overlayfs: failed to verify origin (/file0, ino=228827, err=-116) BUG: MAX_LOCKDEP_CHAINS too low! turning off the locking correctness validator. CPU: 1 PID: 16594 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 add_chain_cache kernel/locking/lockdep.c:2259 [inline] lookup_chain_cache_add kernel/locking/lockdep.c:2371 [inline] validate_chain kernel/locking/lockdep.c:2391 [inline] __lock_acquire.cold+0x420/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 perf_ctx_lock kernel/events/core.c:163 [inline] perf_event_context_sched_in kernel/events/core.c:3433 [inline] __perf_event_task_sched_in+0x525/0x9b0 kernel/events/core.c:3491 perf_event_task_sched_in include/linux/perf_event.h:1115 [inline] finish_task_switch+0x437/0x760 kernel/sched/core.c:2676 context_switch kernel/sched/core.c:2831 [inline] __schedule+0x88f/0x2040 kernel/sched/core.c:3517 preempt_schedule_irq+0xb0/0x140 kernel/sched/core.c:3744 retint_kernel+0x1b/0x2d RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:lock_acquire+0x1ec/0x3c0 kernel/locking/lockdep.c:3911 Code: 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 b7 01 00 00 48 83 3d 09 2e a6 08 00 0f 84 2a 01 00 00 48 8b 7c 24 08 57 9d <0f> 1f 44 00 00 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f c3 65 8b RSP: 0018:ffff88803c107470 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff13e3051 RBX: ffff888039b30100 RCX: 0000000000007b19 RDX: dffffc0000000000 RSI: 00000000cef1d0e8 RDI: 0000000000000286 RBP: ffffffff89ff4d00 R08: ffffffff8cd54e08 R09: 0000000000000001 R10: ffff888039b309b0 R11: 000000007846876c R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001 __fs_reclaim_acquire mm/page_alloc.c:3759 [inline] fs_reclaim_acquire+0x105/0x130 mm/page_alloc.c:3770 slab_pre_alloc_hook mm/slab.h:419 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x21/0x370 mm/slab.c:3557 kmem_cache_zalloc include/linux/slab.h:699 [inline] __kernfs_new_node+0xd2/0x680 fs/kernfs/dir.c:633 kernfs_new_node+0x92/0x120 fs/kernfs/dir.c:693 __kernfs_create_file+0x51/0x340 fs/kernfs/file.c:992 sysfs_add_file_mode_ns+0x226/0x540 fs/sysfs/file.c:307 sysfs_create_file_ns+0x131/0x1b0 fs/sysfs/file.c:332 sysfs_create_file include/linux/sysfs.h:529 [inline] idletimer_tg_create net/netfilter/xt_IDLETIMER.c:158 [inline] idletimer_tg_checkentry+0x53f/0xbf0 net/netfilter/xt_IDLETIMER.c:236 xt_check_target+0x26c/0x650 net/netfilter/x_tables.c:1023 check_target net/ipv4/netfilter/arp_tables.c:399 [inline] find_check_entry net/ipv4/netfilter/arp_tables.c:423 [inline] translate_table+0xf69/0x1a50 net/ipv4/netfilter/arp_tables.c:576 do_replace net/ipv4/netfilter/arp_tables.c:981 [inline] do_arpt_set_ctl+0x2a5/0x430 net/ipv4/netfilter/arp_tables.c:1463 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x6f/0xc0 net/netfilter/nf_sockopt.c:115 ip_setsockopt net/ipv4/ip_sockglue.c:1258 [inline] ip_setsockopt+0xd8/0xf0 net/ipv4/ip_sockglue.c:1238 sctp_setsockopt+0x14b/0x4b40 net/sctp/socket.c:4333 __sys_setsockopt+0x14d/0x240 net/socket.c:2013 __do_sys_setsockopt net/socket.c:2024 [inline] __se_sys_setsockopt net/socket.c:2021 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2021 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f5a55bf80f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5a5416a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f5a55d17f80 RCX: 00007f5a55bf80f9 RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00007f5a55c53ae9 R08: 0000000000000458 R09: 0000000000000000 R10: 0000000020000d00 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffef91b58f R14: 00007f5a5416a300 R15: 0000000000022000 overlayfs: failed to verify upper root origin overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. overlayfs: failed to verify origin (/file0, ino=228827, err=-116) hub 9-0:1.0: USB hub found overlayfs: failed to verify upper root origin hub 9-0:1.0: 8 ports detected overlayfs: unrecognized mount option "lower9Ldir.:fihe0" or missing value audit: type=1804 audit(1678055749.817:1550): pid=16646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2996556968/syzkaller.MZB85J/2881/file0" dev="sda1" ino=14123 res=1 overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: failed to verify upper root origin overlayfs: failed to verify origin (/file0, ino=228827, err=-116) 9pnet_virtio: no channels available for device 127.0.0.1 overlayfs: failed to verify upper root origin overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: failed to verify upper root origin overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: failed to verify upper root origin 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 overlayfs: failed to verify origin (/file0, ino=228827, err=-116) 9pnet_virtio: no channels available for device 127.0.0.1 overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 audit: type=1804 audit(1678055750.742:1551): pid=16747 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2996556968/syzkaller.MZB85J/2883/file0" dev="sda1" ino=13878 res=1 audit: type=1804 audit(1678055750.742:1552): pid=16748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2996556968/syzkaller.MZB85J/2883/file0" dev="sda1" ino=13878 res=1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 overlayfs: failed to verify upper root origin 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 9pnet_virtio: no channels available for device 127.0.0.1 Unknown ioctl -2147199790 9pnet_virtio: no channels available for device 127.0.0.1 overlayfs: failed to verify origin (/file0, ino=228827, err=-116) 9pnet_virtio: no channels available for device 127.0.0.1 overlayfs: failed to verify upper root origin 9pnet_virtio: no channels available for device 127.0.0.1 overlayfs: failed to verify upper root origin overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. Unknown