====================================================== WARNING: possible circular locking dependency detected 6.13.0-rc2-syzkaller-g21f1b85c8912 #0 Not tainted ------------------------------------------------------ kworker/1:4/3857 is trying to acquire lock: ff60000019bef110 (&q->sysfs_lock){+.+.}-{4:4}, at: blk_unregister_queue+0x120/0x276 block/blk-sysfs.c:867 but task is already holding lock: ff60000019bef1a0 (&q->sysfs_dir_lock){+.+.}-{4:4}, at: blk_unregister_queue+0xd4/0x276 block/blk-sysfs.c:858 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #8 (&q->sysfs_dir_lock){+.+.}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x166/0x1082 kernel/locking/mutex.c:735 mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:787 blk_mq_sysfs_unregister_hctxs+0xa4/0x288 block/blk-mq-sysfs.c:278 __blk_mq_update_nr_hw_queues+0x59c/0x1326 block/blk-mq.c:5008 blk_mq_update_nr_hw_queues+0x32/0x4a block/blk-mq.c:5063 nbd_start_device+0x140/0xc00 drivers/block/nbd.c:1413 nbd_start_device_ioctl drivers/block/nbd.c:1464 [inline] __nbd_ioctl drivers/block/nbd.c:1539 [inline] nbd_ioctl+0x474/0xd90 drivers/block/nbd.c:1579 blkdev_ioctl+0x23c/0xca0 block/ioctl.c:693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __riscv_sys_ioctl+0x18e/0x1e2 fs/ioctl.c:892 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #7 (&q->q_usage_counter(io)#20){++++}-{0:0}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 bio_queue_enter block/blk.h:75 [inline] blk_mq_submit_bio+0x20d2/0x26be block/blk-mq.c:3092 __submit_bio+0x32e/0x492 block/blk-core.c:629 __submit_bio_noacct_mq block/blk-core.c:710 [inline] submit_bio_noacct_nocheck+0x740/0xe36 block/blk-core.c:739 submit_bio_noacct+0xa96/0x1e04 block/blk-core.c:868 submit_bio+0xc8/0x4f2 block/blk-core.c:910 submit_bh_wbc+0x42a/0x5a8 fs/buffer.c:2814 submit_bh fs/buffer.c:2819 [inline] block_read_full_folio+0x6e6/0x90a fs/buffer.c:2446 blkdev_read_folio+0x26/0x30 block/fops.c:442 filemap_read_folio+0xc2/0x272 mm/filemap.c:2366 filemap_update_page mm/filemap.c:2450 [inline] filemap_get_pages+0x126c/0x1ba0 mm/filemap.c:2571 filemap_read+0x366/0xc52 mm/filemap.c:2646 blkdev_read_iter+0x164/0x416 block/fops.c:770 do_iter_readv_writev+0x55a/0x686 fs/read_write.c:818 vfs_readv+0x414/0x70c fs/read_write.c:1011 do_preadv+0x1b4/0x250 fs/read_write.c:1125 __do_sys_preadv fs/read_write.c:1172 [inline] __se_sys_preadv fs/read_write.c:1167 [inline] __riscv_sys_preadv+0x88/0xc4 fs/read_write.c:1167 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #6 (mapping.invalidate_lock#2){++++}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 down_read+0xa4/0x45e kernel/locking/rwsem.c:1524 filemap_invalidate_lock_shared include/linux/fs.h:873 [inline] filemap_fault+0x610/0x2c46 mm/filemap.c:3351 __do_fault+0xf4/0x4de mm/memory.c:4907 do_read_fault mm/memory.c:5322 [inline] do_fault mm/memory.c:5456 [inline] do_pte_missing mm/memory.c:3979 [inline] handle_pte_fault mm/memory.c:5801 [inline] __handle_mm_fault+0x1c52/0x4292 mm/memory.c:5944 handle_mm_fault+0x48c/0x886 mm/memory.c:6112 handle_page_fault+0x434/0x1584 arch/riscv/mm/fault.c:346 do_page_fault+0x20/0x56 arch/riscv/kernel/traps.c:362 _new_vmalloc_restore_context_a0+0xc2/0xce fault_in_readable+0x168/0x4a6 mm/gup.c:2244 -> #5 (&mm->mmap_lock){++++}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 __might_fault mm/memory.c:6751 [inline] __might_fault+0xdc/0x138 mm/memory.c:6744 _copy_from_iter+0x120/0x1a38 lib/iov_iter.c:259 copy_from_iter include/linux/uio.h:219 [inline] copy_from_iter_full include/linux/uio.h:236 [inline] skb_do_copy_data_nocache include/net/sock.h:2187 [inline] skb_copy_to_page_nocache include/net/sock.h:2213 [inline] tcp_sendmsg_locked+0x247e/0x3696 net/ipv4/tcp.c:1222 tcp_sendmsg+0x32/0x4e net/ipv4/tcp.c:1358 inet_sendmsg+0x9c/0xda net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0xcc/0x160 net/socket.c:726 sock_write_iter+0x2a0/0x3ba net/socket.c:1147 new_sync_write fs/read_write.c:586 [inline] vfs_write+0x56c/0xa94 fs/read_write.c:679 ksys_write+0x200/0x226 fs/read_write.c:731 __do_sys_write fs/read_write.c:742 [inline] __se_sys_write fs/read_write.c:739 [inline] __riscv_sys_write+0x6e/0x94 fs/read_write.c:739 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #4 (sk_lock-AF_INET){+.+.}-{0:0}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 lock_sock_nested+0x38/0xf6 net/core/sock.c:3622 lock_sock include/net/sock.h:1617 [inline] inet_shutdown+0x6c/0x41c net/ipv4/af_inet.c:905 kernel_sock_shutdown+0x58/0x7a net/socket.c:3670 nbd_mark_nsock_dead+0xb4/0x520 drivers/block/nbd.c:314 recv_work+0x680/0x9d2 drivers/block/nbd.c:957 process_one_work+0x968/0x1f38 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x5be/0xdc6 kernel/workqueue.c:3391 kthread+0x28c/0x3a4 kernel/kthread.c:389 ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326 -> #3 (&nsock->tx_lock){+.+.}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x166/0x1082 kernel/locking/mutex.c:735 mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:787 nbd_handle_cmd drivers/block/nbd.c:1079 [inline] nbd_queue_rq+0x3b8/0xe6a drivers/block/nbd.c:1143 blk_mq_dispatch_rq_list+0x3f0/0x1ab6 block/blk-mq.c:2120 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:170 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:184 [inline] __blk_mq_sched_dispatch_requests+0xaee/0x1370 block/blk-mq-sched.c:309 blk_mq_sched_dispatch_requests+0xb6/0x17c block/blk-mq-sched.c:331 blk_mq_run_hw_queue+0x28c/0x6ba block/blk-mq.c:2354 blk_mq_dispatch_plug_list block/blk-mq.c:2864 [inline] blk_mq_flush_plug_list+0x63c/0x1ebe block/blk-mq.c:2915 __blk_flush_plug+0x270/0x422 block/blk-core.c:1213 blk_finish_plug block/blk-core.c:1240 [inline] blk_finish_plug block/blk-core.c:1237 [inline] __submit_bio+0x3ac/0x492 block/blk-core.c:637 __submit_bio_noacct_mq block/blk-core.c:710 [inline] submit_bio_noacct_nocheck+0x740/0xe36 block/blk-core.c:739 submit_bio_noacct+0xa96/0x1e04 block/blk-core.c:868 submit_bio+0xc8/0x4f2 block/blk-core.c:910 submit_bh_wbc+0x42a/0x5a8 fs/buffer.c:2814 submit_bh fs/buffer.c:2819 [inline] block_read_full_folio+0x6e6/0x90a fs/buffer.c:2446 blkdev_read_folio+0x26/0x30 block/fops.c:442 filemap_read_folio+0xc2/0x272 mm/filemap.c:2366 do_read_cache_folio+0x1e6/0x4d2 mm/filemap.c:3826 read_cache_folio+0x4e/0x68 mm/filemap.c:3858 read_mapping_folio include/linux/pagemap.h:1011 [inline] read_part_sector+0xc0/0x44e block/partitions/core.c:722 read_lba+0x1c8/0x344 block/partitions/efi.c:248 find_valid_gpt.constprop.0+0x206/0x22f2 block/partitions/efi.c:603 efi_partition+0x10a/0xa14 block/partitions/efi.c:720 check_partition block/partitions/core.c:141 [inline] blk_add_partitions block/partitions/core.c:589 [inline] bdev_disk_changed+0x5de/0x139c block/partitions/core.c:693 blkdev_get_whole+0x17c/0x514 block/bdev.c:707 bdev_open+0x86a/0xfa8 block/bdev.c:916 blkdev_open+0x2e2/0x396 block/fops.c:627 do_dentry_open+0xe8e/0x1946 fs/open.c:945 vfs_open+0xbe/0x37c fs/open.c:1075 do_open fs/namei.c:3828 [inline] path_openat+0x1b70/0x28c2 fs/namei.c:3987 do_filp_open+0x19c/0x35c fs/namei.c:4014 do_sys_openat2+0x174/0x1ca fs/open.c:1402 do_sys_open fs/open.c:1417 [inline] __do_sys_openat fs/open.c:1433 [inline] __se_sys_openat fs/open.c:1428 [inline] __riscv_sys_openat+0x178/0x1fe fs/open.c:1428 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #2 (&cmd->lock){+.+.}-{4:4}: lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x166/0x1082 kernel/locking/mutex.c:735 mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:787 nbd_queue_rq+0xbc/0xe6a drivers/block/nbd.c:1135 blk_mq_dispatch_rq_list+0x3f0/0x1ab6 block/blk-mq.c:2120 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:170 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:184 [inline] __blk_mq_sched_dispatch_requests+0xaee/0x1370 block/blk-mq-sched.c:309 blk_mq_sched_dispatch_requests+0xb6/0x17c block/blk-mq-sched.c:331 blk_mq_run_hw_queue+0x28c/0x6ba block/blk-mq.c:2354 blk_mq_dispatch_plug_list block/blk-mq.c:2864 [inline] blk_mq_flush_plug_list+0x63c/0x1ebe block/blk-mq.c:2915 __blk_flush_plug+0x270/0x422 block/blk-core.c:1213 blk_finish_plug block/blk-core.c:1240 [inline] blk_finish_plug block/blk-core.c:1237 [inline] __submit_bio+0x3ac/0x492 block/blk-core.c:637 __submit_bio_noacct_mq block/blk-core.c:710 [inline] submit_bio_noacct_nocheck+0x740/0xe36 block/blk-core.c:739 submit_bio_noacct+0xa96/0x1e04 block/blk-core.c:868 submit_bio+0xc8/0x4f2 block/blk-core.c:910 submit_bh_wbc+0x42a/0x5a8 fs/buffer.c:2814 submit_bh fs/buffer.c:2819 [inline] block_read_full_folio+0x6e6/0x90a fs/buffer.c:2446 blkdev_read_folio+0x26/0x30 block/fops.c:442 filemap_read_folio+0xc2/0x272 mm/filemap.c:2366 do_read_cache_folio+0x1e6/0x4d2 mm/filemap.c:3826 read_cache_folio+0x4e/0x68 mm/filemap.c:3858 read_mapping_folio include/linux/pagemap.h:1011 [inline] read_part_sector+0xc0/0x44e block/partitions/core.c:722 read_lba+0x1c8/0x344 block/partitions/efi.c:248 find_valid_gpt.constprop.0+0x206/0x22f2 block/partitions/efi.c:603 efi_partition+0x10a/0xa14 block/partitions/efi.c:720 check_partition block/partitions/core.c:141 [inline] blk_add_partitions block/partitions/core.c:589 [inline] bdev_disk_changed+0x5de/0x139c block/partitions/core.c:693 blkdev_get_whole+0x17c/0x514 block/bdev.c:707 bdev_open+0x86a/0xfa8 block/bdev.c:916 blkdev_open+0x2e2/0x396 block/fops.c:627 do_dentry_open+0xe8e/0x1946 fs/open.c:945 vfs_open+0xbe/0x37c fs/open.c:1075 do_open fs/namei.c:3828 [inline] path_openat+0x1b70/0x28c2 fs/namei.c:3987 do_filp_open+0x19c/0x35c fs/namei.c:4014 do_sys_openat2+0x174/0x1ca fs/open.c:1402 do_sys_open fs/open.c:1417 [inline] __do_sys_openat fs/open.c:1433 [inline] __se_sys_openat fs/open.c:1428 [inline] __riscv_sys_openat+0x178/0x1fe fs/open.c:1428 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #1 (set->srcu){.+.+}-{0:0}: lock_sync+0x286/0x504 kernel/locking/lockdep.c:5897 srcu_lock_sync include/linux/srcu.h:170 [inline] __synchronize_srcu+0xd4/0x292 kernel/rcu/srcutree.c:1418 synchronize_srcu_expedited kernel/rcu/srcutree.c:1458 [inline] synchronize_srcu+0x172/0x414 kernel/rcu/srcutree.c:1513 blk_mq_wait_quiesce_done block/blk-mq.c:291 [inline] blk_mq_wait_quiesce_done block/blk-mq.c:288 [inline] blk_mq_quiesce_queue block/blk-mq.c:311 [inline] blk_mq_quiesce_queue+0x12e/0x19e block/blk-mq.c:306 elevator_disable+0x76/0x1e8 block/elevator.c:671 blk_mq_elv_switch_none block/blk-mq.c:4939 [inline] __blk_mq_update_nr_hw_queues+0x390/0x1326 block/blk-mq.c:5003 blk_mq_update_nr_hw_queues+0x32/0x4a block/blk-mq.c:5063 nbd_start_device+0x140/0xc00 drivers/block/nbd.c:1413 nbd_start_device_ioctl drivers/block/nbd.c:1464 [inline] __nbd_ioctl drivers/block/nbd.c:1539 [inline] nbd_ioctl+0x474/0xd90 drivers/block/nbd.c:1579 blkdev_ioctl+0x23c/0xca0 block/ioctl.c:693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __riscv_sys_ioctl+0x18e/0x1e2 fs/ioctl.c:892 syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 _new_vmalloc_restore_context_a0+0xc2/0xce -> #0 (&q->sysfs_lock){+.