======================================================
WARNING: possible circular locking dependency detected
6.2.0-rc6-next-20230202 #1 Not tainted
------------------------------------------------------
syz-executor.2/11849 is trying to acquire lock:
ffff88800952e170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x162/0x310

but task is already holding lock:
ffff88800952cb90 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x17f/0x550

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&sbi->s_writepages_rwsem){++++}-{0:0}:
       percpu_down_write+0x51/0x350
       ext4_ind_migrate+0x23b/0x840
       ext4_fileattr_set+0x1521/0x19f0
       vfs_fileattr_set+0x7a2/0xbd0
       do_vfs_ioctl+0xfc1/0x1690
       __x64_sys_ioctl+0x110/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #2 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       down_read+0x3d/0x50
       ext4_bmap+0x52/0x470
       bmap+0xb0/0x130
       jbd2_journal_bmap+0xac/0x1d0
       jbd2_journal_flush+0x87f/0xc90
       __ext4_ioctl+0x9fd/0x4330
       __x64_sys_ioctl+0x19e/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       mutex_lock_io_nested+0x149/0x1300
       jbd2_journal_flush+0x19e/0xc90
       __ext4_ioctl+0x9fd/0x4330
       __x64_sys_ioctl+0x19e/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #0 (&journal->j_barrier){+.+.}-{3:3}:
       __lock_acquire+0x2da7/0x63b0
       lock_acquire.part.0+0xec/0x320
       __mutex_lock+0x133/0x14a0
       jbd2_journal_lock_updates+0x162/0x310
       ext4_change_inode_journal_flag+0x187/0x550
       ext4_fileattr_set+0x14fa/0x19f0
       vfs_fileattr_set+0x7a2/0xbd0
       do_vfs_ioctl+0xfc1/0x1690
       __x64_sys_ioctl+0x110/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

other info that might help us debug this:

Chain exists of:
  &journal->j_barrier --> &sb->s_type->i_mutex_key#6 --> &sbi->s_writepages_rwsem

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sbi->s_writepages_rwsem);
                               lock(&sb->s_type->i_mutex_key#6);
                               lock(&sbi->s_writepages_rwsem);
  lock(&journal->j_barrier);

 *** DEADLOCK ***

4 locks held by syz-executor.2/11849:
 #0: ffff88800952a438 (sb_writers#3){.+.+}-{0:0}, at: do_vfs_ioctl+0xf86/0x1690
 #1: ffff888042170df0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_fileattr_set+0x14c/0xbd0
 #2: ffff888042170f90 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x126/0x550
 #3: ffff88800952cb90 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x17f/0x550

stack backtrace:
CPU: 0 PID: 11849 Comm: syz-executor.2 Not tainted 6.2.0-rc6-next-20230202 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x91/0xf0
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2da7/0x63b0
 lock_acquire.part.0+0xec/0x320
 __mutex_lock+0x133/0x14a0
 jbd2_journal_lock_updates+0x162/0x310
 ext4_change_inode_journal_flag+0x187/0x550
 ext4_fileattr_set+0x14fa/0x19f0
 vfs_fileattr_set+0x7a2/0xbd0
 do_vfs_ioctl+0xfc1/0x1690
 __x64_sys_ioctl+0x110/0x210
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7fb1be87db19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb1bbdf3188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fb1be990f60 RCX: 00007fb1be87db19
RDX: 0000000020000040 RSI: 0000000040086602 RDI: 0000000000000003
RBP: 00007fb1be8d7f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd9a0aef0f R14: 00007fb1bbdf3300 R15: 0000000000022000
 </TASK>
netlink: 'syz-executor.3': attribute type 4 has an invalid length.
netlink: 'syz-executor.3': attribute type 4 has an invalid length.
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo entered promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
device lo left promiscuous mode
device lo entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready