device gretap0 left promiscuous mode ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.4/31972 is trying to acquire lock: 000000001c4f057a (sb_internal#2){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] 000000001c4f057a (sb_internal#2){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 but task is already holding lock: 000000003301fc33 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x152/0x200 mm/util.c:355 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #5 (&mm->mmap_sem){++++}: _copy_from_user+0x29/0x130 lib/usercopy.c:10 copy_from_user include/linux/uaccess.h:147 [inline] perf_event_query_prog_array+0xf3/0x300 kernel/trace/bpf_trace.c:1113 _perf_ioctl+0x11b/0x2300 kernel/events/core.c:5146 perf_ioctl+0x55/0x80 kernel/events/core.c:5177 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #4 (&cpuctx_mutex){+.+.}: perf_event_init_cpu+0xc4/0x170 kernel/events/core.c:11828 perf_event_init+0x309/0x34e kernel/events/core.c:11875 start_kernel+0x5b1/0x911 init/main.c:644 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 -> #3 (pmus_lock){+.+.}: perf_event_init_cpu+0x2c/0x170 kernel/events/core.c:11822 9pnet_virtio: no channels available for device 127.0.0.1 cpuhp_invoke_callback+0x201/0x1b80 kernel/cpu.c:170 cpuhp_up_callbacks kernel/cpu.c:584 [inline] _cpu_up+0x25c/0x540 kernel/cpu.c:1192 do_cpu_up+0xdd/0x1b0 kernel/cpu.c:1228 smp_init+0x1ed/0x202 kernel/smp.c:578 kernel_init_freeable+0x62b/0xab7 init/main.c:1138 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 -> #2 (cpu_hotplug_lock.rw_sem){++++}: get_online_cpus include/linux/cpu.h:137 [inline] apply_wqattrs_lock kernel/workqueue.c:3839 [inline] apply_workqueue_attrs kernel/workqueue.c:3898 [inline] alloc_and_link_pwqs kernel/workqueue.c:4022 [inline] __alloc_workqueue_key+0x9ab/0xed0 kernel/workqueue.c:4128 __btrfs_alloc_workqueue+0x40c/0x6c0 fs/btrfs/async-thread.c:146 btrfs_alloc_workqueue+0x7b/0x490 fs/btrfs/async-thread.c:175 scrub_workers_get+0xca/0x2d0 fs/btrfs/scrub.c:3752 btrfs_scrub_dev+0x4ea/0xfd0 fs/btrfs/scrub.c:3876 btrfs_ioctl_scrub fs/btrfs/ioctl.c:4731 [inline] btrfs_ioctl+0x121f/0x76d0 fs/btrfs/ioctl.c:5995 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&fs_info->scrub_lock){+.+.}: btrfs_scrub_pause+0x93/0x390 fs/btrfs/scrub.c:3952 btrfs_commit_transaction+0x63c/0x2480 fs/btrfs/transaction.c:2098 btrfs_commit_super+0xc1/0x100 fs/btrfs/disk-io.c:3932 close_ctree+0x618/0x850 fs/btrfs/disk-io.c:3992 generic_shutdown_super+0x144/0x370 fs/super.c:456 kill_anon_super+0x36/0x60 fs/super.c:1032 btrfs_kill_super+0x49/0x550 fs/btrfs/super.c:2221 deactivate_locked_super+0x94/0x160 fs/super.c:329 deactivate_super+0x174/0x1a0 fs/super.c:360 cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (sb_internal#2){.+.+}: percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x6e/0x2a0 fs/super.c:1366 sb_start_intwrite include/linux/fs.h:1626 [inline] start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 btrfs_dirty_inode+0xe3/0x210 fs/btrfs/inode.c:6165 btrfs_update_time+0x33b/0x3d0 fs/btrfs/inode.c:6207 update_time fs/inode.c:1675 [inline] touch_atime+0x23c/0x2a0 fs/inode.c:1746 file_accessed include/linux/fs.h:2123 [inline] btrfs_file_mmap+0x11b/0x160 fs/btrfs/file.c:2274 call_mmap include/linux/fs.h:1826 [inline] mmap_region+0xc94/0x16b0 mm/mmap.c:1757 do_mmap+0x8e8/0x1080 mm/mmap.c:1530 do_mmap_pgoff include/linux/mm.h:2329 [inline] vm_mmap_pgoff+0x197/0x200 mm/util.c:357 ksys_mmap_pgoff+0x298/0x5a0 mm/mmap.c:1580 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: sb_internal#2 --> &cpuctx_mutex --> &mm->mmap_sem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&mm->mmap_sem); lock(&cpuctx_mutex); lock(&mm->mmap_sem); lock(sb_internal#2); *** DEADLOCK *** 2 locks held by syz-executor.4/31972: #0: 000000003301fc33 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x152/0x200 mm/util.c:355 #1: 000000004f6ca913 (sb_writers#15){.