program: r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0x4030582b, 0x0) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0x4) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x64180, 0x0) r3 = perf_event_open(&(0x7f00000000c0)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r4, &(0x7f0000001340)=[{&(0x7f0000000a40)='e', 0x1}], 0x1) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071113b00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) r5 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0xb]}}]}}]}, 0x8c}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r9, 0x1, 0x70bd2a, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x224e}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="200000000000000084b995ff0100000004000091400000000d00000002c6e0ca28b6df18e86aa62bed387ca4aa2e95356b69cdbe73326301ce0e66fe592dd109a246521b99900d70d2a205c1fa3abd8f2070e8db86f87e2c1e710aeaa2695d6815d59e2700fc44e0ffc5991d41a802b63a34fd02b749bb403344e6446a0a5ce0844f1f107c09f43b62200eeba6eb3a94f28100cea3f7bc0dbbe98f103dc8eaafff5ae292dfda87767a24c2a93689466e8cbb589c76b43561d62bb8f66649083150a2128da6da59f1aaced0a79da2c3f3d62914fbae1b4a1909f70258499e039837cd8652e370363b6cef8b2d70ddab2aa7a3834757339a1a418d2a370c9046eab2", @ANYRESDEC=r3], 0x20}, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r10) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r10, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r11 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r11, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r10, 0x0, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) r13 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newchain={0xa0, 0x64, 0x400, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r14, {0x10, 0xfff3}, {0x7, 0xffff}, {0xffff, 0xfffe}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4c, 0x2, [@TCA_BPF_ACT={0x48, 0x1, [@m_csum={0x44, 0xa, 0x0, 0x0, {{0x9}, {0x4}, {0x17, 0x6, "1122b5b53fcfd1287f968cc46672cde0993b76"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x7}}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}, @TCA_RATE={0x6, 0x5, {0x3, 0xe}}, @TCA_RATE={0x6, 0x5, {0x3, 0xc}}, @TCA_RATE={0x6, 0x5, {0x3, 0x40}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x404}, 0x801) socket$inet6_tcp(0xa, 0x1, 0x0) [ 77.996697][ T48] Bluetooth: hci0: command tx timeout [ 78.081763][ C0] [ 78.082754][ C0] ============================================ [ 78.085031][ C0] WARNING: possible recursive locking detected [ 78.087285][ C0] 6.11.0-rc7-syzkaller #0 Not tainted [ 78.089308][ C0] -------------------------------------------- [ 78.091567][ C0] syz.0.0/5111 is trying to acquire lock: [ 78.093672][ C0] ffff88804c251958 (k-slock-AF_INET){+.-.}-{2:2}, at: sk_clone_lock+0x2cd/0xf40 [ 78.097065][ C0] [ 78.097065][ C0] but task is already holding lock: [ 78.099762][ C0] ffff888040027018 (k-slock-AF_INET){+.-.}-{2:2}, at: sk_clone_lock+0x2cd/0xf40 [ 78.103142][ C0] [ 78.103142][ C0] other info that might help us debug this: [ 78.106237][ C0] Possible unsafe locking scenario: [ 78.106237][ C0] [ 78.108976][ C0] CPU0 [ 78.110197][ C0] ---- [ 78.111445][ C0] lock(k-slock-AF_INET); [ 78.113168][ C0] lock(k-slock-AF_INET); [ 78.114849][ C0] [ 78.114849][ C0] *** DEADLOCK *** [ 78.114849][ C0] [ 78.117770][ C0] May be due to missing lock nesting notation [ 78.117770][ C0] [ 78.120841][ C0] 7 locks held by syz.0.0/5111: [ 78.122652][ C0] #0: ffff88804c250e18 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_stream_connect+0x50/0xa0 [ 78.126369][ C0] #1: ffff888040026458 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_connect+0x501/0x920 [ 78.129677][ C0] #2: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: __ip_queue_xmit+0x5f/0x1b80 [ 78.133040][ C0] #3: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ip_finish_output2+0x45f/0x1390 [ 78.136721][ C0] #4: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: process_backlog+0x33b/0x15b0 [ 78.140290][ C0] #5: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ip_local_deliver_finish+0x230/0x5f0 [ 78.144044][ C0] #6: ffff888040027018 (k-slock-AF_INET){+.