======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.3/11035 is trying to acquire lock:
00000000e9b2a0d1 ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: flush_workqueue+0xe8/0x13e0 kernel/workqueue.c:2658

but task is already holding lock:
0000000043b03564 (&sb->s_type->i_mutex_key#25){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
0000000043b03564 (&sb->s_type->i_mutex_key#25){+.+.}, at: generic_file_write_iter+0x99/0x730 mm/filemap.c:3320

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&sb->s_type->i_mutex_key#25){+.+.}:
       inode_lock include/linux/fs.h:748 [inline]
       __generic_file_fsync+0xb0/0x1f0 fs/libfs.c:989
       fat_file_fsync+0x73/0x200 fs/fat/file.c:198
       vfs_fsync_range+0x13a/0x220 fs/sync.c:197
       generic_write_sync include/linux/fs.h:2750 [inline]
       dio_complete+0x763/0xac0 fs/direct-io.c:329
       process_one_work+0x864/0x1570 kernel/workqueue.c:2153
       worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
       kthread+0x33f/0x460 kernel/kthread.c:259
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

-> #1 ((work_completion)(&dio->complete_work)){+.+.}:
       worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
       kthread+0x33f/0x460 kernel/kthread.c:259
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

-> #0 ((wq_completion)"dio/%s"sb->s_id){+.+.}:
       flush_workqueue+0x117/0x13e0 kernel/workqueue.c:2661
       drain_workqueue+0x1a5/0x460 kernel/workqueue.c:2826
       destroy_workqueue+0x75/0x790 kernel/workqueue.c:4183
       __alloc_workqueue_key+0xb76/0xed0 kernel/workqueue.c:4160
       sb_init_dio_done_wq+0x34/0x90 fs/direct-io.c:623
       do_blockdev_direct_IO fs/direct-io.c:1285 [inline]
       __blockdev_direct_IO+0x5f55/0xef40 fs/direct-io.c:1419
       blockdev_direct_IO include/linux/fs.h:3059 [inline]
       fat_direct_IO+0x1d1/0x370 fs/fat/inode.c:282
       generic_file_direct_write+0x208/0x4a0 mm/filemap.c:3073
       __generic_file_write_iter+0x2d0/0x610 mm/filemap.c:3252
       generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323
       call_write_iter include/linux/fs.h:1821 [inline]
       aio_write+0x37f/0x5c0 fs/aio.c:1574
       __io_submit_one fs/aio.c:1858 [inline]
       io_submit_one+0xecd/0x20c0 fs/aio.c:1909
       __do_sys_io_submit fs/aio.c:1953 [inline]
       __se_sys_io_submit+0x11b/0x4a0 fs/aio.c:1924
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

Chain exists of:
  (wq_completion)"dio/%s"sb->s_id --> (work_completion)(&dio->complete_work) --> &sb->s_type->i_mutex_key#25

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sb->s_type->i_mutex_key#25);
                               lock((work_completion)(&dio->complete_work));
                               lock(&sb->s_type->i_mutex_key#25);
  lock((wq_completion)"dio/%s"sb->s_id);

 *** DEADLOCK ***

1 lock held by syz-executor.3/11035:
 #0: 0000000043b03564 (&sb->s_type->i_mutex_key#25){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
 #0: 0000000043b03564 (&sb->s_type->i_mutex_key#25){+.+.}, at: generic_file_write_iter+0x99/0x730 mm/filemap.c:3320

