warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow ====================================================== WARNING: possible circular locking dependency detected 6.2.0-rc1-syzkaller #0 Tainted: G W ------------------------------------------------------ syz-executor.1/4731 is trying to acquire lock: ff600000086a8400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:766 [inline] ff600000086a8400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_bmap+0x40/0x250 fs/ext4/inode.c:3243 but task is already holding lock: ff6000001250c3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x376/0x800 fs/jbd2/journal.c:2474 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 __mutex_lock_common kernel/locking/mutex.c:603 [inline] mutex_lock_io_nested+0x120/0xa4e kernel/locking/mutex.c:833 jbd2_journal_flush+0x158/0x800 fs/jbd2/journal.c:2464 ext4_ioctl_checkpoint fs/ext4/ioctl.c:1082 [inline] __ext4_ioctl+0x2542/0x3330 fs/ext4/ioctl.c:1590 ext4_ioctl+0x26/0x34 fs/ext4/ioctl.c:1610 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] sys_ioctl+0x112/0x14c fs/ioctl.c:856 ret_from_syscall+0x0/0x2 -> #2 (&journal->j_barrier){+.+.}-{3:3}: lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x114/0xb42 kernel/locking/mutex.c:747 mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:799 jbd2_journal_lock_updates+0x154/0x28a fs/jbd2/transaction.c:904 ext4_change_inode_journal_flag+0x114/0x342 fs/ext4/inode.c:6158 ext4_ioctl_setflags fs/ext4/ioctl.c:687 [inline] ext4_fileattr_set+0xe60/0xfda fs/ext4/ioctl.c:1004 vfs_fileattr_set+0x480/0x616 fs/ioctl.c:696 ioctl_fssetxattr fs/ioctl.c:758 [inline] do_vfs_ioctl+0x854/0x151c fs/ioctl.c:845 __do_sys_ioctl fs/ioctl.c:868 [inline] sys_ioctl+0xc4/0x14c fs/ioctl.c:856 ret_from_syscall+0x0/0x2 -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 percpu_down_write+0x4e/0x1d4 kernel/locking/percpu-rwsem.c:227 ext4_ind_migrate+0x122/0x424 fs/ext4/migrate.c:624 ext4_ioctl_setflags fs/ext4/ioctl.c:696 [inline] ext4_fileattr_set+0xe86/0xfda fs/ext4/ioctl.c:1004 vfs_fileattr_set+0x480/0x616 fs/ioctl.c:696 ioctl_fssetxattr fs/ioctl.c:758 [inline] do_vfs_ioctl+0x854/0x151c fs/ioctl.c:845 __do_sys_ioctl fs/ioctl.c:868 [inline] sys_ioctl+0xc4/0x14c fs/ioctl.c:856 ret_from_syscall+0x0/0x2 -> #0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2177 check_prev_add kernel/locking/lockdep.c:3097 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain kernel/locking/lockdep.c:3831 [inline] __lock_acquire+0x198a/0x347a kernel/locking/lockdep.c:5055 lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 down_read+0x3c/0x54 kernel/locking/rwsem.c:1509 inode_lock_shared include/linux/fs.h:766 [inline] ext4_bmap+0x40/0x250 fs/ext4/inode.c:3243 bmap+0x5a/0x84 fs/inode.c:1798 jbd2_journal_bmap+0xb4/0x18c fs/jbd2/journal.c:977 __jbd2_journal_erase fs/jbd2/journal.c:1789 [inline] jbd2_journal_flush+0x5f6/0x800 fs/jbd2/journal.c:2492 ext4_ioctl_checkpoint fs/ext4/ioctl.c:1082 [inline] __ext4_ioctl+0x2542/0x3330 fs/ext4/ioctl.c:1590 ext4_ioctl+0x26/0x34 fs/ext4/ioctl.c:1610 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] sys_ioctl+0x112/0x14c fs/ioctl.c:856 ret_from_syscall+0x0/0x2 other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#8 --> &journal->j_barrier --> &journal->j_checkpoint_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&journal->j_checkpoint_mutex); lock(&journal->j_barrier); lock(&journal->j_checkpoint_mutex); lock(&sb->s_type->i_mutex_key#8); *** DEADLOCK *** 2 locks held by syz-executor.1/4731: #0: ff6000001250c170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x154/0x28a fs/jbd2/transaction.c:904 #1: ff6000001250c3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x376/0x800 fs/jbd2/journal.c:2474 stack backtrace: CPU: 1 PID: 4731 Comm: syz-executor.1 Tainted: G W 6.2.0-rc1-syzkaller #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:121 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:127 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe0/0x14c lib/dump_stack.c:106 [] dump_stack+0x1c/0x24 lib/dump_stack.c:113 [] print_circular_bug+0x370/0x3fa kernel/locking/lockdep.c:2055 [] check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2177 [] check_prev_add kernel/locking/lockdep.c:3097 [inline] [] check_prevs_add kernel/locking/lockdep.c:3216 [inline] [] validate_chain kernel/locking/lockdep.c:3831 [inline] [] __lock_acquire+0x198a/0x347a kernel/locking/lockdep.c:5055 [] lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 [] lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 [] down_read+0x3c/0x54 kernel/locking/rwsem.c:1509 [] inode_lock_shared include/linux/fs.h:766 [inline] [] ext4_bmap+0x40/0x250 fs/ext4/inode.c:3243 [] bmap+0x5a/0x84 fs/inode.c:1798 [] jbd2_journal_bmap+0xb4/0x18c fs/jbd2/journal.c:977 [] __jbd2_journal_erase fs/jbd2/journal.c:1789 [inline] [] jbd2_journal_flush+0x5f6/0x800 fs/jbd2/journal.c:2492 [] ext4_ioctl_checkpoint fs/ext4/ioctl.c:1082 [inline] [] __ext4_ioctl+0x2542/0x3330 fs/ext4/ioctl.c:1590 [] ext4_ioctl+0x26/0x34 fs/ext4/ioctl.c:1610 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:870 [inline] [] sys_ioctl+0x112/0x14c fs/ioctl.c:856 [] ret_from_syscall+0x0/0x2