overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. UBIFS error (pid: 19484): cannot open "(null)", error -22 new mount options do not match the existing superblock, will be ignored ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.3/19486 is trying to acquire lock: 00000000cac458d9 (&ovl_i_mutex_dir_key[depth]#2){++++}, at: inode_lock_shared include/linux/fs.h:758 [inline] 00000000cac458d9 (&ovl_i_mutex_dir_key[depth]#2){++++}, at: do_last fs/namei.c:3326 [inline] 00000000cac458d9 (&ovl_i_mutex_dir_key[depth]#2){++++}, at: path_openat+0x17ec/0x2df0 fs/namei.c:3537 overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. but task is already holding lock: 000000006f36fa24 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds fs/exec.c:1419 [inline] 000000006f36fa24 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file+0x38c/0x2360 fs/exec.c:1762 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&sig->cred_guard_mutex){+.+.}: do_io_accounting fs/proc/base.c:2750 [inline] proc_tgid_io_accounting+0x1cf/0x7f0 fs/proc/base.c:2799 proc_single_show+0xeb/0x170 fs/proc/base.c:755 seq_read+0x4e0/0x11c0 fs/seq_file.c:232 __vfs_read+0xf7/0x750 fs/read_write.c:416 vfs_read+0x194/0x3c0 fs/read_write.c:452 ksys_read+0x12b/0x2a0 fs/read_write.c:579 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (&p->lock){+.+.}: netlink: 'syz-executor.1': attribute type 2 has an invalid length. seq_read+0x6b/0x11c0 fs/seq_file.c:164 proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 kernel_readv fs/splice.c:362 [inline] default_file_splice_read+0x457/0xa00 fs/splice.c:417 do_splice_to+0x10e/0x160 fs/splice.c:881 splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959 do_splice_direct+0x1a7/0x270 fs/splice.c:1068 do_sendfile+0x550/0xc30 fs/read_write.c:1447 __do_sys_sendfile64 fs/read_write.c:1508 [inline] __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (sb_writers#3){.+.+}: sb_start_write include/linux/fs.h:1579 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:360 ovl_xattr_set+0x53/0x600 fs/overlayfs/inode.c:338 ISO 9660 Extensions: Microsoft Joliet Level 0 __vfs_setxattr+0x10e/0x170 fs/xattr.c:149 FAT-fs (loop2): Unrecognized mount option "smackfsdef=-{-:" or missing value __vfs_setxattr_noperm+0x11a/0x420 fs/xattr.c:180 __vfs_setxattr_locked+0x176/0x250 fs/xattr.c:238 vfs_setxattr+0xe5/0x270 fs/xattr.c:255 setxattr+0x23d/0x330 fs/xattr.c:520 path_setxattr+0x170/0x190 fs/xattr.c:539 __do_sys_lsetxattr fs/xattr.c:561 [inline] __se_sys_lsetxattr fs/xattr.c:557 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:557 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&ovl_i_mutex_dir_key[depth]#2){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:758 [inline] do_last fs/namei.c:3326 [inline] path_openat+0x17ec/0x2df0 fs/namei.c:3537 netlink: 209848 bytes leftover after parsing attributes in process `syz-executor.1'. do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_open_execat+0x11d/0x5b0 fs/exec.c:853 __do_execve_file+0x1a8b/0x2360 fs/exec.c:1770 do_execveat_common fs/exec.c:1879 [inline] do_execve+0x35/0x50 fs/exec.c:1896 __do_sys_execve fs/exec.c:1977 [inline] __se_sys_execve fs/exec.c:1972 [inline] __x64_sys_execve+0x7c/0xa0 fs/exec.c:1972 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &ovl_i_mutex_dir_key[depth]#2 --> &p->lock --> &sig->cred_guard_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sig->cred_guard_mutex); lock(&p->lock); lock(&sig->cred_guard_mutex); lock(&ovl_i_mutex_dir_key[depth]#2); *** DEADLOCK *** 1 lock held by syz-executor.3/19486: #0: 000000006f36fa24 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds fs/exec.c:1419 [inline] #0: 000000006f36fa24 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file+0x38c/0x2360 fs/exec.c:1762 stack backtrace: CPU: 0 PID: 19486 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:758 [inline] do_last fs/namei.c:3326 [inline] path_openat+0x17ec/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_open_execat+0x11d/0x5b0 fs/exec.c:853 __do_execve_file+0x1a8b/0x2360 fs/exec.c:1770 do_execveat_common fs/exec.c:1879 [inline] do_execve+0x35/0x50 fs/exec.c:1896 __do_sys_execve fs/exec.c:1977 [inline] __se_sys_execve fs/exec.c:1972 [inline] __x64_sys_execve+0x7c/0xa0 fs/exec.c:1972 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f8a465a9209 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8a44f1e168 EFLAGS: 00000246 ORIG_RAX: 000000000000003b RAX: ffffffffffffffda RBX: 00007f8a466bbf60 RCX: 00007f8a465a9209 RDX: 0000000020000a80 RSI: 0000000020000940 RDI: 00000000200003c0 RBP: 00007f8a46603161 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffef71788bf R14: 00007f8a44f1e300 R15: 0000000000022000 UBIFS error (pid: 19536): cannot open "(null)", error -22 overlayfs: 'file0' not a directory overlayfs: maximum fs stacking depth exceeded overlayfs: failed to resolve './file1': -2 overlayfs: filesystem on './bus' not supported as upperdir overlayfs: maximum fs stacking depth exceeded netlink: 'syz-executor.1': attribute type 2 has an invalid length. netlink: 'syz-executor.2': attribute type 4 has an invalid length. overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path netlink: 209848 bytes leftover after parsing attributes in process `syz-executor.1'. overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path netlink: 'syz-executor.2': attribute type 4 has an invalid length. overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path overlayfs: overlapping lowerdir path netlink: 'syz-executor.2': attribute type 4 has an invalid length. UBIFS error (pid: 19649): cannot open "(null)", error -22 overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. audit: type=1804 audit(1659327196.523:774): pid=19739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir2633200655/syzkaller.6l3xbF/657/file0/file0" dev="ramfs" ino=122021 res=1 hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored audit: type=1804 audit(1659327196.723:775): pid=19843 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir567370729/syzkaller.zVu4Pt/523/bus" dev="sda1" ino=14402 res=1 hpfs: bad mount options. audit: type=1800 audit(1659327196.753:776): pid=19843 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14402 res=0 hpfs: bad mount options. audit: type=1804 audit(1659327196.803:777): pid=19868 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir567370729/syzkaller.zVu4Pt/523/bus" dev="sda1" ino=14402 res=1 new mount options do not match the existing superblock, will be ignored audit: type=1804 audit(1659327196.843:778): pid=19895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir567370729/syzkaller.zVu4Pt/524/bus" dev="sda1" ino=14402 res=1 new mount options do not match the existing superblock, will be ignored audit: type=1800 audit(1659327196.843:779): pid=19895 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14402 res=0 9pnet: Insufficient options for proto=fd hpfs: bad mount options. audit: type=1804 audit(1659327196.913:780): pid=19913 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir567370729/syzkaller.zVu4Pt/524/bus" dev="sda1" ino=14402 res=1 audit: type=1804 audit(1659327196.913:781): pid=19913 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir567370729/syzkaller.zVu4Pt/524/bus" dev="sda1" ino=14402 res=1 new mount options do not match the existing superblock, will be ignored 9pnet: Insufficient options for proto=fd audit: type=1804 audit(1659327197.043:782): pid=20031 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir567370729/syzkaller.zVu4Pt/525/bus" dev="sda1" ino=14418 res=1 hpfs: bad mount options. audit: type=1800 audit(1659327197.043:783): pid=20031 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14418 res=0 new mount options do not match the existing superblock, will be ignored 9pnet: Insufficient options for proto=fd hpfs: bad mount options. 9pnet: Insufficient options for proto=fd new mount options do not match the existing superblock, will be ignored 9pnet: Insufficient options for proto=fd 9pnet: Insufficient options for proto=fd hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. hpfs: bad mount options. hpfs: bad mount options. hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored tmpfs: No value for mount option 'siz z' new mount options do not match the existing superblock, will be ignored tmpfs: No value for mount option 'siz z' new mount options do not match the existing superblock, will be ignored tmpfs: No value for mount option 'siz z' new mount options do not match the existing superblock, will be ignored