warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow ====================================================== WARNING: possible circular locking dependency detected 6.2.0-rc1-syzkaller #0 Tainted: G W ------------------------------------------------------ syz-executor.0/10835 is trying to acquire lock: ff600000114c8400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:766 [inline] ff600000114c8400 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_bmap+0x40/0x250 fs/ext4/inode.c:3243 but task is already holding lock: ff600000124da3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x376/0x800 fs/jbd2/journal.c:2474 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}: lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 __mutex_lock_common kernel/locking/mutex.c:603 [inline] mutex_lock_io_nested+0x120/0xa4e kernel/locking/mutex.c:833 jbd2_journal_flush+0x158/0x800 fs/jbd2/journal.c:2464 ext4_ioctl_checkpoint fs/ext4/ioctl.c:1082 [inline] __ext4_ioctl+0x2542/0x3330 fs/ext4/ioctl.c:1590 ext4_ioctl+0x26/0x34 fs/ext4/ioctl.c:1610 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] sys_ioctl+0x112/0x14c fs/ioctl.c:856 ret_from_syscall+0x0/0x2 -> #2 (&journal->j_barrier){+.+.}-{3:3}: lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x114/0xb42 kernel/locking/mutex.c:747 mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:799 jbd2_journal_lock_updates+0x154/0x28a fs/jbd2/transaction.c:904 ext4_change_inode_journal_flag+0x114/0x342 fs/ext4/inode.c:6158 ext4_ioctl_setflags fs/ext4/ioctl.c:687 [inline] ext4_fileattr_set+0xe60/0xfda fs/ext4/ioctl.c:1004 vfs_fileattr_set+0x480/0x616 fs/ioctl.c:696 ioctl_fssetxattr fs/ioctl.c:758 [inline] do_vfs_ioctl+0x854/0x151c fs/ioctl.c:845 __do_sys_ioctl fs/ioctl.c:868 [inline] sys_ioctl+0xc4/0x14c fs/ioctl.c:856 ret_from_syscall+0x0/0x2 -> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}: lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] ext4_writepages+0x15e/0x3ce fs/ext4/inode.c:2964 do_writepages+0x16e/0x452 mm/page-writeback.c:2581 filemap_fdatawrite_wbc mm/filemap.c:388 [inline] filemap_fdatawrite_wbc+0xea/0x10e mm/filemap.c:378 __filemap_fdatawrite_range+0xe4/0x11e mm/filemap.c:421 filemap_write_and_wait_range mm/filemap.c:674 [inline] filemap_write_and_wait_range+0x9a/0xf0 mm/filemap.c:665 __iomap_dio_rw+0x3fc/0x12c8 fs/iomap/direct-io.c:572 iomap_dio_rw+0x3e/0x9c fs/iomap/direct-io.c:689 ext4_dio_read_iter fs/ext4/file.c:94 [inline] ext4_file_read_iter+0x200/0x2ba fs/ext4/file.c:145 call_read_iter include/linux/fs.h:2180 [inline] generic_file_splice_read+0x114/0x2aa fs/splice.c:309 do_splice_to+0xea/0x140 fs/splice.c:793 splice_direct_to_actor+0x19a/0x464 fs/splice.c:865 do_splice_direct+0x14c/0x1ca fs/splice.c:974 do_sendfile+0x73c/0x832 fs/read_write.c:1255 __do_sys_sendfile64 fs/read_write.c:1323 [inline] sys_sendfile64+0x21e/0x234 fs/read_write.c:1309 ret_from_syscall+0x0/0x2 -> #0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2177 check_prev_add kernel/locking/lockdep.c:3097 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain kernel/locking/lockdep.c:3831 [inline] __lock_acquire+0x198a/0x347a kernel/locking/lockdep.c:5055 lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 down_read+0x3c/0x54 kernel/locking/rwsem.c:1509 inode_lock_shared include/linux/fs.h:766 [inline] ext4_bmap+0x40/0x250 fs/ext4/inode.c:3243 bmap+0x5a/0x84 fs/inode.c:1798 jbd2_journal_bmap+0xb4/0x18c fs/jbd2/journal.c:977 __jbd2_journal_erase fs/jbd2/journal.c:1789 [inline] jbd2_journal_flush+0x5f6/0x800 fs/jbd2/journal.c:2492 ext4_ioctl_checkpoint fs/ext4/ioctl.c:1082 [inline] __ext4_ioctl+0x2542/0x3330 fs/ext4/ioctl.c:1590 ext4_ioctl+0x26/0x34 fs/ext4/ioctl.c:1610 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] sys_ioctl+0x112/0x14c fs/ioctl.c:856 ret_from_syscall+0x0/0x2 other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#8 --> &journal->j_barrier --> &journal->j_checkpoint_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&journal->j_checkpoint_mutex); lock(&journal->j_barrier); lock(&journal->j_checkpoint_mutex); lock(&sb->s_type->i_mutex_key#8); *** DEADLOCK *** 2 locks held by syz-executor.0/10835: #0: ff600000124da170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x154/0x28a fs/jbd2/transaction.c:904 #1: ff600000124da3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x376/0x800 fs/jbd2/journal.c:2474 stack backtrace: CPU: 0 PID: 10835 Comm: syz-executor.0 Tainted: G W 6.2.0-rc1-syzkaller #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:121 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:127 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe0/0x14c lib/dump_stack.c:106 [] dump_stack+0x1c/0x24 lib/dump_stack.c:113 [] print_circular_bug+0x370/0x3fa kernel/locking/lockdep.c:2055 [] check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2177 [] check_prev_add kernel/locking/lockdep.c:3097 [inline] [] check_prevs_add kernel/locking/lockdep.c:3216 [inline] [] validate_chain kernel/locking/lockdep.c:3831 [inline] [] __lock_acquire+0x198a/0x347a kernel/locking/lockdep.c:5055 [] lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5668 [] lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5641 [] down_read+0x3c/0x54 kernel/locking/rwsem.c:1509 [] inode_lock_shared include/linux/fs.h:766 [inline] [] ext4_bmap+0x40/0x250 fs/ext4/inode.c:3243 [] bmap+0x5a/0x84 fs/inode.c:1798 [] jbd2_journal_bmap+0xb4/0x18c fs/jbd2/journal.c:977 [] __jbd2_journal_erase fs/jbd2/journal.c:1789 [inline] [] jbd2_journal_flush+0x5f6/0x800 fs/jbd2/journal.c:2492 [] ext4_ioctl_checkpoint fs/ext4/ioctl.c:1082 [inline] [] __ext4_ioctl+0x2542/0x3330 fs/ext4/ioctl.c:1590 [] ext4_ioctl+0x26/0x34 fs/ext4/ioctl.c:1610 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:870 [inline] [] sys_ioctl+0x112/0x14c fs/ioctl.c:856 [] ret_from_syscall+0x0/0x2