9pnet: p9_errstr2errno: server reported unknown error 4zd ====================================================== WARNING: possible circular locking dependency detected 4.14.307-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/10443 is trying to acquire lock: ("%s-%s""btrfs", name){+.+.}, at: [] flush_workqueue+0xcb/0x1310 kernel/workqueue.c:2622 but task is already holding lock: (&fs_info->scrub_lock){+.+.}, at: [] btrfs_scrub_dev+0x506/0xcd0 fs/btrfs/scrub.c:4217 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&fs_info->scrub_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 btrfs_scrub_dev+0x1f3/0xcd0 fs/btrfs/scrub.c:4150 btrfs_ioctl_scrub fs/btrfs/ioctl.c:4451 [inline] btrfs_ioctl+0xba8/0x5b20 fs/btrfs/ioctl.c:5681 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #2 (&fs_devs->device_list_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 __reada_start_machine fs/btrfs/reada.c:765 [inline] reada_start_machine_worker+0x1d2/0xa90 fs/btrfs/reada.c:746 normal_work_helper+0x304/0x1330 fs/btrfs/async-thread.c:376 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406 -> #1 ((&work->normal_work)){+.+.}: process_one_work+0x736/0x14a0 kernel/workqueue.c:2093 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406 -> #0 ("%s-%s""btrfs", name){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2625 drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2790 destroy_workqueue+0x71/0x710 kernel/workqueue.c:4116 __btrfs_destroy_workqueue fs/btrfs/async-thread.c:436 [inline] btrfs_destroy_workqueue+0xf8/0x630 fs/btrfs/async-thread.c:447 scrub_workers_put+0x90/0x1a0 fs/btrfs/scrub.c:4075 btrfs_scrub_dev+0x536/0xcd0 fs/btrfs/scrub.c:4219 btrfs_ioctl_scrub fs/btrfs/ioctl.c:4451 [inline] btrfs_ioctl+0xba8/0x5b20 fs/btrfs/ioctl.c:5681 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 other info that might help us debug this: Chain exists of: "%s-%s""btrfs", name --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&fs_info->scrub_lock); lock(&fs_devs->device_list_mutex); lock(&fs_info->scrub_lock); lock("%s-%s""btrfs", name); *** DEADLOCK *** 1 lock held by syz-executor.0/10443: #0: (&fs_info->scrub_lock){+.+.}, at: [] btrfs_scrub_dev+0x506/0xcd0 fs/btrfs/scrub.c:4217 stack backtrace: CPU: 1 PID: 10443 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2625 REISERFS (device loop5): using ordered data mode drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2790 reiserfs: using flush barriers destroy_workqueue+0x71/0x710 kernel/workqueue.c:4116 __btrfs_destroy_workqueue fs/btrfs/async-thread.c:436 [inline] btrfs_destroy_workqueue+0xf8/0x630 fs/btrfs/async-thread.c:447 scrub_workers_put+0x90/0x1a0 fs/btrfs/scrub.c:4075 btrfs_scrub_dev+0x536/0xcd0 fs/btrfs/scrub.c:4219 btrfs_ioctl_scrub fs/btrfs/ioctl.c:4451 [inline] btrfs_ioctl+0xba8/0x5b20 fs/btrfs/ioctl.c:5681 REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop5): checking transaction log (loop5) vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fef91f700f9 RSP: 002b:00007fef904e2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fef9208ff80 RCX: 00007fef91f700f9 RDX: 0000000020000100 RSI: 00000000c400941b RDI: 0000000000000004 RBP: 00007fef91fcbae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff07de0bef R14: 00007fef904e2300 R15: 0000000000022000 REISERFS (device loop5): Using r5 hash to sort names netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize IPVS: ftp: loaded support on port[0] = 21 device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode BTRFS info (device loop0): enabling inode map caching BTRFS info (device loop0): trying to use backup root at mount time netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. BTRFS info (device loop0): use zlib compression netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. BTRFS info (device loop0): enabling ssd optimizations netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. BTRFS info (device loop0): using spread ssd allocation scheme BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize BTRFS info (device loop0): enabling inode map caching BTRFS info (device loop0): trying to use backup root at mount time BTRFS info (device loop0): use zlib compression BTRFS info (device loop0): enabling ssd optimizations BTRFS info (device loop0): using spread ssd allocation scheme BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents print_req_error: I/O error, dev loop1, sector 0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state BTRFS info (device loop0): enabling inode map caching EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize BTRFS info (device loop0): trying to use backup root at mount time device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode BTRFS info (device loop0): use zlib compression device team_slave_1 entered promiscuous mode BTRFS info (device loop0): enabling ssd optimizations bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered forwarding state BTRFS info (device loop0): using spread ssd allocation scheme BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents f2fs_msg: 4 callbacks suppressed F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop3): invalid crc value F2FS-fs (loop3): Found nat_bits in checkpoint F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b