UDF-fs: warning (device loop4): udf_load_vrs: No anchor found ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.3/29713 is trying to acquire lock: 00000000d2cdcfc1 (&ovl_i_mutex_dir_key[depth]){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline] 00000000d2cdcfc1 (&ovl_i_mutex_dir_key[depth]){++++}, at: lookup_slow fs/namei.c:1688 [inline] 00000000d2cdcfc1 (&ovl_i_mutex_dir_key[depth]){++++}, at: walk_component+0x798/0xda0 fs/namei.c:1811 but task is already holding lock: 000000005ac13364 (&sig->cred_guard_mutex){+.+.}, at: __do_sys_perf_event_open kernel/events/core.c:10640 [inline] 000000005ac13364 (&sig->cred_guard_mutex){+.+.}, at: __se_sys_perf_event_open+0x18eb/0x2720 kernel/events/core.c:10549 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&sig->cred_guard_mutex){+.+.}: lock_trace fs/proc/base.c:402 [inline] proc_pid_personality+0x4a/0x170 fs/proc/base.c:2938 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4e0/0x11c0 fs/seq_file.c:232 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 do_preadv fs/read_write.c:1071 [inline] __do_sys_preadv fs/read_write.c:1121 [inline] __se_sys_preadv fs/read_write.c:1116 [inline] __x64_sys_preadv+0x22b/0x310 fs/read_write.c:1116 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (&p->lock){+.+.}: seq_read+0x6b/0x11c0 fs/seq_file.c:164 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 kernel_readv fs/splice.c:362 [inline] default_file_splice_read+0x457/0xa00 fs/splice.c:417 do_splice_to+0x10e/0x160 fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959 do_splice_direct+0x1a7/0x270 fs/splice.c:1068 do_sendfile+0x550/0xc30 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (sb_writers#3){.+.+}: sb_start_write include/linux/fs.h:1579 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:360 ovl_create_object+0x96/0x290 fs/overlayfs/dir.c:602 lookup_open+0x893/0x1a20 fs/namei.c:3235 do_last fs/namei.c:3327 [inline] path_openat+0x1094/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&ovl_i_mutex_dir_key[depth]){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:758 [inline] lookup_slow fs/namei.c:1688 [inline] walk_component+0x798/0xda0 fs/namei.c:1811 lookup_last fs/namei.c:2274 [inline] path_lookupat+0x1ff/0x8d0 fs/namei.c:2319 filename_lookup+0x1ac/0x5a0 fs/namei.c:2349 create_local_trace_uprobe+0x82/0x490 kernel/trace/trace_uprobe.c:1356 perf_uprobe_init+0x128/0x200 kernel/trace/trace_event_perf.c:317 perf_uprobe_event_init+0xf8/0x190 kernel/events/core.c:8613 perf_try_init_event+0x124/0x2e0 kernel/events/core.c:9884 perf_init_event kernel/events/core.c:9915 [inline] perf_event_alloc.part.0+0x1b16/0x2eb0 kernel/events/core.c:10189 perf_event_alloc kernel/events/core.c:10559 [inline] __do_sys_perf_event_open kernel/events/core.c:10660 [inline] __se_sys_perf_event_open+0x550/0x2720 kernel/events/core.c:10549 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &ovl_i_mutex_dir_key[depth] --> &p->lock --> &sig->cred_guard_mutex IPVS: ftp: loaded support on port[0] = 21 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sig->cred_guard_mutex); lock(&p->lock); lock(&sig->cred_guard_mutex); lock(&ovl_i_mutex_dir_key[depth]); *** DEADLOCK *** 2 locks held by syz-executor.3/29713: #0: 000000005ac13364 (&sig->cred_guard_mutex){+.+.}, at: __do_sys_perf_event_open kernel/events/core.c:10640 [inline] #0: 000000005ac13364 (&sig->cred_guard_mutex){+.+.}, at: __se_sys_perf_event_open+0x18eb/0x2720 kernel/events/core.c:10549 #1: 000000007e4d0412 (&pmus_srcu){....}, at: perf_event_alloc.part.0+0xe6c/0x2eb0 kernel/events/core.c:10185 stack backtrace: CPU: 1 PID: 29713 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:758 [inline] lookup_slow fs/namei.c:1688 [inline] walk_component+0x798/0xda0 fs/namei.c:1811 lookup_last fs/namei.c:2274 [inline] path_lookupat+0x1ff/0x8d0 fs/namei.c:2319 filename_lookup+0x1ac/0x5a0 fs/namei.c:2349 create_local_trace_uprobe+0x82/0x490 kernel/trace/trace_uprobe.c:1356 perf_uprobe_init+0x128/0x200 kernel/trace/trace_event_perf.c:317 perf_uprobe_event_init+0xf8/0x190 kernel/events/core.c:8613 perf_try_init_event+0x124/0x2e0 kernel/events/core.c:9884 perf_init_event kernel/events/core.c:9915 [inline] perf_event_alloc.part.0+0x1b16/0x2eb0 kernel/events/core.c:10189 perf_event_alloc kernel/events/core.c:10559 [inline] __do_sys_perf_event_open kernel/events/core.c:10660 [inline] __se_sys_perf_event_open+0x550/0x2720 kernel/events/core.c:10549 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa03a6c5ae9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa037c3b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 00007fa03a7d8f60 RCX: 00007fa03a6c5ae9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 RBP: 00007fa03a71ff6d R08: 0000000000000000 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd394d72af R14: 00007fa037c3b300 R15: 0000000000022000 UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found IPVS: ftp: loaded support on port[0] = 21 