0x630 [ 67.883585][ T3628] down_write+0x36/0x60 [ 67.888271][ T3628] ext4_setattr+0xec7/0x1a00 [ 67.893388][ T3628] notify_change+0xdcd/0x1080 [ 67.898610][ T3628] do_truncate+0x21c/0x300 [ 67.903552][ T3628] do_sys_ftruncate+0x2e2/0x380 [ 67.908925][ T3628] do_syscall_64+0x3d/0xb0 [ 67.913945][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.920384][ T3628] [ 67.920384][ T3628] -> #2 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 67.928992][ T3628] lock_acquire+0x23a/0x630 [ 67.934024][ T3628] down_read+0x39/0x50 [ 67.938611][ T3628] ext4_bmap+0x4b/0x410 [ 67.943389][ T3628] bmap+0xa1/0xd0 [ 67.947546][ T3628] jbd2_journal_flush+0x5b5/0xc40 [ 67.953098][ T3628] ext4_ioctl+0x3a9f/0x6220 [ 67.958126][ T3628] __se_sys_ioctl+0xf1/0x160 [ 67.963256][ T3628] do_syscall_64+0x3d/0xb0 [ 67.968197][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.974628][ T3628] [ 67.974628][ T3628] -> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 67.983501][ T3628] lock_acquire+0x23a/0x630 [ 67.988558][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 67.994283][ T3628] mutex_lock_io_nested+0x43/0x60 [ 67.999917][ T3628] jbd2_journal_flush+0x29b/0xc40 [ 68.005469][ T3628] ext4_ioctl+0x3a9f/0x6220 [ 68.010584][ T3628] __se_sys_ioctl+0xf1/0x160 [ 68.015699][ T3628] do_syscall_64+0x3d/0xb0 [ 68.020647][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.027089][ T3628] [ 68.027089][ T3628] -> #0 (&journal->j_barrier){+.+.}-{3:3}: [ 68.035097][ T3628] validate_chain+0x1667/0x58e0 [ 68.040480][ T3628] __lock_acquire+0x125b/0x1f80 [ 68.045864][ T3628] lock_acquire+0x23a/0x630 [ 68.050906][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 68.056629][ T3628] mutex_lock_nested+0x17/0x20 [ 68.061924][ T3628] jbd2_journal_lock_updates+0x2a8/0x370 [ 68.068087][ T3628] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 68.074679][ T3628] ext4_fileattr_set+0xe04/0x1770 [ 68.080231][ T3628] vfs_fileattr_set+0x8f3/0xd30 [ 68.085604][ T3628] do_vfs_ioctl+0x1cd1/0x2a90 [ 68.090806][ T3628] __se_sys_ioctl+0x81/0x160 [ 68.095953][ T3628] do_syscall_64+0x3d/0xb0 [ 68.100908][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.107415][ T3628] [ 68.107415][ T3628] other info that might help us debug this: [ 68.107415][ T3628] [ 68.117650][ T3628] Chain exists of: [ 68.117650][ T3628] &journal->j_barrier --> mapping.invalidate_lock --> &sbi->s_writepages_rwsem [ 68.117650][ T3628] [ 68.132513][ T3628] Possible unsafe locking scenario: [ 68.132513][ T3628] [ 68.139958][ T3628] CPU0 CPU1 [ 68.145317][ T3628] ---- ---- [ 68.150688][ T3628] lock(&sbi->s_writepages_rwsem); [ 68.155881][ T3628] lock(mapping.invalidate_lock); [ 68.163514][ T3628] lock(&sbi->s_writepages_rwsem); [ 68.171230][ T3628] lock(&journal->j_barrier); [ 68.175992][ T3628] [ 68.175992][ T3628] *** DEADLOCK *** [ 68.175992][ T3628] [ 68.184127][ T3628] 4 locks held by syz-executor106/3628: [ 68.189663][ T3628] #0: ffff88807ed52460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0 [ 68.199351][ T3628] #1: ffff8880745ba218 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: vfs_fileattr_set+0x135/0xd30 [ 68.210152][ T3628] #2: ffff8880745ba3b8 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x115/0x6e0 [ 68.221825][ T3628] #3: ffff88807ed54b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x1a0/0x6e0 [ 68.233571][ T3628] [ 68.233571][ T3628] stack backtrace: [ 68.239450][ T3628] CPU: 1 PID: 3628 Comm: syz-executor106 Not tainted 6.1.19-syzkaller #0 [ 68.247872][ T3628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 68.257922][ T3628] Call Trace: [ 68.261195][ T3628] [ 68.264214][ T3628] dump_stack_lvl+0x1e3/0x2cb [ 68.268893][ T3628] ? nf_tcp_handle_invalid+0x642/0x642 [ 68.274438][ T3628] ? print_circular_bug+0x12b/0x1a0 [ 68.279632][ T3628] check_noncircular+0x2fa/0x3b0 [ 68.284566][ T3628] ? add_chain_block+0x850/0x850 [ 68.289499][ T3628] ? lockdep_lock+0x11f/0x2a0 [ 68.294195][ T3628] ? validate_chain+0x115/0x58e0 [ 68.299130][ T3628] ? noop_count+0x30/0x30 [ 68.303455][ T3628] ? _find_first_zero_bit+0xd0/0x100 [ 68.308738][ T3628] validate_chain+0x1667/0x58e0 [ 68.313593][ T3628] ? lockdep_unlock+0x165/0x300 [ 68.318445][ T3628] ? lockdep_unlock+0x165/0x300 [ 68.323310][ T3628] ? reacquire_held_locks+0x660/0x660 [ 68.328694][ T3628] ? validate_chain+0x13d1/0x58e0 [ 68.333738][ T3628] ? mark_lock+0x9a/0x340 [ 68.338066][ T3628] ? mark_lock+0x9a/0x340 [ 68.342392][ T3628] __lock_acquire+0x125b/0x1f80 [ 68.347254][ T3628] lock_acquire+0x23a/0x630 [ 68.351866][ T3628] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 68.357687][ T3628] ? read_lock_is_recursive+0x10/0x10 [ 68.363070][ T3628] ? __might_sleep+0xb0/0xb0 [ 68.367674][ T3628] ? jbd2_journal_lock_updates+0x297/0x370 [ 68.373484][ T3628] ? rcu_read_lock_sched_held+0x89/0x130 [ 68.379141][ T3628] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 68.385137][ T3628] __mutex_lock_common+0x1d4/0x2520 [ 68.390531][ T3628] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 68.396373][ T3628] ? jbd2_journal_lock_updates+0x2a8/0x370 [ 68.402212][ T3628] ? jbd2_journal_lock_updates+0x297/0x370 [ 68.408056][ T3628] ? mutex_lock_io_nested+0x60/0x60 [ 68.413261][ T3628] ? do_raw_read_unlock+0x70/0x70 [ 68.418318][ T3628] ? rcu_sync_func+0xaa/0x210 [ 68.423032][ T3628] mutex_lock_nested+0x17/0x20 [ 68.427801][ T3628] jbd2_journal_lock_updates+0x2a8/0x370 [ 68.433457][ T3628] ? jbd2_journal_wait_updates+0x2d0/0x2d0 [ 68.439294][ T3628] ? rcu_read_lock_sched_held+0x89/0x130 [ 68.444935][ T3628] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 68.451009][ T3628] ? percpu_down_write+0x2aa/0x2e0 [ 68.456125][ T3628] ext4_change_inode_journal_flag+0x1a8/0x6e0 [ 68.462250][ T3628] ext4_fileattr_set+0xe04/0x1770 [ 68.467316][ T3628] ? ext4_fileattr_get+0x200/0x200 [ 68.472545][ T3628] ? rwsem_write_trylock+0x166/0x210 [ 68.477954][ T3628] ? clear_nonspinnable+0x60/0x60 [ 68.483253][ T3628] ? memset+0x1f/0x40 [ 68.487266][ T3628] ? fileattr_fill_flags+0x1d0/0x300 [ 68.492576][ T3628] ? fscrypt_prepare_setflags+0x5d/0x220 [ 68.498214][ T3628] vfs_fileattr_set+0x8f3/0xd30 [ 68.503108][ T3628] ? copy_fsxattr_to_user+0x3a0/0x3a0 [ 68.508489][ T3628] ? rcu_read_lock_sched_held+0x89/0x130 [ 68.514139][ T3628] do_vfs_ioctl+0x1cd1/0x2a90 [ 68.518829][ T3628] ? __x64_compat_sys_ioctl+0x80/0x80 [ 68.524220][ T3628] ? __lock_acquire+0x1f80/0x1f80 [ 68.529267][ T3628] ? lockdep_hardirqs_on+0x94/0x130 [ 68.534666][ T3628] ? __kmem_cache_free+0x25c/0x3c0 [ 68.541084][ T3628] ? tomoyo_path_number_perm+0x5f4/0x7b0 [ 68.546740][ T3628] ? tomoyo_path_number_perm+0x657/0x7b0 [ 68.552384][ T3628] ? print_irqtrace_events+0x210/0x210 [ 68.557875][ T3628] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 68.563353][ T3628] ? lockdep_hardirqs_on+0x94/0x130 [ 68.568566][ T3628] ? kmem_cache_free+0x2b6/0x580 [ 68.573531][ T3628] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 68.579626][ T3628] ? print_irqtrace_events+0x210/0x210 [ 68.585204][ T3628] ? print_irqtrace_events+0x210/0x210 [ 68.590703][ T3628] ? bpf_lsm_file_ioctl+0x5/0x10 [ 68.595667][ T3628] ? security_file_ioctl+0x7d/0xa0 [ 68.600790][ T3628] __se_sys_ioctl+0x81/0x160 [ 68.605394][ T3628] do_syscall_64+0x3d/0xb0 [ 68.609814][ T3628] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.615815][ T3628] RIP: 0033:0x7fad7443e069 [ 68.620292][ T3628] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 68.639917][ T3628] RSP: 002b:00007ffeb8115778 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.648439][ T3628] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fad7443e069 [ 68.656537][ T3628] RDX: 0000000020000000 RSI: 0000000040086602 RDI: 0000000000000004 [ 68.664693][ T3628] RBP: 00007fad74402050 R08: 0000000000000000 R09: 0000000000000000 [