======================================================
WARNING: possible circular locking dependency detected
4.14.290-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:5/9219 is trying to acquire lock:
 ((&(&cp->cp_send_w)->work)){+.+.}, at: [<ffffffff81367998>] flush_work+0x88/0x770 kernel/workqueue.c:2887

but task is already holding lock:
 (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff869c30f1>] lock_sock include/net/sock.h:1473 [inline]
 (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff869c30f1>] rds_tcp_reset_callbacks+0x181/0x450 net/rds/tcp.c:165

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (k-sk_lock-AF_INET){+.+.}:
       lock_sock_nested+0xb7/0x100 net/core/sock.c:2813
       lock_sock include/net/sock.h:1473 [inline]
       do_tcp_setsockopt.constprop.0+0xfb/0x1c10 net/ipv4/tcp.c:2564
       tcp_setsockopt net/ipv4/tcp.c:2832 [inline]
       tcp_setsockopt+0xa7/0xc0 net/ipv4/tcp.c:2824
       kernel_setsockopt+0xfb/0x1b0 net/socket.c:3396
       rds_tcp_cork net/rds/tcp_send.c:43 [inline]
       rds_tcp_xmit_path_prepare+0xaf/0xe0 net/rds/tcp_send.c:50
       rds_send_xmit+0x1ae/0x1c00 net/rds/send.c:187
       rds_send_worker+0x6d/0x240 net/rds/threads.c:189
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #0 ((&(&cp->cp_send_w)->work)){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       flush_work+0xad/0x770 kernel/workqueue.c:2890
       __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
       rds_tcp_reset_callbacks+0x18d/0x450 net/rds/tcp.c:167
       rds_tcp_accept_one+0x61a/0x8b0 net/rds/tcp_listen.c:194
       rds_tcp_accept_worker+0x4d/0x70 net/rds/tcp.c:407
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(k-sk_lock-AF_INET);
                               lock((&(&cp->cp_send_w)->work));
                               lock(k-sk_lock-AF_INET);
  lock((&(&cp->cp_send_w)->work));

 *** DEADLOCK ***

4 locks held by kworker/u4:5/9219:
 #0:  ("%s""krdsd"){+.+.}, at: [<ffffffff81364eb0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((&rtn->rds_tcp_accept_w)){+.+.}, at: [<ffffffff81364ee6>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092
 #2:  (&tc->t_conn_path_lock){+.+.}, at: [<ffffffff869c4ee2>] rds_tcp_accept_one+0x502/0x8b0 net/rds/tcp_listen.c:186
 #3:  (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff869c30f1>] lock_sock include/net/sock.h:1473 [inline]
 #3:  (k-sk_lock-AF_INET){+.+.}, at: [<ffffffff869c30f1>] rds_tcp_reset_callbacks+0x181/0x450 net/rds/tcp.c:165

stack backtrace:
CPU: 0 PID: 9219 Comm: kworker/u4:5 Not tainted 4.14.290-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Workqueue: krdsd rds_tcp_accept_worker
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 flush_work+0xad/0x770 kernel/workqueue.c:2890
 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
 rds_tcp_reset_callbacks+0x18d/0x450 net/rds/tcp.c:167
 rds_tcp_accept_one+0x61a/0x8b0 net/rds/tcp_listen.c:194
 rds_tcp_accept_worker+0x4d/0x70 net/rds/tcp.c:407
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
handle_userfault: 8 callbacks suppressed
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 11506 Comm: syz-executor.4 Not tainted 4.14.290-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 handle_userfault.cold+0x3b/0x4a fs/userfaultfd.c:429
 do_anonymous_page mm/memory.c:3281 [inline]
 handle_pte_fault mm/memory.c:4108 [inline]
 __handle_mm_fault+0x2aa7/0x4620 mm/memory.c:4234
 handle_mm_fault+0x455/0x9c0 mm/memory.c:4271
 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff8880742f7a40 EFLAGS: 00050206
RAX: ffffed100197a600 RBX: 0000000000001000 RCX: 0000000000001000
RDX: 0000000000001000 RSI: 0000000020ffd000 RDI: ffff88800cbd2000
RBP: 0000000020ffd000 R08: 0000000000000001 R09: ffffed100197a5ff
