Warning: Permanently added '10.128.15.196' (ED25519) to the list of known hosts. 2024/11/16 23:31:10 ignoring optional flag "sandboxArg"="0" 2024/11/16 23:31:11 parsed 1 programs [ 69.388616][ T2642] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/11/16 23:31:20 executed programs: 0 [ 75.955030][ T3109] [ 75.957370][ T3109] ====================================================== [ 75.964465][ T3109] WARNING: possible circular locking dependency detected [ 75.971657][ T3109] 6.12.0-rc4-syzkaller #0 Not tainted [ 75.977038][ T3109] ------------------------------------------------------ [ 75.984058][ T3109] syz.3.15/3109 is trying to acquire lock: [ 75.989847][ T3109] ffff88810b3f3918 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x92/0x100 [ 75.998712][ T3109] [ 75.998712][ T3109] but task is already holding lock: [ 76.006184][ T3109] ffff888103f3c278 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_setup+0xa8/0x190 [ 76.015492][ T3109] [ 76.015492][ T3109] which lock already depends on the new lock. [ 76.015492][ T3109] [ 76.026398][ T3109] [ 76.026398][ T3109] the existing dependency chain (in reverse order) is: [ 76.035387][ T3109] [ 76.035387][ T3109] -> #3 (&q->debugfs_mutex){+.+.}-{3:3}: [ 76.043189][ T3109] lock_acquire+0x1ed/0x550 [ 76.048188][ T3109] __mutex_lock+0x136/0xd70 [ 76.053196][ T3109] blk_mq_init_sched+0x39f/0x730 [ 76.058634][ T3109] elevator_init_mq+0x15f/0x240 [ 76.063981][ T3109] add_disk_fwnode+0xfe/0xd20 [ 76.069152][ T3109] sd_probe+0xa77/0x10c0 [ 76.073890][ T3109] really_probe+0x2eb/0x960 [ 76.078976][ T3109] __driver_probe_device+0x138/0x310 [ 76.084843][ T3109] driver_probe_device+0x4b/0x3a0 [ 76.090921][ T3109] __driver_attach_async_helper+0x133/0x250 [ 76.097311][ T3109] async_run_entry_fn+0x9e/0x3f0 [ 76.102766][ T3109] process_scheduled_works+0x96c/0x1540 [ 76.108893][ T3109] worker_thread+0x727/0xb10 [ 76.113978][ T3109] kthread+0x2e0/0x380 [ 76.118543][ T3109] ret_from_fork+0x32/0x60 [ 76.123455][ T3109] ret_from_fork_asm+0x1a/0x30 [ 76.128717][ T3109] [ 76.128717][ T3109] -> #2 (&q->q_usage_counter(io)){++++}-{0:0}: [ 76.137034][ T3109] lock_acquire+0x1ed/0x550 [ 76.142039][ T3109] blk_mq_submit_bio+0x3d0/0x1a00 [ 76.147562][ T3109] __submit_bio+0x1cc/0x410 [ 76.152573][ T3109] submit_bio_noacct_nocheck+0x422/0xdf0 [ 76.158786][ T3109] ext4_bio_write_folio+0xd33/0x1540 [ 76.164602][ T3109] mpage_submit_folio+0x142/0x1a0 [ 76.170206][ T3109] ext4_do_writepages+0x19ab/0x3090 [ 76.175897][ T3109] ext4_writepages+0x201/0x380 [ 76.181154][ T3109] do_writepages+0x357/0x880 [ 76.186239][ T3109] __writeback_single_inode+0xf9/0xbe0 [ 76.192197][ T3109] writeback_sb_inodes+0x678/0x1020 [ 76.197901][ T3109] __writeback_inodes_wb+0x11c/0x1e0 [ 76.203681][ T3109] wb_writeback+0x366/0x800 [ 76.208678][ T3109] wb_workfn+0xac5/0xec0 [ 76.213432][ T3109] process_scheduled_works+0x96c/0x1540 [ 76.219481][ T3109] worker_thread+0x727/0xb10 [ 76.224563][ T3109] kthread+0x2e0/0x380 [ 76.229122][ T3109] ret_from_fork+0x32/0x60 [ 76.234118][ T3109] ret_from_fork_asm+0x1a/0x30 [ 76.239381][ T3109] [ 76.239381][ T3109] -> #1 (jbd2_handle){++++}-{0:0}: [ 76.246736][ T3109] lock_acquire+0x1ed/0x550 [ 76.251821][ T3109] start_this_handle+0x1b1b/0x1d80 [ 76.257428][ T3109] jbd2__journal_start+0x2a5/0x580 [ 76.263127][ T3109] __ext4_journal_start_sb+0x182/0x410 [ 76.269622][ T3109] ext4_dirty_inode+0x8d/0x100 [ 76.274877][ T3109] __mark_inode_dirty+0x227/0xa30 [ 76.280481][ T3109] touch_atime+0x2e3/0x4e0 [ 76.285516][ T3109] ext4_file_mmap+0x13f/0x460 [ 76.290687][ T3109] mmap_region+0x1136/0x2250 [ 76.295771][ T3109] do_mmap+0x708/0xc80 [ 76.300353][ T3109] vm_mmap_pgoff+0x202/0x350 [ 76.305537][ T3109] ksys_mmap_pgoff+0x41e/0x610 [ 76.310806][ T3109] do_syscall_64+0xf3/0x210 [ 76.315803][ T3109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.322186][ T3109] [ 76.322186][ T3109] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 76.329799][ T3109] validate_chain+0x18ef/0x5920 [ 76.335151][ T3109] __lock_acquire+0x1384/0x2050 [ 76.340581][ T3109] lock_acquire+0x1ed/0x550 [ 76.345576][ T3109] __might_fault+0xab/0x100 [ 76.351198][ T3109] _copy_from_user+0x25/0xa0 [ 76.356309][ T3109] blk_trace_setup+0xc7/0x190 [ 76.361513][ T3109] sg_ioctl+0xafd/0x2b40 [ 76.366260][ T3109] __se_sys_ioctl+0xa8/0xf0 [ 76.371265][ T3109] do_syscall_64+0xf3/0x210 [ 76.376272][ T3109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.382669][ T3109] [ 76.382669][ T3109] other info that might help us debug this: [ 76.382669][ T3109] [ 76.392883][ T3109] Chain exists of: [ 76.392883][ T3109] &mm->mmap_lock --> &q->q_usage_counter(io) --> &q->debugfs_mutex [ 76.392883][ T3109] [ 76.406874][ T3109] Possible unsafe locking scenario: [ 76.406874][ T3109] [ 76.414330][ T3109] CPU0 CPU1 [ 76.419669][ T3109] ---- ---- [ 76.425021][ T3109] lock(&q->debugfs_mutex); [ 76.429583][ T3109] lock(&q->q_usage_counter(io)); [ 76.437183][ T3109] lock(&q->debugfs_mutex); [ 76.444297][ T3109] rlock(&mm->mmap_lock); [ 76.448690][ T3109] [ 76.448690][ T3109] *** DEADLOCK *** [ 76.448690][ T3109] [ 76.456829][ T3109] 1 lock held by syz.3.15/3109: [ 76.461832][ T3109] #0: ffff888103f3c278 (&q->debugfs_mutex){+.+.}-{3:3}, at: blk_trace_setup+0xa8/0x190 [ 76.471722][ T3109] [ 76.471722][ T3109] stack backtrace: [ 76.477601][ T3109] CPU: 0 UID: 0 PID: 3109 Comm: syz.3.15 Not tainted 6.12.0-rc4-syzkaller #0 [ 76.486329][ T3109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 76.496392][ T3109] Call Trace: [ 76.499659][ T3109] [ 76.502567][ T3109] dump_stack_lvl+0x198/0x250 [ 76.507226][ T3109] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.512397][ T3109] ? __pfx__printk+0x10/0x10 [ 76.516960][ T3109] print_circular_bug+0x13a/0x1b0 [ 76.521961][ T3109] check_noncircular+0x36a/0x4a0 [ 76.526911][ T3109] ? __pfx_check_noncircular+0x10/0x10 [ 76.532428][ T3109] ? lockdep_lock+0x123/0x2b0 [ 76.537083][ T3109] ? stack_trace_save+0x118/0x1d0 [ 76.542091][ T3109] validate_chain+0x18ef/0x5920 [ 76.546925][ T3109] ? __pfx_validate_chain+0x10/0x10 [ 76.552190][ T3109] ? __pfx_validate_chain+0x10/0x10 [ 76.557364][ T3109] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 76.563524][ T3109] ? kernel_text_address+0x8a/0xd0 [ 76.569127][ T3109] ? __kernel_text_address+0xd/0x40 [ 76.574293][ T3109] ? unwind_get_return_address+0x4d/0x90 [ 76.579909][ T3109] ? arch_stack_walk+0xfd/0x150 [ 76.584739][ T3109] ? mark_lock+0x9a/0x360 [ 76.589041][ T3109] ? __lock_acquire+0x1384/0x2050 [ 76.594053][ T3109] ? mark_lock+0x9a/0x360 [ 76.598357][ T3109] __lock_acquire+0x1384/0x2050 [ 76.603459][ T3109] lock_acquire+0x1ed/0x550 [ 76.607941][ T3109] ? __might_fault+0x92/0x100 [ 76.612591][ T3109] ? __pfx_lock_acquire+0x10/0x10 [ 76.617599][ T3109] ? __pfx___might_resched+0x10/0x10 [ 76.622854][ T3109] ? blk_trace_setup+0xa8/0x190 [ 76.627676][ T3109] ? tomoyo_path_number_perm+0x1e1/0x770 [ 76.633295][ T3109] ? __pfx___mutex_lock+0x10/0x10 [ 76.638290][ T3109] ? lockdep_hardirqs_on+0x99/0x150 [ 76.643579][ T3109] ? __might_fault+0x92/0x100 [ 76.648248][ T3109] __might_fault+0xab/0x100 [ 76.652812][ T3109] ? __might_fault+0x92/0x100 [ 76.657460][ T3109] _copy_from_user+0x25/0xa0 [ 76.662025][ T3109] blk_trace_setup+0xc7/0x190 [ 76.666775][ T3109] ? __lock_acquire+0x1384/0x2050 [ 76.671790][ T3109] ? __pfx_blk_trace_setup+0x10/0x10 [ 76.677060][ T3109] sg_ioctl+0xafd/0x2b40 [ 76.681300][ T3109] ? __pfx_sg_ioctl+0x10/0x10 [ 76.685975][ T3109] ? __fget_files+0x24/0x340 [ 76.690551][ T3109] __se_sys_ioctl+0xa8/0xf0 [ 76.695033][ T3109] do_syscall_64+0xf3/0x210 [ 76.699611][ T3109] ? clear_bhb_loop+0x55/0xb0 [ 76.704476][ T3109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.710348][ T3109] RIP: 0033:0x7f11b677e719 [ 76.714848][ T3109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.734468][ T3109] RSP: 002b:00007f11b74df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.742867][ T3109] RAX: ffffffffffffffda RBX: 00007f11b6935f80 RCX: 00007f11b677e719 [ 76.750815][ T3109] RDX: 0000000000000000 RSI: 00000000c0481273 RDI: 0000000000000003 [ 76.758760][ T3109] RBP: 00007f11b67f139e R08: 0000000000000000 R09: 0000000000000000 [ 76.766707][ T3109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.774653][ T3109] R13: 0000000000000000 R14: 00007f11b6935f80 R15: 00007ffde84963e8 [ 76.782621][ T3109] [ 76.790620][ T3110] loop3: detected capacity change from 0 to 512 [ 76.813965][ T3110] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.15: invalid indirect mapped block 256 (level 2) [ 76.827547][ T3110] EXT4-fs (loop3): 2 truncates cleaned up [ 76.833817][ T3110] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.853363][ T2691] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.128759][ T3529] loop4: detected capacity change from 0 to 512 [ 80.140076][ T3529] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.18: invalid indirect mapped block 256 (level 2) [ 80.153946][ T3529] EXT4-fs (loop4): 2 truncates cleaned up [ 80.160579][ T3529] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.183675][ T3114] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. 2024/11/16 23:31:27 executed programs: 8 [ 83.481652][ T3950] loop5: detected capacity change from 0 to 512 [ 83.491815][ T3950] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.21: invalid indirect mapped block 256 (level 2) [ 83.505480][ T3950] EXT4-fs (loop5): 2 truncates cleaned up [ 83.511531][ T3950] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.587718][ T3534] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.