./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor297351133 <...> Warning: Permanently added '10.128.0.22' (ED25519) to the list of known hosts. execve("./syz-executor297351133", ["./syz-executor297351133"], 0x7ffe126861c0 /* 10 vars */) = 0 brk(NULL) = 0x55558e065000 brk(0x55558e065d00) = 0x55558e065d00 arch_prctl(ARCH_SET_FS, 0x55558e065380) = 0 set_tid_address(0x55558e065650) = 5243 set_robust_list(0x55558e065660, 24) = 0 rseq(0x55558e065ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor297351133", 4096) = 27 getrandom("\xac\x1f\x9d\x2e\x0a\x7d\xf1\x44", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558e065d00 brk(0x55558e086d00) = 0x55558e086d00 brk(0x55558e087000) = 0x55558e087000 mprotect(0x7fed198f7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 socket(AF_INET, SOCK_STREAM, 256) = 3 sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=0}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_NOSIGNAL}, MSG_FASTOPEN) = -1 EINVAL (Invalid argument) socket(AF_SMC, SOCK_STREAM, SMCPROTO_SMC) = 4 setsockopt(4, SOL_IP, IP_VS_SO_SET_STARTDAEMON, "\x02\x00\x00\x00\x6d\x61\x63\x76\x6c\x61\x6e\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = -1 ENODEV (No such device) socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 6 [ 76.483653][ T5243] IPVS: Unknown mcast interface: macvlan0 [ 76.512077][ T5243] netlink: 8 bytes leftover after parsing attributes in process `syz-executor297'. [ 76.521723][ T5243] netlink: 24 bytes leftover after parsing attributes in process `syz-executor297'. [ 76.531448][ T5243] [ 76.533788][ T5243] ====================================================== [ 76.540802][ T5243] WARNING: possible circular locking dependency detected [ 76.547824][ T5243] 6.11.0-syzkaller-01458-g9410645520e9 #0 Not tainted [ 76.554570][ T5243] ------------------------------------------------------ [ 76.561572][ T5243] syz-executor297/5243 is trying to acquire lock: [ 76.567975][ T5243] ffff88801cf99158 (sk_lock-AF_INET){+.+.}-{0:0}, at: gtp_encap_enable_socket+0x2ce/0x5c0 [ 76.577925][ T5243] [ 76.577925][ T5243] but task is already holding lock: [ 76.585283][ T5243] ffffffff8fc88588 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 76.594266][ T5243] [ 76.594266][ T5243] which lock already depends on the new lock. [ 76.594266][ T5243] [ 76.604664][ T5243] [ 76.604664][ T5243] the existing dependency chain (in reverse order) is: [ 76.613673][ T5243] [ 76.613673][ T5243] -> #2 (rtnl_mutex){+.+.}-{3:3}: [ 76.620890][ T5243] lock_acquire+0x1ed/0x550 [ 76.625923][ T5243] __mutex_lock+0x136/0xd70 [ 76.630951][ T5243] start_sync_thread+0xdc/0x2dc0 [ 76.636427][ T5243] do_ip_vs_set_ctl+0x442/0x13d0 [ 76.641898][ T5243] nf_setsockopt+0x295/0x2c0 [ 76.647015][ T5243] smc_setsockopt+0x275/0xe50 [ 76.652218][ T5243] do_sock_setsockopt+0x3af/0x720 [ 76.657766][ T5243] __sys_setsockopt+0x1ae/0x250 [ 76.663136][ T5243] __x64_sys_setsockopt+0xb5/0xd0 [ 76.668681][ T5243] do_syscall_64+0xf3/0x230 [ 76.673730][ T5243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.680144][ T5243] [ 76.680144][ T5243] -> #1 (&smc->clcsock_release_lock){+.+.}-{3:3}: [ 76.688760][ T5243] lock_acquire+0x1ed/0x550 [ 76.693805][ T5243] __mutex_lock+0x136/0xd70 [ 76.698826][ T5243] smc_switch_to_fallback+0x35/0xdb0 [ 76.704643][ T5243] smc_sendmsg+0x11f/0x530 [ 76.709578][ T5243] __sock_sendmsg+0x221/0x270 [ 76.714782][ T5243] ____sys_sendmsg+0x525/0x7d0 [ 76.720080][ T5243] __sys_sendmsg+0x2b0/0x3a0 [ 76.725223][ T5243] do_syscall_64+0xf3/0x230 [ 76.730259][ T5243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.736676][ T5243] [ 76.736676][ T5243] -> #0 (sk_lock-AF_INET){+.