netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. ====================================================== WARNING: possible circular locking dependency detected 4.19.185-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/21806 is trying to acquire lock: 00000000218578ce (&bdev->bd_mutex){+.+.}, at: __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 but task is already holding lock: 000000000c680023 (jfs_log_mutex){+.+.}, at: lmLogOpen+0xd2/0x11e0 fs/jfs/jfs_logmgr.c:1092 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (jfs_log_mutex){+.+.}: lmLogClose+0x70/0x610 fs/jfs/jfs_logmgr.c:1465 jfs_umount+0x25f/0x310 fs/jfs/jfs_umount.c:129 jfs_put_super+0x61/0x140 fs/jfs/super.c:223 generic_shutdown_super+0x144/0x370 fs/super.c:456 kill_block_super+0x97/0xf0 fs/super.c:1185 deactivate_locked_super+0x94/0x160 fs/super.c:329 deactivate_super+0x174/0x1a0 fs/super.c:360 cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&type->s_umount_key#83){++++}: __get_super.part.0+0x209/0x2e0 fs/super.c:698 __get_super include/linux/spinlock.h:329 [inline] get_super+0x2b/0x50 fs/super.c:727 fsync_bdev+0x14/0xc0 fs/block_dev.c:483 invalidate_partition+0x74/0xb0 block/genhd.c:1592 drop_partitions.isra.0+0x9c/0x190 block/partition-generic.c:454 rescan_partitions+0xab/0x970 block/partition-generic.c:527 __blkdev_reread_part+0x189/0x220 block/ioctl.c:173 blkdev_reread_part+0x23/0x40 block/ioctl.c:193 loop_reread_partitions drivers/block/loop.c:645 [inline] loop_set_status+0x103e/0x1800 drivers/block/loop.c:1330 loop_set_status_old+0x1bb/0x250 drivers/block/loop.c:1440 lo_ioctl+0x3b5/0x20e0 drivers/block/loop.c:1584 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x5cb/0x1a80 block/ioctl.c:601 block_ioctl+0xe9/0x130 fs/block_dev.c:1906 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&bdev->bd_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:928 [inline] __mutex_lock+0xd7/0x1260 kernel/locking/mutex.c:1075 __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 blkdev_get+0x48f/0x940 fs/block_dev.c:1627 blkdev_get_by_dev+0x3b/0x70 fs/block_dev.c:1752 lmLogOpen+0x40f/0x11e0 fs/jfs/jfs_logmgr.c:1125 jfs_mount_rw+0x286/0x4b0 fs/jfs/jfs_mount.c:272 jfs_fill_super+0x814/0xb50 fs/jfs/super.c:598 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2469 [inline] do_mount+0x113c/0x2f10 fs/namespace.c:2799 ksys_mount+0xcf/0x130 fs/namespace.c:3015 __do_sys_mount fs/namespace.c:3029 [inline] __se_sys_mount fs/namespace.c:3026 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3026 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &bdev->bd_mutex --> &type->s_umount_key#83 --> jfs_log_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(jfs_log_mutex); lock(&type->s_umount_key#83); lock(jfs_log_mutex); lock(&bdev->bd_mutex); *** DEADLOCK *** 2 locks held by syz-executor.0/21806: #0: 00000000ad185b83 (&type->s_umount_key#82/1){+.+.}, at: alloc_super fs/super.c:226 [inline] #0: 00000000ad185b83 (&type->s_umount_key#82/1){+.+.}, at: sget_userns+0x20b/0xcd0 fs/super.c:519 #1: 000000000c680023 (jfs_log_mutex){+.+.}, at: lmLogOpen+0xd2/0x11e0 fs/jfs/jfs_logmgr.c:1092 stack backtrace: CPU: 0 PID: 21806 Comm: syz-executor.0 Not tainted 4.19.185-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1221 check_prev_add kernel/locking/lockdep.c:1865 [inline] check_prevs_add kernel/locking/lockdep.c:1978 [inline] validate_chain kernel/locking/lockdep.c:2419 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3415 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907 __mutex_lock_common kernel/locking/mutex.c:928 [inline] __mutex_lock+0xd7/0x1260 kernel/locking/mutex.c:1075 __blkdev_get+0x1d0/0x1480 fs/block_dev.c:1478 blkdev_get+0x48f/0x940 fs/block_dev.c:1627 blkdev_get_by_dev+0x3b/0x70 fs/block_dev.c:1752 lmLogOpen+0x40f/0x11e0 fs/jfs/jfs_logmgr.c:1125 jfs_mount_rw+0x286/0x4b0 fs/jfs/jfs_mount.c:272 jfs_fill_super+0x814/0xb50 fs/jfs/super.c:598 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2469 [inline] do_mount+0x113c/0x2f10 fs/namespace.c:2799 ksys_mount+0xcf/0x130 fs/namespace.c:3015 __do_sys_mount