====================================================== WARNING: possible circular locking dependency detected 4.14.290-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.4/12136 is trying to acquire lock: ((&strp->work)){+.+.}, at: [] flush_work+0x88/0x770 kernel/workqueue.c:2887 but task is already holding lock: (sk_lock-AF_INET){+.+.}, at: [] lock_sock include/net/sock.h:1473 [inline] (sk_lock-AF_INET){+.+.}, at: [] kcm_attach net/kcm/kcmsock.c:1390 [inline] (sk_lock-AF_INET){+.+.}, at: [] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] (sk_lock-AF_INET){+.+.}, at: [] kcm_ioctl+0x328/0xfb0 net/kcm/kcmsock.c:1701 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (sk_lock-AF_INET){+.+.}: lock_sock_nested+0xb7/0x100 net/core/sock.c:2813 do_strp_work net/strparser/strparser.c:415 [inline] strp_work+0x3e/0x100 net/strparser/strparser.c:434 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 -> #0 ((&strp->work)){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 strp_done+0x53/0xd0 net/strparser/strparser.c:519 kcm_attach net/kcm/kcmsock.c:1429 [inline] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701 sock_do_ioctl net/socket.c:974 [inline] sock_ioctl+0x2cc/0x4c0 net/socket.c:1071 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_INET); lock((&strp->work)); lock(sk_lock-AF_INET); lock((&strp->work)); *** DEADLOCK *** 1 lock held by syz-executor.4/12136: #0: (sk_lock-AF_INET){+.+.}, at: [] lock_sock include/net/sock.h:1473 [inline] #0: (sk_lock-AF_INET){+.+.}, at: [] kcm_attach net/kcm/kcmsock.c:1390 [inline] #0: (sk_lock-AF_INET){+.+.}, at: [] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] #0: (sk_lock-AF_INET){+.+.}, at: [] kcm_ioctl+0x328/0xfb0 net/kcm/kcmsock.c:1701 stack backtrace: CPU: 0 PID: 12136 Comm: syz-executor.4 Not tainted 4.14.290-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 strp_done+0x53/0xd0 net/strparser/strparser.c:519 kcm_attach net/kcm/kcmsock.c:1429 [inline] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701 sock_do_ioctl net/socket.c:974 [inline] sock_ioctl+0x2cc/0x4c0 net/socket.c:1071 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7fa56d9fd279 RSP: 002b:00007fa56c351168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fa56db10050 RCX: 00007fa56d9fd279 RDX: 0000000020000040 RSI: 00000000000089e0 RDI: 0000000000000003 RBP: 00007fa56da57189 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff09156c5f R14: 00007fa56c351300 R15: 0000000000022000 IPv6: ADDRCONF(NETDEV_UP): bridge2: link is not ready device lo entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): bridge2: link is not ready IPv6: ADDRCONF(NETDEV_UP): bridge2: link is not ready IPv6: ADDRCONF(NETDEV_UP): bridge2: link is not ready overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. 9pnet: Insufficient options for proto=fd EXT4-fs error (device sda1): mb_free_blocks:1464: group 5, inode 14043: block 164960:freeing already freed block (bit 1120); block bitmap corrupt. EXT4-fs error (device sda1): ext4_mb_generate_buddy:754: group 5, block bitmap and bg descriptor inconsistent: 19336 vs 19337 free clusters EXT4-fs (sda1): pa ffff8880947d6550: logic 0, phys. 164960, len 32 EXT4-fs error (device sda1): ext4_mb_release_inode_pa:3901: group 5, free 16, pa_free 15 FAT-fs (loop2): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop2): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) EXT4-fs error (device sda1): mb_free_blocks:1464: group 9, inode 14117: block 294944:freeing already freed block (bit 32); block bitmap corrupt. EXT4-fs error (device sda1): ext4_mb_generate_buddy:754: group 9, block bitmap and bg descriptor inconsistent: 32734 vs 32735 free clusters EXT4-fs (sda1): pa ffff888052d6ed80: logic 0, phys. 294944, len 32 EXT4-fs error (device sda1): ext4_mb_release_inode_pa:3901: group 9, free 16, pa_free 15 FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 13212 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc+0x28e/0x3c0 mm/slab.c:3550 EXT4-fs error (device sda1): mb_free_blocks:1464: group 12, sock_alloc_inode+0x19/0x250 net/socket.c:251 alloc_inode+0x5d/0x170 fs/inode.c:210 new_inode_pseudo+0x14/0xe0 fs/inode.c:899 inode 14143: sock_alloc+0x3c/0x270 net/socket.c:569 SYSC_accept4 net/socket.c:1556 [inline] SyS_accept4+0xb1/0x580 net/socket.c:1537 block 411648: do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb freeing already freed block (bit 18432); block bitmap corrupt. RIP: 0033:0x7efc25c27279 RSP: 002b:00007efc2459c168 EFLAGS: 00000246 EXT4-fs error (device sda1): ext4_mb_generate_buddy:754: group 12, ORIG_RAX: 0000000000000120 RAX: ffffffffffffffda RBX: 00007efc25d39f80 RCX: 00007efc25c27279 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 block bitmap and bg descriptor inconsistent: 4072 vs 4073 free clusters RBP: 00007efc2459c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffccb05a3ff R14: 00007efc2459c300 R15: 0000000000022000 netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. EXT4-fs (sda1): pa ffff88808d750c50: logic 0, phys. 411648, len 32 EXT4-fs error (device sda1): ext4_mb_release_inode_pa:3901: group 12, free 16, pa_free 15 team0: Port device team_slave_1 removed FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 1 PID: 13239 Comm: syz-executor.2 Not tainted 4.14.290-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550 dst_alloc+0xed/0x6d0 net/core/dst.c:107 rt_dst_alloc+0x6b/0x430 net/ipv4/route.c:1609 __mkroute_output net/ipv4/route.c:2308 [inline] ip_route_output_key_hash_rcu+0xab7/0x29f0 net/ipv4/route.c:2538 ip_route_output_key_hash+0x195/0x2a0 net/ipv4/route.c:2366 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 __ip_route_output_key include/net/route.h:126 [inline] ip_route_connect include/net/route.h:301 [inline] dccp_v4_connect+0x6ec/0x14e0 net/dccp/ipv4.c:75 __inet_stream_connect+0x6ad/0xb90 net/ipv4/af_inet.c:618 inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:682 SYSC_connect net/socket.c:1655 [inline] SyS_connect+0x1f4/0x240 net/socket.c:1636 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f463d812279 RSP: 002b:00007f463c187168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 00007f463d924f80 RCX: 00007f463d812279 RDX: 0000000000000010 RSI: 0000000020772000 RDI: 0000000000000003 RBP: 00007f463c1871d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffcf684f49f R14: 00007f463c187300 R15: 0000000000022000 CPU: 0 PID: 13247 Comm: syz-executor.1 Not tainted 4.14.290-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc_trace+0x29a/0x3d0 mm/slab.c:3616 kmalloc include/linux/slab.h:488 [inline] sock_alloc_inode+0x5f/0x250 net/socket.c:254 alloc_inode+0x5d/0x170 fs/inode.c:210 new_inode_pseudo+0x14/0xe0 fs/inode.c:899 sock_alloc+0x3c/0x270 net/socket.c:569 SYSC_accept4 net/socket.c:1556 [inline] SyS_accept4+0xb1/0x580 net/socket.c:1537 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7efc25c27279 RSP: 002b:00007efc2459c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 RAX: ffffffffffffffda RBX: 00007efc25d39f80 RCX: 00007efc25c27279 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007efc2459c1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffccb05a3ff R14: 00007efc2459c300 R15: 0000000000022000 CPU: 1 PID: 13261 Comm: syz-executor.2 Not tainted 4.14.290-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550 inet_bind_bucket_create net/ipv4/inet_hashtables.c:72 [inline] __inet_hash_connect+0x6a4/0xd10 net/ipv4/inet_hashtables.c:679 dccp_v4_connect+0xb46/0x14e0 net/dccp/ipv4.c:106 __inet_stream_connect+0x6ad/0xb90 net/ipv4/af_inet.c:618 inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:682 SYSC_connect net/socket.c:1655 [inline] SyS_connect+0x1f4/0x240 net/socket.c:1636 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f463d812279 RSP: 002b:00007f463c187168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 00007f463d924f80 RCX: 00007f463d812279 RDX: 0000000000000010 RSI: 0000000020772000 RDI: 0000000000000003 RBP: 00007f463c1871d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffcf684f49f R14: 00007f463c187300 R15: 0000000000022000 CPU: 1 PID: 13260 Comm: syz-executor.3 Not tainted 4.14.290-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550 dst_alloc+0xed/0x6d0 net/core/dst.c:107 rt_dst_alloc+0x6b/0x430 net/ipv4/route.c:1609 __mkroute_output net/ipv4/route.c:2308 [inline] ip_route_output_key_hash_rcu+0xab7/0x29f0 net/ipv4/route.c:2538 ip_route_output_key_hash+0x195/0x2a0 net/ipv4/route.c:2366 __ip_route_output_key include/net/route.h:126 [inline] ip_route_connect include/net/route.h:301 [inline] dccp_v4_connect+0x6ec/0x14e0 net/dccp/ipv4.c:75 __inet_stream_connect+0x6ad/0xb90 net/ipv4/af_inet.c:618 inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:682 SYSC_connect net/socket.c:1655 [inline] SyS_connect+0x1f4/0x240 net/socket.c:1636 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f73829f1279 RSP: 002b:00007f7381366168 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 00007f7382b03f80 RCX: 00007f73829f1279 RDX: 0000000000000010 RSI: 0000000020772000 RDI: 0000000000000003 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 RBP: 00007f73813661d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd7b90942f R14: 00007f7381366300 R15: 0000000000022000 CPU: 0 PID: 13262 Comm: syz-executor.5 Not tainted 4.14.290-syzkaller #0 FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0x10a/0x149 lib/fault-inject.c:149 should_failslab+0xd6/0x130 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:421 [inline] slab_alloc mm/slab.c:3376 [inline] kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550 dst_alloc+0xed/0x6d0 net/core/dst.c:107 rt_dst_alloc+0x6b/0x430 net/ipv4/route.c:1609 __mkroute_output net/ipv4/route.c:2308 [inline] ip_route_output_key_hash_rcu+0xab7/0x29f0 net/ipv4/route.c:2538