======================================================
WARNING: possible circular locking dependency detected
6.0.0-rc3-next-20220829 #1 Not tainted
------------------------------------------------------
syz-executor.0/4220 is trying to acquire lock:
ffff888010000170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x15e/0x310

but task is already holding lock:
ffff888010016bd0 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x177/0x530

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #4 (&sbi->s_writepages_rwsem){++++}-{0:0}:
       ext4_writepages+0x1d2/0x3690
       do_writepages+0x1b0/0x6a0
       filemap_fdatawrite_wbc+0x147/0x1b0
       __filemap_fdatawrite_range+0xb6/0x100
       filemap_write_and_wait_range+0x89/0x110
       ext4_fallocate+0x2673/0x3cc0
       vfs_fallocate+0x489/0xe00
       __x64_sys_fallocate+0xcf/0x140
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #3 (mapping.invalidate_lock){++++}-{3:3}:
       down_write+0x90/0x150
       ext4_setattr+0x970/0x2b90
       notify_change+0xcce/0x1420
       do_truncate+0x13c/0x200
       do_sys_ftruncate+0x3ec/0x730
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #2 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       down_read+0x98/0x450
       ext4_bmap+0x4e/0x470
       bmap+0xac/0x120
       jbd2_journal_bmap+0xa8/0x180
       jbd2_journal_flush+0x853/0xc00
       __ext4_ioctl+0x9e9/0x4090
       __x64_sys_ioctl+0x19a/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       mutex_lock_io_nested+0x148/0x1310
       jbd2_journal_flush+0x19a/0xc00
       __ext4_ioctl+0x9e9/0x4090
       __x64_sys_ioctl+0x19a/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (&journal->j_barrier){+.+.}-{3:3}:
       __lock_acquire+0x2a02/0x5e70
       lock_acquire+0x1a2/0x530
       __mutex_lock+0x136/0x14d0
       jbd2_journal_lock_updates+0x15e/0x310
       ext4_change_inode_journal_flag+0x17f/0x530
       ext4_fileattr_set+0x140d/0x18a0
       vfs_fileattr_set+0x77c/0xb80
       do_vfs_ioctl+0xfc2/0x1610
       __x64_sys_ioctl+0x10c/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

other info that might help us debug this:

Chain exists of:
  &journal->j_barrier --> mapping.invalidate_lock --> &sbi->s_writepages_rwsem

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sbi->s_writepages_rwsem);
                               lock(mapping.invalidate_lock);
                               lock(&sbi->s_writepages_rwsem);
  lock(&journal->j_barrier);

 *** DEADLOCK ***

4 locks held by syz-executor.0/4220:
 #0: ffff888010014438 (sb_writers#3){.+.+}-{0:0}, at: do_vfs_ioctl+0xf87/0x1610
 #1: ffff88801e648400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_fileattr_set+0x148/0xb80
 #2: ffff88801e6485a0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x11e/0x530
 #3: ffff888010016bd0 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x177/0x530

stack backtrace:
CPU: 0 PID: 4220 Comm: syz-executor.0 Not tainted 6.0.0-rc3-next-20220829 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x8b/0xb3
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2a02/0x5e70
 lock_acquire+0x1a2/0x530
 __mutex_lock+0x136/0x14d0
 jbd2_journal_lock_updates+0x15e/0x310
 ext4_change_inode_journal_flag+0x17f/0x530
 ext4_fileattr_set+0x140d/0x18a0
 vfs_fileattr_set+0x77c/0xb80
 do_vfs_ioctl+0xfc2/0x1610
 __x64_sys_ioctl+0x10c/0x210
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa5e3adab19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa5e1050188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa5e3bedf60 RCX: 00007fa5e3adab19
RDX: 0000000020000080 RSI: 0000000040086602 RDI: 0000000000000006
RBP: 00007fa5e3b34f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd8bd9624f R14: 00007fa5e1050300 R15: 0000000000022000
 </TASK>
loop6: detected capacity change from 0 to 203
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
loop6: detected capacity change from 0 to 203
Invalid ELF header magic: != ELF
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
loop4: detected capacity change from 0 to 264192
ext4: Unknown parameter 'kH÷!Þýc¨iÕžÞÌ³öíÖ™'
loop4: detected capacity change from 0 to 264192
ext4: Unknown parameter 'kH÷!Þýc¨iÕžÞÌ³öíÖ™'
Bluetooth: hci2: Opcode 0x c03 failed: -110
Bluetooth: hci3: HCI_REQ-0x0406
Bluetooth: hci6: HCI_REQ-0x0406
Bluetooth: hci5: HCI_REQ-0x0406
Bluetooth: hci4: HCI_REQ-0x0406
Bluetooth: hci0: HCI_REQ-0x0406
Bluetooth: hci4: command 0x0406 tx timeout
Bluetooth: hci0: command 0x0406 tx timeout
Bluetooth: hci5: command 0x0406 tx timeout
Bluetooth: hci6: command 0x0406 tx timeout
Bluetooth: hci3: command 0x0406 tx timeout
Bluetooth: hci2: Opcode 0x c03 failed: -110