====================================================== WARNING: possible circular locking dependency detected 4.14.215-syzkaller #0 Not tainted ------------------------------------------------------ kworker/u4:3/2845 is trying to acquire lock: (sk_lock-AF_INET){+.+.}, at: [] do_strp_work net/strparser/strparser.c:415 [inline] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 net/strparser/strparser.c:434 but task is already holding lock: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 ((&strp->work)){+.+.}: flush_work+0xad/0x770 kernel/workqueue.c:2889 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2964 strp_done+0x53/0xd0 net/strparser/strparser.c:519 kcm_attach net/kcm/kcmsock.c:1429 [inline] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline] kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701 sock_do_ioctl net/socket.c:974 [inline] sock_ioctl+0x2cc/0x4c0 net/socket.c:1071 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (sk_lock-AF_INET){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 lock_sock_nested+0xb7/0x100 net/core/sock.c:2796 do_strp_work net/strparser/strparser.c:415 [inline] strp_work+0x3e/0x100 net/strparser/strparser.c:434 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((&strp->work)); lock(sk_lock-AF_INET); lock((&strp->work)); lock(sk_lock-AF_INET); *** DEADLOCK *** 2 locks held by kworker/u4:3/2845: #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2087 #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2091 stack backtrace: CPU: 0 PID: 2845 Comm: kworker/u4:3 Not tainted 4.14.215-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: kstrp strp_work Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x283 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 lock_sock_nested+0xb7/0x100 net/core/sock.c:2796 do_strp_work net/strparser/strparser.c:415 [inline] strp_work+0x3e/0x100 net/strparser/strparser.c:434 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 IPv6: addrconf: prefix option has invalid lifetime audit: type=1804 audit(1610887543.980:34): pid=14509 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir864142658/syzkaller.vcASjC/129/bus" dev="sda1" ino=16276 res=1 audit: type=1804 audit(1610887544.020:35): pid=14509 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir864142658/syzkaller.vcASjC/129/bus" dev="sda1" ino=16276 res=1 audit: type=1804 audit(1610887544.020:36): pid=14509 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir864142658/syzkaller.vcASjC/129/bus" dev="sda1" ino=16276 res=1 audit: type=1804 audit(1610887544.100:37): pid=14517 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir864142658/syzkaller.vcASjC/129/bus" dev="sda1" ino=16276 res=1 audit: type=1804 audit(1610887544.240:38): pid=14517 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir864142658/syzkaller.vcASjC/129/bus" dev="sda1" ino=16276 res=1 audit: type=1804 audit(1610887544.240:39): pid=14509 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir864142658/syzkaller.vcASjC/129/bus" dev="sda1" ino=16276 res=1 FAT-fs (loop4): bogus number of reserved sectors FAT-fs (loop4): Can't find a valid FAT filesystem FAT-fs (loop4): bogus number of reserved sectors FAT-fs (loop4): Can't find a valid FAT filesystem Cannot find del_set index 0 as target Cannot find del_set index 0 as target TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (57356!=0) EXT4-fs error (device loop5): ext4_fill_super:4365: inode #2: comm syz-executor.5: iget: bogus i_mode (0) EXT4-fs (loop5): get root inode failed EXT4-fs (loop5): mount failed print_req_error: I/O error, dev loop5, sector 0 Buffer I/O error on dev loop5, logical block 0, async page read print_req_error: I/O error, dev loop5, sector 6 Buffer I/O error on dev loop5, logical block 3, async page read EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (57356!=0) EXT4-fs error (device loop5): ext4_fill_super:4365: inode #2: comm syz-executor.5: iget: bogus i_mode (0) EXT4-fs (loop5): get root inode failed EXT4-fs (loop5): mount failed TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop5. VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop5. VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop5. Process accounting resumed Process accounting resumed Process accounting resumed VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop5. Process accounting resumed Process accounting resumed VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop5. audit: type=1800 audit(1610887550.333:40): pid=15079 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16356 res=0 Process accounting resumed audit: type=1800 audit(1610887550.373:41): pid=15079 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16356 res=0 Process accounting resumed Process accounting resumed audit: type=1800 audit(1610887550.463:42): pid=15096 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16342 res=0 audit: type=1800 audit(1610887550.463:43): pid=15092 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16342 res=0 audit: type=1800 audit(1610887550.543:44): pid=15108 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16356 res=0 overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. audit: type=1800 audit(1610887550.553:45): pid=15108 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16356 res=0 block nbd4: Receive control failed (result -107) block nbd4: shutting down sockets block nbd4: Receive control failed (result -107) audit: type=1800 audit(1610887550.823:46): pid=15161 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16356 res=0 block nbd4: Device being setup by another task audit: type=1800 audit(1610887550.863:47): pid=15161 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16356 res=0 block nbd2: Receive control failed (result -107) block nbd2: shutting down sockets block nbd4: Device being setup by another task block nbd4: Device being setup by another task block nbd2: Receive control failed (result -107) block nbd2: shutting down sockets audit: type=1800 audit(1610887551.723:48): pid=15222 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16356 res=0 block nbd4: Device being setup by another task block nbd2: Receive control failed (result -107) block nbd2: shutting down sockets audit: type=1800 audit(1610887551.783:49): pid=15222 uid=0 auid=0 ses=4 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=16356 res=0 block nbd4: Device being setup by another task nla_parse: 19 callbacks suppressed netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. overlayfs: upperdir is in-use by another mount, mount with '-o index=off' to override exclusive upperdir protection. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.