possible deadlock in lock_trace

15 views

Skip to first unread message

syzbot

unread,

Apr 19, 2019, 5:51:05 AM4/19/19

to syzkaller...@googlegroups.com

Hello,

syzbot found the following crash on:

HEAD commit: 58b454eb Linux 4.14.112
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1331ab2d200000
kernel config: https://syzkaller.appspot.com/x/.config?x=8b0e7ab7678533ab
dashboard link: https://syzkaller.appspot.com/bug?extid=15de275074ca85b268c7
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+15de27...@syzkaller.appspotmail.com

audit: type=1800 audit(1555925968.394:178): pid=5618 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="collect_data" cause="failed" comm="syz-executor.2" name="memory.events"
dev="sda1" ino=16636 res=0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
======================================================
WARNING: possible circular locking dependency detected
4.14.112 #2 Not tainted
------------------------------------------------------
syz-executor.1/5633 is trying to acquire lock:
(
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
&sig->cred_guard_mutex
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
){+.+.}, at: [<ffffffff81a6c0e4>] lock_trace+0x44/0xc0 fs/proc/base.c:407

but task is already holding lock:
(&p->lock){+.+.}, at: [<ffffffff81951fd1>] seq_read+0xc1/0x12a0
fs/seq_file.c:165

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #4 (&p->lock){+.+.}
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
CPU: 1 PID: 5629 Comm: syz-executor.3 Not tainted 4.14.112 #2
seq_read+0xc1/0x12a0 fs/seq_file.c:165
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
proc_reg_read+0xfd/0x180 fs/proc/inode.c:217
Call Trace:
do_loop_readv_writev fs/read_write.c:694 [inline]
do_loop_readv_writev fs/read_write.c:681 [inline]
do_iter_read+0x3e7/0x5b0 fs/read_write.c:918
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x19c lib/dump_stack.c:53
vfs_readv+0xd3/0x130 fs/read_write.c:980
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
kernel_readv fs/splice.c:361 [inline]
default_file_splice_read+0x421/0x7b0 fs/splice.c:416
do_splice_to+0x108/0x170 fs/splice.c:880
should_failslab+0xdb/0x130 mm/failslab.c:32
do_splice fs/splice.c:1173 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xfcb/0x13e0 fs/splice.c:1382
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node_trace+0x283/0x770 mm/slab.c:3659
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #3
__do_kmalloc_node mm/slab.c:3681 [inline]
__kmalloc_node+0x3d/0x80 mm/slab.c:3689
(
kmalloc_node include/linux/slab.h:530 [inline]
kvmalloc_node+0x4e/0xe0 mm/util.c:397
&pipe->mutex
kvmalloc include/linux/mm.h:531 [inline]
kvzalloc include/linux/mm.h:539 [inline]
netif_alloc_rx_queues net/core/dev.c:7491 [inline]
alloc_netdev_mqs+0x7ad/0xbc0 net/core/dev.c:8130
/1
rtnl_create_link+0x1b4/0x850 net/core/rtnetlink.c:2439
){+.+.}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
rtnl_newlink+0xdd5/0x1710 net/core/rtnetlink.c:2688
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:67 [inline]
pipe_lock+0x63/0x80 fs/pipe.c:75
iter_file_splice_write+0x15e/0xae0 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd81/0x13e0 fs/splice.c:1382
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
rtnetlink_rcv_msg+0x3ed/0xb70 net/core/rtnetlink.c:4285

-> #2
(
sb_writers
#6){.+.+}
netlink_rcv_skb+0x152/0x3c0 net/netlink/af_netlink.c:2432
:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36
[inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
__sb_start_write+0x1ae/0x2f0 fs/super.c:1363
sb_start_write include/linux/fs.h:1545 [inline]
mnt_want_write+0x3f/0xb0 fs/namespace.c:386
ovl_want_write+0x76/0xa0 fs/overlayfs/util.c:25
ovl_create_object+0x79/0x1e0 fs/overlayfs/dir.c:538
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4297
ovl_create+0x28/0x30 fs/overlayfs/dir.c:563
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x466/0x780 net/netlink/af_netlink.c:1312
lookup_open+0x11b1/0x1870 fs/namei.c:3240
do_last fs/namei.c:3331 [inline]
path_openat+0xfca/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
do_sys_open+0x2c5/0x430 fs/open.c:1065
SYSC_open fs/open.c:1083 [inline]
SyS_open fs/open.c:1078 [inline]
SYSC_creat fs/open.c:1123 [inline]
SyS_creat+0x27/0x30 fs/open.c:1121
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xd0/0x110 net/socket.c:656

-> #1
___sys_sendmsg+0x70c/0x850 net/socket.c:2062
(
&ovl_i_mutex_dir_key[depth]){++++}
:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
down_read+0x3b/0xb0 kernel/locking/rwsem.c:24
inode_lock_shared include/linux/fs.h:725 [inline]
do_last fs/namei.c:3330 [inline]
path_openat+0x191e/0x3f70 fs/namei.c:3566
do_filp_open+0x18e/0x250 fs/namei.c:3600
do_open_execat+0xe7/0x4a0 fs/exec.c:849
do_execveat_common.isra.0+0x6d2/0x1dd0 fs/exec.c:1740
do_execveat fs/exec.c:1858 [inline]
SYSC_execveat fs/exec.c:1939 [inline]
SyS_execveat+0x4f/0x60 fs/exec.c:1931
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #0
(
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
&sig->cred_guard_mutex
){+.+.}:
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2c89/0x45e0 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_killable_nested+0x16/0x20 kernel/locking/mutex.c:923
lock_trace+0x44/0xc0 fs/proc/base.c:407
proc_pid_syscall+0x8c/0x200 fs/proc/base.c:639
entry_SYSCALL_64_after_hwframe+0x42/0xb7
proc_single_show+0xf6/0x160 fs/proc/base.c:761
RIP: 0033:0x458c29
seq_read+0x52b/0x12a0 fs/seq_file.c:237
do_loop_readv_writev fs/read_write.c:694 [inline]
do_loop_readv_writev fs/read_write.c:681 [inline]
do_iter_read+0x3e7/0x5b0 fs/read_write.c:918
RSP: 002b:00007fbd702eac78 EFLAGS: 00000246
vfs_readv+0xd3/0x130 fs/read_write.c:980
ORIG_RAX: 000000000000002e
do_preadv+0x15d/0x200 fs/read_write.c:1064
RAX: ffffffffffffffda RBX: 00007fbd702eac90 RCX: 0000000000458c29
SYSC_preadv fs/read_write.c:1114 [inline]
SyS_preadv+0x31/0x40 fs/read_write.c:1109
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000

