./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2706728375 <...> Warning: Permanently added '10.128.1.26' (ECDSA) to the list of known hosts. execve("./syz-executor2706728375", ["./syz-executor2706728375"], 0x7ffceb7010f0 /* 10 vars */) = 0 brk(NULL) = 0x555556820000 brk(0x555556820c40) = 0x555556820c40 arch_prctl(ARCH_SET_FS, 0x555556820300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2706728375", 4096) = 28 brk(0x555556841c40) = 0x555556841c40 brk(0x555556842000) = 0x555556842000 mprotect(0x7f4c735a6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_KCM, SOCK_SEQPACKET, KCMPROTO_CONNECTED) = 3 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=3, insns=0x20000400, license="syzkaller", log_level=4, log_size=1078, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 4 socket(AF_KCM, SOCK_SEQPACKET, KCMPROTO_CONNECTED) = 5 socket(AF_INET6, SOCK_RAW|SOCK_NONBLOCK, IPPROTO_TCP) = 6 connect(6, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 ioctl(5, SIOCPROTOPRIVATE, 0x20000180) = 0 bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=3, insns=0x20000e80, license="syzkaller", log_level=4, log_size=1078, log_buf="verification time 166 usec\nstack depth 0\nprocessed 2 insns (limit 1000000) max_states_per_insn 0 tot"..., kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS}, 72) = 7 syzkaller login: [ 45.652290][ T3606] [ 45.654628][ T3606] ====================================================== [ 45.661642][ T3606] WARNING: possible circular locking dependency detected [ 45.668642][ T3606] 6.0.0-rc1-next-20220817-syzkaller #0 Not tainted [ 45.675136][ T3606] ------------------------------------------------------ [ 45.682139][ T3606] syz-executor270/3606 is trying to acquire lock: [ 45.688557][ T3606] ffff888025fa43b8 ((work_completion)(&strp->work)){+.+.}-{0:0}, at: __flush_work+0xdd/0xae0 [ 45.698725][ T3606] [ 45.698725][ T3606] but task is already holding lock: [ 45.706072][ T3606] ffff88801d080fb0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: kcm_ioctl+0x396/0x1180 [ 45.714946][ T3606] [ 45.714946][ T3606] which lock already depends on the new lock. [ 45.714946][ T3606] [ 45.725339][ T3606] [ 45.725339][ T3606] the existing dependency chain (in reverse order) is: [ 45.734340][ T3606] [ 45.734340][ T3606] -> #1 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 45.742060][ T3606] lock_sock_nested+0x36/0xf0 [ 45.747250][ T3606] strp_work+0x40/0x130 [ 45.751917][ T3606] process_one_work+0x991/0x1610 [ 45.757369][ T3606] worker_thread+0x665/0x1080 [ 45.762556][ T3606] kthread+0x2e4/0x3a0 [ 45.767138][ T3606] ret_from_fork+0x1f/0x30 [ 45.772068][ T3606] [ 45.772068][ T3606] -> #0 ((work_completion)(&strp->work)){+.+.}-{0:0}: [ 45.780995][ T3606] __lock_acquire+0x2a43/0x56d0 [ 45.786368][ T3606] lock_acquire+0x1ab/0x570 [ 45.791376][ T3606] __flush_work+0x105/0xae0 [ 45.796393][ T3606] __cancel_work_timer+0x3f9/0x570 [ 45.802030][ T3606] strp_done+0x64/0xf0 [ 45.806609][ T3606] kcm_ioctl+0x913/0x1180 [ 45.811538][ T3606] sock_do_ioctl+0xcc/0x230 [ 45.816553][ T3606] sock_ioctl+0x2f1/0x640 [ 45.821388][ T3606] __x64_sys_ioctl+0x193/0x200 [ 45.826676][ T3606] do_syscall_64+0x35/0xb0 [ 45.831687][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.838084][ T3606] [ 45.838084][ T3606] other info that might help us debug this: [ 45.838084][ T3606] [ 45.848291][ T3606] Possible unsafe locking scenario: [ 45.848291][ T3606] [ 45.855806][ T3606] CPU0 CPU1 [ 45.861153][ T3606] ---- ---- [ 45.866498][ T3606] lock(sk_lock-AF_INET6); [ 45.871010][ T3606] lock((work_completion)(&strp->work)); [ 45.879234][ T3606] lock(sk_lock-AF_INET6); [ 45.886241][ T3606] lock((work_completion)(&strp->work)); [ 45.891953][ T3606] [ 45.891953][ T3606] *** DEADLOCK *** [ 45.891953][ T3606] [ 45.900084][ T3606] 1 lock held by syz-executor270/3606: [ 45.905525][ T3606] #0: ffff88801d080fb0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: kcm_ioctl+0x396/0x1180 [ 45.914823][ T3606] [ 45.914823][ T3606] stack backtrace: [ 45.920708][ T3606] CPU: 1 PID: 3606 Comm: syz-executor270 Not tainted 6.0.0-rc1-next-20220817-syzkaller #0 [ 45.930682][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 45.940718][ T3606] Call Trace: [ 45.943984][ T3606] [ 45.946902][ T3606] dump_stack_lvl+0xcd/0x134 [ 45.951490][ T3606] check_noncircular+0x25f/0x2e0 [ 45.956420][ T3606] ? register_lock_class+0xbe/0x1120 [ 45.961691][ T3606] ? print_circular_bug+0x1e0/0x1e0 [ 45.966876][ T3606] ? save_trace+0x43/0xa00 [ 45.971298][ T3606] __lock_acquire+0x2a43/0x56d0 [ 45.976154][ T3606] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 45.982137][ T3606] ? unwind_next_frame+0xfa9/0x1cc0 [ 45.987329][ T3606] lock_acquire+0x1ab/0x570 [ 45.991819][ T3606] ? __flush_work+0xdd/0xae0 [ 45.996419][ T3606] ? lock_release+0x780/0x780 [ 46.001082][ T3606] ? __flush_work+0x874/0xae0 [ 46.005765][ T3606] ? lock_downgrade+0x6e0/0x6e0 [ 46.010610][ T3606] __flush_work+0x105/0xae0 [ 46.015126][ T3606] ? __flush_work+0xdd/0xae0 [ 46.019708][ T3606] ? lock_chain_count+0x20/0x20 [ 46.024547][ T3606] ? queue_delayed_work_on+0x120/0x120 [ 46.029996][ T3606] ? __lock_acquire+0x166e/0x56d0 [ 46.035110][ T3606] ? del_timer+0xc5/0x110 [ 46.039444][ T3606] ? mark_held_locks+0x9f/0xe0 [ 46.044195][ T3606] ? __cancel_work_timer+0x408/0x570 [ 46.049472][ T3606] __cancel_work_timer+0x3f9/0x570 [ 46.054577][ T3606] ? cancel_delayed_work+0x20/0x20 [ 46.059679][ T3606] ? kcm_ioctl+0x8fe/0x1180 [ 46.064174][ T3606] ? mark_held_locks+0x9f/0xe0 [ 46.068925][ T3606] ? __local_bh_enable_ip+0xa0/0x120 [ 46.074218][ T3606] strp_done+0x64/0xf0 [ 46.078281][ T3606] kcm_ioctl+0x913/0x1180 [ 46.082601][ T3606] ? tomoyo_path_number_perm+0x24e/0x590 [ 46.088229][ T3606] ? kcm_done_work+0x20/0x20 [ 46.092807][ T3606] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 46.098608][ T3606] sock_do_ioctl+0xcc/0x230 [ 46.103101][ T3606] ? get_user_ifreq+0x250/0x250 [ 46.107944][ T3606] ? vfs_fileattr_set+0xbe0/0xbe0 [ 46.112959][ T3606] sock_ioctl+0x2f1/0x640 [ 46.117364][ T3606] ? br_ioctl_call+0xa0/0xa0 [ 46.121945][ T3606] ? lock_downgrade+0x6e0/0x6e0 [ 46.126781][ T3606] ? _raw_spin_unlock_irq+0x1f/0x40 [ 46.131964][ T3606] ? bpf_lsm_file_ioctl+0x5/0x10 [ 46.136889][ T3606] ? br_ioctl_call+0xa0/0xa0 [ 46.141470][ T3606] __x64_sys_ioctl+0x193/0x200 [ 46.146223][ T3606] do_syscall_64+0x35/0xb0 [ 46.150629][ T3606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 46.156511][ T3606] RIP: 0033:0x7f4c73538f09 [ 46.160913][ T3606] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 46.180511][ T3606] RSP: 002b:00007ffea7b49458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.188912][ T3606] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4c73538f09 [ 46.196873][ T3606] RDX: 00000000200000c0 RSI: 00000000000089e0 RDI: 0000000000000003 ioctl(3, SIOCPROTOPRIVATE, 0x200000c0) = -1 EALREADY (Operation already in progress) exit_group(0) = ? +++ exited with 0 +++