======================================================
WARNING: possible circular locking dependency detected
4.14.292-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.5/9656 is trying to acquire lock:
((&strp->work)){+.+.}, at: [<ffffffff81367998>] flush_work+0x88/0x770 kernel/workqueue.c:2887
but task is already holding lock:
(sk_lock-AF_INET){+.+.}, at: [<ffffffff86819888>] lock_sock include/net/sock.h:1473 [inline]
(sk_lock-AF_INET){+.+.}, at: [<ffffffff86819888>] kcm_attach net/kcm/kcmsock.c:1390 [inline]
(sk_lock-AF_INET){+.+.}, at: [<ffffffff86819888>] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
(sk_lock-AF_INET){+.+.}, at: [<ffffffff86819888>] kcm_ioctl+0x328/0xfb0 net/kcm/kcmsock.c:1701
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (sk_lock-AF_INET){+.+.}:
lock_sock_nested+0xb7/0x100 net/core/sock.c:2813
do_strp_work net/strparser/strparser.c:415 [inline]
strp_work+0x3e/0x100 net/strparser/strparser.c:434
process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
-> #0 ((&strp->work)){+.+.}:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
flush_work+0xad/0x770 kernel/workqueue.c:2890
__cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
strp_done+0x53/0xd0 net/strparser/strparser.c:519
kcm_attach net/kcm/kcmsock.c:1429 [inline]
kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701
sock_do_ioctl net/socket.c:974 [inline]
sock_ioctl+0x2cc/0x4c0 net/socket.c:1071
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sk_lock-AF_INET);
lock((&strp->work));
lock(sk_lock-AF_INET);
lock((&strp->work));
*** DEADLOCK ***
1 lock held by syz-executor.5/9656:
#0: (sk_lock-AF_INET){+.+.}, at: [<ffffffff86819888>] lock_sock include/net/sock.h:1473 [inline]
#0: (sk_lock-AF_INET){+.+.}, at: [<ffffffff86819888>] kcm_attach net/kcm/kcmsock.c:1390 [inline]
#0: (sk_lock-AF_INET){+.+.}, at: [<ffffffff86819888>] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
#0: (sk_lock-AF_INET){+.+.}, at: [<ffffffff86819888>] kcm_ioctl+0x328/0xfb0 net/kcm/kcmsock.c:1701
stack backtrace:
CPU: 0 PID: 9656 Comm: syz-executor.5 Not tainted 4.14.292-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1905 [inline]
check_prevs_add kernel/locking/lockdep.c:2022 [inline]
validate_chain kernel/locking/lockdep.c:2464 [inline]
__lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
flush_work+0xad/0x770 kernel/workqueue.c:2890
__cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
strp_done+0x53/0xd0 net/strparser/strparser.c:519
kcm_attach net/kcm/kcmsock.c:1429 [inline]
kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701
sock_do_ioctl net/socket.c:974 [inline]
sock_ioctl+0x2cc/0x4c0 net/socket.c:1071
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fb918194279
RSP: 002b:00007fb916b09168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fb9182a6f80 RCX: 00007fb918194279
RDX: 0000000020000200 RSI: 00000000000089e0 RDI: 0000000000000005
RBP: 00007fb9181ee2e9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc8555390f R14: 00007fb916b09300 R15: 0000000000022000
syz-executor.0 (9642) used greatest stack depth: 23984 bytes left
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
device team0 entered promiscuous mode
autofs4:pid:9834:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.768), cmd(0xc0189376)
device team_slave_0 entered promiscuous mode
autofs4:pid:9834:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189376)
device team_slave_1 entered promiscuous mode
device geneve2 entered promiscuous mode
device team0 left promiscuous mode
device team_slave_0 left promiscuous mode
device team_slave_1 left promiscuous mode
audit: type=1804 audit(1662395507.039:2): pid=9895 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir1420252434/syzkaller.lDxDHS/17/bus" dev="sda1" ino=13961 res=1
device geneve2 entered promiscuous mode
device geneve2 entered promiscuous mode
device team0 entered promiscuous mode
device team_slave_0 entered promiscuous mode
device team_slave_1 entered promiscuous mode
device team0 left promiscuous mode
device team_slave_0 left promiscuous mode
device team_slave_1 left promiscuous mode
device geneve2 entered promiscuous mode
device geneve2 entered promiscuous mode
device geneve2 entered promiscuous mode
device geneve2 entered promiscuous mode
syz-executor.5 (9948) used greatest stack depth: 23776 bytes left
can: request_module (can-proto-6) failed.
