./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor158498009 <...> Warning: Permanently added '10.128.1.232' (ED25519) to the list of known hosts. execve("./syz-executor158498009", ["./syz-executor158498009"], 0x7ffd9d925b60 /* 10 vars */) = 0 brk(NULL) = 0x555593a0a000 brk(0x555593a0ad00) = 0x555593a0ad00 arch_prctl(ARCH_SET_FS, 0x555593a0a380) = 0 set_tid_address(0x555593a0a650) = 5839 set_robust_list(0x555593a0a660, 24) = 0 rseq(0x555593a0aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor158498009", 4096) = 27 getrandom("\xaa\x08\xfd\xff\x50\x89\xa0\xa2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555593a0ad00 brk(0x555593a2bd00) = 0x555593a2bd00 brk(0x555593a2c000) = 0x555593a2c000 mprotect(0x7f468bc8f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 executing program write(1, "executing program\n", 18) = 18 socket(AF_INET, SOCK_RAW, IPPROTO_IGMP) = 3 setsockopt(3, SOL_IP, IP_ADD_SOURCE_MEMBERSHIP, NULL, 0) = -1 EINVAL (Invalid argument) socket(AF_INET, SOCK_STREAM, 0x100 /* IPPROTO_??? */) = 4 sendto(4, NULL, 0, MSG_OOB|MSG_DONTROUTE|MSG_CTRUNC|MSG_PROBE|MSG_TRUNC|MSG_DONTWAIT|MSG_EOR|MSG_WAITALL|MSG_FIN|MSG_SYN|MSG_FASTOPEN, NULL, 0) = -1 EINVAL (Invalid argument) socket(AF_SMC, SOCK_STREAM, SMCPROTO_SMC) = 5 [ 64.062094][ T5839] [ 64.064474][ T5839] ====================================================== [ 64.071473][ T5839] WARNING: possible circular locking dependency detected [ 64.078488][ T5839] 6.12.0-rc5-syzkaller-00181-g6c52d4da1c74 #0 Not tainted [ 64.085577][ T5839] ------------------------------------------------------ [ 64.092577][ T5839] syz-executor158/5839 is trying to acquire lock: [ 64.098988][ T5839] ffffffff8fcd3448 (rtnl_mutex){+.+.}-{3:3}, at: start_sync_thread+0xdc/0x2dc0 [ 64.107977][ T5839] [ 64.107977][ T5839] but task is already holding lock: [ 64.115326][ T5839] ffff888034ac8aa8 (&smc->clcsock_release_lock){+.+.}-{3:3}, at: smc_setsockopt+0x1c3/0xe50 [ 64.125394][ T5839] [ 64.125394][ T5839] which lock already depends on the new lock. [ 64.125394][ T5839] [ 64.135864][ T5839] [ 64.135864][ T5839] the existing dependency chain (in reverse order) is: [ 64.144859][ T5839] [ 64.144859][ T5839] -> #2 (&smc->clcsock_release_lock){+.+.}-{3:3}: [ 64.153439][ T5839] lock_acquire+0x1ed/0x550 [ 64.158458][ T5839] __mutex_lock+0x136/0xd70 [ 64.163470][ T5839] smc_switch_to_fallback+0x35/0xdb0 [ 64.169260][ T5839] smc_sendmsg+0x11f/0x530 [ 64.174178][ T5839] __sock_sendmsg+0x221/0x270 [ 64.179362][ T5839] __sys_sendto+0x39b/0x4f0 [ 64.184374][ T5839] __x64_sys_sendto+0xde/0x100 [ 64.189637][ T5839] do_syscall_64+0xf3/0x230 [ 64.194642][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.201035][ T5839] [ 64.201035][ T5839] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 64.208661][ T5839] lock_acquire+0x1ed/0x550 [ 64.213673][ T5839] lock_sock_nested+0x48/0x100 [ 64.218942][ T5839] do_ip_setsockopt+0x1a2d/0x3cd0 [ 64.224470][ T5839] ip_setsockopt+0x63/0x100 [ 64.229475][ T5839] do_sock_setsockopt+0x3af/0x720 [ 64.235008][ T5839] __sys_setsockopt+0x1a2/0x250 [ 64.240364][ T5839] __x64_sys_setsockopt+0xb5/0xd0 [ 64.245890][ T5839] do_syscall_64+0xf3/0x230 [ 64.250898][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.257298][ T5839] [ 64.257298][ T5839] -> #0 (rtnl_mutex){+.+.}-{3:3}: [ 64.264510][ T5839] validate_chain+0x18ef/0x5920 [ 64.269876][ T5839] __lock_acquire+0x1384/0x2050 [ 64.275234][ T5839] lock_acquire+0x1ed/0x550 [ 64.280243][ T5839] __mutex_lock+0x136/0xd70 [ 64.285250][ T5839] start_sync_thread+0xdc/0x2dc0 [ 64.290712][ T5839] do_ip_vs_set_ctl+0x442/0x13d0 [ 64.296194][ T5839] nf_setsockopt+0x295/0x2c0 [ 64.301293][ T5839] smc_setsockopt+0x275/0xe50 [ 64.306479][ T5839] do_sock_setsockopt+0x3af/0x720 [ 64.312010][ T5839] __sys_setsockopt+0x1a2/0x250 [ 64.317387][ T5839] __x64_sys_setsockopt+0xb5/0xd0 [ 64.322915][ T5839] do_syscall_64+0xf3/0x230 [ 64.327922][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.334320][ T5839] [ 64.334320][ T5839] other info that might help us debug this: [ 64.334320][ T5839] [ 64.344536][ T5839] Chain exists of: [ 64.344536][ T5839] rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock [ 64.344536][ T5839] [ 64.358075][ T5839] Possible unsafe locking scenario: [ 64.358075][ T5839] [ 64.365510][ T5839] CPU0 CPU1 [ 64.370854][ T5839] ---- ---- [ 64.376217][ T5839] lock(&smc->clcsock_release_lock); [ 64.381575][ T5839] lock(sk_lock-AF_INET); [ 64.388493][ T5839] lock(&smc->clcsock_release_lock); [ 64.396366][ T5839] lock(rtnl_mutex); [ 64.400337][ T5839] [ 64.400337][ T5839] *** DEADLOCK *** [ 64.400337][ T5839] [ 64.408466][ T5839] 1 lock held by syz-executor158/5839: [ 64.413906][ T5839] #0: ffff888034ac8aa8 (&smc->clcsock_release_lock){+.+.}-{3:3}, at: smc_setsockopt+0x1c3/0xe50 [ 64.424421][ T5839] [ 64.424421][ T5839] stack backtrace: [ 64.430304][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor158 Not tainted 6.12.0-rc5-syzkaller-00181-g6c52d4da1c74 #0 [ 64.441389][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 64.451467][ T5839] Call Trace: [ 64.454761][ T5839] [ 64.457698][ T5839] dump_stack_lvl+0x241/0x360 [ 64.462387][ T5839] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.467566][ T5839] ? __pfx__printk+0x10/0x10 [ 64.472141][ T5839] print_circular_bug+0x13a/0x1b0 [ 64.477153][ T5839] check_noncircular+0x36a/0x4a0 [ 64.482083][ T5839] ? __pfx_check_noncircular+0x10/0x10 [ 64.487526][ T5839] ? lockdep_lock+0x123/0x2b0 [ 64.492192][ T5839] ? rcu_is_watching+0x15/0xb0 [ 64.496942][ T5839] validate_chain+0x18ef/0x5920 [ 64.501774][ T5839] ? __pfx_lock_acquire+0x10/0x10 [ 64.506809][ T5839] ? preempt_count_add+0x93/0x190 [ 64.511821][ T5839] ? __pfx_validate_chain+0x10/0x10 [ 64.517009][ T5839] ? is_bpf_text_address+0x285/0x2a0 [ 64.522282][ T5839] ? is_bpf_text_address+0x26/0x2a0 [ 64.527464][ T5839] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 64.533602][ T5839] ? kernel_text_address+0xa7/0xe0 [ 64.538697][ T5839] ? __kernel_text_address+0xd/0x40 [ 64.543891][ T5839] ? unwind_get_return_address+0x4d/0x90 [ 64.549513][ T5839] ? arch_stack_walk+0xfd/0x150 [ 64.554357][ T5839] ? stack_trace_save+0x118/0x1d0 [ 64.559380][ T5839] ? __pfx_stack_trace_save+0x10/0x10 [ 64.564739][ T5839] ? mark_lock+0x9a/0x360 [ 64.569054][ T5839] __lock_acquire+0x1384/0x2050 [ 64.573917][ T5839] lock_acquire+0x1ed/0x550 [ 64.578407][ T5839] ? start_sync_thread+0xdc/0x2dc0 [ 64.583530][ T5839] ? __pfx_lock_acquire+0x10/0x10 [ 64.588540][ T5839] ? __pfx___might_resched+0x10/0x10 [ 64.593811][ T5839] ? __pfx_validate_chain+0x10/0x10 [ 64.598992][ T5839] __mutex_lock+0x136/0xd70 [ 64.603481][ T5839] ? start_sync_thread+0xdc/0x2dc0 [ 64.608595][ T5839] ? validate_chain+0x15c0/0x5920 [ 64.613648][ T5839] ? start_sync_thread+0xdc/0x2dc0 [ 64.618761][ T5839] ? __pfx___mutex_lock+0x10/0x10 [ 64.623777][ T5839] start_sync_thread+0xdc/0x2dc0 [ 64.628704][ T5839] ? __lock_acquire+0x1384/0x2050 [ 64.633722][ T5839] ? __pfx_start_sync_thread+0x10/0x10 [ 64.639208][ T5839] ? __pfx___might_resched+0x10/0x10 [ 64.644497][ T5839] ? __might_fault+0xaa/0x120 [ 64.649194][ T5839] ? __pfx_lock_release+0x10/0x10 [ 64.654210][ T5839] ? apparmor_capable+0x13b/0x1b0 [ 64.659236][ T5839] ? read_word_at_a_time+0xe/0x20 [ 64.664250][ T5839] ? sized_strscpy+0x8d/0x220 [ 64.668912][ T5839] do_ip_vs_set_ctl+0x442/0x13d0 [ 64.673863][ T5839] ? __pfx___might_resched+0x10/0x10 [ 64.679137][ T5839] ? __pfx_do_ip_vs_set_ctl+0x10/0x10 [ 64.684511][ T5839] ? rcu_is_watching+0x15/0xb0 [ 64.689262][ T5839] ? __mutex_unlock_slowpath+0x21d/0x750 [ 64.694879][ T5839] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 64.700843][ T5839] ? __pfx___mutex_lock+0x10/0x10 [ 64.705861][ T5839] nf_setsockopt+0x295/0x2c0 [ 64.710460][ T5839] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 64.716346][ T5839] smc_setsockopt+0x275/0xe50 [ 64.721014][ T5839] ? __pfx_smc_setsockopt+0x10/0x10 [ 64.726216][ T5839] ? aa_sock_opt_perm+0x79/0x120 [ 64.731141][ T5839] ? __pfx_smc_setsockopt+0x10/0x10 [ 64.736324][ T5839] do_sock_setsockopt+0x3af/0x720 [ 64.741336][ T5839] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 64.746868][ T5839] ? _raw_spin_unlock_irq+0x2e/0x50 [ 64.752050][ T5839] ? ptrace_notify+0x279/0x380 [ 64.756798][ T5839] ? __pfx_ptrace_notify+0x10/0x10 [ 64.761896][ T5839] __sys_setsockopt+0x1a2/0x250 [ 64.766736][ T5839] __x64_sys_setsockopt+0xb5/0xd0 [ 64.771744][ T5839] do_syscall_64+0xf3/0x230 [ 64.776234][ T5839] ? clear_bhb_loop+0x35/0x90 [ 64.780892][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.786777][ T5839] RIP: 0033:0x7f468bc1c369 [ 64.791199][ T5839] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.810793][ T5839] RSP: 002b:00007ffe79331b18 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 64.819190][ T5839] RAX: ffffffffffffffda RBX: 00007ffe79331ce8 RCX: 00007f468bc1c369 [ 64.827148][ T5839] RDX: 000000000000048b RSI: 0000000000000000 RDI: 0000000000000005 [ 64.835099][ T5839] RBP: 00007f468bc8f610 R08: 0000000000000018 R09: 00007ffe79331ce8 [ 64.843079][ T5839] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 64.851032][ T5839] R13: 00007ffe79331cd8 R14: 0000000000000001 R15: 0000000000000001 [ 64.858997][ T5839] setsockopt(5, SOL_IP, IP_VS_SO_SET_STARTDAEMON, "\x02\x00\x00\x00\x6d\x61\x63\x76\x6c\x61\x6e\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = -1 ENODEV (No such device) exit_group(0) = ? +++ exited with 0 +++ [ 64.862739][ T5839] IPVS: Unkn