====================================================== WARNING: possible circular locking dependency detected 6.2.0-rc6-next-20230131 #1 Not tainted ------------------------------------------------------ syz-executor.4/40012 is trying to acquire lock: ffff88800fe363f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: __jbd2_log_wait_for_space+0x238/0x4b0 but task is already holding lock: ffff88803a0d2bc0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_unlink+0xd9/0x930 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&sb->s_type->i_mutex_key#6){++++}-{3:3}: down_read+0x3d/0x50 ext4_bmap+0x52/0x470 bmap+0xb0/0x130 jbd2_journal_bmap+0xac/0x1d0 jbd2_journal_flush+0x87f/0xc90 __ext4_ioctl+0x9fd/0x4330 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #0 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: __lock_acquire+0x2da7/0x63b0 lock_acquire.part.0+0xec/0x320 mutex_lock_io_nested+0x149/0x1300 __jbd2_log_wait_for_space+0x238/0x4b0 add_transaction_credits+0xa42/0xb80 start_this_handle+0x3a6/0x14d0 jbd2__journal_start+0x394/0x6b0 __ext4_journal_start_sb+0x4c2/0x6f0 __ext4_unlink+0x44e/0xcf0 ext4_unlink+0x3ac/0x640 vfs_unlink+0x35e/0x930 do_unlinkat+0x3b9/0x650 __x64_sys_unlink+0xca/0x110 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sb->s_type->i_mutex_key#6); lock(&journal->j_checkpoint_mutex); lock(&sb->s_type->i_mutex_key#6); lock(&journal->j_checkpoint_mutex); *** DEADLOCK *** 3 locks held by syz-executor.4/40012: #0: ffff88800fe32438 (sb_writers#3){.+.+}-{0:0}, at: do_unlinkat+0x190/0x650 #1: ffff88803a0d35b0 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: do_unlinkat+0x280/0x650 #2: ffff88803a0d2bc0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_unlink+0xd9/0x930 stack backtrace: CPU: 0 PID: 40012 Comm: syz-executor.4 Not tainted 6.2.0-rc6-next-20230131 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x91/0xf0 check_noncircular+0x263/0x2e0 __lock_acquire+0x2da7/0x63b0 lock_acquire.part.0+0xec/0x320 mutex_lock_io_nested+0x149/0x1300 __jbd2_log_wait_for_space+0x238/0x4b0 add_transaction_credits+0xa42/0xb80 start_this_handle+0x3a6/0x14d0 jbd2__journal_start+0x394/0x6b0 __ext4_journal_start_sb+0x4c2/0x6f0 __ext4_unlink+0x44e/0xcf0 ext4_unlink+0x3ac/0x640 vfs_unlink+0x35e/0x930 do_unlinkat+0x3b9/0x650 __x64_sys_unlink+0xca/0x110 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f5efd652457 Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffda058a648 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5efd652457 RDX: 00007ffda058a680 RSI: 00007ffda058a680 RDI: 00007ffda058a710 RBP: 00007ffda058a710 R08: 0000000000000001 R09: 00007ffda058a4e0 R10: 00005555570a5c7b R11: 0000000000000206 R12: 00007f5efd6ac105 R13: 00007ffda058b7d0 R14: 00005555570a5c20 R15: 00007ffda058b810 device syz_tun entered promiscuous mode device syz_tun left promiscuous mode device syz_tun entered promiscuous mode device syz_tun left promiscuous mode netlink: 4436 bytes leftover after parsing attributes in process `syz-executor.7'. netlink: 4436 bytes leftover after parsing attributes in process `syz-executor.7'. netlink: 4436 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 4436 bytes leftover after parsing attributes in process `syz-executor.7'. netlink: 4436 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 4436 bytes leftover after parsing attributes in process `syz-executor.7'. netlink: 4436 bytes leftover after parsing attributes in process `syz-executor.5'. ieee80211 phy204: Selected rate control algorithm 'minstrel_ht' ieee80211 phy205: Selected rate control algorithm 'minstrel_ht' ieee80211 phy206: Selected rate control algorithm 'minstrel_ht' ieee80211 phy207: Selected rate control algorithm 'minstrel_ht' ieee80211 phy208: Selected rate control algorithm 'minstrel_ht' ieee80211 phy209: Selected rate control algorithm 'minstrel_ht' ieee80211 phy210: Selected rate control algorithm 'minstrel_ht' ieee80211 phy211: Selected rate control algorithm 'minstrel_ht' netlink: 'syz-executor.1': attribute type 4 has an invalid length. device sit0 entered promiscuous mode device sit0 left promiscuous mode netlink: 'syz-executor.2': attribute type 4 has an invalid length. netlink: 'syz-executor.1': attribute type 4 has an invalid length. netlink: 'syz-executor.3': attribute type 4 has an invalid length. device sit0 entered promiscuous mode device sit0 left promiscuous mode netlink: 'syz-executor.2': attribute type 4 has an invalid length. netlink: 'syz-executor.1': attribute type 4 has an invalid length. device sit0 entered promiscuous mode device sit0 left promiscuous mode netlink: 'syz-executor.3': attribute type 4 has an invalid length. device sit0 entered promiscuous mode device sit0 left promiscuous mode netlink: 'syz-executor.1': attribute type 4 has an invalid length. netlink: 'syz-executor.2': attribute type 4 has an invalid length. netlink: 'syz-executor.3': attribute type 4 has an invalid length. device sit0 entered promiscuous mode device sit0 left promiscuous mode device sit0 entered promiscuous mode device sit0 left promiscuous mode device sit0 entered promiscuous mode device sit0 left promiscuous mode