====================================================== WARNING: possible circular locking dependency detected 6.13.0-rc2-syzkaller-g21f1b85c8912 #0 Not tainted ------------------------------------------------------ syz.2.257/18943 is trying to acquire lock: ff60000019a53a90 (set->srcu){.+.+}-{0:0}, at: list_empty include/linux/list.h:373 [inline] ff60000019a53a90 (set->srcu){.+.+}-{0:0}, at: srcu_funnel_gp_start kernel/rcu/srcutree.c:1090 [inline] ff60000019a53a90 (set->srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x0/0x292 kernel/rcu/srcutree.c:1339 but task is already holding lock: ff60000019cc7110 (&q->sysfs_lock){+.+.}-{4:4}, at: blk_mq_elv_switch_none block/blk-mq.c:4925 [inline] ff60000019cc7110 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x41e/0x1326 block/blk-mq.c:5003 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #7 (&q->sysfs_lock){+.+.}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x166/0x1082 kernel/locking/mutex.c:735 mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:787 blk_mq_elv_switch_none block/blk-mq.c:4925 [inline] __blk_mq_update_nr_hw_queues+0x41e/0x1326 block/blk-mq.c:5003 blk_mq_update_nr_hw_queues+0x32/0x4a block/blk-mq.c:5063 nbd_start_device+0x140/0xc00 drivers/block/nbd.c:1413 nbd_start_device_ioctl drivers/block/nbd.c:1464 [inline] __nbd_ioctl drivers/block/nbd.c:1539 [inline] nbd_ioctl+0x474/0xd90 drivers/block/nbd.c:1579 blkdev_ioctl+0x23c/0xca0 block/ioctl.c:693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __riscv_sys_ioctl+0x18e/0x1e2 fs/ioctl.c:892 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #6 (&q->q_usage_counter(io)#21){++++}-{0:0}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 bio_queue_enter block/blk.h:75 [inline] blk_mq_submit_bio+0x20d2/0x26be block/blk-mq.c:3092 __submit_bio+0x32e/0x492 block/blk-core.c:629 __submit_bio_noacct_mq block/blk-core.c:710 [inline] submit_bio_noacct_nocheck+0x740/0xe36 block/blk-core.c:739 submit_bio_noacct+0xa96/0x1e04 block/blk-core.c:868 submit_bio+0xc8/0x4f2 block/blk-core.c:910 submit_bh_wbc+0x42a/0x5a8 fs/buffer.c:2814 submit_bh fs/buffer.c:2819 [inline] block_read_full_folio+0x6e6/0x90a fs/buffer.c:2446 blkdev_read_folio+0x26/0x30 block/fops.c:442 filemap_read_folio+0xc2/0x272 mm/filemap.c:2366 filemap_update_page mm/filemap.c:2450 [inline] filemap_get_pages+0x126c/0x1ba0 mm/filemap.c:2571 filemap_read+0x366/0xc52 mm/filemap.c:2646 blkdev_read_iter+0x164/0x416 block/fops.c:770 do_iter_readv_writev+0x55a/0x686 fs/read_write.c:818 vfs_readv+0x414/0x70c fs/read_write.c:1011 do_preadv+0x1b4/0x250 fs/read_write.c:1125 __do_sys_preadv fs/read_write.c:1172 [inline] __se_sys_preadv fs/read_write.c:1167 [inline] __riscv_sys_preadv+0x88/0xc4 fs/read_write.c:1167 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #5 (mapping.invalidate_lock#2){.+.