netlink: 212 bytes leftover after parsing attributes in process `syz-executor.1'.
======================================================
WARNING: possible circular locking dependency detected
4.19.128-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/23791 is trying to acquire lock:
00000000f1785a03 (&ovl_i_mutex_dir_key[depth]#2){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline]
00000000f1785a03 (&ovl_i_mutex_dir_key[depth]#2){++++}, at: lookup_slow+0x43/0x70 fs/namei.c:1688
but task is already holding lock:
00000000a69c5404 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline]
00000000a69c5404 (genl_mutex){+.+.}, at: genl_rcv_msg+0x12f/0x160 net/netlink/genetlink.c:625
overlayfs: unrecognized mount option "nfs_export=off:/" or missing value
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (genl_mutex){+.+.}:
genl_lock net/netlink/genetlink.c:33 [inline]
genl_lock_all net/netlink/genetlink.c:54 [inline]
genl_register_family net/netlink/genetlink.c:331 [inline]
genl_register_family+0x1c4/0x10f0 net/netlink/genetlink.c:322
genl_init+0x12/0x62 net/netlink/genetlink.c:1047
do_one_initcall+0xf1/0x734 init/main.c:885
do_initcall_level init/main.c:953 [inline]
do_initcalls init/main.c:961 [inline]
do_basic_setup init/main.c:979 [inline]
kernel_init_freeable+0x9ac/0xa9e init/main.c:1146
kernel_init+0xd/0x1b6 init/main.c:1063
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
-> #3 (cb_lock){++++}:
genl_rcv+0x15/0x40 net/netlink/genetlink.c:637
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x4d7/0x6a0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6e3/0xcc0 net/netlink/af_netlink.c:1909
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:632
sock_no_sendpage+0xf8/0x140 net/core/sock.c:2645
kernel_sendpage+0x82/0xd0 net/socket.c:3378
sock_sendpage+0x84/0xa0 net/socket.c:847
pipe_to_sendpage+0x263/0x320 fs/splice.c:452
splice_from_pipe_feed fs/splice.c:503 [inline]
__splice_from_pipe+0x38f/0x7a0 fs/splice.c:627
splice_from_pipe+0xd9/0x140 fs/splice.c:662
do_splice_from fs/splice.c:852 [inline]
do_splice fs/splice.c:1154 [inline]
__do_sys_splice fs/splice.c:1428 [inline]
__se_sys_splice+0xf18/0x1560 fs/splice.c:1408
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #2 (&pipe->mutex/1){+.+.}:
pipe_lock_nested fs/pipe.c:62 [inline]
pipe_lock+0x63/0x80 fs/pipe.c:70
iter_file_splice_write+0x183/0xb30 fs/splice.c:700
do_splice_from fs/splice.c:852 [inline]
do_splice fs/splice.c:1154 [inline]
__do_sys_splice fs/splice.c:1428 [inline]
__se_sys_splice+0xf18/0x1560 fs/splice.c:1408
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #1 (sb_writers#3){.+.+}:
sb_start_write include/linux/fs.h:1579 [inline]
mnt_want_write+0x3a/0xb0 fs/namespace.c:360
ovl_do_remove+0xf8/0xd70 fs/overlayfs/dir.c:843
vfs_rmdir fs/namei.c:3882 [inline]
vfs_rmdir+0x18b/0x450 fs/namei.c:3861
do_rmdir+0x371/0x3e0 fs/namei.c:3943
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&ovl_i_mutex_dir_key[depth]#2){++++}:
down_read+0x37/0xb0 kernel/locking/rwsem.c:24
inode_lock_shared include/linux/fs.h:758 [inline]
lookup_slow+0x43/0x70 fs/namei.c:1688
walk_component+0x759/0xd30 fs/namei.c:1811
link_path_walk.part.0+0x906/0x1220 fs/namei.c:2142
link_path_walk fs/namei.c:2073 [inline]
path_openat+0x1e7/0x2eb0 fs/namei.c:3536
do_filp_open+0x1a1/0x280 fs/namei.c:3567
file_open_name+0x291/0x370 fs/open.c:1032
filp_open+0x47/0x70 fs/open.c:1052
kernel_read_file_from_path+0x78/0xf0 fs/exec.c:971
fw_get_filesystem_firmware drivers/base/firmware_loader/main.c:328 [inline]
_request_firmware+0x6f3/0x10f0 drivers/base/firmware_loader/main.c:587
request_firmware+0x33/0x50 drivers/base/firmware_loader/main.c:636
reg_reload_regdb+0x7a/0x240 net/wireless/reg.c:1073
genl_family_rcv_msg+0x624/0xc00 net/netlink/genetlink.c:602
genl_rcv_msg+0xbf/0x160 net/netlink/genetlink.c:627
netlink_rcv_skb+0x160/0x410 net/netlink/af_netlink.c:2455
genl_rcv+0x24/0x40 net/netlink/genetlink.c:638
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x4d7/0x6a0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6e3/0xcc0 net/netlink/af_netlink.c:1909
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:632
___sys_sendmsg+0x803/0x920 net/socket.c:2115
__sys_sendmsg+0xec/0x1b0 net/socket.c:2153
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Chain exists of:
&ovl_i_mutex_dir_key[depth]#2 --> cb_lock --> genl_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(genl_mutex);
lock(cb_lock);
lock(genl_mutex);
lock(&ovl_i_mutex_dir_key[depth]#2);
*** DEADLOCK ***
2 locks held by syz-executor.1/23791:
#0: 00000000176bb213 (cb_lock){++++}, at: genl_rcv+0x15/0x40 net/netlink/genetlink.c:637
#1: 00000000a69c5404 (genl_mutex){+.+.}, at: genl_lock net/netlink/genetlink.c:33 [inline]
#1: 00000000a69c5404 (genl_mutex){+.+.}, at: genl_rcv_msg+0x12f/0x160 net/netlink/genetlink.c:625
stack backtrace:
CPU: 0 PID: 23791 Comm: syz-executor.1 Not tainted 4.19.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1221
check_prev_add kernel/locking/lockdep.c:1865 [inline]
check_prevs_add kernel/locking/lockdep.c:1978 [inline]
validate_chain kernel/locking/lockdep.c:2419 [inline]
__lock_acquire+0x3145/0x4380 kernel/locking/lockdep.c:3415
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907
down_read+0x37/0xb0 kernel/locking/rwsem.c:24
inode_lock_shared include/linux/fs.h:758 [inline]
lookup_slow+0x43/0x70 fs/namei.c:1688
walk_component+0x759/0xd30 fs/namei.c:1811
link_path_walk.part.0+0x906/0x1220 fs/namei.c:2142
link_path_walk fs/namei.c:2073 [inline]
path_openat+0x1e7/0x2eb0 fs/namei.c:3536
do_filp_open+0x1a1/0x280 fs/namei.c:3567
file_open_name+0x291/0x370 fs/open.c:1032
filp_open+0x47/0x70 fs/open.c:1052
kernel_read_file_from_path+0x78/0xf0 fs/exec.c:971
fw_get_filesystem_firmware drivers/base/firmware_loader/main.c:328 [inline]
_request_firmware+0x6f3/0x10f0 drivers/base/firmware_loader/main.c:587
request_firmware+0x33/0x50 drivers/base/firmware_loader/main.c:636
reg_reload_regdb+0x7a/0x240 net/wireless/reg.c:1073
genl_family_rcv_msg+0x624/0xc00 net/netlink/genetlink.c:602
genl_rcv_msg+0xbf/0x160 net/netlink/genetlink.c:627
netlink_rcv_skb+0x160/0x410 net/netlink/af_netlink.c:2455
genl_rcv+0x24/0x40 net/netlink/genetlink.c:638
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x4d7/0x6a0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6e3/0xcc0 net/netlink/af_netlink.c:1909
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:632
___sys_sendmsg+0x803/0x920 net/socket.c:2115
__sys_sendmsg+0xec/0x1b0 net/socket.c:2153
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ca69
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6132dd1c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004ff880 RCX: 000000000045ca69
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000099a R14: 00000000004d6218 R15: 00007f6132dd26d4
overlayfs: failed to resolve './file0��[JF:�': -2
platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
block nbd2: Attempted send on invalid socket
print_req_error: I/O error, dev nbd2, sector 0
SQUASHFS error: squashfs_read_data failed to read block 0x0
overlayfs: unrecognized mount option "l/6-ۂT/file0:/Q7˖5�61" or missing value
squashfs: SQUASHFS error: unable to read squashfs_super_block
overlayfs: filesystem on './file0' not supported as upperdir
overlayfs: unrecognized mount option "l/6-ۂT/file0:/Q7˖5�61" or missing value
overlayfs: unrecognized mount option "w~kdir=./file1>upperdir=./file0" or missing value
overlayfs: overlapping lowerdir path
overlayfs: unrecognized mount option "w~kdir=./file1>upperdir=./file0" or missing value
overlayfs: overlapping lowerdir path
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.0'.
block nbd2: Attempted send on invalid socket
print_req_error: I/O error, dev nbd2, sector 0
SQUASHFS error: squashfs_read_data failed to read block 0x0
squashfs: SQUASHFS error: unable to read squashfs_super_block
block nbd2: Attempted send on invalid socket
print_req_error: I/O error, dev nbd2, sector 0
SQUASHFS error: squashfs_read_data failed to read block 0x0
squashfs: SQUASHFS error: unable to read squashfs_super_block
overlayfs: filesystem on './file0' not supported as upperdir
block nbd2: Attempted send on invalid socket
print_req_error: I/O error, dev nbd2, sector 0
SQUASHFS error: squashfs_read_data failed to read block 0x0
squashfs: SQUASHFS error: unable to read squashfs_super_block
overlayfs: filesystem on './file0' not supported as upperdir
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.0'.
overlayfs: filesystem on './file0' not supported as upperdir
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.0'.
overlayfs: filesystem on './file0' not supported as upperdir
overlayfs: filesystem on './file0' not supported as upperdir
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=24073 comm=syz-executor.0
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=24073 comm=syz-executor.0
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.1'.
overlayfs: unrecognized mount option "�" or missing value
overlayfs: overlapping lowerdir path
overlayfs: unrecognized mount option "�" or missing value
overlayfs: overlapping lowerdir path
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.1'.
overlayfs: failed to resolve './file0�': -2
overlayfs: overlapping lowerdir path
overlayfs: failed to resolve './file0�': -2
overlayfs: failed to resolve './bus': -2
overlayfs: failed to resolve './file0��[JF:�': -2
overlayfs: failed to resolve '*/file1': -2
overlayfs: overlapping lowerdir path
overlayfs: failed to resolve '*/file1': -2
overlayfs: overlapping lowerdir path
overlayfs: unrecognized mount option "$m�upperdir=./file0Ú��yBf��-X|eLIV�`ރ]�>�" or missing value
overlayfs: overlapping lowerdir path
overlayfs: unrecognized mount option "$m�upperdir=./file0Ú��yBf��-X|eLIV�`ރ]�>�" or missing value
overlayfs: unrecognized mount option "0xffffffffffffffff" or missing value
overlayfs: overlapping lowerdir path
overlayfs: unrecognized mount option "0xffffffffffffffff" or missing value
overlayfs: overlapping lowerdir path
overlayfs: filesystem on './file0' not supported as upperdir
overlayfs: unrecognized mount option "l" or missing value
overlayfs: filesystem on './file0' not supported as upperdir
nla_parse: 21 callbacks suppressed
netlink: 212 bytes leftover after parsing attributes in process `syz-executor.0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24352 comm=syz-executor.0