stack backtrace:
CPU: 1 PID: 11035 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 flush_workqueue+0x117/0x13e0 kernel/workqueue.c:2661
 drain_workqueue+0x1a5/0x460 kernel/workqueue.c:2826
 destroy_workqueue+0x75/0x790 kernel/workqueue.c:4183
 __alloc_workqueue_key+0xb76/0xed0 kernel/workqueue.c:4160
 sb_init_dio_done_wq+0x34/0x90 fs/direct-io.c:623
 do_blockdev_direct_IO fs/direct-io.c:1285 [inline]
 __blockdev_direct_IO+0x5f55/0xef40 fs/direct-io.c:1419
 blockdev_direct_IO include/linux/fs.h:3059 [inline]
 fat_direct_IO+0x1d1/0x370 fs/fat/inode.c:282
 generic_file_direct_write+0x208/0x4a0 mm/filemap.c:3073
 __generic_file_write_iter+0x2d0/0x610 mm/filemap.c:3252
 generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323
 call_write_iter include/linux/fs.h:1821 [inline]
 aio_write+0x37f/0x5c0 fs/aio.c:1574
 __io_submit_one fs/aio.c:1858 [inline]
 io_submit_one+0xecd/0x20c0 fs/aio.c:1909
 __do_sys_io_submit fs/aio.c:1953 [inline]
 __se_sys_io_submit+0x11b/0x4a0 fs/aio.c:1924
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f49349f1279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4933345168 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00007f4934b04050 RCX: 00007f49349f1279
RDX: 0000000020000540 RSI: 0000000000001801 RDI: 00007f4934adf000
RBP: 00007f4934a4b2e9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe075486af R14: 00007f4933345300 R15: 0000000000022000
MTD: Attempt to mount non-MTD device "/dev/loop4"
cramfs: Error -3 while decompressing!
cramfs: 00000000b20a621e(27)->00000000f3ff428d(4096)
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
cramfs: Error -3 while decompressing!
cramfs: 00000000b20a621e(27)->00000000f3ff428d(4096)
audit: type=1800 audit(1662017524.248:17): pid=11205 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=244 res=0
MTD: Attempt to mount non-MTD device "/dev/loop4"
cramfs: Error -3 while decompressing!
MTD: Attempt to mount non-MTD device "/dev/loop1"
cramfs: 000000003008f8b8(27)->000000008072c7ab(4096)
cramfs: Error -3 while decompressing!
cramfs: 000000003008f8b8(27)->000000008072c7ab(4096)
audit: type=1800 audit(1662017524.628:18): pid=11278 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=244 res=0
MTD: Attempt to mount non-MTD device "/dev/loop4"
MTD: Attempt to mount non-MTD device "/dev/loop1"
cramfs: Error -3 while decompressing!
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
cramfs: 00000000b20a621e(27)->00000000cd7f08c6(4096)
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
cramfs: Error -3 while decompressing!
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
cramfs: 000000003008f8b8(27)->000000004da84b09(4096)
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
cramfs: Error -3 while decompressing!
cramfs: 00000000b20a621e(27)->00000000cd7f08c6(4096)
cramfs: Error -3 while decompressing!
audit: type=1800 audit(1662017525.038:19): pid=11315 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="file0" dev="loop4" ino=244 res=0
cramfs: 000000003008f8b8(27)->000000004da84b09(4096)
audit: type=1800 audit(1662017525.148:20): pid=11323 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="file0" dev="loop1" ino=244 res=0
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
MTD: Attempt to mount non-MTD device "/dev/loop0"
cramfs: Error -3 while decompressing!
cramfs: 000000003008f8b8(27)->000000004425604e(4096)
cramfs: Error -3 while decompressing!
cramfs: 000000003008f8b8(27)->000000004425604e(4096)
audit: type=1800 audit(1662017527.948:21): pid=11876 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file0" dev="loop0" ino=244 res=0
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
CPU: 1 PID: 12020 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0
gfs2: fsid=syz:syz.0: jid=0, already locked for use
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc_node mm/slab.c:3304 [inline]
 kmem_cache_alloc_node+0x245/0x3b0 mm/slab.c:3647
 __alloc_skb+0x71/0x560 net/core/skbuff.c:193
gfs2: fsid=syz:syz.0: jid=0: Done
 alloc_skb include/linux/skbuff.h:995 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1197 [inline]
 netlink_sendmsg+0x9f6/0xc50 net/netlink/af_netlink.c:1892
gfs2: fsid=syz:syz.0: first mount done, others may mount
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f545c511279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f545ae86168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f545c623f80 RCX: 00007f545c511279
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007f545ae861d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffd2087afcf R14: 00007f545ae86300 R15: 0000000000022000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 12064 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc_node mm/slab.c:3304 [inline]
 kmem_cache_alloc_node_trace+0x244/0x3b0 mm/slab.c:3666
 __do_kmalloc_node mm/slab.c:3688 [inline]
 __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3703
 __kmalloc_reserve net/core/skbuff.c:137 [inline]
 __alloc_skb+0xae/0x560 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:995 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1197 [inline]
 netlink_sendmsg+0x9f6/0xc50 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f545c511279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f545ae86168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f545c623f80 RCX: 00007f545c511279
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007f545ae861d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffd2087afcf R14: 00007f545ae86300 R15: 0000000000022000
CPU: 1 PID: 12069 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc_node mm/slab.c:3304 [inline]
 kmem_cache_alloc_node+0x245/0x3b0 mm/slab.c:3647
 __alloc_skb+0x71/0x560 net/core/skbuff.c:193
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
 alloc_skb include/linux/skbuff.h:995 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1197 [inline]
 netlink_sendmsg+0x9f6/0xc50 net/netlink/af_netlink.c:1892
gfs2: fsid=syz:syz: Now mounting FS...
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
gfs2: fsid=syz:syz.0: first mount done, others may mount
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f49349f1279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4933366168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f4934b03f80 RCX: 00007f49349f1279
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007f49333661d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffe075486af R14: 00007f4933366300 R15: 0000000000022000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 12097 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc_node mm/slab.c:3304 [inline]
 kmem_cache_alloc_node_trace+0x244/0x3b0 mm/slab.c:3666
 __do_kmalloc_node mm/slab.c:3688 [inline]
 __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3703
 __kmalloc_reserve net/core/skbuff.c:137 [inline]
 __alloc_skb+0xae/0x560 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:995 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1197 [inline]
 netlink_sendmsg+0x9f6/0xc50 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f49349f1279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4933366168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f4934b03f80 RCX: 00007f49349f1279
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007f49333661d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffe075486af R14: 00007f4933366300 R15: 0000000000022000
CPU: 0 PID: 12096 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 __do_kmalloc mm/slab.c:3725 [inline]
 __kmalloc_track_caller+0x2a6/0x3c0 mm/slab.c:3742
 memdup_user+0x22/0xb0 mm/util.c:160
 strndup_user+0x70/0x120 mm/util.c:217
 copy_mount_string fs/namespace.c:2726 [inline]
 ksys_mount+0x34/0x130 fs/namespace.c:3023
 __do_sys_mount fs/namespace.c:3052 [inline]
 __se_sys_mount fs/namespace.c:3049 [inline]
 __x64_sys_mount+0xba/0x150 fs/namespace.c:3049
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f082955f279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0827ed4168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f0829671f80 RCX: 00007f082955f279
RDX: 0000000020000540 RSI: 0000000020000500 RDI: 0000000000000000
RBP: 00007f0827ed41d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffe3a90f11f R14: 00007f0827ed4300 R15: 0000000000022000
CPU: 1 PID: 12099 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
 skb_clone+0x151/0x3d0 net/core/skbuff.c:1293
 __netlink_deliver_tap_skb net/netlink/af_netlink.c:296 [inline]
 __netlink_deliver_tap net/netlink/af_netlink.c:321 [inline]
 netlink_deliver_tap+0x955/0xb00 net/netlink/af_netlink.c:334
 netlink_deliver_tap_kernel net/netlink/af_netlink.c:343 [inline]
 netlink_unicast_kernel net/netlink/af_netlink.c:1324 [inline]
 netlink_unicast+0x545/0x690 net/netlink/af_netlink.c:1351
 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f545c511279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f545ae86168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f545c623f80 RCX: 00007f545c511279
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007f545ae861d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffd2087afcf R14: 00007f545ae86300 R15: 0000000000022000
CPU: 0 PID: 12098 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc_node mm/slab.c:3304 [inline]
 kmem_cache_alloc_node+0x245/0x3b0 mm/slab.c:3647
 __alloc_skb+0x71/0x560 net/core/skbuff.c:193
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
 alloc_skb include/linux/skbuff.h:995 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1197 [inline]
 netlink_sendmsg+0x9f6/0xc50 net/netlink/af_netlink.c:1892
gfs2: fsid=syz:syz: Now mounting FS...
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
gfs2: fsid=syz:syz.0: jid=0, already locked for use
gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
gfs2: fsid=syz:syz.0: jid=0: Done
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
gfs2: fsid=syz:syz.0: first mount done, others may mount
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
RIP: 0033:0x7f37121c3279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3710b38168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f37122d5f80 RCX: 00007f37121c3279
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007f3710b381d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff6ba4a7ef R14: 00007f3710b38300 R15: 0000000000022000
CPU: 1 PID: 12120 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557
 skb_clone+0x151/0x3d0 net/core/skbuff.c:1293
 __netlink_deliver_tap_skb net/netlink/af_netlink.c:296 [inline]
 __netlink_deliver_tap net/netlink/af_netlink.c:321 [inline]
 netlink_deliver_tap+0x955/0xb00 net/netlink/af_netlink.c:334
 netlink_deliver_tap_kernel net/netlink/af_netlink.c:343 [inline]
 netlink_unicast_kernel net/netlink/af_netlink.c:1324 [inline]
 netlink_unicast+0x545/0x690 net/netlink/af_netlink.c:1351
 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
gfs2: fsid=syz:syz.0: can't start quotad thread: -4
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
gfs2: fsid=syz:syz.0: can't make FS RW: -4
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f49349f1279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4933366168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f4934b03f80 RCX: 00007f49349f1279
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007f49333661d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffe075486af R14: 00007f4933366300 R15: 0000000000022000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 12138 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc mm/slab.c:3383 [inline]
 kmem_cache_alloc+0x277/0x370 mm/slab.c:3557
 getname_flags+0xce/0x590 fs/namei.c:140
 user_path_at_empty+0x2a/0x50 fs/namei.c:2609
 user_path include/linux/namei.h:62 [inline]
 do_mount+0x147/0x2f50 fs/namespace.c:2762
 ksys_mount+0xcf/0x130 fs/namespace.c:3038
 __do_sys_mount fs/namespace.c:3052 [inline]
 __se_sys_mount fs/namespace.c:3049 [inline]
 __x64_sys_mount+0xba/0x150 fs/namespace.c:3049
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f082955f279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0827ed4168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f0829671f80 RCX: 00007f082955f279
RDX: 0000000020000540 RSI: 0000000020000500 RDI: 0000000000000000
RBP: 00007f0827ed41d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffe3a90f11f R14: 00007f0827ed4300 R15: 0000000000022000
CPU: 0 PID: 12148 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc_node mm/slab.c:3304 [inline]
 kmem_cache_alloc_node+0x245/0x3b0 mm/slab.c:3647
 __alloc_skb+0x71/0x560 net/core/skbuff.c:193
 alloc_skb include/linux/skbuff.h:995 [inline]
 netlink_dump+0x55f/0xc10 net/netlink/af_netlink.c:2223
 __netlink_dump_start+0x4e9/0x6f0 net/netlink/af_netlink.c:2338
 netlink_dump_start include/linux/netlink.h:213 [inline]
 ip_set_dump+0x164/0x190 net/netfilter/ipset/ip_set_core.c:1480
 nfnetlink_rcv_msg+0xc4f/0xf60 net/netfilter/nfnetlink.c:233
 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
 nfnetlink_rcv+0x1b2/0x420 net/netfilter/nfnetlink.c:565
 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
 netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f545c511279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f545ae86168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f545c623f80 RCX: 00007f545c511279
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007f545ae861d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffd2087afcf R14: 00007f545ae86300 R15: 0000000000022000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 12160 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0xa/0xf lib/fault-inject.c:149
 __should_failslab+0x115/0x180 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1590
 slab_pre_alloc_hook mm/slab.h:424 [inline]
 slab_alloc_node mm/slab.c:3304 [inline]
 kmem_cache_alloc_node_trace+0x244/0x3b0 mm/slab.c:3666
 __do_kmalloc_node mm/slab.c:3688 [inline]
 __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3703
 __kmalloc_reserve net/core/skbuff.c:137 [inline]
 __alloc_skb+0xae/0x560 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:995 [inline]
 netlink_dump+0x55f/0xc10 net/netlink/af_netlink.c:2223
 __netlink_dump_start+0x4e9/0x6f0 net/netlink/af_netlink.c:2338
 netlink_dump_start include/linux/netlink.h:213 [inline]
 ip_set_dump+0x164/0x190 net/netfilter/ipset/ip_set_core.c:1480
 nfnetlink_rcv_msg+0xc4f/0xf60 net/netfilter/nfnetlink.c:233
 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
 nfnetlink_rcv+0x1b2/0x420 net/netfilter/nfnetlink.c:565
 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
 netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f545c511279
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f545ae86168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f545c623f80 RCX: 00007f545c511279
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 00007f545ae861d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffd2087afcf R14: 00007f545ae86300 R15: 0000000000022000
CPU: 1 PID: 12166 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0