+}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 down_read+0xa4/0x45e kernel/locking/rwsem.c:1524 filemap_invalidate_lock_shared include/linux/fs.h:873 [inline] filemap_fault+0x610/0x2c46 mm/filemap.c:3351 __do_fault+0xf4/0x4de mm/memory.c:4907 do_read_fault mm/memory.c:5322 [inline] do_fault mm/memory.c:5456 [inline] do_pte_missing mm/memory.c:3979 [inline] handle_pte_fault mm/memory.c:5801 [inline] __handle_mm_fault+0x1c52/0x4292 mm/memory.c:5944 handle_mm_fault+0x48c/0x886 mm/memory.c:6112 faultin_page mm/gup.c:1196 [inline] __get_user_pages+0xb7a/0x35ec mm/gup.c:1494 populate_vma_page_range+0x24a/0x362 mm/gup.c:1932 __mm_populate+0x1a8/0x390 mm/gup.c:2035 do_mlock+0x2de/0x7de mm/mlock.c:653 __do_sys_mlock mm/mlock.c:661 [inline] __se_sys_mlock mm/mlock.c:659 [inline] __riscv_sys_mlock+0x54/0x74 mm/mlock.c:659 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #4 (&mm->mmap_lock){++++}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 __might_fault mm/memory.c:6751 [inline] __might_fault+0xdc/0x138 mm/memory.c:6744 _copy_from_iter+0x120/0x1a38 lib/iov_iter.c:259 copy_from_iter include/linux/uio.h:219 [inline] copy_from_iter_full include/linux/uio.h:236 [inline] skb_do_copy_data_nocache include/net/sock.h:2187 [inline] skb_copy_to_page_nocache include/net/sock.h:2213 [inline] tcp_sendmsg_locked+0x247e/0x3696 net/ipv4/tcp.c:1222 tcp_sendmsg+0x32/0x4e net/ipv4/tcp.c:1358 inet_sendmsg+0x9c/0xda net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0xcc/0x160 net/socket.c:726 sock_write_iter+0x2a0/0x3ba net/socket.c:1147 new_sync_write fs/read_write.c:586 [inline] vfs_write+0x56c/0xa94 fs/read_write.c:679 ksys_write+0x200/0x226 fs/read_write.c:731 __do_sys_write fs/read_write.c:742 [inline] __se_sys_write fs/read_write.c:739 [inline] __riscv_sys_write+0x6e/0x94 fs/read_write.c:739 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #3 (sk_lock-AF_INET){+.+.}-{0:0}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 lock_sock_nested+0x38/0xf6 net/core/sock.c:3622 lock_sock include/net/sock.h:1617 [inline] inet_shutdown+0x6c/0x41c net/ipv4/af_inet.c:905 kernel_sock_shutdown+0x58/0x7a net/socket.c:3670 nbd_mark_nsock_dead+0xb4/0x520 drivers/block/nbd.c:314 recv_work+0x680/0x9d2 drivers/block/nbd.c:957 process_one_work+0x968/0x1f38 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x5be/0xdc6 kernel/workqueue.c:3391 kthread+0x28c/0x3a4 kernel/kthread.c:389 ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326 -> #2 (&nsock->tx_lock){+.+.}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x166/0x1082 kernel/locking/mutex.c:735 mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:787 nbd_handle_cmd drivers/block/nbd.c:1079 [inline] nbd_queue_rq+0x3b8/0xe6a drivers/block/nbd.c:1143 blk_mq_dispatch_rq_list+0x3f0/0x1ab6 block/blk-mq.c:2120 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:170 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:184 [inline] __blk_mq_sched_dispatch_requests+0xaee/0x1370 block/blk-mq-sched.c:309 blk_mq_sched_dispatch_requests+0xb6/0x17c block/blk-mq-sched.c:331 blk_mq_run_hw_queue+0x28c/0x6ba