[    9.023386][ T2615] 8021q: adding VLAN 0 to HW filter on device bond0
[    9.030730][ T2615] eql: remember to turn off Van-Jacobson compression on your slave devices
[    9.059866][    T9] gvnic 0000:00:00.0 enp0s0: Device link is up.
[    9.061270][ T2524] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   41.107613][ T3029] loop0: detected capacity change from 0 to 32768
[   41.111060][ T3029] BTRFS: device fsid 8ff932b8-f4e4-4b03-aed6-d7e5736fd60a devid 1 transid 8 /dev/loop0 scanned by syz-executor307 (3029)
[   41.115913][ T3029] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   41.118445][ T3029] BTRFS info (device loop0): using free space tree
[   41.125741][ T3029] BTRFS info (device loop0): enabling ssd optimizations
[   41.394417][ T3029] 
[   41.394893][ T3029] ======================================================
[   41.396381][ T3029] WARNING: possible circular locking dependency detected
[   41.397869][ T3029] 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Not tainted
[   41.399378][ T3029] ------------------------------------------------------
[   41.400963][ T3029] syz-executor307/3029 is trying to acquire lock:
[   41.402517][ T3029] ffff0000c02525d8 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x54/0xb4
[   41.404428][ T3029] 
[   41.404428][ T3029] but task is already holding lock:
[   41.406092][ T3029] ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_read_lock_root_node+0x13c/0x1c0
[   41.408250][ T3029] 
[   41.408250][ T3029] which lock already depends on the new lock.
[   41.408250][ T3029] 
[   41.410614][ T3029] 
[   41.410614][ T3029] the existing dependency chain (in reverse order) is:
[   41.412606][ T3029] 
[   41.412606][ T3029] -> #3 (btrfs-root-00){++++}-{3:3}:
[   41.414267][ T3029]        down_read_nested+0x64/0x84
[   41.415440][ T3029]        btrfs_read_lock_root_node+0x13c/0x1c0
[   41.416902][ T3029]        btrfs_search_slot_get_root+0x74/0x338
[   41.418345][ T3029]        btrfs_search_slot+0x1b0/0xfd8
[   41.419590][ T3029]        btrfs_update_root+0x6c/0x5a0
[   41.420818][ T3029]        commit_fs_roots+0x1f0/0x33c
[   41.422036][ T3029]        btrfs_commit_transaction+0x89c/0x12d8
[   41.423347][ T3029]        flush_space+0x66c/0x738
[   41.424479][ T3029]        btrfs_async_reclaim_metadata_space+0x43c/0x4e0
[   41.426011][ T3029]        process_one_work+0x2d8/0x504
[   41.427267][ T3029]        worker_thread+0x340/0x610
[   41.428465][ T3029]        kthread+0x12c/0x158
[   41.429406][ T3029]        ret_from_fork+0x10/0x20
[   41.430468][ T3029] 
[   41.430468][ T3029] -> #2 (&fs_info->reloc_mutex){+.+.}-{3:3}:
[   41.432299][ T3029]        __mutex_lock_common+0xd4/0xca8
[   41.433287][ T3029]        mutex_lock_nested+0x38/0x44
[   41.434206][ T3029]        start_transaction+0x248/0x944
[   41.435151][ T3029]        btrfs_start_transaction+0x34/0x44
[   41.436168][ T3029]        btrfs_create_common+0xf0/0x1b4
[   41.437147][ T3029]        btrfs_create+0x8c/0xb0
[   41.438372][ T3029]        path_openat+0x804/0x11c4
[   41.439503][ T3029]        do_filp_open+0xdc/0x1b8
[   41.440692][ T3029]        do_sys_openat2+0xb8/0x22c
[   41.441667][ T3029]        __arm64_sys_openat+0xb0/0xe0
[   41.442601][ T3029]        el0_svc_common+0x138/0x220
[   41.443724][ T3029]        do_el0_svc+0x48/0x164
[   41.444834][ T3029]        el0_svc+0x58/0x150
[   41.445835][ T3029]        el0t_64_sync_handler+0x84/0xf0
[   41.446987][ T3029]        el0t_64_sync+0x18c/0x190
[   41.448154][ T3029] 
[   41.448154][ T3029] -> #1 (sb_internal#2){.+.+}-{0:0}:
[   41.449874][ T3029]        start_transaction+0x360/0x944
[   41.451166][ T3029]        btrfs_join_transaction+0x30/0x40
[   41.452449][ T3029]        btrfs_dirty_inode+0x50/0x140
[   41.453610][ T3029]        btrfs_update_time+0x1c0/0x1e8
[   41.454759][ T3029]        touch_atime+0x1f0/0x4a8
[   41.455622][ T3029]        btrfs_file_mmap+0x50/0x88
[   41.456512][ T3029]        mmap_region+0x7fc/0xc14
[   41.457375][ T3029]        do_mmap+0x644/0x97c
[   41.458179][ T3029]        vm_mmap_pgoff+0xe8/0x1d0
[   41.459354][ T3029]        ksys_mmap_pgoff+0x1cc/0x278
[   41.460541][ T3029]        __arm64_sys_mmap+0x58/0x6c
[   41.461688][ T3029]        el0_svc_common+0x138/0x220
[   41.462881][ T3029]        do_el0_svc+0x48/0x164
[   41.463921][ T3029]        el0_svc+0x58/0x150
[   41.464896][ T3029]        el0t_64_sync_handler+0x84/0xf0
[   41.466069][ T3029]        el0t_64_sync+0x18c/0x190
[   41.467139][ T3029] 
[   41.467139][ T3029] -> #0 (&mm->mmap_lock){++++}-{3:3}:
[   41.468760][ T3029]        __lock_acquire+0x1530/0x30a4
[   41.469933][ T3029]        lock_acquire+0x100/0x1f8
[   41.470820][ T3029]        __might_fault+0x7c/0xb4
[   41.471680][ T3029]        btrfs_ioctl_get_subvol_rootref+0x3a8/0x4bc
[   41.472834][ T3029]        btrfs_ioctl+0xa08/0xa64
[   41.473707][ T3029]        __arm64_sys_ioctl+0xd0/0x140
[   41.474770][ T3029]        el0_svc_common+0x138/0x220
[   41.475956][ T3029]        do_el0_svc+0x48/0x164
[   41.477066][ T3029]        el0_svc+0x58/0x150
[   41.478062][ T3029]        el0t_64_sync_handler+0x84/0xf0
[   41.479322][ T3029]        el0t_64_sync+0x18c/0x190
[   41.480424][ T3029] 
[   41.480424][ T3029] other info that might help us debug this:
[   41.480424][ T3029] 
[   41.482713][ T3029] Chain exists of:
[   41.482713][ T3029]   &mm->mmap_lock --> &fs_info->reloc_mutex --> btrfs-root-00
[   41.482713][ T3029] 
[   41.485858][ T3029]  Possible unsafe locking scenario:
[   41.485858][ T3029] 
[   41.487540][ T3029]        CPU0                    CPU1
[   41.488688][ T3029]        ----                    ----
[   41.489910][ T3029]   lock(btrfs-root-00);
[   41.490889][ T3029]                                lock(&fs_info->reloc_mutex);
[   41.492493][ T3029]                                lock(btrfs-root-00);
[   41.494010][ T3029]   lock(&mm->mmap_lock);
[   41.495026][ T3029] 
[   41.495026][ T3029]  *** DEADLOCK ***
[   41.495026][ T3029] 
[   41.496901][ T3029] 1 lock held by syz-executor307/3029:
[   41.498033][ T3029]  #0: ffff0000c958a608 (btrfs-root-00){++++}-{3:3}, at: btrfs_read_lock_root_node+0x13c/0x1c0
[   41.500580][ T3029] 
[   41.500580][ T3029] stack backtrace:
[   41.501886][ T3029] CPU: 0 PID: 3029 Comm: syz-executor307 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
[   41.504327][ T3029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
[   41.506583][ T3029] Call trace:
[   41.507291][ T3029]  dump_backtrace+0x1c4/0x1f0
[   41.508338][ T3029]  show_stack+0x2c/0x54
[   41.509352][ T3029]  dump_stack_lvl+0x104/0x16c
[   41.510461][ T3029]  dump_stack+0x1c/0x58
[   41.511349][ T3029]  print_circular_bug+0x2c4/0x2c8
[   41.512506][ T3029]  check_noncircular+0x14c/0x154
[   41.513549][ T3029]  __lock_acquire+0x1530/0x30a4
[   41.514403][ T3029]  lock_acquire+0x100/0x1f8
[   41.515185][ T3029]  __might_fault+0x7c/0xb4
[   41.515960][ T3029]  btrfs_ioctl_get_subvol_rootref+0x3a8/0x4bc
[   41.517026][ T3029]  btrfs_ioctl+0xa08/0xa64
[   41.517904][ T3029]  __arm64_sys_ioctl+0xd0/0x140
[   41.518931][ T3029]  el0_svc_common+0x138/0x220
[   41.519989][ T3029]  do_el0_svc+0x48/0x164
[   41.521018][ T3029]  el0_svc+0x58/0x150
[   41.521961][ T3029]  el0t_64_sync_handler+0x84/0xf0
[   41.523110][ T3029]  el0t_64_sync+0x18c/0x190