overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. ====================================================== WARNING: possible circular locking dependency detected 4.14.290-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/12257 is trying to acquire lock: ((&strp->work)){+.+.}, at: [] flush_work+0x88/0x770 kernel/workqueue.c:2887 but task is already holding lock: (sk_lock-AF_INET){+.+.}, at: [] lock_sock include/net/sock.h:1473 [inline] (sk_lock-AF_INET){+.+.}, at: [] kcm_attach net/kcm/kcmsock.c:1390 [inline] (sk_lock-AF_INET){+.+.}, at: [] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] (sk_lock-AF_INET){+.+.}, at: [] kcm_ioctl+0x328/0xfb0 net/kcm/kcmsock.c:1701 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (sk_lock-AF_INET){+.+.}: lock_sock_nested+0xb7/0x100 net/core/sock.c:2813 do_strp_work net/strparser/strparser.c:415 [inline] strp_work+0x3e/0x100 net/strparser/strparser.c:434 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 -> #0 ((&strp->work)){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 strp_done+0x53/0xd0 net/strparser/strparser.c:519 kcm_attach net/kcm/kcmsock.c:1429 [inline] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701 sock_do_ioctl net/socket.c:974 [inline] sock_ioctl+0x2cc/0x4c0 net/socket.c:1071 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_INET); lock((&strp->work)); lock(sk_lock-AF_INET); lock((&strp->work)); *** DEADLOCK *** 1 lock held by syz-executor.0/12257: #0: (sk_lock-AF_INET){+.+.}, at: [] lock_sock include/net/sock.h:1473 [inline] #0: (sk_lock-AF_INET){+.+.}, at: [] kcm_attach net/kcm/kcmsock.c:1390 [inline] #0: (sk_lock-AF_INET){+.+.}, at: [] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] #0: (sk_lock-AF_INET){+.+.}, at: [] kcm_ioctl+0x328/0xfb0 net/kcm/kcmsock.c:1701 stack backtrace: CPU: 0 PID: 12257 Comm: syz-executor.0 Not tainted 4.14.290-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 flush_work+0xad/0x770 kernel/workqueue.c:2890 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965 strp_done+0x53/0xd0 net/strparser/strparser.c:519 kcm_attach net/kcm/kcmsock.c:1429 [inline] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701 sock_do_ioctl net/socket.c:974 [inline] sock_ioctl+0x2cc/0x4c0 net/socket.c:1071 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f480caa6279 RSP: 002b:00007f480b3fa168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f480cbb9050 RCX: 00007f480caa6279 RDX: 0000000020000180 RSI: 00000000000089e0 RDI: 0000000000000026 RBP: 00007f480cb00189 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffaf5fa83f R14: 00007f480b3fa300 R15: 0000000000022000 dlm: no local IP address has been set dlm: cannot start dlm lowcomms -107 dlm: no local IP address has been set dlm: cannot start dlm lowcomms -107 dlm: no local IP address has been set dlm: cannot start dlm lowcomms -107 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link dlm: no local IP address has been set dlm: cannot start dlm lowcomms -107 overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 overlayfs: fs on 'file0' does not support file handles, falling back to index=off. overlayfs: fs on './file0' does not support file handles, falling back to index=off. print_req_error: I/O error, dev loop5, sector 0 Buffer I/O error on dev loop5, logical block 0, async page read ldm_validate_partition_table(): Disk read failed. Dev loop5: unable to read RDB block 0 loop5: unable to read partition table loop5: partition table beyond EOD, truncated ISO 9660 Extensions: Microsoft Joliet Level 3 ISOFS: Interleaved files not (yet) supported. ISO 9660 Extensions: Microsoft Joliet Level 3 isofs_fill_super: get root inode failed ISOFS: File unit size != 0 for ISO file (0). ISOFS: changing to secondary root audit: type=1800 audit(1660957481.296:4): pid=12685 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=14218 res=0 ISO 9660 Extensions: Microsoft Joliet Level 3 isofs_fill_super: get root inode failed base_sock_release(ffff888056477480) sk=ffff88809ddc51c0 base_sock_release(ffff888056663180) sk=ffff88809832d600 base_sock_release(ffff88805667b540) sk=ffff8880527fb700 audit: type=1800 audit(1660957482.106:5): pid=12779 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=14232 res=0 base_sock_release(ffff88805654f500) sk=ffff8880b3f0c9c0 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue base_sock_release(ffff8880566e9000) sk=ffff8880b4a2d3c0 EXT4-fs (loop4): VFS: Can't find ext4 filesystem EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1660957483.006:6): pid=12925 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=14245 res=0 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue new mount options do not match the existing superblock, will be ignored overlayfs: filesystem on './bus' not supported as upperdir overlayfs: unrecognized mount option "./control" or missing value overlayfs: unrecognized mount option "./control" or missing value overlayfs: unrecognized mount option "./control" or missing value overlayfs: unrecognized mount option "./control" or missing value overlayfs: unrecognized mount option "./control" or missing value overlayfs: unrecognized mount option "./control" or missing value overlayfs: unrecognized mount option "./control" or missing value overlayfs: unrecognized mount option "./control" or missing value new mount options do not match the existing superblock, will be ignored overlayfs: unrecognized mount option "./control" or missing value device team0 left promiscuous mode EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue overlayfs: unrecognized mount option "./control" or missing value device team_slave_0 left promiscuous mode overlayfs: unrecognized mount option "./control" or missing value new mount options do not match the existing superblock, will be ignored device team_slave_1 left promiscuous mode overlayfs: unrecognized mount option "./control" or missing value bridge0: port 3(team0) entered disabled state overlayfs: unrecognized mount option "./control" or missing value 8021q: adding VLAN 0 to HW filter on device team0 overlayfs: unrecognized mount option "./control" or missing value new mount options do not match the existing superblock, will be ignored EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue bond0: Enslaving team0 as an active interface with an up link overlayfs: unrecognized mount option "./control" or missing value overlayfs: unrecognized mount option "./control" or missing value bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state overlayfs: unrecognized mount option "./control" or missing value device team0 entered promiscuous mode overlayfs: unrecognized mount option "./control" or missing value device team_slave_0 entered promiscuous mode EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue overlayfs: unrecognized mount option "./control" or missing value device team_slave_1 entered promiscuous mode base_sock_release(ffff88805675e0c0) sk=ffff88809bec6a80 syz-executor.4 (12960) used greatest stack depth: 24384 bytes left overlayfs: unrecognized mount option "./control" or missing value new mount options do not match the existing superblock, will be ignored device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode bridge0: port 3(team0) entered disabled state EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue new mount options do not match the existing superblock, will be ignored 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state bridge0: port 3(team0) entered disabled state new mount options do not match the existing superblock, will be ignored device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode syz-executor.4 (13000) used greatest stack depth: 23952 bytes left base_sock_release(ffff8880567c55c0) sk=ffff88804f034a40 device team0 left promiscuous mode device team_slave_0 left promiscuous mode device team_slave_1 left promiscuous mode new mount options do not match the existing superblock, will be ignored bridge0: port 3(team0) entered disabled state 8021q: adding VLAN 0 to HW filter on device team0 bond0: Enslaving team0 as an active interface with an up link syz-executor.4 (13064) used greatest stack depth: 23872 bytes left bond0: Releasing backup interface team0 bridge0: port 3(team0) entered blocking state new mount options do not match the existing superblock, will be ignored bridge0: port 3(team0) entered disabled state new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored device team0 entered promiscuous mode device team_slave_0 entered promiscuous mode device team_slave_1 entered promiscuous mode base_sock_release(ffff88804f9c1140) sk=ffff8880923a5380 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored base_sock_release(ffff888056444480) sk=ffff88805146edc0 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored base_sock_release(ffff888056488600) sk=ffff8880a49f6c00 new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored