ceph: device name is missing path (no : separator in []:2\|T-[92 1yn_NLqʵZ`;Zyf JO*7ZTxHX֋DpApikJ^) netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. ceph: device name is missing path (no : separator in []:2\|T-[92 1yn_NLqʵZ`;Zyf JO*7ZTxHX֋DpApikJ^) libceph: parse_ips bad ip '[]' ====================================================== WARNING: possible circular locking dependency detected device bond1 entered promiscuous mode 4.14.215-syzkaller #0 Not tainted ------------------------------------------------------ kswapd0/1944 is trying to acquire lock: (sb_writers#6){.+.+}, at: [] file_start_write include/linux/fs.h:2712 [inline] (sb_writers#6){.+.+}, at: [] vfs_fallocate+0x5c1/0x790 fs/open.c:318 but task is already holding lock: (ashmem_mutex){+.+.}, at: [] ashmem_shrink_scan+0x3f/0x80 drivers/staging/android/ashmem.c:494 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (ashmem_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 ashmem_mmap+0x50/0x5c0 drivers/staging/android/ashmem.c:393 call_mmap include/linux/fs.h:1783 [inline] mmap_region+0xa1a/0x1220 mm/mmap.c:1717 do_mmap+0x5b3/0xcb0 mm/mmap.c:1495 do_mmap_pgoff include/linux/mm.h:2185 [inline] vm_mmap_pgoff+0x14e/0x1a0 mm/util.c:333 SYSC_mmap_pgoff mm/mmap.c:1545 [inline] SyS_mmap_pgoff+0x249/0x510 mm/mmap.c:1503 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #2 (&mm->mmap_sem){++++}: __might_fault mm/memory.c:4677 [inline] __might_fault+0x137/0x1b0 mm/memory.c:4662 _copy_to_user+0x27/0xd0 lib/usercopy.c:25 copy_to_user include/linux/uaccess.h:155 [inline] filldir+0x1d5/0x390 fs/readdir.c:234 dir_emit_dot include/linux/fs.h:3359 [inline] dir_emit_dots include/linux/fs.h:3370 [inline] dcache_readdir+0x180/0x860 fs/libfs.c:192 iterate_dir+0x1a0/0x5e0 fs/readdir.c:52 SYSC_getdents fs/readdir.c:269 [inline] SyS_getdents+0x125/0x240 fs/readdir.c:250 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #1 (&type->i_mutex_dir_key#5){++++}: down_write+0x34/0x90 kernel/locking/rwsem.c:54 inode_lock include/linux/fs.h:719 [inline] do_last fs/namei.c:3331 [inline] path_openat+0xde2/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (sb_writers#6){.+.+}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x64/0x260 fs/super.c:1342 file_start_write include/linux/fs.h:2712 [inline] vfs_fallocate+0x5c1/0x790 fs/open.c:318 ashmem_shrink_scan.part.0+0x135/0x3d0 drivers/staging/android/ashmem.c:501 ashmem_shrink_scan+0x50/0x80 drivers/staging/android/ashmem.c:494 do_shrink_slab mm/vmscan.c:401 [inline] shrink_slab+0x535/0xb60 mm/vmscan.c:504 shrink_node.isra.0+0x8ce/0xc00 mm/vmscan.c:2672 kswapd_shrink_node mm/vmscan.c:3300 [inline] balance_pgdat mm/vmscan.c:3406 [inline] kswapd+0x9a2/0x14c0 mm/vmscan.c:3627 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 other info that might help us debug this: Chain exists of: sb_writers#6 --> &mm->mmap_sem --> ashmem_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(ashmem_mutex); lock(&mm->mmap_sem); lock(ashmem_mutex); lock(sb_writers#6); *** DEADLOCK *** 2 locks held by kswapd0/1944: #0: (shrinker_rwsem){++++}, at: [] shrink_slab+0x13b/0xb60 mm/vmscan.c:474 #1: (ashmem_mutex){+.+.}, at: [] ashmem_shrink_scan+0x3f/0x80 drivers/staging/android/ashmem.c:494 stack backtrace: CPU: 1 PID: 1944 Comm: kswapd0 Not tainted 4.14.215-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x64/0x260 fs/super.c:1342 file_start_write include/linux/fs.h:2712 [inline] vfs_fallocate+0x5c1/0x790 fs/open.c:318 ashmem_shrink_scan.part.0+0x135/0x3d0 drivers/staging/android/ashmem.c:501 ashmem_shrink_scan+0x50/0x80 drivers/staging/android/ashmem.c:494 do_shrink_slab mm/vmscan.c:401 [inline] shrink_slab+0x535/0xb60 mm/vmscan.c:504 shrink_node.isra.0+0x8ce/0xc00 mm/vmscan.c:2672 kswapd_shrink_node mm/vmscan.c:3300 [inline] balance_pgdat mm/vmscan.c:3406 [inline] kswapd+0x9a2/0x14c0 mm/vmscan.c:3627 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 libceph: parse_ips bad ip '[]' ceph: device name is missing path (no : separator in []:2\|T-[92 1yn_NLqʵZ`;Zyf JO*7ZTxHX֋DpApikJ^) libceph: resolve 'R]' (ret=-3): failed kauditd_printk_skb: 84 callbacks suppressed audit: type=1804 audit(1610573828.863:17412): pid=4037 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir136838415/syzkaller.dK6QzT/388/file0" dev="sda1" ino=18178 res=1 libceph: parse_ips bad ip 'R]' netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' audit: type=1804 audit(1610573828.893:17413): pid=4037 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir136838415/syzkaller.dK6QzT/388/file0" dev="sda1" ino=18178 res=1 libceph: parse_ips bad ip '[]' device bond2 entered promiscuous mode audit: type=1804 audit(1610573828.893:17414): pid=4037 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir136838415/syzkaller.dK6QzT/388/file0" dev="sda1" ino=18178 res=1 audit: type=1804 audit(1610573828.913:17415): pid=4148 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir136838415/syzkaller.dK6QzT/388/file0" dev="sda1" ino=18178 res=1 audit: type=1804 audit(1610573828.913:17416): pid=4148 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir136838415/syzkaller.dK6QzT/388/file0" dev="sda1" ino=18178 res=1 libceph: parse_ips bad ip '[]' audit: type=1800 audit(1610573828.943:17417): pid=4150 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file0" dev="sda1" ino=18211 res=0 audit: type=1804 audit(1610573828.943:17418): pid=4150 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir532808250/syzkaller.N1wRSL/641/file0/file0" dev="sda1" ino=18211 res=1 audit: type=1804 audit(1610573828.953:17419): pid=4150 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir532808250/syzkaller.N1wRSL/641/file0/file0" dev="sda1" ino=18211 res=1 audit: type=1804 audit(1610573828.963:17420): pid=4150 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir532808250/syzkaller.N1wRSL/641/file0/file0" dev="sda1" ino=18211 