audit: type=1800 audit(1677511947.055:5): pid=10745 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=4 res=0 EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop3): invalid crc value F2FS-fs (loop3): Found nat_bits in checkpoint EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize audit: type=1800 audit(1677511947.785:6): pid=10846 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=4 res=0 audit: type=1800 audit(1677511947.925:7): pid=10858 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=4 res=0 syz-executor.1 (10818) used greatest stack depth: 24912 bytes left EXT4-fs warning (device sda1): ext4_group_add:1669: No reserved GDT blocks, can't resize audit: type=1800 audit(1677511948.715:8): pid=10914 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=4 res=0 audit: type=1800 audit(1677511948.725:9): pid=10908 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=4 res=0 REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4) audit: type=1800 audit(1677511949.145:10): pid=10947 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="loop2" ino=10 res=0 audit: type=1800 audit(1677511949.225:11): pid=11003 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name=".log" dev="sda1" ino=14032 res=0 attempt to access beyond end of device loop2: rw=2049, want=45112, limit=40427 REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop4): using 3.5.x disk format REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. audit: type=1804 audit(1677511949.555:12): pid=10936 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir3237126086/syzkaller.sBF12F/52/file0/bus" dev="loop4" ino=4 res=1 audit: type=1800 audit(1677511949.775:13): pid=10987 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="loop0" ino=4 res=0 audit: type=1800 audit(1677511949.915:14): pid=10996 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="loop3" ino=4 res=0 REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4) attempt to access beyond end of device loop2: rw=2049, want=45112, limit=40427 REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): using ordered data mode REISERFS (device loop4): Using r5 hash to sort names reiserfs: using flush barriers REISERFS (device loop4): using 3.5.x disk format REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop3): checking transaction log (loop3) REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal REISERFS (device loop5): using ordered data mode reiserfs: using flush barriers REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop5): checking transaction log (loop5) REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): using 3.5.x disk format attempt to access beyond end of device REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. loop2: rw=2049, want=45112, limit=40427 REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): using 3.5.x disk format REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. kauditd_printk_skb: 7 callbacks suppressed audit: type=1804 audit(1677511952.176:22): pid=11074 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir1959813243/syzkaller.CcrDWk/38/file0/bus" dev="loop0" ino=4 res=1 REISERFS (device loop5): Using r5 hash to sort names REISERFS (device loop5): using 3.5.x disk format audit: type=1800 audit(1677511952.316:23): pid=11158 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name=".log" dev="sda1" ino=14078 res=0 REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal REISERFS (device loop4): using ordered data mode audit: type=1804 audit(1677511952.346:24): pid=11087 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir4273329108/syzkaller.rxeFko/32/file0/bus" dev="loop3" ino=4 res=1 reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 audit: type=1804 audit(1677511952.566:25): pid=11106 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir315077023/syzkaller.dIADVR/51/file0/bus" dev="loop5" ino=4 res=1 REISERFS (device loop4): checking transaction log (loop4) audit: type=1800 audit(1677511952.606:26): pid=11181 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name=".log" dev="sda1" ino=14084 res=0 f2fs_msg: 31 callbacks suppressed F2FS-fs (loop2): Found nat_bits in checkpoint audit: type=1800 audit(1677511953.076:27): pid=11205 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name=".log" dev="sda1" ino=14085 res=0 REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 audit: type=1800 audit(1677511953.386:28): pid=11170 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="bus" dev="loop2" ino=10 res=0 REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop3): checking transaction log (loop3) audit: type=1800 audit(1677511953.506:29): pid=11224 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name=".log" dev="sda1" ino=14037 res=0 REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop4): using 3.5.x disk format REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal REISERFS (device loop5): using ordered data mode REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. reiserfs: using flush barriers REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 attempt to access beyond end of device loop2: rw=2049, want=45112, limit=40427 REISERFS (device loop5): checking transaction log (loop5)