./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1037457481 <...> Warning: Permanently added '10.128.10.62' (ED25519) to the list of known hosts. execve("./syz-executor1037457481", ["./syz-executor1037457481"], 0x7ffd25180a60 /* 10 vars */) = 0 brk(NULL) = 0x555583996000 brk(0x555583996d00) = 0x555583996d00 arch_prctl(ARCH_SET_FS, 0x555583996380) = 0 set_tid_address(0x555583996650) = 5850 set_robust_list(0x555583996660, 24) = 0 rseq(0x555583996ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1037457481", 4096) = 28 getrandom("\xbc\x77\x83\x2f\x3a\xc1\xf1\xbc", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555583996d00 brk(0x5555839b7d00) = 0x5555839b7d00 brk(0x5555839b8000) = 0x5555839b8000 mprotect(0x7fbf25591000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 chmod("/dev/raw-gadget", 0666) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached [pid 5851] set_robust_list(0x555583996660, 24 [pid 5850] <... clone resumed>, child_tidptr=0x555583996650) = 5851 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] getppid() = 0 [pid 5851] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5851] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5851] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5851] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5851] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5851] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5851] unshare(CLONE_NEWNS) = 0 [pid 5851] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5851] unshare(CLONE_NEWIPC) = 0 [pid 5851] unshare(CLONE_NEWCGROUP) = 0 [pid 5851] unshare(CLONE_NEWUTS) = 0 [pid 5851] unshare(CLONE_SYSVSEM) = 0 [pid 5851] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "16777216", 8) = 8 [pid 5851] close(3) = 0 [pid 5851] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "536870912", 9) = 9 [pid 5851] close(3) = 0 [pid 5851] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1024", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "8192", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1024", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1024", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5851] close(3) = 0 [pid 5851] getpid() = 1 [pid 5851] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< #3 (lock#7){+.+.}-{4:4}: [ 71.539502][ T5851] lock_acquire+0x1ed/0x550 [ 71.544624][ T5851] __mutex_lock+0x1ac/0xee0 [ 71.549637][ T5851] cma_init+0x1e/0x140 [ 71.554239][ T5851] do_one_initcall+0x248/0x880 [ 71.559524][ T5851] do_initcall_level+0x157/0x210 [ 71.564996][ T5851] do_initcalls+0x3f/0x80 [ 71.569921][ T5851] kernel_init_freeable+0x435/0x5d0 [ 71.575667][ T5851] kernel_init+0x1d/0x2b0 [ 71.580518][ T5851] ret_from_fork+0x4b/0x80 [ 71.585444][ T5851] ret_from_fork_asm+0x1a/0x30 [ 71.590734][ T5851] [ 71.590734][ T5851] -> #2 (rtnl_mutex){+.+.}-{4:4}: [ 71.597943][ T5851] lock_acquire+0x1ed/0x550 [ 71.602956][ T5851] __mutex_lock+0x1ac/0xee0 [ 71.607974][ T5851] do_ipv6_setsockopt+0x9e8/0x3640 [ 71.613600][ T5851] ipv6_setsockopt+0x5d/0x170 [ 71.618790][ T5851] smc_setsockopt+0x275/0xe50 [ 71.624016][ T5851] do_sock_setsockopt+0x3af/0x720 [ 71.629592][ T5851] __x64_sys_setsockopt+0x1ee/0x280 [ 71.635322][ T5851] do_syscall_64+0xf3/0x230 [ 71.640344][ T5851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.646754][ T5851] [ 71.646754][ T5851] -> #1 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 71.655353][ T5851] lock_acquire+0x1ed/0x550 [ 71.660457][ T5851] __mutex_lock+0x1ac/0xee0 [ 71.665486][ T5851] smc_switch_to_fallback+0x35/0xdb0 [ 71.671311][ T5851] smc_sendmsg+0x11f/0x530 [ 71.676261][ T5851] __sock_sendmsg+0x221/0x270 [ 71.681468][ T5851] __sys_sendto+0x363/0x4c0 [ 71.686490][ T5851] __x64_sys_sendto+0xde/0x100 [ 71.691768][ T5851] do_syscall_64+0xf3/0x230 [ 71.696784][ T5851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.703275][ T5851] [ 71.703275][ T5851] -> #0 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 71.711006][ T5851] validate_chain+0x18ef/0x5920 [ 71.716384][ T5851] __lock_acquire+0x1397/0x2100 [ 71.721755][ T5851] lock_acquire+0x1ed/0x550 [ 71.726871][ T5851] lock_sock_nested+0x48/0x100 [ 71.732166][ T5851] sock_set_reuseaddr+0x17/0x60 [ 71.737562][ T5851] siw_create_listen+0x196/0xfe0 [ 71.743119][ T5851] iw_cm_listen+0x15e/0x230 [ 71.748142][ T5851] rdma_listen+0x941/0xd60 [ 71.753078][ T5851] cma_listen_on_dev+0x3e3/0x6f0 [ 71.758564][ T5851] cma_add_one+0x7d7/0xcd0 [ 71.763710][ T5851] add_client_context+0x536/0x8b0 [ 71.769424][ T5851] enable_device_and_get+0x1e6/0x440 [ 71.775248][ T5851] ib_register_device+0x10d4/0x13e0 [ 71.780967][ T5851] siw_newlink+0x9d9/0xe50 [ 71.785895][ T5851] nldev_newlink+0x5c0/0x640 [ 71.791000][ T5851] rdma_nl_rcv+0x6dd/0x9e0 [ 71.795937][ T5851] netlink_unicast+0x7f6/0x990 [ 71.801217][ T5851] netlink_sendmsg+0x8e4/0xcb0 [ 71.806490][ T5851] __sock_sendmsg+0x221/0x270 [ 71.811685][ T5851] ____sys_sendmsg+0x52a/0x7e0 [ 71.816959][ T5851] __sys_sendmsg+0x269/0x350 [ 71.822059][ T5851] do_syscall_64+0xf3/0x230 [ 71.827073][ T5851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.833655][ T5851] [ 71.833655][ T5851] other info that might help us debug this: [ 71.833655][ T5851] [ 71.843957][ T5851] Chain exists of: [ 71.843957][ T5851] sk_lock-AF_INET6 --> rtnl_mutex --> lock#7 [ 71.843957][ T5851] [ 71.855974][ T5851] Possible unsafe locking scenario: [ 71.855974][ T5851] [ 71.863788][ T5851] CPU0 CPU1 [ 71.869252][ T5851] ---- ---- [ 71.874782][ T5851] lock(lock#7); [ 71.878418][ T5851] lock(rtnl_mutex); [ 71.884915][ T5851] lock(lock#7); [ 71.891127][ T5851] lock(sk_lock-AF_INET6); [ 71.895631][ T5851] [ 71.895631][ T5851] *** DEADLOCK *** [ 71.895631][ T5851] [ 71.903762][ T5851] 6 locks held by syz-executor103/5851: [ 71.909312][ T5851] #0: ffffffff9a7e7f18 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv+0x32d/0x9e0 [ 71.919372][ T5851] #1: ffffffff8fa62050 (link_ops_rwsem){++++}-{4:4}, at: nldev_newlink+0x42a/0x640 [ 71.928784][ T5851] #2: ffffffff8fa54bf0 (devices_rwsem){++++}-{4:4}, at: enable_device_and_get+0x12e/0x440 [ 71.938881][ T5851] #3: ffffffff8fa54ef0 (clients_rwsem){++++}-{4:4}, at: enable_device_and_get+0x196/0x440 [ 71.949168][ T5851] #4: ffff888024e4c5d8 (&device->client_data_rwsem){++++}-{4:4}, at: add_client_context+0x4f4/0x8b0 [ 71.960421][ T5851] #5: ffffffff8fa76008 (lock#7){+.+.}-{4:4}, at: cma_add_one+0x6bc/0xcd0 [ 71.968962][ T5851] [ 71.968962][ T5851] stack backtrace: [ 71.974869][ T5851] CPU: 0 UID: 0 PID: 5851 Comm: syz-executor103 Not tainted 6.12.0-syzkaller-10683-ge8e7be7d212d #0 [ 71.985618][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 71.995671][ T5851] Call Trace: [ 71.998946][ T5851] [ 72.001868][ T5851] dump_stack_lvl+0x241/0x360 [ 72.006540][ T5851] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.011736][ T5851] ? __pfx__printk+0x10/0x10 [ 72.016328][ T5851] print_circular_bug+0x13a/0x1b0 [ 72.021351][ T5851] check_noncircular+0x36a/0x4a0 [ 72.026291][ T5851] ? __pfx_check_noncircular+0x10/0x10 [ 72.031745][ T5851] ? lockdep_lock+0x123/0x2b0 [ 72.036514][ T5851] validate_chain+0x18ef/0x5920 [ 72.041376][ T5851] ? __pfx_validate_chain+0x10/0x10 [ 72.046863][ T5851] ? mark_lock+0x9a/0x360 [ 72.051309][ T5851] ? __lock_acquire+0x1397/0x2100 [ 72.056435][ T5851] ? look_up_lock_class+0x77/0x170 [ 72.061645][ T5851] ? register_lock_class+0x102/0x980 [ 72.067015][ T5851] ? __pfx_register_lock_class+0x10/0x10 [ 72.072815][ T5851] ? mark_lock+0x9a/0x360 [ 72.077232][ T5851] __lock_acquire+0x1397/0x2100 [ 72.082075][ T5851] ? lockdep_init_map_type+0xa1/0x910 [ 72.087441][ T5851] lock_acquire+0x1ed/0x550 [ 72.091935][ T5851] ? sock_set_reuseaddr+0x17/0x60 [ 72.096955][ T5851] ? __pfx_lock_acquire+0x10/0x10 [ 72.101971][ T5851] ? tcp_init_sock+0x604/0x950 [ 72.106741][ T5851] ? apparmor_socket_post_create+0x2b7/0x2e0 [ 72.112732][ T5851] ? bpf_lsm_socket_post_create+0x9/0x10 [ 72.118383][ T5851] lock_sock_nested+0x48/0x100 [ 72.123178][ T5851] ? sock_set_reuseaddr+0x17/0x60 [ 72.128219][ T5851] sock_set_reuseaddr+0x17/0x60 [ 72.133076][ T5851] siw_create_listen+0x196/0xfe0 [ 72.138014][ T5851] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 72.143910][ T5851] ? __pfx_siw_create_listen+0x10/0x10 [ 72.149371][ T5851] iw_cm_listen+0x15e/0x230 [ 72.153867][ T5851] rdma_listen+0x941/0xd60 [ 72.158277][ T5851] ? __pfx_rdma_listen+0x10/0x10 [ 72.163302][ T5851] ? rdma_restrack_add+0x288/0x7b0 [ 72.168499][ T5851] ? _cma_attach_to_dev+0x295/0x490 [ 72.173801][ T5851] cma_listen_on_dev+0x3e3/0x6f0 [ 72.178753][ T5851] cma_add_one+0x7d7/0xcd0 [ 72.183167][ T5851] ? __pfx_cma_add_one+0x10/0x10 [ 72.188114][ T5851] ? _raw_spin_unlock+0x28/0x50 [ 72.192978][ T5851] add_client_context+0x536/0x8b0 [ 72.198108][ T5851] ? __pfx_add_client_context+0x10/0x10 [ 72.203728][ T5851] ? __pfx_ib_setup_port_attrs+0x10/0x10 [ 72.209556][ T5851] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 72.215647][ T5851] enable_device_and_get+0x1e6/0x440 [ 72.221218][ T5851] ? __pfx_enable_device_and_get+0x10/0x10 [ 72.227147][ T5851] ? device_add+0x460/0xbf0 [ 72.231656][ T5851] ib_register_device+0x10d4/0x13e0 [ 72.237319][ T5851] ? __pfx_ib_register_device+0x10/0x10 [ 72.242867][ T5851] ? xa_load+0x2dd/0x350 [ 72.247112][ T5851] ? xa_load+0x147/0x350 [ 72.251352][ T5851] ? __asan_memset+0x23/0x50 [ 72.255932][ T5851] ? lockdep_init_map_type+0xa1/0x910 [ 72.261388][ T5851] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 72.267188][ T5851] ? ib_device_set_netdev+0x5b6/0x6b0 [ 72.272554][ T5851] ? __raw_spin_lock_init+0x45/0x100 [ 72.277835][ T5851] siw_newlink+0x9d9/0xe50 [ 72.282253][ T5851] nldev_newlink+0x5c0/0x640 [ 72.286842][ T5851] ? __pfx_nldev_newlink+0x10/0x10 [ 72.291970][ T5851] ? __pfx_aa_get_newest_label+0x10/0x10 [ 72.297605][ T5851] ? __pfx_aa_get_newest_label+0x10/0x10 [ 72.303328][ T5851] ? bpf_lsm_capable+0x9/0x10 [ 72.307996][ T5851] ? security_capable+0x7e/0x2d0 [ 72.312931][ T5851] ? __pfx_nldev_newlink+0x10/0x10 [ 72.318037][ T5851] rdma_nl_rcv+0x6dd/0x9e0 [ 72.322452][ T5851] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 72.327396][ T5851] ? netlink_deliver_tap+0x2e/0x1b0 [ 72.332761][ T5851] netlink_unicast+0x7f6/0x990 [ 72.337544][ T5851] ? __pfx_netlink_unicast+0x10/0x10 [ 72.342859][ T5851] ? __virt_addr_valid+0x183/0x530 [ 72.347974][ T5851] ? __check_object_size+0x48e/0x900 [ 72.353271][ T5851] netlink_sendmsg+0x8e4/0xcb0 [ 72.358295][ T5851] ? __pfx_netlink_sendmsg+0x10/0x10 [ 72.363570][ T5851] ? aa_sock_msg_perm+0x91/0x160 [ 72.368520][ T5851] ? __pfx_netlink_sendmsg+0x10/0x10 [ 72.373882][ T5851] __sock_sendmsg+0x221/0x270 [ 72.378566][ T5851] ____sys_sendmsg+0x52a/0x7e0 [ 72.383322][ T5851] ? __pfx_____sys_sendmsg+0x10/0x10 [ 72.388598][ T5851] ? do_raw_spin_lock+0x14f/0x370 [ 72.393623][ T5851] __sys_sendmsg+0x269/0x350 [ 72.398205][ T5851] ? __pfx___sys_sendmsg+0x10/0x10 [ 72.403313][ T5851] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 72.409634][ T5851] ? _raw_spin_unlock_irq+0x2e/0x50 [ 72.414828][ T5851] ? ptrace_notify+0x279/0x380 [ 72.419613][ T5851] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 72.425937][ T5851] ? exc_page_fault+0x590/0x8c0 [ 72.430791][ T5851] do_syscall_64+0xf3/0x230 [ 72.435292][ T5851] ? clear_bhb_loop+0x35/0x90 [ 72.439961][ T5851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.445852][ T5851] RIP: 0033:0x7fbf2551f659 [ 72.450267][ T5851] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 72.469975][ T5851] RSP: 002b:00007ffc1cb708f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.478392][ T5851] RAX: ffffffffffffffda RBX: 00007fbf25566492 RCX: 00007fbf2551f659 [ 72.486464][ T5851] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000005 [pid 5851] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x38\x00\x00\x00\x03\x14\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x02\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x08\x00\x41\x00\x73\x69\x77\x00\x14\x00\x33\x00\x76\x65\x74\x68\x30\x5f\x74\x6f\x5f\x68\x73\x72\x00\x00\x00\x00", iov_len=56}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 56 [pid 5851] exit_group(1) = ? [pid 5851] +++ exited with 1 +++ [ 72.494624][ T5851] RBP: 00007fbf25566470 R08: 0000000000000000 R09: 0000555500000000 [ 72.502976][ T5851] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbf255663f5 [ 72.511207][ T5851] R13: 0000000000000001 R14: 00007ffc1cb70940 R15: 0000000000000003 [ 72.519370][ T5851] [ 72.529528][ T5851] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=1, si_utime=0, si_stime=97 /* 0.97 s */} --- exit_group(0) = ? +++ exited with 0 +++ [