+.+}, at: sb_start_write_trylock include/linux/fs.h:1584 [inline] #1: 000000004f6ca913 (sb_writers#15){.+.+}, at: touch_atime+0x152/0x2a0 fs/inode.c:1731 stack backtrace: CPU: 1 PID: 31972 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x6e/0x2a0 fs/super.c:1366 sb_start_intwrite include/linux/fs.h:1626 [inline] start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 btrfs_dirty_inode+0xe3/0x210 fs/btrfs/inode.c:6165 btrfs_update_time+0x33b/0x3d0 fs/btrfs/inode.c:6207 update_time fs/inode.c:1675 [inline] touch_atime+0x23c/0x2a0 fs/inode.c:1746 file_accessed include/linux/fs.h:2123 [inline] btrfs_file_mmap+0x11b/0x160 fs/btrfs/file.c:2274 call_mmap include/linux/fs.h:1826 [inline] mmap_region+0xc94/0x16b0 mm/mmap.c:1757 do_mmap+0x8e8/0x1080 mm/mmap.c:1530 do_mmap_pgoff include/linux/mm.h:2329 [inline] vm_mmap_pgoff+0x197/0x200 mm/util.c:357 ksys_mmap_pgoff+0x298/0x5a0 mm/mmap.c:1580 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f52c548d0c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f52c399c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 00007f52c55ad1f0 RCX: 00007f52c548d0c9 RDX: 0000000000800001 RSI: 0000000000b36000 RDI: 0000000020000000 RBP: 00007f52c54e8ae9 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff4021c35f R14: 00007f52c399c300 R15: 0000000000022000 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 syz-executor.3 (32097): drop_caches: 2 syz-executor.3 (32097): drop_caches: 2 9pnet_virtio: no channels available for device 127.0.0.1 BTRFS info (device loop2): enabling inode map caching BTRFS info (device loop2): force clearing of disk cache BTRFS info (device loop2): disabling free space tree BTRFS info (device loop2): has skinny extents BTRFS info (device loop2): clearing free space tree BTRFS info (device loop2): clearing 1 ro feature flag BTRFS info (device loop2): clearing 2 ro feature flag 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 BTRFS info (device loop2): enabling inode map caching BTRFS info (device loop2): force clearing of disk cache BTRFS info (device loop2): disabling free space tree BTRFS info (device loop2): has skinny extents BTRFS info (device loop2): clearing free space tree BTRFS info (device loop2): clearing 1 ro feature flag BTRFS info (device loop2): clearing 2 ro feature flag : renamed from veth0_vlan device vlan2 entered promiscuous mode syz-executor.3 (32235): drop_caches: 2 device gretap0 entered promiscuous mode syz-executor.3 (32235): drop_caches: 2 device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 syz-executor.3 (32270): drop_caches: 2 syz-executor.3 (32270): drop_caches: 2 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 syz-executor.0 (32604): drop_caches: 2 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode syz-executor.0 (32604): drop_caches: 2 device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode syz-executor.0 (32684): drop_caches: 2 syz-executor.0 (32684): drop_caches: 2 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode syz-executor.0 (32735): drop_caches: 2 device gretap0 entered promiscuous mode syz-executor.0 (32735): drop_caches: 2 device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 syz-executor.0 (338): drop_caches: 2 device vlan2 entered promiscuous mode syz-executor.0 (338): drop_caches: 2 device gretap0 entered promiscuous mode device gretap0 left promiscuous mode 9pnet_virtio: no channels available for device 127.0.0.1 device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode