====================================================== UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) WARNING: possible circular locking dependency detected 4.14.307-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/11241 is trying to acquire lock: (&type->i_mutex_dir_key#12){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] (&type->i_mutex_dir_key#12){+.+.}, at: [] do_last fs/namei.c:3331 [inline] (&type->i_mutex_dir_key#12){+.+.}, at: [] path_openat+0xde2/0x2970 fs/namei.c:3571 but task is already holding lock: (sb_writers#20){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] (sb_writers#20){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sb_writers#20){.+.+}: percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x64/0x260 fs/super.c:1342 sb_start_write include/linux/fs.h:1551 [inline] mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497 reiserfs_ioctl+0x18e/0x8b0 fs/reiserfs/ioctl.c:110 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #1 (&sbi->lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27 reiserfs_lookup+0x130/0x400 fs/reiserfs/namei.c:363 lookup_real fs/namei.c:1555 [inline] __lookup_hash fs/namei.c:1575 [inline] __lookup_hash+0x1bb/0x270 fs/namei.c:1563 lookup_one_len+0x279/0x3a0 fs/namei.c:2539 reiserfs_lookup_privroot+0x92/0x270 fs/reiserfs/xattr.c:970 reiserfs_fill_super+0x1772/0x2990 fs/reiserfs/super.c:2199 mount_bdev+0x2b3/0x360 fs/super.c:1134 mount_fs+0x92/0x2a0 fs/super.c:1237 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046 vfs_kern_mount fs/namespace.c:1036 [inline] do_new_mount fs/namespace.c:2572 [inline] do_mount+0xe65/0x2a30 fs/namespace.c:2905 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #0 (&type->i_mutex_dir_key#12){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_write+0x34/0x90 kernel/locking/rwsem.c:54 inode_lock include/linux/fs.h:719 [inline] do_last fs/namei.c:3331 [inline] path_openat+0xde2/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 other info that might help us debug this: Chain exists of: &type->i_mutex_dir_key#12 --> &sbi->lock --> sb_writers#20 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sb_writers#20); lock(&sbi->lock); lock(sb_writers#20); lock(&type->i_mutex_dir_key#12); *** DEADLOCK *** 1 lock held by syz-executor.1/11241: #0: (sb_writers#20){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#20){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 stack backtrace: CPU: 1 PID: 11241 Comm: syz-executor.1 Not tainted 4.14.307-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_write+0x34/0x90 kernel/locking/rwsem.c:54 inode_lock include/linux/fs.h:719 [inline] do_last fs/namei.c:3331 [inline] path_openat+0xde2/0x2970 fs/namei.c:3571 do_filp_open+0x179/0x3c0 fs/namei.c:3605 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fb7856520f9 RSP: 002b:00007fb783bc4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007fb785771f80 RCX: 00007fb7856520f9 RDX: 0000000000000000 RSI: 0000000000143142 RDI: 0000000020000080 RBP: 00007fb7856adae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff29f5a75f R14: 00007fb783bc4300 R15: 0000000000022000 EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue FAT-fs (loop5): Unrecognized mount option "˙˙˙˙˙˙˙˙18446744073709551615˙" or missing value FAT-fs (loop0): Unrecognized mount option "˙˙˙˙˙˙˙˙18446744073709551615˙" or missing value audit: type=1804 audit(1677727066.516:28): pid=11330 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir254465488/syzkaller.9T7bul/58/bus" dev="sda1" ino=14231 res=1 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. audit: type=1800 audit(1677727066.516:29): pid=11330 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=14231 res=0 netlink: 6772 bytes leftover after parsing attributes in process `syz-executor.4'. UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 60 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 6772 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 6772 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 6772 bytes leftover after parsing attributes in process `syz-executor.4'. EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 60 bytes leftover after parsing attributes in process `syz-executor.0'. audit: type=1804 audit(1677727067.586:30): pid=11410 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir254465488/syzkaller.9T7bul/59/bus" dev="sda1" ino=13880 res=1 tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) audit: type=1800 audit(1677727067.586:31): pid=11410 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=13880 res=0 EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) attempt to access beyond end of device loop2: rw=2049, want=2063, limit=2048 tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' Buffer I/O error on dev loop2, logical block 2062, lost async page write tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' attempt to access beyond end of device audit: type=1804 audit(1677727068.866:32): pid=11488 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir254465488/syzkaller.9T7bul/60/bus" dev="sda1" ino=14224 res=1 loop2: rw=2049, want=2064, limit=2048 Buffer I/O error on dev loop2, logical block 2063, lost async page write tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' attempt to access beyond end of device tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' loop2: rw=2049, want=2065, limit=2048 tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' Buffer I/O error on dev loop2, logical block 2064, lost async page write audit: type=1800 audit(1677727068.866:33): pid=11488 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=14224 res=0 attempt to access beyond end of device loop2: rw=2049, want=2066, limit=2048 tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' Buffer I/O error on dev loop2, logical block 2065, lost async page write attempt to access beyond end of device loop2: rw=1, want=2062, limit=2048 attempt to access beyond end of device loop2: rw=1, want=6162, limit=2048 tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' tmpfs: Bad value 'within_sizeŻ' for mount option 'huge' attempt to access beyond end of device loop2: rw=1, want=10258, limit=2048 attempt to access beyond end of device loop2: rw=1, want=13154, limit=2048 audit: type=1804 audit(1677727069.816:34): pid=11561 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir254465488/syzkaller.9T7bul/61/bus" dev="sda1" ino=14169 res=1 audit: type=1800 audit(1677727069.816:35): pid=11561 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=14169 res=0 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 UHID_CREATE from different security context by process 194 (syz-executor.0), this is not allowed. process 'syz-executor.4' launched './file0' with NULL argv: empty string added BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents BTRFS info (device loop0): 1 enospc errors during balance audit: type=1804 audit(1677727072.486:36): pid=11865 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir2563479111/syzkaller.gUO19b/63/file0/.log" dev="loop0" ino=263 res=1 BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.4' sets config #0 BTRFS info (device loop0): 1 enospc errors during balance usb usb9: usbfs: interface 0 claimed by usbfs while 'syz-executor.4' sets config #1 audit: type=1804 audit(1677727073.256:37): pid=11920 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir2563479111/syzkaller.gUO19b/64/file0/.log" dev="loop0" ino=263 res=1 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected BTRFS info (device loop0): using free space tree usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.4' sets config #0 BTRFS info (device loop0): has skinny extents usb usb9: usbfs: interface 0 claimed by usbfs while 'syz-executor.4' sets config #1 hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected