======================================================
WARNING: possible circular locking dependency detected
5.19.0-next-20220811 #1 Not tainted
------------------------------------------------------
syz-executor.0/22487 is trying to acquire lock:
ffff888009330170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x15e/0x310

but task is already holding lock:
ffff88800892ebd0 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x177/0x530

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&sbi->s_writepages_rwsem){++++}-{0:0}:
       percpu_down_write+0x4d/0x3d0
       ext4_ind_migrate+0x237/0x830
       ext4_fileattr_set+0x1434/0x18a0
       vfs_fileattr_set+0x77c/0xb80
       do_vfs_ioctl+0xfc2/0x1610
       __x64_sys_ioctl+0x10c/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #2 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       down_read+0x98/0x450
       ext4_bmap+0x4e/0x470
       bmap+0xac/0x120
       jbd2_journal_bmap+0xa8/0x180
       jbd2_journal_flush+0x853/0xc00
       __ext4_ioctl+0x9e9/0x4090
       __x64_sys_ioctl+0x19a/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #1 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       mutex_lock_io_nested+0x148/0x1310
       jbd2_journal_flush+0x19a/0xc00
       __ext4_ioctl+0x9e9/0x4090
       __x64_sys_ioctl+0x19a/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (&journal->j_barrier){+.+.}-{3:3}:
       __lock_acquire+0x2a02/0x5e70
       lock_acquire+0x1a2/0x530
       __mutex_lock+0x136/0x14d0
       jbd2_journal_lock_updates+0x15e/0x310
       ext4_change_inode_journal_flag+0x17f/0x530
       ext4_fileattr_set+0x140d/0x18a0
       vfs_fileattr_set+0x77c/0xb80
       do_vfs_ioctl+0xfc2/0x1610
       __x64_sys_ioctl+0x10c/0x210
       do_syscall_64+0x3b/0x90
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

other info that might help us debug this:

Chain exists of:
  &journal->j_barrier --> &sb->s_type->i_mutex_key#6 --> &sbi->s_writepages_rwsem

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sbi->s_writepages_rwsem);
                               lock(&sb->s_type->i_mutex_key#6);
                               lock(&sbi->s_writepages_rwsem);
  lock(&journal->j_barrier);

 *** DEADLOCK ***

4 locks held by syz-executor.0/22487:
 #0: ffff88800892c438 (sb_writers#3){.+.+}-{0:0}, at: do_vfs_ioctl+0xf87/0x1610
 #1: ffff88801dbca1d0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_fileattr_set+0x148/0xb80
 #2: ffff88801dbca370 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_change_inode_journal_flag+0x11e/0x530
 #3: ffff88800892ebd0 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_change_inode_journal_flag+0x177/0x530

stack backtrace:
CPU: 1 PID: 22487 Comm: syz-executor.0 Not tainted 5.19.0-next-20220811 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x8b/0xb3
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2a02/0x5e70
 lock_acquire+0x1a2/0x530
 __mutex_lock+0x136/0x14d0
 jbd2_journal_lock_updates+0x15e/0x310
 ext4_change_inode_journal_flag+0x17f/0x530
 ext4_fileattr_set+0x140d/0x18a0
 vfs_fileattr_set+0x77c/0xb80
 do_vfs_ioctl+0xfc2/0x1610
 __x64_sys_ioctl+0x10c/0x210
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fdfd81d0b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdfd5746188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fdfd82e3f60 RCX: 00007fdfd81d0b19
RDX: 0000000020000080 RSI: 0000000040086602 RDI: 0000000000000005
RBP: 00007fdfd822af6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff0522f18f R14: 00007fdfd5746300 R15: 0000000000022000
 </TASK>
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
Restarting kernel threads ... done.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
Restarting kernel threads ... done.
Restarting kernel threads ... done.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
Restarting kernel threads ... done.
Restarting kernel threads ... done.
Restarting kernel threads ... done.
Restarting kernel threads ... done.
Restarting kernel threads ... done.
Restarting kernel threads ... done.
netlink: 508 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 508 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 200 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 508 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 200 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 508 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 200 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 200 bytes leftover after parsing attributes in process `syz-executor.0'.
EXT4-fs: Invalid commit interval -2147483648, must be smaller than 2147483
EXT4-fs: Invalid commit interval -2147483648, must be smaller than 2147483
EXT4-fs: Invalid commit interval -2147483648, must be smaller than 2147483
netlink: 'syz-executor.7': attribute type 12 has an invalid length.
ieee80211 phy30: Selected rate control algorithm 'minstrel_ht'
EXT4-fs: Invalid commit interval -2147483648, must be smaller than 2147483
netlink: 'syz-executor.7': attribute type 12 has an invalid length.
ieee80211 phy31: Selected rate control algorithm 'minstrel_ht'
EXT4-fs: Invalid commit interval -2147483648, must be smaller than 2147483
netlink: 'syz-executor.7': attribute type 12 has an invalid length.
ieee80211 phy32: Selected rate control algorithm 'minstrel_ht'
Bluetooth: hci0: Opcode 0x c03 failed: -4
netlink: 'syz-executor.7': attribute type 12 has an invalid length.
audit: type=1326 audit(1660215642.066:60): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=23111 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09f2874b19 code=0x0
ieee80211 phy33: Selected rate control algorithm 'minstrel_ht'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23124 comm=syz-executor.1