======================================================
WARNING: possible circular locking dependency detected
6.2.0-next-20230303 #1 Not tainted
------------------------------------------------------
syz-fuzzer/240 is trying to acquire lock:
ffff88800fe743f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: __jbd2_log_wait_for_space+0x238/0x4b0

but task is already holding lock:
ffff88800fe70530 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x1a6/0x640

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (sb_pagefaults){.+.+}-{0:0}:
       ext4_page_mkwrite+0x202/0x1aa0
       do_page_mkwrite+0x1a6/0x640
       __handle_mm_fault+0x11b5/0x31e0
       handle_mm_fault+0x2ce/0xb40
       do_user_addr_fault+0x5ca/0x12e0
       exc_page_fault+0x9c/0x1a0
       asm_exc_page_fault+0x26/0x30

-> #2 (&mm->mmap_lock){++++}-{3:3}:
       internal_get_user_pages_fast+0x13a4/0x2e00
       get_user_pages_fast+0xab/0x100
       __iov_iter_get_pages_alloc+0x2df/0x20f0
       iov_iter_get_pages+0xb0/0x110
       bio_iov_iter_get_pages+0x28a/0x1060
       iomap_dio_bio_iter+0x78e/0x1350
       __iomap_dio_rw+0xe22/0x1ce0
       iomap_dio_rw+0x40/0xa0
       ext4_file_write_iter+0x9ab/0x1950
       vfs_write+0x9b4/0xdc0
       ksys_write+0x12b/0x260
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #1 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       down_read+0x3d/0x50
       ext4_bmap+0x52/0x470
       bmap+0xb0/0x130
       jbd2_journal_bmap+0xac/0x1d0
       jbd2_journal_flush+0x87f/0xc90
       __ext4_ioctl+0x9fd/0x4330
       __x64_sys_ioctl+0x19e/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #0 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       __lock_acquire+0x2d56/0x6380
       lock_acquire.part.0+0xea/0x320
       mutex_lock_io_nested+0x149/0x1300
       __jbd2_log_wait_for_space+0x238/0x4b0
       add_transaction_credits+0xa42/0xb80
       start_this_handle+0x3a6/0x14d0
       jbd2__journal_start+0x394/0x6b0
       __ext4_journal_start_sb+0x4c2/0x6f0
       ext4_dirty_inode+0xa5/0x130
       __mark_inode_dirty+0x1aa/0xee0
       generic_update_time+0x21b/0x2b0
       file_update_time+0x22f/0x280
       ext4_page_mkwrite+0x2ed/0x1aa0
       do_page_mkwrite+0x1a6/0x640
       do_wp_page+0x2e6/0x3f50
       __handle_mm_fault+0x10f3/0x31e0
       handle_mm_fault+0x2ce/0xb40
       do_user_addr_fault+0x5ca/0x12e0
       exc_page_fault+0x9c/0x1a0
       asm_exc_page_fault+0x26/0x30

other info that might help us debug this:

Chain exists of:
  &journal->j_checkpoint_mutex --> &mm->mmap_lock --> sb_pagefaults

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(sb_pagefaults);
                               lock(&mm->mmap_lock);
                               lock(sb_pagefaults);
  lock(&journal->j_checkpoint_mutex);

 *** DEADLOCK ***

2 locks held by syz-fuzzer/240:
 #0: ffff8880186ec098 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x4f4/0x12e0
 #1: ffff88800fe70530 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x1a6/0x640

stack backtrace:
CPU: 1 PID: 240 Comm: syz-fuzzer Not tainted 6.2.0-next-20230303 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x91/0xf0
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2d56/0x6380
 lock_acquire.part.0+0xea/0x320
 mutex_lock_io_nested+0x149/0x1300
 __jbd2_log_wait_for_space+0x238/0x4b0
 add_transaction_credits+0xa42/0xb80
 start_this_handle+0x3a6/0x14d0
 jbd2__journal_start+0x394/0x6b0
 __ext4_journal_start_sb+0x4c2/0x6f0
 ext4_dirty_inode+0xa5/0x130
 __mark_inode_dirty+0x1aa/0xee0
 generic_update_time+0x21b/0x2b0
 file_update_time+0x22f/0x280
 ext4_page_mkwrite+0x2ed/0x1aa0
 do_page_mkwrite+0x1a6/0x640
 do_wp_page+0x2e6/0x3f50
 __handle_mm_fault+0x10f3/0x31e0
 handle_mm_fault+0x2ce/0xb40
 do_user_addr_fault+0x5ca/0x12e0
 exc_page_fault+0x9c/0x1a0
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0x4657b1
Code: 54 1e a0 f3 44 0f 6f 5c 1e b0 f3 44 0f 6f 64 1e c0 f3 44 0f 6f 6c 1e d0 f3 44 0f 6f 74 1e e0 f3 44 0f 6f 7c 1e f0 f3 0f 7f 07 <f3> 0f 7f 4f 10 f3 0f 7f 57 20 f3 0f 7f 5f 30 f3 0f 7f 67 40 f3 0f
RSP: 002b:000000c001aed190 EFLAGS: 00010246
RAX: 000000c001aed960 RBX: 0000000000000100 RCX: 0000000000000100
RDX: 0000000000000100 RSI: 000000c0060e0e00 RDI: 00007f516be97fe8
RBP: 000000c001aed2a8 R08: 000000c0060e0e00 R09: 000000c005a19560
R10: 0000000000000000 R11: 0000000000000002 R12: 000000c005a19493
R13: 000000000000000d R14: 0000000000000003 R15: 000000c005a19490
 </TASK>
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
tmpfs: Bad value for 'gid'