====================================================== WARNING: possible circular locking dependency detected 6.2.0-rc5-next-20230123 #1 Not tainted ------------------------------------------------------ syz-executor.7/9901 is trying to acquire lock: ffff88800b5b0400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: ext4_bmap+0x52/0x470 but task is already holding lock: ffff88800fff43f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48f/0xc10 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: mutex_lock_io_nested+0x14c/0x1300 jbd2_journal_flush+0x19e/0xc10 __ext4_ioctl+0x9fd/0x42a0 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #2 (&journal->j_barrier){+.+.}-{3:3}: __mutex_lock+0x136/0x14c0 jbd2_journal_lock_updates+0x162/0x310 ext4_change_inode_journal_flag+0x187/0x550 ext4_fileattr_set+0x14fa/0x19f0 vfs_fileattr_set+0x7a2/0xbd0 do_vfs_ioctl+0xfc1/0x1610 __x64_sys_ioctl+0x110/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: ext4_writepages+0x1a9/0x5f0 do_writepages+0x1ad/0x650 filemap_fdatawrite_wbc+0x14b/0x1b0 __filemap_fdatawrite_range+0xba/0x100 filemap_write_and_wait_range+0xa5/0x130 __iomap_dio_rw+0x5ea/0x1bf0 iomap_dio_rw+0x40/0xa0 ext4_file_write_iter+0xb5d/0x1930 do_iter_readv_writev+0x211/0x3c0 do_iter_write+0x18b/0x700 vfs_iter_write+0x74/0xb0 iter_file_splice_write+0x73e/0xcb0 direct_splice_actor+0x113/0x180 splice_direct_to_actor+0x33a/0x8c0 do_splice_direct+0x1bc/0x290 do_sendfile+0xb1d/0x12c0 __x64_sys_sendfile64+0x1d5/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}: __lock_acquire+0x2a52/0x5e90 lock_acquire.part.0+0x120/0x340 down_read+0x9c/0x450 ext4_bmap+0x52/0x470 bmap+0xb0/0x130 jbd2_journal_bmap+0xac/0x190 jbd2_journal_flush+0x860/0xc10 __ext4_ioctl+0x9fd/0x42a0 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#6 --> &journal->j_barrier --> &journal->j_checkpoint_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&journal->j_checkpoint_mutex); lock(&journal->j_barrier); lock(&journal->j_checkpoint_mutex); rlock(&sb->s_type->i_mutex_key#6); *** DEADLOCK *** 2 locks held by syz-executor.7/9901: #0: ffff88800fff4170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x162/0x310 #1: ffff88800fff43f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48f/0xc10 stack backtrace: CPU: 0 PID: 9901 Comm: syz-executor.7 Not tainted 6.2.0-rc5-next-20230123 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x8f/0xb7 check_noncircular+0x263/0x2e0 __lock_acquire+0x2a52/0x5e90 lock_acquire.part.0+0x120/0x340 down_read+0x9c/0x450 ext4_bmap+0x52/0x470 bmap+0xb0/0x130 jbd2_journal_bmap+0xac/0x190 jbd2_journal_flush+0x860/0xc10 __ext4_ioctl+0x9fd/0x42a0 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f8fbc1efb19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8fb9744188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f8fbc303020 RCX: 00007f8fbc1efb19 RDX: 0000000020000340 RSI: 000000004004662b RDI: 0000000000000006 RBP: 00007f8fbc249f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc05aae17f R14: 00007f8fb9744300 R15: 0000000000022000 9pnet_fd: Insufficient options for proto=fd 9pnet_fd: Insufficient options for proto=fd 9pnet_fd: Insufficient options for proto=fd 9pnet_fd: Insufficient options for proto=fd 9pnet_fd: Insufficient options for proto=fd Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 Bluetooth: hci6: Injecting HCI hardware error event Bluetooth: hci6: hardware error 0x00 Bluetooth: hci6: Opcode 0x c03 failed: -110 capability: warning: `syz-executor.1' uses 32-bit capabilities (legacy support in use) tmpfs: Bad value for 'gid' tmpfs: Bad value for 'gid' tmpfs: Bad value for 'gid' tmpfs: Bad value for 'gid' tmpfs: Bad value for 'gid' audit: type=1400 audit(1674474111.835:28): avc: denied { relabelfrom } for pid=10372 comm="syz-executor.7" name="" dev="pipefs" ino=32674 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. ext2: Bad value for 'auto_da_alloc' ext2: Bad value for 'auto_da_alloc' netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.7'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.6'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.