======================================================
WARNING: possible circular locking dependency detected
6.0.0-rc1-next-20220817 #1 Not tainted
------------------------------------------------------
syz-executor.1/6274 is trying to acquire lock:
ffff88800ffc8170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x15e/0x310

but task is already holding lock:
ffff88800ffbebd0 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x177/0x530

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&sbi->s_writepages_rwsem){++++}-{0:0}:
       ext4_writepages+0x1d2/0x3690
       do_writepages+0x1b0/0x6a0
       filemap_fdatawrite_wbc+0x147/0x1b0
       __filemap_fdatawrite_range+0xb6/0x100
       filemap_write_and_wait_range+0x89/0x110
       __iomap_dio_rw+0x5ed/0x1bd0
       iomap_dio_rw+0x3c/0xa0
       ext4_file_read_iter+0x268/0x400
       generic_file_splice_read+0x187/0x4d0
       do_splice_to+0x1bc/0x240
       splice_direct_to_actor+0x2ac/0x8c0
       do_splice_direct+0x1b8/0x290
       do_sendfile+0xb1d/0x1280
       __x64_sys_sendfile64+0x1d1/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #2 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       down_read+0x98/0x450
       ext4_bmap+0x4e/0x470
       bmap+0xac/0x120
       jbd2_journal_bmap+0xa8/0x180
       jbd2_journal_flush+0x853/0xc00
       __ext4_ioctl+0x9e9/0x4090
       __x64_sys_ioctl+0x19a/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       mutex_lock_io_nested+0x148/0x1310
       jbd2_journal_flush+0x19a/0xc00
       __ext4_ioctl+0x9e9/0x4090
       __x64_sys_ioctl+0x19a/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (&journal->j_barrier){+.+.}-{3:3}:
       __lock_acquire+0x2a02/0x5e70
       lock_acquire+0x1a2/0x530
       __mutex_lock+0x136/0x14d0
       jbd2_journal_lock_updates+0x15e/0x310
       ext4_change_inode_journal_flag+0x17f/0x530
       ext4_fileattr_set+0x140d/0x18a0
       vfs_fileattr_set+0x77c/0xb80
       do_vfs_ioctl+0xfc2/0x1610
       __x64_sys_ioctl+0x10c/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

other info that might help us debug this:

Chain exists of:
  &journal->j_barrier --> &sb->s_type->i_mutex_key#6 --> &sbi->s_writepages_rwsem

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sbi->s_writepages_rwsem);
                               lock(&sb->s_type->i_mutex_key#6);
                               lock(&sbi->s_writepages_rwsem);
  lock(&journal->j_barrier);

 *** DEADLOCK ***

4 locks held by syz-executor.1/6274:
 #0: ffff88800ffbc438 (sb_writers#3){.+.+}-{0:0}, at: do_vfs_ioctl+0xf87/0x1610
 #1: ffff88801da921d0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_fileattr_set+0x148/0xb80
 #2: ffff88801da92370 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x11e/0x530
 #3: ffff88800ffbebd0 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x177/0x530

stack backtrace:
CPU: 1 PID: 6274 Comm: syz-executor.1 Not tainted 6.0.0-rc1-next-20220817 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x8b/0xb3
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2a02/0x5e70
 lock_acquire+0x1a2/0x530
 __mutex_lock+0x136/0x14d0
 jbd2_journal_lock_updates+0x15e/0x310
 ext4_change_inode_journal_flag+0x17f/0x530
 ext4_fileattr_set+0x140d/0x18a0
 vfs_fileattr_set+0x77c/0xb80
 do_vfs_ioctl+0xfc2/0x1610
 __x64_sys_ioctl+0x10c/0x210
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f2580c8db19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f257e203188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f2580da0f60 RCX: 00007f2580c8db19
RDX: 0000000020000080 RSI: 0000000040086602 RDI: 0000000000000005
RBP: 00007f2580ce7f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffde5f06def R14: 00007f257e203300 R15: 0000000000022000
 </TASK>
capability: warning: `syz-executor.5' uses 32-bit capabilities (legacy support in use)
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
Zero length message leads to an empty skb
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
raw_sendmsg: syz-executor.6 forgot to set AF_INET. Fix it!
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
netlink: 'syz-executor.0': attribute type 29 has an invalid length.
audit: type=1400 audit(1660734993.953:17): avc:  denied  { ingress } for  pid=6399 comm="syz-executor.6" saddr=172.20.20.187 daddr=172.20.20.170 netif=lo scontext=system_u:object_r:policy_src_t:s0 tcontext=system_u:object_r:netif_t:s0 tclass=netif permissive=1
audit: type=1400 audit(1660734993.954:18): avc:  denied  { recvfrom } for  pid=6399 comm="syz-executor.6" saddr=172.20.20.187 daddr=172.20.20.170 netif=lo scontext=system_u:object_r:policy_src_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=node permissive=1
audit: type=1400 audit(1660734993.954:19): avc:  denied  { recv } for  pid=6399 comm="syz-executor.6" saddr=172.20.20.187 daddr=172.20.20.170 netif=lo scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:policy_src_t:s0 tclass=peer permissive=1
audit: type=1326 audit(1660734995.660:20): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6533 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f5093cb19 code=0x0
audit: type=1326 audit(1660734996.594:21): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6584 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f5093cb19 code=0x0
audit: type=1326 audit(1660734997.548:22): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6609 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f5093cb19 code=0x0
audit: type=1326 audit(1660734998.552:23): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6651 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f5093cb19 code=0x0
syz-executor.1 (6647) used greatest stack depth: 23512 bytes left
syz-executor.5 (6704) used greatest stack depth: 23248 bytes left