XFS (loop4): Unmounting Filesystem x_tables: ip_tables: ah match: only valid for protocol 51 NILFS (loop5): invalid segment: Checksum error in segment payload NILFS (loop5): trying rollback from an earlier position ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/15452 is trying to acquire lock: 00000000d8df5f47 (&dat_lock_key){.+.+}, at: nilfs_count_free_blocks+0x68/0x180 fs/nilfs2/the_nilfs.c:698 but task is already holding lock: 00000000c2065ff3 (&nilfs->ns_sem){++++}, at: load_nilfs+0x76d/0x11f0 fs/nilfs2/the_nilfs.c:315 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&nilfs->ns_sem){++++}: nilfs_set_error fs/nilfs2/super.c:86 [inline] __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131 nilfs_bmap_convert_error fs/nilfs2/bmap.c:35 [inline] nilfs_bmap_lookup_contig+0x13d/0x180 fs/nilfs2/bmap.c:95 nilfs_get_block+0x1ce/0x970 fs/nilfs2/inode.c:80 do_mpage_readpage+0x8fb/0x1ca0 fs/mpage.c:231 mpage_readpages+0x33a/0x630 fs/mpage.c:404 read_pages.isra.0+0xf6/0x5d0 mm/readahead.c:123 __do_page_cache_readahead+0x5c6/0x6c0 mm/readahead.c:211 ra_submit mm/internal.h:66 [inline] ondemand_readahead.isra.0+0x575/0xd40 mm/readahead.c:493 page_cache_sync_readahead mm/readahead.c:528 [inline] page_cache_sync_readahead+0x275/0x520 mm/readahead.c:510 generic_file_buffered_read mm/filemap.c:2115 [inline] generic_file_read_iter+0x1497/0x2b60 mm/filemap.c:2385 call_read_iter include/linux/fs.h:1815 [inline] new_sync_read fs/read_write.c:406 [inline] __vfs_read+0x518/0x750 fs/read_write.c:418 integrity_kernel_read+0x147/0x1f0 security/integrity/iint.c:200 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:364 [inline] ima_calc_file_shash security/integrity/ima/ima_crypto.c:393 [inline] ima_calc_file_hash+0x4b2/0x8a0 security/integrity/ima/ima_crypto.c:450 ima_collect_measurement+0x4c4/0x570 security/integrity/ima/ima_api.c:231 process_measurement+0xddd/0x1440 security/integrity/ima/ima_main.c:284 ima_file_check+0xb9/0x100 security/integrity/ima/ima_main.c:391 do_last fs/namei.c:3425 [inline] path_openat+0x7e4/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&dat_lock_key){.+.+}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 nilfs_count_free_blocks+0x68/0x180 fs/nilfs2/the_nilfs.c:698 nilfs_set_log_cursor fs/nilfs2/super.c:237 [inline] nilfs_cleanup_super+0x133/0x490 fs/nilfs2/super.c:319 load_nilfs+0x79f/0x11f0 fs/nilfs2/the_nilfs.c:317 nilfs_fill_super fs/nilfs2/super.c:1063 [inline] nilfs_mount+0x9b5/0xe70 fs/nilfs2/super.c:1321 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&nilfs->ns_sem); lock(&dat_lock_key); lock(&nilfs->ns_sem); lock(&dat_lock_key); *** DEADLOCK *** 2 locks held by syz-executor.5/15452: #0: 00000000d246bcba (&type->s_umount_key#49/1){+.+.}, at: alloc_super fs/super.c:226 [inline] #0: 00000000d246bcba (&type->s_umount_key#49/1){+.+.}, at: sget_userns+0x20b/0xcd0 fs/super.c:519 #1: 00000000c2065ff3 (&nilfs->ns_sem){++++}, at: load_nilfs+0x76d/0x11f0 fs/nilfs2/the_nilfs.c:315 stack backtrace: CPU: 0 PID: 15452 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_read+0x36/0x80 kernel/locking/rwsem.c:24 nilfs_count_free_blocks+0x68/0x180 fs/nilfs2/the_nilfs.c:698 nilfs_set_log_cursor fs/nilfs2/super.c:237 [inline] nilfs_cleanup_super+0x133/0x490 fs/nilfs2/super.c:319 load_nilfs+0x79f/0x11f0 fs/nilfs2/the_nilfs.c:317 nilfs_fill_super fs/nilfs2/super.c:1063 [inline] nilfs_mount+0x9b5/0xe70 fs/nilfs2/super.c:1321 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f80b8f7260a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f80b74e2f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000da6 RCX: 00007f80b8f7260a RDX: 0000000020000dc0 RSI: 0000000020000100 RDI: 00007f80b74e2fe0 RBP: 00007f80b74e3020 R08: 00007f80b74e3020 R09: 0000000000010008 R10: 0000000000010008 R11: 0000000000000202 R12: 0000000020000dc0 R13: 0000000020000100 R14: 00007f80b74e2fe0 R15: 0000000020000e40 NILFS (loop5): recovery complete NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected NILFS (loop5): invalid segment: Checksum error in segment payload NILFS (loop5): trying rollback from an earlier position NILFS (loop5): recovery complete NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 x_tables: ip_tables: ah match: only valid for protocol 51 BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 622039222 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents XFS (loop4): Mounting V4 Filesystem NILFS (loop5): invalid segment: Checksum error in segment payload NILFS (loop5): trying rollback from an earlier position XFS (loop4): Ending clean mount XFS (loop4): Unmounting Filesystem NILFS (loop5): recovery complete NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop0): invalid segment: Checksum error in segment payload NILFS (loop0): trying rollback from an earlier position NILFS (loop0): recovery complete NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected NILFS (loop0): invalid segment: Checksum error in segment payload NILFS (loop0): trying rollback from an earlier position NILFS (loop0): recovery complete NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds x_tables: ip_tables: ah match: only valid for protocol 51 BTRFS info (device loop5): enabling inode map caching BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by syz-executor.3 (15611) BTRFS warning (device ): duplicate device /dev/loop3 devid 1 generation 8 scanned by systemd-udevd (15643) NILFS (loop0): invalid segment: Checksum error in segment payload NILFS (loop0): trying rollback from an earlier position NILFS (loop0): recovery complete NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds XFS (loop4): Mounting V4 Filesystem XFS (loop4): Ending clean mount BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 622039222 XFS (loop4): Unmounting Filesystem BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents audit: type=1804 audit(1670915105.726:24): pid=15721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2565089833/syzkaller.wskEy7/330/memory.events" dev="sda1" ino=13875 res=1 audit: type=1800 audit(1670915105.726:25): pid=15721 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=13875 res=0 NILFS (loop0): invalid segment: Checksum error in segment payload NILFS (loop0): trying rollback from an earlier position NILFS (loop0): recovery complete NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds audit: type=1804 audit(1670915105.916:26): pid=15767 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2565089833/syzkaller.wskEy7/332/memory.events" dev="sda1" ino=14683 res=1 audit: type=1800 audit(1670915105.946:27): pid=15767 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=14683 res=0 NILFS (loop0): invalid segment: Checksum error in segment payload NILFS (loop0): trying rollback from an earlier position audit: type=1804 audit(1670915106.176:28): pid=15782 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2565089833/syzkaller.wskEy7/333/memory.events" dev="sda1" ino=13973 res=1 NILFS (loop0): recovery complete NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds BTRFS info (device loop5): enabling inode map caching BTRFS warning (device loop5): excessive commit interval 622039222 audit: type=1800 audit(1670915106.176:29): pid=15782 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=13973 res=0 BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal REISERFS (device loop1): using ordered data mode reiserfs: using flush barriers REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop1): checking transaction log (loop1) REISERFS (device loop1): Using r5 hash to sort names REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. BTRFS info (device loop5): enabling inode map caching BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents NILFS (loop0): invalid segment: Checksum error in segment payload NILFS (loop0): trying rollback from an earlier position REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal REISERFS (device loop1): using ordered data mode NILFS (loop0): recovery complete reiserfs: using flush barriers NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop1): checking transaction log (loop1) REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): using ordered data mode REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers reiserfs: using flush barriers REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 NILFS (loop0): invalid segment: Checksum error in segment payload REISERFS (device loop1): Using r5 hash to sort names REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. NILFS (loop0): trying rollback from an earlier position BTRFS info (device loop5): enabling inode map caching REISERFS (device loop2): checking transaction log (loop2) BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): force zlib compression, level 3 REISERFS (device loop3): checking transaction log (loop3) NILFS (loop0): recovery complete NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents REISERFS (device loop2): Using r5 hash to sort names REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal REISERFS (device loop1): using ordered data mode reiserfs: using flush barriers REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop1): checking transaction log (loop1) REISERFS (device loop1): Using r5 hash to sort names UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b NILFS (loop0): invalid segment: Checksum error in segment payload UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. NILFS (loop0): trying rollback from an earlier position NILFS (loop0): recovery complete overlayfs: unrecognized mount option "¡x½Ä2e; ¤Î/bus" or missing value NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop0): invalid segment: Checksum error in segment payload UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b NILFS (loop0): trying rollback from an earlier position UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) NILFS (loop0): recovery complete overlayfs: unrecognized mount option "¡x½Ä2e; ¤Î/bus" or missing value NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds BTRFS info (device loop3): enabling inode map caching BTRFS warning (device loop3): excessive commit interval 622039222 BTRFS info (device loop3): force zlib compression, level 3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor.5 (16083) f2fs_msg: 16 callbacks suppressed F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop4): Found nat_bits in checkpoint F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b audit: type=1804 audit(1670915109.026:30): pid=16001 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2256061591/syzkaller.3N3p6r/329/mnt/bus" dev="loop4" ino=4 res=1 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b NILFS (loop0): invalid segment: Checksum error in segment payload UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) NILFS (loop0): trying rollback from an earlier position UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! NILFS (loop0): recovery complete NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected overlayfs: unrecognized mount option "¡x½Ä2e; ¤Î/bus" or missing value UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) BTRFS info (device loop5): enabling inode map caching BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents NILFS (loop0): invalid segment: Checksum error in segment payload overlayfs: unrecognized mount option "¡x½Ä2e; ¤Î/bus" or missing value NILFS (loop0): trying rollback from an earlier position hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected NILFS (loop0): recovery complete NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds audit: type=1804 audit(1670915109.906:31): pid=16276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2256061591/syzkaller.3N3p6r/330/bus" dev="sda1" ino=14737 res=1 F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop3): Found nat_bits in checkpoint F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b audit: type=1804 audit(1670915110.676:32): pid=16235 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir135334689/syzkaller.wfXzkA/357/mnt/bus" dev="loop3" ino=4 res=1 F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected audit: type=1804 audit(1670915111.096:33): pid=16257 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2565089833/syzkaller.wskEy7/338/mnt/bus" dev="loop1" ino=4 res=1 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected BTRFS info (device loop5): enabling inode map caching BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected audit: type=1804 audit(1670915112.426:34): pid=16297 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3495700896/syzkaller.3pmxAY/333/mnt/bus" dev="loop0" ino=4 res=1 audit: type=1804 audit(1670915112.636:35): pid=16321 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2256061591/syzkaller.3N3p6r/331/mnt/bus" dev="loop4" ino=4 res=1 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected