f2fs_msg: 6 callbacks suppressed F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) overlayfs: filesystem on './bus' not supported as upperdir F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock ====================================================== WARNING: possible circular locking dependency detected 4.14.228-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.3/18916 is trying to acquire lock: (&ovl_i_mutex_dir_key[depth]#2){++++}, at: [] inode_lock_shared include/linux/fs.h:729 [inline] (&ovl_i_mutex_dir_key[depth]#2){++++}, at: [] do_last fs/namei.c:3333 [inline] (&ovl_i_mutex_dir_key[depth]#2){++++}, at: [] path_openat+0x149b/0x2970 fs/namei.c:3569 but task is already holding lock: (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds fs/exec.c:1404 [inline] (&sig->cred_guard_mutex){+.+.}, at: [] do_execveat_common+0x319/0x1f30 fs/exec.c:1748 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (&sig->cred_guard_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 lock_trace fs/proc/base.c:407 [inline] proc_pid_stack+0x13f/0x2f0 fs/proc/base.c:457 proc_single_show+0xe7/0x150 fs/proc/base.c:761 seq_read+0x4cf/0x1120 fs/seq_file.c:237 do_loop_readv_writev fs/read_write.c:695 [inline] do_loop_readv_writev fs/read_write.c:682 [inline] do_iter_read+0x3eb/0x5b0 fs/read_write.c:919 vfs_readv+0xc8/0x120 fs/read_write.c:981 do_preadv fs/read_write.c:1065 [inline] SYSC_preadv fs/read_write.c:1115 [inline] SyS_preadv+0x15a/0x200 fs/read_write.c:1110 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #3 (&p->lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 seq_read+0xba/0x1120 fs/seq_file.c:165 proc_reg_read+0xee/0x1a0 fs/proc/inode.c:217 do_loop_readv_writev fs/read_write.c:695 [inline] do_loop_readv_writev fs/read_write.c:682 [inline] do_iter_read+0x3eb/0x5b0 fs/read_write.c:919 vfs_readv+0xc8/0x120 fs/read_write.c:981 kernel_readv fs/splice.c:361 [inline] default_file_splice_read+0x418/0x910 fs/splice.c:416 do_splice_to+0xfb/0x140 fs/splice.c:880 splice_direct_to_actor+0x207/0x730 fs/splice.c:952 do_splice_direct+0x164/0x210 fs/splice.c:1061 do_sendfile+0x47f/0xb30 fs/read_write.c:1441 SYSC_sendfile64 fs/read_write.c:1502 [inline] SyS_sendfile64+0xff/0x110 fs/read_write.c:1488 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #2 (sb_writers#3){.+.+}: percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x64/0x260 fs/super.c:1342 sb_start_write include/linux/fs.h:1549 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 ovl_create_object+0x75/0x1d0 fs/overlayfs/dir.c:538 lookup_open+0x77a/0x1750 fs/namei.c:3241 do_last fs/namei.c:3334 [inline] path_openat+0xe08/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_sys_open+0x296/0x410 fs/open.c:1081 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #1 (&ovl_i_mutex_dir_key[depth]){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:729 [inline] lookup_slow+0x129/0x400 fs/namei.c:1674 lookup_one_len_unlocked+0x3a0/0x410 fs/namei.c:2595 ovl_lookup_single+0x33/0x6d0 fs/overlayfs/namei.c:208 ovl_lookup_layer+0x2ef/0x3d0 fs/overlayfs/namei.c:265 ovl_lookup+0x5d9/0x1120 fs/overlayfs/namei.c:670 lookup_slow+0x20a/0x400 fs/namei.c:1696 walk_component+0x6a1/0xbc0 fs/namei.c:1825 link_path_walk+0x823/0x10a0 fs/namei.c:2154 path_lookupat+0xcb/0x780 fs/namei.c:2342 filename_lookup+0x18a/0x510 fs/namei.c:2377 user_path_at include/linux/namei.h:57 [inline] do_sys_truncate.part.0+0x78/0xf0 fs/open.c:141 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&ovl_i_mutex_dir_key[depth]#2){++++}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:729 [inline] do_last fs/namei.c:3333 [inline] path_openat+0x149b/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_open_execat+0xd3/0x450 fs/exec.c:849 do_execveat_common+0x711/0x1f30 fs/exec.c:1755 do_execve fs/exec.c:1860 [inline] SYSC_execve fs/exec.c:1941 [inline] SyS_execve+0x3b/0x50 fs/exec.c:1936 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Chain exists of: &ovl_i_mutex_dir_key[depth]#2 --> &p->lock --> &sig->cred_guard_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sig->cred_guard_mutex); lock(&p->lock); lock(&sig->cred_guard_mutex); lock(&ovl_i_mutex_dir_key[depth]#2); *** DEADLOCK *** 1 lock held by syz-executor.3/18916: #0: (&sig->cred_guard_mutex){+.+.}, at: [] prepare_bprm_creds fs/exec.c:1404 [inline] #0: (&sig->cred_guard_mutex){+.+.}, at: [] do_execveat_common+0x319/0x1f30 fs/exec.c:1748 stack backtrace: CPU: 1 PID: 18916 Comm: syz-executor.3 Not tainted 4.14.228-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:729 [inline] do_last fs/namei.c:3333 [inline] path_openat+0x149b/0x2970 fs/namei.c:3569 do_filp_open+0x179/0x3c0 fs/namei.c:3603 do_open_execat+0xd3/0x450 fs/exec.c:849 do_execveat_common+0x711/0x1f30 fs/exec.c:1755 do_execve fs/exec.c:1860 [inline] SYSC_execve fs/exec.c:1941 [inline] SyS_execve+0x3b/0x50 fs/exec.c:1936 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x466459 RSP: 002b:00007f0cd3315188 EFLAGS: 00000246 ORIG_RAX: 000000000000003b RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 RDX: 00000000200008c0 RSI: 0000000020000600 RDI: 00000000200004c0 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffe9588417f R14: 00007f0cd3315300 R15: 0000000000022000 F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): Failed to get valid F2FS checkpoint F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): Failed to get valid F2FS checkpoint net_ratelimit: 22 callbacks suppressed ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ptrace attach of "/root/syz-executor.4"[18994] was attempted by "/root/syz-executor.4"[18998] ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table XFS (loop4): unknown mount option [loaûÉ1]. ip_tables: iptables: counters copy to user failed while replacing table XFS (loop4): unknown mount option [loaûÉ1]. base_sock_release(ffff88804c4cb600) sk=ffff8880416f2d40 base_sock_release(ffff88808e3ef180) sk=ffff88809ea5d280 base_sock_release(ffff888043444080) sk=ffff888098b71740 netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. f2fs_msg: 190 callbacks suppressed F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): Failed to get valid F2FS checkpoint F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): Failed to get valid F2FS checkpoint serio: Serial port pts0 serio: Serial port pts0 Cannot find set identified by id 4 to match Cannot find set identified by id 4 to match new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored net_ratelimit: 65 callbacks suppressed ip_tables: iptables: counters copy to user failed while replacing table new mount options do not match the existing superblock, will be ignored ip_tables: iptables: counters copy to user failed while replacing table bridge: RTM_NEWNEIGH with invalid state 0x4 ip_tables: iptables: counters copy to user failed while replacing table new mount options do not match the existing superblock, will be ignored PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex attempt to access beyond end of device loop5: rw=12288, want=8200, limit=8192 ip_tables: iptables: counters copy to user failed while replacing table new mount options do not match the existing superblock, will be ignored attempt to access beyond end of device ip_tables: iptables: counters copy to user failed while replacing table loop5: rw=12288, want=8200, limit=8192 ip_tables: iptables: counters copy to user failed while replacing table new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored ip_tables: iptables: counters copy to user failed while replacing table new mount options do not match the existing superblock, will be ignored ip_tables: iptables: counters copy to user failed while replacing table ip_tables: iptables: counters copy to user failed while replacing table new mount options do not match the existing superblock, will be ignored ip_tables: iptables: counters copy to user failed while replacing table new mount options do not match the existing superblock, will be ignored attempt to access beyond end of device loop5: rw=12288, want=8200, limit=8192 attempt to access beyond end of device loop5: rw=12288, want=8200, limit=8192 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored print_req_error: I/O error, dev loop5, sector 0 Buffer I/O error on dev loop5, logical block 0, async page read new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored hpfs: bad mount options. new mount options do not match the existing superblock, will be ignored print_req_error: I/O error, dev loop3, sector 0 new mount options do not match the existing superblock, will be ignored 9pnet: Insufficient options for proto=fd 9pnet: Insufficient options for proto=fd new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored IPVS: ftp: loaded support on port[0] = 21