BTRFS info (device loop0): enabling ssd optimizations
BTRFS info (device loop0): using spread ssd allocation scheme
BTRFS info (device loop0): using free space tree
BTRFS info (device loop0): has skinny extents
======================================================
WARNING: possible circular locking dependency detected
4.14.307-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.0/10225 is trying to acquire lock:
("%s-%s""btrfs", name){+.+.}, at: [<ffffffff8135cb4b>] flush_workqueue+0xcb/0x1310 kernel/workqueue.c:2622
but task is already holding lock:
(&fs_info->scrub_lock){+.+.}, at: [<ffffffff82b1bdb6>] btrfs_scrub_dev+0x506/0xcd0 fs/btrfs/scrub.c:4217
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&fs_info->scrub_lock){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
btrfs_scrub_dev+0x1f3/0xcd0 fs/btrfs/scrub.c:4150
btrfs_ioctl_scrub fs/btrfs/ioctl.c:4451 [inline]
btrfs_ioctl+0xba8/0x5b20 fs/btrfs/ioctl.c:5681
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
-> #2 (&fs_devs->device_list_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
__reada_start_machine fs/btrfs/reada.c:765 [inline]
reada_start_machine_worker+0x1d2/0xa90 fs/btrfs/reada.c:746
normal_work_helper+0x304/0x1330 fs/btrfs/async-thread.c:376
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
-> #1 ((&work->normal_work)){+.+.}:
process_one_work+0x736/0x14a0 kernel/workqueue.c:2093
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:406
-> #0 ("%s-%s""btrfs", name){+.+.}:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2625
drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2790
destroy_workqueue+0x71/0x710 kernel/workqueue.c:4116
__btrfs_destroy_workqueue fs/btrfs/async-thread.c:436 [inline]
btrfs_destroy_workqueue+0xf8/0x630 fs/btrfs/async-thread.c:447
scrub_workers_put+0x90/0x1a0 fs/btrfs/scrub.c:4075
btrfs_scrub_dev+0x536/0xcd0 fs/btrfs/scrub.c:4219
btrfs_ioctl_scrub fs/btrfs/ioctl.c:4451 [inline]
btrfs_ioctl+0xba8/0x5b20 fs/btrfs/ioctl.c:5681
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
other info that might help us debug this:
Chain exists of:
"%s-%s""btrfs", name --> &fs_devs->device_list_mutex --> &fs_info->scrub_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&fs_info->scrub_lock);
lock(&fs_devs->device_list_mutex);
lock(&fs_info->scrub_lock);
lock("%s-%s""btrfs", name);
*** DEADLOCK ***
1 lock held by syz-executor.0/10225:
#0: (&fs_info->scrub_lock){+.+.}, at: [<ffffffff82b1bdb6>] btrfs_scrub_dev+0x506/0xcd0 fs/btrfs/scrub.c:4217
stack backtrace:
CPU: 1 PID: 10225 Comm: syz-executor.0 Not tainted 4.14.307-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1905 [inline]
check_prevs_add kernel/locking/lockdep.c:2022 [inline]
validate_chain kernel/locking/lockdep.c:2464 [inline]
__lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2625
drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2790
destroy_workqueue+0x71/0x710 kernel/workqueue.c:4116
__btrfs_destroy_workqueue fs/btrfs/async-thread.c:436 [inline]
btrfs_destroy_workqueue+0xf8/0x630 fs/btrfs/async-thread.c:447
scrub_workers_put+0x90/0x1a0 fs/btrfs/scrub.c:4075
btrfs_scrub_dev+0x536/0xcd0 fs/btrfs/scrub.c:4219
btrfs_ioctl_scrub fs/btrfs/ioctl.c:4451 [inline]
btrfs_ioctl+0xba8/0x5b20 fs/btrfs/ioctl.c:5681
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f140f8520f9
RSP: 002b:00007f140ddc4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f140f971f80 RCX: 00007f140f8520f9
RDX: 0000000020000100 RSI: 00000000c400941b RDI: 0000000000000004
RBP: 00007f140f8adae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb43b8fff R14: 00007f140ddc4300 R15: 0000000000022000
EXT4-fs (loop3): Ignoring removed nobh option
EXT4-fs (loop3): Unsupported blocksize for fs encryption
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
EXT4-fs (loop3): Ignoring removed nobh option
EXT4-fs (loop3): Unsupported blocksize for fs encryption
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
EXT4-fs (loop5): Ignoring removed nobh option
EXT4-fs (loop5): Unsupported blocksize for fs encryption
new mount options do not match the existing superblock, will be ignored
EXT4-fs (loop3): Ignoring removed nobh option
EXT4-fs (loop3): Unsupported blocksize for fs encryption
hub 5-0:1.0: USB hub found
hub 5-0:1.0: 1 port detected
new mount options do not match the existing superblock, will be ignored
