./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2370281303 <...> Warning: Permanently added '10.128.10.40' (ED25519) to the list of known hosts. execve("./syz-executor2370281303", ["./syz-executor2370281303"], 0x7ffe4c3d8bf0 /* 10 vars */) = 0 brk(NULL) = 0x555555ef3000 brk(0x555555ef3d00) = 0x555555ef3d00 arch_prctl(ARCH_SET_FS, 0x555555ef3380) = 0 set_tid_address(0x555555ef3650) = 5059 set_robust_list(0x555555ef3660, 24) = 0 rseq(0x555555ef3ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2370281303", 4096) = 28 getrandom("\x7c\x77\xde\x89\x9c\xbe\x8b\xf2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555ef3d00 brk(0x555555f14d00) = 0x555555f14d00 brk(0x555555f15000) = 0x555555f15000 mprotect(0x7f32ec9ce000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5059 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "5059", 4) = 4 close(3) = 0 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=864, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5059}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x30\x00\x00\x00\xe8\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 864 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5059}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5059}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5059}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5059}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5059}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5059}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 socket(AF_SMC, SOCK_STREAM, SMCPROTO_SMC) = 3 bind(3, {sa_family=AF_INET, sin_port=htons(20004), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 socket(AF_SMC, SOCK_STREAM, SMCPROTO_SMC) = 4 listen(3, 9) = 0 connect(4, {sa_family=AF_INET, sin_port=htons(20004), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 exit_group(0) = ? [ 76.479770][ T5059] [ 76.482126][ T5059] ====================================================== [ 76.489193][ T5059] WARNING: possible circular locking dependency detected [ 76.496214][ T5059] 6.8.0-rc1-syzkaller-00314-g5f76499fb541 #0 Not tainted [ 76.503218][ T5059] ------------------------------------------------------ [ 76.510308][ T5059] syz-executor237/5059 is trying to acquire lock: [ 76.516716][ T5059] ffff888021c308f8 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}, at: __flush_work+0xfa/0xa10 [ 76.528326][ T5059] [ 76.528326][ T5059] but task is already holding lock: [ 76.535670][ T5059] ffff88802b530130 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a3/0x640 [ 76.544634][ T5059] [ 76.544634][ T5059] which lock already depends on the new lock. [ 76.544634][ T5059] [ 76.555017][ T5059] [ 76.555017][ T5059] the existing dependency chain (in reverse order) is: [ 76.564012][ T5059] [ 76.564012][ T5059] -> #1 (sk_lock-AF_SMC/1){+.+.}-{0:0}: [ 76.571727][ T5059] lock_sock_nested+0x3a/0xf0 [ 76.576934][ T5059] smc_listen_out+0x1e7/0x4b0 [ 76.582379][ T5059] smc_listen_work+0x4ed/0x5190 [ 76.587762][ T5059] process_one_work+0x886/0x15d0 [ 76.593396][ T5059] worker_thread+0x8b9/0x1290 [ 76.598595][ T5059] kthread+0x2c6/0x3a0 [ 76.603177][ T5059] ret_from_fork+0x45/0x80 [ 76.608104][ T5059] ret_from_fork_asm+0x11/0x20 [ 76.613470][ T5059] [ 76.613470][ T5059] -> #0 ((work_completion)(&new_smc->smc_listen_work)){+.+.}-{0:0}: [ 76.623634][ T5059] __lock_acquire+0x2445/0x3b30 [ 76.628990][ T5059] lock_acquire+0x1ae/0x520 [ 76.633996][ T5059] __flush_work+0x103/0xa10 [ 76.639012][ T5059] __cancel_work_timer+0x3ef/0x590 [ 76.644638][ T5059] smc_clcsock_release+0x5f/0xe0 [ 76.650096][ T5059] __smc_release+0x5b9/0x890 [ 76.655205][ T5059] smc_close_non_accepted+0xda/0x230 [ 76.661002][ T5059] smc_close_active+0xc2d/0x1070 [ 76.666447][ T5059] __smc_release+0x62b/0x890 [ 76.671543][ T5059] smc_release+0x209/0x640 [ 76.676462][ T5059] __sock_release+0xae/0x260 [ 76.681565][ T5059] sock_close+0x1c/0x20 [ 76.686232][ T5059] __fput+0x270/0xb70 [ 76.690721][ T5059] task_work_run+0x14d/0x240 [ 76.696107][ T5059] do_exit+0xa8a/0x2ad0 [ 76.700853][ T5059] do_group_exit+0xd4/0x2a0 [ 76.706154][ T5059] __x64_sys_exit_group+0x3e/0x50 [ 76.711703][ T5059] do_syscall_64+0xd3/0x250 [ 76.716732][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 76.723146][ T5059] [ 76.723146][ T5059] other info that might help us debug this: [ 76.723146][ T5059] [ 76.733465][ T5059] Possible unsafe locking scenario: [ 76.733465][ T5059] [ 76.740916][ T5059] CPU0 CPU1 [ 76.746266][ T5059] ---- ---- [ 76.751612][ T5059] lock(sk_lock-AF_SMC/1); [ 76.756124][ T5059] lock((work_completion)(&new_smc->smc_listen_work)); [ 76.765598][ T5059] lock(sk_lock-AF_SMC/1); [ 76.772610][ T5059] lock((work_completion)(&new_smc->smc_listen_work)); [ 76.779549][ T5059] [ 76.779549][ T5059] *** DEADLOCK *** [ 76.779549][ T5059] [ 76.787688][ T5059] 2 locks held by syz-executor237/5059: [ 76.793215][ T5059] #0: ffff88807e4c1a10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x260 [ 76.803778][ T5059] #1: ffff88802b530130 (sk_lock-AF_SMC/1){+.+.}-{0:0}, at: smc_release+0x3a3/0x640 [ 76.813434][ T5059] [ 76.813434][ T5059] stack backtrace: [ 76.819320][ T5059] CPU: 0 PID: 5059 Comm: syz-executor237 Not tainted 6.8.0-rc1-syzkaller-00314-g5f76499fb541 #0 [ 76.829991][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 76.840213][ T5059] Call Trace: [ 76.843491][ T5059] [ 76.846415][ T5059] dump_stack_lvl+0xd9/0x1b0 [ 76.851278][ T5059] check_noncircular+0x317/0x400 [ 76.856234][ T5059] ? print_circular_bug+0x5c0/0x5c0 [ 76.861431][ T5059] ? register_lock_class+0xb1/0x1230 [ 76.866706][ T5059] ? lockdep_lock+0xc6/0x200 [ 76.871288][ T5059] ? print_bfs_bug+0x30/0x30 [ 76.875867][ T5059] ? static_obj+0xc0/0xc0 [ 76.880190][ T5059] __lock_acquire+0x2445/0x3b30 [ 76.885032][ T5059] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 76.891004][ T5059] ? hlock_conflict+0x58/0x200 [ 76.895848][ T5059] lock_acquire+0x1ae/0x520 [ 76.900338][ T5059] ? __flush_work+0xfa/0xa10 [ 76.905111][ T5059] ? lock_sync+0x190/0x190 [ 76.909512][ T5059] ? __flush_work+0xfa/0xa10 [ 76.914091][ T5059] __flush_work+0x103/0xa10 [ 76.918773][ T5059] ? __flush_work+0xfa/0xa10 [ 76.923357][ T5059] ? __lock_acquire+0x1502/0x3b30 [ 76.928384][ T5059] ? cancel_delayed_work+0x20/0x20 [ 76.933488][ T5059] ? print_usage_bug.part.0+0x550/0x550 [ 76.939035][ T5059] ? mark_held_locks+0x9f/0xe0 [ 76.943824][ T5059] __cancel_work_timer+0x3ef/0x590 [ 76.948933][ T5059] ? work_on_cpu_safe_key+0xb0/0xb0 [ 76.954135][ T5059] ? __smc_release+0x5b1/0x890 [ 76.958899][ T5059] ? reacquire_held_locks+0x4c0/0x4c0 [ 76.964281][ T5059] ? mark_held_locks+0x9f/0xe0 [ 76.969130][ T5059] smc_clcsock_release+0x5f/0xe0 [ 76.974064][ T5059] __smc_release+0x5b9/0x890 [ 76.978641][ T5059] ? sk_alloc+0xb80/0xb80 [ 76.982963][ T5059] smc_close_non_accepted+0xda/0x230 [ 76.988321][ T5059] smc_close_active+0xc2d/0x1070 [ 76.993341][ T5059] __smc_release+0x62b/0x890 [ 76.997917][ T5059] smc_release+0x209/0x640 [ 77.002327][ T5059] ? __sock_release+0x260/0x260 [ 77.007344][ T5059] __sock_release+0xae/0x260 [ 77.012193][ T5059] sock_close+0x1c/0x20 [ 77.016430][ T5059] __fput+0x270/0xb70 [ 77.020495][ T5059] task_work_run+0x14d/0x240 [ 77.025072][ T5059] ? task_work_cancel+0x30/0x30 [ 77.030007][ T5059] ? do_raw_spin_unlock+0x173/0x230 [ 77.035192][ T5059] do_exit+0xa8a/0x2ad0 [ 77.039336][ T5059] ? do_group_exit+0x1c5/0x2a0 [ 77.044086][ T5059] ? reacquire_held_locks+0x4c0/0x4c0 [ 77.049452][ T5059] ? do_raw_spin_lock+0x12e/0x2b0 [ 77.054479][ T5059] ? mm_update_next_owner+0x840/0x840 [ 77.059850][ T5059] ? spin_bug+0x1d0/0x1d0 [ 77.064179][ T5059] do_group_exit+0xd4/0x2a0 [ 77.068787][ T5059] __x64_sys_exit_group+0x3e/0x50 [ 77.073802][ T5059] do_syscall_64+0xd3/0x250 [ 77.078306][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 77.084206][ T5059] RIP: 0033:0x7f32ec95d269 [ 77.088603][ T5059] Code: Unable to access opcode bytes at 0x7f32ec95d23f. [ 77.095717][ T5059] RSP: 002b:00007ffc2d4ecfb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 77.104121][ T5059] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f32ec95d269 [ 77.112076][ T5059] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 77.120205][ T5059] RBP: 00007f32ec9d42b0 R08: ffffffffffffffb8 R09: 00007ffc2d4ecee0 +++ exited with 0 +++ [ 77.128170][ T5059] R10: 00007ffc2d4ecee0 R11: 0