block/blk-mq.c:2354 blk_mq_dispatch_plug_list block/blk-mq.c:2864 [inline] blk_mq_flush_plug_list+0x63c/0x1ebe block/blk-mq.c:2915 __blk_flush_plug+0x270/0x422 block/blk-core.c:1213 blk_finish_plug block/blk-core.c:1240 [inline] blk_finish_plug block/blk-core.c:1237 [inline] __submit_bio+0x3ac/0x492 block/blk-core.c:637 __submit_bio_noacct_mq block/blk-core.c:710 [inline] submit_bio_noacct_nocheck+0x740/0xe36 block/blk-core.c:739 submit_bio_noacct+0xa96/0x1e04 block/blk-core.c:868 submit_bio+0xc8/0x4f2 block/blk-core.c:910 submit_bh_wbc+0x42a/0x5a8 fs/buffer.c:2814 submit_bh fs/buffer.c:2819 [inline] block_read_full_folio+0x6e6/0x90a fs/buffer.c:2446 blkdev_read_folio+0x26/0x30 block/fops.c:442 filemap_read_folio+0xc2/0x272 mm/filemap.c:2366 do_read_cache_folio+0x1e6/0x4d2 mm/filemap.c:3826 read_cache_folio+0x4e/0x68 mm/filemap.c:3858 read_mapping_folio include/linux/pagemap.h:1011 [inline] read_part_sector+0xc0/0x44e block/partitions/core.c:722 read_lba+0x1c8/0x344 block/partitions/efi.c:248 find_valid_gpt.constprop.0+0x206/0x22f2 block/partitions/efi.c:603 efi_partition+0x10a/0xa14 block/partitions/efi.c:720 check_partition block/partitions/core.c:141 [inline] blk_add_partitions block/partitions/core.c:589 [inline] bdev_disk_changed+0x5de/0x139c block/partitions/core.c:693 blkdev_get_whole+0x17c/0x514 block/bdev.c:707 bdev_open+0x86a/0xfa8 block/bdev.c:916 blkdev_open+0x2e2/0x396 block/fops.c:627 do_dentry_open+0xe8e/0x1946 fs/open.c:945 vfs_open+0xbe/0x37c fs/open.c:1075 do_open fs/namei.c:3828 [inline] path_openat+0x1b70/0x28c2 fs/namei.c:3987 do_filp_open+0x19c/0x35c fs/namei.c:4014 do_sys_openat2+0x174/0x1ca fs/open.c:1402 do_sys_open fs/open.c:1417 [inline] __do_sys_openat fs/open.c:1433 [inline] __se_sys_openat fs/open.c:1428 [inline] __riscv_sys_openat+0x178/0x1fe fs/open.c:1428 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #1 (&cmd->lock){+.+.}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x166/0x1082 kernel/locking/mutex.c:735 mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:787 nbd_queue_rq+0xbc/0xe6a drivers/block/nbd.c:1135 blk_mq_dispatch_rq_list+0x3f0/0x1ab6 block/blk-mq.c:2120 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:170 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:184 [inline] __blk_mq_sched_dispatch_requests+0xaee/0x1370 block/blk-mq-sched.c:309 blk_mq_sched_dispatch_requests+0xb6/0x17c block/blk-mq-sched.c:331 blk_mq_run_hw_queue+0x28c/0x6ba block/blk-mq.c:2354 blk_mq_dispatch_plug_list block/blk-mq.c:2864 [inline] blk_mq_flush_plug_list+0x63c/0x1ebe block/blk-mq.c:2915 __blk_flush_plug+0x270/0x422 block/blk-core.c:1213 blk_finish_plug block/blk-core.c:1240 [inline] blk_finish_plug block/blk-core.c:1237 [inline] __submit_bio+0x3ac/0x492 block/blk-core.c:637 __submit_bio_noacct_mq block/blk-core.c:710 [inline] submit_bio_noacct_nocheck+0x740/0xe36 block/blk-core.c:739 submit_bio_noacct+0xa96/0x1e04 block/blk-core.c:868 submit_bio+0xc8/0x4f2 block/blk-core.c:910 