other info that might help us debug this:

R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd702eb6d4
Chain exists of:

R13: 00000000004c6516 R14: 00000000004dae80 R15: 0000000000000004
&sig->cred_guard_mutex
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
--> &pipe->mutex/1 --> &p->lock

Possible unsafe locking scenario:

CPU0 CPU1
---- ----
lock(&p->lock);
lock(&pipe->mutex/1);
lock(
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
&p->lock
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
);
lock(&sig->cred_guard_mutex);

*** DEADLOCK ***

1 lock held by syz-executor.1/5633:
#0: (&p->lock){+.+.}, at: [<ffffffff81951fd1>] seq_read+0xc1/0x12a0
fs/seq_file.c:165

stack backtrace:
CPU: 0 PID: 5633 Comm: syz-executor.1 Not tainted 4.14.112 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x19c lib/dump_stack.c:53
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2c89/0x45e0 kernel/locking/lockdep.c:3487
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
mutex_lock_killable_nested+0x16/0x20 kernel/locking/mutex.c:923
lock_trace+0x44/0xc0 fs/proc/base.c:407
proc_pid_syscall+0x8c/0x200 fs/proc/base.c:639
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
proc_single_show+0xf6/0x160 fs/proc/base.c:761
seq_read+0x52b/0x12a0 fs/seq_file.c:237
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
do_loop_readv_writev fs/read_write.c:694 [inline]
do_loop_readv_writev fs/read_write.c:681 [inline]
do_iter_read+0x3e7/0x5b0 fs/read_write.c:918
vfs_readv+0xd3/0x130 fs/read_write.c:980
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
do_preadv+0x15d/0x200 fs/read_write.c:1064
SYSC_preadv fs/read_write.c:1114 [inline]
SyS_preadv+0x31/0x40 fs/read_write.c:1109
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x458c29
RSP: 002b:00007f808cbb9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458c29
RDX: 1000000000000269 RSI: 0000000020000480 RDI: 0000000000000003
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f808cbba6d4
R13: 00000000004c5969 R14: 00000000004d9cc8 R15: 00000000ffffffff
protocol 88fb is buggy, dev hsr_slave_0
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'vlan0' (ffff888061f91830): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'vlan0' (ffff888061f91830): kobject_uevent_env
kobject: 'vlan0' (ffff888061f91830): fill_kobj_path: path
= '/devices/virtual/net/vlan0'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'queues' (ffff8880982a5948): kobject_add_internal:
parent: 'vlan0', set: '<NULL>'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'queues' (ffff8880982a5948): kobject_uevent_env
kobject: 'queues' (ffff8880982a5948): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (ffff8880a603a790): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'rx-0' (ffff8880a603a790): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'rx-0' (ffff8880a603a790): fill_kobj_path: path
= '/devices/virtual/net/vlan0/queues/rx-0'
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'tx-0' (ffff888065313ad8): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'tx-0' (ffff888065313ad8): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'tx-0' (ffff888065313ad8): fill_kobj_path: path
= '/devices/virtual/net/vlan0/queues/tx-0'
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'batman_adv' (ffff888099bf7f00): kobject_add_internal:
parent: 'vlan0', set: '<NULL>'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'batman_adv' (ffff888099bf7f00): kobject_uevent_env
kobject: 'batman_adv' (ffff888099bf7f00): kobject_uevent_env: filter
function caused the event to drop!
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'batman_adv' (ffff888099bf7f00): kobject_cleanup, parent
(null)
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'batman_adv' (ffff888099bf7f00): calling ktype release
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: (ffff888099bf7f00): dynamic_kobj_release
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'batman_adv': free name
kobject: 'rx-0' (ffff8880a603a790): kobject_cleanup, parent ffff8880982a5948
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'rx-0' (ffff8880a603a790): auto cleanup 'remove' event
kobject: 'rx-0' (ffff8880a603a790): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'rx-0' (ffff8880a603a790): fill_kobj_path: path
= '/devices/virtual/net/vlan0/queues/rx-0'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'rx-0' (ffff8880a603a790): auto cleanup kobject_del
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'rx-0' (ffff8880a603a790): calling ktype release
kobject: 'rx-0': free name
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'tx-0' (ffff888065313ad8): kobject_cleanup, parent ffff8880982a5948
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'tx-0' (ffff888065313ad8): auto cleanup 'remove' event
kobject: 'tx-0' (ffff888065313ad8): kobject_uevent_env
kobject: 'tx-0' (ffff888065313ad8): fill_kobj_path: path
= '/devices/virtual/net/vlan0/queues/tx-0'
kobject: 'tx-0' (ffff888065313ad8): auto cleanup kobject_del
kobject: 'tx-0' (ffff888065313ad8): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (ffff8880982a5948): kobject_cleanup, parent
(null)
kobject: 'queues' (ffff8880982a5948): calling ktype release
kobject: 'queues' (ffff8880982a5948): kset_release
kobject: 'queues': free name
kobject: 'vlan0' (ffff888061f91830): kobject_uevent_env
kobject: 'vlan0' (ffff888061f91830): fill_kobj_path: path
= '/devices/virtual/net/vlan0'
kobject: 'vlan0' (ffff888061f91830): kobject_cleanup, parent
(null)
kobject: 'vlan0' (ffff888061f91830): calling ktype release
kobject: 'vlan0': free name
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
netlink: 20 bytes leftover after parsing attributes in process
`syz-executor.3'.
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
netlink: 20 bytes leftover after parsing attributes in process
`syz-executor.3'.
kobject: 'gre1' (ffff8880691d8db0): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'gre1' (ffff8880691d8db0): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'gre1' (ffff8880691d8db0): fill_kobj_path: path
= '/devices/virtual/net/gre1'
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'queues' (ffff88808cf4b648): kobject_add_internal: parent: 'gre1',
set: '<NULL>'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'queues' (ffff88808cf4b648): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'queues' (ffff88808cf4b648): kobject_uevent_env: filter function
caused the event to drop!
kobject: 'rx-0' (ffff88809c670250): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'rx-0' (ffff88809c670250): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'rx-0' (ffff88809c670250): fill_kobj_path: path
= '/devices/virtual/net/gre1/queues/rx-0'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'tx-0' (ffff88808cf527d8): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'tx-0' (ffff88808cf527d8): kobject_uevent_env
kobject: 'tx-0' (ffff88808cf527d8): fill_kobj_path: path
= '/devices/virtual/net/gre1/queues/tx-0'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
net_ratelimit: 14 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4
sclass=netlink_route_socket pig=5850 comm=syz-executor.3
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4
sclass=netlink_route_socket pig=5870 comm=syz-executor.3
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
audit: type=1800 audit(1555925976.384:179): pid=5890 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="collect_data" cause="failed(directio)" comm="syz-executor.2"
name="vcsa9" dev="sda1" ino=17297 res=0
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
audit: type=1800 audit(1555925976.394:180): pid=5890 uid=0 auid=4294967295
ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
op="collect_data" cause="failed(directio)" comm="syz-executor.2"
name="vcsa9" dev="sda1" ino=17297 res=0
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
netlink: 20 bytes leftover after parsing attributes in process
`syz-executor.3'.
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
netlink: 20 bytes leftover after parsing attributes in process
`syz-executor.3'.
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'kvm' (ffff888219ff0510): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'kvm' (ffff888219ff0510): fill_kobj_path: path
= '/devices/virtual/misc/kvm'
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (ffff8880a4a901e0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a901e0): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (ffff8880a49ed220): kobject_uevent_env
kobject: 'loop1' (ffff8880a49ed220): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (ffff8880a4b2e2e0): kobject_uevent_env
kobject: 'loop5' (ffff8880a4b2e2e0): fill_kobj_path: path
= '/devices/virtual/block/loop5'

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,

Apr 28, 2019, 2:16:06 PM4/28/19

to syzkaller...@googlegroups.com

Hello,

syzbot found the following crash on:

HEAD commit: 19bb613a Linux 4.19.37
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13bd9834a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=2f4f1677ff80cdff
dashboard link: https://syzkaller.appspot.com/bug?extid=3ba4d0b4c16b6e785b6b

compiler: gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:

Reported-by: syzbot+3ba4d0...@syzkaller.appspotmail.com

WARNING: possible circular locking dependency detected

4.19.37 #5 Not tainted
------------------------------------------------------
syz-executor.4/30423 is trying to acquire lock:
000000006a18f903 (&sig->cred_guard_mutex){+.+.}, at: lock_trace+0x4a/0xe0
fs/proc/base.c:384

but task is already holding lock:

00000000338a25a6 (&p->lock){+.+.}, at: seq_read+0x71/0x1130
fs/seq_file.c:161

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #3 (&p->lock){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
seq_read+0x71/0x1130 fs/seq_file.c:161
kernfs_fop_read+0xed/0x560 fs/kernfs/file.c:252
do_loop_readv_writev fs/read_write.c:700 [inline]
do_loop_readv_writev fs/read_write.c:687 [inline]
do_iter_read+0x495/0x650 fs/read_write.c:924
vfs_readv+0xf0/0x160 fs/read_write.c:986
kernel_readv fs/splice.c:362 [inline]
default_file_splice_read+0x478/0x890 fs/splice.c:417
do_splice_to+0x12a/0x190 fs/splice.c:881
splice_direct_to_actor+0x256/0x890 fs/splice.c:953
do_splice_direct+0x1da/0x2a0 fs/splice.c:1062
do_sendfile+0x597/0xce0 fs/read_write.c:1446
__do_sys_sendfile64 fs/read_write.c:1507 [inline]
__se_sys_sendfile64 fs/read_write.c:1493 [inline]
__x64_sys_sendfile64+0x1dd/0x220 fs/read_write.c:1493
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #2 (sb_writers#4){.+.+}:

percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36
[inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]

__sb_start_write+0x20b/0x360 fs/super.c:1387
sb_start_write include/linux/fs.h:1569 [inline]
mnt_want_write+0x3f/0xc0 fs/namespace.c:360
ovl_want_write+0x76/0xa0 fs/overlayfs/util.c:24
ovl_create_object+0xb3/0x2c0 fs/overlayfs/dir.c:600
ovl_create+0x28/0x30 fs/overlayfs/dir.c:631
lookup_open+0x12e0/0x1b10 fs/namei.c:3234
do_last fs/namei.c:3324 [inline]
path_openat+0x149a/0x4690 fs/namei.c:3534
do_filp_open+0x1a1/0x280 fs/namei.c:3564
do_sys_open+0x3fe/0x550 fs/open.c:1069
ksys_open include/linux/syscalls.h:1276 [inline]
__do_sys_creat fs/open.c:1127 [inline]
__se_sys_creat fs/open.c:1125 [inline]
__x64_sys_creat+0x61/0x80 fs/open.c:1125
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #1 (&ovl_i_mutex_dir_key[depth]){++++}:
down_read+0x3b/0xb0 kernel/locking/rwsem.c:24
inode_lock_shared include/linux/fs.h:748 [inline]
lookup_slow+0x4a/0x80 fs/namei.c:1687
walk_component+0x74b/0x2000 fs/namei.c:1810
lookup_last fs/namei.c:2273 [inline]
path_lookupat.isra.0+0x1f5/0x8d0 fs/namei.c:2318
filename_lookup+0x1b0/0x410 fs/namei.c:2348
kern_path+0x36/0x40 fs/namei.c:2434
create_local_trace_uprobe+0x82/0x490 kernel/trace/trace_uprobe.c:1356
perf_uprobe_init+0x12b/0x210 kernel/trace/trace_event_perf.c:313
perf_uprobe_event_init+0xff/0x190 kernel/events/core.c:8484
perf_try_init_event+0x137/0x2f0 kernel/events/core.c:9759
perf_init_event kernel/events/core.c:9790 [inline]
perf_event_alloc.part.0+0x1d08/0x2e00 kernel/events/core.c:10063
perf_event_alloc kernel/events/core.c:10419 [inline]
__do_sys_perf_event_open+0x842/0x2730 kernel/events/core.c:10520
__se_sys_perf_event_open kernel/events/core.c:10409 [inline]
__x64_sys_perf_event_open+0xbe/0x150 kernel/events/core.c:10409
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&sig->cred_guard_mutex){+.+.}:
lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
mutex_lock_killable_nested+0x16/0x20 kernel/locking/mutex.c:1102
lock_trace+0x4a/0xe0 fs/proc/base.c:384
proc_pid_stack+0x13e/0x2c0 fs/proc/base.c:434
proc_single_show+0xf6/0x180 fs/proc/base.c:737
seq_read+0x4db/0x1130 fs/seq_file.c:229
do_loop_readv_writev fs/read_write.c:700 [inline]
do_loop_readv_writev fs/read_write.c:687 [inline]
do_iter_read+0x495/0x650 fs/read_write.c:924
vfs_readv+0xf0/0x160 fs/read_write.c:986
do_preadv+0x1c4/0x280 fs/read_write.c:1070
__do_sys_preadv fs/read_write.c:1120 [inline]
__se_sys_preadv fs/read_write.c:1115 [inline]
__x64_sys_preadv+0x9a/0xf0 fs/read_write.c:1115
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

Chain exists of:
&sig->cred_guard_mutex --> sb_writers#4 --> &p->lock

Possible unsafe locking scenario:

CPU0 CPU1
---- ----
lock(&p->lock);

lock(sb_writers#4);
lock(&p->lock);

lock(&sig->cred_guard_mutex);

*** DEADLOCK ***

1 lock held by syz-executor.4/30423:
#0: 00000000338a25a6 (&p->lock){+.+.}, at: seq_read+0x71/0x1130
fs/seq_file.c:161

stack backtrace:
CPU: 1 PID: 30423 Comm: syz-executor.4 Not tainted 4.19.37 #5

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:

__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1221
check_prev_add kernel/locking/lockdep.c:1861 [inline]
check_prevs_add kernel/locking/lockdep.c:1974 [inline]
validate_chain kernel/locking/lockdep.c:2415 [inline]
__lock_acquire+0x2e6d/0x48f0 kernel/locking/lockdep.c:3411
lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
mutex_lock_killable_nested+0x16/0x20 kernel/locking/mutex.c:1102
lock_trace+0x4a/0xe0 fs/proc/base.c:384
proc_pid_stack+0x13e/0x2c0 fs/proc/base.c:434
proc_single_show+0xf6/0x180 fs/proc/base.c:737
seq_read+0x4db/0x1130 fs/seq_file.c:229
do_loop_readv_writev fs/read_write.c:700 [inline]
do_loop_readv_writev fs/read_write.c:687 [inline]
do_iter_read+0x495/0x650 fs/read_write.c:924
vfs_readv+0xf0/0x160 fs/read_write.c:986
do_preadv+0x1c4/0x280 fs/read_write.c:1070
__do_sys_preadv fs/read_write.c:1120 [inline]
__se_sys_preadv fs/read_write.c:1115 [inline]
__x64_sys_preadv+0x9a/0xf0 fs/read_write.c:1115
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458da9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f13dea71c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458da9
RDX: 000000000000016d RSI: 00000000200017c0 RDI: 0000000000000004

RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000

R10: 0000000000000000 R11: 0000000000000246 R12: 00007f13dea726d4
R13: 00000000004c5afc R14: 00000000004d9e48 R15: 00000000ffffffff
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'vet' (00000000b8fa453d): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'vet' (00000000b8fa453d): kobject_uevent_env
kobject: 'vet' (00000000b8fa453d): fill_kobj_path: path
= '/devices/virtual/net/vet'
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'queues' (00000000c9b915ee): kobject_add_internal: parent: 'vet',
set: '<NULL>'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'queues' (00000000c9b915ee): kobject_uevent_env
kobject: 'queues' (00000000c9b915ee): kobject_uevent_env: filter function

caused the event to drop!

kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (000000009c2c3117): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
FAT-fs (loop3): bogus number of reserved sectors
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'rx-0' (000000009c2c3117): kobject_uevent_env
kobject: 'rx-0' (000000009c2c3117): fill_kobj_path: path
= '/devices/virtual/net/vet/queues/rx-0'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'tx-0' (00000000cc5904b3): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (00000000cc5904b3): kobject_uevent_env
kobject: 'tx-0' (00000000cc5904b3): fill_kobj_path: path
= '/devices/virtual/net/vet/queues/tx-0'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'batman_adv' (00000000ee3457f9): kobject_add_internal:
parent: 'vet', set: '<NULL>'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'

protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1

kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'batman_adv' (00000000ee3457f9): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'batman_adv' (00000000ee3457f9): kobject_uevent_env: filter

function caused the event to drop!

kobject: 'batman_adv' (00000000ee3457f9): kobject_cleanup, parent
(null)
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'batman_adv' (00000000ee3457f9): calling ktype release
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: (00000000ee3457f9): dynamic_kobj_release
kobject: 'batman_adv': free name
kobject: 'rx-0' (000000009c2c3117): kobject_cleanup, parent 00000000c9b915ee
kobject: 'rx-0' (000000009c2c3117): auto cleanup 'remove' event
FAT-fs (loop3): bogus number of reserved sectors
kobject: 'rx-0' (000000009c2c3117): kobject_uevent_env
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'rx-0' (000000009c2c3117): fill_kobj_path: path
= '/devices/virtual/net/vet/queues/rx-0'
kobject: 'rx-0' (000000009c2c3117): auto cleanup kobject_del
kobject: 'rx-0' (000000009c2c3117): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000cc5904b3): kobject_cleanup, parent 00000000c9b915ee
kobject: 'tx-0' (00000000cc5904b3): auto cleanup 'remove' event
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'tx-0' (00000000cc5904b3): kobject_uevent_env
kobject: 'tx-0' (00000000cc5904b3): fill_kobj_path: path
= '/devices/virtual/net/vet/queues/tx-0'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'tx-0' (00000000cc5904b3): auto cleanup kobject_del
kobject: 'tx-0' (00000000cc5904b3): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (00000000c9b915ee): kobject_cleanup, parent
(null)
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'queues' (00000000c9b915ee): calling ktype release
kobject: 'queues' (00000000c9b915ee): kset_release
kobject: 'queues': free name
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'vet' (00000000b8fa453d): kobject_uevent_env
kobject: 'vet' (00000000b8fa453d): fill_kobj_path: path
= '/devices/virtual/net/vet'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'vet' (00000000b8fa453d): kobject_cleanup, parent (null)
kobject: 'vet' (00000000b8fa453d): calling ktype release
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'vet': free name
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
overlayfs: failed to resolve './file0': -2
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
IPVS: set_ctl: invalid protocol: 255 0.0.0.0:20003
FAT-fs (loop3): bogus number of reserved sectors
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
FAT-fs (loop3): bogus number of reserved sectors
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
FAT-fs (loop3): bogus number of reserved sectors
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
FAT-fs (loop3): bogus number of reserved sectors
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
FAT-fs (loop3): bogus number of reserved sectors
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
FAT-fs (loop3): bogus number of reserved sectors
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
FAT-fs (loop3): bogus number of reserved sectors
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
FAT-fs (loop3): bogus number of reserved sectors
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
FAT-fs (loop3): bogus number of reserved sectors
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
FAT-fs (loop3): bogus number of reserved sectors
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
FAT-fs (loop3): bogus number of reserved sectors
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
FAT-fs (loop3): bogus number of reserved sectors
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
FAT-fs (loop3): invalid media value (0x00)
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
FAT-fs (loop3): invalid media value (0x00)
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
FAT-fs (loop3): invalid media value (0x00)
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
FAT-fs (loop3): invalid media value (0x00)
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'tun0' (00000000631b70c4): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'tun0' (00000000631b70c4): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'tun0' (00000000631b70c4): fill_kobj_path: path
= '/devices/virtual/net/tun0'
kobject: 'queues' (00000000ee1f7d66): kobject_add_internal: parent: 'tun0',
set: '<NULL>'
kobject: 'queues' (00000000ee1f7d66): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'queues' (00000000ee1f7d66): kobject_uevent_env: filter function

caused the event to drop!

kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (00000000d15471cd): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'rx-0' (00000000d15471cd): kobject_uevent_env
kobject: 'rx-0' (00000000d15471cd): fill_kobj_path: path
= '/devices/virtual/net/tun0/queues/rx-0'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (000000009b9ab765): kobject_add_internal: parent: 'queues',
set: 'queues'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'tx-0' (000000009b9ab765): kobject_uevent_env
kobject: 'tx-0' (000000009b9ab765): fill_kobj_path: path
= '/devices/virtual/net/tun0/queues/tx-0'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (00000000d15471cd): kobject_cleanup, parent 00000000ee1f7d66
kobject: 'rx-0' (00000000d15471cd): auto cleanup 'remove' event
kobject: 'rx-0' (00000000d15471cd): kobject_uevent_env
kobject: 'rx-0' (00000000d15471cd): fill_kobj_path: path
= '/devices/virtual/net/tun0/queues/rx-0'
FAT-fs (loop3): invalid media value (0x00)
kobject: 'rx-0' (00000000d15471cd): auto cleanup kobject_del
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'rx-0' (00000000d15471cd): calling ktype release
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'rx-0': free name
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'tx-0' (000000009b9ab765): kobject_cleanup, parent 00000000ee1f7d66
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'tx-0' (000000009b9ab765): auto cleanup 'remove' event
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'tx-0' (000000009b9ab765): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'tx-0' (000000009b9ab765): fill_kobj_path: path
= '/devices/virtual/net/tun0/queues/tx-0'
kobject: 'tx-0' (000000009b9ab765): auto cleanup kobject_del
kobject: 'tx-0' (000000009b9ab765): calling ktype release
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'tx-0': free name
kobject: 'queues' (00000000ee1f7d66): kobject_cleanup, parent
(null)
kobject: 'queues' (00000000ee1f7d66): calling ktype release
kobject: 'queues' (00000000ee1f7d66): kset_release
kobject: 'queues': free name
kobject: 'tun0' (00000000631b70c4): kobject_uevent_env
kobject: 'tun0' (00000000631b70c4): fill_kobj_path: path
= '/devices/virtual/net/tun0'
kobject: 'tun0' (00000000631b70c4): kobject_cleanup, parent (null)
kobject: 'tun0' (00000000631b70c4): calling ktype release
kobject: 'tun0': free name
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
FAT-fs (loop3): invalid media value (0x00)
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
FAT-fs (loop1): bogus number of reserved sectors
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
FAT-fs (loop1): Can't find a valid FAT filesystem
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
FAT-fs (loop3): invalid media value (0x00)
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
FAT-fs (loop1): bogus number of reserved sectors
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
FAT-fs (loop1): Can't find a valid FAT filesystem
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
FAT-fs (loop3): invalid media value (0x00)
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
overlayfs: filesystem on './file0' not supported as upperdir
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
FAT-fs (loop1): bogus number of reserved sectors
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
FAT-fs (loop1): Can't find a valid FAT filesystem
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
FAT-fs (loop3): invalid media value (0x00)
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
overlayfs: filesystem on './file0' not supported as upperdir
FAT-fs (loop3): Can't find a valid FAT filesystem
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (0000000006a9c8b6): kobject_uevent_env
kobject: 'loop2' (0000000006a9c8b6): fill_kobj_path: path
= '/devices/virtual/block/loop2'
FAT-fs (loop1): bogus number of reserved sectors
FAT-fs (loop1): Can't find a valid FAT filesystem
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'
overlayfs: filesystem on './file0' not supported as upperdir
kobject: 'loop1' (00000000cc4f1fb1): kobject_uevent_env
kobject: 'loop1' (00000000cc4f1fb1): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000001a58009d): kobject_uevent_env
kobject: 'loop4' (000000001a58009d): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'nr0 ' (000000005432b266): kobject_add_internal: parent: 'net',
set: 'devices'
kobject: 'loop5' (00000000bf391695): kobject_uevent_env
kobject: 'loop5' (00000000bf391695): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'nr0 ' (000000005432b266): kobject_uevent_env
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'nr0 ' (000000005432b266): fill_kobj_path: path
= '/devices/virtual/net/nr0 '
kobject: 'loop3' (0000000073a74572): kobject_uevent_env
kobject: 'queues' (000000004edc74ad): kobject_add_internal: parent: 'nr0 ',
set: '<NULL>'
kobject: 'loop3' (0000000073a74572): fill_kobj_path: path
= '/devices/virtual/block/loop3'

syzbot

unread,

Jan 22, 2020, 8:25:12 AM1/22/20

to syzkaller...@googlegroups.com

syzbot has found a reproducer for the following crash on:

HEAD commit: c1141b3a Linux 4.14.166
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12545601e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a99b4b74c4c01851

dashboard link: https://syzkaller.appspot.com/bug?extid=15de275074ca85b268c7
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17959369e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14c4ca6ee00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+15de27...@syzkaller.appspotmail.com

audit: type=1400 audit(1579699360.251:36): avc: denied { map } for pid=7289 comm="syz-executor501" path="/root/syz-executor501326867" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
audit: type=1400 audit(1579699360.261:37): avc: denied { associate } for pid=7289 comm="syz-executor501" name="f.le." scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1

======================================================
WARNING: possible circular locking dependency detected

4.14.166-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor501/7289 is trying to acquire lock:
(&sig->cred_guard_mutex){+.+.}, at: [<ffffffff81a98674>] lock_trace+0x44/0xc0 fs/proc/base.c:407

but task is already holding lock:

(&p->lock){+.+.}, at: [<ffffffff819784f1>] seq_read+0xc1/0x1280 fs/seq_file.c:165

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #3 (&p->lock){+.+.}:

lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908

seq_read+0xc1/0x1280 fs/seq_file.c:165
do_loop_readv_writev fs/read_write.c:695 [inline]
do_loop_readv_writev fs/read_write.c:682 [inline]
do_iter_read+0x3e2/0x5b0 fs/read_write.c:919
vfs_readv+0xd3/0x130 fs/read_write.c:981
kernel_readv fs/splice.c:361 [inline]
default_file_splice_read+0x421/0x870 fs/splice.c:416
do_splice_to+0x105/0x170 fs/splice.c:880
splice_direct_to_actor+0x222/0x7b0 fs/splice.c:952
do_splice_direct+0x18d/0x230 fs/splice.c:1061
do_sendfile+0x4db/0xbd0 fs/read_write.c:1441
SYSC_sendfile64 fs/read_write.c:1502 [inline]
SyS_sendfile64+0x102/0x110 fs/read_write.c:1488
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #2 (sb_writers#4){.+.+}:

lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
__sb_start_write+0x1ae/0x2f0 fs/super.c:1363

sb_start_write include/linux/fs.h:1548 [inline]

mnt_want_write+0x3f/0xb0 fs/namespace.c:386
ovl_want_write+0x76/0xa0 fs/overlayfs/util.c:25

ovl_do_remove+0x68/0xbd0 fs/overlayfs/dir.c:759
ovl_rmdir+0x1b/0x20 fs/overlayfs/dir.c:797
vfs_rmdir fs/namei.c:3905 [inline]
vfs_rmdir+0x218/0x420 fs/namei.c:3883
do_rmdir+0x316/0x390 fs/namei.c:3965
SYSC_rmdir fs/namei.c:3983 [inline]
SyS_rmdir+0x1b/0x20 fs/namei.c:3981
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #1 (&ovl_i_mutex_dir_key[depth]#2){++++}:

lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
down_read+0x3b/0xb0 kernel/locking/rwsem.c:24

inode_lock_shared include/linux/fs.h:728 [inline]
do_last fs/namei.c:3330 [inline]
path_openat+0x191c/0x3f70 fs/namei.c:3566

do_filp_open+0x18e/0x250 fs/namei.c:3600
do_open_execat+0xe7/0x4a0 fs/exec.c:849

do_execveat_common.isra.0+0x6d5/0x1dd0 fs/exec.c:1740
do_execve fs/exec.c:1847 [inline]
SYSC_execve fs/exec.c:1928 [inline]
SyS_execve+0x39/0x50 fs/exec.c:1923
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #0 (&sig->cred_guard_mutex){+.+.}:

check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]

__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994

__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_killable_nested+0x16/0x20 kernel/locking/mutex.c:923
lock_trace+0x44/0xc0 fs/proc/base.c:407

other info that might help us debug this:

Chain exists of:
&sig->cred_guard_mutex --> sb_writers#4 --> &p->lock

Possible unsafe locking scenario:

CPU0 CPU1
---- ----
lock(&p->lock);

lock(sb_writers#4);
lock(&p->lock);

lock(&sig->cred_guard_mutex);

*** DEADLOCK ***

2 locks held by syz-executor501/7289:
#0: (sb_writers#4){.+.+}, at: [<ffffffff818f8262>] file_start_write include/linux/fs.h:2707 [inline]
#0: (sb_writers#4){.+.+}, at: [<ffffffff818f8262>] do_sendfile+0x912/0xbd0 fs/read_write.c:1440
#1: (&p->lock){+.+.}, at: [<ffffffff819784f1>] seq_read+0xc1/0x1280 fs/seq_file.c:165

stack backtrace:
CPU: 1 PID: 7289 Comm: syz-executor501 Not tainted 4.14.166-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]

dump_stack+0x142/0x197 lib/dump_stack.c:58

print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]

__lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994

proc_pid_stack+0x113/0x250 fs/proc/base.c:457
proc_single_show+0xf0/0x160 fs/proc/base.c:761
seq_read+0x51a/0x1280 fs/seq_file.c:237
do_loop_readv_writev fs/read_write.c:695 [inline]
do_loop_readv_writev fs/read_write.c:682 [inline]
do_iter_read+0x3e2/0x5b0 fs/read_write.c:919
vfs_readv+0xd3/0x130 fs/read_write.c:981
kernel_readv fs/splice.c:361 [inline]
default_file_splice_read+0x421/0x870 fs/splice.c:416
do_splice_to+0x105/0x170 fs/splice.c:880
splice_direct_to_actor+0x222/0x7b0 fs/splice.c:952
do_splice_direct+0x18d/0x230 fs/splice.c:1061
do_sendfile+0x4db/0xbd0 fs/read_write.c:1441
SYSC_sendfile64 fs/read_write.c:1502 [inline]
SyS_sendfile64+0x102/0x110 fs/read_write.c:1488
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4403c9
RSP: 002b:00007ffcaa3b1ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007ffcaa3b1f00 RCX: 00000000004403c9
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
RBP: 00000000006ca018 R08: 65732f636f72702f R09: 65732f636f72702f
R10: 0000000000000209 R11: 0000000000000246 R12: 0000000000401cb0

syzbot

unread,

Mar 7, 2020, 12:31:11 AM3/7/20

to syzkaller...@googlegroups.com

syzbot has found a reproducer for the following crash on:

HEAD commit: 7472c402 Linux 4.19.108
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=161b9f29e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6d889e71eea7bde

dashboard link: https://syzkaller.appspot.com/bug?extid=3ba4d0b4c16b6e785b6b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11052e91e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3ba4d0...@syzkaller.appspotmail.com

overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
======================================================
overlayfs: './file0' not a directory

WARNING: possible circular locking dependency detected

4.19.108-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.2/9450 is trying to acquire lock:
0000000074fdfd21 (&sig->cred_guard_mutex){+.+.}, at: lock_trace+0x45/0xe0 fs/proc/base.c:402

but task is already holding lock:

