netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
======================================================
WARNING: possible circular locking dependency detected
4.19.185-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.0/21806 is trying to acquire lock:
00000000218578ce (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
but task is already holding lock:
000000000c680023 (jfs_log_mutex){+.+.}, at: lmLogOpen+0xd2/0x11e0 fs/jfs/jfs_logmgr.c:1092
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (jfs_log_mutex){+.+.}:
lmLogClose+0x70/0x610 fs/jfs/jfs_logmgr.c:1465
jfs_umount+0x25f/0x310 fs/jfs/jfs_umount.c:129
jfs_put_super+0x61/0x140 fs/jfs/super.c:223
generic_shutdown_super+0x144/0x370 fs/super.c:456
kill_block_super+0x97/0xf0 fs/super.c:1185
deactivate_locked_super+0x94/0x160 fs/super.c:329
deactivate_super+0x174/0x1a0 fs/super.c:360
cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #1 (&type->s_umount_key#83){++++}:
__get_super.part.0+0x209/0x2e0 fs/super.c:698
__get_super include/linux/spinlock.h:329 [inline]
get_super+0x2b/0x50 fs/super.c:727
fsync_bdev+0x14/0xc0 fs/block_dev.c:483
invalidate_partition+0x74/0xb0 block/genhd.c:1592
drop_partitions.isra.0+0x9c/0x190 block/partition-generic.c:454
rescan_partitions+0xab/0x970 block/partition-generic.c:527
__blkdev_reread_part+0x189/0x220 block/ioctl.c:173
blkdev_reread_part+0x23/0x40 block/ioctl.c:193
loop_reread_partitions drivers/block/loop.c:645 [inline]
loop_set_status+0x103e/0x1800 drivers/block/loop.c:1330
loop_set_status_old+0x1bb/0x250 drivers/block/loop.c:1440
lo_ioctl+0x3b5/0x20e0 drivers/block/loop.c:1584
__blkdev_driver_ioctl block/ioctl.c:303 [inline]
blkdev_ioctl+0x5cb/0x1a80 block/ioctl.c:601
block_ioctl+0xe9/0x130 fs/block_dev.c:1906
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&bdev->bd_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:928 [inline]
__mutex_lock+0xd7/0x1260 kernel/locking/mutex.c:1075
__blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
blkdev_get+0x48f/0x940 fs/block_dev.c:1627
blkdev_get_by_dev+0x3b/0x70 fs/block_dev.c:1752
lmLogOpen+0x40f/0x11e0 fs/jfs/jfs_logmgr.c:1125
jfs_mount_rw+0x286/0x4b0 fs/jfs/jfs_mount.c:272
jfs_fill_super+0x814/0xb50 fs/jfs/super.c:598
mount_bdev+0x2fc/0x3b0 fs/super.c:1158
mount_fs+0xa3/0x310 fs/super.c:1261
vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2469 [inline]
do_mount+0x113c/0x2f10 fs/namespace.c:2799
ksys_mount+0xcf/0x130 fs/namespace.c:3015
__do_sys_mount fs/namespace.c:3029 [inline]
__se_sys_mount fs/namespace.c:3026 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3026
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Chain exists of:
&bdev->bd_mutex --> &type->s_umount_key#83 --> jfs_log_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(jfs_log_mutex);
lock(&type->s_umount_key#83);
lock(jfs_log_mutex);
lock(&bdev->bd_mutex);
*** DEADLOCK ***
2 locks held by syz-executor.0/21806:
#0: 00000000ad185b83 (&type->s_umount_key#82/1){+.+.}, at: alloc_super fs/super.c:226 [inline]
#0: 00000000ad185b83 (&type->s_umount_key#82/1){+.+.}, at: sget_userns+0x20b/0xcd0 fs/super.c:519
#1: 000000000c680023 (jfs_log_mutex){+.+.}, at: lmLogOpen+0xd2/0x11e0 fs/jfs/jfs_logmgr.c:1092
stack backtrace:
CPU: 0 PID: 21806 Comm: syz-executor.0 Not tainted 4.19.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1221
check_prev_add kernel/locking/lockdep.c:1865 [inline]
check_prevs_add kernel/locking/lockdep.c:1978 [inline]
validate_chain kernel/locking/lockdep.c:2419 [inline]
__lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3415
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907
__mutex_lock_common kernel/locking/mutex.c:928 [inline]
__mutex_lock+0xd7/0x1260 kernel/locking/mutex.c:1075
__blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478
blkdev_get+0x48f/0x940 fs/block_dev.c:1627
blkdev_get_by_dev+0x3b/0x70 fs/block_dev.c:1752
lmLogOpen+0x40f/0x11e0 fs/jfs/jfs_logmgr.c:1125
jfs_mount_rw+0x286/0x4b0 fs/jfs/jfs_mount.c:272
jfs_fill_super+0x814/0xb50 fs/jfs/super.c:598
mount_bdev+0x2fc/0x3b0 fs/super.c:1158
mount_fs+0xa3/0x310 fs/super.c:1261
vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2469 [inline]
do_mount+0x113c/0x2f10 fs/namespace.c:2799
