====================================================== WARNING: possible circular locking dependency detected 6.13.0-rc6-next-20250107-syzkaller #0 Not tainted ------------------------------------------------------ syz.2.2195/18106 is trying to acquire lock: ffff88807901b398 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: inode_lock include/linux/fs.h:865 [inline] ffff88807901b398 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: start_creating+0x130/0x310 fs/debugfs/inode.c:374 but task is already holding lock: ffffffff8e98a608 (relay_channels_mutex){+.+.}-{4:4}, at: relay_open+0x338/0x890 kernel/relay.c:515 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (relay_channels_mutex){+.+.}-{4:4}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730 relay_prepare_cpu+0x2a/0x250 kernel/relay.c:438 cpuhp_invoke_callback+0x48d/0x830 kernel/cpu.c:194 __cpuhp_invoke_callback_range kernel/cpu.c:966 [inline] cpuhp_invoke_callback_range kernel/cpu.c:990 [inline] cpuhp_up_callbacks kernel/cpu.c:1021 [inline] _cpu_up+0x2b3/0x580 kernel/cpu.c:1691 cpu_up+0x184/0x230 kernel/cpu.c:1723 cpuhp_bringup_mask+0xdf/0x260 kernel/cpu.c:1789 cpuhp_bringup_cpus_parallel+0xf9/0x160 kernel/cpu.c:1879 bringup_nonboot_cpus+0x2b/0x50 kernel/cpu.c:1893 smp_init+0x34/0x150 kernel/smp.c:1010 kernel_init_freeable+0x417/0x5d0 init/main.c:1560 kernel_init+0x1d/0x2b0 init/main.c:1457 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #2 (cpu_hotplug_lock){++++}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] cpus_read_lock+0x42/0x150 kernel/cpu.c:490 acomp_ctx_get_cpu mm/zswap.c:886 [inline] zswap_compress mm/zswap.c:908 [inline] zswap_store_page mm/zswap.c:1439 [inline] zswap_store+0xa74/0x1ba0 mm/zswap.c:1546 swap_writepage+0x647/0xce0 mm/page_io.c:278 pageout mm/vmscan.c:696 [inline] shrink_folio_list+0x33e8/0x5910 mm/vmscan.c:1406 reclaim_folio_list+0x13c/0x5f0 mm/vmscan.c:2186 reclaim_pages+0x49e/0x5e0 mm/vmscan.c:2223 madvise_cold_or_pageout_pte_range+0x1ea5/0x2350 mm/madvise.c:558 walk_pmd_range mm/pagewalk.c:130 [inline] walk_pud_range mm/pagewalk.c:226 [inline] walk_p4d_range mm/pagewalk.c:264 [inline] walk_pgd_range+0xc3d/0x17e0 mm/pagewalk.c:305 __walk_page_range+0x15f/0x700 mm/pagewalk.c:412 walk_page_range_mm+0x58f/0x7c0 mm/pagewalk.c:505 madvise_pageout_page_range mm/madvise.c:617 [inline] madvise_pageout mm/madvise.c:644 [inline] madvise_vma_behavior mm/madvise.c:1266 [inline] madvise_walk_vmas mm/madvise.c:1502 [inline] do_madvise+0x393b/0x4d90 mm/madvise.c:1689 __do_sys_madvise mm/madvise.c:1705 [inline] __se_sys_madvise mm/madvise.c:1703 [inline] __x64_sys_madvise+0xa6/0xc0 mm/madvise.c:1703 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (&mm->mmap_lock){++++}-{4:4}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 down_read_killable+0xca/0xd30 kernel/locking/rwsem.c:1547 mmap_read_lock_killable+0x1d/0x70 include/linux/mmap_lock.h:193 get_mmap_lock_carefully mm/memory.c:6247 [inline] lock_mm_and_find_vma+0x29c/0x2f0 mm/memory.c:6298 do_user_addr_fault arch/x86/mm/fault.c:1360 [inline] handle_page_fault arch/x86/mm/fault.c:1480 [inline] exc_page_fault+0x1bf/0x8b0 arch/x86/mm/fault.c:1538 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 filldir64+0x2b1/0x690 fs/readdir.c:371 dir_emit include/linux/fs.h:3824 [inline] dcache_readdir+0x3a5/0x650 fs/libfs.c:209 iterate_dir+0x5a9/0x760 fs/readdir.c:108 __do_sys_getdents64 fs/readdir.c:403 [inline] __se_sys_getdents64+0x1e2/0x4b0 fs/readdir.c:389 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&sb->s_type->i_mutex_key#3){++++}-{4:4}: check_prev_add kernel/locking/lockdep.c:3163 [inline] check_prevs_add kernel/locking/lockdep.c:3282 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 down_write+0x99/0x220 kernel/locking/rwsem.c:1577 inode_lock include/linux/fs.h:865 [inline] start_creating+0x130/0x310 fs/debugfs/inode.c:374 __debugfs_create_file+0x73/0x4b0 fs/debugfs/inode.c:423 relay_create_buf_file kernel/relay.c:360 [inline] relay_open_buf+0x600/0xd60 kernel/relay.c:389 relay_open+0x3aa/0x890 kernel/relay.c:517 do_blk_trace_setup+0x573/0x9b0 kernel/trace/blktrace.c:590 blk_trace_setup+0x116/0x1f0 kernel/trace/blktrace.c:632 sg_ioctl_common drivers/scsi/sg.c:1114 [inline] sg_ioctl+0xa46/0x2e80 drivers/scsi/sg.c:1156 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#3 --> cpu_hotplug_lock --> relay_channels_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(relay_channels_mutex); lock(cpu_hotplug_lock); lock(relay_channels_mutex); lock(&sb->s_type->i_mutex_key#3); *** DEADLOCK *** 2 locks held by syz.2.2195/18106: #0: ffff888025b39ca8 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0 kernel/trace/blktrace.c:631 #1: ffffffff8e98a608 (relay_channels_mutex){+.+.}-{4:4}, at: relay_open+0x338/0x890 kernel/relay.c:515 stack backtrace: CPU: 0 UID: 0 PID: 18106 Comm: syz.2.2195 Not tainted 6.13.0-rc6-next-20250107-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2076 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2208 check_prev_add kernel/locking/lockdep.c:3163 [inline] check_prevs_add kernel/locking/lockdep.c:3282 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3906 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 down_write+0x99/0x220 kernel/locking/rwsem.c:1577 inode_lock include/linux/fs.h:865 [inline] start_creating+0x130/0x310 fs/debugfs/inode.c:374 __debugfs_create_file+0x73/0x4b0 fs/debugfs/inode.c:423 relay_create_buf_file kernel/relay.c:360 [inline] relay_open_buf+0x600/0xd60 kernel/relay.c:389 relay_open+0x3aa/0x890 kernel/relay.c:517 do_blk_trace_setup+0x573/0x9b0 kernel/trace/blktrace.c:590 blk_trace_setup+0x116/0x1f0 kernel/trace/blktrace.c:632 sg_ioctl_common drivers/scsi/sg.c:1114 [inline] sg_ioctl+0xa46/0x2e80 drivers/scsi/sg.c:1156 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2e62785d29 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2e63538038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f2e62976080 RCX: 00007f2e62785d29 RDX: 0000000020000540 RSI: 00000000c0481273 RDI: 0000000000000008 RBP: 00007f2e62801b08 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f2e62976080 R15: 00007ffe28329a68