====================================================== WARNING: possible circular locking dependency detected 6.0.0-rc2-next-20220825 #1 Not tainted ------------------------------------------------------ syz-executor.5/31035 is trying to acquire lock: ffff88800bcc0400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: ext4_bmap+0x4e/0x470 but task is already holding lock: ffff88800fed83f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48b/0xc00 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: mutex_lock_io_nested+0x148/0x1310 jbd2_journal_flush+0x19a/0xc00 __ext4_ioctl+0x30c7/0x4090 __x64_sys_ioctl+0x19a/0x210 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd -> #2 (&journal->j_barrier){+.+.}-{3:3}: __mutex_lock+0x136/0x14d0 jbd2_journal_lock_updates+0x15e/0x310 ext4_change_inode_journal_flag+0x17f/0x530 ext4_fileattr_set+0x140d/0x18a0 vfs_fileattr_set+0x77c/0xb80 do_vfs_ioctl+0xfc2/0x1610 __x64_sys_ioctl+0x10c/0x210 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: ext4_writepages+0x1d2/0x3690 do_writepages+0x1b0/0x6a0 filemap_fdatawrite_wbc+0x147/0x1b0 __filemap_fdatawrite_range+0xb6/0x100 filemap_write_and_wait_range+0x89/0x110 __iomap_dio_rw+0x5ed/0x1bd0 iomap_dio_rw+0x3c/0xa0 ext4_file_read_iter+0x268/0x400 generic_file_splice_read+0x187/0x4d0 do_splice_to+0x1bc/0x240 splice_direct_to_actor+0x2ac/0x8c0 do_splice_direct+0x1b8/0x290 do_sendfile+0xb1d/0x1280 __x64_sys_sendfile64+0x1d1/0x210 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd -> #0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}: __lock_acquire+0x2a02/0x5e70 lock_acquire+0x1a2/0x530 down_read+0x98/0x450 ext4_bmap+0x4e/0x470 bmap+0xac/0x120 jbd2_journal_bmap+0xa8/0x180 jbd2_journal_flush+0x853/0xc00 __ext4_ioctl+0x9e9/0x4090 __x64_sys_ioctl+0x19a/0x210 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#6 --> &journal->j_barrier --> &journal->j_checkpoint_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&journal->j_checkpoint_mutex); lock(&journal->j_barrier); lock(&journal->j_checkpoint_mutex); lock(&sb->s_type->i_mutex_key#6); *** DEADLOCK *** 2 locks held by syz-executor.5/31035: #0: ffff88800fed8170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x15e/0x310 #1: ffff88800fed83f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48b/0xc00 stack backtrace: CPU: 1 PID: 31035 Comm: syz-executor.5 Not tainted 6.0.0-rc2-next-20220825 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x8b/0xb3 check_noncircular+0x263/0x2e0 __lock_acquire+0x2a02/0x5e70 lock_acquire+0x1a2/0x530 down_read+0x98/0x450 ext4_bmap+0x4e/0x470 bmap+0xac/0x120 jbd2_journal_bmap+0xa8/0x180 jbd2_journal_flush+0x853/0xc00 __ext4_ioctl+0x9e9/0x4090 __x64_sys_ioctl+0x19a/0x210 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f93befc3b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f93bc539188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f93bf0d6f60 RCX: 00007f93befc3b19 RDX: 0000000020000440 RSI: 000000004004662b RDI: 0000000000000003 RBP: 00007f93bf01df6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff64647e0f R14: 00007f93bc539300 R15: 0000000000022000 cgroup: noprefix used incorrectly cgroup: noprefix used incorrectly cgroup: noprefix used incorrectly cgroup: noprefix used incorrectly device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode tmpfs: Bad value for 'mpol' tmpfs: Bad value for 'mpol' tmpfs: Bad value for 'mpol' tmpfs: Bad value for 'mpol' tmpfs: Bad value for 'mpol' ieee80211 phy53: Selected rate control algorithm 'minstrel_ht' ieee80211 phy54: Selected rate control algorithm 'minstrel_ht' ieee80211 phy55: Selected rate control algorithm 'minstrel_ht' ieee80211 phy56: Selected rate control algorithm 'minstrel_ht' audit: type=1326 audit(1661425653.873:60): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32992 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd628bcbb19 code=0x0 audit: type=1326 audit(1661425654.815:61): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33127 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd628bcbb19 code=0x0 audit: type=1326 audit(1661425654.946:62): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33242 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd75c2e3b19 code=0x0 audit: type=1326 audit(1661425655.791:63): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33362 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd628bcbb19 code=0x0 audit: type=1326 audit(1661425655.893:64): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=33376 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd75c2e3b19 code=0x0