====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/29979 is trying to acquire lock: 00000000372ae739 (&pipe->mutex/1){+.+.}, at: pipe_lock_nested fs/pipe.c:77 [inline] 00000000372ae739 (&pipe->mutex/1){+.+.}, at: pipe_lock+0x63/0x80 fs/pipe.c:85 but task is already holding lock: 00000000bfb00e47 (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] 00000000bfb00e47 (sb_writers#3){.+.+}, at: do_splice fs/splice.c:1153 [inline] 00000000bfb00e47 (sb_writers#3){.+.+}, at: __do_sys_splice fs/splice.c:1428 [inline] 00000000bfb00e47 (sb_writers#3){.+.+}, at: __se_sys_splice+0x11de/0x16d0 fs/splice.c:1408 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sb_writers#3){.+.+}: file_start_write include/linux/fs.h:2779 [inline] ovl_write_iter+0x932/0xb40 fs/overlayfs/file.c:282 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 __kernel_write+0x109/0x370 fs/read_write.c:506 write_pipe_buf+0x153/0x1f0 fs/splice.c:798 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x389/0x800 fs/splice.c:627 splice_from_pipe fs/splice.c:662 [inline] default_file_splice_write+0xd8/0x180 fs/splice.c:810 do_splice_from fs/splice.c:852 [inline] do_splice fs/splice.c:1154 [inline] __do_sys_splice fs/splice.c:1428 [inline] __se_sys_splice+0xfe7/0x16d0 fs/splice.c:1408 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&ovl_i_mutex_key[depth]){+.+.}: inode_lock include/linux/fs.h:748 [inline] ovl_write_iter+0x148/0xb40 fs/overlayfs/file.c:270 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 __kernel_write+0x109/0x370 fs/read_write.c:506 write_pipe_buf+0x153/0x1f0 fs/splice.c:798 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x389/0x800 fs/splice.c:627 splice_from_pipe fs/splice.c:662 [inline] default_file_splice_write+0xd8/0x180 fs/splice.c:810 do_splice_from fs/splice.c:852 [inline] do_splice fs/splice.c:1154 [inline] __do_sys_splice fs/splice.c:1428 [inline] __se_sys_splice+0xfe7/0x16d0 fs/splice.c:1408 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&pipe->mutex/1){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 pipe_lock_nested fs/pipe.c:77 [inline] pipe_lock+0x63/0x80 fs/pipe.c:85 iter_file_splice_write+0x183/0xbb0 fs/splice.c:700 do_splice_from fs/splice.c:852 [inline] do_splice fs/splice.c:1154 [inline] __do_sys_splice fs/splice.c:1428 [inline] __se_sys_splice+0xfe7/0x16d0 fs/splice.c:1408 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &pipe->mutex/1 --> &ovl_i_mutex_key[depth] --> sb_writers#3 Possible unsafe locking scenario: CPU0 CPU1 New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000 ---- ---- lock(sb_writers#3); lock(&ovl_i_mutex_key[depth]); lock(sb_writers#3); lock(&pipe->mutex/1); *** DEADLOCK *** Enabled bearer , priority 10 1 lock held by syz-executor.5/29979: #0: 00000000bfb00e47 (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] #0: 00000000bfb00e47 (sb_writers#3){.+.+}, at: do_splice fs/splice.c:1153 [inline] #0: 00000000bfb00e47 (sb_writers#3){.+.+}, at: __do_sys_splice fs/splice.c:1428 [inline] #0: 00000000bfb00e47 (sb_writers#3){.+.+}, at: __se_sys_splice+0x11de/0x16d0 fs/splice.c:1408 stack backtrace: CPU: 1 PID: 29979 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 Disabling bearer lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 pipe_lock_nested fs/pipe.c:77 [inline] pipe_lock+0x63/0x80 fs/pipe.c:85 iter_file_splice_write+0x183/0xbb0 fs/splice.c:700 do_splice_from fs/splice.c:852 [inline] do_splice fs/splice.c:1154 [inline] __do_sys_splice fs/splice.c:1428 [inline] __se_sys_splice+0xfe7/0x16d0 fs/splice.c:1408 F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f9ca522d0c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock RSP: 002b:00007f9ca379f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 00007f9ca534cf80 RCX: 00007f9ca522d0c9 RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f9ca5288ae9 R08: 00000000ffffffe1 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffea711d9df R14: 00007f9ca379f300 R15: 0000000000022000 Started in network mode Own node identity fc, cluster identity 4711 New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000 Enabled bearer , priority 10 Disabling bearer audit: type=1800 audit(1675127628.351:309): pid=29939 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=13971 res=0 F2FS-fs (loop4): invalid crc value F2FS-fs (loop4): Found nat_bits in checkpoint F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b audit: type=1800 audit(1675127628.551:310): pid=29970 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=4 res=0 New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000 new mount options do not match the existing superblock, will be ignored Enabled bearer , priority 10 Disabling bearer audit: type=1804 audit(1675127628.691:311): pid=29980 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1654266546/syzkaller.2YmHSt/1037/bus" dev="sda1" ino=14072 res=1 audit: type=1804 audit(1675127628.872:312): pid=30033 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1444794635/syzkaller.P5YnIy/1002/bus" dev="sda1" ino=14039 res=1 audit: type=1800 audit(1675127629.462:313): pid=29999 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=13987 res=0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored kauditd_printk_skb: 5 callbacks suppressed audit: type=1800 audit(1675127630.692:319): pid=30059 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14114 res=0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored f2fs_msg: 5 callbacks suppressed F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop4): invalid crc value audit: type=1804 audit(1675127631.252:320): pid=30132 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1453125154/syzkaller.tW8h7r/1000/bus" dev="sda1" ino=13953 res=1 F2FS-fs (loop4): Found nat_bits in checkpoint F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b audit: type=1800 audit(1675127631.352:321): pid=30140 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=4 res=0 new mount options do not match the existing superblock, will be ignored audit: type=1804 audit(1675127631.412:322): pid=30136 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1444794635/syzkaller.P5YnIy/1005/bus" dev="sda1" ino=13955 res=1 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop4): invalid crc value F2FS-fs (loop4): Found nat_bits in checkpoint F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b audit: type=1800 audit(1675127632.312:323): pid=30176 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=4 res=0 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored audit: type=1800 audit(1675127634.002:324): pid=30206 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=4 res=0 syz-executor.3 (30207) used greatest stack depth: 22744 bytes left audit: type=1804 audit(1675127634.192:325): pid=30241 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1444794635/syzkaller.P5YnIy/1006/bus" dev="sda1" ino=14321 res=1 audit: type=1804 audit(1675127634.282:326): pid=30257 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1444794635/syzkaller.P5YnIy/1006/bus" dev="sda1" ino=14321 res=1 audit: type=1804 audit(1675127634.322:327): pid=30246 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1453125154/syzkaller.tW8h7r/1001/bus" dev="sda1" ino=13904 res=1 new mount options do not match the existing superblock, will be ignored audit: type=1804 audit(1675127634.592:328): pid=30273 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1444794635/syzkaller.P5YnIy/1007/bus" dev="sda1" ino=13904 res=1 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored f2fs_msg: 10 callbacks suppressed F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop4): invalid crc value F2FS-fs (loop4): Found nat_bits in checkpoint F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored