./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor769262416 <...> Warning: Permanently added '10.128.1.85' (ECDSA) to the list of known hosts. execve("./syz-executor769262416", ["./syz-executor769262416"], 0x7fff01fa7bc0 /* 10 vars */) = 0 brk(NULL) = 0x555556343000 brk(0x555556343c40) = 0x555556343c40 arch_prctl(ARCH_SET_FS, 0x555556343300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor769262416", 4096) = 27 brk(0x555556364c40) = 0x555556364c40 brk(0x555556365000) = 0x555556365000 mprotect(0x7fc907ae1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_KCM, SOCK_SEQPACKET, KCMPROTO_CONNECTED) = 3 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=3, insns=0x20000400, license="syzkaller", log_level=4, log_size=1078, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4 socket(AF_KCM, SOCK_SEQPACKET, KCMPROTO_CONNECTED) = 5 socket(AF_INET6, SOCK_RAW|SOCK_NONBLOCK, IPPROTO_TCP) = 6 connect(6, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 ioctl(5, SIOCPROTOPRIVATE, 0x20000180) = 0 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=3, insns=0x20000e80, license="syzkaller", log_level=4, log_size=1078, log_buf="verification time 208 usec\nstack depth 0\nprocessed 2 insns (limit 1000000) max_states_per_insn 0 tot"..., kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 7 syzkaller login: [ 50.105953][ T3613] [ 50.108323][ T3613] ====================================================== [ 50.115323][ T3613] WARNING: possible circular locking dependency detected [ 50.122320][ T3613] 6.0.0-rc1-next-20220817-syzkaller #0 Not tainted [ 50.128802][ T3613] ------------------------------------------------------ [ 50.135799][ T3613] syz-executor769/3613 is trying to acquire lock: [ 50.142188][ T3613] ffff88801cb5c0f8 ((work_completion)(&strp->work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xae0 [ 50.152349][ T3613] [ 50.152349][ T3613] but task is already holding lock: [ 50.159705][ T3613] ffff88801d5b0fb0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: kcm_ioctl+0x396/0x1180 [ 50.168574][ T3613] [ 50.168574][ T3613] which lock already depends on the new lock. [ 50.168574][ T3613] [ 50.178964][ T3613] [ 50.178964][ T3613] the existing dependency chain (in reverse order) is: [ 50.187960][ T3613] [ 50.187960][ T3613] -> #1 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 50.195672][ T3613] lock_sock_nested+0x36/0xf0 [ 50.200876][ T3613] strp_work+0x40/0x130 [ 50.205552][ T3613] process_one_work+0x991/0x1610 [ 50.211006][ T3613] worker_thread+0x665/0x1080 [ 50.216194][ T3613] kthread+0x2e4/0x3a0 [ 50.220776][ T3613] ret_from_fork+0x1f/0x30 [ 50.225708][ T3613] [ 50.225708][ T3613] -> #0 ((work_completion)(&strp->work)){+.+.}-{0:0}: [ 50.234631][ T3613] __lock_acquire+0x2a43/0x56d0 [ 50.240008][ T3613] lock_acquire+0x1ab/0x570 [ 50.245015][ T3613] __flush_work+0x105/0xae0 [ 50.250026][ T3613] __cancel_work_timer+0x3f9/0x570 [ 50.255651][ T3613] strp_done+0x64/0xf0 [ 50.260229][ T3613] kcm_ioctl+0x913/0x1180 [ 50.265075][ T3613] sock_do_ioctl+0xcc/0x230 [ 50.270093][ T3613] sock_ioctl+0x2f1/0x640 [ 50.274949][ T3613] __x64_sys_ioctl+0x193/0x200 [ 50.280225][ T3613] do_syscall_64+0x35/0xb0 [ 50.285155][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.291561][ T3613] [ 50.291561][ T3613] other info that might help us debug this: [ 50.291561][ T3613] [ 50.301769][ T3613] Possible unsafe locking scenario: [ 50.301769][ T3613] [ 50.309199][ T3613] CPU0 CPU1 [ 50.314549][ T3613] ---- ---- [ 50.319894][ T3613] lock(sk_lock-AF_INET6); [ 50.324380][ T3613] lock((work_completion)(&strp->work)); [ 50.332595][ T3613] lock(sk_lock-AF_INET6); [ 50.339598][ T3613] lock((work_completion)(&strp->work)); [ 50.345298][ T3613] [ 50.345298][ T3613] *** DEADLOCK *** [ 50.345298][ T3613] [ 50.353430][ T3613] 1 lock held by syz-executor769/3613: [ 50.358883][ T3613] #0: ffff88801d5b0fb0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: kcm_ioctl+0x396/0x1180 [ 50.368176][ T3613] [ 50.368176][ T3613] stack backtrace: [ 50.374041][ T3613] CPU: 0 PID: 3613 Comm: syz-executor769 Not tainted 6.0.0-rc1-next-20220817-syzkaller #0 [ 50.383910][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.393945][ T3613] Call Trace: [ 50.397210][ T3613] [ 50.400126][ T3613] dump_stack_lvl+0xcd/0x134 [ 50.404709][ T3613] check_noncircular+0x25f/0x2e0 [ 50.409634][ T3613] ? register_lock_class+0xbe/0x1120 [ 50.414920][ T3613] ? print_circular_bug+0x1e0/0x1e0 [ 50.420105][ T3613] ? save_trace+0x43/0xa00 [ 50.424506][ T3613] __lock_acquire+0x2a43/0x56d0 [ 50.429358][ T3613] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.435322][ T3613] ? asm_common_interrupt+0x22/0x40 [ 50.440509][ T3613] lock_acquire+0x1ab/0x570 [ 50.444997][ T3613] ? __flush_work+0xdd/0xae0 [ 50.449576][ T3613] ? lock_release+0x780/0x780 [ 50.454245][ T3613] ? __flush_work+0x874/0xae0 [ 50.458934][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 50.463782][ T3613] __flush_work+0x105/0xae0 [ 50.468281][ T3613] ? __flush_work+0xdd/0xae0 [ 50.472865][ T3613] ? lock_chain_count+0x20/0x20 [ 50.477715][ T3613] ? queue_delayed_work_on+0x120/0x120 [ 50.483344][ T3613] ? __lock_acquire+0x166e/0x56d0 [ 50.488381][ T3613] ? del_timer+0xc5/0x110 [ 50.492704][ T3613] ? mark_held_locks+0x9f/0xe0 [ 50.497458][ T3613] ? __cancel_work_timer+0x408/0x570 [ 50.502735][ T3613] __cancel_work_timer+0x3f9/0x570 [ 50.507860][ T3613] ? cancel_delayed_work+0x20/0x20 [ 50.512962][ T3613] ? kcm_ioctl+0x8fe/0x1180 [ 50.517455][ T3613] ? mark_held_locks+0x9f/0xe0 [ 50.522210][ T3613] ? __local_bh_enable_ip+0xa0/0x120 [ 50.527485][ T3613] strp_done+0x64/0xf0 [ 50.531558][ T3613] kcm_ioctl+0x913/0x1180 [ 50.535875][ T3613] ? tomoyo_path_number_perm+0x24e/0x590 [ 50.541497][ T3613] ? kcm_done_work+0x20/0x20 [ 50.546074][ T3613] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 50.551873][ T3613] sock_do_ioctl+0xcc/0x230 [ 50.556381][ T3613] ? get_user_ifreq+0x250/0x250 [ 50.561220][ T3613] ? vfs_fileattr_set+0xbe0/0xbe0 [ 50.566249][ T3613] sock_ioctl+0x2f1/0x640 [ 50.570591][ T3613] ? br_ioctl_call+0xa0/0xa0 [ 50.575185][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 50.580020][ T3613] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.585201][ T3613] ? bpf_lsm_file_ioctl+0x5/0x10 [ 50.590134][ T3613] ? br_ioctl_call+0xa0/0xa0 [ 50.594746][ T3613] __x64_sys_ioctl+0x193/0x200 [ 50.599497][ T3613] do_syscall_64+0x35/0xb0 [ 50.603899][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.609780][ T3613] RIP: 0033:0x7fc907a73f09 [ 50.614178][ T3613] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.633781][ T3613] RSP: 002b:00007ffc5f76b0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 50.642176][ T3613] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc907a73f09 [ 50.650133][ T3613] RDX: 00000000200000c0 RSI: 00000000000089e0 RDI: 0000000000000003 ioctl(3, SIOCPROTOPRIVATE, 0x200000c0) = -1 EALREADY (Operation already in progress) exit_group(0) = ? +++ exited with 0 +++ [ 5