-.}-{2:2}, at: sk_clone_lock+0x2cd/0xf40 [ 78.147563][ C0] [ 78.147563][ C0] stack backtrace: [ 78.149816][ C0] CPU: 0 UID: 0 PID: 5111 Comm: syz.0.0 Not tainted 6.11.0-rc7-syzkaller #0 [ 78.153016][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.157408][ C0] Call Trace: [ 78.158709][ C0] [ 78.159827][ C0] dump_stack_lvl+0x241/0x360 [ 78.161575][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.163514][ C0] ? print_deadlock_bug+0x479/0x620 [ 78.165486][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 78.167734][ C0] validate_chain+0x15d3/0x5900 [ 78.169555][ C0] ? mark_lock+0x9a/0x350 [ 78.171209][ C0] ? __pfx_validate_chain+0x10/0x10 [ 78.173150][ C0] ? __lock_acquire+0x137a/0x2040 [ 78.175069][ C0] ? look_up_lock_class+0x77/0x160 [ 78.176829][ C0] ? register_lock_class+0x102/0x980 [ 78.178625][ C0] ? __pfx_register_lock_class+0x10/0x10 [ 78.180532][ C0] ? mark_lock+0x9a/0x350 [ 78.182067][ C0] ? mark_lock+0x9a/0x350 [ 78.183549][ C0] __lock_acquire+0x137a/0x2040 [ 78.185313][ C0] lock_acquire+0x1ed/0x550 [ 78.186891][ C0] ? sk_clone_lock+0x2cd/0xf40 [ 78.188612][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 78.190231][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 78.192435][ C0] ? sock_lock_init+0x3cd/0x7f0 [ 78.194290][ C0] _raw_spin_lock+0x2e/0x40 [ 78.195986][ C0] ? sk_clone_lock+0x2cd/0xf40 [ 78.197837][ C0] sk_clone_lock+0x2cd/0xf40 [ 78.199554][ C0] mptcp_sk_clone_init+0x32/0x13c0 [ 78.201486][ C0] ? __pfx_tcp_v4_syn_recv_sock+0x10/0x10 [ 78.203678][ C0] subflow_syn_recv_sock+0x931/0x1920 [ 78.205741][ C0] ? __pfx_subflow_syn_recv_sock+0x10/0x10 [ 78.207881][ C0] tcp_check_req+0xfe4/0x1a20 [ 78.209683][ C0] ? __pfx_tcp_check_req+0x10/0x10 [ 78.211644][ C0] ? tcp_v4_rcv+0x1987/0x37f0 [ 78.213471][ C0] tcp_v4_rcv+0x1c3e/0x37f0 [ 78.215169][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 78.217040][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 78.218922][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 78.220747][ C0] ip_protocol_deliver_rcu+0x22e/0x440 [ 78.222823][ C0] ? ip_local_deliver_finish+0x230/0x5f0 [ 78.224842][ C0] ip_local_deliver_finish+0x341/0x5f0 [ 78.226855][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 78.229140][ C0] NF_HOOK+0x3a4/0x450 [ 78.230710][ C0] ? NF_HOOK+0x9a/0x450 [ 78.232223][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 78.233802][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 78.235883][ C0] ? ip_rcv_finish+0x406/0x560 [ 78.237721][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 78.239654][ C0] NF_HOOK+0x3a4/0x450 [ 78.241133][ C0] ? __lock_acquire+0x137a/0x2040 [ 78.243023][ C0] ? NF_HOOK+0x9a/0x450 [ 78.244630][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 78.246264][ C0] ? ip_rcv_core+0x801/0xd10 [ 78.247904][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 78.249680][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 78.251289][ C0] __netif_receive_skb+0x2bf/0x650 [ 78.253072][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 78.254751][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 78.256588][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 78.258802][ C0] ? __pfx_lock_release+0x10/0x10 [ 78.260653][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 78.262617][ C0] process_backlog+0x662/0x15b0 [ 78.264763][ C0] ? process_backlog+0x33b/0x15b0 [ 78.266599][ C0] ? __pfx_process_backlog+0x10/0x10 [ 78.268578][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 78.270866][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.273313][ C0] ? trace_rcu_utilization+0x4b/0x1e0 [ 78.275385][ C0] __napi_poll+0xcb/0x490 [ 78.277044][ C0] net_rx_action+0x89b/0x1240 [ 78.278887][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 78.280847][ C0] ? do_softirq+0x11b/0x1e0 [ 78.282557][ C0] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 78.284680][ C0] ? lockdep_softirqs_on+0x334/0x5a0 [ 78.286555][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.288907][ C0] handle_softirqs+0x2c4/0x970 [ 78.290639][ C0] ? do_softirq+0x11b/0x1e0 [ 78.292284][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 78.294230][ C0] do_softirq+0x11b/0x1e0 [ 78.295780][ C0] [ 78.296865][ C0] [ 78.298007][ C0] ? __pfx_do_softirq+0x10/0x10 [ 78.299931][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 78.302143][ C0] ? rcu_is_watching+0x15/0xb0 [ 78.303903][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 78.305929][ C0] ? dev_hard_start_xmit+0x773/0x7e0 [ 78.307961][ C0] ? __dev_queue_xmit+0x2da/0x3e90 [ 78.309858][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 78.312031][ C0] ? __dev_queue_xmit+0x2da/0x3e90 [ 78.314262][ C0] __dev_queue_xmit+0x1763/0x3e90 [ 78.316232][ C0] ? __dev_queue_xmit+0x2da/0x3e90 [ 78.318165][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 78.320236][ C0] ? mark_lock+0x9a/0x350 [ 78.321881][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 78.324096][ C0] ? ip_finish_output2+0xa14/0x1390 [ 78.326037][ C0] ? ip_finish_output2+0x45f/0x1390 [ 78.327879][ C0] ip_finish_output2+0xd41/0x1390 [ 78.329817][ C0] ? ip_finish_output2+0x45f/0x1390 [ 78.331949][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 78.334034][ C0] ? ip_skb_dst_mtu+0x6ba/0x9b0 [ 78.335944][ C0] ? __ip_finish_output+0x349/0x400 [ 78.337903][ C0] __ip_queue_xmit+0x118c/0x1b80 [ 78.339799][ C0] ? __pfx_mptcp_write_options+0x10/0x10 [ 78.341887][ C0] ? __ip_queue_xmit+0x5f/0x1b80 [ 78.343709][ C0] ? __pfx_ip_queue_xmit+0x10/0x10 [ 78.345639][ C0] __tcp_transmit_skb+0x2544/0x3b30 [ 78.347590][ C0] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 78.349651][ C0] ? __tcp_send_ack+0x17e/0x600 [ 78.351343][ C0] tcp_rcv_state_process+0x2c32/0x4570 [ 78.353360][ C0] ? down_read_trylock+0xb8/0x3c0 [ 78.355161][ C0] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 78.357363][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 78.359348][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 78.361313][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 78.363366][ C0] ? __release_sock+0x9a/0x350 [ 78.365223][ C0] tcp_v4_do_rcv+0x77d/0xc70 [ 78.366834][ C0] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 78.368768][ C0] __release_sock+0x214/0x350 [ 78.370569][ C0] release_sock+0x61/0x1f0 [ 78.372265][ C0] mptcp_connect+0x68b/0x920 [ 78.374090][ C0] __inet_stream_connect+0x262/0xf30 [ 78.376063][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.378466][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 78.380532][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 78.382511][ C0] ? __pfx___inet_stream_connect+0x10/0x10 [ 78.384669][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 78.386660][ C0] ? inet_stream_connect+0x50/0xa0 [ 78.388525][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 78.390679][ C0] inet_stream_connect+0x65/0xa0 [ 78.392594][ C0] __sys_connect+0x2df/0x310 [ 78.394339][ C0] ? __pfx___sys_connect+0x10/0x10 [ 78.396230][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.398606][ C0] ? do_syscall_64+0x100/0x230 [ 78.400442][ C0] __x64_sys_connect+0x7a/0x90 [ 78.402189][ C0] do_syscall_64+0xf3/0x230 [ 78.403929][ C0] ? clear_bhb_loop+0x35/0x90 [ 78.405820][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.408007][ C0] RIP: 0033:0x7fda1197cef9 [ 78.409675][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.416815][ C0] RSP: 002b:00007fda1269c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 78.419890][ C0] RAX: ffffffffffffffda RBX: 00007fda11b35f80 RCX: 00007fda1197cef9 [ 78.422510][ C0] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 000000000000000c [ 78.425436][ C0] RBP: 00007fda119ef046 R08: 0000000000000000 R09: 0000000000000000 [ 78.428369][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 78.431290][ C0] R13: 0000000000000000 R14: 00007fda11b35f80 R15: 00007ffe8f850da8 [ 78.434135][ C0]