RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000996 R13: 00007faa9174dfdc R14: 00007faa9174dfe0 R15: 0000000020000b02 ====================================================== WARNING: possible circular locking dependency detected FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/19098 is trying to acquire lock: 0000000045ca29d0 (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 but task is already holding lock: CPU: 1 PID: 19105 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 000000004770deb0 (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 which lock already depends on the new lock. Call Trace: the existing dependency chain (in reverse order) is: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 -> #1 (&tree->tree_lock){+.+.}: fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 __should_failslab+0x115/0x180 mm/failslab.c:32 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 should_failslab+0x5/0x10 mm/slab_common.c:1590 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x277/0x370 mm/slab.c:3557 do_sys_open+0x3b3/0x520 fs/open.c:1085 vm_area_alloc+0x1c/0x110 kernel/fork.c:321 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 mmap_region+0xa2a/0x16b0 mm/mmap.c:1727 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 do_mmap+0x8e8/0x1080 mm/mmap.c:1530 hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357 do_mmap_pgoff include/linux/mm.h:2329 [inline] vm_mmap_pgoff+0x197/0x200 mm/util.c:357 hfsplus_create_cat+0x1e3/0x1210 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x14a8/0x19e0 fs/hfsplus/super.c:560 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 ksys_mmap_pgoff+0x45f/0x5a0 mm/mmap.c:1580 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 entry_SYSCALL_64_after_hwframe+0x49/0xbe do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 RIP: 0033:0x7f3daed14142 entry_SYSCALL_64_after_hwframe+0x49/0xbe Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 b8 ff ff ff 64 other info that might help us debug this: RSP: 002b:00007f3dad285f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 Possible unsafe locking scenario: RAX: ffffffffffffffda RBX: 0000000000000022 RCX: 00007f3daed14142 CPU0 CPU1 RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 ---- ---- RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 lock(&tree->tree_lock); R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000996 lock(&HFSPLUS_I(inode)->extents_lock); R13: 00007f3dad285fdc R14: 00007f3dad285fe0 R15: 0000000020000b02 lock(&tree->tree_lock); lock(&HFSPLUS_I(inode)->extents_lock); *** DEADLOCK *** 3 locks held by syz-executor.0/19098: #0: 000000005ba41dea (&type->s_umount_key#53/1){+.+.}, at: alloc_super fs/super.c:226 [inline] #0: 000000005ba41dea (&type->s_umount_key#53/1){+.+.}, at: sget_userns+0x20b/0xcd0 fs/super.c:519 #1: 00000000f6730423 (&sbi->vh_mutex){+.+.}, at: hfsplus_fill_super+0x1421/0x19e0 fs/hfsplus/super.c:553 #2: 000000004770deb0 (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30 stack backtrace: CPU: 0 PID: 19098 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357 hfsplus_create_cat+0x1e3/0x1210 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x14a8/0x19e0 fs/hfsplus/super.c:560 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f934119562a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f933f705f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000672 RCX: 00007f934119562a RDX: 00000000200000c0 RSI: 00000000200008c0 RDI: 00007f933f705fe0 RBP: 00007f933f706020 R08: 00007f933f706020 R09: 0000000000800000 R10: 0000000000800000 R11: 0000000000000202 R12: 00000000200000c0 R13: 00000000200008c0 R14: 00007f933f705fe0 R15: 0000000020000100 FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 1 FAULT_INJECTION: forcing a failure. name fail_page_alloc, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 19114 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 should_fail_alloc_page mm/page_alloc.c:3088 [inline] prepare_alloc_pages mm/page_alloc.c:4346 [inline] __alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393 alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197 alloc_pages include/linux/gfp.h:532 [inline] pte_alloc_one+0x16/0x190 arch/x86/mm/pgtable.c:35 __pte_alloc+0x21/0x340 mm/memory.c:665 do_anonymous_page+0xff4/0x1be0 mm/memory.c:3282 handle_pte_fault mm/memory.c:4173 [inline] __handle_mm_fault+0x227a/0x41c0 mm/memory.c:4299 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7f3daecb11c7 Code: 78 48 63 d5 48 01 c2 49 3b 55 08 77 56 8d 55 ff 85 ed 74 35 0f 1f 80 00 00 00 00 48 39 c1 77 1c 49 8b 75 00 49 89 c1 49 29 c9 <46> 0f b6 0c 0e 45 84 c9 74 08 44 88 0c 06 49 8b 45 10 48 83 c0 01 RSP: 002b:00007f3dad285600 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 00007f3dad285660 RCX: 0000000000000001 RDX: 0000000000000101 RSI: 00007f3da4e66000 RDI: 00007f3dad285700 RBP: 0000000000000102 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 00007f3dad285670 R12: 00007f3dad285670 R13: 00007f3dad285700 R14: 0000000000000001 R15: 0000000000000000 CPU: 1 PID: 19116 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 syz-executor.3 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0, oom_score_adj=1000 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 should_fail_alloc_page mm/page_alloc.c:3088 [inline] prepare_alloc_pages mm/page_alloc.c:4346 [inline] __alloc_pages_nodemask+0x239/0x2890 mm/page_alloc.c:4393 syz-executor.3 cpuset=/ mems_allowed=0-1 alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197 alloc_pages include/linux/gfp.h:532 [inline] pte_alloc_one+0x16/0x190 arch/x86/mm/pgtable.c:35 __pte_alloc+0x21/0x340 mm/memory.c:665 do_anonymous_page+0xff4/0x1be0 mm/memory.c:3282 handle_pte_fault mm/memory.c:4173 [inline] __handle_mm_fault+0x227a/0x41c0 mm/memory.c:4299 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7faa931791c7 Code: 78 48 63 d5 48 01 c2 49 3b 55 08 77 56 8d 55 ff 85 ed 74 35 0f 1f 80 00 00 00 00 48 39 c1 77 1c 49 8b 75 00 49 89 c1 49 29 c9 <46> 0f b6 0c 0e 45 84 c9 74 08 44 88 0c 06 49 8b 45 10 48 83 c0 01 RSP: 002b:00007faa9174d600 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 00007faa9174d660 RCX: 0000000000000001 RDX: 0000000000000101 RSI: 00007faa8932e000 RDI: 00007faa9174d700 RBP: 0000000000000102 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 00007faa9174d670 R12: 00007faa9174d670 R13: 00007faa9174d700 R14: 0000000000000001 R15: 0000000000000000 CPU: 0 PID: 19114 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 pagefault_out_of_memory+0x102/0x120 mm/oom_kill.c:1157 mm_fault_error+0x106/0x390 arch/x86/mm/fault.c:1040 __do_page_fault+0xc34/0xd60 arch/x86/mm/fault.c:1440 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7f3daecb11c7 Code: 78 48 63 d5 48 01 c2 49 3b 55 08 77 56 8d 55 ff 85 ed 74 35 0f 1f 80 00 00 00 00 48 39 c1 77 1c 49 8b 75 00 49 89 c1 49 29 c9 <46> 0f b6 0c 0e 45 84 c9 74 08 44 88 0c 06 49 8b 45 10 48 83 c0 01 RSP: 002b:00007f3dad285600 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 00007f3dad285660 RCX: 0000000000000001 RDX: 0000000000000101 RSI: 00007f3da4e66000 RDI: 00007f3dad285700 RBP: 0000000000000102 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 00007f3dad285670 R12: 00007f3dad285670 R13: 00007f3dad285700 R14: 0000000000000001 R15: 0000000000000000 Mem-Info: BTRFS info (device loop2): enabling inode map caching BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor.5 (19080) active_anon:278996 inactive_anon:16136 isolated_anon:0 active_file:6429 inactive_file:11964 isolated_file:0 unevictable:0 dirty:790 writeback:0 unstable:0 slab_reclaimable:19218 slab_unreclaimable:127121 mapped:30929 shmem:18860 pagetables:1414 bounce:0 free:1201021 free_pcp:611 free_cma:0 BTRFS warning (device loop2): excessive commit interval 622039222 NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by systemd-udevd (19120) Node 0 active_anon:1118128kB inactive_anon:64544kB active_file:22996kB inactive_file:47856kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123716kB dirty:660kB writeback:0kB shmem:75440kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1026048kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no NILFS (loop1): mounting unchecked fs Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2693 2695 2695 2695 Node 0 DMA32 free:745920kB min:35996kB low:44992kB high:53988kB active_anon:1118228kB inactive_anon:65044kB active_file:22996kB inactive_file:47856kB unevictable:0kB writepending:708kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:8928kB pagetables:5804kB bounce:0kB free_pcp:2332kB local_pcp:1340kB free_cma:0kB BTRFS info (device loop2): force zlib compression, level 3 NILFS (loop1): recovery complete BTRFS info (device loop2): using free space tree lowmem_reserve[]: 0 0 1 1 1 BTRFS info (device loop2): has skinny extents Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:4039948kB min:53876kB low:67344kB high:80812kB active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 19186 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 Node 0 DMA32: 5711*4kB (UME) 385*8kB (UME) 96*16kB (UME) 185*32kB (UME) 284*64kB (UME) 44*128kB (UME) 57*256kB (UME) 49*512kB (UME) 29*1024kB (ME) 2*2048kB (ME) 153*4096kB (M) = 757348kB Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB __should_failslab+0x115/0x180 mm/failslab.c:32 Node 1 Normal: 97*4kB (UE) 393*8kB (U) 286*16kB (UME) 67*32kB (UME) 30*64kB (UME) 17*128kB (UME) 11*256kB (UME) 7*512kB (UME) 3*1024kB (UM) 1*2048kB (U) 980*4096kB (M) = 4039948kB should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x277/0x370 mm/slab.c:3557 ptlock_alloc+0x1d/0x70 mm/memory.c:4969 ptlock_init include/linux/mm.h:1900 [inline] pgtable_page_ctor include/linux/mm.h:1934 [inline] pte_alloc_one+0x68/0x190 arch/x86/mm/pgtable.c:38 __pte_alloc+0x21/0x340 mm/memory.c:665 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB do_anonymous_page+0xff4/0x1be0 mm/memory.c:3282 Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB handle_pte_fault mm/memory.c:4173 [inline] __handle_mm_fault+0x227a/0x41c0 mm/memory.c:4299 Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 32267 total pagecache pages handle_mm_fault+0x436/0xb10 mm/memory.c:4336 0 pages in swap cache __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7faa931791c7 Total swap = 0kB Code: 78 48 63 d5 48 01 c2 49 3b 55 08 77 56 8d 55 ff 85 ed 74 35 0f 1f 80 00 00 00 00 48 39 c1 77 1c 49 8b 75 00 49 89 c1 49 29 c9 <46> 0f b6 0c 0e 45 84 c9 74 08 44 88 0c 06 49 8b 45 10 48 83 c0 01 RSP: 002b:00007faa9174d600 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 00007faa9174d660 RCX: 0000000000000001 RDX: 0000000000000101 RSI: 00007faa8932e000 RDI: 00007faa9174d700 RBP: 0000000000000102 R08: 0000000000000000 R09: 0000000000000000 2097051 pages RAM R10: 0000000000000000 R11: 00007faa9174d670 R12: 00007faa9174d670 R13: 00007faa9174d700 R14: 0000000000000001 R15: 0000000000000000 0 pages HighMem/MovableOnly 369649 pages reserved 0 pages cma reserved Out of memory (oom_kill_allocating_task): Kill process 19114 (syz-executor.3) score 0 or sacrifice child Killed process 19108 (syz-executor.3) total-vm:195848kB, anon-rss:2516kB, file-rss:14336kB, shmem-rss:0kB oom_reaper: reaped process 19108 (syz-executor.3), now anon-rss:0kB, file-rss:14336kB, shmem-rss:4kB syz-executor.1 invoked oom-killer: gfp_mask=0x0(), nodemask=(null), order=0, oom_score_adj=1000 syz-executor.1 cpuset=/ mems_allowed=0-1 CPU: 0 PID: 19186 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 dump_header+0x15d/0xc3f mm/oom_kill.c:443 oom_kill_process.cold+0x10/0x692 mm/oom_kill.c:956 out_of_memory mm/oom_kill.c:1114 [inline] out_of_memory+0x1072/0x1390 mm/oom_kill.c:1064 encrypted_key: insufficient parameters specified pagefault_out_of_memory+0x102/0x120 mm/oom_kill.c:1157 mm_fault_error+0x106/0x390 arch/x86/mm/fault.c:1040 __do_page_fault+0xc34/0xd60 arch/x86/mm/fault.c:1440 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 RIP: 0033:0x7faa931791c7 Code: 78 48 63 d5 48 01 c2 49 3b 55 08 77 56 8d 55 ff 85 ed 74 35 0f 1f 80 00 00 00 00 48 39 c1 77 1c 49 8b 75 00 49 89 c1 49 29 c9 <46> 0f b6 0c 0e 45 84 c9 74 08 44 88 0c 06 49 8b 45 10 48 83 c0 01 RSP: 002b:00007faa9174d600 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 00007faa9174d660 RCX: 0000000000000001 RDX: 0000000000000101 RSI: 00007faa8932e000 RDI: 00007faa9174d700 RBP: 0000000000000102 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 00007faa9174d670 R12: 00007faa9174d670 R13: 00007faa9174d700 R14: 0000000000000001 R15: 0000000000000000 gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS... netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. Mem-Info: active_anon:279331 inactive_anon:16148 isolated_anon:0 active_file:5791 inactive_file:11938 isolated_file:0 unevictable:0 dirty:92 writeback:0 unstable:0 slab_reclaimable:19142 slab_unreclaimable:127974 mapped:30936 shmem:18879 pagetables:1403 bounce:0 free:1200650 free_pcp:438 free_cma:0 gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents Node 0 active_anon:1117440kB inactive_anon:64592kB active_file:23044kB inactive_file:47752kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123744kB dirty:368kB writeback:0kB shmem:75516kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1028096kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no gfs2: fsid=syz:syz.0: jid=0, already locked for use Node 1 active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2693 2695 2695 2695 Node 0 DMA32 free:748136kB min:35996kB low:44992kB high:53988kB active_anon:1117440kB inactive_anon:64592kB active_file:23044kB inactive_file:47752kB unevictable:0kB writepending:368kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:8704kB pagetables:5464kB bounce:0kB free_pcp:1644kB local_pcp:376kB free_cma:0kB lowmem_reserve[]: 0 0 1 1 1 Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:4039948kB min:53876kB low:67344kB high:80812kB active_anon:0kB inactive_anon:0kB active_file:120kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 5684*4kB (UME) 392*8kB (UME) 87*16kB (UE) 37*32kB (UE) 126*64kB (UME) 46*128kB (UME) 61*256kB (UME) 50*512kB (UME) 29*1024kB (ME) 2*2048kB (ME) 154*4096kB (M) = 748192kB gfs2: fsid=syz:syz.0: jid=0: Looking at journal... Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB gfs2: fsid=syz:syz.0: jid=0: Done Node 1 Normal: 97*4kB (UE) 393*8kB (U) 286*16kB (UME) 67*32kB (UME) 30*64kB (UME) 17*128kB (UME) 11*256kB (UME) 7*512kB (UME) 3*1024kB (UM) 1*2048kB (U) 980*4096kB (M) = 4039948kB gfs2: fsid=syz:syz.0: first mount done, others may mount NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 33876 total pagecache pages 0 pages in swap cache Swap cache stats: add 0, delete 0, find 0/0 Free swap = 0kB Total swap = 0kB 2097051 pages RAM NILFS (loop3): mounting unchecked fs gfs2: gfs2_dirent_offset: wrong block type 1577058308 gfs2: fsid=syz:syz.0: fatal: filesystem consistency error inode = 12 2341 function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 606 0 pages HighMem/MovableOnly NILFS (loop3): recovery complete 369649 pages reserved gfs2: fsid=syz:syz.0: about to withdraw this file system 0 pages cma reserved gfs2: fsid=syz:syz.0: withdrawn Out of memory (oom_kill_allocating_task): Kill process 19186 (syz-executor.1) score 0 or sacrifice child NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds CPU: 0 PID: 19225 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Killed process 19185 (syz-executor.1) total-vm:195848kB, anon-rss:2516kB, file-rss:14336kB, shmem-rss:0kB Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 gfs2_lm_withdraw.cold+0x1f8/0x24c fs/gfs2/util.c:75 gfs2_consist_inode_i+0xca/0x110 fs/gfs2/util.c:163 gfs2_dirent_scan+0x1f8/0x250 fs/gfs2/dir.c:606 gfs2_dirent_search+0x411/0x500 fs/gfs2/dir.c:855 gfs2_dir_search+0x89/0x2c0 fs/gfs2/dir.c:1652 NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) gfs2_lookupi+0x457/0x610 fs/gfs2/inode.c:312 NILFS (loop1): mounting unchecked fs __gfs2_lookup+0x83/0x270 fs/gfs2/inode.c:848 NILFS (loop1): recovery complete __lookup_slow+0x246/0x4a0 fs/namei.c:1672 NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds encrypted_key: insufficient parameters specified lookup_slow fs/namei.c:1689 [inline] walk_component+0x7ac/0xda0 fs/namei.c:1811 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. link_path_walk.part.0+0x901/0x1230 fs/namei.c:2142 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. link_path_walk fs/namei.c:2270 [inline] path_lookupat+0xe4/0x8d0 fs/namei.c:2318 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. do_o_path fs/namei.c:3511 [inline] path_openat+0x1f92/0x2df0 fs/namei.c:3533 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3eb51060f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3eb3678168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f3eb5225f80 RCX: 00007f3eb51060f9 RDX: 0000000000200002 RSI: 00000000200001c0 RDI: ffffffffffffff9c RBP: 00007f3eb5161ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc8b15841f R14: 00007f3eb3678300 R15: 0000000000022000 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. encrypted_key: insufficient parameters specified NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop1): mounting unchecked fs NILFS (loop1): recovery complete NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop3): mounting unchecked fs NILFS (loop3): recovery complete NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop1): mounting unchecked fs NILFS (loop1): recovery required for readonly filesystem NILFS (loop1): write access will be enabled during recovery NILFS (loop1): recovery complete NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop3): mounting unchecked fs NILFS (loop3): recovery required for readonly filesystem NILFS (loop3): write access will be enabled during recovery gfs2: invalid mount option:  gfs2: can't parse mount arguments NILFS (loop3): recovery complete gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS... NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) gfs2: fsid=syz:syz.0: jid=0, already locked for use NILFS (loop1): mounting unchecked fs gfs2: fsid=syz:syz.0: jid=0: Looking at journal... NILFS (loop4): mounting unchecked fs CPU: 0 PID: 19339 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 NILFS (loop4): recovery required for readonly filesystem Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 sysfs_warn_dup.cold+0x1c/0x29 fs/sysfs/dir.c:30 sysfs_create_dir_ns+0x228/0x280 fs/sysfs/dir.c:63 NILFS (loop4): write access will be enabled during recovery NILFS (loop4): recovery complete create_dir lib/kobject.c:88 [inline] kobject_add_internal+0x2a5/0x9c0 lib/kobject.c:247 gfs2: fsid=syz:syz.0: jid=0: Done kobject_add_varg lib/kobject.c:382 [inline] kobject_init_and_add+0x101/0x160 lib/kobject.c:453 gfs2: fsid=syz:syz.0: first mount done, others may mount gfs2_sys_fs_add+0x18e/0x440 fs/gfs2/sys.c:659 fill_super+0x1240/0x2550 fs/gfs2/ops_fstype.c:1103 gfs2_mount+0x4c0/0x5a0 fs/gfs2/ops_fstype.c:1316 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f9b0e4bd62a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9b0ca2df88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 000000000001255d RCX: 00007f9b0e4bd62a RDX: 00000000200124c0 RSI: 0000000020000080 RDI: 00007f9b0ca2dfe0 RBP: 00007f9b0ca2e020 R08: 00007f9b0ca2e020 R09: 0000000000010011 R10: 0000000000010011 R11: 0000000000000202 R12: 00000000200124c0 R13: 0000000020000080 R14: 00007f9b0ca2dfe0 R15: 0000000020000100 kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. gfs2: fsid=syz:syz: error -17 adding sysfs files NILFS (loop1): recovery complete NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop3): mounting unchecked fs NILFS (loop3): recovery complete NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds gfs2: gfs2_dirent_offset: wrong block type 1577058308 gfs2: fsid=syz:syz.0: fatal: filesystem consistency error inode = 12 2341 function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 606 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: withdrawn CPU: 1 PID: 19340 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 gfs2_lm_withdraw.cold+0x1f8/0x24c fs/gfs2/util.c:75 NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop1): mounting unchecked fs NILFS (loop1): recovery complete gfs2_consist_inode_i+0xca/0x110 fs/gfs2/util.c:163 gfs2_dirent_scan+0x1f8/0x250 fs/gfs2/dir.c:606 NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds gfs2_dirent_search+0x411/0x500 fs/gfs2/dir.c:855 NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) gfs2_dir_search+0x89/0x2c0 fs/gfs2/dir.c:1652 NILFS (loop4): mounting unchecked fs gfs2_lookupi+0x457/0x610 fs/gfs2/inode.c:312 NILFS (loop4): recovery complete sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' __gfs2_lookup+0x83/0x270 fs/gfs2/inode.c:848 NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) __lookup_slow+0x246/0x4a0 fs/namei.c:1672 NILFS (loop3): mounting unchecked fs lookup_slow fs/namei.c:1689 [inline] walk_component+0x7ac/0xda0 fs/namei.c:1811 NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop3): recovery complete link_path_walk.part.0+0x901/0x1230 fs/namei.c:2142 link_path_walk fs/namei.c:2270 [inline] path_lookupat+0xe4/0x8d0 fs/namei.c:2318 NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds do_o_path fs/namei.c:3511 [inline] path_openat+0x1f92/0x2df0 fs/namei.c:3533 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f93411940f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f933f706168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f93412b3f80 RCX: 00007f93411940f9 RDX: 0000000000200002 RSI: 00000000200001c0 RDI: ffffffffffffff9c RBP: 00007f93411efae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdecc7e49f R14: 00007f933f706300 R15: 0000000000022000 CPU: 0 PID: 19410 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 sysfs_warn_dup.cold+0x1c/0x29 fs/sysfs/dir.c:30 sysfs_create_dir_ns+0x228/0x280 fs/sysfs/dir.c:63 encrypted_key: insufficient parameters specified create_dir lib/kobject.c:88 [inline] kobject_add_internal+0x2a5/0x9c0 lib/kobject.c:247 kobject_add_varg lib/kobject.c:382 [inline] kobject_init_and_add+0x101/0x160 lib/kobject.c:453 gfs2_sys_fs_add+0x18e/0x440 fs/gfs2/sys.c:659 fill_super+0x1240/0x2550 fs/gfs2/ops_fstype.c:1103 gfs2_mount+0x4c0/0x5a0 fs/gfs2/ops_fstype.c:1316 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3eb510762a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3eb3677f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 000000000001255d RCX: 00007f3eb510762a RDX: 00000000200124c0 RSI: 0000000020000080 RDI: 00007f3eb3677fe0 RBP: 00007f3eb3678020 R08: 00007f3eb3678020 R09: 0000000000010011 R10: 0000000000010011 R11: 0000000000000202 R12: 00000000200124c0 R13: 0000000020000080 R14: 00007f3eb3677fe0 R15: 0000000020000100 kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. gfs2: fsid=syz:syz: error -17 adding sysfs files NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop3): mounting unchecked fs NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop3): recovery complete NILFS (loop1): mounting unchecked fs NILFS (loop4): mounting unchecked fs NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop1): recovery complete NILFS (loop4): recovery complete NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS... NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop3): mounting unchecked fs gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents NILFS (loop3): recovery required for readonly filesystem NILFS (loop3): write access will be enabled during recovery NILFS (loop3): recovery complete gfs2: fsid=syz:syz.0: jid=0, already locked for use gfs2: fsid=syz:syz.0: jid=0: Looking at journal... gfs2: fsid=syz:syz.0: jid=0: Done gfs2: fsid=syz:syz.0: first mount done, others may mount NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop4): mounting unchecked fs NILFS (loop4): recovery complete NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds gfs2: gfs2_dirent_offset: wrong block type 1577058308 gfs2: fsid=syz:syz.0: fatal: filesystem consistency error inode = 12 2341 function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 606 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: withdrawn CPU: 0 PID: 19489 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 gfs2_lm_withdraw.cold+0x1f8/0x24c fs/gfs2/util.c:75 gfs2_consist_inode_i+0xca/0x110 fs/gfs2/util.c:163 gfs2_dirent_scan+0x1f8/0x250 fs/gfs2/dir.c:606 gfs2_dirent_search+0x411/0x500 fs/gfs2/dir.c:855 gfs2_dir_search+0x89/0x2c0 fs/gfs2/dir.c:1652 gfs2_lookupi+0x457/0x610 fs/gfs2/inode.c:312 __gfs2_lookup+0x83/0x270 fs/gfs2/inode.c:848 __lookup_slow+0x246/0x4a0 fs/namei.c:1672 lookup_slow fs/namei.c:1689 [inline] walk_component+0x7ac/0xda0 fs/namei.c:1811 link_path_walk.part.0+0x901/0x1230 fs/namei.c:2142 link_path_walk fs/namei.c:2270 [inline] path_lookupat+0xe4/0x8d0 fs/namei.c:2318 do_o_path fs/namei.c:3511 [inline] path_openat+0x1f92/0x2df0 fs/namei.c:3533 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f93411940f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f933f706168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f93412b3f80 RCX: 00007f93411940f9 RDX: 0000000000200002 RSI: 00000000200001c0 RDI: ffffffffffffff9c RBP: 00007f93411efae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdecc7e49f R14: 00007f933f706300 R15: 0000000000022000 XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop5): Quotacheck needed: Please wait. XFS (loop5): Quotacheck: Done. audit: type=1804 audit(1676863438.163:153): pid=19486 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir306823573/syzkaller.W6cnTz/412/bus/bus" dev="loop5" ino=42 res=1 NILFS (loop3): couldn't find nilfs on the device FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 19577 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] __do_kmalloc mm/slab.c:3725 [inline] __kmalloc+0x2ab/0x3c0 mm/slab.c:3736 kmalloc include/linux/slab.h:520 [inline] __do_sys_memfd_create mm/memfd.c:295 [inline] __se_sys_memfd_create+0xf8/0x440 mm/memfd.c:268 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f01efa440f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f01edfb5f38 EFLAGS: 00000202 ORIG_RAX: 000000000000013f RAX: ffffffffffffffda RBX: 0000000000000998 RCX: 00007f01efa440f9 RDX: 00007f01edfb5fdc RSI: 0000000000000000 RDI: 00007f01efa9ee81 RBP: 0000000000000998 R08: 00007f01edfb5e20 R09: ffffffffffffffff R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000a40 R13: 00007f01edfb5fdc R14: 00007f01edfb5fe0 R15: 0000000020000b00 XFS (loop5): Unmounting Filesystem FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 NILFS (loop1): couldn't find nilfs on the device CPU: 1 PID: 19596 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x277/0x370 mm/slab.c:3557 shmem_alloc_inode+0x18/0x40 mm/shmem.c:3609 alloc_inode+0x5d/0x180 fs/inode.c:211 new_inode_pseudo fs/inode.c:911 [inline] new_inode+0x1d/0xf0 fs/inode.c:940 shmem_get_inode+0x96/0x8d0 mm/shmem.c:2196 __shmem_file_setup.part.0+0x7a/0x2b0 mm/shmem.c:3965 __shmem_file_setup mm/shmem.c:3959 [inline] shmem_file_setup+0x61/0x90 mm/shmem.c:4006 __do_sys_memfd_create mm/memfd.c:325 [inline] __se_sys_memfd_create+0x26b/0x440 mm/memfd.c:268 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f01efa440f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 Bluetooth: hci0: command 0x0406 tx timeout RSP: 002b:00007f01edfb5f38 EFLAGS: 00000202 ORIG_RAX: 000000000000013f RAX: ffffffffffffffda RBX: 0000000000000998 RCX: 00007f01efa440f9 RDX: 00007f01edfb5fdc RSI: 0000000000000000 RDI: 00007f01efa9ee81 Bluetooth: hci1: command 0x0406 tx timeout RBP: 0000000000000998 R08: 00007f01edfb5e20 R09: ffffffffffffffff R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000a40 R13: 00007f01edfb5fdc R14: 00007f01edfb5fe0 R15: 0000000020000b00 Bluetooth: hci3: command 0x0406 tx timeout Bluetooth: hci4: command 0x0406 tx timeout Bluetooth: hci5: command 0x0406 tx timeout Bluetooth: hci2: command 0x0406 tx timeout NILFS (loop3): couldn't find nilfs on the device gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS... FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents CPU: 1 PID: 19621 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 gfs2: fsid=syz:syz.0: jid=0, already locked for use Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 gfs2: fsid=syz:syz.0: jid=0: Looking at journal... Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 gfs2: fsid=syz:syz.0: jid=0: Done gfs2: fsid=syz:syz.0: first mount done, others may mount __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x277/0x370 mm/slab.c:3557 __d_alloc+0x2b/0xa10 fs/dcache.c:1612 d_alloc_pseudo+0x19/0x70 fs/dcache.c:1743 alloc_file_pseudo+0xc6/0x250 fs/file_table.c:224 __shmem_file_setup.part.0+0x102/0x2b0 mm/shmem.c:3976 __shmem_file_setup mm/shmem.c:3959 [inline] shmem_file_setup+0x61/0x90 mm/shmem.c:4006 __do_sys_memfd_create mm/memfd.c:325 [inline] __se_sys_memfd_create+0x26b/0x440 mm/memfd.c:268 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f01efa440f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f01edfb5f38 EFLAGS: 00000202 ORIG_RAX: 000000000000013f RAX: ffffffffffffffda RBX: 0000000000000998 RCX: 00007f01efa440f9 RDX: 00007f01edfb5fdc RSI: 0000000000000000 RDI: 00007f01efa9ee81 RBP: 0000000000000998 R08: 00007f01edfb5e20 R09: ffffffffffffffff R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000a40 R13: 00007f01edfb5fdc R14: 00007f01edfb5fe0 R15: 0000000020000b00 gfs2: gfs2_dirent_offset: wrong block type 1577058308 gfs2: fsid=syz:syz.0: fatal: filesystem consistency error inode = 12 2341 function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 606 gfs2: fsid=syz:syz.0: about to withdraw this file system gfs2: fsid=syz:syz.0: withdrawn CPU: 0 PID: 19593 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 gfs2_lm_withdraw.cold+0x1f8/0x24c fs/gfs2/util.c:75 gfs2_consist_inode_i+0xca/0x110 fs/gfs2/util.c:163 gfs2_dirent_scan+0x1f8/0x250 fs/gfs2/dir.c:606 gfs2_dirent_search+0x411/0x500 fs/gfs2/dir.c:855 gfs2_dir_search+0x89/0x2c0 fs/gfs2/dir.c:1652 gfs2_lookupi+0x457/0x610 fs/gfs2/inode.c:312 __gfs2_lookup+0x83/0x270 fs/gfs2/inode.c:848 __lookup_slow+0x246/0x4a0 fs/namei.c:1672 lookup_slow fs/namei.c:1689 [inline] walk_component+0x7ac/0xda0 fs/namei.c:1811 link_path_walk.part.0+0x901/0x1230 fs/namei.c:2142 link_path_walk fs/namei.c:2270 [inline] path_lookupat+0xe4/0x8d0 fs/namei.c:2318 do_o_path fs/namei.c:3511 [inline] path_openat+0x1f92/0x2df0 fs/namei.c:3533 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f93411940f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f933f706168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f93412b3f80 RCX: 00007f93411940f9 RDX: 0000000000200002 RSI: 00000000200001c0 RDI: ffffffffffffff9c RBP: 00007f93411efae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdecc7e49f R14: 00007f933f706300 R15: 0000000000022000 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 NILFS (loop3): couldn't find nilfs on the device CPU: 0 PID: 19643 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x277/0x370 mm/slab.c:3557 kmem_cache_zalloc include/linux/slab.h:699 [inline] __alloc_file+0x21/0x340 fs/file_table.c:100 alloc_empty_file+0x6d/0x170 fs/file_table.c:150 alloc_file+0x5e/0x4d0 fs/file_table.c:192 alloc_file_pseudo+0x165/0x250 fs/file_table.c:231 __shmem_file_setup.part.0+0x102/0x2b0 mm/shmem.c:3976 __shmem_file_setup mm/shmem.c:3959 [inline] shmem_file_setup+0x61/0x90 mm/shmem.c:4006 __do_sys_memfd_create mm/memfd.c:325 [inline] __se_sys_memfd_create+0x26b/0x440 mm/memfd.c:268 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f01efa440f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f01edfb5f38 EFLAGS: 00000202 ORIG_RAX: 000000000000013f RAX: ffffffffffffffda RBX: 0000000000000998 RCX: 00007f01efa440f9 RDX: 00007f01edfb5fdc RSI: 0000000000000000 RDI: 00007f01efa9ee81 RBP: 0000000000000998 R08: 00007f01edfb5e20 R09: ffffffffffffffff R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000a40 R13: 00007f01edfb5fdc R14: 00007f01edfb5fe0 R15: 0000000020000b00 NILFS (loop1): couldn't find nilfs on the device FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 NILFS (loop0): couldn't find nilfs on the device CPU: 1 PID: 19674 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc_trace+0x284/0x380 mm/slab.c:3623 kmalloc include/linux/slab.h:515 [inline] kzalloc include/linux/slab.h:709 [inline] aa_alloc_file_ctx security/apparmor/include/file.h:60 [inline] apparmor_file_alloc_security+0x394/0xad0 security/apparmor/lsm.c:438 security_file_alloc+0x40/0x90 security/security.c:880 __alloc_file+0xd8/0x340 fs/file_table.c:105 alloc_empty_file+0x6d/0x170 fs/file_table.c:150 alloc_file+0x5e/0x4d0 fs/file_table.c:192 alloc_file_pseudo+0x165/0x250 fs/file_table.c:231 __shmem_file_setup.part.0+0x102/0x2b0 mm/shmem.c:3976 __shmem_file_setup mm/shmem.c:3959 [inline] shmem_file_setup+0x61/0x90 mm/shmem.c:4006 __do_sys_memfd_create mm/memfd.c:325 [inline] __se_sys_memfd_create+0x26b/0x440 mm/memfd.c:268 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f01efa440f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f01edfb5f38 EFLAGS: 00000202 ORIG_RAX: 000000000000013f RAX: ffffffffffffffda RBX: 0000000000000998 RCX: 00007f01efa440f9 RDX: 00007f01edfb5fdc RSI: 0000000000000000 RDI: 00007f01efa9ee81 RBP: 0000000000000998 R08: 00007f01edfb5e20 R09: ffffffffffffffff R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000a40 R13: 00007f01edfb5fdc R14: 00007f01edfb5fe0 R15: 0000000020000b00 NILFS (loop3): couldn't find nilfs on the device ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 00 00 add %al,(%rax) 2: 00 00 add %al,(%rax) 4: 0f 1f 00 nopl (%rax) 7: 41 f7 c1 ff 0f 00 00 test $0xfff,%r9d e: 75 27 jne 0x37 10: 55 push %rbp 11: 48 89 fd mov %rdi,%rbp 14: 53 push %rbx 15: 89 cb mov %ecx,%ebx 17: 48 85 ff test %rdi,%rdi 1a: 74 3b je 0x57 1c: 41 89 da mov %ebx,%r10d 1f: 48 89 ef mov %rbp,%rdi 22: b8 09 00 00 00 mov $0x9,%eax 27: 0f 05 syscall * 29: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 2f: 77 66 ja 0x97 31: 5b pop %rbx 32: 5d pop %rbp 33: c3 retq 34: 0f 1f 00 nopl (%rax) 37: 48 c7 c0 b8 ff ff ff mov $0xffffffffffffffb8,%rax 3e: 64 fs