warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow Bluetooth: hci5: ACL packet for unknown connection handle 0 ====================================================== WARNING: possible circular locking dependency detected 6.1.0-rc3-next-20221107 #1 Not tainted ------------------------------------------------------ syz-executor.0/59496 is trying to acquire lock: ffff88800bcf8400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: ext4_bmap+0x52/0x470 but task is already holding lock: ffff88800faa83f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48f/0xc10 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: mutex_lock_io_nested+0x14c/0x1330 jbd2_journal_flush+0x19e/0xc10 __ext4_ioctl+0x9c1/0x4140 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #2 (&journal->j_barrier){+.+.}-{3:3}: __mutex_lock+0x136/0x14e0 jbd2_journal_lock_updates+0x162/0x310 ext4_change_inode_journal_flag+0x183/0x540 ext4_fileattr_set+0x142b/0x18c0 vfs_fileattr_set+0x780/0xb90 do_vfs_ioctl+0xfa6/0x15d0 __x64_sys_ioctl+0x110/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: ext4_writepages+0x1d6/0x3690 do_writepages+0x1b4/0x6a0 filemap_fdatawrite_wbc+0x14b/0x1b0 __filemap_fdatawrite_range+0xba/0x100 filemap_write_and_wait_range+0x8d/0x110 __iomap_dio_rw+0x5f1/0x1bd0 iomap_dio_rw+0x40/0xa0 ext4_file_read_iter+0x2f4/0x4a0 generic_file_splice_read+0x18b/0x4d0 do_splice_to+0x1bc/0x240 splice_direct_to_actor+0x2b0/0x8c0 do_splice_direct+0x1bc/0x290 do_sendfile+0xb1d/0x1280 __x64_sys_sendfile64+0x1d5/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}: __lock_acquire+0x2a02/0x5e70 lock_acquire+0x1a6/0x530 down_read+0x9c/0x450 ext4_bmap+0x52/0x470 bmap+0xb0/0x130 jbd2_journal_bmap+0xac/0x190 jbd2_journal_flush+0x857/0xc10 __ext4_ioctl+0x9c1/0x4140 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#6 --> &journal->j_barrier --> &journal->j_checkpoint_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&journal->j_checkpoint_mutex); lock(&journal->j_barrier); lock(&journal->j_checkpoint_mutex); lock(&sb->s_type->i_mutex_key#6); *** DEADLOCK *** 2 locks held by syz-executor.0/59496: #0: ffff88800faa8170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x162/0x310 #1: ffff88800faa83f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48f/0xc10 stack backtrace: CPU: 1 PID: 59496 Comm: syz-executor.0 Not tainted 6.1.0-rc3-next-20221107 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x8f/0xb7 check_noncircular+0x263/0x2e0 __lock_acquire+0x2a02/0x5e70 lock_acquire+0x1a6/0x530 down_read+0x9c/0x450 ext4_bmap+0x52/0x470 bmap+0xb0/0x130 jbd2_journal_bmap+0xac/0x190 jbd2_journal_flush+0x857/0xc10 __ext4_ioctl+0x9c1/0x4140 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7faa6024ab19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007faa5d7c0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007faa6035df60 RCX: 00007faa6024ab19 RDX: 0000000020000340 RSI: 000000004004662b RDI: 0000000000000005 RBP: 00007faa602a4f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdd5b8f33f R14: 00007faa5d7c0300 R15: 0000000000022000 Bluetooth: hci3: Opcode 0x c03 failed: -110 device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode Bluetooth: hci5: command 0x0406 tx timeout audit: type=1400 audit(2000000245.160:40): avc: denied { relabelto } for pid=60924 comm="syz-executor.3" name="PACKET" dev="sockfs" ino=55798 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:devicekit_disk_exec_t:s0 tclass=packet_socket permissive=1 platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 syz_tun: refused to change device tx_queue_len syz_tun: refused to change device tx_queue_len syz_tun: refused to change device tx_queue_len syz_tun: refused to change device tx_queue_len Bluetooth: hci7: ACL packet for unknown connection handle 0 Bluetooth: hci7: ACL packet for unknown connection handle 0