EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue ====================================================== WARNING: possible circular locking dependency detected 4.14.288-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/10266 is trying to acquire lock: (&oi->lock){+.+.}, at: [] ovl_copy_up_start+0x40/0xe0 fs/overlayfs/util.c:318 but task is already holding lock: (sb_writers#6){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] (sb_writers#6){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sb_writers#6){.+.+}: percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] __sb_start_write+0x64/0x260 fs/super.c:1342 sb_start_write include/linux/fs.h:1551 [inline] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 ovl_rename+0x11b/0xe50 fs/overlayfs/dir.c:935 vfs_rename+0x560/0x1820 fs/namei.c:4496 SYSC_renameat2 fs/namei.c:4644 [inline] SyS_renameat2+0x95b/0xad0 fs/namei.c:4533 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #1 (&ovl_i_mutex_dir_key[depth]#2){++++}: down_read+0x36/0x80 kernel/locking/rwsem.c:24 inode_lock_shared include/linux/fs.h:729 [inline] lookup_slow+0x129/0x400 fs/namei.c:1674 lookup_one_len_unlocked+0x3a0/0x410 fs/namei.c:2595 ovl_lower_positive+0x184/0x350 fs/overlayfs/namei.c:783 ovl_rename+0x47c/0xe50 fs/overlayfs/dir.c:968 vfs_rename+0x560/0x1820 fs/namei.c:4496 SYSC_renameat2 fs/namei.c:4644 [inline] SyS_renameat2+0x95b/0xad0 fs/namei.c:4533 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&oi->lock){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 ovl_copy_up_start+0x40/0xe0 fs/overlayfs/util.c:318 ovl_copy_up_one+0x21f/0x910 fs/overlayfs/copy_up.c:631 ovl_copy_up_flags+0xd5/0x120 fs/overlayfs/copy_up.c:686 ovl_rename+0x164/0xe50 fs/overlayfs/dir.c:939 vfs_rename+0x560/0x1820 fs/namei.c:4496 SYSC_renameat2 fs/namei.c:4644 [inline] SyS_renameat2+0x95b/0xad0 fs/namei.c:4533 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Chain exists of: &oi->lock --> &ovl_i_mutex_dir_key[depth]#2 --> sb_writers#6 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sb_writers#6); lock(&ovl_i_mutex_dir_key[depth]#2); lock(sb_writers#6); lock(&oi->lock); *** DEADLOCK *** 6 locks held by syz-executor.1/10266: #0: (sb_writers#13){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#13){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 #1: (&type->s_vfs_rename_key#2){+.+.}, at: [] lock_rename+0x54/0x280 fs/namei.c:2889 #2: (&ovl_i_mutex_dir_key[depth]#2/1){+.+.}, at: [] inode_lock_nested include/linux/fs.h:754 [inline] #2: (&ovl_i_mutex_dir_key[depth]#2/1){+.+.}, at: [] lock_rename+0x132/0x280 fs/namei.c:2900 #3: (&ovl_i_mutex_dir_key[depth]#2/2){+.+.}, at: [] inode_lock_nested include/linux/fs.h:754 [inline] #3: (&ovl_i_mutex_dir_key[depth]#2/2){+.+.}, at: [] lock_rename+0x166/0x280 fs/namei.c:2901 #4: (&ovl_i_mutex_dir_key[depth]#2){++++}, at: [] inode_lock include/linux/fs.h:719 [inline] #4: (&ovl_i_mutex_dir_key[depth]#2){++++}, at: [] vfs_rename+0xbd8/0x1820 fs/namei.c:4470 #5: (sb_writers#6){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #5: (sb_writers#6){.+.+}, at: [] mnt_want_write+0x3a/0xb0 fs/namespace.c:386 stack backtrace: CPU: 0 PID: 10266 Comm: syz-executor.1 Not tainted 4.14.288-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 ovl_copy_up_start+0x40/0xe0 fs/overlayfs/util.c:318 ovl_copy_up_one+0x21f/0x910 fs/overlayfs/copy_up.c:631 ovl_copy_up_flags+0xd5/0x120 fs/overlayfs/copy_up.c:686 ovl_rename+0x164/0xe50 fs/overlayfs/dir.c:939 vfs_rename+0x560/0x1820 fs/namei.c:4496 SYSC_renameat2 fs/namei.c:4644 [inline] SyS_renameat2+0x95b/0xad0 fs/namei.c:4533 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7fbb29bdd1f9 RSP: 002b:00007fbb28552168 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 RAX: ffffffffffffffda RBX: 00007fbb29ceff60 RCX: 00007fbb29bdd1f9 RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000020000100 RBP: 00007fbb29c37161 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff8b5a974f R14: 00007fbb28552300 R15: 0000000000022000 print_req_error: I/O error, dev loop5, sector 0 EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue Trying to free block not in datazone Trying to free block not in datazone Trying to free block not in datazone Trying to free block not in datazone Trying to free block not in datazone Trying to free block not in datazone Trying to free block not in datazone Trying to free block not in datazone Trying to free block not in datazone Trying to free block not in datazone sd 0:0:1:0: [sg0] tag#3920 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#3920 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#3920 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#3920 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#3920 CDB[20]: ba sd 0:0:1:0: [sg0] tag#3920 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#3920 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#3920 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c Trying to free block not in datazone sd 0:0:1:0: [sg0] tag#3920 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d Trying to free block not in datazone sd 0:0:1:0: [sg0] tag#3920 CDB[20]: ba sd 0:0:1:0: [sg0] tag#3920 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#3920 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#3920 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#3920 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#3920 CDB[20]: ba Trying to free block not in datazone Trying to free block not in datazone sd 0:0:1:0: [sg0] tag#3914 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#3914 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#3914 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#3914 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#3914 CDB[20]: ba sd 0:0:1:0: [sg0] tag#3920 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#3920 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#3920 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#3920 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#3920 CDB[20]: ba sd 0:0:1:0: [sg0] tag#3914 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#3914 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#3914 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#3914 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#3914 CDB[20]: ba sd 0:0:1:0: [sg0] tag#3914 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK sd 0:0:1:0: [sg0] tag#3914 CDB: opcode=0xe5 (vendor) sd 0:0:1:0: [sg0] tag#3914 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c sd 0:0:1:0: [sg0] tag#3914 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d sd 0:0:1:0: [sg0] tag#3914 CDB[20]: ba BTRFS: device fsid e76ed352-74d7-4461-bdaa-670e3acfe92b devid 1 transid 7 /dev/loop5 BTRFS error (device loop5): unsupported checksum algorithm 3 BTRFS error (device loop5): superblock checksum mismatch BTRFS error (device loop5): open_ctree failed input: syz0 as /devices/virtual/input/input5 BTRFS error (device loop2): unsupported checksum algorithm 3 BTRFS error (device loop2): superblock checksum mismatch BTRFS error (device loop2): open_ctree failed BTRFS error (device loop2): unsupported checksum algorithm 3 BTRFS error (device loop2): superblock checksum mismatch BTRFS error (device loop2): open_ctree failed BTRFS error (device loop2): unsupported checksum algorithm 3 BTRFS error (device loop2): superblock checksum mismatch BTRFS error (device loop2): open_ctree failed input: syz0 as /devices/virtual/input/input6 input: syz0 as /devices/virtual/input/input7 BTRFS error (device loop2): unsupported checksum algorithm 3 BTRFS error (device loop2): superblock checksum mismatch BTRFS error (device loop2): open_ctree failed BTRFS error (device loop2): unsupported checksum algorithm 3 BTRFS error (device loop2): superblock checksum mismatch input: syz0 as /devices/virtual/input/input8 BTRFS error (device loop2): open_ctree failed BTRFS error (device loop2): unsupported checksum algorithm 3 BTRFS error (device loop2): superblock checksum mismatch input: syz0 as /devices/virtual/input/input9 input: syz0 as /devices/virtual/input/input10