====================================================== WARNING: possible circular locking dependency detected 6.2.0-rc7-next-20230213 #1 Not tainted ------------------------------------------------------ syz-executor.4/4622 is trying to acquire lock: ffff88800fe08170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x162/0x310 but task is already holding lock: ffff88800f8e6b90 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x17f/0x550 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (&sbi->s_writepages_rwsem){++++}-{0:0}: percpu_down_write+0x51/0x350 ext4_change_inode_journal_flag+0x17f/0x550 ext4_fileattr_set+0x14fa/0x19f0 vfs_fileattr_set+0x7a2/0xbd0 do_vfs_ioctl+0xfc1/0x1690 __x64_sys_ioctl+0x110/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #3 (mapping.invalidate_lock){++++}-{3:3}: down_write+0x92/0x1f0 ext4_setattr+0xb72/0x2490 notify_change+0xb90/0x11d0 do_truncate+0x143/0x200 do_sys_ftruncate+0x543/0x770 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #2 (&sb->s_type->i_mutex_key#6){++++}-{3:3}: down_read+0x3d/0x50 ext4_bmap+0x52/0x470 bmap+0xb0/0x130 jbd2_journal_bmap+0xac/0x1d0 jbd2_journal_flush+0x87f/0xc90 __ext4_ioctl+0x9fd/0x4330 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: mutex_lock_io_nested+0x149/0x1300 jbd2_journal_flush+0x19e/0xc90 ext4_ioctl_group_add+0x2b3/0x580 __ext4_ioctl+0x6cc/0x4330 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #0 (&journal->j_barrier){+.+.}-{3:3}: __lock_acquire+0x2da7/0x63b0 lock_acquire.part.0+0xec/0x320 __mutex_lock+0x133/0x14a0 jbd2_journal_lock_updates+0x162/0x310 ext4_change_inode_journal_flag+0x187/0x550 ext4_fileattr_set+0x14fa/0x19f0 vfs_fileattr_set+0x7a2/0xbd0 do_vfs_ioctl+0xfc1/0x1690 __x64_sys_ioctl+0x110/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc other info that might help us debug this: Chain exists of: &journal->j_barrier --> mapping.invalidate_lock --> &sbi->s_writepages_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sbi->s_writepages_rwsem); lock(mapping.invalidate_lock); lock(&sbi->s_writepages_rwsem); lock(&journal->j_barrier); *** DEADLOCK *** 4 locks held by syz-executor.4/4622: #0: ffff88800f8e4438 (sb_writers#3){.+.+}-{0:0}, at: do_vfs_ioctl+0xf86/0x1690 #1: ffff88804285d380 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_fileattr_set+0x14c/0xbd0 #2: ffff88804285d520 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x126/0x550 #3: ffff88800f8e6b90 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x17f/0x550 stack backtrace: CPU: 0 PID: 4622 Comm: syz-executor.4 Not tainted 6.2.0-rc7-next-20230213 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x91/0xf0 check_noncircular+0x263/0x2e0 __lock_acquire+0x2da7/0x63b0 lock_acquire.part.0+0xec/0x320 __mutex_lock+0x133/0x14a0 jbd2_journal_lock_updates+0x162/0x310 ext4_change_inode_journal_flag+0x187/0x550 ext4_fileattr_set+0x14fa/0x19f0 vfs_fileattr_set+0x7a2/0xbd0 do_vfs_ioctl+0xfc1/0x1690 __x64_sys_ioctl+0x110/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f7b4dc41b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7b4b196188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f7b4dd55020 RCX: 00007f7b4dc41b19 RDX: 0000000020000040 RSI: 0000000040086602 RDI: 0000000000000005 RBP: 00007f7b4dc9bf6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd8e5150df R14: 00007f7b4b196300 R15: 0000000000022000 process 'syz-executor.7' launched '/dev/fd/-1/./file1' with NULL argv: empty string added netlink: 'syz-executor.4': attribute type 11 has an invalid length. netlink: 'syz-executor.5': attribute type 11 has an invalid length. netlink: 'syz-executor.3': attribute type 11 has an invalid length. syz-executor.4 (4757) used greatest stack depth: 23512 bytes left netlink: 'syz-executor.5': attribute type 11 has an invalid length. netlink: 'syz-executor.4': attribute type 11 has an invalid length. netlink: 'syz-executor.3': attribute type 11 has an invalid length. netlink: 96 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 96 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 96 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 96 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 96 bytes leftover after parsing attributes in process `syz-executor.0'. ======================================================= WARNING: The mand mount option has been deprecated and and is ignored by this kernel. Remove the mand option from the mount to silence this warning. ======================================================= EXT4-fs warning (device sda): verify_group_input:150: Cannot add at group 0 (only 16 groups) EXT4-fs (sda): re-mounted 7b5d9a40-9011-49ec-8035-27953f97a4d8. Quota mode: none.