warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
======================================================
WARNING: possible circular locking dependency detected
6.1.0-rc1-next-20221021 #1 Not tainted
------------------------------------------------------
syz-executor.6/13156 is trying to acquire lock:
ffff88800ccc8400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: ext4_bmap+0x4e/0x480

but task is already holding lock:
ffff88801041c3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48b/0xc10

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&journal->j_checkpoint_mutex){+.+.}-{3:3}:
       mutex_lock_io_nested+0x148/0x1320
       __jbd2_log_wait_for_space+0x234/0x470
       add_transaction_credits+0xa42/0xb90
       start_this_handle+0x3ac/0x14d0
       jbd2__journal_start+0x390/0x8e0
       __ext4_journal_start_sb+0x391/0x480
       ext4_dirty_inode+0x9d/0x120
       __mark_inode_dirty+0x1a6/0xe70
       generic_update_time+0x217/0x2c0
       file_update_time+0x22b/0x290
       ext4_page_mkwrite+0x2ea/0x1a80
       do_page_mkwrite+0x1a0/0x650
       __handle_mm_fault+0x12ac/0x35f0
       handle_mm_fault+0x2e6/0xa30
       do_user_addr_fault+0x536/0x1310
       exc_page_fault+0x98/0x1b0
       asm_exc_machine_check-0xe/0x40

-> #2 (sb_pagefaults){.+.+}-{0:0}:
       ext4_page_mkwrite+0x1f8/0x1a80
       do_page_mkwrite+0x1a0/0x650
       __handle_mm_fault+0x12ac/0x35f0
       handle_mm_fault+0x2e6/0xa30
       do_user_addr_fault+0x536/0x1310
       exc_page_fault+0x98/0x1b0
       asm_exc_machine_check-0xe/0x40

-> #1 (&mm->mmap_lock#2){++++}-{3:3}:
       __might_fault+0xfb/0x180
       iov_iter_zero+0x738/0x14e0
       __iomap_dio_rw+0xecc/0x1be0
       iomap_dio_rw+0x3c/0xb0
       ext4_file_read_iter+0x2f0/0x4a0
       do_iter_readv_writev+0x2f0/0x3d0
       do_iter_read+0x2fb/0x760
       vfs_readv+0xe5/0x170
       do_readv+0x133/0x310
       do_syscall_64+0x3b/0xa0
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

-> #0 (&sb->s_type->i_mutex_key#6){++++}-{3:3}:
       __lock_acquire+0x2a02/0x5e80
       lock_acquire+0x1a2/0x540
       down_read+0x98/0x460
       ext4_bmap+0x4e/0x480
       bmap+0xac/0x130
       jbd2_journal_bmap+0xa8/0x190
       jbd2_journal_flush+0x853/0xc10
       __ext4_ioctl+0x9e9/0x40b0
       __x64_sys_ioctl+0x19a/0x220
       do_syscall_64+0x3b/0xa0
       entry_SYSCALL_64_after_hwframe+0x72/0xdc

other info that might help us debug this:

Chain exists of:
  &sb->s_type->i_mutex_key#6 --> sb_pagefaults --> &journal->j_checkpoint_mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&journal->j_checkpoint_mutex);
                               lock(sb_pagefaults);
                               lock(&journal->j_checkpoint_mutex);
  lock(&sb->s_type->i_mutex_key#6);

 *** DEADLOCK ***

2 locks held by syz-executor.6/13156:
 #0: ffff88801041c170 (&journal->j_barrier){+.+.}-{3:3}, at: jbd2_journal_lock_updates+0x15e/0x320
 #1: ffff88801041c3f8 (&journal->j_checkpoint_mutex){+.+.}-{3:3}, at: jbd2_journal_flush+0x48b/0xc10

stack backtrace:
CPU: 1 PID: 13156 Comm: syz-executor.6 Not tainted 6.1.0-rc1-next-20221021 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x8b/0xc3
 check_noncircular+0x263/0x2f0
 __lock_acquire+0x2a02/0x5e80
 lock_acquire+0x1a2/0x540
 down_read+0x98/0x460
 ext4_bmap+0x4e/0x480
 bmap+0xac/0x130
 jbd2_journal_bmap+0xa8/0x190
 jbd2_journal_flush+0x853/0xc10
 __ext4_ioctl+0x9e9/0x40b0
 __x64_sys_ioctl+0x19a/0x220
 do_syscall_64+0x3b/0xa0
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f517ccc4b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f517a23a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f517cdd7f60 RCX: 00007f517ccc4b19
RDX: 00000000200000c0 RSI: 000000004004662b RDI: 0000000000000003
RBP: 00007f517cd1ef6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcb5edccef R14: 00007f517a23a300 R15: 0000000000022000
 </TASK>
Process accounting resumed
tmpfs: Bad value for 'mpol'
Process accounting resumed
warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
tmpfs: Bad value for 'mpol'
Process accounting resumed
tmpfs: Bad value for 'mpol'
Process accounting resumed
warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
device syz_tun entered promiscuous mode
device syz_tun left promiscuous mode
device syz_tun entered promiscuous mode
device syz_tun left promiscuous mode