======================================================
WARNING: possible circular locking dependency detected
6.2.0-rc7-next-20230208 #1 Not tainted
------------------------------------------------------
syz-executor.7/14263 is trying to acquire lock:
ffff88800fdbc3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: __jbd2_log_wait_for_space+0x238/0x4b0

but task is already holding lock:
ffff88800fdb8530 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x1a0/0x640

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (sb_pagefaults){.+.+}-{0:0}:
       ext4_page_mkwrite+0x1fc/0x1aa0
       do_page_mkwrite+0x1a0/0x640
       __handle_mm_fault+0x11a9/0x31c0
       handle_mm_fault+0x1b8/0x860
       do_user_addr_fault+0x512/0x1320
       exc_page_fault+0x9c/0x1a0
       asm_exc_page_fault+0x26/0x30

-> #2 (&mm->mmap_lock){++++}-{3:3}:
       internal_get_user_pages_fast+0x13a4/0x2e00
       pin_user_pages_fast+0xab/0x100
       iov_iter_extract_pages+0x2a3/0x1e70
       bio_iov_iter_get_pages+0x341/0x13c0
       iomap_dio_bio_iter+0x78e/0x1350
       __iomap_dio_rw+0xe22/0x1ce0
       iomap_dio_rw+0x40/0xa0
       ext4_file_write_iter+0xb5d/0x1930
       vfs_write+0x9b4/0xdc0
       ksys_write+0x12b/0x260
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #1 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       down_read+0x3d/0x50
       ext4_bmap+0x52/0x470
       bmap+0xb0/0x130
       jbd2_journal_bmap+0xac/0x1d0
       jbd2_journal_flush+0x87f/0xc90
       __ext4_ioctl+0x9fd/0x4330
       __x64_sys_ioctl+0x19e/0x210
       do_syscall_64+0x3f/0x90
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #0 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       __lock_acquire+0x2da7/0x63b0
       lock_acquire.part.0+0xec/0x320
       mutex_lock_io_nested+0x149/0x1300
       __jbd2_log_wait_for_space+0x238/0x4b0
       add_transaction_credits+0xa42/0xb80
       start_this_handle+0x3a6/0x14d0
       jbd2__journal_start+0x394/0x6b0
       __ext4_journal_start_sb+0x4c2/0x6f0
       ext4_dirty_inode+0xa5/0x130
       __mark_inode_dirty+0x1aa/0xee0
       generic_update_time+0x21b/0x2b0
       file_update_time+0x22f/0x280
       ext4_page_mkwrite+0x2e4/0x1aa0
       do_page_mkwrite+0x1a0/0x640
       __handle_mm_fault+0x11a9/0x31c0
       handle_mm_fault+0x1b8/0x860
       do_user_addr_fault+0x512/0x1320
       exc_page_fault+0x9c/0x1a0
       asm_exc_page_fault+0x26/0x30

other info that might help us debug this:

Chain exists of:
  &journal->j_checkpoint_mutex --> &mm->mmap_lock --> sb_pagefaults

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  rlock(sb_pagefaults);
                               lock(&mm->mmap_lock);
                               lock(sb_pagefaults);
  lock(&journal->j_checkpoint_mutex);

 *** DEADLOCK ***

2 locks held by syz-executor.7/14263:
 #0: ffff88803fb43798 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x313/0x1320
 #1: ffff88800fdb8530 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x1a0/0x640

stack backtrace:
CPU: 1 PID: 14263 Comm: syz-executor.7 Not tainted 6.2.0-rc7-next-20230208 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x91/0xf0
 check_noncircular+0x263/0x2e0
 __lock_acquire+0x2da7/0x63b0
 lock_acquire.part.0+0xec/0x320
 mutex_lock_io_nested+0x149/0x1300
 __jbd2_log_wait_for_space+0x238/0x4b0
 add_transaction_credits+0xa42/0xb80
 start_this_handle+0x3a6/0x14d0
 jbd2__journal_start+0x394/0x6b0
 __ext4_journal_start_sb+0x4c2/0x6f0
 ext4_dirty_inode+0xa5/0x130
 __mark_inode_dirty+0x1aa/0xee0
 generic_update_time+0x21b/0x2b0
 file_update_time+0x22f/0x280
 ext4_page_mkwrite+0x2e4/0x1aa0
 do_page_mkwrite+0x1a0/0x640
 __handle_mm_fault+0x11a9/0x31c0
 handle_mm_fault+0x1b8/0x860
 do_user_addr_fault+0x512/0x1320
 exc_page_fault+0x9c/0x1a0
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7fcd3c70f673
Code: 5d c3 0f 1f 44 00 00 48 8b 0d 59 ed 0a 01 48 8b 05 4a ed 0a 01 4c 8d 81 00 00 00 01 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 2c ed 0a 01 c3 52 48 8d 35 77 b7 0b 00 48 89 c2 48
RSP: 002b:00007ffc5e21cb78 EFLAGS: 00010287
RAX: 0000001b33322000 RBX: 00007fcd3c4e9008 RCX: 0000001b33320000
RDX: 0000001b33322004 RSI: ffffffff817e3ddc RDI: 0000000006d8f32b
RBP: 0000000000000001 R08: 0000001b34320000 R09: 0000001b33321acc
R10: 000000000000132b R11: 0000000006d8f32f R12: 000000000000079e
R13: 00007fcd3c879000 R14: ffffffff817e3ddc R15: 00007fcd3c884ff0
 </TASK>
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode