INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-7,10.128.15.219' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.494950] [ 35.496623] ====================================================== [ 35.502903] WARNING: possible circular locking dependency detected [ 35.509187] 4.14.0-rc1+ #89 Not tainted [ 35.513122] ------------------------------------------------------ [ 35.519401] loop0/2992 is trying to acquire lock: [ 35.524205] (&sb->s_type->i_mutex_key#9){++++}, at: [] generic_file_write_iter+0xdc/0x7a0 [ 35.534148] [ 35.534148] but now in release context of a crosslock acquired at the following: [ 35.543122] ((complete)&ret.event){+.+.}, at: [] submit_bio_wait+0x15e/0x200 [ 35.551930] [ 35.551930] which lock already depends on the new lock. [ 35.551930] [ 35.560213] [ 35.560213] the existing dependency chain (in reverse order) is: [ 35.567799] [ 35.567799] -> #4 ((complete)&ret.event){+.+.}: [ 35.573918] __lock_acquire+0x328f/0x4620 [ 35.578552] lock_acquire+0x1d5/0x580 [ 35.582839] wait_for_completion_io+0xc8/0x770 [ 35.587905] submit_bio_wait+0x15e/0x200 [ 35.592456] blkdev_issue_zeroout+0x13c/0x1d0 [ 35.597436] ext4_init_inode_table+0x4fd/0xdb1 [ 35.602502] ext4_lazyinit_thread+0x81a/0xd40 [ 35.607482] kthread+0x39c/0x470 [ 35.611335] ret_from_fork+0x2a/0x40 [ 35.615530] [ 35.615530] -> #3 (&meta_group_info[i]->alloc_sem){++++}: [ 35.622514] __lock_acquire+0x328f/0x4620 [ 35.627147] lock_acquire+0x1d5/0x580 [ 35.631432] down_read+0x96/0x150 [ 35.635375] __ext4_new_inode+0x26dc/0x4f00 [ 35.640181] ext4_symlink+0x2d9/0xae0 [ 35.644466] vfs_symlink+0x323/0x560 [ 35.648665] SyS_symlink+0x134/0x200 [ 35.652865] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 35.658105] [ 35.658105] -> #2 (jbd2_handle){.+.+}: [ 35.663439] __lock_acquire+0x328f/0x4620 [ 35.668070] lock_acquire+0x1d5/0x580 [ 35.672357] start_this_handle+0x4b8/0x1080 [ 35.677162] jbd2__journal_start+0x389/0x9f0 [ 35.682057] __ext4_journal_start_sb+0x15f/0x550 [ 35.687300] ext4_dirty_inode+0x56/0xa0 [ 35.691765] __mark_inode_dirty+0x912/0x1170 [ 35.696658] generic_update_time+0x1b2/0x270 [ 35.701551] touch_atime+0x26d/0x2f0 [ 35.705747] ext4_file_mmap+0x161/0x1b0 [ 35.710206] mmap_region+0xa99/0x15a0 [ 35.714489] do_mmap+0x6a1/0xd50 [ 35.718342] vm_mmap_pgoff+0x1de/0x280 [ 35.722714] SyS_mmap_pgoff+0x462/0x5f0 [ 35.727173] SyS_mmap+0x16/0x20 [ 35.730937] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 35.736173] [ 35.736173] -> #1 (&mm->mmap_sem){++++}: [ 35.741678] __lock_acquire+0x328f/0x4620 [ 35.746312] lock_acquire+0x1d5/0x580 [ 35.750597] __might_fault+0x13a/0x1d0 [ 35.754968] _copy_to_user+0x2c/0xc0 [ 35.759165] filldir+0x1a7/0x320 [ 35.763016] dcache_readdir+0x12d/0x5e0 [ 35.767475] iterate_dir+0x4b2/0x5d0 [ 35.771674] SyS_getdents+0x225/0x450 [ 35.775959] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 35.781197] [ 35.781197] -> #0 (&sb->s_type->i_mutex_key#9){++++}: [ 35.787832] down_write+0x87/0x120 [ 35.791858] generic_file_write_iter+0xdc/0x7a0 [ 35.797012] do_iter_readv_writev+0x531/0x7f0 [ 35.801990] do_iter_write+0x15a/0x540 [ 35.806361] vfs_iter_write+0x77/0xb0 [ 35.810643] [ 35.810643] other info that might help us debug this: [ 35.810643] [ 35.818746] Chain exists of: [ 35.818746] &sb->s_type->i_mutex_key#9 --> &meta_group_info[i]->alloc_sem --> (complete)&ret.event [ 35.818746] [ 35.832327] Possible unsafe locking scenario by crosslock: [ 35.832327] [ 35.839491] CPU0 CPU1 [ 35.844120] ---- ---- [ 35.848747] lock(&meta_group_info[i]->alloc_sem); [ 35.853728] lock((complete)&ret.event); [ 35.857838] lock(&sb->s_type->i_mutex_key#9); [ 35.864989] unlock((complete)&ret.event); [ 35.871792] [ 35.871792] *** DEADLOCK *** [ 35.871792] [ 35.877814] 1 lock held by loop0/2992: [ 35.881661] #0: (&x->wait#14){..-.}, at: [] complete+0x18/0x80 [ 35.889345] [ 35.889345] stack backtrace: [ 35.893807] CPU: 1 PID: 2992 Comm: loop0 Not tainted 4.14.0-rc1+ #89 [ 35.900262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.909581] Call Trace: [ 35.912137] dump_stack+0x194/0x257 [ 35.915741] ? arch_local_irq_restore+0x53/0x53 [ 35.920377] print_circular_bug+0x503/0x710 [ 35.924664] ? print_circular_bug_entry+0xb0/0xb0 [ 35.929469] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 35.934624] check_prev_add+0x865/0x1520 [ 35.938649] ? shmem_unused_huge_scan+0x160/0x160 [ 35.943454] ? graph_lock+0x170/0x170 [ 35.947220] ? check_usage+0xb70/0xb70 [ 35.951074] ? memcpy+0x45/0x50 [ 35.954323] ? iov_iter_advance+0x2a1/0x13f0 [ 35.958696] ? hlock_class+0x140/0x140 [ 35.962550] lock_commit_crosslock+0xe73/0x1d10 [ 35.967183] ? lock_commit_crosslock+0xe73/0x1d10 [ 35.971993] ? check_prev_add+0x1520/0x1520 [ 35.976280] ? lock_acquire+0x1d5/0x580 [ 35.980573] ? complete+0x18/0x80 [ 35.983994] ? lock_release+0xd70/0xd70 [ 35.987932] ? find_held_lock+0x39/0x1d0 [ 35.991959] complete+0x24/0x80 [ 35.995204] submit_bio_wait_endio+0x9c/0xd0 [ 35.999574] ? bio_iov_iter_get_pages+0x4e0/0x4e0 [ 36.004382] bio_endio+0x2f8/0x8d0 [ 36.007886] ? bio_dirty_fn+0x3e0/0x3e0 [ 36.011827] ? rcu_pm_notify+0xc0/0xc0 [ 36.015676] ? bio_advance+0xf8/0x370 [ 36.019446] blk_update_request+0x2a6/0xe20 [ 36.023731] ? blk_account_io_completion+0x410/0x410 [ 36.028803] blk_mq_end_request+0x54/0x120 [ 36.033005] lo_complete_rq+0xbe/0x1f0 [ 36.036858] __blk_mq_complete_request+0x38f/0x6c0 [ 36.041752] blk_mq_complete_request+0x4f/0x60 [ 36.046315] loop_queue_work+0x26b/0x3900 [ 36.050428] ? do_raw_spin_trylock+0x190/0x190 [ 36.054977] ? lo_rw_aio+0x1e70/0x1e70 [ 36.058832] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.063292] ? finish_task_switch+0x1d3/0x740 [ 36.067754] ? finish_task_switch+0x1aa/0x740 [ 36.072213] ? preempt_notifier_dec+0x20/0x20 [ 36.076684] ? check_noncircular+0x20/0x20 [ 36.080883] ? __schedule+0x8f0/0x2070 [ 36.084749] ? do_raw_spin_trylock+0x190/0x190 [ 36.089297] ? lock_release+0xd70/0xd70 [ 36.093239] ? compat_start_thread+0x80/0x80 [ 36.097612] ? find_held_lock+0x39/0x1d0 [ 36.101639] ? finish_task_switch+0x1aa/0x740 [ 36.106111] ? kthread_worker_fn+0x4ad/0x9b0 [ 36.110486] ? do_raw_spin_trylock+0x190/0x190 [ 36.115031] ? check_same_owner+0x320/0x320 [ 36.119328] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.123791] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 36.128772] kthread_worker_fn+0x340/0x9b0 [ 36.132971] ? kthread_flush_work+0x560/0x560 [ 36.137440] ? lock_downgrade+0x990/0x990 [ 36.141555] ? default_wake_function+0x30/0x50 [ 36.146101] ? schedule+0x108/0x440 [ 36.149690] ? __schedule+0x2070/0x2070 [ 36.153628] ? do_wait_intr+0x2f0/0x3e0 [ 36.157568] ? __raw_spin_lock_init+0x2d/0x100 [ 36.162116] ? _raw_spin_unlock_irqrestore+0x31/0xba [ 36.167184] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 36.172163] ? trace_hardirqs_on+0xd/0x10 [ 36.176279] loop_kthread_worker_fn+0x51/0x60 [ 36.180739] kthread+0x39c/0x470 [ 36.184073] ? loop_get_status64+0x110/0x110 [ 36.188445] ? kthread_create_on_node+0x100/0x100 [ 36.193253] ret_from_fork+0x2a/0x40