====================================================== WARNING: possible circular locking dependency detected 6.2.0-rc8-next-20230220 #1 Not tainted ------------------------------------------------------ syz-executor.4/32889 is trying to acquire lock: ffff88800ffee3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: __jbd2_log_wait_for_space+0x238/0x4b0 but task is already holding lock: ffff88800ffea530 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x1a0/0x640 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (sb_pagefaults){.+.+}-{0:0}: ext4_page_mkwrite+0x1fc/0x1aa0 do_page_mkwrite+0x1a0/0x640 __handle_mm_fault+0x11a9/0x31c0 handle_mm_fault+0x1b8/0x860 do_user_addr_fault+0x512/0x1320 exc_page_fault+0x9c/0x1a0 asm_exc_page_fault+0x26/0x30 -> #2 (&mm->mmap_lock){++++}-{3:3}: down_read+0x3d/0x50 do_user_addr_fault+0xb01/0x1320 exc_page_fault+0x9c/0x1a0 asm_exc_page_fault+0x26/0x30 fault_in_readable+0x147/0x250 fault_in_iov_iter_readable+0x256/0x2c0 generic_perform_write+0x1b4/0x580 ext4_buffered_write_iter+0x164/0x460 ext4_file_write_iter+0x3ff/0x1930 vfs_write+0x9b4/0xdc0 ksys_write+0x12b/0x260 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #1 (&sb->s_type->i_mutex_key#6){++++}-{3:3}: down_read+0x3d/0x50 ext4_bmap+0x52/0x470 bmap+0xb0/0x130 jbd2_journal_bmap+0xac/0x1d0 jbd2_journal_flush+0x87f/0xc90 __ext4_ioctl+0x9fd/0x4330 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #0 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: __lock_acquire+0x2d56/0x6380 lock_acquire.part.0+0xea/0x320 mutex_lock_io_nested+0x149/0x1300 __jbd2_log_wait_for_space+0x238/0x4b0 add_transaction_credits+0xa42/0xb80 start_this_handle+0x3a6/0x14d0 jbd2__journal_start+0x394/0x6b0 __ext4_journal_start_sb+0x4c2/0x6f0 ext4_dirty_inode+0xa5/0x130 __mark_inode_dirty+0x1aa/0xee0 generic_update_time+0x21b/0x2b0 file_update_time+0x22f/0x280 ext4_page_mkwrite+0x2e4/0x1aa0 do_page_mkwrite+0x1a0/0x640 __handle_mm_fault+0x11a9/0x31c0 handle_mm_fault+0x1b8/0x860 do_user_addr_fault+0x512/0x1320 exc_page_fault+0x9c/0x1a0 asm_exc_page_fault+0x26/0x30 other info that might help us debug this: Chain exists of: &journal->j_checkpoint_mutex --> &mm->mmap_lock --> sb_pagefaults Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sb_pagefaults); lock(&mm->mmap_lock); lock(sb_pagefaults); lock(&journal->j_checkpoint_mutex); *** DEADLOCK *** 2 locks held by syz-executor.4/32889: #0: ffff88801a0ba598 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x313/0x1320 #1: ffff88800ffea530 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x1a0/0x640 stack backtrace: CPU: 1 PID: 32889 Comm: syz-executor.4 Not tainted 6.2.0-rc8-next-20230220 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x91/0xf0 check_noncircular+0x263/0x2e0 __lock_acquire+0x2d56/0x6380 lock_acquire.part.0+0xea/0x320 mutex_lock_io_nested+0x149/0x1300 __jbd2_log_wait_for_space+0x238/0x4b0 add_transaction_credits+0xa42/0xb80 start_this_handle+0x3a6/0x14d0 jbd2__journal_start+0x394/0x6b0 __ext4_journal_start_sb+0x4c2/0x6f0 ext4_dirty_inode+0xa5/0x130 __mark_inode_dirty+0x1aa/0xee0 generic_update_time+0x21b/0x2b0 file_update_time+0x22f/0x280 ext4_page_mkwrite+0x2e4/0x1aa0 do_page_mkwrite+0x1a0/0x640 __handle_mm_fault+0x11a9/0x31c0 handle_mm_fault+0x1b8/0x860 do_user_addr_fault+0x512/0x1320 exc_page_fault+0x9c/0x1a0 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x7fc2a0a2b673 Code: 5d c3 0f 1f 44 00 00 48 8b 0d 59 ed 0a 01 48 8b 05 4a ed 0a 01 4c 8d 81 00 00 00 01 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 2c ed 0a 01 c3 52 48 8d 35 77 b7 0b 00 48 89 c2 48 RSP: 002b:00007ffc89d57088 EFLAGS: 00010287 RAX: 0000001b2c420000 RBX: 0000000000000003 RCX: 0000001b2c420000 RDX: 0000001b2c420004 RSI: 00007fc2a0ae800e RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000001b2d420000 R09: 00007ffc89d56cd0 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffc89d57320 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.