====================================================== WARNING: possible circular locking dependency detected 4.14.307-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/10044 is trying to acquire lock: (&bdev->bd_mutex){+.+.}, at: [] blkdev_reread_part+0x1b/0x40 block/ioctl.c:192 but task is already holding lock: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xad0 drivers/block/nbd.c:1369 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&nbd->config_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 nbd_open+0x1ac/0x370 drivers/block/nbd.c:1422 __blkdev_get+0x306/0x1090 fs/block_dev.c:1470 blkdev_get+0x88/0x890 fs/block_dev.c:1611 blkdev_open+0x1cc/0x250 fs/block_dev.c:1772 do_dentry_open+0x44b/0xec0 fs/open.c:777 vfs_open+0x105/0x220 fs/open.c:888 do_last fs/namei.c:3428 [inline] path_openat+0x628/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #1 (nbd_index_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 nbd_open+0x1e/0x370 drivers/block/nbd.c:1409 __blkdev_get+0x306/0x1090 fs/block_dev.c:1470 blkdev_get+0x88/0x890 fs/block_dev.c:1611 blkdev_open+0x1cc/0x250 fs/block_dev.c:1772 do_dentry_open+0x44b/0xec0 fs/open.c:777 vfs_open+0x105/0x220 fs/open.c:888 do_last fs/namei.c:3428 [inline] path_openat+0x628/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #0 (&bdev->bd_mutex){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 blkdev_reread_part+0x1b/0x40 block/ioctl.c:192 nbd_bdev_reset drivers/block/nbd.c:1076 [inline] nbd_clear_sock_ioctl drivers/block/nbd.c:1282 [inline] __nbd_ioctl drivers/block/nbd.c:1306 [inline] nbd_ioctl+0x802/0xad0 drivers/block/nbd.c:1376 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 other info that might help us debug this: Chain exists of: &bdev->bd_mutex --> nbd_index_mutex --> &nbd->config_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&nbd->config_lock); lock(nbd_index_mutex); lock(&nbd->config_lock); lock(&bdev->bd_mutex); *** DEADLOCK *** 1 lock held by syz-executor.1/10044: #0: (&nbd->config_lock){+.+.}, at: [] nbd_ioctl+0x11f/0xad0 drivers/block/nbd.c:1369 stack backtrace: CPU: 0 PID: 10044 Comm: syz-executor.1 Not tainted 4.14.307-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 blkdev_reread_part+0x1b/0x40 block/ioctl.c:192 nbd_bdev_reset drivers/block/nbd.c:1076 [inline] nbd_clear_sock_ioctl drivers/block/nbd.c:1282 [inline] __nbd_ioctl drivers/block/nbd.c:1306 [inline] nbd_ioctl+0x802/0xad0 drivers/block/nbd.c:1376 __blkdev_driver_ioctl block/ioctl.c:297 [inline] blkdev_ioctl+0x540/0x1830 block/ioctl.c:594 block_ioctl+0xd9/0x120 fs/block_dev.c:1893 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f825b6a00f9 RSP: 002b:00007f8259bf1168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f825b7c0050 RCX: 00007f825b6a00f9 RDX: 0000000000000000 RSI: 000000000000ab04 RDI: 0000000000000004 RBP: 00007f825b6fbae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdbf20ceff R14: 00007f8259bf1300 R15: 0000000000022000 EXT4-fs error (device loop2): ext4_orphan_get:1265: comm syz-executor.2: bad orphan inode 16 IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready ext4_test_bit(bit=15, block=3) = 0 EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=Cnoblock_validity,acl,jqfmt=vfsv0,data_err=abort,grpquota,noquota,prjquota,dioread_lock,noblock_validity,usrjquota=,resuid=0x0000000000000000,,errors=continue BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop5 BTRFS error (device loop5): unsupported checksum algorithm 2 IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready BTRFS error (device loop5): superblock checksum mismatch BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready devid 1 transid 8 /dev/loop0 BTRFS info (device loop0): enabling inode map caching BTRFS warning (device loop0): excessive commit interval 622039222 BTRFS info (device loop0): force zlib compression BTRFS error (device loop5): open_ctree failed BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents BTRFS error (device loop4): unsupported checksum algorithm 2 BTRFS error (device loop4): superblock checksum mismatch BTRFS error (device loop4): open_ctree failed EXT4-fs (loop2): filesystem is read-only [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=9826c018, mo2=0002] EXT4-fs (loop2): filesystem is read-only EXT4-fs (loop2): orphan cleanup on readonly fs EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 EXT4-fs error (device loop2): ext4_orphan_get:1265: comm syz-executor.2: bad orphan inode 16 ext4_test_bit(bit=15, block=3) = 0 EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=Cnoblock_validity,acl,jqfmt=vfsv0,data_err=abort,grpquota,noquota,prjquota,dioread_lock,noblock_validity,usrjquota=,resuid=0x0000000000000000,,errors=continue EXT4-fs (loop2): filesystem is read-only [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=9826c018, mo2=0002] EXT4-fs (loop2): filesystem is read-only EXT4-fs (loop2): orphan cleanup on readonly fs EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 EXT4-fs error (device loop2): ext4_orphan_get:1265: comm syz-executor.2: bad orphan inode 16 ext4_test_bit(bit=15, block=3) = 0 EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=Cnoblock_validity,acl,jqfmt=vfsv0,data_err=abort,grpquota,noquota,prjquota,dioread_lock,noblock_validity,usrjquota=,resuid=0x0000000000000000,,errors=continue BTRFS info (device loop0): enabling inode map caching BTRFS warning (device loop0): excessive commit interval 622039222 F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) BTRFS info (device loop0): force zlib compression F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock BTRFS info (device loop0): using free space tree F2FS-fs (loop5): invalid crc value BTRFS info (device loop0): has skinny extents F2FS-fs (loop5): Found nat_bits in checkpoint F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b audit: type=1804 audit(1678016924.845:2): pid=10173 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1933517545/syzkaller.aA1vZT/28/bus/bus" dev="loop5" ino=4 res=1 audit: type=1804 audit(1678016924.845:3): pid=10173 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1933517545/syzkaller.aA1vZT/28/bus/bus" dev="loop5" ino=4 res=1 BTRFS info (device loop0): enabling inode map caching BTRFS warning (device loop0): excessive commit interval 622039222 BTRFS info (device loop0): force zlib compression BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop5): invalid crc value F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock audit: type=1804 audit(1678016925.646:4): pid=10267 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir1202212899/syzkaller.mGuZc0/39/bus/bus" dev="loop1" ino=4 res=1 audit: type=1804 audit(1678016925.646:5): pid=10260 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1933517545/syzkaller.aA1vZT/29/bus/bus" dev="loop5" ino=4 res=1 audit: type=1804 audit(1678016925.646:6): pid=10260 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1933517545/syzkaller.aA1vZT/29/bus/bus" dev="loop5" ino=4 res=1 audit: type=1804 audit(1678016925.676:7): pid=10267 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir1202212899/syzkaller.mGuZc0/39/bus/bus" dev="loop1" ino=4 res=1 NILFS (loop0): invalid segment: Checksum error in segment payload NILFS (loop0): trying rollback from an earlier position NILFS (loop0): invalid segment: Checksum error in segment payload NILFS (loop0): error -22 while searching super root audit: type=1804 audit(1678016926.256:8): pid=10390 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1933517545/syzkaller.aA1vZT/30/bus/bus" dev="loop5" ino=4 res=1 audit: type=1804 audit(1678016926.256:9): pid=10390 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir1933517545/syzkaller.aA1vZT/30/bus/bus" dev="loop5" ino=4 res=1 audit: type=1804 audit(1678016926.306:10): pid=10397 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir1202212899/syzkaller.mGuZc0/40/bus/bus" dev="loop1" ino=4 res=1 audit: type=1804 audit(1678016926.306:11): pid=10397 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir1202212899/syzkaller.mGuZc0/40/bus/bus" dev="loop1" ino=4 res=1 attempt to access beyond end of device NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds loop4: rw=0, want=8590065738, limit=2048 NILFS (loop4): I/O error reading meta-data file (ino=6, block-offset=1) Zero length message leads to an empty skb could not allocate digest TFM handle nhpoly1305-avx2 NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop3): invalid segment: Checksum error in segment payload NILFS (loop3): unable to fall back to spare super block NILFS (loop3): error -22 while searching super root could not allocate digest TFM handle nhpoly1305-avx2 unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 could not allocate digest TFM handle nhpoly1305-avx2 could not allocate digest TFM handle nhpoly1305-avx2 could not allocate digest TFM handle nhpoly1305-avx2 BTRFS info (device loop1): enabling inode map caching BTRFS warning (device loop1): excessive commit interval 622039222 BTRFS info (device loop1): force zlib compression BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents f2fs_msg: 25 callbacks suppressed F2FS-fs (loop3): Found nat_bits in checkpoint F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 kauditd_printk_skb: 6 callbacks suppressed audit: type=1800 audit(1678016931.276:18): pid=10959 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=10 res=0 attempt to access beyond end of device loop3: rw=2049, want=45104, limit=40427 Bluetooth: hci4 command 0x0409 tx timeout F2FS-fs (loop3): Found nat_bits in checkpoint F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 audit: type=1800 audit(1678016931.606:19): pid=11028 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=10 res=0 attempt to access beyond end of device loop3: rw=2049, want=45104, limit=40427 BTRFS info (device loop1): enabling inode map caching BTRFS warning (device loop1): excessive commit interval 622039222 BTRFS info (device loop1): force zlib compression BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents F2FS-fs (loop3): Found nat_bits in checkpoint F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 audit: type=1800 audit(1678016932.116:20): pid=11072 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=10 res=0 attempt to access beyond end of device loop3: rw=2049, want=45104, limit=40427 F2FS-fs (loop3): Found nat_bits in checkpoint BTRFS info (device loop1): enabling inode map caching BTRFS warning (device loop1): excessive commit interval 622039222 BTRFS info (device loop1): force zlib compression BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 audit: type=1800 audit(1678016932.576:21): pid=11153 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=10 res=0 attempt to access beyond end of device loop3: rw=2049, want=45104, limit=40427 BTRFS info (device loop1): enabling inode map caching BTRFS warning (device loop1): excessive commit interval 622039222 BTRFS info (device loop1): force zlib compression BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents