EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) EXT4-fs (loop5): group descriptors corrupted! ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 2 ====================================================== WARNING: possible circular locking dependency detected 4.14.215-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/28409 is trying to acquire lock: (console_owner){-.-.}, at: [] console_trylock_spinning kernel/printk/printk.c:1658 [inline] (console_owner){-.-.}, at: [] vprintk_emit+0x32a/0x620 kernel/printk/printk.c:1922 but task is already holding lock: (&(&port->lock)->rlock){-.-.}, at: [] tty_port_close_start.part.0+0x28/0x4c0 drivers/tty/tty_port.c:573 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&(&port->lock)->rlock){-.-.}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160 tty_port_tty_get+0x1d/0x80 drivers/tty/tty_port.c:288 tty_port_default_wakeup+0x11/0x40 drivers/tty/tty_port.c:46 serial8250_tx_chars+0x3fe/0xbf0 drivers/tty/serial/8250/8250_port.c:1810 serial8250_handle_irq.part.0+0x28d/0x330 drivers/tty/serial/8250/8250_port.c:1897 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1870 [inline] serial8250_default_handle_irq+0x8a/0x1f0 drivers/tty/serial/8250/8250_port.c:1913 serial8250_interrupt+0xf3/0x210 drivers/tty/serial/8250/8250_core.c:129 __handle_irq_event_percpu+0xee/0x7f0 kernel/irq/handle.c:147 handle_irq_event_percpu kernel/irq/handle.c:187 [inline] handle_irq_event+0xf0/0x246 kernel/irq/handle.c:204 handle_edge_irq+0x224/0xc40 kernel/irq/chip.c:770 generic_handle_irq_desc include/linux/irqdesc.h:159 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1d0 arch/x86/kernel/irq.c:230 ret_from_intr+0x0/0x1e arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:192 spin_unlock_irqrestore include/linux/spinlock.h:372 [inline] uart_write+0x2dd/0x560 drivers/tty/serial/serial_core.c:625 do_output_char+0x4f5/0x750 drivers/tty/n_tty.c:447 process_output drivers/tty/n_tty.c:514 [inline] n_tty_write+0x3e3/0xda0 drivers/tty/n_tty.c:2345 do_tty_write drivers/tty/tty_io.c:959 [inline] tty_write+0x410/0x740 drivers/tty/tty_io.c:1043 redirected_tty_write+0x9c/0xb0 drivers/tty/tty_io.c:1064 do_loop_readv_writev fs/read_write.c:698 [inline] do_loop_readv_writev fs/read_write.c:682 [inline] do_iter_write+0x3da/0x550 fs/read_write.c:956 vfs_writev+0x125/0x290 fs/read_write.c:999 do_writev+0xfc/0x2c0 fs/read_write.c:1034 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #1 (&port_lock_key){-.-.}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160 serial8250_console_write+0x7a7/0x9d0 drivers/tty/serial/8250/8250_port.c:3253 call_console_drivers kernel/printk/printk.c:1725 [inline] console_unlock+0x99d/0xf20 kernel/printk/printk.c:2400 vprintk_emit+0x224/0x620 kernel/printk/printk.c:1923 vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401 printk+0x9e/0xbc kernel/printk/printk.c:1996 register_console+0x6f4/0xad0 kernel/printk/printk.c:2719 univ8250_console_init+0x2f/0x3a drivers/tty/serial/8250/8250_core.c:691 console_init+0x46/0x53 kernel/printk/printk.c:2800 start_kernel+0x52e/0x770 init/main.c:634 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240 -> #0 (console_owner){-.-.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 console_trylock_spinning kernel/printk/printk.c:1679 [inline] vprintk_emit+0x367/0x620 kernel/printk/printk.c:1922 vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401 printk+0x9e/0xbc kernel/printk/printk.c:1996 tty_port_close_start.part.0+0x46c/0x4c0 drivers/tty/tty_port.c:575 tty_port_close_start drivers/tty/tty_port.c:647 [inline] tty_port_close+0x3b/0x130 drivers/tty/tty_port.c:640 tty_release+0x40b/0x10d0 drivers/tty/tty_io.c:1670 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Chain exists of: console_owner --> &port_lock_key --> &(&port->lock)->rlock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&port->lock)->rlock); lock(&port_lock_key); lock(&(&port->lock)->rlock); lock(console_owner); *** DEADLOCK *** 2 locks held by syz-executor.0/28409: #0: (&tty->legacy_mutex){+.+.}, at: [] tty_lock+0x5f/0x70 drivers/tty/tty_mutex.c:19 #1: (&(&port->lock)->rlock){-.-.}, at: [] tty_port_close_start.part.0+0x28/0x4c0 drivers/tty/tty_port.c:573 stack backtrace: CPU: 0 PID: 28409 Comm: syz-executor.0 Not tainted 4.14.215-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 console_trylock_spinning kernel/printk/printk.c:1679 [inline] vprintk_emit+0x367/0x620 kernel/printk/printk.c:1922 vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401 printk+0x9e/0xbc kernel/printk/printk.c:1996 tty_port_close_start.part.0+0x46c/0x4c0 drivers/tty/tty_port.c:575 tty_port_close_start drivers/tty/tty_port.c:647 [inline] tty_port_close+0x3b/0x130 drivers/tty/tty_port.c:640 tty_release+0x40b/0x10d0 drivers/tty/tty_io.c:1670 __fput+0x25f/0x7a0 fs/file_table.c:210 task_work_run+0x11f/0x190 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:270 [inline] do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x417b71 RSP: 002b:00007ffc097f3690 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000417b71 RDX: 0000000000000000 RSI: 0000000000000081 RDI: 0000000000000005 RBP: 0000000000000000 R08: 00000000011a0318 R09: 0000000000000000 R10: 00007ffc097f3760 R11: 0000000000000293 R12: ffffffffffffffff R13: 0000000000000000 R14: 0000000000000003 R15: 000000000119bf8c arp_tables: arptables: counters copy to user failed while replacing table Bluetooth: hci0 command 0x0409 tx timeout EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted! EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! f2fs_msg: 2 callbacks suppressed F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) IPv6: Can't replace route, no match found F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock EXT4-fs (loop5): group descriptors corrupted! F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) print_req_error: I/O error, dev loop2, sector 0 Buffer I/O error on dev loop2, logical block 0, async page read F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock binder: 28441:28483 ioctl c0306201 20001580 returned -22 F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock audit: type=1800 audit(1610888527.470:47): pid=28488 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="memory.events" dev="sda1" ino=16018 res=0 EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! audit: type=1804 audit(1610888527.560:48): pid=28501 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir158562440/syzkaller.pwZgYc/7/file0" dev="sda1" ino=16194 res=1 F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) EXT4-fs (loop5): group descriptors corrupted! F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock binder: 28441:28450 ioctl c0306201 20001580 returned -22 print_req_error: I/O error, dev loop4, sector 0 audit: type=1800 audit(1610888527.760:49): pid=28488 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="memory.events" dev="sda1" ino=16018 res=0 EXT4-fs (loop2): invalid first ino: 0 EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted! EXT4-fs (loop5): VFS: Can't find ext4 filesystem EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) audit: type=1800 audit(1610888528.170:50): pid=28567 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="memory.events" dev="sda1" ino=15857 res=0 EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop1): group descriptors corrupted! MTD: Attempt to mount non-MTD device "/dev/loop5" binder: 28594:28597 ioctl c0306201 20000240 returned -11 binder: 28594:28597 ioctl 8912 400200 returned -22 EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! binder: 28594:28597 ioctl c0306201 20000240 returned -11 EXT4-fs (loop5): group descriptors corrupted! binder: 28594:28622 ioctl 8912 400200 returned -22 EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) MTD: Attempt to mount non-MTD device "/dev/loop5" print_req_error: I/O error, dev loop2, sector 0 Buffer I/O error on dev loop2, logical block 0, async page read binder: 28627:28648 ioctl c0306201 20001580 returned -22 EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) EXT4-fs (loop5): Unrecognized mount option "Þ" or missing value print_req_error: I/O error, dev loop1, sector 24 binder: 28672:28691 ioctl c0306201 20001580 returned -22 EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) binder: 28690:28703 ioctl 40206435 20000000 returned -22 print_req_error: I/O error, dev loop2, sector 0 Buffer I/O error on dev loop2, logical block 0, async page read EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted! EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) ip6_tables: ip6tables: counters copy to user failed while replacing table ip6_tables: ip6tables: counters copy to user failed while replacing table print_req_error: I/O error, dev loop2, sector 0 Buffer I/O error on dev loop2, logical block 0, async page read binder: BINDER_SET_CONTEXT_MGR already set binder: 28710:28728 ioctl c0306201 20001580 returned -22 binder: 28742:28744 ioctl 40046207 0 returned -16 EXT4-fs (loop5): Ignoring removed nomblk_io_submit option print_req_error: I/O error, dev loop2, sector 0 EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop2): invalid first ino: 0 EXT4-fs (loop5): group descriptors corrupted! print_req_error: I/O error, dev loop2, sector 0 Buffer I/O error on dev loop2, logical block 0, async page read EXT4-fs (loop2): invalid first ino: 0 print_req_error: I/O error, dev loop1, sector 24 Buffer I/O error on dev loop2, logical block 0, async page read binder: 28757:28770 ioctl c0306201 20001580 returned -22 EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted! Bluetooth: hci0 command 0x041b tx timeout Buffer I/O error on dev loop2, logical block 0, async page read netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted! netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. binder: 28835:28851 ioctl c0306201 20001580 returned -22 EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) EXT4-fs (loop5): VFS: Can't find ext4 filesystem binder: BINDER_SET_CONTEXT_MGR already set binder: 28865:28884 ioctl 40046207 0 returned -16 Buffer I/O error on dev loop2, logical block 0, async page read EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted! EXT4-fs (loop2): invalid first ino: 0 EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted! EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) binder: 28906:28927 ioctl c0306201 20001580 returned -22 Buffer I/O error on dev loop2, logical block 0, async page read EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) binder: 28942:28952 ioctl c0306201 20001580 returned -22 Bluetooth: hci0 command 0x040f tx timeout EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) binder: 28966:28970 ioctl c0c89425 20000280 returned -22 EXT4-fs (loop2): invalid first ino: 0 print_req_error: 7 callbacks suppressed print_req_error: I/O error, dev loop1, sector 24 binder: 28964:28983 ioctl c0306201 20001580 returned -22 EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) binder: 29018:29021 unknown command 1074550799 binder: 29018:29021 ioctl c0306201 20000040 returned -22 print_req_error: I/O error, dev loop5, sector 24 binder: 29010:29024 ioctl c0306201 20001580 returned -22 binder: 29018:29034 unknown command 1074550799 binder: 29018:29034 ioctl c0306201 20000040 returned -22 EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) f2fs_msg: 78 callbacks suppressed F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) EXT4-fs (loop2): bad geometry: block count 256 exceeds size of device (2 blocks) F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock binder: 29041:29082 ioctl c0306201 20001580 returned -22 F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock binder: 29086:29101 ioctl c0306201 20001580 returned -22 EXT4-fs (loop2): VFS: Can't find ext4 filesystem EXT4-fs (loop2): VFS: Can't find ext4 filesystem print_req_error: I/O error, dev loop1, sector 24 binder: 29117:29138 ioctl c0306201 20001580 returned -22 Bluetooth: hci0 command 0x0419 tx timeout EXT4-fs (loop2): VFS: Can't find ext4 filesystem print_req_error: I/O error, dev loop5, sector 24 binder: 29164:29180 ioctl c0306201 20001580 returned -22 print_req_error: I/O error, dev loop1, sector 24 binder: 29227:29238 ioctl c0306201 20001580 returned -22 binder: 29286:29298 ioctl c0306201 20001580 returned -22 print_req_error: I/O error, dev loop2, sector 24 print_req_error: I/O error, dev loop1, sector 24 print_req_error: I/O error, dev loop1, sector 24 binder: 29347:29369 ioctl c0306201 20001580 returned -22