================================
WARNING: inconsistent lock state
6.4.0-syzkaller-12365-g8689f4f2ea56 #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor.3/5348 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff88802424cd20 (&fs_info->delayed_iput_lock){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88802424cd20 (&fs_info->delayed_iput_lock){+.?.}-{2:2}, at: btrfs_add_delayed_iput+0x128/0x390 fs/btrfs/inode.c:3490
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5761 [inline]
  lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5726
  __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
  _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:351 [inline]
  btrfs_run_delayed_iputs+0x28/0xe0 fs/btrfs/inode.c:3523
  close_ctree+0x217/0xf70 fs/btrfs/disk-io.c:4315
  generic_shutdown_super+0x158/0x480 fs/super.c:499
  kill_anon_super+0x3a/0x60 fs/super.c:1110
  btrfs_kill_super+0x3c/0x50 fs/btrfs/super.c:2138
  deactivate_locked_super+0x98/0x160 fs/super.c:330
  deactivate_super+0xb1/0xd0 fs/super.c:361
  cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1254
  task_work_run+0x16f/0x270 kernel/task_work.c:179
  resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
  exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
  exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204
  __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
  syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297
  __do_fast_syscall_32+0x72/0xf0 arch/x86/entry/common.c:181
  do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203
  entry_SYSENTER_compat_after_hwframe+0x70/0x82
irq event stamp: 488
hardirqs last  enabled at (488): [<ffffffff8a23b6f4>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (488): [<ffffffff8a23b6f4>] _raw_spin_unlock_irqrestore+0x54/0x70 kernel/locking/spinlock.c:194
hardirqs last disabled at (487): [<ffffffff8a23b482>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (487): [<ffffffff8a23b482>] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:162
softirqs last  enabled at (0): [<ffffffff814bb83f>] copy_process+0x227f/0x75c0 kernel/fork.c:2448
softirqs last disabled at (445): [<ffffffff814e0c47>] invoke_softirq kernel/softirq.c:427 [inline]
softirqs last disabled at (445): [<ffffffff814e0c47>] __irq_exit_rcu kernel/softirq.c:632 [inline]
softirqs last disabled at (445): [<ffffffff814e0c47>] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&fs_info->delayed_iput_lock);
  <Interrupt>
    lock(&fs_info->delayed_iput_lock);

 *** DEADLOCK ***

4 locks held by syz-executor.3/5348:
 #0: ffff88801addbaa0 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:161 [inline]
 #0: ffff88801addbaa0 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5254 [inline]
 #0: ffff88801addbaa0 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x35/0x770 mm/memory.c:5316
 #1: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: do_fault_around mm/memory.c:4498 [inline]
 #1: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: do_read_fault mm/memory.c:4535 [inline]
 #1: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: do_fault mm/memory.c:4663 [inline]
 #1: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: do_pte_missing mm/memory.c:3664 [inline]
 #1: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: handle_pte_fault mm/memory.c:4932 [inline]
 #1: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: __handle_mm_fault+0x25f0/0x3c50 mm/memory.c:5072
 #2: ffffffff8c9a4700 (rcu_read_lock){....}-{1:2}, at: filemap_map_pages+0x182/0x1140 mm/filemap.c:3505
 #3: ffff8880249fc318 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #3: ffff8880249fc318 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: __pte_offset_map_lock+0x115/0x270 mm/pgtable-generic.c:280

