======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0 Not tainted
------------------------------------------------------
udevd/8385 is trying to acquire lock:
ffff8880354483f8 (&type->i_mutex_dir_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:828 [inline]
ffff8880354483f8 (&type->i_mutex_dir_key#3){++++}-{4:4}, at: lookup_slow+0x45/0x70 fs/namei.c:1807

but task is already holding lock:
ffff88802904acd8 (&fs_devs->device_list_mutex){+.+.}-{4:4}, at: device_list_add+0x576/0x1f30 fs/btrfs/volumes.c:908

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #4 (&fs_devs->device_list_mutex){+.+.}-{4:4}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
       __mutex_lock_common kernel/locking/mutex.c:585 [inline]
       __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
       insert_dev_extents fs/btrfs/block-group.c:2710 [inline]
       btrfs_create_pending_block_groups+0x772/0x1710 fs/btrfs/block-group.c:2761
       __btrfs_end_transaction+0x150/0x630 fs/btrfs/transaction.c:1063
       flush_space+0x4ca/0xcf0 fs/btrfs/space-info.c:812
       btrfs_async_reclaim_metadata_space+0x28e/0x350 fs/btrfs/space-info.c:1105
       process_one_work kernel/workqueue.c:3236 [inline]
       process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
       worker_thread+0x870/0xd30 kernel/workqueue.c:3398
       kthread+0x2f0/0x390 kernel/kthread.c:389
       ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

-> #3 (btrfs_trans_num_extwriters){++++}-{0:0}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
       join_transaction+0x19c/0xda0 fs/btrfs/transaction.c:313
       start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697
       btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572
       lookup_open fs/namei.c:3649 [inline]
       open_last_lookups fs/namei.c:3748 [inline]
       path_openat+0x1c03/0x3590 fs/namei.c:3984
       do_filp_open+0x27f/0x4e0 fs/namei.c:4014
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
       do_sys_open fs/open.c:1417 [inline]
       __do_sys_openat fs/open.c:1433 [inline]
       __se_sys_openat fs/open.c:1428 [inline]
       __x64_sys_openat+0x247/0x2a0 fs/open.c:1428
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #2 (btrfs_trans_num_writers){++++}-{0:0}:
       reacquire_held_locks+0x3eb/0x690 kernel/locking/lockdep.c:5374
       __lock_release kernel/locking/lockdep.c:5563 [inline]
       lock_release+0x396/0xa30 kernel/locking/lockdep.c:5870
       percpu_up_read include/linux/percpu-rwsem.h:99 [inline]
       __sb_end_write include/linux/fs.h:1720 [inline]
       sb_end_intwrite+0x26/0x1c0 include/linux/fs.h:1837
       __btrfs_end_transaction+0x251/0x630 fs/btrfs/transaction.c:1068
       btrfs_dirty_inode+0x151/0x1a0 fs/btrfs/inode.c:6069
       inode_update_time fs/inode.c:2124 [inline]
       touch_atime+0x27d/0x690 fs/inode.c:2197
       file_accessed include/linux/fs.h:2539 [inline]
       btrfs_file_mmap+0xbd/0x120 fs/btrfs/file.c:1954
       call_mmap include/linux/fs.h:2183 [inline]
       mmap_file mm/internal.h:124 [inline]
       __mmap_new_file_vma mm/vma.c:2291 [inline]
       __mmap_new_vma mm/vma.c:2355 [inline]
       __mmap_region+0x224e/0x2d30 mm/vma.c:2456
       mmap_region+0x1d0/0x2c0 mm/mmap.c:1352
       do_mmap+0x97a/0x10d0 mm/mmap.c:500
       vm_mmap_pgoff+0x1dd/0x3d0 mm/util.c:575
       ksys_mmap_pgoff+0x4eb/0x720 mm/mmap.c:546
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (&mm->mmap_lock){++++}-{4:4}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
       down_read_killable+0xca/0xd30 kernel/locking/rwsem.c:1547
       mmap_read_lock_killable+0x1d/0x70 include/linux/mmap_lock.h:153
       get_mmap_lock_carefully mm/memory.c:6158 [inline]
       lock_mm_and_find_vma+0x29c/0x2f0 mm/memory.c:6209
       do_user_addr_fault arch/x86/mm/fault.c:1361 [inline]
       handle_page_fault arch/x86/mm/fault.c:1481 [inline]
       exc_page_fault+0x1bf/0x8b0 arch/x86/mm/fault.c:1539
       asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
       filldir+0x2ab/0x6a0 fs/readdir.c:286
       dir_emit include/linux/fs.h:3745 [inline]
       call_filldir+0x3d5/0x570 fs/ext4/dir.c:542
       ext4_dx_readdir fs/ext4/dir.c:580 [inline]
       ext4_readdir+0x29fd/0x3a60 fs/ext4/dir.c:143
       iterate_dir+0x571/0x800 fs/readdir.c:108
       __do_sys_getdents fs/readdir.c:322 [inline]
       __se_sys_getdents+0x1fd/0x4e0 fs/readdir.c:308
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&type->i_mutex_dir_key#3){++++}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3161 [inline]
       check_prevs_add kernel/locking/lockdep.c:3280 [inline]
       validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
       __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
       down_read+0xb1/0xa40 kernel/locking/rwsem.c:1524
       inode_lock_shared include/linux/fs.h:828 [inline]
       lookup_slow+0x45/0x70 fs/namei.c:1807
       walk_component fs/namei.c:2112 [inline]
       link_path_walk+0x99b/0xea0 fs/namei.c:2477
       path_lookupat+0xa9/0x450 fs/namei.c:2633
       filename_lookup+0x2a3/0x670 fs/namei.c:2663
       kern_path+0x35/0x50 fs/namei.c:2771
       is_same_device fs/btrfs/volumes.c:828 [inline]
       device_list_add+0xf2c/0x1f30 fs/btrfs/volumes.c:963
       btrfs_scan_one_device+0xa6d/0xdb0 fs/btrfs/volumes.c:1555
       btrfs_control_ioctl+0x165/0x410 fs/btrfs/super.c:2243
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:906 [inline]
       __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  &type->i_mutex_dir_key#3 --> btrfs_trans_num_extwriters --> &fs_devs->device_list_mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&fs_devs->device_list_mutex);
                               lock(btrfs_trans_num_extwriters);
                               lock(&fs_devs->device_list_mutex);
  rlock(&type->i_mutex_dir_key#3);

 *** DEADLOCK ***

2 locks held by udevd/8385:
 #0: ffffffff8eeb8c68 (uuid_mutex){+.+.}-{4:4}, at: btrfs_control_ioctl+0x150/0x410 fs/btrfs/super.c:2238
 #1: ffff88802904acd8 (&fs_devs->device_list_mutex){+.+.}-{4:4}, at: device_list_add+0x576/0x1f30 fs/btrfs/volumes.c:908

stack backtrace:
CPU: 0 UID: 0 PID: 8385 Comm: udevd Not tainted 6.13.0-rc6-syzkaller-00262-gb62cef9a5c67 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
 check_prev_add kernel/locking/lockdep.c:3161 [inline]
 check_prevs_add kernel/locking/lockdep.c:3280 [inline]
 validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 down_read+0xb1/0xa40 kernel/locking/rwsem.c:1524
 inode_lock_shared include/linux/fs.h:828 [inline]
 lookup_slow+0x45/0x70 fs/namei.c:1807
 walk_component fs/namei.c:2112 [inline]
 link_path_walk+0x99b/0xea0 fs/namei.c:2477
 path_lookupat+0xa9/0x450 fs/namei.c:2633
 filename_lookup+0x2a3/0x670 fs/namei.c:2663
 kern_path+0x35/0x50 fs/namei.c:2771
 is_same_device fs/btrfs/volumes.c:828 [inline]
 device_list_add+0xf2c/0x1f30 fs/btrfs/volumes.c:963
 btrfs_scan_one_device+0xa6d/0xdb0 fs/btrfs/volumes.c:1555
 btrfs_control_ioctl+0x165/0x410 fs/btrfs/super.c:2243
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f18c3d1ad49
Code: 5c c3 48 8d 44 24 08 48 89 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 b8 10 00 00 00 c7 44 24 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 76 10 48 8b 15 ae 60 0d 00 f7 d8 41 83 c8
RSP: 002b:00007ffcb1e70fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f18c3d1ad49
RDX: 00007ffcb1e70ff8 RSI: 0000000090009427 RDI: 0000000000000009
RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcb1e72038 R14: 000056084ca168f0 R15: 00007ffcb1e72d58
 </TASK>
BTRFS info: devid 1 device path /114/file0 changed to /dev/loop1 scanned by udevd (8385)