======================================================
WARNING: possible circular locking dependency detected
4.14.216-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/16236 is trying to acquire lock:
 ((&strp->work)){+.+.}, at: [<ffffffff813662f8>] flush_work+0x88/0x770 kernel/workqueue.c:2886

but task is already holding lock:
 (sk_lock-AF_INET){+.+.}, at: [<ffffffff867ebc68>] lock_sock include/net/sock.h:1471 [inline]
 (sk_lock-AF_INET){+.+.}, at: [<ffffffff867ebc68>] kcm_attach net/kcm/kcmsock.c:1390 [inline]
 (sk_lock-AF_INET){+.+.}, at: [<ffffffff867ebc68>] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
 (sk_lock-AF_INET){+.+.}, at: [<ffffffff867ebc68>] kcm_ioctl+0x328/0xfb0 net/kcm/kcmsock.c:1701

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (sk_lock-AF_INET){+.+.}:
       lock_sock_nested+0xb7/0x100 net/core/sock.c:2796
       do_strp_work net/strparser/strparser.c:415 [inline]
       strp_work+0x3e/0x100 net/strparser/strparser.c:434
       process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
       worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #0 ((&strp->work)){+.+.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       flush_work+0xad/0x770 kernel/workqueue.c:2889
       __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2964
       strp_done+0x53/0xd0 net/strparser/strparser.c:519
       kcm_attach net/kcm/kcmsock.c:1429 [inline]
       kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
       kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701
       sock_do_ioctl net/socket.c:974 [inline]
       sock_ioctl+0x2cc/0x4c0 net/socket.c:1071
       vfs_ioctl fs/ioctl.c:46 [inline]
       file_ioctl fs/ioctl.c:500 [inline]
       do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
       SYSC_ioctl fs/ioctl.c:701 [inline]
       SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(sk_lock-AF_INET);
                               lock((&strp->work));
                               lock(sk_lock-AF_INET);
  lock((&strp->work));

 *** DEADLOCK ***

1 lock held by syz-executor.4/16236:
 #0:  (sk_lock-AF_INET){+.+.}, at: [<ffffffff867ebc68>] lock_sock include/net/sock.h:1471 [inline]
 #0:  (sk_lock-AF_INET){+.+.}, at: [<ffffffff867ebc68>] kcm_attach net/kcm/kcmsock.c:1390 [inline]
 #0:  (sk_lock-AF_INET){+.+.}, at: [<ffffffff867ebc68>] kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
 #0:  (sk_lock-AF_INET){+.+.}, at: [<ffffffff867ebc68>] kcm_ioctl+0x328/0xfb0 net/kcm/kcmsock.c:1701

stack backtrace:
CPU: 0 PID: 16236 Comm: syz-executor.4 Not tainted 4.14.216-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 flush_work+0xad/0x770 kernel/workqueue.c:2889
 __cancel_work_timer+0x321/0x460 kernel/workqueue.c:2964
 strp_done+0x53/0xd0 net/strparser/strparser.c:519
 kcm_attach net/kcm/kcmsock.c:1429 [inline]
 kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
 kcm_ioctl+0x828/0xfb0 net/kcm/kcmsock.c:1701
 sock_do_ioctl net/socket.c:974 [inline]
 sock_ioctl+0x2cc/0x4c0 net/socket.c:1071
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45e219
RSP: 002b:00007fe850698c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
RDX: 0000000020000040 RSI: 00000000000089e0 RDI: 0000000000000003
RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007ffe87462a1f R14: 00007fe8506999c0 R15: 000000000119bf8c
device syzkaller1 entered promiscuous mode
device syzkaller1 entered promiscuous mode
device syzkaller1 entered promiscuous mode
device syzkaller1 entered promiscuous mode
device syzkaller1 entered promiscuous mode
device syzkaller1 entered promiscuous mode
device syzkaller1 entered promiscuous mode
device syzkaller1 entered promiscuous mode
device syzkaller1 entered promiscuous mode
device syzkaller1 entered promiscuous mode
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
input: syz1 as /devices/virtual/input/input5
input: syz1 as /devices/virtual/input/input6
input: syz1 as /devices/virtual/input/input7
input: syz1 as /devices/virtual/input/input8
input: syz1 as /devices/virtual/input/input9
input: syz1 as /devices/virtual/input/input10
input: syz1 as /devices/virtual/input/input11
input: syz1 as /devices/virtual/input/input12
input: syz1 as /devices/virtual/input/input13
Bluetooth: hci0 command 0x0406 tx timeout
Bluetooth: hci3 command 0x0406 tx timeout
Bluetooth: hci2 command 0x0406 tx timeout
Bluetooth: hci1 command 0x0406 tx timeout
Bluetooth: hci4 command 0x0406 tx timeout
input: syz1 as /devices/virtual/input/input14
input: syz1 as /devices/virtual/input/input15
input: syz1 as /devices/virtual/input/input16
input: syz1 as /devices/virtual/input/input17
input: syz1 as /devices/virtual/input/input18
input: syz1 as /devices/virtual/input/input19
input: syz1 as /devices/virtual/input/input20
input: syz1 as /devices/virtual/input/input21
input: syz1 as /devices/virtual/input/input22
input: syz1 as /devices/virtual/input/input23
input: syz1 as /devices/virtual/input/input24
kauditd_printk_skb: 24 callbacks suppressed
audit: type=1326 audit(1610891947.446:69): auid=0 uid=0 gid=0 ses=4 pid=17590 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x46107a code=0x0
audit: type=1326 audit(1610891948.266:70): auid=0 uid=0 gid=0 ses=4 pid=17590 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x46107a code=0x0
audit: type=1326 audit(1610891948.416:71): auid=0 uid=0 gid=0 ses=4 pid=17664 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x46107a code=0x0
audit: type=1326 audit(1610891948.746:72): auid=0 uid=0 gid=0 ses=4 pid=17697 comm="syz-executor.5" exe="/root/syz-executor.5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x46107a code=0x0
audit: type=1326 audit(1610891949.266:73): auid=0 uid=0 gid=0 ses=4 pid=17718 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x46107a code=0x0