stack backtrace:
CPU: 3 PID: 5348 Comm: syz-executor.3 Not tainted 6.4.0-syzkaller-12365-g8689f4f2ea56 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
 print_usage_bug kernel/locking/lockdep.c:3978 [inline]
 valid_state kernel/locking/lockdep.c:4020 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4223 [inline]
 mark_lock.part.0+0x1102/0x1960 kernel/locking/lockdep.c:4685
 mark_lock kernel/locking/lockdep.c:4649 [inline]
 mark_usage kernel/locking/lockdep.c:4574 [inline]
 __lock_acquire+0x1231/0x5e20 kernel/locking/lockdep.c:5098
 lock_acquire kernel/locking/lockdep.c:5761 [inline]
 lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5726
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 btrfs_add_delayed_iput+0x128/0x390 fs/btrfs/inode.c:3490
 btrfs_put_ordered_extent fs/btrfs/ordered-data.c:559 [inline]
 btrfs_put_ordered_extent+0x2f6/0x610 fs/btrfs/ordered-data.c:547
 __btrfs_bio_end_io fs/btrfs/bio.c:118 [inline]
 __btrfs_bio_end_io+0x136/0x180 fs/btrfs/bio.c:112
 btrfs_orig_bbio_end_io+0x86/0x2b0 fs/btrfs/bio.c:163
 btrfs_simple_end_io+0x105/0x380 fs/btrfs/bio.c:378
 bio_endio+0x589/0x690 block/bio.c:1617
 req_bio_endio block/blk-mq.c:757 [inline]
 blk_update_request+0x5c5/0x1620 block/blk-mq.c:902
 blk_mq_end_request+0x59/0x680 block/blk-mq.c:1023
 lo_complete_rq+0x1c6/0x280 drivers/block/loop.c:370
 blk_complete_reqs+0xb3/0xf0 block/blk-mq.c:1101
 __do_softirq+0x1d4/0x905 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu kernel/softirq.c:632 [inline]
 irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
 common_interrupt+0xad/0xd0 arch/x86/kernel/irq.c:247
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:636
RIP: 0010:percpu_counter_add_batch+0x175/0x1e0 lib/percpu_counter.c:103
Code: 89 ee e8 de 78 42 fd 48 85 ed 75 53 e8 94 7c 42 fd 31 ff 48 89 de e8 ca 78 42 fd 48 85 db 74 06 e8 80 7c 42 fd fb 48 83 c4 18 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 6c 7c 42 fd e8 67 7c 42 fd 65 45
RSP: 0000:ffffc9000672fb30 EFLAGS: 00000296
RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000000
RDX: ffff88801f318000 RSI: ffffffff844262f0 RDI: 0000000000000007
RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000200 R11: 0000000000000001 R12: 000000000000001c
R13: 0000000000000001 R14: 0000607f8107b090 R15: ffff88801addbde8
 percpu_counter_add include/linux/percpu_counter.h:58 [inline]
 percpu_counter_inc include/linux/percpu_counter.h:210 [inline]
 inc_mm_counter include/linux/mm.h:2520 [inline]
 do_set_pte+0x41d/0x830 mm/memory.c:4334
 filemap_map_pages+0x69a/0x1140 mm/filemap.c:3550
 do_fault_around mm/memory.c:4503 [inline]
 do_read_fault mm/memory.c:4535 [inline]
 do_fault mm/memory.c:4663 [inline]
 do_pte_missing mm/memory.c:3664 [inline]
 handle_pte_fault mm/memory.c:4932 [inline]
 __handle_mm_fault+0x26a9/0x3c50 mm/memory.c:5072
 handle_mm_fault+0x2a7/0x9e0 mm/memory.c:5226
 do_user_addr_fault+0x661/0x1360 arch/x86/mm/fault.c:1392
 handle_page_fault arch/x86/mm/fault.c:1486 [inline]
 exc_page_fault+0x98/0x170 arch/x86/mm/fault.c:1542
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0023:0xf72318f6
Code: 78 fb ff ff 89 c3 83 e8 20 3c 5a 0f 87 b3 00 00 00 0f be c3 8d 97 c0 6e f7 ff 8d 9f 80 e8 ff ff c7 85 24 fb ff ff 00 00 00 00 <0f> b6 44 10 e0 89 9d 2c fb ff ff c7 85 5c fb ff ff 00 00 00 00 8b
RSP: 002b:00000000fffab240 EFLAGS: 00010283
RAX: 000000000000006c RBX: 00000000f734c880 RCX: 0000000000000000
RDX: 00000000f72c4ec0 RSI: 00000000fffab78c RDI: 00000000f734e000
RBP: 00000000fffab748 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	89 ee                	mov    %ebp,%esi
   2:	e8 de 78 42 fd       	callq  0xfd4278e5
   7:	48 85 ed             	test   %rbp,%rbp
   a:	75 53                	jne    0x5f
   c:	e8 94 7c 42 fd       	callq  0xfd427ca5
  11:	31 ff                	xor    %edi,%edi
  13:	48 89 de             	mov    %rbx,%rsi
  16:	e8 ca 78 42 fd       	callq  0xfd4278e5
  1b:	48 85 db             	test   %rbx,%rbx
  1e:	74 06                	je     0x26
  20:	e8 80 7c 42 fd       	callq  0xfd427ca5
  25:	fb                   	sti
  26:	48 83 c4 18          	add    $0x18,%rsp
* 2a:	5b                   	pop    %rbx <-- trapping instruction
  2b:	5d                   	pop    %rbp
  2c:	41 5c                	pop    %r12
  2e:	41 5d                	pop    %r13
  30:	41 5e                	pop    %r14
  32:	41 5f                	pop    %r15
  34:	e9 6c 7c 42 fd       	jmpq   0xfd427ca5
  39:	e8 67 7c 42 fd       	callq  0xfd427ca5
  3e:	65                   	gs
  3f:	45                   	rex.RB