BTRFS info (device loop1): clearing free space tree BTRFS info (device loop1): clearing 1 ro feature flag BTRFS info (device loop1): clearing 2 ro feature flag ====================================================== WARNING: possible circular locking dependency detected 4.14.300-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/12716 is trying to acquire lock: (&event->child_mutex){+.+.}, at: [] perf_event_for_each_child+0x82/0x140 kernel/events/core.c:4690 overlayfs: fs on 'file0' does not support file handles, falling back to index=off. but task is already holding lock: (&cpuctx_mutex){+.+.}, at: [] perf_event_ctx_lock_nested+0x14d/0x2c0 kernel/events/core.c:1241 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #5 (&cpuctx_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 perf_event_init_cpu+0xb7/0x170 kernel/events/core.c:11286 perf_event_init+0x2cc/0x308 kernel/events/core.c:11333 start_kernel+0x45d/0x763 init/main.c:624 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240 -> #4 (pmus_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 perf_event_init_cpu+0x2c/0x170 kernel/events/core.c:11280 cpuhp_invoke_callback+0x1e6/0x1a80 kernel/cpu.c:186 overlayfs: fs on './file0' does not support file handles, falling back to index=off. cpuhp_up_callbacks kernel/cpu.c:574 [inline] _cpu_up+0x21e/0x520 kernel/cpu.c:1193 do_cpu_up+0x9a/0x160 kernel/cpu.c:1229 smp_init+0x197/0x1ac kernel/smp.c:578 kernel_init_freeable+0x406/0x626 init/main.c:1074 BTRFS info (device loop1): creating free space tree kernel_init+0xd/0x167 init/main.c:1006 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406 -> #3 (cpu_hotplug_lock.rw_sem){++++}: percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x39/0xc0 kernel/cpu.c:297 static_key_slow_inc+0xe/0x20 kernel/jump_label.c:123 tracepoint_add_func+0x747/0xa40 kernel/tracepoint.c:269 tracepoint_probe_register_prio kernel/tracepoint.c:331 [inline] tracepoint_probe_register+0x8c/0xc0 kernel/tracepoint.c:352 trace_event_reg+0x272/0x330 kernel/trace/trace_events.c:305 perf_trace_event_reg kernel/trace/trace_event_perf.c:122 [inline] perf_trace_event_init kernel/trace/trace_event_perf.c:197 [inline] perf_trace_init+0x424/0xa30 kernel/trace/trace_event_perf.c:221 perf_tp_event_init+0x79/0xf0 kernel/events/core.c:8140 perf_try_init_event+0x15b/0x1f0 kernel/events/core.c:9374 BTRFS info (device loop1): setting 1 ro feature flag perf_init_event kernel/events/core.c:9412 [inline] perf_event_alloc.part.0+0xe2d/0x2640 kernel/events/core.c:9672 perf_event_alloc kernel/events/core.c:10042 [inline] SYSC_perf_event_open kernel/events/core.c:10146 [inline] SyS_perf_event_open+0x683/0x2530 kernel/events/core.c:10032 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #2 (tracepoints_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 tracepoint_probe_register_prio kernel/tracepoint.c:327 [inline] tracepoint_probe_register+0x68/0xc0 kernel/tracepoint.c:352 trace_event_reg+0x272/0x330 kernel/trace/trace_events.c:305 perf_trace_event_reg kernel/trace/trace_event_perf.c:122 [inline] perf_trace_event_init kernel/trace/trace_event_perf.c:197 [inline] perf_trace_init+0x424/0xa30 kernel/trace/trace_event_perf.c:221 perf_tp_event_init+0x79/0xf0 kernel/events/core.c:8140 perf_try_init_event+0x15b/0x1f0 kernel/events/core.c:9374 perf_init_event kernel/events/core.c:9412 [inline] perf_event_alloc.part.0+0xe2d/0x2640 kernel/events/core.c:9672 BTRFS info (device loop1): setting 2 ro feature flag perf_event_alloc kernel/events/core.c:10042 [inline] SYSC_perf_event_open kernel/events/core.c:10146 [inline] SyS_perf_event_open+0x683/0x2530 kernel/events/core.c:10032 BTRFS info (device loop1): checking UUID tree do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #1 (event_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 perf_trace_destroy+0x23/0xf0 kernel/trace/trace_event_perf.c:234 _free_event+0x321/0xe20 kernel/events/core.c:4246 free_event+0x32/0x40 kernel/events/core.c:4273 perf_event_release_kernel+0x368/0x8a0 kernel/events/core.c:4417 perf_release+0x33/0x40 kernel/events/core.c:4443 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xa44/0x2850 kernel/exit.c:868 SYSC_exit kernel/exit.c:934 [inline] SyS_exit+0x1e/0x20 kernel/exit.c:932 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #0 (&event->child_mutex){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 perf_event_for_each_child+0x82/0x140 kernel/events/core.c:4690 _perf_ioctl+0x471/0x1a60 kernel/events/core.c:4877 perf_ioctl+0x55/0x80 kernel/events/core.c:4889 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 other info that might help us debug this: Chain exists of: &event->child_mutex --> pmus_lock --> &cpuctx_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&cpuctx_mutex); lock(pmus_lock); lock(&cpuctx_mutex); lock(&event->child_mutex); *** DEADLOCK *** 1 lock held by syz-executor.0/12716: #0: (&cpuctx_mutex){+.