R10: ffff88800cbd2fff R11: 0000000000000000 R12: 00007ffffffff000
R13: ffff88800cbd2000 R14: 0000000020ffe000 R15: ffff8880a86a8d00
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:55 [inline]
 _copy_from_user+0xbe/0x100 lib/usercopy.c:13
 copy_from_user include/linux/uaccess.h:147 [inline]
 __mcopy_atomic mm/userfaultfd.c:562 [inline]
 mcopy_atomic+0x1177/0x1ef0 mm/userfaultfd.c:601
 userfaultfd_copy fs/userfaultfd.c:1713 [inline]
 userfaultfd_ioctl+0x30d/0x30a0 fs/userfaultfd.c:1858
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fe7fd4ee279
RSP: 002b:00007fe7fbe63168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe7fd600f80 RCX: 00007fe7fd4ee279
RDX: 00000000200000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
RBP: 00007fe7fd548189 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe6ac44faf R14: 00007fe7fbe63300 R15: 0000000000022000
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 11549 Comm: syz-executor.4 Not tainted 4.14.290-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 handle_userfault.cold+0x3b/0x4a fs/userfaultfd.c:429
 do_anonymous_page mm/memory.c:3281 [inline]
 handle_pte_fault mm/memory.c:4108 [inline]
 __handle_mm_fault+0x2aa7/0x4620 mm/memory.c:4234
FAULT_FLAG_ALLOW_RETRY missing 30
 handle_mm_fault+0x455/0x9c0 mm/memory.c:4271
 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff88806fdafa40 EFLAGS: 00050206
RAX: ffffed100ec26400 RBX: 0000000000001000 RCX: 0000000000001000
RDX: 0000000000001000 RSI: 0000000020ffd000 RDI: ffff888076131000
RBP: 0000000020ffd000 R08: 0000000000000001 R09: ffffed100ec263ff
R10: ffff888076131fff R11: 0000000000000000 R12: 00007ffffffff000
R13: ffff888076131000 R14: 0000000020ffe000 R15: ffff888096a96cc0
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:55 [inline]
 _copy_from_user+0xbe/0x100 lib/usercopy.c:13
 copy_from_user include/linux/uaccess.h:147 [inline]
 __mcopy_atomic mm/userfaultfd.c:562 [inline]
 mcopy_atomic+0x1177/0x1ef0 mm/userfaultfd.c:601
 userfaultfd_copy fs/userfaultfd.c:1713 [inline]
 userfaultfd_ioctl+0x30d/0x30a0 fs/userfaultfd.c:1858
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fe7fd4ee279
RSP: 002b:00007fe7fbe63168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe7fd600f80 RCX: 00007fe7fd4ee279
RDX: 00000000200000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
RBP: 00007fe7fd548189 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe6ac44faf R14: 00007fe7fbe63300 R15: 0000000000022000
CPU: 1 PID: 11551 Comm: syz-executor.5 Not tainted 4.14.290-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 handle_userfault.cold+0x3b/0x4a fs/userfaultfd.c:429
 do_anonymous_page mm/memory.c:3281 [inline]
 handle_pte_fault mm/memory.c:4108 [inline]
 __handle_mm_fault+0x2aa7/0x4620 mm/memory.c:4234
 handle_mm_fault+0x455/0x9c0 mm/memory.c:4271
 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff88806ff47a40 EFLAGS: 00050206
RAX: ffffed100e533a00 RBX: 0000000000001000 RCX: 0000000000001000
RDX: 0000000000001000 RSI: 0000000020ffd000 RDI: ffff88807299c000
RBP: 0000000020ffd000 R08: 0000000000000001 R09: ffffed100e5339ff
R10: ffff88807299cfff R11: 0000000000000000 R12: 00007ffffffff000
R13: ffff88807299c000 R14: 0000000020ffe000 R15: ffff8880b2cb9340
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:55 [inline]
 _copy_from_user+0xbe/0x100 lib/usercopy.c:13
 copy_from_user include/linux/uaccess.h:147 [inline]
 __mcopy_atomic mm/userfaultfd.c:562 [inline]
 mcopy_atomic+0x1177/0x1ef0 mm/userfaultfd.c:601
 userfaultfd_copy fs/userfaultfd.c:1713 [inline]
 userfaultfd_ioctl+0x30d/0x30a0 fs/userfaultfd.c:1858
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f476c3ba279
RSP: 002b:00007f476ad2f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f476c4ccf80 RCX: 00007f476c3ba279
RDX: 00000000200000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
RBP: 00007f476c414189 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdabb7b2df R14: 00007f476ad2f300 R15: 0000000000022000
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 11609 Comm: syz-executor.5 Not tainted 4.14.290-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 handle_userfault.cold+0x3b/0x4a fs/userfaultfd.c:429
 do_anonymous_page mm/memory.c:3281 [inline]
 handle_pte_fault mm/memory.c:4108 [inline]
 __handle_mm_fault+0x2aa7/0x4620 mm/memory.c:4234
 handle_mm_fault+0x455/0x9c0 mm/memory.c:4271
 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442
FAULT_FLAG_ALLOW_RETRY missing 30
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff88809f6e7a40 EFLAGS: 00050206
RAX: ffffed1011d65e00 RBX: 0000000000001000 RCX: 0000000000001000
RDX: 0000000000001000 RSI: 0000000020ffd000 RDI: ffff88808eb2e000
RBP: 0000000020ffd000 R08: 0000000000000001 R09: ffffed1011d65dff
R10: ffff88808eb2efff R11: 0000000000000000 R12: 00007ffffffff000
R13: ffff88808eb2e000 R14: 0000000020ffe000 R15: ffff8880a3ce3300
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:55 [inline]
 _copy_from_user+0xbe/0x100 lib/usercopy.c:13
 copy_from_user include/linux/uaccess.h:147 [inline]
 __mcopy_atomic mm/userfaultfd.c:562 [inline]
 mcopy_atomic+0x1177/0x1ef0 mm/userfaultfd.c:601
 userfaultfd_copy fs/userfaultfd.c:1713 [inline]
 userfaultfd_ioctl+0x30d/0x30a0 fs/userfaultfd.c:1858
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f476c3ba279
RSP: 002b:00007f476ad2f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f476c4ccf80 RCX: 00007f476c3ba279
RDX: 00000000200000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
RBP: 00007f476c414189 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdabb7b2df R14: 00007f476ad2f300 R15: 0000000000022000
CPU: 0 PID: 11611 Comm: syz-executor.4 Not tainted 4.14.290-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 handle_userfault.cold+0x3b/0x4a fs/userfaultfd.c:429
 do_anonymous_page mm/memory.c:3281 [inline]
 handle_pte_fault mm/memory.c:4108 [inline]
 __handle_mm_fault+0x2aa7/0x4620 mm/memory.c:4234
 handle_mm_fault+0x455/0x9c0 mm/memory.c:4271
 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff88809be97a40 EFLAGS: 00050206
RAX: ffffed100e286000 RBX: 0000000000001000 RCX: 0000000000001000
RDX: 0000000000001000 RSI: 0000000020ffd000 RDI: ffff88807142f000
RBP: 0000000020ffd000 R08: 0000000000000001 R09: ffffed100e285fff
R10: ffff88807142ffff R11: 0000000000000000 R12: 00007ffffffff000
R13: ffff88807142f000 R14: 0000000020ffe000 R15: ffff8880af1fd340
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:55 [inline]
 _copy_from_user+0xbe/0x100 lib/usercopy.c:13
 copy_from_user include/linux/uaccess.h:147 [inline]
 __mcopy_atomic mm/userfaultfd.c:562 [inline]
 mcopy_atomic+0x1177/0x1ef0 mm/userfaultfd.c:601
 userfaultfd_copy fs/userfaultfd.c:1713 [inline]
 userfaultfd_ioctl+0x30d/0x30a0 fs/userfaultfd.c:1858
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fe7fd4ee279
RSP: 002b:00007fe7fbe63168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe7fd600f80 RCX: 00007fe7fd4ee279
RDX: 00000000200000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
RBP: 00007fe7fd548189 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe6ac44faf R14: 00007fe7fbe63300 R15: 0000000000022000
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 11665 Comm: syz-executor.4 Not tainted 4.14.290-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 handle_userfault.cold+0x3b/0x4a fs/userfaultfd.c:429
FAULT_FLAG_ALLOW_RETRY missing 30
 do_anonymous_page mm/memory.c:3281 [inline]
 handle_pte_fault mm/memory.c:4108 [inline]
 __handle_mm_fault+0x2aa7/0x4620 mm/memory.c:4234
 handle_mm_fault+0x455/0x9c0 mm/memory.c:4271
 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff88806f22fa40 EFLAGS: 00050206
RAX: ffffed1012ba4c00 RBX: 0000000000001000 RCX: 0000000000001000
RDX: 0000000000001000 RSI: 0000000020ffd000 RDI: ffff888095d25000
RBP: 0000000020ffd000 R08: 0000000000000001 R09: ffffed1012ba4bff
R10: ffff888095d25fff R11: 0000000000000000 R12: 00007ffffffff000
R13: ffff888095d25000 R14: 0000000020ffe000 R15: ffff88809e023300
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:55 [inline]
 _copy_from_user+0xbe/0x100 lib/usercopy.c:13
 copy_from_user include/linux/uaccess.h:147 [inline]
 __mcopy_atomic mm/userfaultfd.c:562 [inline]
 mcopy_atomic+0x1177/0x1ef0 mm/userfaultfd.c:601
 userfaultfd_copy fs/userfaultfd.c:1713 [inline]
 userfaultfd_ioctl+0x30d/0x30a0 fs/userfaultfd.c:1858
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fe7fd4ee279
RSP: 002b:00007fe7fbe63168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fe7fd600f80 RCX: 00007fe7fd4ee279
RDX: 00000000200000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
RBP: 00007fe7fd548189 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe6ac44faf R14: 00007fe7fbe63300 R15: 0000000000022000
CPU: 1 PID: 11675 Comm: syz-executor.5 Not tainted 4.14.290-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 handle_userfault.cold+0x3b/0x4a fs/userfaultfd.c:429
 do_anonymous_page mm/memory.c:3281 [inline]
 handle_pte_fault mm/memory.c:4108 [inline]
 __handle_mm_fault+0x2aa7/0x4620 mm/memory.c:4234
 handle_mm_fault+0x455/0x9c0 mm/memory.c:4271
 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181
RSP: 0018:ffff8880704bfa40 EFLAGS: 00050206
RAX: ffffed1011e1dc00 RBX: 0000000000001000 RCX: 0000000000001000
RDX: 0000000000001000 RSI: 0000000020ffd000 RDI: ffff88808f0ed000
RBP: 0000000020ffd000 R08: 0000000000000001 R09: ffffed1011e1dbff
R10: ffff88808f0edfff R11: 0000000000000000 R12: 00007ffffffff000
R13: ffff88808f0ed000 R14: 0000000020ffe000 R15: ffff8880922c32c0
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:55 [inline]
 _copy_from_user+0xbe/0x100 lib/usercopy.c:13
 copy_from_user include/linux/uaccess.h:147 [inline]
 __mcopy_atomic mm/userfaultfd.c:562 [inline]
 mcopy_atomic+0x1177/0x1ef0 mm/userfaultfd.c:601
 userfaultfd_copy fs/userfaultfd.c:1713 [inline]
 userfaultfd_ioctl+0x30d/0x30a0 fs/userfaultfd.c:1858
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f476c3ba279
RSP: 002b:00007f476ad2f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f476c4ccf80 RCX: 00007f476c3ba279
RDX: 00000000200000c0 RSI: 00000000c028aa03 RDI: 0000000000000003
RBP: 00007f476c414189 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdabb7b2df R14: 00007f476ad2f300 R15: 0000000000022000
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 4096 failed
EXT4-fs warning (device sda1): ext4_group_add:1668: No reserved GDT blocks, can't resize
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
EXT4-fs warning (device sda1): ext4_group_add:1668: No reserved GDT blocks, can't resize
UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 4096 failed
EXT4-fs warning (device sda1): ext4_group_add:1668: No reserved GDT blocks, can't resize
EXT4-fs warning (device sda1): ext4_group_add:1668: No reserved GDT blocks, can't resize
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 4096 failed
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 512 failed
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 1024 failed
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
UDF-fs: Scanning with blocksize 2048 failed
UDF-fs: warning (device loop3): udf_load_vrs: No VRS found
UDF-fs: Scanning with blocksize 4096 failed