./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2706728375
<...>
Warning: Permanently added '10.128.1.26' (ECDSA) to the list of known hosts.
execve("./syz-executor2706728375", ["./syz-executor2706728375"], 0x7ffceb7010f0 /* 10 vars */) = 0
brk(NULL) = 0x555556820000
brk(0x555556820c40) = 0x555556820c40
arch_prctl(ARCH_SET_FS, 0x555556820300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2706728375", 4096) = 28
brk(0x555556841c40) = 0x555556841c40
brk(0x555556842000) = 0x555556842000
mprotect(0x7f4c735a6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_KCM, SOCK_SEQPACKET, KCMPROTO_CONNECTED) = 3
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=3, insns=0x20000400, license="syzkaller", log_level=4, log_size=1078, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4
socket(AF_KCM, SOCK_SEQPACKET, KCMPROTO_CONNECTED) = 5
socket(AF_INET6, SOCK_RAW|SOCK_NONBLOCK, IPPROTO_TCP) = 6
connect(6, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
ioctl(5, SIOCPROTOPRIVATE, 0x20000180) = 0
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=3, insns=0x20000e80, license="syzkaller", log_level=4, log_size=1078, log_buf="verification time 166 usec\nstack depth 0\nprocessed 2 insns (limit 1000000) max_states_per_insn 0 tot"..., kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 7
syzkaller login: [ 45.652290][ T3606]
[ 45.654628][ T3606] ======================================================
[ 45.661642][ T3606] WARNING: possible circular locking dependency detected
[ 45.668642][ T3606] 6.0.0-rc1-next-20220817-syzkaller #0 Not tainted
[ 45.675136][ T3606] ------------------------------------------------------
[ 45.682139][ T3606] syz-executor270/3606 is trying to acquire lock:
[ 45.688557][ T3606] ffff888025fa43b8 ((work_completion)(&strp->work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xae0
[ 45.698725][ T3606]
[ 45.698725][ T3606] but task is already holding lock:
[ 45.706072][ T3606] ffff88801d080fb0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: kcm_ioctl+0x396/0x1180
[ 45.714946][ T3606]
[ 45.714946][ T3606] which lock already depends on the new lock.
[ 45.714946][ T3606]
[ 45.725339][ T3606]
[ 45.725339][ T3606] the existing dependency chain (in reverse order) is:
[ 45.734340][ T3606]
[ 45.734340][ T3606] -> #1 (sk_lock-AF_INET6){+.+.}-{0:0}:
[ 45.742060][ T3606] lock_sock_nested+0x36/0xf0
[ 45.747250][ T3606] strp_work+0x40/0x130
[ 45.751917][ T3606] process_one_work+0x991/0x1610
[ 45.757369][ T3606] worker_thread+0x665/0x1080
[ 45.762556][ T3606] kthread+0x2e4/0x3a0
[ 45.767138][ T3606] ret_from_fork+0x1f/0x30
[ 45.772068][ T3606]
[ 45.772068][ T3606] -> #0 ((work_completion)(&strp->work)){+.+.}-{0:0}:
[ 45.780995][ T3606] __lock_acquire+0x2a43/0x56d0
[ 45.786368][ T3606] lock_acquire+0x1ab/0x570
[ 45.791376][ T3606] __flush_work+0x105/0xae0
[ 45.796393][ T3606] __cancel_work_timer+0x3f9/0x570
[ 45.802030][ T3606] strp_done+0x64/0xf0
[ 45.806609][ T3606] kcm_ioctl+0x913/0x1180
[ 45.811538][ T3606] sock_do_ioctl+0xcc/0x230
[ 45.816553][ T3606] sock_ioctl+0x2f1/0x640
[ 45.821388][ T3606] __x64_sys_ioctl+0x193/0x200
[ 45.826676][ T3606] do_syscall_64+0x35/0xb0
[ 45.831687][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 45.838084][ T3606]
[ 45.838084][ T3606] other info that might help us debug this:
[ 45.838084][ T3606]
[ 45.848291][ T3606] Possible unsafe locking scenario:
[ 45.848291][ T3606]
[ 45.855806][ T3606] CPU0 CPU1
[ 45.861153][ T3606] ---- ----
[ 45.866498][ T3606] lock(sk_lock-AF_INET6);
[ 45.871010][ T3606] lock((work_completion)(&strp->work));
[ 45.879234][ T3606] lock(sk_lock-AF_INET6);
[ 45.886241][ T3606] lock((work_completion)(&strp->work));
[ 45.891953][ T3606]
[ 45.891953][ T3606] *** DEADLOCK ***
[ 45.891953][ T3606]
[ 45.900084][ T3606] 1 lock held by syz-executor270/3606:
[ 45.905525][ T3606] #0: ffff88801d080fb0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: kcm_ioctl+0x396/0x1180
[ 45.914823][ T3606]
[ 45.914823][ T3606] stack backtrace:
[ 45.920708][ T3606] CPU: 1 PID: 3606 Comm: syz-executor270 Not tainted 6.0.0-rc1-next-20220817-syzkaller #0
[ 45.930682][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 45.940718][ T3606] Call Trace:
[ 45.943984][ T3606] <TASK>
[ 45.946902][ T3606] dump_stack_lvl+0xcd/0x134
[ 45.951490][ T3606] check_noncircular+0x25f/0x2e0
[ 45.956420][ T3606] ? register_lock_class+0xbe/0x1120
[ 45.961691][ T3606] ? print_circular_bug+0x1e0/0x1e0
[ 45.966876][ T3606] ? save_trace+0x43/0xa00
[ 45.971298][ T3606] __lock_acquire+0x2a43/0x56d0
[ 45.976154][ T3606] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 45.982137][ T3606] ? unwind_next_frame+0xfa9/0x1cc0
[ 45.987329][ T3606] lock_acquire+0x1ab/0x570
[ 45.991819][ T3606] ? __flush_work+0xdd/0xae0
[ 45.996419][ T3606] ? lock_release+0x780/0x780
[ 46.001082][ T3606] ? __flush_work+0x874/0xae0
[ 46.005765][ T3606] ? lock_downgrade+0x6e0/0x6e0
[ 46.010610][ T3606] __flush_work+0x105/0xae0
[ 46.015126][ T3606] ? __flush_work+0xdd/0xae0
[ 46.019708][ T3606] ? lock_chain_count+0x20/0x20
[ 46.024547][ T3606] ? queue_delayed_work_on+0x120/0x120
[ 46.029996][ T3606] ? __lock_acquire+0x166e/0x56d0
[ 46.035110][ T3606] ? del_timer+0xc5/0x110
[ 46.039444][ T3606] ? mark_held_locks+0x9f/0xe0
[ 46.044195][ T3606] ? __cancel_work_timer+0x408/0x570
[ 46.049472][ T3606] __cancel_work_timer+0x3f9/0x570
[ 46.054577][ T3606] ? cancel_delayed_work+0x20/0x20
[ 46.059679][ T3606] ? kcm_ioctl+0x8fe/0x1180
[ 46.064174][ T3606] ? mark_held_locks+0x9f/0xe0
[ 46.068925][ T3606] ? __local_bh_enable_ip+0xa0/0x120
[ 46.074218][ T3606] strp_done+0x64/0xf0
[ 46.078281][ T3606] kcm_ioctl+0x913/0x1180
[ 46.082601][ T3606] ? tomoyo_path_number_perm+0x24e/0x590
[ 46.088229][ T3606] ? kcm_done_work+0x20/0x20
[ 46.092807][ T3606] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 46.098608][ T3606] sock_do_ioctl+0xcc/0x230
[ 46.103101][ T3606] ? get_user_ifreq+0x250/0x250
[ 46.107944][ T3606] ? vfs_fileattr_set+0xbe0/0xbe0
[ 46.112959][ T3606] sock_ioctl+0x2f1/0x640
[ 46.117364][ T3606] ? br_ioctl_call+0xa0/0xa0
[ 46.121945][ T3606] ? lock_downgrade+0x6e0/0x6e0
[ 46.126781][ T3606] ? _raw_spin_unlock_irq+0x1f/0x40
[ 46.131964][ T3606] ? bpf_lsm_file_ioctl+0x5/0x10
[ 46.136889][ T3606] ? br_ioctl_call+0xa0/0xa0
[ 46.141470][ T3606] __x64_sys_ioctl+0x193/0x200
[ 46.146223][ T3606] do_syscall_64+0x35/0xb0
[ 46.150629][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.156511][ T3606] RIP: 0033:0x7f4c73538f09
[ 46.160913][ T3606] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 46.180511][ T3606] RSP: 002b:00007ffea7b49458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 46.188912][ T3606] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4c73538f09
[ 46.196873][ T3606] RDX: 00000000200000c0 RSI: 00000000000089e0 RDI: 0000000000000003
ioctl(3, SIOCPROTOPRIVATE, 0x200000c0) = -1 EALREADY (Operation already in progress)
exit_group(0) = ?
+++ exited with 0 +++