====================================================== WARNING: possible circular locking dependency detected 6.1.0-rc5-next-20221117 #1 Not tainted ------------------------------------------------------ syz-executor.6/160984 is trying to acquire lock: ffff888009630170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x162/0x310 but task is already holding lock: ffff88800960eb90 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x17b/0x540 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&sbi->s_writepages_rwsem){++++}-{0:0}: percpu_down_write+0x51/0x350 ext4_ind_migrate+0x23b/0x830 ext4_fileattr_set+0x1452/0x18c0 vfs_fileattr_set+0x780/0xb90 do_vfs_ioctl+0xa6c/0x1af0 __x64_sys_ioctl+0x110/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #2 (&sb->s_type->i_mutex_key#6){++++}-{3:3}: down_read+0x9c/0x450 ext4_bmap+0x52/0x470 bmap+0xb0/0x130 jbd2_journal_bmap+0xac/0x190 jbd2_journal_flush+0x857/0xc10 __ext4_ioctl+0x9b0/0x4340 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: mutex_lock_io_nested+0x14c/0x1330 jbd2_journal_flush+0x19e/0xc10 __ext4_ioctl+0x9b0/0x4340 __x64_sys_ioctl+0x19e/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc -> #0 (&journal->j_barrier){+.+.}-{3:3}: __lock_acquire+0x2a02/0x5e70 lock_acquire+0x1a6/0x530 __mutex_lock+0x136/0x14e0 jbd2_journal_lock_updates+0x162/0x310 ext4_change_inode_journal_flag+0x183/0x540 ext4_fileattr_set+0x142b/0x18c0 vfs_fileattr_set+0x780/0xb90 do_vfs_ioctl+0xa6c/0x1af0 __x64_sys_ioctl+0x110/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc other info that might help us debug this: Chain exists of: &journal->j_barrier --> &sb->s_type->i_mutex_key#6 --> &sbi->s_writepages_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sbi->s_writepages_rwsem); lock(&sb->s_type->i_mutex_key#6); lock(&sbi->s_writepages_rwsem); lock(&journal->j_barrier); *** DEADLOCK *** 4 locks held by syz-executor.6/160984: #0: ffff88800960c438 (sb_writers#3){.+.+}-{0:0}, at: do_vfs_ioctl+0xa2f/0x1af0 #1: ffff88801b770400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_fileattr_set+0x14c/0xb90 #2: ffff88801b7705a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x122/0x540 #3: ffff88800960eb90 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x17b/0x540 stack backtrace: CPU: 1 PID: 160984 Comm: syz-executor.6 Not tainted 6.1.0-rc5-next-20221117 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: dump_stack_lvl+0x8f/0xb7 check_noncircular+0x263/0x2e0 __lock_acquire+0x2a02/0x5e70 lock_acquire+0x1a6/0x530 __mutex_lock+0x136/0x14e0 jbd2_journal_lock_updates+0x162/0x310 ext4_change_inode_journal_flag+0x183/0x540 ext4_fileattr_set+0x142b/0x18c0 vfs_fileattr_set+0x780/0xb90 do_vfs_ioctl+0xa6c/0x1af0 __x64_sys_ioctl+0x110/0x210 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f275a1b9b19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f275772f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f275a2ccf60 RCX: 00007f275a1b9b19 RDX: 0000000020000040 RSI: 0000000040086602 RDI: 0000000000000003 RBP: 00007f275a213f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffccb983fff R14: 00007f275772f300 R15: 0000000000022000 perf: interrupt took too long (10040 > 10032), lowering kernel.perf_event_max_sample_rate to 19000 Bluetooth: hci0: command 0x0406 tx timeout device sit0 entered promiscuous mode device sit0 left promiscuous mode No source specified No source specified device sit0 entered promiscuous mode device sit0 left promiscuous mode device sit0 entered promiscuous mode device sit0 left promiscuous mode No source specified No source specified device sit0 entered promiscuous mode device sit0 left promiscuous mode device sit0 entered promiscuous mode No source specified device sit0 left promiscuous mode netlink: 'syz-executor.1': attribute type 1 has an invalid length. device sit0 entered promiscuous mode device sit0 entered promiscuous mode device sit0 left promiscuous mode device sit0 left promiscuous mode netlink: 'syz-executor.1': attribute type 1 has an invalid length. netlink: 'syz-executor.1': attribute type 1 has an invalid length. netlink: 'syz-executor.1': attribute type 1 has an invalid length. device syz_tun entered promiscuous mode device syz_tun left promiscuous mode device syz_tun entered promiscuous mode device syz_tun left promiscuous mode device syz_tun entered promiscuous mode device syz_tun left promiscuous mode device syz_tun entered promiscuous mode device syz_tun left promiscuous mode 9pnet_virtio: no channels available for device ./file0 9pnet_fd: Insufficient options for proto=fd device syz_tun entered promiscuous mode device syz_tun entered promiscuous mode device syz_tun entered promiscuous mode device syz_tun left promiscuous mode device syz_tun left promiscuous mode 9pnet_virtio: no channels available for device ./file0 device syz_tun left promiscuous mode 9pnet_fd: Insufficient options for proto=fd 9pnet_virtio: no channels available for device ./file0 9pnet_fd: Insufficient options for proto=fd device syz_tun entered promiscuous mode device syz_tun entered promiscuous mode device syz_tun entered promiscuous mode device syz_tun left promiscuous mode device syz_tun left promiscuous mode 9pnet_virtio: no channels available for device ./file0 device syz_tun left promiscuous mode 9pnet_fd: Insufficient options for proto=fd 9pnet_virtio: no channels available for device ./file0 9pnet_fd: Insufficient options for proto=fd 9pnet_virtio: no channels available for device ./file0 9pnet_fd: Insufficient options for proto=fd Bluetooth: hci2: hardware error 0x00 9pnet_virtio: no channels available for device ./file0 9pnet_fd: Insufficient options for proto=fd EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000' EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000' EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000' EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000' Process accounting resumed EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000' EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000' EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000' Bluetooth: hci2: Opcode 0x c03 failed: -110 Bluetooth: hci2: hardware error 0x00 Process accounting resumed EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000' EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000' EXT4-fs: Ignoring removed nomblk_io_submit option ext4: Unknown parameter 'euid>00000000000000000000'