netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
tmpfs: Bad value for 'mpol'
======================================================
WARNING: possible circular locking dependency detected
6.2.0-rc8-next-20230216 #1 Not tainted
------------------------------------------------------
syz-executor.2/9061 is trying to acquire lock:
ffff88800b578400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: ext4_bmap+0x52/0x470

but task is already holding lock:
ffff88800fece3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x483/0xc90

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       mutex_lock_io_nested+0x149/0x1300
       jbd2_journal_flush+0x19e/0xc90
       ext4_change_inode_journal_flag+0x39d/0x550
       ext4_fileattr_set+0x14fa/0x19f0
       vfs_fileattr_set+0x7a2/0xbd0
       do_vfs_ioctl+0xfc1/0x1690
       __x64_sys_ioctl+0x110/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #2 (&journal->j_barrier){+.+.}-{3:3}:
       __mutex_lock+0x133/0x14a0
       jbd2_journal_lock_updates+0x162/0x310
       ext4_change_inode_journal_flag+0x187/0x550
       ext4_fileattr_set+0x14fa/0x19f0
       vfs_fileattr_set+0x7a2/0xbd0
       do_vfs_ioctl+0xfc1/0x1690
       __x64_sys_ioctl+0x110/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #1 (&sbi->s_writepages_rwsem){++++}-{0:0}:
       percpu_down_write+0x51/0x350
       ext4_ind_migrate+0x23b/0x840
       ext4_fileattr_set+0x1521/0x19f0
       vfs_fileattr_set+0x7a2/0xbd0
       do_vfs_ioctl+0xfc1/0x1690
       __x64_sys_ioctl+0x110/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       __lock_acquire+0x2da7/0x63b0
       lock_acquire.part.0+0xec/0x320
       down_read+0x3d/0x50
       ext4_bmap+0x52/0x470
       bmap+0xb0/0x130
       jbd2_journal_bmap+0xac/0x1d0
       jbd2_journal_flush+0x87f/0xc90
       __ext4_ioctl+0x9fd/0x4330
       __x64_sys_ioctl+0x19e/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

other info that might help us debug this:

Chain exists of:
  &sb->s_type->i_mutex_key#6 --> &journal->j_barrier --> &journal->j_checkpoint_mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&journal->j_checkpoint_mutex);
                               lock(&journal->j_barrier);
                               lock(&journal->j_checkpoint_mutex);
  rlock(&sb->s_type->i_mutex_key#6);

 *** DEADLOCK ***

2 locks held by syz-executor.2/9061:
 #0: ffff88800fece170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x162/0x310
 #1: ffff88800fece3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x483/0xc90

stack backtrace:
CPU: 1 PID: 9061 Comm: syz-executor.2 Not tainted 6.2.0-rc8-next-20230216 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x91/0xf0
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2da7/0x63b0
 lock_acquire.part.0+0xec/0x320
 down_read+0x3d/0x50
 ext4_bmap+0x52/0x470
 bmap+0xb0/0x130
 jbd2_journal_bmap+0xac/0x1d0
 jbd2_journal_flush+0x87f/0xc90
 __ext4_ioctl+0x9fd/0x4330
 __x64_sys_ioctl+0x19e/0x210
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7ff621314b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff61e88a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff621427f60 RCX: 00007ff621314b19
RDX: 0000000020000340 RSI: 000000004004662b RDI: 0000000000000006
RBP: 00007ff62136ef6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffef2d71d4f R14: 00007ff61e88a300 R15: 0000000000022000
 </TASK>
netlink: 'syz-executor.0': attribute type 3 has an invalid length.
netlink: 'syz-executor.0': attribute type 3 has an invalid length.
tmpfs: Bad value for 'mpol'
tmpfs: Bad value for 'mpol'
tmpfs: Bad value for 'mpol'
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
tmpfs: Bad value for 'mpol'
netlink: 'syz-executor.0': attribute type 3 has an invalid length.
tmpfs: Bad value for 'mpol'
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
tmpfs: Bad value for 'mpol'
tmpfs: Bad value for 'mpol'
netlink: 'syz-executor.0': attribute type 3 has an invalid length.
netlink: 'syz-executor.4': attribute type 3 has an invalid length.
netlink: 'syz-executor.0': attribute type 3 has an invalid length.
netlink: 'syz-executor.4': attribute type 3 has an invalid length.
netlink: 'syz-executor.6': attribute type 3 has an invalid length.
netlink: 'syz-executor.6': attribute type 3 has an invalid length.
netlink: 'syz-executor.4': attribute type 3 has an invalid length.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
device lo entered promiscuous mode
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
device lo entered promiscuous mode
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
device lo left promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
/dev/sr0: Can't open blockdev