overlayfs: './file0' not a directory Process accounting resumed ====================================================== WARNING: possible circular locking dependency detected 4.19.37 #5 Not tainted ------------------------------------------------------ syz-executor.0/15024 is trying to acquire lock: 000000006079611d (&ovl_i_mutex_key[depth]){+.+.}, at: inode_lock include/linux/fs.h:738 [inline] 000000006079611d (&ovl_i_mutex_key[depth]){+.+.}, at: ovl_write_iter+0x148/0xc20 fs/overlayfs/file.c:231 but task is already holding lock: 000000007103e490 (&acct->lock#2){+.+.}, at: acct_pin_kill+0x27/0x100 kernel/acct.c:173 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&acct->lock#2){+.+.}: __mutex_lock_common kernel/locking/mutex.c:925 [inline] __mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 acct_pin_kill+0x27/0x100 kernel/acct.c:173 pin_kill+0x18f/0x860 fs/fs_pin.c:50 acct_on+0x574/0x790 kernel/acct.c:254 __do_sys_acct kernel/acct.c:286 [inline] __se_sys_acct kernel/acct.c:273 [inline] __x64_sys_acct+0xae/0x200 kernel/acct.c:273 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (sb_writers#4){.+.+}: percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x20b/0x360 fs/super.c:1387 sb_start_write include/linux/fs.h:1569 [inline] mnt_want_write+0x3f/0xc0 fs/namespace.c:360 ovl_want_write+0x76/0xa0 fs/overlayfs/util.c:24 ovl_link+0x7c/0x2d5 fs/overlayfs/dir.c:674 vfs_link+0x7a4/0xb60 fs/namei.c:4240 do_linkat+0x550/0x770 fs/namei.c:4308 __do_sys_link fs/namei.c:4337 [inline] __se_sys_link fs/namei.c:4335 [inline] __x64_sys_link+0x61/0x80 fs/namei.c:4335 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&ovl_i_mutex_key[depth]){+.+.}: lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 down_write+0x38/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:738 [inline] ovl_write_iter+0x148/0xc20 fs/overlayfs/file.c:231 call_write_iter include/linux/fs.h:1811 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x58e/0x820 fs/read_write.c:487 __kernel_write+0x110/0x390 fs/read_write.c:506 do_acct_process+0xd37/0x1150 kernel/acct.c:520 acct_pin_kill+0x2f/0x100 kernel/acct.c:174 pin_kill+0x18f/0x860 fs/fs_pin.c:50 acct_on+0x574/0x790 kernel/acct.c:254 __do_sys_acct kernel/acct.c:286 [inline] __se_sys_acct kernel/acct.c:273 [inline] __x64_sys_acct+0xae/0x200 kernel/acct.c:273 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &ovl_i_mutex_key[depth] --> sb_writers#4 --> &acct->lock#2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&acct->lock#2); lock(sb_writers#4); lock(&acct->lock#2); lock(&ovl_i_mutex_key[depth]); *** DEADLOCK *** 4 locks held by syz-executor.0/15024: #0: 00000000dd69bb47 (acct_on_mutex){+.+.}, at: __do_sys_acct kernel/acct.c:285 [inline] #0: 00000000dd69bb47 (acct_on_mutex){+.+.}, at: __se_sys_acct kernel/acct.c:273 [inline] #0: 00000000dd69bb47 (acct_on_mutex){+.+.}, at: __x64_sys_acct+0xa6/0x200 kernel/acct.c:273 #1: 0000000065fca0a6 (sb_writers#17){.+.+}, at: sb_start_write include/linux/fs.h:1569 [inline] #1: 0000000065fca0a6 (sb_writers#17){.+.+}, at: mnt_want_write+0x3f/0xc0 fs/namespace.c:360 #2: 000000007103e490 (&acct->lock#2){+.+.}, at: acct_pin_kill+0x27/0x100 kernel/acct.c:173 #3: 0000000065fca0a6 (sb_writers#17){.+.+}, at: file_start_write_trylock include/linux/fs.h:2771 [inline] #3: 0000000065fca0a6 (sb_writers#17){.+.+}, at: do_acct_process+0xf37/0x1150 kernel/acct.c:517 stack backtrace: CPU: 0 PID: 15024 Comm: syz-executor.0 Not tainted 4.19.37 #5 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1221 check_prev_add kernel/locking/lockdep.c:1861 [inline] check_prevs_add kernel/locking/lockdep.c:1974 [inline] validate_chain kernel/locking/lockdep.c:2415 [inline] __lock_acquire+0x2e6d/0x48f0 kernel/locking/lockdep.c:3411 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3900 down_write+0x38/0x90 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:738 [inline] ovl_write_iter+0x148/0xc20 fs/overlayfs/file.c:231 call_write_iter include/linux/fs.h:1811 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x58e/0x820 fs/read_write.c:487 __kernel_write+0x110/0x390 fs/read_write.c:506 do_acct_process+0xd37/0x1150 kernel/acct.c:520 acct_pin_kill+0x2f/0x100 kernel/acct.c:174 pin_kill+0x18f/0x860 fs/fs_pin.c:50 acct_on+0x574/0x790 kernel/acct.c:254 __do_sys_acct kernel/acct.c:286 [inline] __se_sys_acct kernel/acct.c:273 [inline] __x64_sys_acct+0xae/0x200 kernel/acct.c:273 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458da9 Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffaad1dac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 protocol 88fb is buggy, dev hsr_slave_0 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffaad1db6d4 R13: 00000000004becd2 R14: 00000000004cfa50 R15: 00000000ffffffff protocol 88fb is buggy, dev hsr_slave_1 Process accounting resumed protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 overlayfs: failed to resolve './file1': -2 Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed IPv6 header not found IPv6 header not found overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found IPv6 header not found net_ratelimit: 16 callbacks suppressed protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 IPv6 header not found IPv6 header not found protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1 kobject: 'J' (00000000cacc84da): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'J' (00000000cacc84da): kobject_uevent_env kobject: 'J' (00000000cacc84da): fill_kobj_path: path = '/devices/virtual/net/J' kobject: 'queues' (00000000a8d067d2): kobject_add_internal: parent: 'J', set: '' kobject: 'queues' (00000000a8d067d2): kobject_uevent_env kobject: 'queues' (00000000a8d067d2): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (000000002ca7fe4d): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (000000002ca7fe4d): kobject_uevent_env kobject: 'rx-0' (000000002ca7fe4d): fill_kobj_path: path = '/devices/virtual/net/J/queues/rx-0' kobject: 'tx-0' (00000000f08c950a): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000f08c950a): kobject_uevent_env kobject: 'tx-0' (00000000f08c950a): fill_kobj_path: path = '/devices/virtual/net/J/queues/tx-0' kobject: 'J' (000000007aaac400): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'J' (000000007aaac400): kobject_uevent_env kobject: 'J' (000000007aaac400): fill_kobj_path: path = '/devices/virtual/net/J' kobject: 'queues' (00000000ad6a62d5): kobject_add_internal: parent: 'J', set: '' kobject: 'queues' (00000000ad6a62d5): kobject_uevent_env kobject: 'queues' (00000000ad6a62d5): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (000000006802c0d4): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (000000006802c0d4): kobject_uevent_env kobject: 'rx-0' (000000006802c0d4): fill_kobj_path: path = '/devices/virtual/net/J/queues/rx-0' kobject: 'tx-0' (00000000959b07df): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000959b07df): kobject_uevent_env kobject: 'tx-0' (00000000959b07df): fill_kobj_path: path = '/devices/virtual/net/J/queues/tx-0' kobject: 'J' (0000000051014bfb): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'J' (0000000051014bfb): kobject_uevent_env kobject: 'J' (0000000051014bfb): fill_kobj_path: path = '/devices/virtual/net/J' kobject: 'queues' (00000000c94a2923): kobject_add_internal: parent: 'J', set: '' kobject: 'queues' (00000000c94a2923): kobject_uevent_env kobject: 'queues' (00000000c94a2923): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000056503b2): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000056503b2): kobject_uevent_env kobject: 'rx-0' (00000000056503b2): fill_kobj_path: path = '/devices/virtual/net/J/queues/rx-0' kobject: 'tx-0' (000000000f0ed36e): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (000000000f0ed36e): kobject_uevent_env kobject: 'tx-0' (000000000f0ed36e): fill_kobj_path: path = '/devices/virtual/net/J/queues/tx-0' kobject: 'K' (0000000071372db9): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'K' (0000000071372db9): kobject_uevent_env kobject: 'K' (0000000071372db9): fill_kobj_path: path = '/devices/virtual/net/K' kobject: 'queues' (00000000cad1f967): kobject_add_internal: parent: 'K', set: '' kobject: 'queues' (00000000cad1f967): kobject_uevent_env kobject: 'queues' (00000000cad1f967): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (0000000083276c26): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (0000000083276c26): kobject_uevent_env kobject: 'rx-0' (0000000083276c26): fill_kobj_path: path = '/devices/virtual/net/K/queues/rx-0' kobject: 'tx-0' (000000002547369d): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (000000002547369d): kobject_uevent_env kobject: 'tx-0' (000000002547369d): fill_kobj_path: path = '/devices/virtual/net/K/queues/tx-0' kobject: 