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
Dev loop5: unable to read RDB block 7
loop5: unable to read partition table
loop5: partition table beyond EOD, truncated
loop_reread_partitions: partition scan of loop5 () failed (rc=-5)
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
ufs: ufs was compiled with read-only support, can't be mounted as read-write
Dev loop5: unable to read RDB block 7
loop5: unable to read partition table
overlayfs: fs on 'file0' does not support file handles, falling back to index=off.
loop5: partition table beyond EOD, truncated
loop_reread_partitions: partition scan of loop5 () failed (rc=-5)
audit: type=1804 audit(1662395509.949:3): pid=10363 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir1420252434/syzkaller.lDxDHS/32/bus" dev="sda1" ino=13983 res=1
audit: type=1800 audit(1662395509.949:4): pid=10363 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="bus" dev="sda1" ino=13983 res=0
[U] ^@
Bluetooth: Wrong link type (-22)
print_req_error: I/O error, dev loop3, sector 0
syz-executor.3 uses obsolete (PF_INET,SOCK_PACKET)
audit: type=1804 audit(1662395511.489:5): pid=10646 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir2917703120/syzkaller.lVFAF5/56/file0" dev="sda1" ino=13884 res=1
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
audit: type=1804 audit(1662395511.489:6): pid=10646 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir2917703120/syzkaller.lVFAF5/56/file0" dev="sda1" ino=13884 res=1
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
audit: type=1804 audit(1662395511.729:7): pid=10695 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3401857874/syzkaller.4pacxR/61/file0" dev="sda1" ino=14008 res=1
audit: type=1800 audit(1662395511.729:8): pid=10695 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=14008 res=0
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
audit: type=1804 audit(1662395511.869:9): pid=10731 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3401857874/syzkaller.4pacxR/62/file0" dev="sda1" ino=13968 res=1
audit: type=1800 audit(1662395511.899:10): pid=10731 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=13968 res=0
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
audit: type=1804 audit(1662395512.089:11): pid=10780 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3401857874/syzkaller.4pacxR/63/file0" dev="sda1" ino=14017 res=1
audit: type=1800 audit(1662395512.089:12): pid=10780 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=14017 res=0
rfkill: input handler disabled
rfkill: input handler enabled
audit: type=1804 audit(1662395512.279:13): pid=10809 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3401857874/syzkaller.4pacxR/64/file0" dev="sda1" ino=13966 res=1
x_tables: ip_tables: l2tp match: used from hooks POSTROUTING, but only valid from PREROUTING/INPUT/FORWARD/OUTPUT
audit: type=1800 audit(1662395512.279:14): pid=10809 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=13966 res=0
netlink: 84 bytes leftover after parsing attributes in process `syz-executor.5'.
device batadv0 entered promiscuous mode
device batadv0 left promiscuous mode
PM: Marking nosave pages: [mem 0x00000000-0x00000fff]
PM: Marking nosave pages: [mem 0x0009f000-0x000fffff]
device batadv0 entered promiscuous mode
PM: Marking nosave pages: [mem 0xbfffd000-0xffffffff]
device batadv0 left promiscuous mode
PM: Basic memory bitmaps created
PM: Basic memory bitmaps freed
device batadv0 entered promiscuous mode
device batadv0 left promiscuous mode
device batadv0 entered promiscuous mode
device batadv0 left promiscuous mode
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
bridge: RTM_NEWNEIGH bridge1 with NTF_USE is not supported
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
bridge: RTM_NEWNEIGH bridge2 with NTF_USE is not supported
bridge: RTM_NEWNEIGH bridge1 with NTF_USE is not supported
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
bridge: RTM_NEWNEIGH bridge3 with NTF_USE is not supported
bridge: RTM_NEWNEIGH bridge2 with NTF_USE is not supported
bridge: RTM_NEWNEIGH bridge4 with NTF_USE is not supported
bridge: RTM_NEWNEIGH bridge3 with NTF_USE is not supported