DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2 forked to background, child pid 3169 [ 32.330476][ T3170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.348229][ T3170] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.199' (ECDSA) to the list of known hosts. syzkaller login: [ 57.113895][ T3584] cgroup: Unknown subsys name 'net' [ 57.275106][ T3584] cgroup: Unknown subsys name 'rlimit' executing program [ 57.490968][ T3586] [ 57.493318][ T3586] ====================================================== [ 57.500324][ T3586] WARNING: possible circular locking dependency detected [ 57.507328][ T3586] 5.15.100-syzkaller #0 Not tainted [ 57.512509][ T3586] ------------------------------------------------------ [ 57.519511][ T3586] syz-executor104/3586 is trying to acquire lock: [ 57.525906][ T3586] ffffffff8cebddb0 ((crypto_chain).rwsem){++++}-{3:3}, at: blocking_notifier_call_chain+0x5e/0x1b0 [ 57.536609][ T3586] [ 57.536609][ T3586] but task is already holding lock: [ 57.543965][ T3586] ffff888016cb91b8 (&sb->s_type->i_mutex_key#19){+.+.}-{3:3}, at: vfs_setxattr+0x1dd/0x420 [ 57.553972][ T3586] [ 57.553972][ T3586] which lock already depends on the new lock. [ 57.553972][ T3586] [ 57.564360][ T3586] [ 57.564360][ T3586] the existing dependency chain (in reverse order) is: [ 57.573379][ T3586] [ 57.573379][ T3586] -> #3 (&sb->s_type->i_mutex_key#19){+.+.}-{3:3}: [ 57.582083][ T3586] lock_acquire+0x1ff/0x570 [ 57.587135][ T3586] down_write+0x97/0x170 [ 57.591924][ T3586] hugetlbfs_file_mmap+0x2bc/0x580 [ 57.597559][ T3586] mmap_region+0x10e7/0x1670 [ 57.602679][ T3586] do_mmap+0x78d/0xe00 [ 57.607363][ T3586] vm_mmap_pgoff+0x1ca/0x2d0 [ 57.612489][ T3586] ksys_mmap_pgoff+0x559/0x780 [ 57.617895][ T3586] do_syscall_64+0x3d/0xb0 [ 57.622839][ T3586] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.629263][ T3586] [ 57.629263][ T3586] -> #2 (&mm->mmap_lock#2){++++}-{3:3}: [ 57.636994][ T3586] lock_acquire+0x1ff/0x570 [ 57.642025][ T3586] down_write+0x97/0x170 [ 57.646798][ T3586] mpol_rebind_mm+0x34/0x2b0 [ 57.651929][ T3586] cpuset_attach+0x393/0x540 [ 57.657052][ T3586] cgroup_migrate_execute+0x7fb/0x10e0 [ 57.663120][ T3586] cgroup_attach_task+0x587/0x910 [ 57.668661][ T3586] __cgroup1_procs_write+0x2ec/0x460 [ 57.674466][ T3586] cgroup_file_write+0x2ac/0x670 [ 57.679921][ T3586] kernfs_fop_write_iter+0x3a2/0x4f0 [ 57.685722][ T3586] vfs_write+0xacf/0xe50 [ 57.690474][ T3586] ksys_write+0x1a2/0x2c0 [ 57.695321][ T3586] do_syscall_64+0x3d/0xb0 [ 57.700258][ T3586] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.706666][ T3586] [ 57.706666][ T3586] -> #1 (&cpuset_rwsem){++++}-{0:0}: [ 57.714122][ T3586] lock_acquire+0x1ff/0x570 [ 57.719158][ T3586] cpuset_read_lock+0x40/0x150 [ 57.724431][ T3586] __sched_setscheduler+0x626/0x1df0 [ 57.730235][ T3586] sched_setscheduler_nocheck+0x187/0x2d0 [ 57.736464][ T3586] __kthread_create_on_node+0x31b/0x3f0 [ 57.742524][ T3586] kthread_create_on_node+0xda/0x120 [ 57.748320][ T3586] cryptomgr_notify+0x125/0xc70 [ 57.753682][ T3586] blocking_notifier_call_chain+0x104/0x1b0 [ 57.760109][ T3586] crypto_probing_notify+0x21/0x70 [ 57.765919][ T3586] crypto_wait_for_test+0x3e/0xd0 [ 57.771465][ T3586] crypto_register_alg+0x25b/0x330 [ 57.777138][ T3586] do_one_initcall+0x293/0x930 [ 57.782417][ T3586] do_initcall_level+0x157/0x207 [ 57.787878][ T3586] do_initcalls+0x49/0x86 [ 57.792720][ T3586] kernel_init_freeable+0x43c/0x5c5 [ 57.798517][ T3586] kernel_init+0x19/0x290 [ 57.803363][ T3586] ret_from_fork+0x1f/0x30 [ 57.808302][ T3586] [ 57.808302][ T3586] -> #0 ((crypto_chain).rwsem){++++}-{3:3}: [ 57.817242][ T3586] validate_chain+0x1646/0x58b0 [ 57.822603][ T3586] __lock_acquire+0x1295/0x1ff0 [ 57.828077][ T3586] lock_acquire+0x1ff/0x570 [ 57.833127][ T3586] down_read+0x3b/0x50 [ 57.841117][ T3586] blocking_notifier_call_chain+0x5e/0x1b0 [ 57.847438][ T3586] crypto_alg_mod_lookup+0x4e6/0x710 [ 57.853233][ T3586] crypto_has_alg+0x22/0x110 [ 57.858336][ T3586] ima_inode_setxattr+0x836/0xa10 [ 57.863975][ T3586] security_inode_setxattr+0x1b0/0x230 [ 57.869945][ T3586] __vfs_setxattr_locked+0xa6/0x240 [ 57.875652][ T3586] vfs_setxattr+0x21d/0x420 [ 57.880666][ T3586] setxattr+0x27e/0x2e0 [ 57.885332][ T3586] __se_sys_fsetxattr+0x194/0x210 [ 57.890868][ T3586] do_syscall_64+0x3d/0xb0 [ 57.895809][ T3586] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.902298][ T3586] [ 57.902298][ T3586] other info that might help us debug this: [ 57.902298][ T3586] [ 57.912598][ T3586] Chain exists of: [ 57.912598][ T3586] (crypto_chain).rwsem --> &mm->mmap_lock#2 --> &sb->s_type->i_mutex_key#19 [ 57.912598][ T3586] [ 57.927192][ T3586] Possible unsafe locking scenario: [ 57.927192][ T3586] [ 57.934721][ T3586] CPU0 CPU1 [ 57.940091][ T3586] ---- ---- [ 57.945451][ T3586] lock(&sb->s_type->i_mutex_key#19); [ 57.950994][ T3586] lock(&mm->mmap_lock#2); [ 57.958026][ T3586] lock(&sb->s_type->i_mutex_key#19); [ 57.966008][ T3586] lock((crypto_chain).rwsem); [ 57.970850][ T3586] [ 57.970850][ T3586] *** DEADLOCK *** [ 57.970850][ T3586] [ 57.978979][ T3586] 2 locks held by syz-executor104/3586: [ 57.984506][ T3586] #0: ffff888016cb4460 (sb_writers#11){.+.+}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0 [ 57.994279][ T3586] #1: ffff888016cb91b8 (&sb->s_type->i_mutex_key#19){+.+.}-{3:3}, at: vfs_setxattr+0x1dd/0x420 [ 58.004727][ T3586] [ 58.004727][ T3586] stack backtrace: [ 58.010601][ T3586] CPU: 0 PID: 3586 Comm: syz-executor104 Not tainted 5.15.100-syzkaller #0 [ 58.019175][ T3586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 58.029219][ T3586] Call Trace: [ 58.032489][ T3586] [ 58.035409][ T3586] dump_stack_lvl+0x1e3/0x2cb [ 58.040083][ T3586] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 58.045712][ T3586] ? print_circular_bug+0x12b/0x1a0 [ 58.050898][ T3586] check_noncircular+0x2f8/0x3b0 [ 58.055835][ T3586] ? add_chain_block+0x850/0x850 [ 58.060773][ T3586] ? add_chain_block+0x850/0x850 [ 58.065702][ T3586] ? lockdep_lock+0x11f/0x2a0 [ 58.070372][ T3586] ? validate_chain+0x13b7/0x58b0 [ 58.075387][ T3586] validate_chain+0x1646/0x58b0 [ 58.080230][ T3586] ? mark_lock+0x98/0x340 [ 58.084555][ T3586] ? reacquire_held_locks+0x660/0x660 [ 58.089949][ T3586] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 58.095920][ T3586] ? reacquire_held_locks+0x660/0x660 [ 58.101279][ T3586] ? print_irqtrace_events+0x210/0x210 [ 58.106730][ T3586] ? do_raw_spin_unlock+0x137/0x8b0 [ 58.111947][ T3586] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 58.117829][ T3586] ? _raw_spin_unlock+0x40/0x40 [ 58.122676][ T3586] ? stack_trace_save+0x113/0x1c0 [ 58.127709][ T3586] ? mark_lock+0x98/0x340 [ 58.132029][ T3586] __lock_acquire+0x1295/0x1ff0 [ 58.136887][ T3586] lock_acquire+0x1ff/0x570 [ 58.141381][ T3586] ? blocking_notifier_call_chain+0x5e/0x1b0 [ 58.147366][ T3586] ? read_lock_is_recursive+0x10/0x10 [ 58.152737][ T3586] ? __might_sleep+0xc0/0xc0 [ 58.157326][ T3586] ? lockdep_init_map_type+0x9d/0x8d0 [ 58.162689][ T3586] ? up_write+0x133/0x4d0 [ 58.167010][ T3586] down_read+0x3b/0x50 [ 58.171071][ T3586] ? blocking_notifier_call_chain+0x5e/0x1b0 [ 58.177041][ T3586] blocking_notifier_call_chain+0x5e/0x1b0 [ 58.182843][ T3586] crypto_alg_mod_lookup+0x4e6/0x710 [ 58.188117][ T3586] crypto_has_alg+0x22/0x110 [ 58.192697][ T3586] ima_inode_setxattr+0x836/0xa10 [ 58.197712][ T3586] ? ima_inode_post_setattr+0x380/0x380 [ 58.203248][ T3586] ? rcu_read_lock_sched_held+0x89/0x130 [ 58.208870][ T3586] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 58.214842][ T3586] security_inode_setxattr+0x1b0/0x230 [ 58.220296][ T3586] __vfs_setxattr_locked+0xa6/0x240 [ 58.225487][ T3586] vfs_setxattr+0x21d/0x420 [ 58.229982][ T3586] ? xattr_permission+0x4f0/0x4f0 [ 58.235166][ T3586] ? __might_fault+0xb4/0x110 [ 58.239831][ T3586] ? _copy_from_user+0x10f/0x170 [ 58.244761][ T3586] setxattr+0x27e/0x2e0 [ 58.248905][ T3586] ? path_setxattr+0x2a0/0x2a0 [ 58.253675][ T3586] ? preempt_count_add+0x8f/0x180 [ 58.258716][ T3586] ? __mnt_want_write+0x1e6/0x260 [ 58.263748][ T3586] __se_sys_fsetxattr+0x194/0x210 [ 58.268776][ T3586] do_syscall_64+0x3d/0xb0 [ 58.273222][ T3586] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.279301][ T3586] RIP: 0033:0x7f5a71688e29 [ 58.283813][ T3586] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 58.303417][ T3586] RSP: 002b:00007ffcb4fef6e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 58.311837][ T3586] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5a71688e29 [ 58.319807][ T3586] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000004 [ 58.327774][ T3586] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffcb4fef710 [ 58.335760][ T3586] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffcb4fef70c executing program [ 58.343732][ T3586] R13: 00007ffcb4fef720 R14: 00007ffcb4fef760 R15: 0000000000000000 [ 58.351718][ T3586] [ 58.371136][ T26] audit: type=1800 audit(1678589267.194:2): pid=3586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27419 res=0 errno=0 executing program [ 58.419458][ T26] audit: type=1800 audit(1678589267.244:3): pid=3590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27423 res=0 errno=0 executing program [ 58.480592][ T26] audit: type=1800 audit(1678589267.304:4): pid=3594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27933 res=0 errno=0 executing program [ 58.543590][ T26] audit: type=1800 audit(1678589267.364:5): pid=3598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27937 res=0 errno=0 executing program [ 58.585441][ T26] audit: type=1800 audit(1678589267.404:6): pid=3602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27941 res=0 errno=0 executing program [ 58.645882][ T26] audit: type=1800 audit(1678589267.464:7): pid=3606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27945 res=0 errno=0 executing program [ 58.707019][ T26] audit: type=1800 audit(1678589267.534:8): pid=3610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27949 res=0 errno=0 executing program [ 58.767747][ T26] audit: type=1800 audit(1678589267.594:9): pid=3614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27953 res=0 errno=0 executing program [ 58.826860][ T26] audit: type=1800 audit(1678589267.644:10): pid=3618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27427 res=0 errno=0 executing program [ 58.887191][ T26] audit: type=1800 audit(1678589267.714:11): pid=3622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=27431 res=0 errno=0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 63.378353][ T26] kauditd_printk_skb: 110 callbacks suppressed [ 63.378368][ T26] audit: type=1800 audit(1678589272.204:122): pid=4066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28679 res=0 errno=0 executing program [ 63.443352][ T26] audit: type=1800 audit(1678589272.264:123): pid=4070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28683 res=0 errno=0 executing program [ 63.490214][ T26] audit: type=1800 audit(1678589272.314:124): pid=4074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28687 res=0 errno=0 executing program [ 63.537532][ T26] audit: type=1800 audit(1678589272.364:125): pid=4078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28691 res=0 errno=0 executing program [ 63.597983][ T26] audit: type=1800 audit(1678589272.424:126): pid=4082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28177 res=0 errno=0 executing program [ 63.644754][ T26] audit: type=1800 audit(1678589272.464:127): pid=4086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28695 res=0 errno=0 executing program [ 63.693273][ T26] audit: type=1800 audit(1678589272.514:128): pid=4090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28699 res=0 errno=0 executing program [ 63.754957][ T26] audit: type=1800 audit(1678589272.574:129): pid=4094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28703 res=0 errno=0 executing program [ 63.816441][ T26] audit: type=1800 audit(1678589272.634:130): pid=4098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28707 res=0 errno=0 executing program [ 63.877882][ T26] audit: type=1800 audit(1678589272.704:131): pid=4102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz-executor104" name="/" dev="hugetlbfs" ino=28181 res=0 errno=0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program