UDF-fs: Scanning with blocksize 1024 failed affs: No valid root block on device loop1 tmpfs: No value for mount option 'ext4' UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 2048 failed netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. overlayfs: filesystem on './bus' not supported as upperdir audit: type=1804 audit(1636908354.282:3344): pid=29803 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir363573918/syzkaller.b3zku3/379/file0/bus/file0/bus/bus" dev="overlay" ino=83277 res=1 UDF-fs: warning (device loop4): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. audit: type=1804 audit(1636908354.332:3345): pid=29802 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir363573918/syzkaller.b3zku3/379/file0/bus/file0/bus/bus" dev="overlay" ino=83277 res=1 Y4`Ҙ: renamed from lo IPVS: ftp: loaded support on port[0] = 21 sch_tbf: burst 79 is lower than device lo mtu (65550) ! mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium ieee80211 phy32: Selected rate control algorithm 'minstrel_ht' UDF-fs: warning (device loop4): udf_load_vrs: No anchor found ieee80211 phy33: Selected rate control algorithm 'minstrel_ht' UDF-fs: Scanning with blocksize 512 failed sch_tbf: burst 79 is lower than device lo mtu (65550) ! mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium UDF-fs: warning (device loop4): udf_load_vrs: No anchor found mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 2048 failed NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) UDF-fs: warning (device loop4): udf_load_vrs: No VRS found NILFS (loop5): unrecognized mount option "18446744073709551615" UDF-fs: Scanning with blocksize 4096 failed NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop5): unrecognized mount option "18446744073709551615" UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 1024 failed audit: type=1800 audit(1636908356.753:3346): pid=30008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=14370 res=0 UDF-fs: warning (device loop4): udf_load_vrs: No anchor found audit: type=1800 audit(1636908356.773:3347): pid=30008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=14370 res=0 UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop4): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed BTRFS: device fsid 56103f85-bd13-4972-bf59-af2d09341302 devid 1 transid 7 /dev/loop1 UDF-fs: warning (device loop4): udf_load_vrs: No anchor found BTRFS info (device loop1): disk space caching is enabled UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found BTRFS info (device loop1): has skinny extents UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop4): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed team0: No ports can be present during mode change team0: No ports can be present during mode change BTRFS error (device loop1): bad tree block start, want 22036480 have 0 BTRFS info (device loop1): read error corrected: ino 0 off 22036480 (dev /dev/loop1 sector 43040) BTRFS info (device loop1): read error corrected: ino 0 off 22040576 (dev /dev/loop1 sector 43048) UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found BTRFS info (device loop1): read error corrected: ino 0 off 22044672 (dev /dev/loop1 sector 43056) UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found BTRFS info (device loop1): read error corrected: ino 0 off 22048768 (dev /dev/loop1 sector 43064) UDF-fs: Scanning with blocksize 2048 failed Invalid argument reading file caps for ./file0 UDF-fs: warning (device loop4): udf_load_vrs: No VRS found BTRFS error (device loop1): bad tree block start, want 30621696 have 0 Invalid argument reading file caps for ./file0 UDF-fs: Scanning with blocksize 4096 failed attempt to access beyond end of device loop1: rw=4096, want=141760, limit=118909 BTRFS warning (device loop1): failed to read tree root BTRFS error (device loop1): open_ctree failed sch_tbf: burst 79 is lower than device lo mtu (65550) ! sch_tbf: burst 0 is lower than device lo mtu (65550) ! UDF-fs: warning (device loop4): udf_load_vrs: No anchor found sch_tbf: burst 79 is lower than device lo mtu (65550) ! sch_tbf: burst 0 is lower than device lo mtu (65550) ! UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop4): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready IPVS: ftp: loaded support on port[0] = 21 UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop4): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed IPVS: ftp: loaded support on port[0] = 21 UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop4): udf_load_vrs: No anchor found UDF-fs: Scanning with blocksize 1024 failed overlayfs: unrecognized mount option "lower0" or missing value UDF-fs: warning (device loop4): udf_load_vrs: No anchor found overlayfs: 'file0' not a directory UDF-fs: Scanning with blocksize 2048 failed overlayfs: unrecognized mount option "lower0" or missing value UDF-fs: warning (device loop4): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed