hfs: part requires an argument IPVS: ftp: loaded support on port[0] = 21 ====================================================== IPVS: ftp: loaded support on port[0] = 21 WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.4/30405 is trying to acquire lock: 0000000005d9bc47 (&sig->cred_guard_mutex){+.+.}, at: do_io_accounting fs/proc/base.c:2750 [inline] 0000000005d9bc47 (&sig->cred_guard_mutex){+.+.}, at: proc_tid_io_accounting+0x184/0x2b0 fs/proc/base.c:2793 hfs: unable to parse mount options but task is already holding lock: 0000000059c22216 (&p->lock){+.+.}, at: seq_read+0x6b/0x11c0 fs/seq_file.c:164 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&p->lock){+.+.}: seq_read+0x6b/0x11c0 fs/seq_file.c:164 proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 kernel_readv fs/splice.c:362 [inline] default_file_splice_read+0x457/0xa00 fs/splice.c:417 do_splice_to+0x10e/0x160 fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959 do_splice_direct+0x1a7/0x270 fs/splice.c:1068 do_sendfile+0x550/0xc30 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (sb_writers#3){.+.+}: sb_start_write include/linux/fs.h:1579 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:360 ovl_rename+0x22b/0x1a50 fs/overlayfs/dir.c:1084 vfs_rename+0x67e/0x1bc0 fs/namei.c:4479 do_renameat2+0xb59/0xc70 fs/namei.c:4629 __do_sys_rename fs/namei.c:4675 [inline] __se_sys_rename fs/namei.c:4673 [inline] __x64_sys_rename+0x5d/0x80 fs/namei.c:4673 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: inode_lock_shared include/linux/fs.h:758 [inline] do_last fs/namei.c:3326 [inline] path_openat+0x17ec/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_open_execat+0x11d/0x5b0 fs/exec.c:853 __do_execve_file+0x1a8b/0x2360 fs/exec.c:1770 do_execveat_common fs/exec.c:1879 [inline] do_execve+0x35/0x50 fs/exec.c:1896 audit: type=1804 audit(1644230561.694:18432): pid=30424 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir390091433/syzkaller.SgKBPp/695/bus" dev="sda1" ino=14771 res=1 __do_sys_execve fs/exec.c:1977 [inline] __se_sys_execve fs/exec.c:1972 [inline] __x64_sys_execve+0x7c/0xa0 fs/exec.c:1972 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&sig->cred_guard_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 do_io_accounting fs/proc/base.c:2750 [inline] proc_tid_io_accounting+0x184/0x2b0 fs/proc/base.c:2793 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4e0/0x11c0 fs/seq_file.c:232 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 do_preadv fs/read_write.c:1071 [inline] __do_sys_preadv fs/read_write.c:1121 [inline] __se_sys_preadv fs/read_write.c:1116 [inline] __x64_sys_preadv+0x22b/0x310 fs/read_write.c:1116 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &sig->cred_guard_mutex --> sb_writers#3 --> &p->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&p->lock); audit: type=1804 audit(1644230561.694:18433): pid=30425 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir390091433/syzkaller.SgKBPp/695/bus" dev="sda1" ino=14771 res=1 lock(sb_writers#3); lock(&p->lock); lock(&sig->cred_guard_mutex); *** DEADLOCK *** 1 lock held by syz-executor.4/30405: #0: 0000000059c22216 (&p->lock){+.+.}, at: seq_read+0x6b/0x11c0 fs/seq_file.c:164 stack backtrace: CPU: 1 PID: 30405 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 do_io_accounting fs/proc/base.c:2750 [inline] proc_tid_io_accounting+0x184/0x2b0 fs/proc/base.c:2793 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4e0/0x11c0 fs/seq_file.c:232 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 do_preadv fs/read_write.c:1071 [inline] __do_sys_preadv fs/read_write.c:1121 [inline] __se_sys_preadv fs/read_write.c:1116 [inline] __x64_sys_preadv+0x22b/0x310 fs/read_write.c:1116 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f306d36b059 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f306bce0168 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 audit: type=1804 audit(1644230561.694:18434): pid=30425 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir390091433/syzkaller.SgKBPp/695/bus" dev="sda1" ino=14771 res=1 RAX: ffffffffffffffda RBX: 00007f306d47df60 RCX: 00007f306d36b059 RDX: 00000000000002c2 RSI: 00000000200017c0 RDI: 0000000000000013 RBP: 00007f306d3c508d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffc898e7cf R14: 00007f306bce0300 R15: 0000000000022000 hfs: part requires an argument hfs: unable to parse mount options audit: type=1804 audit(1644230562.714:18435): pid=30503 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir390091433/syzkaller.SgKBPp/696/bus" dev="sda1" ino=14771 res=1 audit: type=1804 audit(1644230562.744:18436): pid=30503 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir390091433/syzkaller.SgKBPp/696/bus" dev="sda1" ino=14771 res=1 hfs: part requires an argument audit: type=1804 audit(1644230564.664:18437): pid=30552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir823307039/syzkaller.aDc7mH/713/bus" dev="sda1" ino=15203 res=1 hfs: unable to parse mount options hpfs: Bad magic ... probably not HPFS overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. audit: type=1804 audit(1644230564.694:18438): pid=30556 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir390091433/syzkaller.SgKBPp/697/bus" dev="sda1" ino=15233 res=1 audit: type=1804 audit(1644230564.704:18439): pid=30560 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir390091433/syzkaller.SgKBPp/697/bus" dev="sda1" ino=15233 res=1 audit: type=1804 audit(1644230564.804:18440): pid=30587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir390091433/syzkaller.SgKBPp/697/bus" dev="sda1" ino=15233 res=1 audit: type=1804 audit(1644230564.804:18441): pid=30588 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir823307039/syzkaller.aDc7mH/713/bus" dev="sda1" ino=15203 res=1 Failed to obtain node identity Enabling of bearer rejected, failed to enable media Failed to obtain node identity Enabling of bearer rejected, failed to enable media Failed to obtain node identity Enabling of bearer rejected, failed to enable media Failed to obtain node identity kauditd_printk_skb: 5 callbacks suppressed audit: type=1800 audit(1644230567.274:18447): pid=30845 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=14516 res=0 Enabling of bearer rejected, failed to enable media audit: type=1800 audit(1644230568.064:18448): pid=30880 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15428 res=0 audit: type=1800 audit(1644230568.064:18449): pid=30880 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15428 res=0 netlink: 'syz-executor.2': attribute type 4 has an invalid length. netlink: 'syz-executor.2': attribute type 4 has an invalid length. audit: type=1800 audit(1644230568.084:18450): pid=30880 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15428 res=0 audit: type=1800 audit(1644230568.284:18451): pid=30899 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=14036 res=0 audit: type=1800 audit(1644230568.434:18452): pid=30927 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15091 res=0 netlink: 'syz-executor.0': attribute type 4 has an invalid length. EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1644230568.474:18453): pid=30925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15091 res=0 EXT4-fs error (device loop3): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters audit: type=1800 audit(1644230568.484:18454): pid=30925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15091 res=0 audit: type=1800 audit(1644230568.514:18455): pid=30925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15091 res=0 audit: type=1800 audit(1644230568.514:18456): pid=30925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=15091 res=0 EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs error (device loop3): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 50 vs 25 free clusters netlink: 'syz-executor.2': attribute type 4 has an invalid length. netlink: 'syz-executor.0': attribute type 4 has an invalid length. netlink: 'syz-executor.2': attribute type 4 has an invalid length. netlink: 'syz-executor.1': attribute type 4 has an invalid length. sd 0:0:1:0: device reset EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue netlink: 'syz-executor.1': attribute type 4 has an invalid length. netlink: 'syz-executor.4': attribute type 4 has an invalid length. EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop3): re-mounted. Opts: (null) netlink: 'syz-executor.4': attribute type 4 has an invalid length. EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue IPVS: ftp: loaded support on port[0] = 21 EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop3): re-mounted. Opts: (null)