IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.3/10569 is trying to acquire lock: 00000000b4c1788f (sb_internal#2){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] 00000000b4c1788f (sb_internal#2){.+.+}, at: start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 but task is already holding lock: 00000000ac8132f1 (&fs_info->qgroup_ioctl_lock){+.+.}, at: btrfs_quota_enable+0xbf/0x10b0 fs/btrfs/qgroup.c:893 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&fs_info->qgroup_ioctl_lock){+.+.}: btrfs_qgroup_inherit+0xde/0x1c60 fs/btrfs/qgroup.c:2284 create_subvol+0x3aa/0x1850 fs/btrfs/ioctl.c:617 btrfs_mksubvol+0xe1d/0x1160 fs/btrfs/ioctl.c:1007 btrfs_ioctl_snap_create_transid+0x2a7/0x430 fs/btrfs/ioctl.c:1771 btrfs_ioctl_snap_create_v2+0x2db/0x5d0 fs/btrfs/ioctl.c:1885 btrfs_ioctl+0x26f6/0x76d0 fs/btrfs/ioctl.c:5934 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (sb_internal#2){.+.+}: percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x6e/0x2a0 fs/super.c:1366 sb_start_intwrite include/linux/fs.h:1626 [inline] start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 btrfs_quota_enable+0x169/0x10b0 fs/btrfs/qgroup.c:905 btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:5233 [inline] btrfs_ioctl+0x622c/0x76d0 fs/btrfs/ioctl.c:6021 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&fs_info->qgroup_ioctl_lock); lock(sb_internal#2); lock(&fs_info->qgroup_ioctl_lock); lock(sb_internal#2); *** DEADLOCK *** 3 locks held by syz-executor.3/10569: #0: 000000006408d16a (sb_writers#14){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 000000006408d16a (sb_writers#14){.+.+}, at: mnt_want_write_file+0x63/0x1d0 fs/namespace.c:418 #1: 00000000a0b60ad0 (&fs_info->subvol_sem){++++}, at: btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:5229 [inline] #1: 00000000a0b60ad0 (&fs_info->subvol_sem){++++}, at: btrfs_ioctl+0x3d12/0x76d0 fs/btrfs/ioctl.c:6021 #2: 00000000ac8132f1 (&fs_info->qgroup_ioctl_lock){+.+.}, at: btrfs_quota_enable+0xbf/0x10b0 fs/btrfs/qgroup.c:893 stack backtrace: CPU: 1 PID: 10569 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x6e/0x2a0 fs/super.c:1366 sb_start_intwrite include/linux/fs.h:1626 [inline] start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528 btrfs_quota_enable+0x169/0x10b0 fs/btrfs/qgroup.c:905 btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:5233 [inline] btrfs_ioctl+0x622c/0x76d0 fs/btrfs/ioctl.c:6021 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f5a3409c0f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5a3260e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f5a341bbf80 RCX: 00007f5a3409c0f9 RDX: 00000000200000c0 RSI: 00000000c0109428 RDI: 0000000000000004 RBP: 00007f5a340f7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdbb71592f R14: 00007f5a3260e300 R15: 0000000000022000 BTRFS error (device loop3): fail to start transaction for status update: -28 x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING BTRFS info (device loop3): unrecognized mount option '.' BTRFS error (device loop3): open_ctree failed x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING BTRFS info (device loop3): unrecognized mount option '.' BTRFS error (device loop3): open_ctree failed x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 overlayfs: unrecognized mount option "nfs_exporteYpJ\ u`HuFBFl m\_hx4" or missing value x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING overlayfs: unrecognized mount option "nfs_exporteYpJ\ u`HuFBFl m\_hx4" or missing value BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 base_sock_release(0000000026f8b952) sk= (null) audit: type=1804 audit(1678067303.465:1003): pid=11046 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2304766617/syzkaller.870GKJ/1167/bus" dev="sda1" ino=14690 res=1 audit: type=1804 audit(1678067303.565:1004): pid=11081 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2304766617/syzkaller.870GKJ/1167/bus" dev="sda1" ino=14690 res=1 BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 base_sock_release(00000000de895bc2) sk=00000000504263d6 BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 base_sock_release(0000000016563b34) sk= (null) base_sock_release(00000000ca54e2cb) sk= (null) BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents audit: type=1804 audit(1678067304.395:1005): pid=11164 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2304766617/syzkaller.870GKJ/1168/bus" dev="sda1" ino=14451 res=1 audit: type=1804 audit(1678067304.445:1006): pid=11165 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2304766617/syzkaller.870GKJ/1168/bus" dev="sda1" ino=14451 res=1 BTRFS error (device loop3): fail to start transaction for status update: -28 audit: type=1804 audit(1678067304.445:1007): pid=11176 