NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored overlayfs: unrecognized mount option "euid<00000000000000000000" or missing value ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/16047 is trying to acquire lock: 000000008cfa3353 (&nilfs->ns_sem){++++}, at: nilfs_set_error fs/nilfs2/super.c:86 [inline] 000000008cfa3353 (&nilfs->ns_sem){++++}, at: __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131 but task is already holding lock: 000000008892356b (&dat_lock_key){.+.+}, at: nilfs_get_block+0x18f/0x970 fs/nilfs2/inode.c:79 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&dat_lock_key){.+.+}: nilfs_count_free_blocks+0x68/0x180 fs/nilfs2/the_nilfs.c:698 nilfs_set_log_cursor fs/nilfs2/super.c:237 [inline] nilfs_cleanup_super+0x133/0x490 fs/nilfs2/super.c:319 nilfs_put_super+0x152/0x1a0 fs/nilfs2/super.c:473 generic_shutdown_super+0x144/0x370 fs/super.c:456 kill_block_super+0x97/0xf0 fs/super.c:1185 deactivate_locked_super+0x94/0x160 fs/super.c:329 deactivate_super+0x174/0x1a0 fs/super.c:360 cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&nilfs->ns_sem){++++}: down_write+0x34/0x90 kernel/locking/rwsem.c:70 nilfs_set_error fs/nilfs2/super.c:86 [inline] __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131 nilfs_bmap_convert_error fs/nilfs2/bmap.c:35 [inline] nilfs_bmap_lookup_contig+0x13d/0x180 fs/nilfs2/bmap.c:95 nilfs_get_block+0x1ce/0x970 fs/nilfs2/inode.c:80 block_truncate_page+0x366/0xb00 fs/buffer.c:2887 nilfs_truncate+0x25d/0x4e0 fs/nilfs2/inode.c:739 nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 vfs_truncate+0x54b/0x6d0 fs/open.c:109 do_sys_truncate fs/open.c:132 [inline] do_sys_truncate+0x145/0x170 fs/open.c:120 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&dat_lock_key); lock(&nilfs->ns_sem); lock(&dat_lock_key); lock(&nilfs->ns_sem); *** DEADLOCK *** 5 locks held by syz-executor.1/16047: #0: 00000000f7145ba5 (sb_writers#21){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 00000000f7145ba5 (sb_writers#21){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 00000000b24127f3 (&sb->s_type->i_mutex_key#30){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000b24127f3 (&sb->s_type->i_mutex_key#30){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 000000008d837a05 (sb_internal#2){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] #2: 000000008d837a05 (sb_internal#2){.+.+}, at: nilfs_transaction_begin+0x1f8/0xa50 fs/nilfs2/segment.c:225 #3: 00000000bf2c11f4 (&nilfs->ns_segctor_sem){++++}, at: nilfs_transaction_begin+0x231/0xa50 fs/nilfs2/segment.c:228 #4: 000000008892356b (&dat_lock_key){.+.+}, at: nilfs_get_block+0x18f/0x970 fs/nilfs2/inode.c:79 stack backtrace: CPU: 1 PID: 16047 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_write+0x34/0x90 kernel/locking/rwsem.c:70 nilfs_set_error fs/nilfs2/super.c:86 [inline] __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131 nilfs_bmap_convert_error fs/nilfs2/bmap.c:35 [inline] nilfs_bmap_lookup_contig+0x13d/0x180 fs/nilfs2/bmap.c:95 nilfs_get_block+0x1ce/0x970 fs/nilfs2/inode.c:80 block_truncate_page+0x366/0xb00 fs/buffer.c:2887 nilfs_truncate+0x25d/0x4e0 fs/nilfs2/inode.c:739 nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 vfs_truncate+0x54b/0x6d0 fs/open.c:109 do_sys_truncate fs/open.c:132 [inline] do_sys_truncate+0x145/0x170 fs/open.c:120 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f8e47da45a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8e46317168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c RAX: ffffffffffffffda RBX: 00007f8e47ec4f80 RCX: 00007f8e47da45a9 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020000a80 RBP: 00007f8e47dff7b0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff8fdaf62f R14: 00007f8e46317300 R15: 0000000000022000 new mount options do not match the existing superblock, will be ignored audit: type=1800 audit(1667140557.743:64): pid=16106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=1296 res=0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored audit: type=1800 audit(1667140558.033:65): pid=16121 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=1296 res=0 new mount options do not match the existing superblock, will be ignored netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'. Remounting filesystem read-only 0ªX: renamed from gretap0 device 00ªX left promiscuous mode IPv6: ADDRCONF(NETDEV_UP): 00ªX: link is not ready NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 0, flags = 0x0, nchildren = 0 NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16) NILFS (loop1): error -5 truncating bmap (ino=16) UDF-fs: bad mount option "umask=000000000000000000003W/$or=00000000000000002047" or missing value netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'. NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds overlayfs: unrecognized mount option "euid<00000000000000000000" or missing value netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'. IPVS: ftp: loaded support on port[0] = 21 UDF-fs: bad mount option "umask=000000000000000000003W/$or=00000000000000002047" or missing value overlayfs: unrecognized mount option "euid<00000000000000000000" or missing value device 00ªX entered promiscuous mode netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'. 1ªX: renamed from 00ªX device 01ªX left promiscuous mode IPv6: ADDRCONF(NETDEV_UP): 01ªX: link is not ready UDF-fs: bad mount option "umask=000000000000000000003W/$or=00000000000000002047" or missing value IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 9pnet: p9_fd_create_tcp (16573): problem connecting socket to 127.0.0.1 Process accounting resumed REISERFS warning (device loop5): sh-2021 reiserfs_fill_super: can not find reiserfs on loop5 REISERFS warning (device loop5): sh-2021 reiserfs_fill_super: can not find reiserfs on loop5 9pnet: p9_fd_create_tcp (16635): problem connecting socket to 127.0.0.1 Process accounting resumed 9pnet: p9_fd_create_tcp (16620): problem connecting socket to 127.0.0.1 REISERFS warning (device loop5): sh-2021 reiserfs_fill_super: can not find reiserfs on loop5 Process accounting resumed 9pnet: p9_fd_create_tcp (16667): problem connecting socket to 127.0.0.1 REISERFS warning (device loop3): sh-2021 reiserfs_fill_super: can not find reiserfs on loop3 REISERFS warning (device loop5): sh-2021 reiserfs_fill_super: can not find reiserfs on loop5 9pnet: p9_fd_create_tcp (16719): problem connecting socket to 127.0.0.1 Process accounting resumed REISERFS warning (device loop3): sh-2021 reiserfs_fill_super: can not find reiserfs on loop3 9pnet: p9_fd_create_tcp (16775): problem connecting socket to 127.0.0.1 REISERFS warning (device loop3): sh-2021 reiserfs_fill_super: can not find reiserfs on loop3