ksys_mount+0xcf/0x130 fs/namespace.c:3015
__do_sys_mount fs/namespace.c:3029 [inline]
__se_sys_mount fs/namespace.c:3026 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3026
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x46797a
Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb130cc4fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000046797a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb130cc5000
RBP: 00007fb130cc5040 R08: 00007fb130cc5040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
R13: 0000000020000100 R14: 00007fb130cc5000 R15: 000000002006d200
audit: type=1804 audit(1617801509.674:192): pid=21788 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/2/bus" dev="sda1" ino=14238 res=1
print_req_error: I/O error, dev loop50, sector 8
audit: type=1804 audit(1617801509.864:193): pid=21838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/2/bus" dev="sda1" ino=14238 res=1
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1804 audit(1617801509.884:194): pid=21837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/2/bus" dev="sda1" ino=14238 res=1
F2FS-fs (loop2): Invalid log sectors per block(3976200195) log sectorsize(9)
F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
F2FS-fs (loop2): Found nat_bits in checkpoint
print_req_error: I/O error, dev loop50, sector 8
audit: type=1804 audit(1617801510.204:195): pid=21878 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/3/bus" dev="sda1" ino=14270 res=1
print_req_error: I/O error, dev loop50, sector 8
F2FS-fs (loop2): Mounted with checkpoint version = 7ad43cd6
F2FS-fs (loop2): Invalid log sectors per block(3992977411) log sectorsize(9)
F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
Bluetooth: hci5: command 0x0419 tx timeout
audit: type=1804 audit(1617801511.164:196): pid=21969 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/668/bus" dev="sda1" ino=14266 res=1
audit: type=1804 audit(1617801511.744:197): pid=21997 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/4/bus" dev="sda1" ino=14285 res=1
audit: type=1804 audit(1617801511.994:198): pid=22029 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/668/bus" dev="sda1" ino=14266 res=1
audit: type=1804 audit(1617801512.064:199): pid=22028 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/668/bus" dev="sda1" ino=14266 res=1
audit: type=1804 audit(1617801513.244:200): pid=22091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/5/bus" dev="sda1" ino=14290 res=1
f2fs_msg: 18 callbacks suppressed
F2FS-fs (loop2): Invalid blocksize (2048), supports only 4KB
F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop2): Found nat_bits in checkpoint
F2FS-fs (loop2): Mounted with checkpoint version = 7ad43cd6
F2FS-fs (loop2): Invalid log sectors per block(33554435) log sectorsize(9)
F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop2): Found nat_bits in checkpoint
F2FS-fs (loop2): Mounted with checkpoint version = 7ad43cd6
F2FS-fs (loop2): Invalid log sectors per block(50331651) log sectorsize(9)
F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
audit: type=1804 audit(1617801515.434:201): pid=22226 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/674/file0" dev="sda1" ino=14387 res=1
audit: type=1804 audit(1617801515.474:202): pid=22226 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/674/file0" dev="sda1" ino=14387 res=1
audit: type=1804 audit(1617801515.474:203): pid=22226 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/674/file0" dev="sda1" ino=14387 res=1
device wlan1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
audit: type=1804 audit(1617801515.484:204): pid=22234 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/674/file0" dev="sda1" ino=14387 res=1
device wlan1 left promiscuous mode
device wlan1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
device wlan1 left promiscuous mode
device wlan1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
device wlan1 left promiscuous mode
ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead
device wlan1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
device wlan1 left promiscuous mode
x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
device wlan1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.