./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor504022127 <...> DUID 00:04:7b:a2:e0:73:6b:5f:a9:8e:d4:f6:53:82:b5:31:a7:5e forked to background, child pid 4644 [ 30.552809][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.563145][ T4645] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. execve("./syz-executor504022127", ["./syz-executor504022127"], 0x7ffd38efba40 /* 10 vars */) = 0 brk(NULL) = 0x5555556fa000 brk(0x5555556fac40) = 0x5555556fac40 arch_prctl(ARCH_SET_FS, 0x5555556fa300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor504022127", 4096) = 27 brk(0x55555571bc40) = 0x55555571bc40 brk(0x55555571c000) = 0x55555571c000 mprotect(0x7ff5221e8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 3 ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 syzkaller login: [ 56.291492][ T27] audit: type=1800 audit(1672882917.157:2): pid=5066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor504" name="bus" dev="sda1" ino=1138 res=0 errno=0 [ 56.318374][ T5066] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 56.339973][ T5066] [ 56.351572][ T5066] ====================================================== [ 56.358569][ T5066] WARNING: possible circular locking dependency detected [ 56.365565][ T5066] 6.2.0-rc2-syzkaller-00010-g69b41ac87e4a #0 Not tainted [ 56.372564][ T5066] ------------------------------------------------------ [ 56.379563][ T5066] syz-executor504/5066 is trying to acquire lock: [ 56.385957][ T5066] ffff888140d10400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_bmap+0x55/0x410 [ 56.395542][ T5066] [ 56.395542][ T5066] but task is already holding lock: [ 56.402888][ T5066] ffff88814c1483f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x330/0xca0 [ 56.413482][ T5066] [ 56.413482][ T5066] which lock already depends on the new lock. [ 56.413482][ T5066] [ 56.423888][ T5066] [ 56.423888][ T5066] the existing dependency chain (in reverse order) is: [ 56.432887][ T5066] [ 56.432887][ T5066] -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: [ 56.441648][ T5066] lock_acquire+0x182/0x3c0 [ 56.446663][ T5066] __mutex_lock_common+0x1bd/0x26e0 [ 56.452381][ T5066] mutex_lock_io_nested+0x43/0x60 [ 56.457913][ T5066] jbd2_journal_flush+0x2a6/0xca0 [ 56.463471][ T5066] ext4_ioctl+0x3224/0x54f0 [ 56.468481][ T5066] __se_sys_ioctl+0xfb/0x170 [ 56.473580][ T5066] do_syscall_64+0x3d/0xb0 [ 56.478505][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.484911][ T5066] [ 56.484911][ T5066] -> #2 (&journal->j_barrier){+.+.}-{3:3}: [ 56.492886][ T5066] lock_acquire+0x182/0x3c0 [ 56.497897][ T5066] __mutex_lock_common+0x1bd/0x26e0 [ 56.503604][ T5066] mutex_lock_nested+0x17/0x20 [ 56.508968][ T5066] jbd2_journal_lock_updates+0x29d/0x370 [ 56.515110][ T5066] ext4_change_inode_journal_flag+0x1a2/0x6c0 [ 56.521681][ T5066] ext4_fileattr_set+0xdf1/0x1810 [ 56.527213][ T5066] vfs_fileattr_set+0x8be/0xd20 [ 56.532568][ T5066] do_vfs_ioctl+0x1d02/0x2980 [ 56.537754][ T5066] __se_sys_ioctl+0x83/0x170 [ 56.542853][ T5066] do_syscall_64+0x3d/0xb0 [ 56.547777][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.554180][ T5066] [ 56.554180][ T5066] -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 56.562591][ T5066] lock_acquire+0x182/0x3c0 [ 56.567622][ T5066] percpu_down_write+0x50/0x300 [ 56.572983][ T5066] ext4_ind_migrate+0x262/0x730 [ 56.578344][ T5066] ext4_fileattr_set+0xe7c/0x1810 [ 56.583875][ T5066] vfs_fileattr_set+0x8be/0xd20 [ 56.589232][ T5066] do_vfs_ioctl+0x1d02/0x2980 [ 56.594416][ T5066] __se_sys_ioctl+0x83/0x170 [ 56.599523][ T5066] do_syscall_64+0x3d/0xb0 [ 56.604454][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.610858][ T5066] [ 56.610858][ T5066] -> #0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 56.619464][ T5066] validate_chain+0x1898/0x6ae0 [ 56.624829][ T5066] __lock_acquire+0x1292/0x1f60 [ 56.630190][ T5066] lock_acquire+0x182/0x3c0 [ 56.635201][ T5066] down_read+0x39/0x50 [ 56.639779][ T5066] ext4_bmap+0x55/0x410 [ 56.644471][ T5066] bmap+0xa1/0xd0 [ 56.648612][ T5066] jbd2_journal_flush+0x5d0/0xca0 [ 56.654148][ T5066] ext4_ioctl+0x3224/0x54f0 [ 56.659158][ T5066] __se_sys_ioctl+0xfb/0x170 [ 56.664258][ T5066] do_syscall_64+0x3d/0xb0 [ 56.669187][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.675592][ T5066] [ 56.675592][ T5066] other info that might help us debug this: [ 56.675592][ T5066] [ 56.685804][ T5066] Chain exists of: [ 56.685804][ T5066] &sb->s_type->i_mutex_key#8 --> &journal->j_barrier --> &journal->j_checkpoint_mutex [ 56.685804][ T5066] [ 56.701280][ T5066] Possible unsafe locking scenario: [ 56.701280][ T5066] [ 56.708717][ T5066] CPU0 CPU1 [ 56.714067][ T5066] ---- ---- [ 56.719415][ T5066] lock(&journal->j_checkpoint_mutex); [ 56.724963][ T5066] lock(&journal->j_barrier); [ 56.732229][ T5066] lock(&journal->j_checkpoint_mutex); [ 56.740279][ T5066] lock(&sb->s_type->i_mutex_key#8); [ 56.745728][ T5066] [ 56.745728][ T5066] *** DEADLOCK *** [ 56.745728][ T5066] [ 56.753878][ T5066] 2 locks held by syz-executor504/5066: [ 56.759409][ T5066] #0: ffff88814c148170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x29d/0x370 [ 56.770274][ T5066] #1: ffff88814c1483f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x330/0xca0 [ 56.781323][ T5066] [ 56.781323][ T5066] stack backtrace: [ 56.787207][ T5066] CPU: 1 PID: 5066 Comm: syz-executor504 Not tainted 6.2.0-rc2-syzkaller-00010-g69b41ac87e4a #0 [ 56.797609][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 56.807649][ T5066] Call Trace: [ 56.810920][ T5066] [ 56.813838][ T5066] dump_stack_lvl+0x1b1/0x290 [ 56.818513][ T5066] ? nf_tcp_handle_invalid+0x630/0x630 [ 56.823967][ T5066] ? print_circular_bug+0x13e/0x1c0 [ 56.829159][ T5066] check_noncircular+0x2cc/0x390 [ 56.834086][ T5066] ? add_chain_block+0x850/0x850 [ 56.839012][ T5066] ? lockdep_lock+0x102/0x290 [ 56.843676][ T5066] ? validate_chain+0x177/0x6ae0 [ 56.848602][ T5066] ? _find_first_zero_bit+0xe8/0x110 [ 56.853880][ T5066] validate_chain+0x1898/0x6ae0 [ 56.858728][ T5066] ? reacquire_held_locks+0x650/0x650 [ 56.864090][ T5066] ? reacquire_held_locks+0x650/0x650 [ 56.869450][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 56.875072][ T5066] ? reacquire_held_locks+0x650/0x650 [ 56.880431][ T5066] ? validate_chain+0x177/0x6ae0 [ 56.885365][ T5066] ? __bitmap_and+0x2f0/0x310 [ 56.890034][ T5066] ? _find_next_and_bit+0x18d/0x190 [ 56.895220][ T5066] ? trace_sched_overutilized_tp+0x93/0x220 [ 56.901102][ T5066] ? load_balance+0x3006/0x6e40 [ 56.905948][ T5066] ? stack_trace_save+0x1e0/0x1e0 [ 56.910968][ T5066] ? stack_trace_save+0x1e0/0x1e0 [ 56.915983][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 56.921603][ T5066] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 56.927572][ T5066] ? rcu_lock_release+0x5/0x20 [ 56.932417][ T5066] ? trace_lock_release+0x95/0x220 [ 56.937527][ T5066] ? stack_trace_save+0x1e0/0x1e0 [ 56.942550][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 56.948173][ T5066] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 56.954158][ T5066] ? update_cfs_rq_load_avg+0x483/0x570 [ 56.959790][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 56.965414][ T5066] ? mark_lock+0x9a/0x350 [ 56.969736][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 56.975363][ T5066] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 56.981345][ T5066] ? rcu_lock_acquire+0x30/0x30 [ 56.986197][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 56.991837][ T5066] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 56.997811][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 57.003436][ T5066] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 57.009407][ T5066] ? finish_lock_switch+0x89/0x100 [ 57.014513][ T5066] ? trace_lock_release+0x95/0x220 [ 57.019618][ T5066] ? mark_lock+0x9a/0x350 [ 57.023943][ T5066] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 57.029914][ T5066] ? print_irqtrace_events+0x220/0x220 [ 57.035366][ T5066] ? do_raw_spin_unlock+0x134/0x8a0 [ 57.040552][ T5066] ? finish_lock_switch+0x8e/0x100 [ 57.045653][ T5066] ? lockdep_hardirqs_on+0x8d/0x130 [ 57.050837][ T5066] ? finish_lock_switch+0x8e/0x100 [ 57.055940][ T5066] ? finish_task_switch+0x1f6/0x610 [ 57.061129][ T5066] ? __switch_to_asm+0x34/0x60 [ 57.065886][ T5066] ? __schedule+0x99d/0xe20 [ 57.070379][ T5066] ? release_firmware_map_entry+0x180/0x180 [ 57.076260][ T5066] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 57.082260][ T5066] ? print_irqtrace_events+0x220/0x220 [ 57.087731][ T5066] ? do_raw_spin_unlock+0x134/0x8a0 [ 57.092933][ T5066] ? _raw_spin_unlock_irqrestore+0x8b/0x120 [ 57.098819][ T5066] ? lockdep_hardirqs_on+0x8d/0x130 [ 57.104006][ T5066] ? mark_lock+0x9a/0x350 [ 57.108325][ T5066] __lock_acquire+0x1292/0x1f60 [ 57.113254][ T5066] lock_acquire+0x182/0x3c0 [ 57.117750][ T5066] ? ext4_bmap+0x55/0x410 [ 57.122073][ T5066] ? read_lock_is_recursive+0x10/0x10 [ 57.127433][ T5066] ? jbd2_journal_flush+0x383/0xca0 [ 57.132624][ T5066] ? __might_sleep+0xc0/0xc0 [ 57.137207][ T5066] ? jbd2_journal_flush+0x383/0xca0 [ 57.142399][ T5066] ? __lock_acquire+0x1f60/0x1f60 [ 57.147420][ T5066] ? jbd2_cleanup_journal_tail+0x155/0x230 [ 57.153219][ T5066] ? ext4_journalled_write_end+0xc60/0xc60 [ 57.159021][ T5066] down_read+0x39/0x50 [ 57.163085][ T5066] ? ext4_bmap+0x55/0x410 [ 57.167405][ T5066] ext4_bmap+0x55/0x410 [ 57.171572][ T5066] ? ext4_journalled_write_end+0xc60/0xc60 [ 57.177365][ T5066] bmap+0xa1/0xd0 [ 57.181000][ T5066] jbd2_journal_flush+0x5d0/0xca0 [ 57.186018][ T5066] ? mutex_lock_nested+0x17/0x20 [ 57.190953][ T5066] ? __bpf_trace_jbd2_shrink_checkpoint_list+0x50/0x50 [ 57.197791][ T5066] ? bpf_lsm_capable+0x5/0x10 [ 57.202457][ T5066] ? security_capable+0xb1/0xd0 [ 57.207311][ T5066] ext4_ioctl+0x3224/0x54f0 [ 57.211802][ T5066] ? do_syscall_64+0x3d/0xb0 [ 57.216393][ T5066] ? ext4_fileattr_set+0x1810/0x1810 [ 57.221666][ T5066] ? rcu_read_lock_sched_held+0x87/0x110 [ 57.227289][ T5066] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 57.233259][ T5066] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 57.239145][ T5066] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 57.245113][ T5066] ? rcu_lock_release+0x5/0x20 [ 57.249870][ T5066] ? do_vfs_ioctl+0x1a1c/0x2980 [ 57.254711][ T5066] ? __x64_compat_sys_ioctl+0x80/0x80 [ 57.260068][ T5066] ? __lock_acquire+0x1f60/0x1f60 [ 57.265078][ T5066] ? slab_free_freelist_hook+0x12e/0x1a0 [ 57.270699][ T5066] ? tomoyo_path_number_perm+0x5af/0x780 [ 57.276325][ T5066] ? __kmem_cache_free+0x71/0x110 [ 57.281336][ T5066] ? tomoyo_path_number_perm+0x629/0x780 [ 57.286962][ T5066] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 57.292412][ T5066] ? _raw_spin_lock_irqsave+0x100/0x100 [ 57.297956][ T5066] ? do_notify_parent+0xe00/0xe00 [ 57.302971][ T5066] ? bpf_lsm_file_ioctl+0x5/0x10 [ 57.307899][ T5066] ? security_file_ioctl+0x9d/0xb0 [ 57.313000][ T5066] ? ext4_fileattr_set+0x1810/0x1810 [ 57.318270][ T5066] __se_sys_ioctl+0xfb/0x170 [ 57.322848][ T5066] do_syscall_64+0x3d/0xb0 [ 57.327256][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.333139][ T5066] RIP: 0033:0x7ff52217bb79 [ 57.337542][ T5066] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.357132][ T5066] RSP: 002b:00007ffca38b40d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.365537][ T5066] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff52217bb79 [ 57.373510][ T5066] RDX: 0000000020000000 RSI: 000000004004662b RDI: 0000000000000004 [ 57.381472][ T5066] RBP: 00007ff52213fd20 R08: 0000000000000000 R09: 0000000000000000 ioctl(4, _IOC(_IOC_WRITE, 0x66, 0x2b, 0x4), 0x20000000) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 57.389431][ T5066] R10: 0000000000000000 R11: 0000000000