+.}, at: [] perf_event_ctx_lock_nested+0x14d/0x2c0 kernel/events/core.c:1241 stack backtrace: CPU: 0 PID: 12716 Comm: syz-executor.0 Not tainted 4.14.300-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 perf_event_for_each_child+0x82/0x140 kernel/events/core.c:4690 _perf_ioctl+0x471/0x1a60 kernel/events/core.c:4877 perf_ioctl+0x55/0x80 kernel/events/core.c:4889 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. BTRFS info (device loop1): enabling inode map caching BTRFS info (device loop1): force clearing of disk cache BTRFS info (device loop1): force zlib compression BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents BTRFS info (device loop1): clearing free space tree BTRFS info (device loop1): clearing 1 ro feature flag BTRFS info (device loop1): clearing 2 ro feature flag BTRFS info (device loop1): creating free space tree BTRFS info (device loop1): setting 1 ro feature flag BTRFS info (device loop1): setting 2 ro feature flag BTRFS info (device loop1): checking UUID tree unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 loop0: p1 p2 p3 loop0: p1 p2 p3 BTRFS info (device loop1): enabling inode map caching BTRFS info (device loop1): force clearing of disk cache BTRFS info (device loop1): force zlib compression BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents loop_reread_partitions: partition scan of loop0 () failed (rc=-16) print_req_error: I/O error, dev loop0, sector 108 print_req_error: I/O error, dev loop0, sector 1008 print_req_error: I/O error, dev loop0, sector 58 print_req_error: I/O error, dev loop0, sector 108 Buffer I/O error on dev loop0p1, logical block 8, async page read print_req_error: I/O error, dev loop0, sector 58 Buffer I/O error on dev loop0p2, logical block 8, async page read print_req_error: I/O error, dev loop0, sector 59 Buffer I/O error on dev loop0p2, logical block 9, async page read print_req_error: I/O error, dev loop0, sector 60 Buffer I/O error on dev loop0p2, logical block 10, async page read print_req_error: I/O error, dev loop0, sector 61 Buffer I/O error on dev loop0p2, logical block 11, async page read print_req_error: I/O error, dev loop0, sector 62 Buffer I/O error on dev loop0p2, logical block 12, async page read print_req_error: I/O error, dev loop0, sector 63 Buffer I/O error on dev loop0p2, logical block 13, async page read Buffer I/O error on dev loop0p2, logical block 14, async page read Buffer I/O error on dev loop0p2, logical block 15, async page read Buffer I/O error on dev loop0p1, logical block 9, async page read BTRFS info (device loop1): clearing free space tree BTRFS info (device loop1): clearing 1 ro feature flag BTRFS info (device loop1): clearing 2 ro feature flag BTRFS info (device loop1): creating free space tree BTRFS info (device loop1): setting 1 ro feature flag BTRFS info (device loop1): setting 2 ro feature flag BTRFS info (device loop1): checking UUID tree BTRFS info (device loop1): enabling inode map caching BTRFS info (device loop1): force clearing of disk cache BTRFS info (device loop1): force zlib compression BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents (syz-executor.4,12822,1):ocfs2_parse_options:1498 ERROR: Invalid heartbeat mount options (syz-executor.4,12822,1):ocfs2_fill_super:1217 ERROR: status = -22 BTRFS info (device loop1): clearing free space tree BTRFS info (device loop1): clearing 1 ro feature flag BTRFS info (device loop1): clearing 2 ro feature flag BTRFS info (device loop1): creating free space tree BTRFS info (device loop1): setting 1 ro feature flag BTRFS info (device loop1): setting 2 ro feature flag BTRFS info (device loop1): checking UUID tree loop0: p1 p2 p3 loop0: p1 p2 p3 loop0: p1 p2 p3 loop0: p1 p2 p3 loop_reread_partitions: partition scan of loop0 () failed (rc=-16) nla_parse: 1 callbacks suppressed netlink: 44271 bytes leftover after parsing attributes in process `syz-executor.1'. A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. loop0: p1 p2 p3 capability: warning: `syz-executor.5' uses deprecated v2 capabilities in a way that may be insecure loop0: p1 p2 p3 netlink: 44271 bytes leftover after parsing attributes in process `syz-executor.1'. A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. netlink: 44271 bytes leftover after parsing attributes in process `syz-executor.1'. A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. netlink: 44271 bytes leftover after parsing attributes in process `syz-executor.3'. A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. device lo left promiscuous mode IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. netlink: 44271 bytes leftover after parsing attributes in process `syz-executor.3'. A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. netlink: 44271 bytes leftover after parsing attributes in process `syz-executor.1'. A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. loop0: p9 p11 p16 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 loop0: p9 p11 p16 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. loop0: p9 p11 p16 netlink: 44271 bytes leftover after parsing attributes in process `syz-executor.3'. loop1: p1 p2 p3 loop0: p9 p11 p16 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready loop1: p1 p2 p3 chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected loop1: p1 p2 p3 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 loop0: p1 p3 < p5 p6 > caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected loop1: p1 p2 p3 loop1: p1 p2 p3 loop0: p1 p3 < p5 p6 > loop3: p1 p2 p3 loop3: p1 p2 p3 IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 loop0: p1 p3 < p5 p6 > caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected loop0: p1 p3 < p5 p6 > IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT loop1: p1 p2 p3 chnl_net:chnl_net_open(): state disconnected IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 loop3: p1 p2 p3 loop1: p1 p2 p3 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected net_ratelimit: 6 callbacks suppressed A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. loop0: p1 p3 < p5 p6 > loop4: p1 p2 p3 print_req_error: 177 callbacks suppressed print_req_error: I/O error, dev loop4, sector 0 loop3: p1 p2 p3 loop4: p2 p3 p7 loop4: p2 p3 p7 loop_reread_partitions: partition scan of loop4 () failed (rc=-16) print_req_error: I/O error, dev loop4, sector 408 print_req_error: I/O error, dev loop4, sector 608 print_req_error: I/O error, dev loop4, sector 208 print_req_error: I/O error, dev loop4, sector 608 buffer_io_error: 158 callbacks suppressed Buffer I/O error on dev loop4p2, logical block 8, async page read print_req_error: I/O error, dev loop4, sector 609 Buffer I/O error on dev loop4p2, logical block 9, async page read print_req_error: I/O error, dev loop4, sector 610 Buffer I/O error on dev loop4p2, logical block 10, async page read attempt to access beyond end of device attempt to access beyond end of device loop0: p1 p9 p11 loop4: rw=0, want=612, limit=256 loop4: rw=0, want=264, limit=256 attempt to access beyond end of device Buffer I/O error on dev loop4p2, logical block 11, async page read attempt to access beyond end of device loop4: rw=0, want=409, limit=256 Buffer I/O error on dev loop4p7, logical block 8, async page read loop4: rw=0, want=257, limit=256 attempt to access beyond end of device Buffer I/O error on dev loop4p3, logical block 56, async page read attempt to access beyond end of device loop4: rw=0, want=258, limit=256 Buffer I/O error on dev loop4p3, logical block 57, async page read attempt to access beyond end of device loop4: rw=0, want=613, limit=256 loop4: rw=0, want=410, limit=256 Buffer I/O error on dev loop4p2, logical block 12, async page read Buffer I/O error on dev loop4p7, logical block 9, async page read attempt to access beyond end of device attempt to access beyond end of device attempt to access beyond end of device loop4: rw=0, want=259, limit=256 loop4: rw=0, want=614, limit=256 loop4: rw=0, want=411, limit=256 Buffer I/O error on dev loop4p3, logical block 58, async page read attempt to access beyond end of device attempt to access beyond end of device