00000000e116fa73 (&p->lock){+.+.}, at: seq_read+0x6b/0x10f0 fs/seq_file.c:161

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #3 (&p->lock){+.+.}:

seq_read+0x6b/0x10f0 fs/seq_file.c:161
do_loop_readv_writev fs/read_write.c:701 [inline]
do_loop_readv_writev fs/read_write.c:688 [inline]
do_iter_read+0x46b/0x640 fs/read_write.c:925
vfs_readv+0xf0/0x160 fs/read_write.c:987
kernel_readv fs/splice.c:362 [inline]
default_file_splice_read+0x478/0x970 fs/splice.c:417
do_splice_to+0x10e/0x160 fs/splice.c:881
splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959
do_splice_direct+0x1a8/0x270 fs/splice.c:1068
do_sendfile+0x549/0xc10 fs/read_write.c:1447
__do_sys_sendfile64 fs/read_write.c:1508 [inline]
__se_sys_sendfile64 fs/read_write.c:1494 [inline]
__x64_sys_sendfile64+0x1cc/0x210 fs/read_write.c:1494
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
overlayfs: './file0' not a directory

entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #2 (sb_writers#4){.+.+}:

file_start_write include/linux/fs.h:2775 [inline]
ovl_write_iter+0x91b/0xc20 fs/overlayfs/file.c:280
call_write_iter include/linux/fs.h:1820 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
__kernel_write+0x109/0x370 fs/read_write.c:506
write_pipe_buf+0x153/0x1e0 fs/splice.c:798
splice_from_pipe_feed fs/splice.c:503 [inline]
__splice_from_pipe+0x38f/0x7a0 fs/splice.c:627
overlayfs: './file0' not a directory
splice_from_pipe+0xd9/0x140 fs/splice.c:662
default_file_splice_write+0x37/0x90 fs/splice.c:810
do_splice_from fs/splice.c:852 [inline]
direct_splice_actor+0x115/0x160 fs/splice.c:1025
splice_direct_to_actor+0x33f/0x8d0 fs/splice.c:980
do_splice_direct+0x1a8/0x270 fs/splice.c:1068
do_sendfile+0x549/0xc10 fs/read_write.c:1447
__do_sys_sendfile64 fs/read_write.c:1508 [inline]
__se_sys_sendfile64 fs/read_write.c:1494 [inline]
__x64_sys_sendfile64+0x1cc/0x210 fs/read_write.c:1494
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #1 (&ovl_i_mutex_key[depth]){+.+.}:
inode_lock include/linux/fs.h:747 [inline]
process_measurement+0x91f/0x1430 security/integrity/ima/ima_main.c:205
ima_file_check+0xb9/0x100 security/integrity/ima/ima_main.c:391
do_last fs/namei.c:3425 [inline]
path_openat+0x1086/0x4200 fs/namei.c:3537
do_filp_open+0x1a1/0x280 fs/namei.c:3567
do_open_execat+0x124/0x5b0 fs/exec.c:853
__do_execve_file.isra.0+0x1577/0x2110 fs/exec.c:1755
do_execveat_common fs/exec.c:1866 [inline]
do_execve fs/exec.c:1883 [inline]
__do_sys_execve fs/exec.c:1964 [inline]
__se_sys_execve fs/exec.c:1959 [inline]
__x64_sys_execve+0x8a/0xb0 fs/exec.c:1959
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293

entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&sig->cred_guard_mutex){+.+.}:

__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072

entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

Chain exists of:
&sig->cred_guard_mutex --> sb_writers#4 --> &p->lock

Possible unsafe locking scenario:

CPU0 CPU1
---- ----
lock(&p->lock);
lock(sb_writers#4);
lock(&p->lock);
lock(&sig->cred_guard_mutex);

*** DEADLOCK ***

2 locks held by syz-executor.2/9450:
#0: 00000000810d5b09 (sb_writers#13){.+.+}, at: file_start_write include/linux/fs.h:2775 [inline]
#0: 00000000810d5b09 (sb_writers#13){.+.+}, at: do_sendfile+0x939/0xc10 fs/read_write.c:1446
#1: 00000000e116fa73 (&p->lock){+.+.}, at: seq_read+0x6b/0x10f0 fs/seq_file.c:161

stack backtrace:
CPU: 1 PID: 9450 Comm: syz-executor.2 Not tainted 4.19.108-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]

dump_stack+0x188/0x20d lib/dump_stack.c:118
print_circular_bug.isra.0.cold+0x1c4/0x282 kernel/locking/lockdep.c:1221

check_prev_add kernel/locking/lockdep.c:1861 [inline]
check_prevs_add kernel/locking/lockdep.c:1974 [inline]
validate_chain kernel/locking/lockdep.c:2415 [inline]

__lock_acquire+0x2e19/0x49c0 kernel/locking/lockdep.c:3411
lock_acquire+0x170/0x400 kernel/locking/lockdep.c:3903

__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072

lock_trace+0x45/0xe0 fs/proc/base.c:402
proc_pid_personality+0x17/0xc0 fs/proc/base.c:2926
proc_single_show+0xeb/0x170 fs/proc/base.c:755
seq_read+0x4b9/0x10f0 fs/seq_file.c:229
do_loop_readv_writev fs/read_write.c:701 [inline]
do_loop_readv_writev fs/read_write.c:688 [inline]
do_iter_read+0x46b/0x640 fs/read_write.c:925
vfs_readv+0xf0/0x160 fs/read_write.c:987
kernel_readv fs/splice.c:362 [inline]
default_file_splice_read+0x478/0x970 fs/splice.c:417
do_splice_to+0x10e/0x160 fs/splice.c:881
splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959
do_splice_direct+0x1a8/0x270 fs/splice.c:1068
do_sendfile+0x549/0xc10 fs/read_write.c:1447
__do_sys_sendfile64 fs/read_write.c:1508 [inline]
__se_sys_sendfile64 fs/read_write.c:1494 [inline]
__x64_sys_sendfile64+0x1cc/0x210 fs/read_write.c:1494
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c4a9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f565b745c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f565b7466d4 RCX: 000000000045c4a9
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000283 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000008d1 R14: 00000000004cb3b0 R15: 000000000076bf2c
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory
overlayfs: './file0' not a directory

Reply all

Reply to author

Forward

0 new messages