Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts. executing program [ 37.667485][ T3966] [ 37.668120][ T3966] ====================================================== [ 37.669841][ T3966] WARNING: possible circular locking dependency detected [ 37.671567][ T3966] 5.15.160-syzkaller #0 Not tainted [ 37.672846][ T3966] ------------------------------------------------------ [ 37.674621][ T3966] syz-executor338/3966 is trying to acquire lock: [ 37.676252][ T3966] ffff0000c93f0120 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_sk_diag_fill+0xcb8/0x17b4 [ 37.678683][ T3966] [ 37.678683][ T3966] but task is already holding lock: [ 37.680562][ T3966] ffff0000c54895b8 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x7b0/0x10dc [ 37.683023][ T3966] [ 37.683023][ T3966] which lock already depends on the new lock. [ 37.683023][ T3966] [ 37.685668][ T3966] [ 37.685668][ T3966] the existing dependency chain (in reverse order) is: [ 37.687938][ T3966] [ 37.687938][ T3966] -> #1 (&h->lhash2[i].lock){+.+.}-{2:2}: [ 37.689931][ T3966] _raw_spin_lock+0xb0/0x10c [ 37.691254][ T3966] __inet_hash+0xd8/0x754 [ 37.692465][ T3966] inet_hash+0x74/0x9c [ 37.693636][ T3966] inet_csk_listen_start+0x1e8/0x2cc [ 37.695093][ T3966] inet_listen+0x258/0x6d4 [ 37.696334][ T3966] __sys_listen+0x1ac/0x21c [ 37.697555][ T3966] __arm64_sys_listen+0x5c/0x74 [ 37.698931][ T3966] invoke_syscall+0x98/0x2b8 [ 37.700266][ T3966] el0_svc_common+0x138/0x258 [ 37.701593][ T3966] do_el0_svc+0x58/0x14c [ 37.702801][ T3966] el0_svc+0x7c/0x1f0 [ 37.703938][ T3966] el0t_64_sync_handler+0x84/0xe4 [ 37.705352][ T3966] el0t_64_sync+0x1a0/0x1a4 [ 37.706628][ T3966] [ 37.706628][ T3966] -> #0 (sk_lock-AF_INET){+.+.}-{0:0}: [ 37.708593][ T3966] __lock_acquire+0x32d4/0x7638 [ 37.709987][ T3966] lock_acquire+0x240/0x77c [ 37.711303][ T3966] mptcp_diag_get_info+0x208/0x8a0 [ 37.712760][ T3966] inet_sk_diag_fill+0xcb8/0x17b4 [ 37.714237][ T3966] mptcp_diag_dump+0xb4c/0x10dc [ 37.715651][ T3966] __inet_diag_dump+0x1e8/0x33c [ 37.717060][ T3966] inet_diag_dump_compat+0x17c/0x288 [ 37.718571][ T3966] netlink_dump+0x470/0xa88 [ 37.719867][ T3966] __netlink_dump_start+0x488/0x6ec [ 37.721364][ T3966] inet_diag_rcv_msg_compat+0x1c8/0x41c [ 37.722929][ T3966] sock_diag_rcv_msg+0x174/0x39c [ 37.724353][ T3966] netlink_rcv_skb+0x20c/0x3b8 [ 37.725729][ T3966] sock_diag_rcv+0x3c/0x54 [ 37.727005][ T3966] netlink_unicast+0x664/0x938 [ 37.728385][ T3966] netlink_sendmsg+0x844/0xb38 [ 37.729781][ T3966] ____sys_sendmsg+0x584/0x870 [ 37.731173][ T3966] ___sys_sendmsg+0x214/0x294 [ 37.732548][ T3966] __arm64_sys_sendmsg+0x1ac/0x25c [ 37.734005][ T3966] invoke_syscall+0x98/0x2b8 [ 37.735340][ T3966] el0_svc_common+0x138/0x258 [ 37.736694][ T3966] do_el0_svc+0x58/0x14c [ 37.737925][ T3966] el0_svc+0x7c/0x1f0 [ 37.739075][ T3966] el0t_64_sync_handler+0x84/0xe4 [ 37.740531][ T3966] el0t_64_sync+0x1a0/0x1a4 [ 37.741834][ T3966] [ 37.741834][ T3966] other info that might help us debug this: [ 37.741834][ T3966] [ 37.744527][ T3966] Possible unsafe locking scenario: [ 37.744527][ T3966] [ 37.746489][ T3966] CPU0 CPU1 [ 37.747894][ T3966] ---- ---- [ 37.749328][ T3966] lock(&h->lhash2[i].lock); [ 37.750545][ T3966] lock(sk_lock-AF_INET); [ 37.752374][ T3966] lock(&h->lhash2[i].lock); [ 37.754291][ T3966] lock(sk_lock-AF_INET); [ 37.755438][ T3966] [ 37.755438][ T3966] *** DEADLOCK *** [ 37.755438][ T3966] [ 37.757564][ T3966] 6 locks held by syz-executor338/3966: [ 37.759000][ T3966] #0: ffff800016a508c8 (sock_diag_mutex){+.+.}-{3:3}, at: sock_diag_rcv+0x2c/0x54 [ 37.761516][ T3966] #1: ffff800016a50728 (sock_diag_table_mutex){+.+.}-{3:3}, at: sock_diag_rcv_msg+0x15c/0x39c [ 37.764226][ T3966] #2: ffff0000c1cba690 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{3:3}, at: netlink_dump+0xbc/0xa88 [ 37.766821][ T3966] #3: ffff800016b29e48 (inet_diag_table_mutex){+.+.}-{3:3}, at: __inet_diag_dump+0x17c/0x33c [ 37.769554][ T3966] #4: ffff800014b214a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c [ 37.772004][ T3966] #5: ffff0000c54895b8 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x7b0/0x10dc [ 37.774669][ T3966] [ 37.774669][ T3966] stack backtrace: [ 37.776222][ T3966] CPU: 0 PID: 3966 Comm: syz-executor338 Not tainted 5.15.160-syzkaller #0 [ 37.778486][ T3966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 37.781130][ T3966] Call trace: [ 37.781969][ T3966] dump_backtrace+0x0/0x530 [ 37.783147][ T3966] show_stack+0x2c/0x3c [ 37.784222][ T3966] dump_stack_lvl+0x108/0x170 [ 37.785465][ T3966] dump_stack+0x1c/0x58 [ 37.786579][ T3966] print_circular_bug+0x150/0x1b8 [ 37.787841][ T3966] check_noncircular+0x2cc/0x378 [ 37.789126][ T3966] __lock_acquire+0x32d4/0x7638 [ 37.790397][ T3966] lock_acquire+0x240/0x77c [ 37.791562][ T3966] mptcp_diag_get_info+0x208/0x8a0 [ 37.792881][ T3966] inet_sk_diag_fill+0xcb8/0x17b4 [ 37.794181][ T3966] mptcp_diag_dump+0xb4c/0x10dc [ 37.795443][ T3966] __inet_diag_dump+0x1e8/0x33c [ 37.796687][ T3966] inet_diag_dump_compat+0x17c/0x288 [ 37.798060][ T3966] netlink_dump+0x470/0xa88 [ 37.799226][ T3966] __netlink_dump_start+0x488/0x6ec [ 37.800607][ T3966] inet_diag_rcv_msg_compat+0x1c8/0x41c [ 37.802064][ T3966] sock_diag_rcv_msg+0x174/0x39c [ 37.803370][ T3966] netlink_rcv_skb+0x20c/0x3b8 [ 37.804620][ T3966] sock_diag_rcv+0x3c/0x54 [ 37.805740][ T3966] netlink_unicast+0x664/0x938 [ 37.806964][ T3966] netlink_sendmsg+0x844/0xb38 [ 37.808208][ T3966] ____sys_sendmsg+0x584/0x870 [ 37.809445][ T3966] ___sys_sendmsg+0x214/0x294 [ 37.810644][ T3966] __arm64_sys_sendmsg+0x1ac/0x25c [ 37.811978][ T3966] invoke_syscall+0x98/0x2b8 [ 37.813178][ T3966] el0_svc_common+0x138/0x258 [ 37.814399][ T3966] do_el0_svc+0x58/0x14c [ 37.815492][ T3966] el0_svc+0x7c/0x1f0 [ 37.816519][ T3966] el0t_64_sync_handler+0x84/0xe4 [ 37.817789][ T3966] el0t_64_sync+0x1a0/0x1a4 [ 37.819123][ T3966] BUG: sleeping function called from invalid context at net/core/sock.c:3282 [ 37.821279][ T3966] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3966, name: syz-executor338 [ 37.823583][ T3966] INFO: lockdep is turned off. [ 37.824836][ T3966] Preemption disabled at: [ 37.824846][ T3966] [] mptcp_diag_dump+0x7b0/0x10dc [ 37.827637][ T3966] CPU: 0 PID: 3966 Comm: syz-executor338 Not tainted 5.15.160-syzkaller #0 [ 37.829770][ T3966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 37.832279][ T3966] Call trace: [ 37.833092][ T3966] dump_backtrace+0x0/0x530 [ 37.834186][ T3966] show_stack+0x2c/0x3c [ 37.835216][ T3966] dump_stack_lvl+0x108/0x170 [ 37.836430][ T3966] dump_stack+0x1c/0x58 [ 37.837491][ T3966] ___might