fs/namespace.c:3029 [inline] __se_sys_mount fs/namespace.c:3026 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3026 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x46797a Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb130cc4fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000046797a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb130cc5000 RBP: 00007fb130cc5040 R08: 00007fb130cc5040 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000 R13: 0000000020000100 R14: 00007fb130cc5000 R15: 000000002006d200 audit: type=1804 audit(1617801509.674:192): pid=21788 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/2/bus" dev="sda1" ino=14238 res=1 print_req_error: I/O error, dev loop50, sector 8 audit: type=1804 audit(1617801509.864:193): pid=21838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/2/bus" dev="sda1" ino=14238 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. audit: type=1804 audit(1617801509.884:194): pid=21837 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/2/bus" dev="sda1" ino=14238 res=1 F2FS-fs (loop2): Invalid log sectors per block(3976200195) log sectorsize(9) F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. F2FS-fs (loop2): Found nat_bits in checkpoint print_req_error: I/O error, dev loop50, sector 8 audit: type=1804 audit(1617801510.204:195): pid=21878 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/3/bus" dev="sda1" ino=14270 res=1 print_req_error: I/O error, dev loop50, sector 8 F2FS-fs (loop2): Mounted with checkpoint version = 7ad43cd6 F2FS-fs (loop2): Invalid log sectors per block(3992977411) log sectorsize(9) F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock Bluetooth: hci5: command 0x0419 tx timeout audit: type=1804 audit(1617801511.164:196): pid=21969 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/668/bus" dev="sda1" ino=14266 res=1 audit: type=1804 audit(1617801511.744:197): pid=21997 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/4/bus" dev="sda1" ino=14285 res=1 audit: type=1804 audit(1617801511.994:198): pid=22029 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/668/bus" dev="sda1" ino=14266 res=1 audit: type=1804 audit(1617801512.064:199): pid=22028 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/668/bus" dev="sda1" ino=14266 res=1 audit: type=1804 audit(1617801513.244:200): pid=22091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir462112153/syzkaller.nmIDzj/5/bus" dev="sda1" ino=14290 res=1 f2fs_msg: 18 callbacks suppressed F2FS-fs (loop2): Invalid blocksize (2048), supports only 4KB F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop2): Found nat_bits in checkpoint F2FS-fs (loop2): Mounted with checkpoint version = 7ad43cd6 F2FS-fs (loop2): Invalid log sectors per block(33554435) log sectorsize(9) F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop2): Found nat_bits in checkpoint F2FS-fs (loop2): Mounted with checkpoint version = 7ad43cd6 F2FS-fs (loop2): Invalid log sectors per block(50331651) log sectorsize(9) F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock audit: type=1804 audit(1617801515.434:201): pid=22226 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/674/file0" dev="sda1" ino=14387 res=1 audit: type=1804 audit(1617801515.474:202): pid=22226 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/674/file0" dev="sda1" ino=14387 res=1 audit: type=1804 audit(1617801515.474:203): pid=22226 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/674/file0" dev="sda1" ino=14387 res=1 device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready audit: type=1804 audit(1617801515.484:204): pid=22234 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir810137852/syzkaller.8L5ysK/674/file0" dev="sda1" ino=14387 res=1 device wlan1 left promiscuous mode device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 left promiscuous mode device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 left promiscuous mode ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING device wlan1 left promiscuous mode x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.