netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'.
======================================================
WARNING: possible circular locking dependency detected
4.14.274-syzkaller #0 Not tainted
------------------------------------------------------
kworker/u4:4/2850 is trying to acquire lock:
 (sk_lock-AF_INET){+.+.}, at: [<ffffffff8682245e>] do_strp_work net/strparser/strparser.c:415 [inline]
 (sk_lock-AF_INET){+.+.}, at: [<ffffffff8682245e>] strp_work+0x3e/0x100 net/strparser/strparser.c:434

but task is already holding lock:
 ((&strp->work)){+.+.}, at: [<ffffffff81364f16>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 ((&strp->work)){+.+.}:
       flush_work+0xad/0x770 kernel/workqueue.c:2890
       __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2965
       strp_done+0x53/0xd0 net/strparser/strparser.c:519
       kcm_attach net/kcm/kcmsock.c:1429 [inline]
       kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
       kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701
       sock_do_ioctl net/socket.c:974 [inline]
       sock_ioctl+0x2cc/0x4c0 net/socket.c:1071
       vfs_ioctl fs/ioctl.c:46 [inline]
       file_ioctl fs/ioctl.c:500 [inline]
       do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
       SYSC_ioctl fs/ioctl.c:701 [inline]
       SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

-> #0 (sk_lock-AF_INET){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       lock_sock_nested+0xb7/0x100 net/core/sock.c:2813
       do_strp_work net/strparser/strparser.c:415 [inline]
       strp_work+0x3e/0x100 net/strparser/strparser.c:434
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((&strp->work));
                               lock(sk_lock-AF_INET);
                               lock((&strp->work));
  lock(sk_lock-AF_INET);

 *** DEADLOCK ***

2 locks held by kworker/u4:4/2850:
 #0:  ("%s""kstrp"){+.+.}, at: [<ffffffff81364ee0>] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088
 #1:  ((&strp->work)){+.+.}, at: [<ffffffff81364f16>] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092

stack backtrace:
CPU: 1 PID: 2850 Comm: kworker/u4:4 Not tainted 4.14.274-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: kstrp strp_work
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 lock_sock_nested+0xb7/0x100 net/core/sock.c:2813
 do_strp_work net/strparser/strparser.c:415 [inline]
 strp_work+0x3e/0x100 net/strparser/strparser.c:434
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'.
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1
netlink: 14 bytes leftover after parsing attributes in process `syz-executor.0'.
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
device bridge0 entered promiscuous mode
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1
hfsplus: unable to parse mount options
hfsplus: unable to parse mount options
hfsplus: unable to parse mount options
print_req_error: I/O error, dev loop1, sector 0
print_req_error: I/O error, dev loop5, sector 0
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop5
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop3
print_req_error: I/O error, dev loop3, sector 0
print_req_error: I/O error, dev loop3, sector 0
base_sock_release(ffff88808d7895c0) sk=ffff88805aaa7640
base_sock_release(ffff888097aabac0) sk=ffff88808c0c16c0
base_sock_release(ffff88808d6ee0c0) sk=ffff88805b031400
print_req_error: I/O error, dev loop1, sector 0
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
*** Guest State ***
CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
CR3 = 0x00000000fffbc000
RSP = 0x0000000000000f80  RIP = 0x0000000000000000
RFLAGS=0x00000002         DR7 = 0x0000000000000400
Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
CS:   sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000
DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
SS:   sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000
ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
GDTR:                           limit=0x000007ff, base=0x0000000000001000
LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
IDTR:                           limit=0x0000ffff, base=0x0000000000000000
TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
EFER =     0x0000000000000000  PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
Interruptibility = 00000000  ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff81160b1e  RSP = 0xffff88804eca79b8
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007f17acdae700 GSBase=ffff8880ba500000 TRBase=fffffe000003e000
GDTBase=fffffe000003c000 IDTBase=fffffe0000000000
CR0=0000000080050033 CR3=00000000b3e11000 CR4=00000000003426e0
Sysenter RSP=fffffe000003e000 CS:RIP=0010:ffffffff87401690
EFER = 0x0000000000000d01  PAT = 0x0407050600070106
*** Control State ***
PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000ea
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
        reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffffa5c5bd0c5e
EPT pointer = 0x00000000a060e01e
Virtual processor ID = 0x0001
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
print_req_error: I/O error, dev loop3, sector 0
syz-executor.0 (14133) used greatest stack depth: 23536 bytes left
vivid-003: =================  START STATUS  =================
vivid-003: Test Pattern: 75% Colorbar
vivid-003: Fill Percentage of Frame: 100
vivid-003: Horizontal Movement: No Movement
vivid-003: Vertical Movement: No Movement
vivid-003: OSD Text Mode: All
vivid-003: Show Border: false
vivid-003: Show Square: false
vivid-003: Sensor Flipped Horizontally: false
vivid-003: Sensor Flipped Vertically: false
vivid-003: Insert SAV Code in Image: false
vivid-003: Insert EAV Code in Image: false
vivid-003: Reduced Framerate: false
vivid-003: Enable Capture Cropping: true