======================================================
WARNING: possible circular locking dependency detected
6.2.0-rc4-next-20230116 #1 Not tainted
------------------------------------------------------
syz-executor.2/11432 is trying to acquire lock:
ffff88800fe2e3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: __jbd2_log_wait_for_space+0x238/0x460

but task is already holding lock:
ffff888040353fa0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_unlink+0xd9/0x930

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       down_read+0x9c/0x450
       ext4_bmap+0x52/0x470
       bmap+0xb0/0x130
       jbd2_journal_bmap+0xac/0x190
       jbd2_journal_flush+0x860/0xc10
       __ext4_ioctl+0x9e3/0x43e0
       __x64_sys_ioctl+0x19e/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #0 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       __lock_acquire+0x2a52/0x5e90
       lock_acquire.part.0+0x120/0x340
       mutex_lock_io_nested+0x14c/0x1300
       __jbd2_log_wait_for_space+0x238/0x460
       add_transaction_credits+0xa42/0xb80
       start_this_handle+0x3ac/0x14c0
       jbd2__journal_start+0x394/0x6b0
       __ext4_journal_start_sb+0x4c2/0x6f0
       __ext4_unlink+0x44e/0xcf0
       ext4_unlink+0x3ac/0x640
       vfs_unlink+0x35e/0x930
       do_unlinkat+0x398/0x620
       __x64_sys_unlink+0xca/0x110
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sb->s_type->i_mutex_key#6);
                               lock(&journal->j_checkpoint_mutex);
                               lock(&sb->s_type->i_mutex_key#6);
  lock(&journal->j_checkpoint_mutex);

 *** DEADLOCK ***

3 locks held by syz-executor.2/11432:
 #0: ffff88800fe2a438 (sb_writers#3){.+.+}-{0:0}, at: do_unlinkat+0x187/0x620
 #1: ffff88801be45380 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: do_unlinkat+0x274/0x620
 #2: ffff888040353fa0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_unlink+0xd9/0x930

stack backtrace:
CPU: 0 PID: 11432 Comm: syz-executor.2 Not tainted 6.2.0-rc4-next-20230116 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x8f/0xb7
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2a52/0x5e90
 lock_acquire.part.0+0x120/0x340
 mutex_lock_io_nested+0x14c/0x1300
 __jbd2_log_wait_for_space+0x238/0x460
 add_transaction_credits+0xa42/0xb80
 start_this_handle+0x3ac/0x14c0
 jbd2__journal_start+0x394/0x6b0
 __ext4_journal_start_sb+0x4c2/0x6f0
 __ext4_unlink+0x44e/0xcf0
 ext4_unlink+0x3ac/0x640
 vfs_unlink+0x35e/0x930
 do_unlinkat+0x398/0x620
 __x64_sys_unlink+0xca/0x110
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f0346bcf457
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc80e7fc48 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0346bcf457
RDX: 00007ffc80e7fc80 RSI: 00007ffc80e7fc80 RDI: 00007ffc80e7fd10
RBP: 00007ffc80e7fd10 R08: 0000000000000001 R09: 00007ffc80e7fae0
R10: 000055555619ecbb R11: 0000000000000206 R12: 00007f0346c29105
R13: 00007ffc80e80dd0 R14: 000055555619ec20 R15: 00007ffc80e80e10
 </TASK>
Process accounting resumed
random: crng reseeded on system resumption
perf: interrupt took too long (4033 > 4021), lowering kernel.perf_event_max_sample_rate to 49000
random: crng reseeded on system resumption
perf: interrupt took too long (5082 > 5041), lowering kernel.perf_event_max_sample_rate to 39000
random: crng reseeded on system resumption
Restarting kernel threads ... done.
random: crng reseeded on system resumption
Restarting kernel threads ... done.
perf: interrupt took too long (6367 > 6352), lowering kernel.perf_event_max_sample_rate to 31000
device lo left promiscuous mode
device lo entered promiscuous mode
perf: interrupt took too long (7984 > 7958), lowering kernel.perf_event_max_sample_rate to 25000
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
perf: interrupt took too long (9982 > 9980), lowering kernel.perf_event_max_sample_rate to 20000
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode