forked to background, child pid 4644 [ 33.906692][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.930633][ T4645] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: [ 34.237448][ T4733] ssh-keygen (4733) used greatest stack depth: 21832 bytes left OK syzkaller Warning: Permanently added '10.128.0.149' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 54.035271][ T5064] [ 54.037622][ T5064] ====================================================== [ 54.044621][ T5064] WARNING: possible circular locking dependency detected [ 54.051621][ T5064] 6.2.0-rc3-syzkaller-00197-g87b93b678e95 #0 Not tainted [ 54.058637][ T5064] ------------------------------------------------------ [ 54.065640][ T5064] syz-executor131/5064 is trying to acquire lock: [ 54.072037][ T5064] ffff888017b6b370 (slock-AF_INET){+.-.}-{2:2}, at: release_sock+0x1f/0x1b0 [ 54.080739][ T5064] [ 54.080739][ T5064] but task is already holding lock: [ 54.088082][ T5064] ffff888017b6b678 (clock-AF_INET){++..}-{2:2}, at: l2tp_tunnel_register+0x2be/0x11e0 [ 54.097632][ T5064] [ 54.097632][ T5064] which lock already depends on the new lock. [ 54.097632][ T5064] [ 54.108013][ T5064] [ 54.108013][ T5064] the existing dependency chain (in reverse order) is: [ 54.117006][ T5064] [ 54.117006][ T5064] -> #2 (clock-AF_INET){++..}-{2:2}: [ 54.124458][ T5064] _raw_read_lock_bh+0x3f/0x70 [ 54.129732][ T5064] sock_i_uid+0x1f/0xb0 [ 54.134399][ T5064] inet_csk_get_port+0x85f/0x2660 [ 54.139936][ T5064] inet_csk_listen_start+0x1ad/0x440 [ 54.145732][ T5064] inet_listen+0x235/0x640 [ 54.150654][ T5064] __sys_listen+0x181/0x250 [ 54.155752][ T5064] __x64_sys_listen+0x54/0x80 [ 54.160938][ T5064] do_syscall_64+0x39/0xb0 [ 54.165903][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.172300][ T5064] [ 54.172300][ T5064] -> #1 (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2}: [ 54.180969][ T5064] _raw_spin_lock+0x2e/0x40 [ 54.185991][ T5064] __inet_inherit_port+0x2b5/0x1840 [ 54.191726][ T5064] tcp_v4_syn_recv_sock+0xb5b/0x1450 [ 54.197526][ T5064] tcp_check_req+0x632/0x1aa0 [ 54.202720][ T5064] tcp_v4_rcv+0x2120/0x3280 [ 54.207740][ T5064] ip_protocol_deliver_rcu+0x9f/0x460 [ 54.213633][ T5064] ip_local_deliver_finish+0x2ec/0x4c0 [ 54.219613][ T5064] ip_local_deliver+0x1ae/0x200 [ 54.224983][ T5064] ip_sublist_rcv_finish+0x9a/0x2c0 [ 54.230699][ T5064] ip_sublist_rcv+0x533/0x980 [ 54.235895][ T5064] ip_list_rcv+0x31e/0x470 [ 54.240827][ T5064] __netif_receive_skb_list_core+0x548/0x8f0 [ 54.247330][ T5064] netif_receive_skb_list_internal+0x75f/0xd90 [ 54.254005][ T5064] napi_complete_done+0x243/0x960 [ 54.259724][ T5064] virtnet_poll+0xd08/0x1300 [ 54.264844][ T5064] __napi_poll+0xb8/0x770 [ 54.269693][ T5064] net_rx_action+0xa00/0xde0 [ 54.274804][ T5064] __do_softirq+0x1fb/0xadc [ 54.279829][ T5064] __irq_exit_rcu+0x123/0x180 [ 54.285024][ T5064] irq_exit_rcu+0x9/0x20 [ 54.289784][ T5064] sysvec_apic_timer_interrupt+0x97/0xc0 [ 54.295932][ T5064] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 54.302429][ T5064] acpi_idle_do_entry+0x1fd/0x2a0 [ 54.307973][ T5064] acpi_idle_enter+0x368/0x510 [ 54.313257][ T5064] cpuidle_enter_state+0x1af/0xd40 [ 54.318888][ T5064] cpuidle_enter+0x4e/0xa0 [ 54.323822][ T5064] do_idle+0x3f7/0x590 [ 54.328410][ T5064] cpu_startup_entry+0x18/0x20 [ 54.333695][ T5064] start_secondary+0x256/0x300 [ 54.338980][ T5064] secondary_startup_64_no_verify+0xce/0xdb [ 54.345395][ T5064] [ 54.345395][ T5064] -> #0 (slock-AF_INET){+.-.}-{2:2}: [ 54.352862][ T5064] __lock_acquire+0x2a43/0x56d0 [ 54.358229][ T5064] lock_acquire+0x1e3/0x630 [ 54.363252][ T5064] _raw_spin_lock_bh+0x33/0x40 [ 54.368540][ T5064] release_sock+0x1f/0x1b0 [ 54.373476][ T5064] l2tp_tunnel_register+0x3db/0x11e0 [ 54.379282][ T5064] l2tp_nl_cmd_tunnel_create+0x3d6/0x8b0 [ 54.385439][ T5064] genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 [ 54.392111][ T5064] genl_rcv_msg+0x4ff/0x7e0 [ 54.397130][ T5064] netlink_rcv_skb+0x165/0x440 [ 54.402419][ T5064] genl_rcv+0x28/0x40 [ 54.406925][ T5064] netlink_unicast+0x547/0x7f0 [ 54.412216][ T5064] netlink_sendmsg+0x91b/0xe10 [ 54.417509][ T5064] sock_sendmsg+0xd3/0x120 [ 54.422449][ T5064] ____sys_sendmsg+0x712/0x8c0 [ 54.427734][ T5064] ___sys_sendmsg+0x110/0x1b0 [ 54.432937][ T5064] __sys_sendmsg+0xf7/0x1c0 [ 54.437968][ T5064] do_syscall_64+0x39/0xb0 [ 54.442912][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.449326][ T5064] [ 54.449326][ T5064] other info that might help us debug this: [ 54.449326][ T5064] [ 54.459551][ T5064] Chain exists of: [ 54.459551][ T5064] slock-AF_INET --> &tcp_hashinfo.bhash[i].lock --> clock-AF_INET [ 54.459551][ T5064] [ 54.473286][ T5064] Possible unsafe locking scenario: [ 54.473286][ T5064] [ 54.480727][ T5064] CPU0 CPU1 [ 54.486088][ T5064] ---- ---- [ 54.491448][ T5064] lock(clock-AF_INET); [ 54.495697][ T5064] lock(&tcp_hashinfo.bhash[i].lock); [ 54.503760][ T5064] lock(clock-AF_INET); [ 54.510525][ T5064] lock(slock-AF_INET); [ 54.514787][ T5064] [ 54.514787][ T5064] *** DEADLOCK *** [ 54.514787][ T5064] [ 54.522922][ T5064] 4 locks held by syz-executor131/5064: [ 54.528460][ T5064] #0: ffffffff8e159a10 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 54.536671][ T5064] #1: ffffffff8e159ac8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x51a/0x7e0 [ 54.545641][ T5064] #2: ffff888017b6b3f0 (sk_lock-AF_INET){+.+.}-{0:0}, at: l2tp_tunnel_register+0x2aa/0x11e0 [ 54.555841][ T5064] #3: ffff888017b6b678 (clock-AF_INET){++..}-{2:2}, at: l2tp_tunnel_register+0x2be/0x11e0 [ 54.565880][ T5064] [ 54.565880][ T5064] stack backtrace: [ 54.571868][ T5064] CPU: 0 PID: 5064 Comm: syz-executor131 Not tainted 6.2.0-rc3-syzkaller-00197-g87b93b678e95 #0 [ 54.582370][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.592516][ T5064] Call Trace: [ 54.595797][ T5064] [ 54.598729][ T5064] dump_stack_lvl+0xd1/0x138 [ 54.603333][ T5064] check_noncircular+0x25f/0x2e0 [ 54.608275][ T5064] ? print_circular_bug+0x1e0/0x1e0 [ 54.613476][ T5064] ? register_lock_class+0xbe/0x1120 [ 54.618778][ T5064] __lock_acquire+0x2a43/0x56d0 [ 54.623634][ T5064] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 54.629616][ T5064] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 54.635601][ T5064] lock_acquire+0x1e3/0x630 [ 54.640099][ T5064] ? release_sock+0x1f/0x1b0 [ 54.644694][ T5064] ? lock_release+0x810/0x810 [ 54.649373][ T5064] ? lock_release+0x810/0x810 [ 54.654053][ T5064] ? l2tp_tunnel_register+0x2aa/0x11e0 [ 54.659522][ T5064] ? do_raw_write_lock+0x11e/0x280 [ 54.664638][ T5064] ? do_raw_read_unlock+0x70/0x70 [ 54.669673][ T5064] _raw_spin_lock_bh+0x33/0x40 [ 54.674442][ T5064] ? release_sock+0x1f/0x1b0 [ 54.679092][ T5064] release_sock+0x1f/0x1b0 [ 54.683544][ T5064] l2tp_tunnel_register+0x3db/0x11e0 [ 54.688848][ T5064] ? l2tp_tunnel_del_work+0x6a0/0x6a0 [ 54.694222][ T5064] ? debug_object_free+0x360/0x360 [ 54.699343][ T5064] ? lockdep_init_map_type+0x21e/0x800 [ 54.704805][ T5064] ? lockdep_init_map_type+0x21e/0x800 [ 54.710263][ T5064] ? l2tp_tunnel_create+0x2bf/0x4b0 [ 54.715461][ T5064] ? l2tp_tunnel_create+0x3c6/0x4b0 [ 54.720664][ T5064] l2tp_nl_cmd_tunnel_create+0x3d6/0x8b0 [ 54.726306][ T5064] ? l2tp_tunnel_notify.constprop.0+0x160/0x160 [ 54.732561][ T5064] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 54.739931][ T5064] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 54.747221][ T5064] genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 [ 54.753379][ T5064] ? genl_start+0x660/0x660 [ 54.757883][ T5064] ? apparmor_capable+0x1dc/0x460 [ 54.762923][ T5064] ? ns_capable+0xdd/0x100 [ 54.767351][ T5064] genl_rcv_msg+0x4ff/0x7e0 [ 54.771869][ T5064] ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0 [ 54.778202][ T5064] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 54.784187][ T5064] ? l2tp_tunnel_notify.constprop.0+0x160/0x160 [ 54.790444][ T5064] netlink_rcv_skb+0x165/0x440 [ 54.795226][ T5064] ? genl_family_rcv_msg_doit.isra.0+0x2d0/0x2d0 [ 54.801559][ T5064] ? netlink_ack+0x1370/0x1370 [ 54.806341][ T5064] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 54.812067][ T5064] ? netlink_deliver_tap+0x1b1/0xc50 [ 54.817369][ T5064] genl_rcv+0x28/0x40 [ 54.821354][ T5064] netlink_unicast+0x547/0x7f0 [ 54.826135][ T5064] ? netlink_attachskb+0x890/0x890 [ 54.831259][ T5064] ? __virt_addr_valid+0x61/0x2e0 [ 54.836294][ T5064] ? __phys_addr_symbol+0x30/0x70 [ 54.841327][ T5064] ? __check_object_size+0x2e2/0x5a0 [ 54.846622][ T5064] netlink_sendmsg+0x91b/0xe10 [ 54.851399][ T5064] ? netlink_unicast+0x7f0/0x7f0 [ 54.856351][ T5064] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 54.861648][ T5064] ? netlink_unicast+0x7f0/0x7f0 [ 54.866598][ T5064] sock_sendmsg+0xd3/0x120 [ 54.871023][ T5064] ____sys_sendmsg+0x712/0x8c0 [ 54.875796][ T5064] ? copy_msghdr_from_user+0xfc/0x150 [ 54.881180][ T5064] ? kernel_sendmsg+0x50/0x50 [ 54.885874][ T5064] ? __lock_acquire+0xbc3/0x56d0 [ 54.890812][ T5064] ___sys_sendmsg+0x110/0x1b0 [ 54.895507][ T5064] ? do_recvmmsg+0x6e0/0x6e0 [ 54.900103][ T5064] ? __raw_spin_lock_init+0x3a/0x110 [ 54.905390][ T5064] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 54.911374][ T5064] ? percpu_counter_add_batch+0xc1/0x180 [ 54.917024][ T5064] ? find_held_lock+0x2d/0x110 [ 54.921798][ T5064] ? fd_install+0x1cb/0x650 [ 54.926300][ T5064] ? __fget_light+0x20a/0x270 [ 54.930979][ T5064] __sys_sendmsg+0xf7/0x1c0 [ 54.935496][ T5064] ? __sys_sendmsg_sock+0x40/0x40 [ 54.940536][ T5064] ? syscall_enter_from_user_mode+0x26/0xb0 [ 54.946430][ T5064] ? lockdep_hardirqs_on+0x7d/0x100 [ 54.951647][ T5064] do_syscall_64+0x39/0xb0 [ 54.956099][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.962009][ T5064] RIP: 0033:0x7f82e5a4fbe9 [ 54.966421][ T5064] Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.986030][ T5064] RSP: 002b:00007