ioctl -2147199790 Unknown ioctl -2147199790 IPVS: ftp: loaded support on port[0] = 21 overlayfs: failed to verify upper root origin IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. netlink: 'syz-executor.5': attribute type 27 has an invalid length. overlayfs: failed to verify upper root origin overlayfs: failed to verify upper root origin overlayfs: failed to verify upper root origin overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 ovl_verify_set_fh: 5 callbacks suppressed overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. overlayfs: failed to verify upper root origin IPVS: ftp: loaded support on port[0] = 21 overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. overlayfs: failed to verify upper root origin IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 8021q: adding VLAN 0 to HW filter on device bond0 IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 8021q: adding VLAN 0 to HW filter on device team0 chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. netlink: 'syz-executor.5': attribute type 27 has an invalid length. overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: failed to verify upper root origin overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal REISERFS (device loop4): using ordered data mode overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. overlayfs: failed to verify upper root origin reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4) overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: failed to verify upper root origin REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop4): using 3.5.x disk format REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 8021q: adding VLAN 0 to HW filter on device bond0 IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 8021q: adding VLAN 0 to HW filter on device team0 chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. Started in network mode Own node identity 9, cluster identity 4711 32-bit node address hash set to 9 overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. overlayfs: failed to verify upper root origin netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. overlayfs: failed to verify origin (/file0, ino=228827, err=-116) netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. overlayfs: failed to verify upper root origin netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. overlayfs: failed to verify origin (/file0, ino=228827, err=-116) netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. overlayfs: failed to verify upper root origin netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop4): using 3.5.x disk format bond5: Releasing active interface ip6gretap1 REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. bond6: Releasing active interface ip6gretap2 bond7: Releasing active interface ip6gretap3 overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. overlayfs: failed to verify upper root origin overlayfs: failed to verify origin (/file0, ino=228827, err=-116) overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. overlayfs: failed to verify upper root origin REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal REISERFS (device loop4): using ordered data mode overlayfs: failed to verify upper root origin reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 overlayfs: failed to verify upper root origin REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop4): using 3.5.x disk format REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. overlayfs: failed to verify upper root origin overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. 9pnet: Insufficient options for proto=fd batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_1 bond7 (unregistering): Released all slaves bond6 (unregistering): Released all slaves bond5 (unregistering): Released all slaves bond4 (unregistering): Released all slaves bond3 (unregistering): Released all slaves bond2 (unregistering): Released all slaves bond1 (unregistering): Released all slaves device hsr_slave_1 left promiscuous mode device hsr_slave_0 left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves IPVS: ftp: loaded support on port[0] = 21 chnl_net:caif_netlink_parms(): no params data found bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered disabled state device bridge_slave_0 entered promiscuous mode bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode bond0: Enslaving bond_slave_0 as an active interface with an up link bond0: Enslaving bond_slave_1 as an active interface with an up link IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready team0: Port device team_slave_0 added IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready team0: Port device team_slave_1 added batman_adv: batadv0: Adding interface: batadv_slave_0 batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active batman_adv: batadv0: Adding interface: batadv_slave_1 batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready device hsr_slave_0 entered promiscuous mode device hsr_slave_1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready ---------------- Code disassembly (best guess): 0: 08 00 or %al,(%rax) 2: 00 00 add %al,(%rax) 4: 00 00 add %al,(%rax) 6: 00 48 c1 add %cl,-0x3f(%rax) 9: e8 03 80 3c 10 callq 0x103c8011 e: 00 0f add %cl,(%rdi) 10: 85 b7 01 00 00 48 test %esi,0x48000001(%rdi) 16: 83 3d 09 2e a6 08 00 cmpl $0x0,0x8a62e09(%rip) # 0x8a62e26 1d: 0f 84 2a 01 00 00 je 0x14d 23: 48 8b 7c 24 08 mov 0x8(%rsp),%rdi 28: 57 push %rdi 29: 9d popfq * 2a: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) <-- trapping instruction 2f: 48 83 c4 18 add $0x18,%rsp 33: 5b pop %rbx 34: 5d pop %rbp 35: 41 5c pop %r12 37: 41 5d pop %r13 39: 41 5e pop %r14 3b: 41 5f pop %r15 3d: c3 retq 3e: 65 gs 3f: 8b .byte 0x8b