Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 70.337666][ T25] audit: type=1804 audit(1632952544.489:2): pid=6539 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0 executing program [ 71.897848][ T25] audit: type=1804 audit(1632952546.049:3): pid=6541 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0 [ 71.924622][ T6541] MPTCP: kernel_bind error, err=-98 [ 71.924676][ T6541] [ 71.932170][ T6541] ============================================ [ 71.938298][ T6541] WARNING: possible recursive locking detected [ 71.944435][ T6541] 5.15.0-rc2-syzkaller #0 Not tainted [ 71.949781][ T6541] -------------------------------------------- [ 71.955903][ T6541] syz-executor599/6541 is trying to acquire lock: [ 71.962294][ T6541] ffff88807c6c18a0 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close+0x267/0x7b0 [ 71.971361][ T6541] [ 71.971361][ T6541] but task is already holding lock: [ 71.978699][ T6541] ffff88807cab8c60 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close+0x23/0x7b0 [ 71.987640][ T6541] [ 71.987640][ T6541] other info that might help us debug this: [ 71.995676][ T6541] Possible unsafe locking scenario: [ 71.995676][ T6541] [ 72.003100][ T6541] CPU0 [ 72.006355][ T6541] ---- [ 72.009624][ T6541] lock(k-sk_lock-AF_INET); [ 72.014191][ T6541] lock(k-sk_lock-AF_INET); [ 72.018756][ T6541] [ 72.018756][ T6541] *** DEADLOCK *** [ 72.018756][ T6541] [ 72.026873][ T6541] May be due to missing lock nesting notation [ 72.026873][ T6541] [ 72.035189][ T6541] 3 locks held by syz-executor599/6541: [ 72.040969][ T6541] #0: ffffffff8d176e50 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 72.049124][ T6541] #1: ffffffff8d176f08 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e0/0x580 [ 72.058079][ T6541] #2: ffff88807cab8c60 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close+0x23/0x7b0 [ 72.067479][ T6541] [ 72.067479][ T6541] stack backtrace: [ 72.073344][ T6541] CPU: 1 PID: 6541 Comm: syz-executor599 Not tainted 5.15.0-rc2-syzkaller #0 [ 72.082105][ T6541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.092158][ T6541] Call Trace: [ 72.095419][ T6541] dump_stack_lvl+0xcd/0x134 [ 72.099998][ T6541] __lock_acquire.cold+0x149/0x3ab [ 72.105095][ T6541] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.111055][ T6541] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.117018][ T6541] lock_acquire+0x1ab/0x510 [ 72.121522][ T6541] ? mptcp_close+0x267/0x7b0 [ 72.126096][ T6541] ? lock_release+0x720/0x720 [ 72.130766][ T6541] ? mptcp_close+0x23/0x7b0 [ 72.135254][ T6541] lock_sock_fast+0x36/0x100 [ 72.139923][ T6541] ? mptcp_close+0x267/0x7b0 [ 72.144498][ T6541] mptcp_close+0x267/0x7b0 [ 72.148900][ T6541] inet_release+0x12e/0x280 [ 72.153389][ T6541] sock_release+0x87/0x1b0 [ 72.157794][ T6541] mptcp_pm_nl_create_listen_socket+0x238/0x2c0 [ 72.164027][ T6541] ? mptcp_event_put_token_and_ssk+0x3a0/0x3a0 [ 72.170165][ T6541] ? rcu_read_lock_sched_held+0x3a/0x70 [ 72.175697][ T6541] mptcp_nl_cmd_add_addr+0x359/0x930 [ 72.180967][ T6541] ? mptcp_pm_create_subflow_or_signal_addr+0x2540/0x2540 [ 72.188152][ T6541] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.194375][ T6541] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b7/0x290 [ 72.201734][ T6541] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x290 [ 72.209178][ T6541] genl_family_rcv_msg_doit+0x228/0x320 [ 72.214711][ T6541] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 72.222075][ T6541] ? mutex_lock_io_nested+0x1150/0x1150 [ 72.227611][ T6541] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.233844][ T6541] ? ns_capable+0xd9/0x100 [ 72.238294][ T6541] genl_rcv_msg+0x328/0x580 [ 72.242850][ T6541] ? genl_get_cmd+0x480/0x480 [ 72.247604][ T6541] ? mptcp_pm_create_subflow_or_signal_addr+0x2540/0x2540 [ 72.254711][ T6541] ? lock_release+0x720/0x720 [ 72.259377][ T6541] netlink_rcv_skb+0x153/0x420 [ 72.264140][ T6541] ? genl_get_cmd+0x480/0x480 [ 72.268817][ T6541] ? netlink_ack+0xa60/0xa60 [ 72.273388][ T6541] ? netlink_deliver_tap+0x1b1/0xc30 [ 72.278910][ T6541] ? _copy_from_iter+0x12b/0x1320 [ 72.283984][ T6541] genl_rcv+0x24/0x40 [ 72.287961][ T6541] netlink_unicast+0x533/0x7d0 [ 72.292721][ T6541] ? netlink_attachskb+0x890/0x890 [ 72.297820][ T6541] ? __virt_addr_valid+0x5d/0x2d0 [ 72.302836][ T6541] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.309066][ T6541] ? __phys_addr_symbol+0x2c/0x70 [ 72.314076][ T6541] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.319783][ T6541] ? __check_object_size+0x16e/0x3f0 [ 72.325055][ T6541] netlink_sendmsg+0x86d/0xdb0 [ 72.329808][ T6541] ? netlink_unicast+0x7d0/0x7d0 [ 72.334778][ T6541] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.340757][ T6541] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.346988][ T6541] ? netlink_unicast+0x7d0/0x7d0 [ 72.351912][ T6541] sock_sendmsg+0xcf/0x120 [ 72.356316][ T6541] sock_no_sendpage+0xf3/0x130 [ 72.361075][ T6541] ? sk_page_frag_refill+0x1d0/0x1d0 [ 72.366341][ T6541] ? find_held_lock+0x2d/0x110 [ 72.371086][ T6541] kernel_sendpage.part.0+0x1a0/0x340 [ 72.376439][ T6541] sock_sendpage+0xe5/0x140 [ 72.380928][ T6541] ? __sock_recv_ts_and_drops+0x430/0x430 [ 72.386667][ T6541] pipe_to_sendpage+0x2ad/0x380 [ 72.391507][ T6541] ? propagate_umount+0x19f0/0x19f0 [ 72.396706][ T6541] ? __put_page+0xef/0x400 [ 72.401107][ T6541] __splice_from_pipe+0x43e/0x8a0 [ 72.406114][ T6541] ? propagate_umount+0x19f0/0x19f0 [ 72.411293][ T6541] generic_splice_sendpage+0xd4/0x140 [ 72.416646][ T6541] ? __do_sys_vmsplice+0x9e0/0x9e0 [ 72.421739][ T6541] ? security_file_permission+0xab/0xd0 [ 72.427267][ T6541] ? __do_sys_vmsplice+0x9e0/0x9e0 [ 72.432357][ T6541] direct_splice_actor+0x110/0x180 [ 72.437469][ T6541] splice_direct_to_actor+0x34b/0x8c0 [ 72.442831][ T6541] ? generic_file_splice_read+0x6d0/0x6d0 [ 72.448547][ T6541] ? do_splice_to+0x250/0x250 [ 72.453211][ T6541] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.459444][ T6541] ? security_file_permission+0xab/0xd0 [ 72.464982][ T6541] do_splice_direct+0x1b3/0x280 [ 72.469816][ T6541] ? splice_direct_to_actor+0x8c0/0x8c0 [ 72.475348][ T6541] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.481598][ T6541] ? security_file_permission+0xab/0xd0 [ 72.487136][ T6541] do_sendfile+0xae9/0x1240 [ 72.491629][ T6541] ? do_pwritev+0x270/0x270 [ 72.496117][ T6541] ? __context_tracking_exit+0xb8/0xe0 [ 72.501566][ T6541] ? lock_downgrade+0x6e0/0x6e0 [ 72.506398][ T6541] ? lock_downgrade+0x6e0/0x6e0 [ 72.511235][ T6541] __x64_sys_sendfile64+0x1cc/0x210 [ 72.516418][ T6541] ? __ia32_sys_sendfile+0x220/0x220 [ 72.521687][ T6541] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.527562][ T6541] do_syscall_64+0x35/0xb0 [ 72.531963][ T6541] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.537840][ T6541] RIP: 0033:0x7fb4b3e5f969 [ 72.542234][ T6541] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.561824][ T6541] RSP: 002b:00007ffff1f0b358 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 72.570224][ T6541] RAX: ffffffffffffffda RBX: 00007fb4b3ea3072 RCX: 00007fb4b3e5f969 [ 72.578220][ T6541] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 72.586171][ T6541] RBP: 0000000000000000 R08: 00007ffff1f0b4f8 R09: 00007ffff1f0b4f8 [ 72.594217][ T6541] R10: 0000000100000002 R11: 0000000000000246 R12: 00007ffff1f0b36c [ 72.602175][ T6541] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 executing program [ 73.873871][ T25] audit: type=1804 audit(1632952548.029:4): pid=6544 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0 executing program [ 73.878988][ T6544] MPTCP: kernel_bind error, err=-98 [ 75.043860][ T25] audit: type=1804 audit(1632952549.199:5): pid=6545 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0 executing program [ 75.077084][ T6545] MPTCP: kernel_bind error, err=-98 [ 76.200180][ T25] audit: type=1804 audit(1632952550.359:6): pid=6546 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0 executing program [ 76.203460][ T6546] MPTCP: kernel_bind error, err=-98 [ 77.345466][ T25] audit: type=1804 audit(1632952551.499:7): pid=6547 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0 executing program [ 77.349630][ T6547] MPTCP: kernel_bind error, err=-98 [ 78.406527][ T25] audit: type=1804 audit(1632952552.559:8): pid=6548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0 executing program [ 78.410700][ T6548] MPTCP: kernel_bind error, err=-98 [ 79.510836][ T25] audit: type=1804 audit(1632952553.669:9): pid=6549 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0 executing program [ 79.545799][ T6549] MPTCP: kernel_bind error, err=-98 [ 80.635132][ T25] audit: type=1804 audit(1632952554.790:10): pid=6550 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0 executing program [ 80.659475][ T6550] MPTCP: kernel_bind error, err=-98 [ 81.619320][ T25] audit: type=1804 audit(1632952555.770:11): pid=6551 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor599" name="/root/cgroup.controllers" dev="sda1" ino=13859 res=1 errno=0