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2304766617/syzkaller.870GKJ/1168/bus" dev="sda1" ino=14451 res=1 base_sock_release(00000000eade37db) sk=00000000171f4e27 audit: type=1804 audit(1678067304.635:1008): pid=11222 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2304766617/syzkaller.870GKJ/1169/bus" dev="sda1" ino=14690 res=1 audit: type=1804 audit(1678067304.665:1009): pid=11221 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2304766617/syzkaller.870GKJ/1169/bus" dev="sda1" ino=14690 res=1 BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 base_sock_release(00000000e3fa29ce) sk=00000000345899d1 base_sock_release(00000000bdeabb8f) sk=00000000f6a9b3ae base_sock_release(00000000a3880336) sk=00000000eae0cfcb base_sock_release(00000000de1b0cea) sk=0000000039111cf1 base_sock_release(0000000031c13a46) sk=00000000293aa632 base_sock_release(0000000086188d07) sk=0000000094358327 base_sock_release(000000007a628e3f) sk=000000006d4cce03 base_sock_release(0000000038df6d82) sk=000000004df8c6c1 BTRFS info (device loop3): enabling inode map caching base_sock_release(0000000055e064ce) sk=0000000034f3a010 BTRFS warning (device loop3): excessive commit interval 620990646 base_sock_release(0000000024f24cc3) sk=000000007aad9338 BTRFS info (device loop3): force zlib compression, level 3 base_sock_release(000000009f4b559a) sk=0000000035f4bb28 base_sock_release(00000000828a7909) sk=0000000076194be3 BTRFS info (device loop3): using free space tree base_sock_release(00000000460e69a7) sk=00000000ee82c893 BTRFS info (device loop3): has skinny extents base_sock_release(00000000aca4f864) sk=00000000db9b973d base_sock_release(0000000042cc7f3c) sk=00000000b29fef07 base_sock_release(00000000ac43ee61) sk=00000000822b8e30 base_sock_release(000000005d7c25ea) sk=00000000966eb722 base_sock_release(0000000019c6e588) sk=000000002dbd786f base_sock_release(00000000260c8fe5) sk=000000008764d23d base_sock_release(000000005118b61b) sk=000000002d94ed9e base_sock_release(00000000c16fb97c) sk=0000000020fbf51c base_sock_release(0000000017a2d021) sk=0000000072655ede base_sock_release(0000000076535ac1) sk=00000000a3007011 base_sock_release(000000005b781944) sk=00000000fabb7a8c base_sock_release(00000000e26c5f31) sk=000000004fcb64ac base_sock_release(000000000dd78f46) sk=00000000423f17fa base_sock_release(000000009514d087) sk=00000000352e8942 base_sock_release(000000000902943a) sk=000000004e21a16e base_sock_release(00000000648c51a1) sk=000000008d3ea878 base_sock_release(000000003dc3d382) sk=000000009c922eeb BTRFS error (device loop3): fail to start transaction for status update: -28 base_sock_release(000000004daea405) sk=0000000014ce0664 base_sock_release(00000000b0161561) sk=000000001b757608 base_sock_release(00000000e141347e) sk=00000000e037700e base_sock_release(000000009b2b17ac) sk=000000002f8be691 base_sock_release(00000000b3cfbf82) sk=000000002fcb4567 base_sock_release(00000000ff8af37e) sk=0000000033caa368 base_sock_release(00000000d1c27186) sk=0000000097698bbe base_sock_release(00000000de292ea7) sk=00000000077ea4d5 base_sock_release(000000002b9077c6) sk=000000005b83c8eb base_sock_release(0000000098cc739d) sk=000000001b4b1d16 base_sock_release(00000000e5c5f77a) sk=00000000ae3e2f45 base_sock_release(00000000143a1fa5) sk=00000000bfe8b784 base_sock_release(0000000036547ff7) sk=00000000d2796c17 base_sock_release(00000000792ca3eb) sk=00000000769bdb0c base_sock_release(00000000d8af07a2) sk=00000000ffc210ac base_sock_release(000000009285d678) sk=00000000ebce6b37 base_sock_release(000000000ab46657) sk=00000000cfceae24 base_sock_release(000000005eb1f281) sk=000000001b22f476 base_sock_release(000000005fbe48f5) sk=000000005175a01f base_sock_release(00000000e4c50611) sk=000000004168c923 base_sock_release(00000000f6351a97) sk=000000005e653e85 base_sock_release(0000000067df8256) sk=000000007db31d08 base_sock_release(000000005d14587e) sk=00000000755bb603 base_sock_release(00000000c0185694) sk=00000000725edab2 base_sock_release(0000000004f40859) sk=0000000034797c2c base_sock_release(0000000005935c6b) sk=000000005d8b6cd4 base_sock_release(000000003230ac89) sk=00000000ef5711b1 base_sock_release(00000000290b9922) sk=000000005825931b base_sock_release(00000000c95fb232) sk=0000000075c6984d base_sock_release(000000007c2c121b) sk=000000000088eb3a base_sock_release(00000000ba9b51a4) sk=000000001a76fd21 base_sock_release(000000007b083e44) sk=000000004a6eb1b7 base_sock_release(000000007c0404e9) sk=000000004131ef6a base_sock_release(00000000080e9b15) sk=00000000246407ec base_sock_release(000000001758948d) sk=00000000ba31c23b xt_check_match: 14 callbacks suppressed x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28 BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 620990646 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS error (device loop3): fail to start transaction for status update: -28