submit_bh_wbc+0x42a/0x5a8 fs/buffer.c:2814 submit_bh fs/buffer.c:2819 [inline] block_read_full_folio+0x6e6/0x90a fs/buffer.c:2446 blkdev_read_folio+0x26/0x30 block/fops.c:442 filemap_read_folio+0xc2/0x272 mm/filemap.c:2366 do_read_cache_folio+0x1e6/0x4d2 mm/filemap.c:3826 read_cache_folio+0x4e/0x68 mm/filemap.c:3858 read_mapping_folio include/linux/pagemap.h:1011 [inline] read_part_sector+0xc0/0x44e block/partitions/core.c:722 read_lba+0x1c8/0x344 block/partitions/efi.c:248 find_valid_gpt.constprop.0+0x206/0x22f2 block/partitions/efi.c:603 efi_partition+0x10a/0xa14 block/partitions/efi.c:720 check_partition block/partitions/core.c:141 [inline] blk_add_partitions block/partitions/core.c:589 [inline] bdev_disk_changed+0x5de/0x139c block/partitions/core.c:693 blkdev_get_whole+0x17c/0x514 block/bdev.c:707 bdev_open+0x86a/0xfa8 block/bdev.c:916 blkdev_open+0x2e2/0x396 block/fops.c:627 do_dentry_open+0xe8e/0x1946 fs/open.c:945 vfs_open+0xbe/0x37c fs/open.c:1075 do_open fs/namei.c:3828 [inline] path_openat+0x1b70/0x28c2 fs/namei.c:3987 do_filp_open+0x19c/0x35c fs/namei.c:4014 do_sys_openat2+0x174/0x1ca fs/open.c:1402 do_sys_open fs/open.c:1417 [inline] __do_sys_openat fs/open.c:1433 [inline] __se_sys_openat fs/open.c:1428 [inline] __riscv_sys_openat+0x178/0x1fe fs/open.c:1428 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #0 (set->srcu){.+.+}-{0:0}: check_noncircular+0x2ba/0x354 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2e4e/0x8594 kernel/locking/lockdep.c:5226 lock_sync+0x286/0x504 kernel/locking/lockdep.c:5897 srcu_lock_sync include/linux/srcu.h:170 [inline] __synchronize_srcu+0xd4/0x292 kernel/rcu/srcutree.c:1418 synchronize_srcu_expedited kernel/rcu/srcutree.c:1458 [inline] synchronize_srcu+0x172/0x414 kernel/rcu/srcutree.c:1513 blk_mq_wait_quiesce_done block/blk-mq.c:291 [inline] blk_mq_wait_quiesce_done block/blk-mq.c:288 [inline] blk_mq_quiesce_queue block/blk-mq.c:311 [inline] blk_mq_quiesce_queue+0x12e/0x19e block/blk-mq.c:306 elevator_disable+0x76/0x1e8 block/elevator.c:671 blk_mq_elv_switch_none block/blk-mq.c:4939 [inline] __blk_mq_update_nr_hw_queues+0x390/0x1326 block/blk-mq.c:5003 blk_mq_update_nr_hw_queues+0x32/0x4a block/blk-mq.c:5063 nbd_start_device+0x140/0xc00 drivers/block/nbd.c:1413 nbd_start_device_ioctl drivers/block/nbd.c:1464 [inline] __nbd_ioctl drivers/block/nbd.c:1539 [inline] nbd_ioctl+0x474/0xd90 drivers/block/nbd.c:1579 blkdev_ioctl+0x23c/0xca0 block/ioctl.c:693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __riscv_sys_ioctl+0x18e/0x1e2 fs/ioctl.c:892 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce other info that might help us debug this: Chain exists of: set->srcu --> &q->q_usage_counter(io)#21 --> &q->sysfs_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&q->sysfs_lock); lock(&q->q_usage_counter(io)#21); lock(&q->sysfs_lock); sync(set->srcu); *** DEADLOCK *** 5 locks held by syz.2.257/18943: #0: ff60000019fa6198 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x144/0xd90 drivers/block/nbd.c:1572 #1: ff60000019fa60d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x2a/0x4a block/blk-mq.c:5062 #2: ff60000019cc6be8 (&q->q_usage_counter(io)#21){++++}-{0:0}, at: blk_mq_freeze_queue block/blk-mq.c:213 [inline] #2: ff60000019cc6be8 (&q->q_usage_counter(io)#21){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x206/0x1326 block/blk-mq.c:4996 #3: ff60000019cc6c20 (&q->q_usage_counter(queue)#5){+.+.}-{0:0}, at: blk_mq_freeze_queue block/blk-mq.c:213 [inline] #3: ff60000019cc6c20 (&q->q_usage_counter(queue)#5){+.+.}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x206/0x1326 block/blk-mq.c:4996 #4: ff60000019cc7110 (&q->sysfs_lock){+.+.}-{4:4}, at: blk_mq_elv_switch_none block/blk-mq.c:4925 [inline] #4: ff60000019cc7110 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x41e/0x1326 block/blk-mq.c:5003 stack backtrace: CPU: 1 UID: 0 PID: 18943 Comm: syz.2.257 Not tainted 6.13.0-rc2-syzkaller-g21f1b85c8912 #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130 [] show_stack+0x30/0x3c arch/riscv/kernel/stacktrace.c:136 [] __dump_stack lib/dump_stack.c:94 [inline] [] dump_stack_lvl+0x12e/0x1a6 lib/dump_stack.c:120 [] dump_stack+0x1c/0x24 lib/dump_stack.c:129 [] print_circular_bug+0x3a2/0x42c kernel/locking/lockdep.c:2074 [] check_noncircular+0x2ba/0x354 kernel/locking/lockdep.c:2206 [] check_prev_add kernel/locking/lockdep.c:3161 [inline] [] check_prevs_add kernel/locking/lockdep.c:3280 [inline] [] validate_chain kernel/locking/lockdep.c:3904 [inline] [] __lock_acquire+0x2e4e/0x8594 kernel/locking/lockdep.c:5226 [] lock_sync+0x286/0x504 kernel/locking/lockdep.c:5897 [] srcu_lock_sync include/linux/srcu.h:170 [inline] [] __synchronize_srcu+0xd4/0x292 kernel/rcu/srcutree.c:1418 [] synchronize_srcu_expedited kernel/rcu/srcutree.c:1458 [inline] [] synchronize_srcu+0x172/0x414 kernel/rcu/srcutree.c:1513 [] blk_mq_wait_quiesce_done block/blk-mq.c:291 [inline] [] blk_mq_wait_quiesce_done block/blk-mq.c:288 [inline] [] blk_mq_quiesce_queue block/blk-mq.c:311 [inline] [] blk_mq_quiesce_queue+0x12e/0x19e block/blk-mq.c:306 [] elevator_disable+0x76/0x1e8 block/elevator.c:671 [] blk_mq_elv_switch_none block/blk-mq.c:4939 [inline] [] __blk_mq_update_nr_hw_queues+0x390/0x1326 block/blk-mq.c:5003 [] blk_mq_update_nr_hw_queues+0x32/0x4a block/blk-mq.c:5063 [] nbd_start_device+0x140/0xc00 drivers/block/nbd.c:1413 [] nbd_start_device_ioctl drivers/block/nbd.c:1464 [inline] [] __nbd_ioctl drivers/block/nbd.c:1539 [inline] [] nbd_ioctl+0x474/0xd90 drivers/block/nbd.c:1579 [] blkdev_ioctl+0x23c/0xca0 block/ioctl.c:693 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:906 [inline] [] __se_sys_ioctl fs/ioctl.c:892 [inline] [] __riscv_sys_ioctl+0x18e/0x1e2 fs/ioctl.c:892 [] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 [] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 [] _new_vmalloc_restore_context_a0+0xc2/0xce block nbd2: shutting down sockets