======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/u10:5/1090 is trying to acquire lock:
ffff88813102a538 (btrfs_trans_num_extwriters){++++}-{0:0}, at: join_transaction+0x41b/0xd70

but task is already holding lock:
ffff88813102a510 (btrfs_trans_num_writers){++++}-{0:0}, at: join_transaction+0x41b/0xd70

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #5 (btrfs_trans_num_writers){++++}-{0:0}:
       reacquire_held_locks+0x127/0x1d0
       lock_release+0x1b4/0x3e0
       sb_end_intwrite+0x26/0x1c0
       __btrfs_end_transaction+0x248/0x640
       btrfs_dirty_inode+0x14c/0x190
       file_update_time+0x347/0x490
       btrfs_page_mkwrite+0x5c8/0x1a70
       do_page_mkwrite+0x14d/0x310
       __handle_mm_fault+0x1916/0x5440
       handle_mm_fault+0x40a/0x8e0
       do_user_addr_fault+0x764/0x1390
       exc_page_fault+0x76/0xf0
       asm_exc_page_fault+0x26/0x30

-> #4 (sb_pagefaults#4){.+.+}-{0:0}:
       lock_acquire+0x120/0x360
       btrfs_page_mkwrite+0x317/0x1a70
       do_page_mkwrite+0x14d/0x310
       __handle_mm_fault+0x1916/0x5440
       handle_mm_fault+0x40a/0x8e0
       do_user_addr_fault+0x764/0x1390
       exc_page_fault+0x76/0xf0
       asm_exc_page_fault+0x26/0x30

-> #3 (&mm->mmap_lock){++++}-{4:4}:
       lock_acquire+0x120/0x360
       down_read_killable+0x50/0x350
       mmap_read_lock_killable+0x1d/0x70
       lock_mm_and_find_vma+0x2a8/0x300
       do_user_addr_fault+0x331/0x1390
       exc_page_fault+0x76/0xf0
       asm_exc_page_fault+0x26/0x30
       filldir64+0x2a3/0x690
       offset_readdir+0x1e6/0x560
       iterate_dir+0x399/0x570
       __se_sys_getdents64+0xe4/0x260
       do_syscall_64+0xfa/0x3b0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #2 (&type->i_mutex_dir_key#5){++++}-{4:4}:
       lock_acquire+0x120/0x360
       down_read+0x46/0x2e0
       lookup_slow+0x46/0x70
       walk_component+0x2d2/0x400
       path_lookupat+0x163/0x430
       filename_lookup+0x212/0x570
       kern_path+0x35/0x50
       device_list_add+0xe2a/0x22a0
       btrfs_scan_one_device+0x3ee/0x650
       btrfs_get_tree+0x433/0x1820
       vfs_get_tree+0x92/0x2b0
       do_new_mount+0x2a2/0x9e0
       __se_sys_mount+0x317/0x410
       do_syscall_64+0xfa/0x3b0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #1 (&fs_devs->device_list_mutex){+.+.}-{4:4}:
       lock_acquire+0x120/0x360
       __mutex_lock+0x187/0x1350
       btrfs_create_pending_block_groups+0x5f8/0x1780
       __btrfs_end_transaction+0x140/0x640
       flush_space+0x315/0xcd0
       do_async_reclaim_data_space+0x11c/0x520
       btrfs_async_reclaim_data_space+0x41/0x90
       process_scheduled_works+0xae1/0x17b0
       worker_thread+0x8a0/0xda0
       kthread+0x711/0x8a0
       ret_from_fork+0x3fc/0x770
       ret_from_fork_asm+0x1a/0x30

-> #0 (btrfs_trans_num_extwriters){++++}-{0:0}:
       validate_chain+0xb9b/0x2140
       __lock_acquire+0xab9/0xd20
       lock_acquire+0x120/0x360
       join_transaction+0x45c/0xd70
       start_transaction+0x6b6/0x1620
       flush_space+0x4d6/0xcd0
       do_async_reclaim_metadata_space+0x144/0x390
       btrfs_async_reclaim_metadata_space+0x89/0xe0
       process_scheduled_works+0xae1/0x17b0
       worker_thread+0x8a0/0xda0
       kthread+0x711/0x8a0
       ret_from_fork+0x3fc/0x770
       ret_from_fork_asm+0x1a/0x30

other info that might help us debug this:

Chain exists of:
  btrfs_trans_num_extwriters --> sb_pagefaults#4 --> btrfs_trans_num_writers

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  rlock(btrfs_trans_num_writers);
                               lock(sb_pagefaults#4);
                               lock(btrfs_trans_num_writers);
  rlock(btrfs_trans_num_extwriters);

 *** DEADLOCK ***

3 locks held by kworker/u10:5/1090:
 #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc90006d17bc0 ((work_completion)(&fs_info->async_reclaim_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff88813102a510 (btrfs_trans_num_writers){++++}-{0:0}, at: join_transaction+0x41b/0xd70

stack backtrace:
CPU: 1 UID: 0 PID: 1090 Comm: kworker/u10:5 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: events_unbound btrfs_async_reclaim_metadata_space
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250
 print_circular_bug+0x2ee/0x310
 check_noncircular+0x134/0x160
 validate_chain+0xb9b/0x2140
 __lock_acquire+0xab9/0xd20
 lock_acquire+0x120/0x360
 join_transaction+0x45c/0xd70
 start_transaction+0x6b6/0x1620
 flush_space+0x4d6/0xcd0
 do_async_reclaim_metadata_space+0x144/0x390
 btrfs_async_reclaim_metadata_space+0x89/0xe0
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