res=1 audit: type=1804 audit(1610573828.963:17421): pid=4150 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir532808250/syzkaller.N1wRSL/641/file0/file0" dev="sda1" ino=18211 res=1 libceph: parse_ips bad ip '[]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve ' ]' (ret=-3): failed FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: parse_ips bad ip ' ]' libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' binder: 4369:4381 ioctl c0306201 0 returned -14 libceph: resolve 'gW`' (ret=-3): failed libceph: parse_ips bad ip '[gW`' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip '[]' binder: 4396:4404 ioctl c0306201 0 returned -14 FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) binder: 4428:4436 ioctl c0306201 0 returned -14 libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip '[]' libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' IPVS: ftp: loaded support on port[0] = 21 ceph: device name is missing path (no : separator in 00000000000000000000005) FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip '[]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip '[]' libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip '[]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve ' ]' (ret=-3): failed ceph: device name is missing path (no : separator in []:w)kǠut@fdP 57·ݐ) libceph: parse_ips bad ip ' ]' ceph: device name is missing path (no : separator in []:w)kǠut@fdP 57·ݐ) libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) ceph: device name is missing path (no : separator in ) libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: parse_ips bad ip '[]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve 'R]' (ret=-3): failed libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: parse_ips bad ip '[]' libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip '[]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) kauditd_printk_skb: 67 callbacks suppressed audit: type=1804 audit(1610573833.883:17489): pid=4690 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir136838415/syzkaller.dK6QzT/395/file0" dev="sda1" ino=18276 res=1 audit: type=1804 audit(1610573833.883:17490): pid=4722 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir136838415/syzkaller.dK6QzT/395/file0" dev="sda1" ino=18276 res=1 audit: type=1804 audit(1610573833.933:17491): pid=4722 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir136838415/syzkaller.dK6QzT/395/file0" dev="sda1" ino=18276 res=1 FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' audit: type=1804 audit(1610573834.073:17492): pid=4765 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir532808250/syzkaller.N1wRSL/651/file0/file0" dev="loop3" ino=359 res=1 libceph: resolve ' ]' (ret=-3): failed libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip '[]' audit: type=1804 audit(1610573834.103:17493): pid=4765 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir532808250/syzkaller.N1wRSL/651/file0/file0" dev="loop3" ino=359 res=1 libceph: resolve 'R]' (ret=-3): failed libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' audit: type=1800 audit(1610573834.133:17494): pid=4789 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=18281 res=0 libceph: parse_ips bad ip 'R]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) audit: type=1800 audit(1610573834.653:17495): pid=4848 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=18281 res=0 audit: type=1800 audit(1610573834.653:17496): pid=4840 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file0" dev="loop3" ino=360 res=0 audit: type=1804 audit(1610573834.653:17497): pid=4840 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir532808250/syzkaller.N1wRSL/652/file0/file0" dev="loop3" ino=360 res=1 audit: type=1804 audit(1610573834.683:17498): pid=4840 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir532808250/syzkaller.N1wRSL/652/file0/file0" dev="loop3" ino=360 res=1 libceph: resolve ' ]' (ret=-3): failed FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' ceph: device name is missing path (no : separator in 01777777777777777777777) FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip '[]' libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: parse_ips bad ip '[]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip '[]' libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip ' ]' libceph: parse_ips bad ip '[]' libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' Error parsing options; rc = [-22] libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: resolve ' ]' (ret=-3): failed libceph: parse_ips bad ip ' ]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve 'R]' (ret=-3): failed FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: parse_ips bad ip 'R]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip '[]' libceph: parse_ips bad ip 'R]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) ceph: device name is missing path (no : separator in 00000000000000000000004) FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip '[]' libceph: parse_ips bad ip 'R]' FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: parse_ips bad ip '[]' libceph: resolve ' ]' (ret=-3): failed libceph: resolve 'R]' (ret=-3): failed FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) libceph: parse_ips bad ip ' ]' libceph: parse_ips bad ip 'R]' libceph: parse_ips bad ip '[]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]' ceph: device name is missing path (no : separator in []:ږ/Y8:óF) FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) ceph: device name is missing path (no : separator in []: ^(;@&DŽ!qyabW϶-jXkq]:3IeTc1nn) libceph: resolve 'R]' (ret=-3): failed ceph: device name is missing path (no : separator in []: ^(;@&DŽ!qyabW϶-jXkq]:3IeTc1nn) libceph: parse_ips bad ip 'R]' libceph: resolve 'R]' (ret=-3): failed libceph: parse_ips bad ip 'R]'