======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.3/17963 is trying to acquire lock:
000000008c0e76ae (&nilfs->ns_sem){++++}, at: nilfs_set_error fs/nilfs2/super.c:86 [inline]
000000008c0e76ae (&nilfs->ns_sem){++++}, at: __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131

but task is already holding lock:
00000000ba41bcb3 (&dat_lock_key){.+.+}, at: nilfs_get_block+0x18f/0x970 fs/nilfs2/inode.c:79

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&dat_lock_key){.+.+}:
       nilfs_count_free_blocks+0x68/0x180 fs/nilfs2/the_nilfs.c:698
       nilfs_set_log_cursor fs/nilfs2/super.c:237 [inline]
       nilfs_cleanup_super+0x133/0x490 fs/nilfs2/super.c:319
       nilfs_put_super+0x152/0x1a0 fs/nilfs2/super.c:473
       generic_shutdown_super+0x144/0x370 fs/super.c:456
       kill_block_super+0x97/0xf0 fs/super.c:1185
       deactivate_locked_super+0x94/0x160 fs/super.c:329
       deactivate_super+0x174/0x1a0 fs/super.c:360
       cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098
       task_work_run+0x148/0x1c0 kernel/task_work.c:113
       tracehook_notify_resume include/linux/tracehook.h:193 [inline]
       exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
       prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
       syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
       do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&nilfs->ns_sem){++++}:
       down_write+0x34/0x90 kernel/locking/rwsem.c:70
       nilfs_set_error fs/nilfs2/super.c:86 [inline]
       __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131
       nilfs_bmap_convert_error fs/nilfs2/bmap.c:35 [inline]
       nilfs_bmap_lookup_contig+0x13d/0x180 fs/nilfs2/bmap.c:95
       nilfs_get_block+0x1ce/0x970 fs/nilfs2/inode.c:80
       block_truncate_page+0x366/0xb00 fs/buffer.c:2887
       nilfs_truncate+0x25d/0x4e0 fs/nilfs2/inode.c:739
       nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835
       notify_change+0x70b/0xfc0 fs/attr.c:334
       do_truncate+0x134/0x1f0 fs/open.c:63
       vfs_truncate+0x54b/0x6d0 fs/open.c:109
       do_sys_truncate fs/open.c:132 [inline]
       do_sys_truncate+0x145/0x170 fs/open.c:120
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&dat_lock_key);
                               lock(&nilfs->ns_sem);
                               lock(&dat_lock_key);
  lock(&nilfs->ns_sem);

 *** DEADLOCK ***

5 locks held by syz-executor.3/17963:
 #0: 000000000a5024c5 (sb_writers#24){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
 #0: 000000000a5024c5 (sb_writers#24){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
 #1: 00000000c95519d2 (&sb->s_type->i_mutex_key#33){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
 #1: 00000000c95519d2 (&sb->s_type->i_mutex_key#33){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61
 #2: 0000000036fb15ec (sb_internal#2){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline]
 #2: 0000000036fb15ec (sb_internal#2){.+.+}, at: nilfs_transaction_begin+0x1f8/0xa50 fs/nilfs2/segment.c:225
 #3: 00000000c543911d (&nilfs->ns_segctor_sem){++++}, at: nilfs_transaction_begin+0x231/0xa50 fs/nilfs2/segment.c:228
 #4: 00000000ba41bcb3 (&dat_lock_key){.+.+}, at: nilfs_get_block+0x18f/0x970 fs/nilfs2/inode.c:79

stack backtrace:
CPU: 0 PID: 17963 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 down_write+0x34/0x90 kernel/locking/rwsem.c:70
 nilfs_set_error fs/nilfs2/super.c:86 [inline]
 __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131
 nilfs_bmap_convert_error fs/nilfs2/bmap.c:35 [inline]
 nilfs_bmap_lookup_contig+0x13d/0x180 fs/nilfs2/bmap.c:95
 nilfs_get_block+0x1ce/0x970 fs/nilfs2/inode.c:80
 block_truncate_page+0x366/0xb00 fs/buffer.c:2887
 nilfs_truncate+0x25d/0x4e0 fs/nilfs2/inode.c:739
 nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835
 notify_change+0x70b/0xfc0 fs/attr.c:334
 do_truncate+0x134/0x1f0 fs/open.c:63
 vfs_truncate+0x54b/0x6d0 fs/open.c:109
 do_sys_truncate fs/open.c:132 [inline]
 do_sys_truncate+0x145/0x170 fs/open.c:120
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f19791505a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1977ac3168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007f1979270f80 RCX: 00007f19791505a9
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020000a80
RBP: 00007f19791ab580 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc4848521f R14: 00007f1977ac3300 R15: 0000000000022000
Remounting filesystem read-only
NILFS (loop3): bad btree node (ino=16, blocknr=15): level = 0, flags = 0x0, nchildren = 0
NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16)
IPVS: ftp: loaded support on port[0] = 21
NILFS (loop3): error -5 truncating bmap (ino=16)
NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop3): bad btree node (ino=16, blocknr=15): level = 0, flags = 0x0, nchildren = 0
NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
Remounting filesystem read-only
NILFS (loop3): bad btree node (ino=16, blocknr=15): level = 0, flags = 0x0, nchildren = 0
NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16)
NILFS (loop3): error -5 truncating bmap (ino=16)
IPVS: ftp: loaded support on port[0] = 21
NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
IPVS: ftp: loaded support on port[0] = 21
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
IPVS: ftp: loaded support on port[0] = 21
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
IPVS: ftp: loaded support on port[0] = 21
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
new mount options do not match the existing superblock, will be ignored
IPVS: ftp: loaded support on port[0] = 21
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
audit: type=1804 audit(1666099063.136:108): pid=18373 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1839193569/syzkaller.j7aEfL/264/file0/bus" dev="loop2" ino=153 res=1
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
audit: type=1804 audit(1666099063.876:109): pid=18412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1839193569/syzkaller.j7aEfL/265/file0/bus" dev="loop2" ino=155 res=1
audit: type=1804 audit(1666099065.587:110): pid=18453 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1839193569/syzkaller.j7aEfL/266/file0/bus" dev="loop2" ino=159 res=1