'K' (00000000497be043): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'K' (00000000497be043): kobject_uevent_env kobject: 'K' (00000000497be043): fill_kobj_path: path = '/devices/virtual/net/K' kobject: 'queues' (0000000057be50fb): kobject_add_internal: parent: 'K', set: '' kobject: 'queues' (0000000057be50fb): kobject_uevent_env kobject: 'queues' (0000000057be50fb): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000117fcb97): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000117fcb97): kobject_uevent_env kobject: 'rx-0' (00000000117fcb97): fill_kobj_path: path = '/devices/virtual/net/K/queues/rx-0' kobject: 'tx-0' (0000000028f91e54): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (0000000028f91e54): kobject_uevent_env kobject: 'tx-0' (0000000028f91e54): fill_kobj_path: path = '/devices/virtual/net/K/queues/tx-0' kobject: 'K' (000000002278b130): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'K' (000000002278b130): kobject_uevent_env kobject: 'K' (000000002278b130): fill_kobj_path: path = '/devices/virtual/net/K' kobject: 'queues' (000000002214db10): kobject_add_internal: parent: 'K', set: '' kobject: 'queues' (000000002214db10): kobject_uevent_env kobject: 'queues' (000000002214db10): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000da3b3645): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000da3b3645): kobject_uevent_env kobject: 'rx-0' (00000000da3b3645): fill_kobj_path: path = '/devices/virtual/net/K/queues/rx-0' kobject: 'tx-0' (0000000018718279): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (0000000018718279): kobject_uevent_env kobject: 'tx-0' (0000000018718279): fill_kobj_path: path = '/devices/virtual/net/K/queues/tx-0' kobject: 'L' (000000008d22ccc8): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'L' (000000008d22ccc8): kobject_uevent_env kobject: 'L' (000000008d22ccc8): fill_kobj_path: path = '/devices/virtual/net/L' kobject: 'queues' (000000006c770371): kobject_add_internal: parent: 'L', set: '' kobject: 'queues' (000000006c770371): kobject_uevent_env kobject: 'queues' (000000006c770371): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (000000009497b98d): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (000000009497b98d): kobject_uevent_env kobject: 'rx-0' (000000009497b98d): fill_kobj_path: path = '/devices/virtual/net/L/queues/rx-0' kobject: 'tx-0' (000000009efd91c9): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (000000009efd91c9): kobject_uevent_env kobject: 'tx-0' (000000009efd91c9): fill_kobj_path: path = '/devices/virtual/net/L/queues/tx-0' kobject: 'L' (0000000064aee516): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'L' (0000000064aee516): kobject_uevent_env kobject: 'L' (0000000064aee516): fill_kobj_path: path = '/devices/virtual/net/L' kobject: 'queues' (0000000061167913): kobject_add_internal: parent: 'L', set: '' kobject: 'queues' (0000000061167913): kobject_uevent_env kobject: 'queues' (0000000061167913): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (00000000823cf756): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (00000000823cf756): kobject_uevent_env kobject: 'rx-0' (00000000823cf756): fill_kobj_path: path = '/devices/virtual/net/L/queues/rx-0' kobject: 'tx-0' (00000000e106896e): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000e106896e): kobject_uevent_env kobject: 'tx-0' (00000000e106896e): fill_kobj_path: path = '/devices/virtual/net/L/queues/tx-0' kobject: 'L' (00000000e8817d2a): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'L' (00000000e8817d2a): kobject_uevent_env kobject: 'L' (00000000e8817d2a): fill_kobj_path: path = '/devices/virtual/net/L' kobject: 'queues' (00000000f21c88a2): kobject_add_internal: parent: 'L', set: '' kobject: 'queues' (00000000f21c88a2): kobject_uevent_env kobject: 'queues' (00000000f21c88a2): kobject_uevent_env: filter function caused the event to drop! kobject: 'rx-0' (000000002d01c97e): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'rx-0' (000000002d01c97e): kobject_uevent_env kobject: 'rx-0' (000000002d01c97e): fill_kobj_path: path = '/devices/virtual/net/L/queues/rx-0' kobject: 'tx-0' (00000000dce33475): kobject_add_internal: parent: 'queues', set: 'queues' kobject: 'tx-0' (00000000dce33475): kobject_uevent_env kobject: 'tx-0' (00000000dce33475): fill_kobj_path: path = '/devices/virtual/net/L/queues/tx-0' net_ratelimit: 24 callbacks suppressed protocol 88fb is buggy, dev hsr_slave_0 protocol 88fb is buggy, dev hsr_slave_1