NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
overlayfs: unrecognized mount option "euid<00000000000000000000" or missing value
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/16047 is trying to acquire lock:
000000008cfa3353 (&nilfs->ns_sem){++++}, at: nilfs_set_error fs/nilfs2/super.c:86 [inline]
000000008cfa3353 (&nilfs->ns_sem){++++}, at: __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131

but task is already holding lock:
000000008892356b (&dat_lock_key){.+.+}, at: nilfs_get_block+0x18f/0x970 fs/nilfs2/inode.c:79

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&dat_lock_key){.+.+}:
       nilfs_count_free_blocks+0x68/0x180 fs/nilfs2/the_nilfs.c:698
       nilfs_set_log_cursor fs/nilfs2/super.c:237 [inline]
       nilfs_cleanup_super+0x133/0x490 fs/nilfs2/super.c:319
       nilfs_put_super+0x152/0x1a0 fs/nilfs2/super.c:473
       generic_shutdown_super+0x144/0x370 fs/super.c:456
       kill_block_super+0x97/0xf0 fs/super.c:1185
       deactivate_locked_super+0x94/0x160 fs/super.c:329
       deactivate_super+0x174/0x1a0 fs/super.c:360
       cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098
       task_work_run+0x148/0x1c0 kernel/task_work.c:113
       tracehook_notify_resume include/linux/tracehook.h:193 [inline]
       exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
       prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
       syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
       do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&nilfs->ns_sem){++++}:
       down_write+0x34/0x90 kernel/locking/rwsem.c:70
       nilfs_set_error fs/nilfs2/super.c:86 [inline]
       __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131
       nilfs_bmap_convert_error fs/nilfs2/bmap.c:35 [inline]
       nilfs_bmap_lookup_contig+0x13d/0x180 fs/nilfs2/bmap.c:95
       nilfs_get_block+0x1ce/0x970 fs/nilfs2/inode.c:80
       block_truncate_page+0x366/0xb00 fs/buffer.c:2887
       nilfs_truncate+0x25d/0x4e0 fs/nilfs2/inode.c:739
       nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835
       notify_change+0x70b/0xfc0 fs/attr.c:334
       do_truncate+0x134/0x1f0 fs/open.c:63
       vfs_truncate+0x54b/0x6d0 fs/open.c:109
       do_sys_truncate fs/open.c:132 [inline]
       do_sys_truncate+0x145/0x170 fs/open.c:120
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&dat_lock_key);
                               lock(&nilfs->ns_sem);
                               lock(&dat_lock_key);
  lock(&nilfs->ns_sem);

 *** DEADLOCK ***

5 locks held by syz-executor.1/16047:
 #0: 00000000f7145ba5 (sb_writers#21){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
 #0: 00000000f7145ba5 (sb_writers#21){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
 #1: 00000000b24127f3 (&sb->s_type->i_mutex_key#30){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
 #1: 00000000b24127f3 (&sb->s_type->i_mutex_key#30){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61
 #2: 000000008d837a05 (sb_internal#2){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline]
 #2: 000000008d837a05 (sb_internal#2){.+.+}, at: nilfs_transaction_begin+0x1f8/0xa50 fs/nilfs2/segment.c:225
 #3: 00000000bf2c11f4 (&nilfs->ns_segctor_sem){++++}, at: nilfs_transaction_begin+0x231/0xa50 fs/nilfs2/segment.c:228
 #4: 000000008892356b (&dat_lock_key){.+.+}, at: nilfs_get_block+0x18f/0x970 fs/nilfs2/inode.c:79

stack backtrace:
CPU: 1 PID: 16047 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 down_write+0x34/0x90 kernel/locking/rwsem.c:70
 nilfs_set_error fs/nilfs2/super.c:86 [inline]
 __nilfs_error+0x195/0x401 fs/nilfs2/super.c:131
 nilfs_bmap_convert_error fs/nilfs2/bmap.c:35 [inline]
 nilfs_bmap_lookup_contig+0x13d/0x180 fs/nilfs2/bmap.c:95
 nilfs_get_block+0x1ce/0x970 fs/nilfs2/inode.c:80
 block_truncate_page+0x366/0xb00 fs/buffer.c:2887
 nilfs_truncate+0x25d/0x4e0 fs/nilfs2/inode.c:739
 nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835
 notify_change+0x70b/0xfc0 fs/attr.c:334
 do_truncate+0x134/0x1f0 fs/open.c:63
 vfs_truncate+0x54b/0x6d0 fs/open.c:109
 do_sys_truncate fs/open.c:132 [inline]
 do_sys_truncate+0x145/0x170 fs/open.c:120
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f8e47da45a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8e46317168 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00007f8e47ec4f80 RCX: 00007f8e47da45a9
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020000a80
RBP: 00007f8e47dff7b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8fdaf62f R14: 00007f8e46317300 R15: 0000000000022000
new mount options do not match the existing superblock, will be ignored
audit: type=1800 audit(1667140557.743:64): pid=16106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=1296 res=0
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
audit: type=1800 audit(1667140558.033:65): pid=16121 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=1296 res=0
new mount options do not match the existing superblock, will be ignored
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'.
Remounting filesystem read-only
0ªX: renamed from gretap0
device 
00ªX left promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): 
00ªX: link is not ready
NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 0, flags = 0x0, nchildren = 0
NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16)
NILFS (loop1): error -5 truncating bmap (ino=16)
UDF-fs: bad mount option "umask=000000000000000000003W/$or=00000000000000002047" or missing value
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'.
NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
overlayfs: unrecognized mount option "euid<00000000000000000000" or missing value
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'.
IPVS: ftp: loaded support on port[0] = 21
UDF-fs: bad mount option "umask=000000000000000000003W/$or=00000000000000002047" or missing value
overlayfs: unrecognized mount option "euid<00000000000000000000" or missing value
device 
00ªX entered promiscuous mode
netlink: 9 bytes leftover after parsing attributes in process `syz-executor.2'.
1ªX: renamed from 
00ªX
device 
01ªX left promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): 
01ªX: link is not ready
UDF-fs: bad mount option "umask=000000000000000000003W/$or=00000000000000002047" or missing value
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
9pnet: p9_fd_create_tcp (16573): problem connecting socket to 127.0.0.1
Process accounting resumed
REISERFS warning (device loop5): sh-2021 reiserfs_fill_super: can not find reiserfs on loop5
REISERFS warning (device loop5): sh-2021 reiserfs_fill_super: can not find reiserfs on loop5
9pnet: p9_fd_create_tcp (16635): problem connecting socket to 127.0.0.1
Process accounting resumed
9pnet: p9_fd_create_tcp (16620): problem connecting socket to 127.0.0.1
REISERFS warning (device loop5): sh-2021 reiserfs_fill_super: can not find reiserfs on loop5
Process accounting resumed
9pnet: p9_fd_create_tcp (16667): problem connecting socket to 127.0.0.1
REISERFS warning (device loop3): sh-2021 reiserfs_fill_super: can not find reiserfs on loop3
REISERFS warning (device loop5): sh-2021 reiserfs_fill_super: can not find reiserfs on loop5
9pnet: p9_fd_create_tcp (16719): problem connecting socket to 127.0.0.1
Process accounting resumed
REISERFS warning (device loop3): sh-2021 reiserfs_fill_super: can not find reiserfs on loop3
9pnet: p9_fd_create_tcp (16775): problem connecting socket to 127.0.0.1
REISERFS warning (device loop3): sh-2021 reiserfs_fill_super: can not find reiserfs on loop3