hub 5-0:1.0: USB hub found
hub 5-0:1.0: 1 port detected
new mount options do not match the existing superblock, will be ignored
xt_policy: too many policy elements
hub 5-0:1.0: USB hub found
hub 5-0:1.0: 1 port detected
EXT4-fs (loop5): Ignoring removed nobh option
EXT4-fs (loop5): Unsupported blocksize for fs encryption
new mount options do not match the existing superblock, will be ignored
hub 5-0:1.0: USB hub found
hub 5-0:1.0: 1 port detected
EXT4-fs (loop3): Ignoring removed nobh option
EXT4-fs (loop3): Unsupported blocksize for fs encryption
EXT4-fs (loop5): Ignoring removed nobh option
EXT4-fs (loop5): Unsupported blocksize for fs encryption
ISO 9660 Extensions: Microsoft Joliet Level 3
ISOFS: changing to secondary root
ISO 9660 Extensions: Microsoft Joliet Level 3
ISOFS: changing to secondary root
EXT4-fs (loop2): Unrecognized mount option "�" or missing value
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
ISO 9660 Extensions: Microsoft Joliet Level 3
device dummy0 entered promiscuous mode
ISOFS: changing to secondary root
team0: Device macvtap1 failed to register rx_handler
device dummy0 left promiscuous mode
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
device dummy0 entered promiscuous mode
team0: Device macvtap1 failed to register rx_handler
device dummy0 left promiscuous mode
EXT4-fs (loop2): Unrecognized mount option "�" or missing value
ISO 9660 Extensions: Microsoft Joliet Level 3
print_req_error: I/O error, dev loop2, sector 0
Buffer I/O error on dev loop2, logical block 0, async page read
print_req_error: I/O error, dev loop2, sector 4
Buffer I/O error on dev loop2, logical block 2, async page read
ISOFS: changing to secondary root
print_req_error: I/O error, dev loop2, sector 6
Buffer I/O error on dev loop2, logical block 3, async page read
BTRFS info (device loop1): enabling inode map caching
BTRFS warning (device loop1): excessive commit interval 622039222
BTRFS info (device loop1): force zlib compression
BTRFS info (device loop1): using free space tree
BTRFS info (device loop1): has skinny extents
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
device dummy0 entered promiscuous mode
team0: Device macvtap1 failed to register rx_handler
device dummy0 left promiscuous mode
EXT4-fs (loop2): Unrecognized mount option "�" or missing value
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
device dummy0 entered promiscuous mode
team0: Device macvtap1 failed to register rx_handler
device dummy0 left promiscuous mode
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
device dummy0 entered promiscuous mode
team0: Device macvtap1 failed to register rx_handler
device dummy0 left promiscuous mode
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
device dummy0 entered promiscuous mode
team0: Device macvtap1 failed to register rx_handler
EXT4-fs (loop2): Unrecognized mount option "�" or missing value
device dummy0 left promiscuous mode
print_req_error: I/O error, dev loop2, sector 0
Buffer I/O error on dev loop2, logical block 0, async page read
print_req_error: I/O error, dev loop2, sector 4
Buffer I/O error on dev loop2, logical block 2, async page read
print_req_error: I/O error, dev loop2, sector 6
Buffer I/O error on dev loop2, logical block 3, async page read
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
BTRFS info (device loop1): enabling inode map caching
chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19
BTRFS warning (device loop1): excessive commit interval 622039222
caif:caif_disconnect_client(): nothing to disconnect
BTRFS info (device loop1): force zlib compression
chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT
BTRFS info (device loop1): using free space tree
chnl_net:chnl_net_open(): state disconnected
BTRFS info (device loop1): has skinny extents
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
device dummy0 entered promiscuous mode
team0: Device macvtap1 failed to register rx_handler
device dummy0 left promiscuous mode
Zero length message leads to an empty skb
BTRFS info (device loop1): enabling inode map caching
BTRFS warning (device loop1): excessive commit interval 622039222
BTRFS info (device loop1): force zlib compression
BTRFS info (device loop1): using free space tree
BTRFS info (device loop1): has skinny extents
BTRFS info (device loop1): enabling inode map caching