======================================================
WARNING: possible circular locking dependency detected
6.0.0-rc3-next-20220829 #1 Not tainted
------------------------------------------------------
syz-executor.1/9769 is trying to acquire lock:
ffff8880100ec170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x15e/0x310

but task is already holding lock:
ffff8880100eabd0 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x177/0x530

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&sbi->s_writepages_rwsem){++++}-{0:0}:
       ext4_writepages+0x1d2/0x3690
       do_writepages+0x1b0/0x6a0
       filemap_fdatawrite_wbc+0x147/0x1b0
       __filemap_fdatawrite_range+0xb6/0x100
       filemap_write_and_wait_range+0x89/0x110
       __iomap_dio_rw+0x5ed/0x1bd0
       iomap_dio_rw+0x3c/0xa0
       ext4_file_read_iter+0x268/0x400
       do_iter_readv_writev+0x2f0/0x3c0
       do_iter_read+0x2fb/0x750
       vfs_readv+0xe5/0x160
       do_preadv+0x1ba/0x270
       __x64_sys_preadv2+0xeb/0x150
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #2 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       down_read+0x98/0x450
       ext4_bmap+0x4e/0x470
       bmap+0xac/0x120
       jbd2_journal_bmap+0xa8/0x180
       jbd2_journal_flush+0x853/0xc00
       __ext4_ioctl+0x9e9/0x4090
       __x64_sys_ioctl+0x19a/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       mutex_lock_io_nested+0x148/0x1310
       jbd2_journal_flush+0x19a/0xc00
       __ext4_ioctl+0x30c7/0x4090
       __x64_sys_ioctl+0x19a/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (&journal->j_barrier){+.+.}-{3:3}:
       __lock_acquire+0x2a02/0x5e70
       lock_acquire+0x1a2/0x530
       __mutex_lock+0x136/0x14d0
       jbd2_journal_lock_updates+0x15e/0x310
       ext4_change_inode_journal_flag+0x17f/0x530
       ext4_fileattr_set+0x140d/0x18a0
       vfs_fileattr_set+0x77c/0xb80
       do_vfs_ioctl+0xfc2/0x1610
       __x64_sys_ioctl+0x10c/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

other info that might help us debug this:

Chain exists of:
  &journal->j_barrier --> &sb->s_type->i_mutex_key#6 --> &sbi->s_writepages_rwsem

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sbi->s_writepages_rwsem);
                               lock(&sb->s_type->i_mutex_key#6);
                               lock(&sbi->s_writepages_rwsem);
  lock(&journal->j_barrier);

 *** DEADLOCK ***

4 locks held by syz-executor.1/9769:
 #0: ffff8880100e8438 (sb_writers#3){.+.+}-{0:0}, at: do_vfs_ioctl+0xf87/0x1610
 #1: ffff8880425e97e0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_fileattr_set+0x148/0xb80
 #2: ffff8880425e9980 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x11e/0x530
 #3: ffff8880100eabd0 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x177/0x530

stack backtrace:
CPU: 0 PID: 9769 Comm: syz-executor.1 Not tainted 6.0.0-rc3-next-20220829 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x8b/0xb3
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2a02/0x5e70
 lock_acquire+0x1a2/0x530
 __mutex_lock+0x136/0x14d0
 jbd2_journal_lock_updates+0x15e/0x310
 ext4_change_inode_journal_flag+0x17f/0x530
 ext4_fileattr_set+0x140d/0x18a0
 vfs_fileattr_set+0x77c/0xb80
 do_vfs_ioctl+0xfc2/0x1610
 __x64_sys_ioctl+0x10c/0x210
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f163f13cb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f163c6b2188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f163f24ff60 RCX: 00007f163f13cb19
RDX: 0000000020000080 RSI: 0000000040086602 RDI: 0000000000000003
RBP: 00007f163f196f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd3ce1ef2f R14: 00007f163c6b2300 R15: 0000000000022000
 </TASK>
hpet: Lost 5 RTC interrupts
audit: type=1326 audit(1661771334.831:14): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9838 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab32f8bb19 code=0x0
audit: type=1326 audit(1661771335.664:15): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9838 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab32f8bb19 code=0x0
audit: type=1326 audit(1661771335.835:16): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9890 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab32f8bb19 code=0x0
audit: type=1326 audit(1661771336.788:17): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9938 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab32f8bb19 code=0x0
audit: type=1326 audit(1661771337.704:18): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9977 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab32f8bb19 code=0x0
rfkill: input handler disabled
rfkill: input handler enabled
rfkill: input handler disabled
rfkill: input handler enabled
rfkill: input handler disabled
rfkill: input handler enabled
rfkill: input handler disabled
rfkill: input handler enabled
rfkill: input handler disabled
rfkill: input handler enabled
rfkill: input handler disabled
rfkill: input handler enabled
rfkill: input handler disabled
rfkill: input handler enabled
rfkill: input handler disabled
rfkill: input handler enabled
No source specified
No source specified
No source specified
No source specified
No source specified
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
EXT4-fs warning (device sda): verify_group_input:150: Cannot add at group 0 (only 16 groups)
Process accounting resumed
Process accounting resumed
Process accounting resumed
EXT4-fs warning (device sda): verify_group_input:150: Cannot add at group 0 (only 16 groups)
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
EXT4-fs warning (device sda): verify_group_input:150: Cannot add at group 0 (only 16 groups)