+.}-{0:0}: [ 76.744327][ T5243] validate_chain+0x18e0/0x5900 [ 76.749791][ T5243] __lock_acquire+0x137a/0x2040 [ 76.755176][ T5243] lock_acquire+0x1ed/0x550 [ 76.760205][ T5243] lock_sock_nested+0x48/0x100 [ 76.765498][ T5243] gtp_encap_enable_socket+0x2ce/0x5c0 [ 76.771490][ T5243] gtp_newlink+0x589/0xf30 [ 76.776437][ T5243] rtnl_newlink+0x1591/0x20a0 [ 76.781636][ T5243] rtnetlink_rcv_msg+0x73f/0xcf0 [ 76.787114][ T5243] netlink_rcv_skb+0x1e3/0x430 [ 76.792412][ T5243] netlink_unicast+0x7f6/0x990 [ 76.797701][ T5243] netlink_sendmsg+0x8e4/0xcb0 [ 76.802993][ T5243] __sock_sendmsg+0x221/0x270 [ 76.808196][ T5243] ____sys_sendmsg+0x525/0x7d0 [ 76.813572][ T5243] __sys_sendmsg+0x2b0/0x3a0 [ 76.818685][ T5243] do_syscall_64+0xf3/0x230 [ 76.823719][ T5243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.830136][ T5243] [ 76.830136][ T5243] other info that might help us debug this: [ 76.830136][ T5243] [ 76.840366][ T5243] Chain exists of: [ 76.840366][ T5243] sk_lock-AF_INET --> &smc->clcsock_release_lock --> rtnl_mutex [ 76.840366][ T5243] [ 76.854106][ T5243] Possible unsafe locking scenario: [ 76.854106][ T5243] [ 76.861552][ T5243] CPU0 CPU1 [ 76.866909][ T5243] ---- ---- [ 76.872273][ T5243] lock(rtnl_mutex); [ 76.876257][ T5243] lock(&smc->clcsock_release_lock); [ 76.884150][ T5243] lock(rtnl_mutex); [ 76.890654][ T5243] lock(sk_lock-AF_INET); [ 76.895162][ T5243] [ 76.895162][ T5243] *** DEADLOCK *** [ 76.895162][ T5243] [ 76.903303][ T5243] 1 lock held by syz-executor297/5243: [ 76.908766][ T5243] #0: ffffffff8fc88588 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 76.918189][ T5243] [ 76.918189][ T5243] stack backtrace: [ 76.924086][ T5243] CPU: 0 UID: 0 PID: 5243 Comm: syz-executor297 Not tainted 6.11.0-syzkaller-01458-g9410645520e9 #0 [ 76.934868][ T5243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 76.944928][ T5243] Call Trace: [ 76.948212][ T5243] [ 76.951148][ T5243] dump_stack_lvl+0x241/0x360 [ 76.955845][ T5243] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.961081][ T5243] ? print_circular_bug+0x130/0x1a0 [ 76.966287][ T5243] check_noncircular+0x36a/0x4a0 [ 76.971227][ T5243] ? __pfx_validate_chain+0x10/0x10 [ 76.976431][ T5243] ? __pfx_check_noncircular+0x10/0x10 [ 76.981890][ T5243] ? lockdep_lock+0x123/0x2b0 [ 76.986580][ T5243] ? __lock_acquire+0x137a/0x2040 [ 76.991616][ T5243] validate_chain+0x18e0/0x5900 [ 76.996478][ T5243] ? __lock_acquire+0x137a/0x2040 [ 77.001509][ T5243] ? __pfx_validate_chain+0x10/0x10 [ 77.006715][ T5243] ? look_up_lock_class+0x77/0x160 [ 77.011834][ T5243] ? register_lock_class+0x102/0x980 [ 77.017152][ T5243] ? __pfx_register_lock_class+0x10/0x10 [ 77.022797][ T5243] ? mark_lock+0x9a/0x350 [ 77.027249][ T5243] __lock_acquire+0x137a/0x2040 [ 77.032124][ T5243] lock_acquire+0x1ed/0x550 [ 77.036640][ T5243] ? gtp_encap_enable_socket+0x2ce/0x5c0 [ 77.042293][ T5243] ? __fget_files+0x29/0x470 [ 77.046891][ T5243] ? __pfx_lock_acquire+0x10/0x10 [ 77.051924][ T5243] ? netlink_unicast+0x7f6/0x990 [ 77.056873][ T5243] ? netlink_sendmsg+0x8e4/0xcb0 [ 77.061820][ T5243] ? __sock_sendmsg+0x221/0x270 [ 77.066674][ T5243] ? __sys_sendmsg+0x2b0/0x3a0 [ 77.071484][ T5243] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.077559][ T5243] ? __fget_files+0x29/0x470 [ 77.082156][ T5243] ? __fget_files+0x29/0x470 [ 77.086753][ T5243] lock_sock_nested+0x48/0x100 [ 77.091525][ T5243] ? gtp_encap_enable_socket+0x2ce/0x5c0 [ 77.097260][ T5243] gtp_encap_enable_socket+0x2ce/0x5c0 [ 77.102734][ T5243] ? __pfx_gtp_encap_enable_socket+0x10/0x10 [ 77.108724][ T5243] ? gtp_newlink+0x221/0xf30 [ 77.113412][ T5243] ? gtp_newlink+0x221/0xf30 [ 77.118031][ T5243] ? rcu_is_watching+0x15/0xb0 [ 77.122805][ T5243] ? gtp_newlink+0x221/0xf30 [ 77.127417][ T5243] ? gtp_newlink+0x221/0xf30 [ 77.132012][ T5243] ? trace_kmalloc+0x1f/0xd0 [ 77.136603][ T5243] gtp_newlink+0x589/0xf30 [ 77.141032][ T5243] ? __pfx_gtp_newlink+0x10/0x10 [ 77.145980][ T5243] rtnl_newlink+0x1591/0x20a0 [ 77.150674][ T5243] ? __pfx_rtnl_newlink+0x10/0x10 [ 77.155702][ T5243] ? __pfx___mutex_trylock_common+0x10/0x10 [ 77.161605][ T5243] ? rcu_is_watching+0x15/0xb0 [ 77.166467][ T5243] ? trace_contention_end+0x3c/0x120 [ 77.171754][ T5243] ? __mutex_lock+0x2ef/0xd70 [ 77.176437][ T5243] ? __pfx_lock_release+0x10/0x10 [ 77.181479][ T5243] ? __pfx_rtnl_newlink+0x10/0x10 [ 77.186517][ T5243] rtnetlink_rcv_msg+0x73f/0xcf0 [ 77.191552][ T5243] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 77.196669][ T5243] ? __lock_acquire+0x137a/0x2040 [ 77.201705][ T5243] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 77.207277][ T5243] netlink_rcv_skb+0x1e3/0x430 [ 77.212056][ T5243] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 77.217568][ T5243] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 77.222879][ T5243] ? netlink_deliver_tap+0x2e/0x1b0 [ 77.228088][ T5243] netlink_unicast+0x7f6/0x990 [ 77.232865][ T5243] ? __pfx_netlink_unicast+0x10/0x10 [ 77.238154][ T5243] ? __virt_addr_valid+0x183/0x530 [ 77.243268][ T5243] ? __check_object_size+0x49c/0x900 [ 77.248560][ T5243] ? bpf_lsm_netlink_send+0x9/0x10 [ 77.253680][ T5243] netlink_sendmsg+0x8e4/0xcb0 [ 77.258462][ T5243] ? __pfx_netlink_sendmsg+0x10/0x10 [ 77.263757][ T5243] ? __import_iovec+0x536/0x820 [ 77.268612][ T5243] ? aa_sock_msg_perm+0x91/0x160 [ 77.273554][ T5243] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 77.278844][ T5243] ? security_socket_sendmsg+0x87/0xb0 [ 77.284317][ T5243] ? __pfx_netlink_sendmsg+0x10/0x10 [ 77.289611][ T5243] __sock_sendmsg+0x221/0x270 [ 77.294306][ T5243] ____sys_sendmsg+0x525/0x7d0 [ 77.299075][ T5243] ? __pfx_____sys_sendmsg+0x10/0x10 [ 77.304372][ T5243] ? do_raw_spin_lock+0x14f/0x370 [ 77.309409][ T5243] __sys_sendmsg+0x2b0/0x3a0 [ 77.314003][ T5243] ? __pfx___sys_sendmsg+0x10/0x10 [ 77.319129][ T5243] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.325560][ T5243] ? _raw_spin_unlock_irq+0x2e/0x50 [ 77.330766][ T5243] ? ptrace_notify+0x279/0x380 [ 77.335539][ T5243] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.341871][ T5243] ? do_syscall_64+0x100/0x230 [ 77.346649][ T5243] do_syscall_64+0xf3/0x230 [ 77.351170][ T5243] ? clear_bhb_loop+0x35/0x90 [ 77.355852][ T5243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.361771][ T5243] RIP: 0033:0x7fed198844a9 [ 77.366203][ T5243] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x60\x00\x00\x00\x10\x00\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x38\x00\x12\x80\x08\x00\x01\x00\x67\x74\x70\x00\x2c\x00\x02\x80\x08\x00\x01\x00\x06\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=96}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 96 exit_group(0) = ? +++ exited with 0 +++ [ 77.385828][ T5243] RS