======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc6-syzkaller #0 Not tainted
------------------------------------------------------
syz.2.54/4802 is trying to acquire lock:
ffff88817c32f220 (&bp->b_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88817c32f220 (&bp->b_lock){+.+.}-{3:3}, at: xfs_buf_try_hold fs/xfs/xfs_buf.c:578 [inline]
ffff88817c32f220 (&bp->b_lock){+.+.}-{3:3}, at: xfs_buf_find_insert+0x790/0x940 fs/xfs/xfs_buf.c:663

but task is already holding lock:
ffff888116fcbd80 (&bch->bc_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff888116fcbd80 (&bch->bc_lock){+.+.}-{3:3}, at: xfs_buf_find_insert+0x163/0x940 fs/xfs/xfs_buf.c:655

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&bch->bc_lock){+.+.}-{3:3}:
       __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
       _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
       spin_lock include/linux/spinlock.h:351 [inline]
       xfs_buf_rele_cached fs/xfs/xfs_buf.c:1093 [inline]
       xfs_buf_rele+0x14b/0x920 fs/xfs/xfs_buf.c:1147
       process_one_work kernel/workqueue.c:3229 [inline]
       process_scheduled_works+0x2ab/0x5c0 kernel/workqueue.c:3310
       worker_thread+0x23e/0x2e0 kernel/workqueue.c:3391
       kthread+0xea/0x100 kernel/kthread.c:389
       ret_from_fork+0x32/0x40 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

-> #0 (&bp->b_lock){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3161 [inline]
       check_prevs_add kernel/locking/lockdep.c:3280 [inline]
       validate_chain kernel/locking/lockdep.c:3904 [inline]
       __lock_acquire+0x1236/0x2570 kernel/locking/lockdep.c:5226
       lock_acquire+0xeb/0x270 kernel/locking/lockdep.c:5849
       __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
       _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
       spin_lock include/linux/spinlock.h:351 [inline]
       xfs_buf_try_hold fs/xfs/xfs_buf.c:578 [inline]
       xfs_buf_find_insert+0x790/0x940 fs/xfs/xfs_buf.c:663
       xfs_buf_get_map+0x51c/0x870 fs/xfs/xfs_buf.c:754
       xfs_buf_read_map+0x4a/0x260 fs/xfs/xfs_buf.c:862
       xfs_trans_read_buf_map+0x100/0x3b0 fs/xfs/xfs_trans_buf.c:304
       xfs_trans_read_buf fs/xfs/xfs_trans.h:212 [inline]
       xfs_imap_to_bp+0x5f/0xc0 fs/xfs/libxfs/xfs_inode_buf.c:139
       xfs_iget_cache_miss fs/xfs/xfs_icache.c:664 [inline]
       xfs_iget+0x618/0xea0 fs/xfs/xfs_icache.c:806
       xfs_lookup+0x104/0x1e0 fs/xfs/xfs_inode.c:553
       xfs_vn_lookup+0x63/0xb0 fs/xfs/xfs_iops.c:326
       __lookup_slow+0x138/0x1b0 fs/namei.c:1791
       lookup_slow+0x2e/0x50 fs/namei.c:1808
       walk_component+0xda/0xf0 fs/namei.c:2112
       lookup_last fs/namei.c:2610 [inline]
       path_lookupat+0x45/0x100 fs/namei.c:2634
       filename_lookup+0xdf/0x200 fs/namei.c:2663
       do_linkat+0x92/0x360 fs/namei.c:4843
       __do_sys_link fs/namei.c:4897 [inline]
       __se_sys_link fs/namei.c:4895 [inline]
       __x64_sys_link+0x3b/0x50 fs/namei.c:4895
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xa0/0x1b0 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&bch->bc_lock);
                               lock(&bp->b_lock);
                               lock(&bch->bc_lock);
  lock(&bp->b_lock);

 *** DEADLOCK ***

2 locks held by syz.2.54/4802:
 #0: ffff88817c232eb0 (&inode->i_sb->s_type->i_mutex_dir_key){.+.+}-{4:4}, at: inode_lock_shared include/linux/fs.h:828 [inline]
 #0: ffff88817c232eb0 (&inode->i_sb->s_type->i_mutex_dir_key){.+.+}-{4:4}, at: lookup_slow+0x20/0x50 fs/namei.c:1807
 #1: ffff888116fcbd80 (&bch->bc_lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline]
 #1: ffff888116fcbd80 (&bch->bc_lock){+.+.}-{3:3}, at: xfs_buf_find_insert+0x163/0x940 fs/xfs/xfs_buf.c:655

stack backtrace:
CPU: 1 UID: 0 PID: 4802 Comm: syz.2.54 Not tainted 6.13.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xa3/0x100 lib/dump_stack.c:120
 print_circular_bug+0x28d/0x2a0 kernel/locking/lockdep.c:2074
 check_noncircular+0x119/0x140 kernel/locking/lockdep.c:2206
 check_prev_add kernel/locking/lockdep.c:3161 [inline]
 check_prevs_add kernel/locking/lockdep.c:3280 [inline]
 validate_chain kernel/locking/lockdep.c:3904 [inline]
 __lock_acquire+0x1236/0x2570 kernel/locking/lockdep.c:5226
 lock_acquire+0xeb/0x270 kernel/locking/lockdep.c:5849
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 xfs_buf_try_hold fs/xfs/xfs_buf.c:578 [inline]
 xfs_buf_find_insert+0x790/0x940 fs/xfs/xfs_buf.c:663
 xfs_buf_get_map+0x51c/0x870 fs/xfs/xfs_buf.c:754
 xfs_buf_read_map+0x4a/0x260 fs/xfs/xfs_buf.c:862
 xfs_trans_read_buf_map+0x100/0x3b0 fs/xfs/xfs_trans_buf.c:304
 xfs_trans_read_buf fs/xfs/xfs_trans.h:212 [inline]
 xfs_imap_to_bp+0x5f/0xc0 fs/xfs/libxfs/xfs_inode_buf.c:139
 xfs_iget_cache_miss fs/xfs/xfs_icache.c:664 [inline]
 xfs_iget+0x618/0xea0 fs/xfs/xfs_icache.c:806
 xfs_lookup+0x104/0x1e0 fs/xfs/xfs_inode.c:553
 xfs_vn_lookup+0x63/0xb0 fs/xfs/xfs_iops.c:326
 __lookup_slow+0x138/0x1b0 fs/namei.c:1791
 lookup_slow+0x2e/0x50 fs/namei.c:1808
 walk_component+0xda/0xf0 fs/namei.c:2112
 lookup_last fs/namei.c:2610 [inline]
 path_lookupat+0x45/0x100 fs/namei.c:2634
 filename_lookup+0xdf/0x200 fs/namei.c:2663
 do_linkat+0x92/0x360 fs/namei.c:4843
 __do_sys_link fs/namei.c:4897 [inline]
 __se_sys_link fs/namei.c:4895 [inline]
 __x64_sys_link+0x3b/0x50 fs/namei.c:4895
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xa0/0x1b0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2002d8cda9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2003bfd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
RAX: ffffffffffffffda RBX: 00007f2002fa6080 RCX: 00007f2002d8cda9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007f2002e0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f2002fa6080 R15: 00007ffcf2f02598
 </TASK>