====================================================== WARNING: possible circular locking dependency detected overlayfs: unrecognized mount option "nfs_export=onwYxEzmߺ: mu:j:YR+2_>a}ɽ%[o+CChVctEwYiK" or missing value 4.19.195-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/11130 is trying to acquire lock: 000000002c7ed9e7 (pernet_ops_rwsem){++++}, at: unregister_netdevice_notifier+0x7b/0x330 net/core/dev.c:1708 but task is already holding lock: overlayfs: unrecognized mount option "nfs_export=onwYxEzmߺ: mu:j:YR+2_>a}ɽ%[o+CChVctEwYiK" or missing value 000000004cb1fa78 (&sb->s_type->i_mutex_key#13){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] 000000004cb1fa78 (&sb->s_type->i_mutex_key#13){+.+.}, at: __sock_release+0x86/0x2a0 net/socket.c:578 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&sb->s_type->i_mutex_key#13){+.+.}: inode_lock include/linux/fs.h:748 [inline] __sock_release+0x86/0x2a0 net/socket.c:578 sock_close+0x15/0x20 net/socket.c:1140 __fput+0x2ce/0x890 fs/file_table.c:278 delayed_fput+0x56/0x70 fs/file_table.c:304 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 -> #2 ((delayed_fput_work).work){+.+.}: worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 -> #1 ((wq_completion)"events"){+.+.}: flush_scheduled_work include/linux/workqueue.h:599 [inline] tipc_exit_net+0x38/0x60 net/tipc/core.c:100 ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153 cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 -> #0 (pernet_ops_rwsem){++++}: down_write+0x34/0x90 kernel/locking/rwsem.c:70 unregister_netdevice_notifier+0x7b/0x330 net/core/dev.c:1708 bcm_release+0x94/0x700 net/can/bcm.c:1525 __sock_release+0xcd/0x2a0 net/socket.c:579 sock_close+0x15/0x20 net/socket.c:1140 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: pernet_ops_rwsem --> (delayed_fput_work).work --> &sb->s_type->i_mutex_key#13 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sb->s_type->i_mutex_key#13); lock((delayed_fput_work).work); lock(&sb->s_type->i_mutex_key#13); lock(pernet_ops_rwsem); *** DEADLOCK *** 1 lock held by syz-executor.5/11130: #0: 000000004cb1fa78 (&sb->s_type->i_mutex_key#13){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #0: 000000004cb1fa78 (&sb->s_type->i_mutex_key#13){+.+.}, at: __sock_release+0x86/0x2a0 net/socket.c:578 stack backtrace: CPU: 0 PID: 11130 Comm: syz-executor.5 Not tainted 4.19.195-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_write+0x34/0x90 kernel/locking/rwsem.c:70 unregister_netdevice_notifier+0x7b/0x330 net/core/dev.c:1708 bcm_release+0x94/0x700 net/can/bcm.c:1525 __sock_release+0xcd/0x2a0 net/socket.c:579 sock_close+0x15/0x20 net/socket.c:1140 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4665d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc0740bf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000124 RAX: 0000000000000005 RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000008 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffc0b15d25f R14: 00007fc0740bf300 R15: 0000000000022000 MTD: Attempt to mount non-MTD device "/dev/loop2" romfs: Mounting image 'rom 5f663c08' through the block layer ISO 9660 Extensions: Microsoft Joliet Level 0 ISOFS: File unit size != 0 for ISO file (1792). IPVS: ftp: loaded support on port[0] = 21 device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 left promiscuous mode device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device lo entered promiscuous mode netlink: 'syz-executor.0': attribute type 1 has an invalid length. audit: type=1804 audit(1624939451.318:16): pid=11213 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir822263346/syzkaller.nwoKsR/17/cgroup.controllers" dev="sda1" ino=14042 res=1 Y4`Ҙ: renamed from lo print_req_error: 54 callbacks suppressed print_req_error: I/O error, dev loop7, sector 0 print_req_error: I/O error, dev loop7, sector 0 input: syz0 as /devices/virtual/input/input5 Buffer I/O error on dev loop7, logical block 0, async page read MTD: Attempt to mount non-MTD device "/dev/loop4" Unknown ioctl 1076391951 cramfs: wrong magic audit: type=1804 audit(1624939452.478:17): pid=11267 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir077156916/syzkaller.ZNnUu1/18/file1/file0" dev="loop5" ino=114 res=1 EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue Unknown ioctl 1076391951 netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. IPVS: ftp: loaded support on port[0] = 21 netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1804 audit(1624939453.218:18): pid=11295 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir077156916/syzkaller.ZNnUu1/18/file1/file0" dev="loop5" ino=114 res=1 audit: type=1804 audit(1624939453.378:19): pid=11343 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir822263346/syzkaller.nwoKsR/20/file0" dev="sda1" ino=14063 res=1 audit: type=1800 audit(1624939453.558:20): pid=11531 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14073 res=0 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 audit: type=1804 audit(1624939454.199:21): pid=11675 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir822263346/syzkaller.nwoKsR/20/file0" dev="sda1" ino=14063 res=1 ptrace attach of "/root/syz-executor.1"[11678] was attempted by "/root/syz-executor.1"[11719] audit: type=1804 audit(1624939454.419:22): pid=11720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir822263346/syzkaller.nwoKsR/21/file0" dev="sda1" ino=14063 res=1 audit: type=1800 audit(1624939454.779:23): pid=11958 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14024 res=0 audit: type=1804 audit(1624939455.409:24): pid=11973 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir603628503/syzkaller.uC6CMr/33/file0" dev="sda1" ino=14080 res=1 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 audit: type=1800 audit(1624939455.829:25): pid=12027 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14060 res=0 audit: type=1804 audit(1624939456.449:26): pid=12049 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir603628503/syzkaller.uC6CMr/34/file0" dev="sda1" ino=14080 res=1 audit: type=1800 audit(1624939456.489:27): pid=12050 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="bus" dev="sda1" ino=14086 res=0 audit: type=1800 audit(1624939456.929:28): pid=12076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14083 res=0 EXT4-fs (loop3): orphan cleanup on readonly fs EXT4-fs warning (device loop3): ext4_enable_quotas:5875: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. EXT4-fs (loop3): Cannot turn on quotas: error -117 EXT4-fs error (device loop3): ext4_orphan_get:1257: comm syz-executor.3: bad orphan inode 17 ext4_test_bit(bit=16, block=18) = 0 EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue 9pnet: Insufficient options for proto=fd IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. kauditd_printk_skb: 3 callbacks suppressed audit: type=1800 audit(1624939458.699:31): pid=12229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14106 res=0 audit: type=1800 audit(1624939459.139:32): pid=12249 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14111 res=0 audit: type=1804 audit(1624939459.389:33): pid=12161 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir129737996/syzkaller.dSZIUx/31/cgroup.controllers" dev="sda1" ino=14100 res=1 audit: type=1800 audit(1624939459.599:34): pid=12272 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14055 res=0