+.}-{4:4}: check_noncircular+0x2ba/0x354 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x2e4e/0x8594 kernel/locking/lockdep.c:5226 lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x166/0x1082 kernel/locking/mutex.c:735 mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:787 blk_unregister_queue+0x120/0x276 block/blk-sysfs.c:867 del_gendisk+0x2ac/0x9f4 block/genhd.c:710 md_kobj_release+0xb0/0x106 drivers/md/md.c:5742 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x238/0x4f0 lib/kobject.c:737 mddev_delayed_delete+0x20/0x2a drivers/md/md.c:5821 process_one_work+0x968/0x1f38 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x5be/0xdc6 kernel/workqueue.c:3391 kthread+0x28c/0x3a4 kernel/kthread.c:389 ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326 other info that might help us debug this: Chain exists of: &q->sysfs_lock --> &q->q_usage_counter(io)#20 --> &q->sysfs_dir_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&q->sysfs_dir_lock); lock(&q->q_usage_counter(io)#20); lock(&q->sysfs_dir_lock); lock(&q->sysfs_lock); *** DEADLOCK *** 3 locks held by kworker/1:4/3857: #0: ff600000142e0948 ((wq_completion)md_misc){+.+.}-{0:0}, at: process_one_work+0x848/0x1f38 kernel/workqueue.c:3204 #1: ff2000000cf27c90 ((work_completion)(&mddev->del_work)){+.+.}-{0:0}, at: process_one_work+0x870/0x1f38 kernel/workqueue.c:3204 #2: ff60000019bef1a0 (&q->sysfs_dir_lock){+.+.}-{4:4}, at: blk_unregister_queue+0xd4/0x276 block/blk-sysfs.c:858 stack backtrace: CPU: 1 UID: 0 PID: 3857 Comm: kworker/1:4 Not tainted 6.13.0-rc2-syzkaller-g21f1b85c8912 #0 Hardware name: riscv-virtio,qemu (DT) Workqueue: md_misc mddev_delayed_delete Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130 [] show_stack+0x30/0x3c arch/riscv/kernel/stacktrace.c:136 [] __dump_stack lib/dump_stack.c:94 [inline] [] dump_stack_lvl+0x12e/0x1a6 lib/dump_stack.c:120 [] dump_stack+0x1c/0x24 lib/dump_stack.c:129 [] print_circular_bug+0x3a2/0x42c kernel/locking/lockdep.c:2074 [] check_noncircular+0x2ba/0x354 kernel/locking/lockdep.c:2206 [] check_prev_add kernel/locking/lockdep.c:3161 [inline] [] check_prevs_add kernel/locking/lockdep.c:3280 [inline] [] validate_chain kernel/locking/lockdep.c:3904 [inline] [] __lock_acquire+0x2e4e/0x8594 kernel/locking/lockdep.c:5226 [] lock_acquire.part.0+0x2c4/0x81a kernel/locking/lockdep.c:5849 [] lock_acquire+0x74/0x98 kernel/locking/lockdep.c:5822 [] __mutex_lock_common kernel/locking/mutex.c:585 [inline] [] __mutex_lock+0x166/0x1082 kernel/locking/mutex.c:735 [] mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:787 [] blk_unregister_queue+0x120/0x276 block/blk-sysfs.c:867 [] del_gendisk+0x2ac/0x9f4 block/genhd.c:710 [] md_kobj_release+0xb0/0x106 drivers/md/md.c:5742 [] kobject_cleanup lib/kobject.c:689 [inline] [] kobject_release lib/kobject.c:720 [inline] [] kref_put include/linux/kref.h:65 [inline] [] kobject_put+0x238/0x4f0 lib/kobject.c:737 [] mddev_delayed_delete+0x20/0x2a drivers/md/md.c:5821 [] process_one_work+0x968/0x1f38 kernel/workqueue.c:3229 [] process_scheduled_works kernel/workqueue.c:3310 [inline] [] worker_thread+0x5be/0xdc6 kernel/workqueue.c:3391 [] kthread+0x28c/0x3a4 kernel/kthread.c:389 [] ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326